Kevin Wolf [Thu, 4 Feb 2021 07:21:37 +0000 (08:21 +0100)]
qemu-storage-daemon: Enable object-add
Git-commit:
15d40e9204eb3d89577187f117a1dde2237bdc4d
As we don't have a fully QAPIfied version of object-add yet and it still
has 'gen': false in the schema, it needs to be registered explicitly in
init_qmp_commands() to be available for users.
Fixes:
2af282ec51a27116d0402cab237b8970800f870c
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <
20210204072137.19663-1-kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Eric Blake [Tue, 9 Feb 2021 15:27:58 +0000 (09:27 -0600)]
qemu-nbd: Use SOMAXCONN for socket listen() backlog
Git-commit:
582d4210eb2f2ab5baac328fe4b479cd86da1647
Our default of a backlog of 1 connection is rather puny; it gets in
the way when we are explicitly allowing multiple clients (such as
qemu-nbd -e N [--shared], or nbd-server-start with its default
"max-connections":0 for unlimited), but is even a problem when we
stick to qemu-nbd's default of only 1 active client but use -t
[--persistent] where a second client can start using the server once
the first finishes. While the effects are less noticeable on TCP
sockets (since the client can poll() to learn when the server is ready
again), it is definitely observable on Unix sockets, where on Linux, a
client will fail with EAGAIN and no recourse but to sleep an arbitrary
amount of time before retrying if the server backlog is already full.
Since QMP nbd-server-start is always persistent, it now always
requests a backlog of SOMAXCONN; meanwhile, qemu-nbd will request
SOMAXCONN if persistent, otherwise its backlog should be based on the
expected number of clients.
See https://bugzilla.redhat.com/1925045 for a demonstration of where
our low backlog prevents libnbd from connecting as many parallel
clients as it wants.
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
CC: qemu-stable@nongnu.org
Message-Id: <
20210209152759.209074-2-eblake@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Stefano Garzarella [Fri, 8 Jan 2021 17:12:52 +0000 (18:12 +0100)]
virtio: move 'use-disabled-flag' property to hw_compat_4_2
Git-commit:
c126b4c57e0164549de606ca35d1512762051083
Commit
9d7bd0826f introduced a new 'use-disabled-flag' property
set to true by default.
To allow the migration, we set this property to false in the hw_compat,
but in the wrong place (hw_compat_4_1).
Since commit
9d7bd0826f was released with QEMU 5.0, we move
'use-disabled-flag' property to hw_compat_4_2, so 4.2 machine types
will have the pre-patch behavior and the migration can work.
The issue was discovered with vhost-vsock device and 4.2 machine
type without running any kernel in the VM:
$ qemu-4.2 -M pc-q35-4.2,accel=kvm \
-device vhost-vsock-pci,guest-cid=4 \
-monitor stdio -incoming tcp:0:3333
$ qemu-5.2 -M pc-q35-4.2,accel=kvm \
-device vhost-vsock-pci,guest-cid=3 \
-monitor stdio
(qemu) migrate -d tcp:0:3333
# qemu-4.2 output
qemu-system-x86_64: Failed to load virtio-vhost_vsock:virtio
qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-vhost_vsock'
qemu-system-x86_64: load of migration failed: No such file or directory
Reported-by: Jing Zhao <jinzhao@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1907255
Fixes:
9d7bd0826f ("virtio-pci: disable vring processing when bus-mastering is disabled")
Cc: mdroth@linux.vnet.ibm.com
CC: qemu-stable@nongnu.org
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <
20210108171252.209502-1-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Stefan Hajnoczi [Thu, 4 Feb 2021 15:02:08 +0000 (15:02 +0000)]
virtiofsd: prevent opening of special files (CVE-2020-35517)
Git-commit:
a3fdbbc7f271bff7d53d0501b29d910ece0b3789
References: bsc#1183373, CVE-2021-20263
A well-behaved FUSE client does not attempt to open special files with
FUSE_OPEN because they are handled on the client side (e.g. device nodes
are handled by client-side device drivers).
The check to prevent virtiofsd from opening special files is missing in
a few cases, most notably FUSE_OPEN. A malicious client can cause
virtiofsd to open a device node, potentially allowing the guest to
escape. This can be exploited by a modified guest device driver. It is
not exploitable from guest userspace since the guest kernel will handle
special files inside the guest instead of sending FUSE requests.
This patch fixes this issue by introducing the lo_inode_open() function
to check the file type before opening it. This is a short-term solution
because it does not prevent a compromised virtiofsd process from opening
device nodes on the host.
Restructure lo_create() to try O_CREAT | O_EXCL first. Note that O_CREAT
| O_EXCL does not follow symlinks, so O_NOFOLLOW masking is not
necessary here. If the file exists and the user did not specify O_EXCL,
open it via lo_do_open().
Reported-by: Alex Xu <alex@alxu.ca>
Fixes: CVE-2020-35517
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <
20210204150208.367837-4-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Stefan Hajnoczi [Thu, 4 Feb 2021 15:02:07 +0000 (15:02 +0000)]
virtiofsd: optionally return inode pointer from lo_do_lookup()
Git-commit:
22d2ece71e533310da31f2857ebc4a00d91968b3
References: bsc#1183373, CVE-2021-20263
lo_do_lookup() finds an existing inode or allocates a new one. It
increments nlookup so that the inode stays alive until the client
releases it.
Existing callers don't need the struct lo_inode so the function doesn't
return it. Extend the function to optionally return the inode. The next
commit will need it.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <
20210204150208.367837-3-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Stefan Hajnoczi [Thu, 4 Feb 2021 15:02:06 +0000 (15:02 +0000)]
virtiofsd: extract lo_do_open() from lo_open()
Git-commit:
8afaaee976965b7fb90ec225a51d60f35c5f173c
References: bsc#1183373, CVE-2021-20263
Both lo_open() and lo_create() have similar code to open a file. Extract
a common lo_do_open() function from lo_open() that will be used by
lo_create() in a later commit.
