platform/upstream/qemu.git
2 years agotools/virtiofsd: Replace the word 'whitelist'
Philippe Mathieu-Daudé [Fri, 5 Feb 2021 17:18:11 +0000 (18:18 +0100)]
tools/virtiofsd: Replace the word 'whitelist'

Git-commit: a65963efa3a8533e8c9fc62e899147612d913058
References: bsc#1183373, CVE-2021-20263

Follow the inclusive terminology from the "Conscious Language in your
Open Source Projects" guidelines [*] and replace the words "whitelist"
appropriately.

[*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210205171817.2108907-3-philmd@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agomonitor: Fix assertion failure on shutdown
Kevin Wolf [Fri, 12 Feb 2021 17:20:27 +0000 (18:20 +0100)]
monitor: Fix assertion failure on shutdown

Git-commit: c81219a7dd36a815bd85beed9932fc973d4f5d51

Commit 357bda95 already tried to fix the order in monitor_cleanup() by
moving shutdown of the dispatcher coroutine further to the start.
However, it didn't go far enough:

iothread_stop() makes sure that all pending work (bottom halves) in the
AioContext of the monitor iothread is completed. iothread_destroy()
depends on this and fails an assertion if there is still a pending BH.

While the dispatcher coroutine is running, it will try to resume the
monitor after taking a request out of the queue, which involves a BH.
The dispatcher is run until it terminates in the AIO_WAIT_WHILE() loop.
However, adding new BHs between iothread_stop() and iothread_destroy()
is forbidden.

Fix this by stopping the dispatcher first before shutting down the other
parts of the monitor. This means we can now receive requests that aren't
handled any more when QEMU is shutting down, but this is unlikely to be
a problem for QMP clients.

Fixes: 357bda9590784ff75803d52de43150d4107ed98e
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210212172028.288825-2-kwolf@redhat.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoblockjob: Fix crash with IOthread when block commit after snapshot
Michael Qiu [Wed, 3 Feb 2021 02:40:59 +0000 (10:40 +0800)]
blockjob: Fix crash with IOthread when block commit after snapshot

Git-commit: 076d467aacdf6dc5d01e2e61740b1795f2aec2f6

Currently, if guest has workloads, IO thread will acquire aio_context
lock before do io_submit, it leads to segmentfault when do block commit
after snapshot. Just like below:

Program received signal SIGSEGV, Segmentation fault.

[Switching to Thread 0x7f7c7d91f700 (LWP 99907)]
0x00005576d0f65aab in bdrv_mirror_top_pwritev at ../block/mirror.c:1437
1437    ../block/mirror.c: No such file or directory.
(gdb) p s->job
$17 = (MirrorBlockJob *) 0x0
(gdb) p s->stop
$18 = false

Call trace of IO thread:
0  0x00005576d0f65aab in bdrv_mirror_top_pwritev at ../block/mirror.c:1437
1  0x00005576d0f7f3ab in bdrv_driver_pwritev at ../block/io.c:1174
2  0x00005576d0f8139d in bdrv_aligned_pwritev at ../block/io.c:1988
3  0x00005576d0f81b65 in bdrv_co_pwritev_part at ../block/io.c:2156
4  0x00005576d0f8e6b7 in blk_do_pwritev_part at ../block/block-backend.c:1260
5  0x00005576d0f8e84d in blk_aio_write_entry at ../block/block-backend.c:1476
...

Switch to qemu main thread:
0  0x00007f903be704ed in __lll_lock_wait at
/lib/../lib64/libpthread.so.0
1  0x00007f903be6bde6 in _L_lock_941 at /lib/../lib64/libpthread.so.0
2  0x00007f903be6bcdf in pthread_mutex_lock at
/lib/../lib64/libpthread.so.0
3  0x0000564b21456889 in qemu_mutex_lock_impl at
../util/qemu-thread-posix.c:79
4  0x0000564b213af8a5 in block_job_add_bdrv at ../blockjob.c:224
5  0x0000564b213b00ad in block_job_create at ../blockjob.c:440
6  0x0000564b21357c0a in mirror_start_job at ../block/mirror.c:1622
7  0x0000564b2135a9af in commit_active_start at ../block/mirror.c:1867
8  0x0000564b2133d132 in qmp_block_commit at ../blockdev.c:2768
9  0x0000564b2141fef3 in qmp_marshal_block_commit at
qapi/qapi-commands-block-core.c:346
10 0x0000564b214503c9 in do_qmp_dispatch_bh at
../qapi/qmp-dispatch.c:110
11 0x0000564b21451996 in aio_bh_poll at ../util/async.c:164
12 0x0000564b2146018e in aio_dispatch at ../util/aio-posix.c:381
13 0x0000564b2145187e in aio_ctx_dispatch at ../util/async.c:306
14 0x00007f9040239049 in g_main_context_dispatch at
/lib/../lib64/libglib-2.0.so.0
15 0x0000564b21447368 in main_loop_wait at ../util/main-loop.c:232
16 0x0000564b21447368 in main_loop_wait at ../util/main-loop.c:255
17 0x0000564b21447368 in main_loop_wait at ../util/main-loop.c:531
18 0x0000564b212304e1 in qemu_main_loop at ../softmmu/runstate.c:721
19 0x0000564b20f7975e in main at ../softmmu/main.c:50

In IO thread when do bdrv_mirror_top_pwritev, the job is NULL, and stop field
is false, this means the MirrorBDSOpaque "s" object has not been initialized
yet, and this object is initialized by block_job_create(), but the initialize
process is stuck in acquiring the lock.

In this situation, IO thread come to bdrv_mirror_top_pwritev(),which means that
mirror-top node is already inserted into block graph, but its bs->opaque->job
is not initialized.

The root cause is that qemu main thread do release/acquire when hold the lock,
at the same time, IO thread get the lock after release stage, and the crash
occured.

Actually, in this situation, job->job.aio_context will not equal to
qemu_get_aio_context(), and will be the same as bs->aio_context,
thus, no need to release the lock, becasue bdrv_root_attach_child()
will not change the context.

This patch fix this issue.

Fixes: 132ada80 "block: Adjust AioContexts when attaching nodes"

Signed-off-by: Michael Qiu <qiudayu@huayun.com>
Message-Id: <20210203024059.52683-1-08005325@163.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoqemu-storage-daemon: Enable object-add
Kevin Wolf [Thu, 4 Feb 2021 07:21:37 +0000 (08:21 +0100)]
qemu-storage-daemon: Enable object-add

Git-commit: 15d40e9204eb3d89577187f117a1dde2237bdc4d

As we don't have a fully QAPIfied version of object-add yet and it still
has 'gen': false in the schema, it needs to be registered explicitly in
init_qmp_commands() to be available for users.

Fixes: 2af282ec51a27116d0402cab237b8970800f870c
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210204072137.19663-1-kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoqemu-nbd: Use SOMAXCONN for socket listen() backlog
Eric Blake [Tue, 9 Feb 2021 15:27:58 +0000 (09:27 -0600)]
qemu-nbd: Use SOMAXCONN for socket listen() backlog

Git-commit: 582d4210eb2f2ab5baac328fe4b479cd86da1647

Our default of a backlog of 1 connection is rather puny; it gets in
the way when we are explicitly allowing multiple clients (such as
qemu-nbd -e N [--shared], or nbd-server-start with its default
"max-connections":0 for unlimited), but is even a problem when we
stick to qemu-nbd's default of only 1 active client but use -t
[--persistent] where a second client can start using the server once
the first finishes.  While the effects are less noticeable on TCP
sockets (since the client can poll() to learn when the server is ready
again), it is definitely observable on Unix sockets, where on Linux, a
client will fail with EAGAIN and no recourse but to sleep an arbitrary
amount of time before retrying if the server backlog is already full.

Since QMP nbd-server-start is always persistent, it now always
requests a backlog of SOMAXCONN; meanwhile, qemu-nbd will request
SOMAXCONN if persistent, otherwise its backlog should be based on the
expected number of clients.

See https://bugzilla.redhat.com/1925045 for a demonstration of where
our low backlog prevents libnbd from connecting as many parallel
clients as it wants.

Reported-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
CC: qemu-stable@nongnu.org
Message-Id: <20210209152759.209074-2-eblake@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agovirtio: move 'use-disabled-flag' property to hw_compat_4_2
Stefano Garzarella [Fri, 8 Jan 2021 17:12:52 +0000 (18:12 +0100)]
virtio: move 'use-disabled-flag' property to hw_compat_4_2

Git-commit: c126b4c57e0164549de606ca35d1512762051083

Commit 9d7bd0826f introduced a new 'use-disabled-flag' property
set to true by default.
To allow the migration, we set this property to false in the hw_compat,
but in the wrong place (hw_compat_4_1).

Since commit 9d7bd0826f was released with QEMU 5.0, we move
'use-disabled-flag' property to hw_compat_4_2, so 4.2 machine types
will have the pre-patch behavior and the migration can work.

The issue was discovered with vhost-vsock device and 4.2 machine
type without running any kernel in the VM:
    $ qemu-4.2 -M pc-q35-4.2,accel=kvm \
        -device vhost-vsock-pci,guest-cid=4 \
        -monitor stdio -incoming tcp:0:3333

    $ qemu-5.2 -M pc-q35-4.2,accel=kvm \
        -device vhost-vsock-pci,guest-cid=3 \
        -monitor stdio
    (qemu) migrate -d tcp:0:3333

    # qemu-4.2 output
    qemu-system-x86_64: Failed to load virtio-vhost_vsock:virtio
    qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-vhost_vsock'
    qemu-system-x86_64: load of migration failed: No such file or directory

Reported-by: Jing Zhao <jinzhao@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1907255
Fixes: 9d7bd0826f ("virtio-pci: disable vring processing when bus-mastering is disabled")
Cc: mdroth@linux.vnet.ibm.com
CC: qemu-stable@nongnu.org
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210108171252.209502-1-sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agovirtiofsd: prevent opening of special files (CVE-2020-35517)
Stefan Hajnoczi [Thu, 4 Feb 2021 15:02:08 +0000 (15:02 +0000)]
virtiofsd: prevent opening of special files (CVE-2020-35517)

Git-commit: a3fdbbc7f271bff7d53d0501b29d910ece0b3789
References: bsc#1183373, CVE-2021-20263

A well-behaved FUSE client does not attempt to open special files with
FUSE_OPEN because they are handled on the client side (e.g. device nodes
are handled by client-side device drivers).