Since lo_do_open() does not otherwise need fuse_req_t req, convert
lo_add_fd_mapping() to use struct lo_data *lo instead.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <
20210204150208.367837-2-stefanha@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Philippe Mathieu-Daudé [Sun, 31 Jan 2021 10:34:01 +0000 (11:34 +0100)]
hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
Git-commit:
edfe2eb4360cde4ed5d95bda7777edcb3510f76a
References: bsc#1181933
Per the ARM Generic Interrupt Controller Architecture specification
(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit,
not 10:
- 4.3 Distributor register descriptions
- 4.3.15 Software Generated Interrupt Register, GICD_SG
- Table 4-21 GICD_SGIR bit assignments
The Interrupt ID of the SGI to forward to the specified CPU
interfaces. The value of this field is the Interrupt ID, in
the range 0-15, for example a value of 0b0011 specifies
Interrupt ID 3.
Correct the irq mask to fix an undefined behavior (which eventually
lead to a heap-buffer-overflow, see [Buglink]):
$ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio
[I
1612088147.116987] OPENED
[R +0.278293] writel 0x8000f00 0xff4affb0
../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13
This fixes a security issue when running with KVM on Arm with
kernel-irqchip=off. (The default is kernel-irqchip=on, which is
unaffected, and which is also the correct choice for performance.)
Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20221
Fixes:
9ee6e8bb853 ("ARMv7 support.")
Buglink: https://bugs.launchpad.net/qemu/+bug/1913916
Buglink: https://bugs.launchpad.net/qemu/+bug/1913917
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id:
20210131103401.217160-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Kevin Wolf [Mon, 18 Jan 2021 12:34:47 +0000 (13:34 +0100)]
block: Separate blk_is_writable() and blk_supports_write_perm()
Git-commit:
86b1cf322789b79c8ace977430ac6a443d491cc0
Currently, blk_is_read_only() tells whether a given BlockBackend can
only be used in read-only mode because its root node is read-only. Some
callers actually try to answer a slightly different question: Is the
BlockBackend configured to be writable, by taking write permissions on
the root node?
This can differ, for example, for CD-ROM devices which don't take write
permissions, but may be backed by a writable image file. scsi-cd allows
write requests to the drive if blk_is_read_only() returns false.
However, the write request will immediately run into an assertion
failure because the write permission is missing.
This patch introduces separate functions for both questions.
blk_supports_write_perm() answers the question whether the block
node/image file can support writable devices, whereas blk_is_writable()
tells whether the BlockBackend is currently configured to be writable.
All calls of blk_is_read_only() are converted to one of the two new
functions.
Fixes: https://bugs.launchpad.net/bugs/1906693
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <
20210118123448.307825-2-kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Markus Armbruster [Wed, 25 Nov 2020 10:02:20 +0000 (11:02 +0100)]
net: Fix handling of id in netdev_add and netdev_del
Git-commit:
831734cce6494032e9233caff4d8442b3a1e7fef
CLI -netdev accumulates in option group "netdev".
Before commit
08712fcb85 "net: Track netdevs in NetClientState rather
than QemuOpt", netdev_add added to the option group, and netdev_del
removed from it, both HMP and QMP. Thus, every netdev had a
corresponding QemuOpts in this option group.
Commit
08712fcb85 dropped this for QMP netdev_add and both netdev_del.
Now a netdev has a corresponding QemuOpts only when it was created
with CLI or HMP. Two issues:
* QMP and HMP netdev_del can leave QemuOpts behind, breaking HMP
netdev_add. Reproducer:
$ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio
QEMU 5.1.92 monitor - type 'help' for more information
(qemu) netdev_add user,id=net0
(qemu) info network
net0: index=0,type=user,net=10.0.2.0,restrict=off
(qemu) netdev_del net0
(qemu) info network
(qemu) netdev_add user,id=net0
upstream-qemu: Duplicate ID 'net0' for netdev
Try "help netdev_add" for more information
Fix by restoring the QemuOpts deletion in qmp_netdev_del(), but with
a guard, because the QemuOpts need not exist.
* QMP netdev_add loses its "no duplicate ID" check. Reproducer:
$ qemu-system-x86_64 -S -display none -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 92, "minor": 1, "major": 5}, "package": "v5.2.0-rc2-1-g02c1f0142c"}, "capabilities": ["oob"]}}
{"execute": "qmp_capabilities"}
{"return": {}}
{"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}}
{"return": {}}
{"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}}
{"return": {}}
Fix by adding a duplicate ID check to net_client_init1() to replace
the lost one. The check is redundant for callers where QemuOpts
still checks, i.e. for CLI and HMP.
Reported-by: Andrew Melnichenko <andrew@daynix.com>
Fixes:
08712fcb851034228b61f75bd922863a984a4f60
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Eric Farman [Mon, 4 Jan 2021 20:20:57 +0000 (21:20 +0100)]
vfio-ccw: Connect the device request notifier
Git-commit:
b2f96f9e4f5fbc8f2770a436191cb328da4d5350
References: 1183634
Now that the vfio-ccw code has a notifier interface to request that
a device be unplugged, let's wire that together.
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <
20210104202057.48048-4-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Eric Farman [Mon, 4 Jan 2021 20:20:56 +0000 (21:20 +0100)]
Update linux headers to 5.11-rc2
Git-commit:
b3c818a47f419b6e2f5508fe29e7a30843236fee
References: bsc#1183634
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <
20210104202057.48048-3-farman@linux.ibm.com>
[CH: dropped qatomic->atomic changes in pvrdma_ring.h]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Eric Farman [Mon, 4 Jan 2021 20:20:55 +0000 (21:20 +0100)]
update-linux-headers: Include const.h
Git-commit:
ab5ec23f9cc25215c1281d575c07c0f35e8e9e26
References: bsc#1183634
Kernel commit
a85cbe6159ff ("uapi: move constants from
<linux/kernel.h> to <linux/const.h>") breaks our script
because of the unrecognized include. Let's add that to
our processing.
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <
20210104202057.48048-2-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Richard Henderson [Wed, 13 Jan 2021 06:26:50 +0000 (20:26 -1000)]
target/arm: Update REV, PUNPK for pred_desc
Git-commit:
70acaafef2e053a312d54c09b6721c730690e72c
Update all users of do_perm_pred2 for the new
predicate descriptor field definitions.