The check to prevent virtiofsd from opening special files is missing in
a few cases, most notably FUSE_OPEN. A malicious client can cause
virtiofsd to open a device node, potentially allowing the guest to
escape. This can be exploited by a modified guest device driver. It is
not exploitable from guest userspace since the guest kernel will handle
special files inside the guest instead of sending FUSE requests.

This patch fixes this issue by introducing the lo_inode_open() function
to check the file type before opening it. This is a short-term solution
because it does not prevent a compromised virtiofsd process from opening
device nodes on the host.

Restructure lo_create() to try O_CREAT | O_EXCL first. Note that O_CREAT
| O_EXCL does not follow symlinks, so O_NOFOLLOW masking is not
necessary here. If the file exists and the user did not specify O_EXCL,
open it via lo_do_open().

Reported-by: Alex Xu <alex@alxu.ca>
Fixes: CVE-2020-35517
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210204150208.367837-4-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agovirtiofsd: optionally return inode pointer from lo_do_lookup()
Stefan Hajnoczi [Thu, 4 Feb 2021 15:02:07 +0000 (15:02 +0000)]
virtiofsd: optionally return inode pointer from lo_do_lookup()

Git-commit: 22d2ece71e533310da31f2857ebc4a00d91968b3
References: bsc#1183373, CVE-2021-20263

lo_do_lookup() finds an existing inode or allocates a new one. It
increments nlookup so that the inode stays alive until the client
releases it.

Existing callers don't need the struct lo_inode so the function doesn't
return it. Extend the function to optionally return the inode. The next
commit will need it.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210204150208.367837-3-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agovirtiofsd: extract lo_do_open() from lo_open()
Stefan Hajnoczi [Thu, 4 Feb 2021 15:02:06 +0000 (15:02 +0000)]
virtiofsd: extract lo_do_open() from lo_open()

Git-commit: 8afaaee976965b7fb90ec225a51d60f35c5f173c
References: bsc#1183373, CVE-2021-20263

Both lo_open() and lo_create() have similar code to open a file. Extract
a common lo_do_open() function from lo_open() that will be used by
lo_create() in a later commit.

Since lo_do_open() does not otherwise need fuse_req_t req, convert
lo_add_fd_mapping() to use struct lo_data *lo instead.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210204150208.367837-2-stefanha@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agohw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
Philippe Mathieu-Daudé [Sun, 31 Jan 2021 10:34:01 +0000 (11:34 +0100)]
hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register

Git-commit: edfe2eb4360cde4ed5d95bda7777edcb3510f76a
References: bsc#1181933

Per the ARM Generic Interrupt Controller Architecture specification
(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit,
not 10:

  - 4.3 Distributor register descriptions
  - 4.3.15 Software Generated Interrupt Register, GICD_SG

    - Table 4-21 GICD_SGIR bit assignments

    The Interrupt ID of the SGI to forward to the specified CPU
    interfaces. The value of this field is the Interrupt ID, in
    the range 0-15, for example a value of 0b0011 specifies
    Interrupt ID 3.

Correct the irq mask to fix an undefined behavior (which eventually
lead to a heap-buffer-overflow, see [Buglink]):

   $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio
   [I 1612088147.116987] OPENED
  [R +0.278293] writel 0x8000f00 0xff4affb0
  ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]'
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13

This fixes a security issue when running with KVM on Arm with
kernel-irqchip=off. (The default is kernel-irqchip=on, which is
unaffected, and which is also the correct choice for performance.)

Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20221
Fixes: 9ee6e8bb853 ("ARMv7 support.")
Buglink: https://bugs.launchpad.net/qemu/+bug/1913916
Buglink: https://bugs.launchpad.net/qemu/+bug/1913917
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210131103401.217160-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoblock: Separate blk_is_writable() and blk_supports_write_perm()
Kevin Wolf [Mon, 18 Jan 2021 12:34:47 +0000 (13:34 +0100)]
block: Separate blk_is_writable() and blk_supports_write_perm()

Git-commit: 86b1cf322789b79c8ace977430ac6a443d491cc0

Currently, blk_is_read_only() tells whether a given BlockBackend can
only be used in read-only mode because its root node is read-only. Some
callers actually try to answer a slightly different question: Is the
BlockBackend configured to be writable, by taking write permissions on
the root node?

This can differ, for example, for CD-ROM devices which don't take write
permissions, but may be backed by a writable image file. scsi-cd allows
write requests to the drive if blk_is_read_only() returns false.
However, the write request will immediately run into an assertion
failure because the write permission is missing.

This patch introduces separate functions for both questions.
blk_supports_write_perm() answers the question whether the block
node/image file can support writable devices, whereas blk_is_writable()
tells whether the BlockBackend is currently configured to be writable.

All calls of blk_is_read_only() are converted to one of the two new
functions.

Fixes: https://bugs.launchpad.net/bugs/1906693
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210118123448.307825-2-kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agonet: Fix handling of id in netdev_add and netdev_del
Markus Armbruster [Wed, 25 Nov 2020 10:02:20 +0000 (11:02 +0100)]
net: Fix handling of id in netdev_add and netdev_del

Git-commit: 831734cce6494032e9233caff4d8442b3a1e7fef

CLI -netdev accumulates in option group "netdev".

Before commit 08712fcb85 "net: Track netdevs in NetClientState rather
than QemuOpt", netdev_add added to the option group, and netdev_del
removed from it, both HMP and QMP.  Thus, every netdev had a
corresponding QemuOpts in this option group.

Commit 08712fcb85 dropped this for QMP netdev_add and both netdev_del.
Now a netdev has a corresponding QemuOpts only when it was created
with CLI or HMP.  Two issues:

* QMP and HMP netdev_del can leave QemuOpts behind, breaking HMP
  netdev_add.  Reproducer:

    $ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio
    QEMU 5.1.92 monitor - type 'help' for more information
    (qemu) netdev_add user,id=net0
    (qemu) info network
    net0: index=0,type=user,net=10.0.2.0,restrict=off
    (qemu) netdev_del net0
    (qemu) info network
    (qemu) netdev_add user,id=net0
    upstream-qemu: Duplicate ID 'net0' for netdev
    Try "help netdev_add" for more information

  Fix by restoring the QemuOpts deletion in qmp_netdev_del(), but with
  a guard, because the QemuOpts need not exist.

* QMP netdev_add loses its "no duplicate ID" check.  Reproducer:

    $ qemu-system-x86_64 -S -display none -qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 92, "minor": 1, "major": 5}, "package": "v5.2.0-rc2-1-g02c1f0142c"}, "capabilities": ["oob"]}}
    {"execute": "qmp_capabilities"}
    {"return": {}}
    {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}}
    {"return": {}}
    {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}}
    {"return": {}}

  Fix by adding a duplicate ID check to net_client_init1() to replace
  the lost one.  The check is redundant for callers where QemuOpts
  still checks, i.e. for CLI and HMP.

Reported-by: Andrew Melnichenko <andrew@daynix.com>
Fixes: 08712fcb851034228b61f75bd922863a984a4f60
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agovfio-ccw: Connect the device request notifier
Eric Farman [Mon, 4 Jan 2021 20:20:57 +0000 (21:20 +0100)]
vfio-ccw: Connect the device request notifier

Git-commit: b2f96f9e4f5fbc8f2770a436191cb328da4d5350
References: 1183634

Now that the vfio-ccw code has a notifier interface to request that
a device be unplugged, let's wire that together.

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20210104202057.48048-4-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoUpdate linux headers to 5.11-rc2
Eric Farman [Mon, 4 Jan 2021 20:20:56 +0000 (21:20 +0100)]
Update linux headers to 5.11-rc2

Git-commit: b3c818a47f419b6e2f5508fe29e7a30843236fee
References: bsc#1183634

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20210104202057.48048-3-farman@linux.ibm.com>
[CH: dropped qatomic->atomic changes in pvrdma_ring.h]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoupdate-linux-headers: Include const.h
Eric Farman [Mon, 4 Jan 2021 20:20:55 +0000 (21:20 +0100)]
update-linux-headers: Include const.h

Git-commit: ab5ec23f9cc25215c1281d575c07c0f35e8e9e26
References: bsc#1183634

Kernel commit a85cbe6159ff ("uapi: move constants from
<linux/kernel.h> to <linux/const.h>") breaks our script
because of the unrecognized include. Let's add that to
our processing.

Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210104202057.48048-2-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotarget/arm: Update REV, PUNPK for pred_desc
Richard Henderson [Wed, 13 Jan 2021 06:26:50 +0000 (20:26 -1000)]
target/arm: Update REV, PUNPK for pred_desc

Git-commit: 70acaafef2e053a312d54c09b6721c730690e72c

Update all users of do_perm_pred2 for the new
predicate descriptor field definitions.