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1908551
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210113062650.593824-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Richard Henderson [Wed, 13 Jan 2021 06:26:49 +0000 (20:26 -1000)]
target/arm: Update ZIP, UZP, TRN for pred_desc
Git-commit:
f9b0fcceccfc05cde62ff7577fbf2bc13b842414
Update all users of do_perm_pred3 for the new
predicate descriptor field definitions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210113062650.593824-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Richard Henderson [Wed, 13 Jan 2021 06:26:48 +0000 (20:26 -1000)]
target/arm: Update PFIRST, PNEXT for pred_desc
Git-commit:
86300b5d044064046395ae8ed605cc19e63f2a7c
These two were odd, in that do_pfirst_pnext passed the
count of 64-bit words rather than bytes. Change to pass
the standard pred_full_reg_size to avoid confusion.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210113062650.593824-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Richard Henderson [Wed, 13 Jan 2021 06:26:47 +0000 (20:26 -1000)]
target/arm: Introduce PREDDESC field definitions
Git-commit:
b64ee454a4a086ed459bcda4c0bbb54e197841e4
SVE predicate operations cannot use the "usual" simd_desc
encoding, because the lengths are not a multiple of 8.
But we were abusing the SIMD_* fields to store values anyway.
This abuse broke when SIMD_OPRSZ_BITS was modified in
e2e7168a214.
Introduce a new set of field definitions for exclusive use
of predicates, so that it is obvious what kind of predicate
we are manipulating. To be used in future patches.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20210113062650.593824-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Greg Kurz [Thu, 14 Jan 2021 16:04:12 +0000 (17:04 +0100)]
9pfs: Fully restart unreclaim loop (CVE-2021-20181)
Git-commit:
89fbea8737e8f7b954745a1ffc4238d377055305
References: bsc#1182137
Depending on the client activity, the server can be asked to open a huge
number of file descriptors and eventually hit RLIMIT_NOFILE. This is
currently mitigated using a reclaim logic : the server closes the file
descriptors of idle fids, based on the assumption that it will be able
to re-open them later. This assumption doesn't hold of course if the
client requests the file to be unlinked. In this case, we loop on the
entire fid list and mark all related fids as unreclaimable (the reclaim
logic will just ignore them) and, of course, we open or re-open their
file descriptors if needed since we're about to unlink the file.
This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual
opening of a file can cause the coroutine to yield, another client
request could possibly add a new fid that we may want to mark as
non-reclaimable as well. The loop is thus restarted if the re-open
request was actually transmitted to the backend. This is achieved
by keeping a reference on the first fid (head) before traversing
the list.
This is wrong in several ways:
- a potential clunk request from the client could tear the first
fid down and cause the reference to be stale. This leads to a
use-after-free error that can be detected with ASAN, using a
custom 9p client
- fids are added at the head of the list : restarting from the
previous head will always miss fids added by a some other
potential request
All these problems could be avoided if fids were being added at the
end of the list. This can be achieved with a QSIMPLEQ, but this is
probably too much change for a bug fix. For now let's keep it
simple and just restart the loop from the current head.
Fixes: CVE-2021-20181
Buglink: https://bugs.launchpad.net/qemu/+bug/1911666
Reported-by: Zero Day Initiative <zdi-disclosures@trendmicro.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <
161064025265.1838153.
15185571283519390907.stgit@bahia.lan>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Peter Maydell [Fri, 8 Jan 2021 18:04:00 +0000 (18:04 +0000)]
hw/net/lan9118: Fix RX Status FIFO PEEK value
Git-commit:
e7e29fdbbe07fb762d85af9c4d8eeff9b0f52a8e
A copy-and-paste error meant that the return value for register offset 0x44
(the RX Status FIFO PEEK register) returned a byte from a bogus offset in
the rx status FIFO. Fix the typo.
Cc: qemu-stable@nongnu.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1904954
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id:
20210108180401.2263-2-peter.maydell@linaro.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
Peter Maydell [Fri, 8 Jan 2021 19:51:57 +0000 (19:51 +0000)]
target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns
Git-commit:
e4d51ac6921dc861bfb3d20e4c7dcf345840a9da
In commit
cd8be50e58f63413c0 we converted the A32 coprocessor
insns to decodetree. This accidentally broke XScale/iWMMXt insns,
because it moved the handling of "cp insns which are handled
by looking up the cp register in the hashtable" from after the
call to the legacy disas_xscale_insn() decode to before it,
with the result that all XScale/iWMMXt insns now UNDEF.
Update valid_cp() so that it knows that on XScale cp 0 and 1
are not standard coprocessor instructions; this will cause
the decodetree trans_ functions to ignore them, so that
execution will correctly get through to the legacy decode again.
Cc: qemu-stable@nongnu.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id:
20210108195157.32067-1-peter.maydell@linaro.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
Richard Henderson [Mon, 21 Dec 2020 20:44:26 +0000 (12:44 -0800)]
target/arm: Fix MTE0_ACTIVE
Git-commit:
cc97b0019bb590b9b3c2a623e9ebee48831e0ce3
In
50244cc76abc we updated mte_check_fail to match the ARM
pseudocode, using the correct EL to select the TCF field.
But we failed to update MTE0_ACTIVE the same way, which led
to g_assert_not_reached().
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907137
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20201221204426.88514-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Philippe Mathieu-Daudé [Sat, 5 Dec 2020 15:09:03 +0000 (16:09 +0100)]
hw/timer/slavio_timer: Allow 64-bit accesses
Git-commit:
62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9
Per the "NCR89C105 Chip Specification" referenced in the header:
Chip-level Address Map
------------------------------------------------------------------
| 1D0 0000 -> | Counter/Timers | W,D |
| 1DF FFFF | | |
...
The address map indicated the allowed accesses at each address.
[...] W indicates a word access, and D indicates a double-word
access.
The SLAVIO timer controller is implemented expecting 32-bit accesses.
Commit
a3d12d073e1 restricted the memory accesses to 32-bit, while
the device allows 64-bit accesses.
This was not an issue until commit
5d971f9e67 which reverted
("memory: accept mismatching sizes in memory_region_access_valid").
Fix by renaming .valid MemoryRegionOps as .impl, and add the valid
access range (W -> 4, D -> 8).
Since commit
21786c7e598 ("memory: Log invalid memory accesses")
this class of bug can be quickly debugged displaying 'guest_errors'
accesses, as:
$ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d guest_errors
Power-ON Reset
Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size (min:4 max:4)
$ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S
(qemu) info mtree
address-space: memory
0000000000000000-
ffffffffffffffff (prio 0, i/o): system
...
0000000ff1300000-
0000000ff130000f (prio 0, i/o): timer-1
^^^^^^^^^ ^^^^^^^
\ memory region base address and name /
(qemu) info qtree
bus: main-system-bus
dev: slavio_timer, id "" <-- device type name
gpio-out "sysbus-irq" 17
num_cpus = 1 (0x1)
mmio
0000000ff1310000/
0000000000000014
mmio
0000000ff1300000/
0000000000000010 <--- base address
mmio
0000000ff1301000/
0000000000000010
mmio
0000000ff1302000/
0000000000000010
...
Reported-by: Yap KV <yapkv@yahoo.com>
Buglink: https://bugs.launchpad.net/bugs/1906905
Fixes:
a3d12d073e1 ("slavio_timer: convert to memory API")
CC: qemu-stable@nongnu.org
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20201205150903.3062711-1-f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Richard Henderson [Tue, 15 Dec 2020 17:47:59 +0000 (11:47 -0600)]
tcg: Use memset for large vector byte replication
Git-commit:
6d3ef04893bdea3e7aa08be3cce5141902836a31
In
f47db80cc07, we handled odd-sized tail clearing for
the case of hosts that have vector operations, but did
not handle the case of hosts that do not have vector ops.
This was ok until
e2e7168a214b, which changed the encoding
of simd_desc such that the odd sizes are impossible.
Add memset as a tcg helper, and use that for all out-of-line
byte stores to vectors. This includes, but is not limited to,
the tail clearing operation in question.
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907817
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Max Reitz [Thu, 17 Dec 2020 15:38:03 +0000 (16:38 +0100)]
iotests: Fix _send_qemu_cmd with bash 5.1
Git-commit:
0e72078128229bf9efb542e396ab44bf91b91340
References: boo#1181054
With bash 5.1, the output of the following script changes:
a=("double space")
a=${a[@]:0:1}
echo "$a"
from "double space" to "double space", i.e. all white space is
preserved as-is. This is probably what we actually want here (judging
from the "...to accommodate pathnames with spaces" comment), but before
5.1, we would have to quote the ${} slice to get the same behavior.
In any case, without quoting, the reference output of many iotests is
different between bash 5.1 and pre-5.1, which is not very good. The
output of 5.1 is what we want, so whatever we do to get pre-5.1 to the
same result, it means we have to fix the reference output of basically
all tests that invoke _send_qemu_cmd (except the ones that only use
single spaces in the commands they invoke).
Instead of quoting the ${} slice (cmd="${$@: 1:...}"), we can also just
not use array slicing and replace the whole thing with a simple "cmd=$1;
shift", which works because all callers quote the whole $cmd argument
anyway.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <
20201217153803.101231-3-mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Peter Lieven [Wed, 9 Dec 2020 12:17:35 +0000 (13:17 +0100)]
block/nfs: fix int overflow in nfs_client_open_qdict
Git-commit:
182454dc63c66ff5a29eddd60cc987b6a1b45e7f
nfs_client_open returns the file size in sectors. This effectively
makes it impossible to open files larger than 1TB.
Fixes:
c22a03454544c2a08f1107c5cc8481a5574533d5
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-Id: <
20201209121735.16437-1-pl@kamp.de>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Christian Ehrhardt [Mon, 14 Dec 2020 15:09:38 +0000 (16:09 +0100)]
build: -no-pie is no functional linker flag
Git-commit:
bbd2d5a8120771ec59b86a80a1f51884e0a26e53
Recent binutils changes dropping unsupported options [1] caused a build
issue in regard to the optionroms.
ld -m elf_i386 -T /<<PKGBUILDDIR>>/pc-bios/optionrom//flat.lds -no-pie \
-s -o multiboot.img multiboot.o
ld.bfd: Error: unable to disambiguate: -no-pie (did you mean --no-pie ?)
This isn't really a regression in ld.bfd, filing the bug upstream
revealed that this never worked as a ld flag [2] - in fact it seems we
were by accident setting --nmagic).
Since it never had the wanted effect this usage of LDFLAGS_NOPIE, should be
droppable without any effect. This also is the only use-case of LDFLAGS_NOPIE
in .mak, therefore we can also remove it from being added there.
[1]: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=
983d925d
[2]: https://sourceware.org/bugzilla/show_bug.cgi?id=27050#c5
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Message-Id: <
20201214150938.1297512-1-christian.ehrhardt@canonical.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Paolo Bonzini [Tue, 1 Dec 2020 14:29:56 +0000 (09:29 -0500)]
memory: clamp cached translation in case it points to an MMIO region
Git-commit:
4bfb024bc76973d40a359476dc0291f46e435442
References: bsc#1179686, CVE-2020-27821
In using the address_space_translate_internal API, address_space_cache_init
forgot one piece of advice that can be found in the code for
address_space_translate_internal:
/* MMIO registers can be expected to perform full-width accesses based only
* on their address, without considering adjacent registers that could
* decode to completely different MemoryRegions. When such registers
* exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
* regions overlap wildly. For this reason we cannot clamp the accesses
* here.
*
* If the length is small (as is the case for address_space_ldl/stl),
* everything works fine. If the incoming length is large, however,
* the caller really has to do the clamping through memory_access_size.
*/
address_space_cache_init is exactly one such case where "the incoming length
is large", therefore we need to clamp the resulting length---not to
memory_access_size though, since we are not doing an access yet, but to
the size of the resulting section. This ensures that subsequent accesses
to the cached MemoryRegionSection will be in range.
With this patch, the enclosed testcase notices that the used ring does
not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used"
error.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Gerd Hoffmann [Tue, 15 Dec 2020 08:11:51 +0000 (09:11 +0100)]
audio: add sanity check
Git-commit:
06c8c375389a54d8e4457d967f4f0896caecefb2
References: boo#1180210
Check whenever we actually found the spiceaudio driver
before flipping the can_be_default field.
Fixes:
f0c4555edfdd ("audio: remove qemu_spice_audio_init()")
Buglink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977301
Reported-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <
20201215081151.20095-1-kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Kevin Wolf [Thu, 3 Dec 2020 17:23:11 +0000 (18:23 +0100)]
block: Fix deadlock in bdrv_co_yield_to_drain()
Git-commit:
960d5fb3e8ee09bc5f1a5c84f66dce42a6cef920
If bdrv_co_yield_to_drain() is called for draining a block node that
runs in a different AioContext, it keeps that AioContext locked while it
yields and schedules a BH in the AioContext to do the actual drain.
As long as executing the BH is the very next thing that the event loop
of the node's AioContext does, this actually happens to work, but when
it tries to execute something else that wants to take the AioContext
lock, it will deadlock. (In the bug report, this other thing is a
virtio-scsi device running virtio_scsi_data_plane_handle_cmd().)