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1908551
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotarget/arm: Update ZIP, UZP, TRN for pred_desc
Richard Henderson [Wed, 13 Jan 2021 06:26:49 +0000 (20:26 -1000)]
target/arm: Update ZIP, UZP, TRN for pred_desc

Git-commit: f9b0fcceccfc05cde62ff7577fbf2bc13b842414

Update all users of do_perm_pred3 for the new
predicate descriptor field definitions.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotarget/arm: Update PFIRST, PNEXT for pred_desc
Richard Henderson [Wed, 13 Jan 2021 06:26:48 +0000 (20:26 -1000)]
target/arm: Update PFIRST, PNEXT for pred_desc

Git-commit: 86300b5d044064046395ae8ed605cc19e63f2a7c

These two were odd, in that do_pfirst_pnext passed the
count of 64-bit words rather than bytes.  Change to pass
the standard pred_full_reg_size to avoid confusion.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotarget/arm: Introduce PREDDESC field definitions
Richard Henderson [Wed, 13 Jan 2021 06:26:47 +0000 (20:26 -1000)]
target/arm: Introduce PREDDESC field definitions

Git-commit: b64ee454a4a086ed459bcda4c0bbb54e197841e4

SVE predicate operations cannot use the "usual" simd_desc
encoding, because the lengths are not a multiple of 8.
But we were abusing the SIMD_* fields to store values anyway.
This abuse broke when SIMD_OPRSZ_BITS was modified in e2e7168a214.

Introduce a new set of field definitions for exclusive use
of predicates, so that it is obvious what kind of predicate
we are manipulating.  To be used in future patches.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210113062650.593824-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years ago9pfs: Fully restart unreclaim loop (CVE-2021-20181)
Greg Kurz [Thu, 14 Jan 2021 16:04:12 +0000 (17:04 +0100)]
9pfs: Fully restart unreclaim loop (CVE-2021-20181)

Git-commit: 89fbea8737e8f7b954745a1ffc4238d377055305
References: bsc#1182137

Depending on the client activity, the server can be asked to open a huge
number of file descriptors and eventually hit RLIMIT_NOFILE. This is
currently mitigated using a reclaim logic : the server closes the file
descriptors of idle fids, based on the assumption that it will be able
to re-open them later. This assumption doesn't hold of course if the
client requests the file to be unlinked. In this case, we loop on the
entire fid list and mark all related fids as unreclaimable (the reclaim
logic will just ignore them) and, of course, we open or re-open their
file descriptors if needed since we're about to unlink the file.

This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual
opening of a file can cause the coroutine to yield, another client
request could possibly add a new fid that we may want to mark as
non-reclaimable as well. The loop is thus restarted if the re-open
request was actually transmitted to the backend. This is achieved
by keeping a reference on the first fid (head) before traversing
the list.

This is wrong in several ways:
- a potential clunk request from the client could tear the first
  fid down and cause the reference to be stale. This leads to a
  use-after-free error that can be detected with ASAN, using a
  custom 9p client
- fids are added at the head of the list : restarting from the
  previous head will always miss fids added by a some other
  potential request

All these problems could be avoided if fids were being added at the
end of the list. This can be achieved with a QSIMPLEQ, but this is
probably too much change for a bug fix. For now let's keep it
simple and just restart the loop from the current head.

Fixes: CVE-2021-20181
Buglink: https://bugs.launchpad.net/qemu/+bug/1911666
Reported-by: Zero Day Initiative <zdi-disclosures@trendmicro.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <161064025265.1838153.15185571283519390907.stgit@bahia.lan>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agohw/net/lan9118: Fix RX Status FIFO PEEK value
Peter Maydell [Fri, 8 Jan 2021 18:04:00 +0000 (18:04 +0000)]
hw/net/lan9118: Fix RX Status FIFO PEEK value

Git-commit: e7e29fdbbe07fb762d85af9c4d8eeff9b0f52a8e

A copy-and-paste error meant that the return value for register offset 0x44
(the RX Status FIFO PEEK register) returned a byte from a bogus offset in
the rx status FIFO. Fix the typo.

Cc: qemu-stable@nongnu.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1904954
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210108180401.2263-2-peter.maydell@linaro.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotarget/arm: Don't decode insns in the XScale/iWMMXt space as cp insns
Peter Maydell [Fri, 8 Jan 2021 19:51:57 +0000 (19:51 +0000)]
target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns

Git-commit: e4d51ac6921dc861bfb3d20e4c7dcf345840a9da

In commit cd8be50e58f63413c0 we converted the A32 coprocessor
insns to decodetree. This accidentally broke XScale/iWMMXt insns,
because it moved the handling of "cp insns which are handled
by looking up the cp register in the hashtable" from after the
call to the legacy disas_xscale_insn() decode to before it,
with the result that all XScale/iWMMXt insns now UNDEF.

Update valid_cp() so that it knows that on XScale cp 0 and 1
are not standard coprocessor instructions; this will cause
the decodetree trans_ functions to ignore them, so that
execution will correctly get through to the legacy decode again.

Cc: qemu-stable@nongnu.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20210108195157.32067-1-peter.maydell@linaro.org
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotarget/arm: Fix MTE0_ACTIVE
Richard Henderson [Mon, 21 Dec 2020 20:44:26 +0000 (12:44 -0800)]
target/arm: Fix MTE0_ACTIVE

Git-commit: cc97b0019bb590b9b3c2a623e9ebee48831e0ce3

In 50244cc76abc we updated mte_check_fail to match the ARM
pseudocode, using the correct EL to select the TCF field.
But we failed to update MTE0_ACTIVE the same way, which led
to g_assert_not_reached().