Instead, always drop the AioContext lock across the yield and reacquire
it only when the coroutine is reentered. The BH needs to unconditionally
take the lock for itself now.
This fixes the 'block_resize' QMP command on a block node that runs in
an iothread.
Cc: qemu-stable@nongnu.org
Fixes:
eb94b81a94bce112e6b206df846c1551aaf6cab6
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1903511
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <
20201203172311.68232-4-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Kevin Wolf [Thu, 3 Dec 2020 17:23:10 +0000 (18:23 +0100)]
block: Fix locking in qmp_block_resize()
Git-commit:
8089eab2bd5fb160b038e64e14cf7ffb3f37091e
The drain functions assume that we hold the AioContext lock of the
drained block node. Make sure to actually take the lock.
Cc: qemu-stable@nongnu.org
Fixes:
eb94b81a94bce112e6b206df846c1551aaf6cab6
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <
20201203172311.68232-3-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Kevin Wolf [Thu, 3 Dec 2020 17:23:09 +0000 (18:23 +0100)]
block: Simplify qmp_block_resize() error paths
Git-commit:
d9dbf25f9624aac43e4357019bed4422f0b3368d
The only thing that happens after the 'out:' label is blk_unref(blk).
However, blk = NULL in all of the error cases, so instead of jumping to
'out:', we can just return directly.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <
20201203172311.68232-2-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Peng Liang [Mon, 16 Nov 2020 14:13:38 +0000 (22:13 +0800)]
ui/vnc: Add missing lock for send_color_map
Git-commit:
947191b4312a547621566d77d7b922d9e13bb63d
vnc_write() should be locked after the RFB protocol is initialized.
Fixes:
0c426e4534b4 ("vnc: Add support for color map")
Cc: qemu-stable@nongnu.org
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Message-id:
20201116141338.148911-1-liangpeng10@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
SoonKyu Park [Tue, 23 Nov 2021 04:45:12 +0000 (13:45 +0900)]
Imported vendor release 5.2.0-20.1
SoonKyu Park [Tue, 23 Nov 2021 04:40:00 +0000 (13:40 +0900)]
Imported Upstream version 5.2.0
biao716.wang [Thu, 4 Nov 2021 16:13:17 +0000 (01:13 +0900)]
To support syscall_389
Change-Id: I7e780307e9c64525961fc70ecc7e1fcfb29d8d5e
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
Dongkyun, Son [Fri, 24 Feb 2017 08:47:58 +0000 (17:47 +0900)]
packaging: add armv7hl support
Change-Id: I5e2568eb66be2fd4c10b4b6d6b376269b1e0b56d
Signed-off-by: Dongkyun, Son <dongkyun.s@samsung.com>
(cherry picked from commit
a91f333858752b70d41d1e98a0c75fe4d59ce72a)
hyokeun.jeon [Fri, 28 May 2021 09:14:49 +0000 (18:14 +0900)]
Revert 8f8f75: "linux-user: Run multi-threaded code on a single core"
Approved by Tizen PL team at 2021-05-27
Change-Id: I96f1312f0dd2d1e7aca611486c8df35669e2f722
SoonKyu Park [Fri, 3 Apr 2020 00:31:58 +0000 (09:31 +0900)]
Merge '[Qemu-devel] [PATCH for-4.1] linux-user: Make sigaltstack stacks per-thread' for go language support
patch url : https://patchew.org/QEMU/
20190725131645.19501-1-peter.maydell@linaro.org/
Change-Id: I591a7d1eab277ecdedbe8a886de4fb553f31a264
Maxim Ostapenko [Fri, 8 Jul 2016 12:47:42 +0000 (15:47 +0300)]
ASan-related hack to speedup aarch64 builds.
Switch off memory pages checks in qemu if memory regions are mapped by ASan
Change-Id: I8233802ee35db00c799f5645072b8014f823b5c6
Signed-off-by: Maxim Ostapenko <m.ostapenko@samsung.com>
hyokeun [Tue, 27 Dec 2016 08:29:09 +0000 (17:29 +0900)]
Imported Upstream version 2.6.1
Pavel Kopyl [Tue, 23 Aug 2016 13:42:07 +0000 (13:42 +0000)]
Use different names for qemu-user binary:
1. qemu-linux-user-x86_64-cross for 64-bit.
2. qemu-linux-user-x86-cross for 32-bit.
Also keep binaries with old names.
Change-Id: Ib2487b82c57189942e0925427cb2144dc8817dec
Signed-off-by: Pavel Kopyl <p.kopyl@samsung.com>
Signed-off-by: Chan Lee <chan45.lee@samsung.com>
(cherry picked from commit
4f4fc9b2f8ac86e081b08fb48d77fa860626d148)
Dongkyun, Son [Mon, 29 Aug 2016 06:17:44 +0000 (15:17 +0900)]
removed qemu log (Unsupported syscall)
blocked unexpeced warning message (qemu: Unsupported syscall: 219 or 311)
Change-Id: If17b6d80c0835fcc44822551127eca068b23eec9
Signed-off-by: Dongkyun, Son <dongkyun.s@samsung.com>
(cherry picked from commit
6b4067f8f34ee83f94042551267e951ab0b5e10e)
hyokeun [Wed, 7 Sep 2016 08:54:56 +0000 (17:54 +0900)]
packaging: mic-bootstrap link issue
Julien Isorce [Tue, 10 May 2016 12:18:06 +0000 (13:18 +0100)]
binfmt: translate symbolic links correctly with realpath
Change-Id: Ic0eeac9de40a8e1082c83b442829ac28f68bff04
Signed-off-by: Julien Isorce <j.isorce@samsung.com>
Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
SoonKyu Park [Fri, 19 Feb 2016 00:05:59 +0000 (09:05 +0900)]
Modify spec file to build qemu package in Tools:qemu project and aggregate it to use it
Change-Id: Id2db3f863d1d3fcdb57f841b69c3acda94e32cef
Yury Usishchev [Wed, 5 Aug 2015 18:03:26 +0000 (21:03 +0300)]
Add compatibility symlinks
Symlinks to qemu binaries placed in directories where they are searched by
common non-Tizen binfmt_misc configurations (eq. in Ubuntu).
Change-Id: I6b8602736926dba24a7ffbc70c91222ec3ba5cc8
hyokeun [Tue, 6 Sep 2016 04:58:06 +0000 (13:58 +0900)]
packaging: ln -sf qemu-arm64, qemu-arm64-binfmt
Yury Usishchev [Wed, 5 Aug 2015 18:01:01 +0000 (21:01 +0300)]
binfmt: use binaries from /emul
This allows removing hardcoded architecture-dependent paths
from qemu-accel package. Also allows using symlinks for qemu-*-binfmt
as path don't depend on binary name now.
Change-Id: I92b9bc6df477ef925c761045d5307aca8cc1b2d4
Junfeng Dong [Tue, 19 Nov 2013 11:14:41 +0000 (19:14 +0800)]
enable 32 bit qemu for Tizen.
Change-Id: I75ecb5ef6952d1083c030f5e48ba2a24e4d6f4a1
Signed-off-by: Junfeng Dong <junfeng.dong@intel.com>
hyokeun [Tue, 6 Sep 2016 01:18:07 +0000 (10:18 +0900)]
packaging: Adding permissions-file-setuid-bit
hyokeun [Mon, 5 Sep 2016 11:12:59 +0000 (20:12 +0900)]
packaging: BuildRequires: -post-build-checks
Change-Id: I27b7123c2637e7af82d59ca5e7d5bd139d727647
hyokeun [Tue, 6 Sep 2016 05:29:28 +0000 (14:29 +0900)]
packaging: Disable libseccomp
Change-Id: I177741ece64572b63c7fbad8267324449735ca97
hyokeun [Mon, 5 Sep 2016 04:22:58 +0000 (13:22 +0900)]
packaging: add packaging directory
Change-Id: I7eb77abf7c4e5afdc9606c723c125910280c65e6
markkp [Thu, 11 Aug 2016 20:28:39 +0000 (16:28 -0400)]
configure: Fix detection of seccomp on s390x
Signed-off-by: Mark Post <mpost@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Schwab [Fri, 12 Aug 2016 16:20:49 +0000 (18:20 +0200)]
qemu-binfmt-conf: use qemu-ARCH-binfmt
Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bruce Rogers [Tue, 2 Aug 2016 17:36:02 +0000 (11:36 -0600)]
qemu-bridge-helper: reduce security profile
Change from using glib alloc and free routines to those
from libc. Also perform safety measure of dropping privs
to user if configured no-caps.
[BR: BOO#988279]
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Olaf Hering [Tue, 21 Jun 2016 16:42:45 +0000 (18:42 +0200)]
xen: SUSE xenlinux unplug for emulated PCI
Implement SUSE specific unplug protocol for emulated PCI devices
in PVonHVM guests
(bsc#953339, bsc#953362, bsc#953518, bsc#984981)
Signed-off-by: Olaf Hering <ohering@suse.de>
Olaf Hering [Fri, 1 Apr 2016 10:27:16 +0000 (12:27 +0200)]
build: link with libatomic on powerpc-linux
Building on powerpc-linux fails with undefined reference to
__atomic_load_8 in icount_warp_rt(). Force linking to -latomic.
Fixes a0aa44b ("include/qemu/atomic.h: default to __atomic functions")
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Bruce Rogers [Wed, 9 Mar 2016 22:18:11 +0000 (15:18 -0700)]
xen_disk: Add suse specific flush disable handling and map to QEMU equiv
Add code to read the suse specific suse-diskcache-disable-flush flag out
of xenstore, and set the equivalent flag within QEMU.
Patch taken from Xen's patch queue, Olaf Hering being the original author.
[bsc#879425]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Alexander Graf [Mon, 15 Jun 2015 15:36:32 +0000 (17:36 +0200)]
dictzip: Fix on big endian systems
The dictzip code in SLE11 received some treatment over time to support
running on big endian hosts. Somewhere in the transition to SLE12 this
support got lost. Add it back in again from the SLE11 code base.
Furthermore while at it, fix up the debug prints to not emit warnings.
[AG: BSC#937572]
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Wed, 14 Jan 2015 00:32:11 +0000 (01:32 +0100)]
AIO: Reduce number of threads for 32bit hosts
On hosts with limited virtual address space (32bit pointers), we can very
easily run out of virtual memory with big thread pools.
Instead, we should limit ourselves to small pools to keep memory footprint
low on those systems.
This patch fixes random VM stalls like
(process:25114): GLib-ERROR **: gmem.c:103: failed to allocate 1048576 bytes
on 32bit ARM systems for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
Dinar Valeev [Wed, 2 Oct 2013 15:56:03 +0000 (17:56 +0200)]
configure: Enable PIE for ppc and ppc64 hosts
Signed-off-by: Dinar Valeev <dvaleev@suse.com>
[AF: Rebased for v1.7]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bruce Rogers [Thu, 16 May 2013 10:39:10 +0000 (12:39 +0200)]
virtfs-proxy-helper: Provide __u64 for broken sys/capability.h
Fixes the build on SLE 11 SP2.
[AF: Extend to ppc64]
Alexander Graf [Thu, 13 Dec 2012 13:29:22 +0000 (14:29 +0100)]
linux-user: lseek: explicitly cast non-set offsets to signed
When doing lseek, SEEK_SET indicates that the offset is an unsigned variable.
Other seek types have parameters that can be negative.
When converting from 32bit to 64bit parameters, we need to take this into
account and enable SEEK_END and SEEK_CUR to be negative, while SEEK_SET stays
absolute positioned which we need to maintain as unsigned.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Thu, 1 Apr 2010 15:36:23 +0000 (17:36 +0200)]
Make char muxer more robust wrt small FIFOs
Virtio-Console can only process one character at a time. Using it on S390
gave me strage "lags" where I got the character I pressed before when
pressing one. So I typed in "abc" and only received "a", then pressed "d"
but the guest received "b" and so on.
While the stdio driver calls a poll function that just processes on its
queue in case virtio-console can't take multiple characters at once, the
muxer does not have such callbacks, so it can't empty its queue.
To work around that limitation, I introduced a new timer that only gets
active when the guest can not receive any more characters. In that case
it polls again after a while to check if the guest is now receiving input.
This patch fixes input when using -nographic on s390 for me.
[AF: Rebased for v2.7.0-rc2]
Alexander Graf [Mon, 6 Jun 2011 04:53:52 +0000 (06:53 +0200)]
console: add question-mark escape operator
Some termcaps (found using SLES11SP1) use [? sequences. According to man
console_codes (http://linux.die.net/man/4/console_codes) the question mark
is a nop and should simply be ignored.