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907137
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20201221204426.88514-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agohw/timer/slavio_timer: Allow 64-bit accesses
Philippe Mathieu-Daudé [Sat, 5 Dec 2020 15:09:03 +0000 (16:09 +0100)]
hw/timer/slavio_timer: Allow 64-bit accesses

Git-commit: 62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9

Per the "NCR89C105 Chip Specification" referenced in the header:

                  Chip-level Address Map

  ------------------------------------------------------------------
  | 1D0 0000 ->   | Counter/Timers                        | W,D    |
  |   1DF FFFF    |                                       |        |
  ...

  The address map indicated the allowed accesses at each address.
  [...] W indicates a word access, and D indicates a double-word
  access.

The SLAVIO timer controller is implemented expecting 32-bit accesses.
Commit a3d12d073e1 restricted the memory accesses to 32-bit, while
the device allows 64-bit accesses.

This was not an issue until commit 5d971f9e67 which reverted
("memory: accept mismatching sizes in memory_region_access_valid").

Fix by renaming .valid MemoryRegionOps as .impl, and add the valid
access range (W -> 4, D -> 8).

Since commit 21786c7e598 ("memory: Log invalid memory accesses")
this class of bug can be quickly debugged displaying 'guest_errors'
accesses, as:

  $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d guest_errors

  Power-ON Reset
  Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size (min:4 max:4)

  $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S
  (qemu) info mtree
  address-space: memory
    0000000000000000-ffffffffffffffff (prio 0, i/o): system
      ...
      0000000ff1300000-0000000ff130000f (prio 0, i/o): timer-1
             ^^^^^^^^^                                 ^^^^^^^
                   \ memory region base address and name /

  (qemu) info qtree
  bus: main-system-bus
    dev: slavio_timer, id ""              <-- device type name
      gpio-out "sysbus-irq" 17
      num_cpus = 1 (0x1)
      mmio 0000000ff1310000/0000000000000014
      mmio 0000000ff1300000/0000000000000010 <--- base address
      mmio 0000000ff1301000/0000000000000010
      mmio 0000000ff1302000/0000000000000010
      ...

Reported-by: Yap KV <yapkv@yahoo.com>
Buglink: https://bugs.launchpad.net/bugs/1906905
Fixes: a3d12d073e1 ("slavio_timer: convert to memory API")
CC: qemu-stable@nongnu.org
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201205150903.3062711-1-f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agotcg: Use memset for large vector byte replication
Richard Henderson [Tue, 15 Dec 2020 17:47:59 +0000 (11:47 -0600)]
tcg: Use memset for large vector byte replication

Git-commit: 6d3ef04893bdea3e7aa08be3cce5141902836a31

In f47db80cc07, we handled odd-sized tail clearing for
the case of hosts that have vector operations, but did
not handle the case of hosts that do not have vector ops.

This was ok until e2e7168a214b, which changed the encoding
of simd_desc such that the odd sizes are impossible.

Add memset as a tcg helper, and use that for all out-of-line
byte stores to vectors.  This includes, but is not limited to,
the tail clearing operation in question.

Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/bugs/1907817
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoiotests: Fix _send_qemu_cmd with bash 5.1
Max Reitz [Thu, 17 Dec 2020 15:38:03 +0000 (16:38 +0100)]
iotests: Fix _send_qemu_cmd with bash 5.1

Git-commit: 0e72078128229bf9efb542e396ab44bf91b91340
References: boo#1181054

With bash 5.1, the output of the following script changes:

  a=("double  space")
  a=${a[@]:0:1}
  echo "$a"

from "double space" to "double  space", i.e. all white space is
preserved as-is.  This is probably what we actually want here (judging
from the "...to accommodate pathnames with spaces" comment), but before
5.1, we would have to quote the ${} slice to get the same behavior.

In any case, without quoting, the reference output of many iotests is
different between bash 5.1 and pre-5.1, which is not very good.  The
output of 5.1 is what we want, so whatever we do to get pre-5.1 to the
same result, it means we have to fix the reference output of basically
all tests that invoke _send_qemu_cmd (except the ones that only use
single spaces in the commands they invoke).

Instead of quoting the ${} slice (cmd="${$@: 1:...}"), we can also just
not use array slicing and replace the whole thing with a simple "cmd=$1;
shift", which works because all callers quote the whole $cmd argument
anyway.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20201217153803.101231-3-mreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoblock/nfs: fix int overflow in nfs_client_open_qdict
Peter Lieven [Wed, 9 Dec 2020 12:17:35 +0000 (13:17 +0100)]
block/nfs: fix int overflow in nfs_client_open_qdict

Git-commit: 182454dc63c66ff5a29eddd60cc987b6a1b45e7f

nfs_client_open returns the file size in sectors. This effectively
makes it impossible to open files larger than 1TB.