This patch does exactly that, rendering screen output readable when
outputting guest serial consoles to the graphical console emulator.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Wed, 12 Dec 2012 18:11:30 +0000 (19:11 +0100)]
Legacy Patch kvm-qemu-preXX-dictzip3.patch
Alexander Graf [Wed, 5 Aug 2009 15:28:38 +0000 (17:28 +0200)]
block: Add tar container format
Tar is a very widely used format to store data in. Sometimes people even put
virtual machine images in there.
So it makes sense for qemu to be able to read from tar files. I implemented a
written from scratch reader that also knows about the GNU sparse format, which
is what pigz creates.
This version checks for filenames that end on well-known extensions. The logic
could be changed to search for filenames given on the command line, but that
would require changes to more parts of qemu.
The tar reader in conjunctiuon with dzip gives us the chance to download
tar'ed up virtual machine images (even via http) and instantly make use of
them.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[TH: Use bdrv_open options instead of filename]
Signed-off-by: Tim Hardeck <thardeck@suse.de>
[AF: bdrv_file_open got an Error **errp argument, bdrv_delete -> brd_unref]
[AF: qemu_opts_create_nofail() -> qemu_opts_create(),
bdrv_file_open() -> bdrv_open(), based on work by brogers]
[AF: error_is_set() dropped for v2.1.0-rc0]
[AF: BlockDriverAIOCB -> BlockAIOCB,
BlockDriverCompletionFunc -> BlockCompletionFunc,
qemu_aio_release() -> qemu_aio_unref(),
drop tar_aio_cancel()]
[AF: common-obj-y -> block-obj-y, drop probe hook (bsc#945778)]
[AF: Drop bdrv_open() drv parameter for 2.5]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Changed bdrv_open() bs parameter and return value for v2.7.0-rc2,
for bdrv_pread() and bdrv_aio_readv() s/s->hd/s->hd->file/]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Wed, 5 Aug 2009 07:49:37 +0000 (09:49 +0200)]
block: Add support for DictZip enabled gzip files
DictZip is an extension to the gzip format that allows random seeks in gzip
compressed files by cutting the file into pieces and storing the piece offsets
in the "extra" header of the gzip format.
Thanks to that extension, we can use gzip compressed files as block backend,
though only in read mode.
This makes a lot of sense when stacked with tar files that can then be shipped
to VM users. If a VM image is inside a tar file that is inside a DictZip
enabled gzip file, the user can run the tar.gz file as is without having to
extract the image first.
Tar patch follows.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[TH: Use bdrv_open options instead of filename]
Signed-off-by: Tim Hardeck <thardeck@suse.de>
[AF: Error **errp added for bdrv_file_open, bdrv_delete -> bdrv_unref]
[AF: qemu_opts_create_nofail() -> qemu_opts_create(),
bdrv_file_open() -> bdrv_open(), based on work by brogers]
[AF: error_is_set() dropped for v2.1.0-rc0]
[AF: BlockDriverAIOCB -> BlockAIOCB,
BlockDriverCompletionFunc -> BlockCompletionFunc,
qemu_aio_release() -> qemu_aio_unref(),
drop dictzip_aio_cancel()]
[AF: common-obj-y -> block-obj-y, drop probe hook (bsc#945778)]
[AF: Drop bdrv_open() drv parameter for 2.5]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Drop bdrv_open() bs parameter and change return value for v2.7.0-rc2,
for bdrv_pread() and bdrv_aio_readv() do s/s->hd/s->hd->file/]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Tue, 9 Oct 2012 07:06:49 +0000 (09:06 +0200)]
linux-user: use target_ulong
Linux syscalls pass pointers or data length or other information of that sort
to the kernel. This is all stuff you don't want to have sign extended.
Otherwise a host 64bit variable parameter with a size parameter will extend
it to a negative number, breaking lseek for example.
Pass syscall arguments as ulong always.
Signed-off-by: Alexander Graf <agraf@suse.de>
Andreas Färber [Wed, 29 Aug 2012 18:06:01 +0000 (20:06 +0200)]
vnc: password-file= and incoming-connections=
TBD (from SUSE Studio team)
Andreas Färber [Wed, 29 Aug 2012 16:42:56 +0000 (18:42 +0200)]
slirp: -nooutgoing
TBD (from SUSE Studio team)
Alexander Graf [Tue, 21 Aug 2012 12:20:40 +0000 (14:20 +0200)]
linux-user: XXX disable fiemap
agraf: fiemap breaks in libarchive. Disable it for now.
Alexander Graf [Sun, 19 Aug 2012 22:07:13 +0000 (00:07 +0200)]
linux-user: implement FS_IOC_SETFLAGS ioctl
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2
- use TYPE_LONG instead of TYPE_INT
Alexander Graf [Sun, 19 Aug 2012 22:02:52 +0000 (00:02 +0200)]
linux-user: implement FS_IOC_GETFLAGS ioctl
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- use TYPE_LONG instead of TYPE_INT
Alexander Graf [Mon, 23 Jul 2012 08:24:14 +0000 (10:24 +0200)]
linux-user: Fake /proc/cpuinfo
Fedora 17 for ARM reads /proc/cpuinfo and fails if it doesn't contain
ARM related contents. This patch implements a quick hack to expose real
/proc/cpuinfo data taken from a real world machine.
The real fix would be to generate at least the flags automatically based
on the selected CPU. Please do not submit this patch upstream until this
has happened.
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased for v1.6 and v1.7]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Wed, 11 Jul 2012 14:47:42 +0000 (16:47 +0200)]
linux-user: lock tb flushing too
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto exec.c/translate-all.c split for 1.4]
[AF: Rebased onto tb_alloc() changes for v2.5.0-rc0]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Tue, 10 Jul 2012 18:40:55 +0000 (20:40 +0200)]
linux-user: Run multi-threaded code on a single core
Running multi-threaded code can easily expose some of the fundamental
breakages in QEMU's design. It's just not a well supported scenario.
So if we pin the whole process to a single host CPU, we guarantee that
we will never have concurrent memory access actually happen. We can still
get scheduled away at any time, so it's no complete guarantee, but apparently
it reduces the odds well enough to get my test cases to pass.
This gets Java 1.7 working for me again on my test box.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Thu, 5 Jul 2012 15:31:39 +0000 (17:31 +0200)]
linux-user: lock tcg
The tcg code generator is not thread safe. Lock its generation between
different threads.
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto exec.c/translate-all.c split for 1.4]
[AF: Rebased for v2.1.0-rc0]
[AF: Rebased onto tcg_gen_code_common() drop for v2.5.0-rc0]
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Thu, 2 Feb 2012 17:02:33 +0000 (18:02 +0100)]
linux-user: binfmt: support host binaries
When we have a working host binary equivalent for the guest binary we're
trying to run, let's just use that instead as it will be a lot faster.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Fri, 13 Jan 2012 16:05:41 +0000 (17:05 +0100)]
linux-user: fix segfault deadlock
When entering the guest we take a lock to ensure that nobody else messes
with our TB chaining while we're doing it. If we get a segfault inside that
code, we manage to work on, but will not unlock the lock.
This patch forces unlocking of that lock in the segv handler. I'm not sure
this is the right approach though. Maybe we should rather make sure we don't
segfault in the code? I would greatly appreciate someone more intelligible
than me to look at this :).
Example code to trigger this is at: http://csgraf.de/tmp/conftest.c
Reported-by: Fabio Erculiani <lxnay@sabayon.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Drop spinlock_safe_unlock() and switch to tb_lock_reset() (bonzini)]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Fri, 6 Jan 2012 00:05:55 +0000 (01:05 +0100)]
PPC: KVM: Disable mmu notifier check
When using hugetlbfs (which is required for HV mode KVM on 970), we
check for MMU notifiers that on 970 can not be implemented properly.
So disable the check for mmu notifiers on PowerPC guests, making
KVM guests work there, even if possibly racy in some odd circumstances.
Alexander Graf [Fri, 30 Sep 2011 17:40:36 +0000 (19:40 +0200)]
linux-user: add binfmt wrapper for argv[0] handling
When using qemu's linux-user binaries through binfmt, argv[0] gets lost
along the execution because qemu only gets passed in the full file name
to the executable while argv[0] can be something completely different.
This breaks in some subtile situations, such as the grep and make test
suites.
This patch adds a wrapper binary called qemu-$TARGET-binfmt that can be
used with binfmt's P flag which passes the full path _and_ argv[0] to
the binfmt handler.
The binary would be smart enough to be versatile and only exist in the
system once, creating the qemu binary path names from its own argv[0].
However, this seemed like it didn't fit the make system too well, so
we're currently creating a new binary for each target archictecture.
CC: Reinhard Max <max@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto new Makefile infrastructure, twice]
[AF: Updated for aarch64 for v2.0.0-rc1]
[AF: Rebased onto Makefile changes for v2.1.0-rc0]
[AF: Rebased onto script rewrite for v2.7.0-rc2 - to be fixed]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Tue, 14 Apr 2009 14:27:36 +0000 (16:27 +0200)]
qemu-cvs-ioctl_nodirection
the direction given in the ioctl should be correct so we can assume the
communication is uni-directional. The alsa developers did not like this
concept though and declared ioctls IOC_R and IOC_W even though they were
IOC_RW.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
Alexander Graf [Tue, 14 Apr 2009 14:26:33 +0000 (16:26 +0200)]
qemu-cvs-ioctl_debug
Extends unsupported ioctl debug output.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
Ulrich Hecht [Tue, 14 Apr 2009 14:25:41 +0000 (16:25 +0200)]
qemu-cvs-gettimeofday
No clue what this is for.
Alexander Graf [Tue, 14 Apr 2009 14:24:15 +0000 (16:24 +0200)]
qemu-cvs-alsa_mmap
Hack to prevent ALSA from using mmap() interface to simplify emulation.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
Alexander Graf [Tue, 14 Apr 2009 14:23:27 +0000 (16:23 +0200)]
qemu-cvs-alsa_ioctl
Implements ALSA ioctls on PPC hosts.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Tue, 14 Apr 2009 14:20:50 +0000 (16:20 +0200)]
qemu-cvs-alsa_bitfield
Implements TYPE_INTBITFIELD partially. (required for ALSA support)
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
Andreas Färber [Wed, 10 Aug 2016 17:00:24 +0000 (19:00 +0200)]
qemu-binfmt-conf: Modify default path
Change QEMU_PATH from /usr/local/bin to /usr/bin prefix.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Mon, 21 Nov 2011 22:50:36 +0000 (23:50 +0100)]
XXX dont dump core on sigabort
hyokeun [Tue, 6 Sep 2016 05:09:22 +0000 (14:09 +0900)]
Imported Upstream version 2.7.0
Yonghee Han [Wed, 27 Jul 2016 07:43:51 +0000 (16:43 +0900)]
Imported Upstream version 2.6.0
Change-Id: I8e3ccf55257695533c385aa8706484c73a733251
Yonghee Han [Wed, 27 Jul 2016 07:42:54 +0000 (16:42 +0900)]
Imported Upstream version 2.5.1.1
Change-Id: Ie290b0e68882590d8a64fab165a943940b7c98ed
Yonghee Han [Wed, 27 Jul 2016 07:40:17 +0000 (16:40 +0900)]
Imported Upstream version 2.4.1
Change-Id: I0b584f569cb0e0f4eac13cdb79e110c2dbc34bfc
Yonghee Han [Wed, 27 Jul 2016 07:39:12 +0000 (16:39 +0900)]
Imported Upstream version 2.3.1
Change-Id: I2161522ea1d7ff10cd1d697609d473243c05e1df
Chanho Park [Wed, 10 Dec 2014 06:42:55 +0000 (15:42 +0900)]
Imported Upstream version 2.2.0
Chanho Park [Fri, 5 Sep 2014 11:35:53 +0000 (20:35 +0900)]
Imported Upstream version 2.1.0
Chanho Park [Thu, 26 Jun 2014 11:28:10 +0000 (20:28 +0900)]
Imported Upstream version 2.0.0
Change-Id: I081766c4314e7893f54fec80b920b1638d15021f
Junfeng Dong [Tue, 19 Nov 2013 09:45:23 +0000 (17:45 +0800)]
Import upstream 1.6.0.
Change-Id: Icf52b556470cac8677297f2ef14ded16684f7887
Signed-off-by: Junfeng Dong <junfeng.dong@intel.com>
Anas Nashif [Tue, 15 Jan 2013 21:31:42 +0000 (13:31 -0800)]
Imported Upstream version 1.3.0