Fixes: c22a03454544c2a08f1107c5cc8481a5574533d5
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-Id: <20201209121735.16437-1-pl@kamp.de>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agobuild: -no-pie is no functional linker flag
Christian Ehrhardt [Mon, 14 Dec 2020 15:09:38 +0000 (16:09 +0100)]
build: -no-pie is no functional linker flag

Git-commit: bbd2d5a8120771ec59b86a80a1f51884e0a26e53

Recent binutils changes dropping unsupported options [1] caused a build
issue in regard to the optionroms.

  ld -m elf_i386 -T /<<PKGBUILDDIR>>/pc-bios/optionrom//flat.lds -no-pie \
    -s -o multiboot.img multiboot.o
  ld.bfd: Error: unable to disambiguate: -no-pie (did you mean --no-pie ?)

This isn't really a regression in ld.bfd, filing the bug upstream
revealed that this never worked as a ld flag [2] - in fact it seems we
were by accident setting --nmagic).

Since it never had the wanted effect this usage of LDFLAGS_NOPIE, should be
droppable without any effect. This also is the only use-case of LDFLAGS_NOPIE
in .mak, therefore we can also remove it from being added there.

[1]: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=983d925d
[2]: https://sourceware.org/bugzilla/show_bug.cgi?id=27050#c5

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Message-Id: <20201214150938.1297512-1-christian.ehrhardt@canonical.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agomemory: clamp cached translation in case it points to an MMIO region
Paolo Bonzini [Tue, 1 Dec 2020 14:29:56 +0000 (09:29 -0500)]
memory: clamp cached translation in case it points to an MMIO region

Git-commit: 4bfb024bc76973d40a359476dc0291f46e435442
References: bsc#1179686, CVE-2020-27821

In using the address_space_translate_internal API, address_space_cache_init
forgot one piece of advice that can be found in the code for
address_space_translate_internal:

    /* MMIO registers can be expected to perform full-width accesses based only
     * on their address, without considering adjacent registers that could
     * decode to completely different MemoryRegions.  When such registers
     * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
     * regions overlap wildly.  For this reason we cannot clamp the accesses
     * here.
     *
     * If the length is small (as is the case for address_space_ldl/stl),
     * everything works fine.  If the incoming length is large, however,
     * the caller really has to do the clamping through memory_access_size.
     */

address_space_cache_init is exactly one such case where "the incoming length
is large", therefore we need to clamp the resulting length---not to
memory_access_size though, since we are not doing an access yet, but to
the size of the resulting section.  This ensures that subsequent accesses
to the cached MemoryRegionSection will be in range.

With this patch, the enclosed testcase notices that the used ring does
not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used"
error.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoaudio: add sanity check
Gerd Hoffmann [Tue, 15 Dec 2020 08:11:51 +0000 (09:11 +0100)]
audio: add sanity check

Git-commit: 06c8c375389a54d8e4457d967f4f0896caecefb2
References: boo#1180210

Check whenever we actually found the spiceaudio driver
before flipping the can_be_default field.

Fixes: f0c4555edfdd ("audio: remove qemu_spice_audio_init()")
Buglink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977301
Reported-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20201215081151.20095-1-kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoblock: Fix deadlock in bdrv_co_yield_to_drain()
Kevin Wolf [Thu, 3 Dec 2020 17:23:11 +0000 (18:23 +0100)]
block: Fix deadlock in bdrv_co_yield_to_drain()

Git-commit: 960d5fb3e8ee09bc5f1a5c84f66dce42a6cef920

If bdrv_co_yield_to_drain() is called for draining a block node that
runs in a different AioContext, it keeps that AioContext locked while it
yields and schedules a BH in the AioContext to do the actual drain.

As long as executing the BH is the very next thing that the event loop
of the node's AioContext does, this actually happens to work, but when
it tries to execute something else that wants to take the AioContext
lock, it will deadlock. (In the bug report, this other thing is a
virtio-scsi device running virtio_scsi_data_plane_handle_cmd().)

Instead, always drop the AioContext lock across the yield and reacquire
it only when the coroutine is reentered. The BH needs to unconditionally
take the lock for itself now.

This fixes the 'block_resize' QMP command on a block node that runs in
an iothread.

Cc: qemu-stable@nongnu.org
Fixes: eb94b81a94bce112e6b206df846c1551aaf6cab6
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1903511
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20201203172311.68232-4-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoblock: Fix locking in qmp_block_resize()
Kevin Wolf [Thu, 3 Dec 2020 17:23:10 +0000 (18:23 +0100)]
block: Fix locking in qmp_block_resize()

Git-commit: 8089eab2bd5fb160b038e64e14cf7ffb3f37091e

The drain functions assume that we hold the AioContext lock of the
drained block node. Make sure to actually take the lock.

Cc: qemu-stable@nongnu.org
Fixes: eb94b81a94bce112e6b206df846c1551aaf6cab6
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20201203172311.68232-3-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoblock: Simplify qmp_block_resize() error paths
Kevin Wolf [Thu, 3 Dec 2020 17:23:09 +0000 (18:23 +0100)]
block: Simplify qmp_block_resize() error paths

Git-commit: d9dbf25f9624aac43e4357019bed4422f0b3368d

The only thing that happens after the 'out:' label is blk_unref(blk).
However, blk = NULL in all of the error cases, so instead of jumping to
'out:', we can just return directly.

Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20201203172311.68232-2-kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoui/vnc: Add missing lock for send_color_map
Peng Liang [Mon, 16 Nov 2020 14:13:38 +0000 (22:13 +0800)]
ui/vnc: Add missing lock for send_color_map

Git-commit: 947191b4312a547621566d77d7b922d9e13bb63d
vnc_write() should be locked after the RFB protocol is initialized.

Fixes: 0c426e4534b4 ("vnc: Add support for color map")
Cc: qemu-stable@nongnu.org
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Message-id: 20201116141338.148911-1-liangpeng10@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
2 years agoImported vendor release 5.2.0-20.1
SoonKyu Park [Tue, 23 Nov 2021 04:45:12 +0000 (13:45 +0900)]
Imported vendor release 5.2.0-20.1

2 years agoImported Upstream version 5.2.0
SoonKyu Park [Tue, 23 Nov 2021 04:40:00 +0000 (13:40 +0900)]
Imported Upstream version 5.2.0

3 years agoTo support syscall_389 92/265992/1 sandbox/wangbiao/qemu_2_7
biao716.wang [Thu, 4 Nov 2021 16:13:17 +0000 (01:13 +0900)]
To support syscall_389

Change-Id: I7e780307e9c64525961fc70ecc7e1fcfb29d8d5e
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
3 years agopackaging: add armv7hl support 14/265414/1
Dongkyun, Son [Fri, 24 Feb 2017 08:47:58 +0000 (17:47 +0900)]
packaging: add armv7hl support

Change-Id: I5e2568eb66be2fd4c10b4b6d6b376269b1e0b56d
Signed-off-by: Dongkyun, Son <dongkyun.s@samsung.com>
(cherry picked from commit a91f333858752b70d41d1e98a0c75fe4d59ce72a)

3 years agoRevert 8f8f75: "linux-user: Run multi-threaded code on a single core" 64/258964/2 tizen_6.5_base tizen_6.5.m2_release
hyokeun.jeon [Fri, 28 May 2021 09:14:49 +0000 (18:14 +0900)]
Revert 8f8f75: "linux-user: Run multi-threaded code on a single core"

Approved by Tizen PL team at 2021-05-27

Change-Id: I96f1312f0dd2d1e7aca611486c8df35669e2f722

4 years agoMerge '[Qemu-devel] [PATCH for-4.1] linux-user: Make sigaltstack stacks per-thread... 76/231176/2 accepted/tizen_base_tool sandbox/yan11meng/qemu_upgrade tizen_6.0_base tizen_6.0_base_hotfix accepted/tizen/6.0/base/20201029.105809 submit/tizen_6.0_base/20201029.184802 submit/tizen_6.0_base_hotfix/20201030.192502 submit/tizen_6.0_base_hotfix/20201102.162702 tizen_6.0.m2_release upstream/2.7.0.1
SoonKyu Park [Fri, 3 Apr 2020 00:31:58 +0000 (09:31 +0900)]
Merge '[Qemu-devel] [PATCH for-4.1] linux-user: Make sigaltstack stacks per-thread' for go language support
patch url : https://patchew.org/QEMU/20190725131645.19501-1-peter.maydell@linaro.org/

Change-Id: I591a7d1eab277ecdedbe8a886de4fb553f31a264

6 years agoASan-related hack to speedup aarch64 builds. 93/175393/1 accepted/tizen_5.5_base_mobile_hotfix accepted/tizen_5.5_base_wearable_hotfix tizen_5.0_base tizen_5.5_base tizen_5.5_base_mobile_hotfix tizen_5.5_base_wearable_hotfix tizen_5.5_tv accepted/tizen/5.0/base/20181101.091254 accepted/tizen/5.5/base/mobile/hotfix/20201023.083817 accepted/tizen/5.5/base/wearable/hotfix/20201023.080204 submit/tizen_5.0_base/20181101.000001 submit/tizen_5.5_base_mobile_hotfix/20201023.171502 submit/tizen_5.5_base_wearable_hotfix/20201023.155602 tizen_5.5.m2_release
Maxim Ostapenko [Fri, 8 Jul 2016 12:47:42 +0000 (15:47 +0300)]
ASan-related hack to speedup aarch64 builds.

Switch off memory pages checks in qemu if memory regions are mapped by ASan

Change-Id: I8233802ee35db00c799f5645072b8014f823b5c6
Signed-off-by: Maxim Ostapenko <m.ostapenko@samsung.com>
7 years agoImported Upstream version 2.6.1 upstream upstream/2.6.1
hyokeun [Tue, 27 Dec 2016 08:29:09 +0000 (17:29 +0900)]
Imported Upstream version 2.6.1

8 years agoUse different names for qemu-user binary: 65/96565/1 tizen_4.0_base_not_used accepted/tizen/4.0/base/20170811.093141 submit/tizen_4.0_base/20170811.071500 submit/tizen_4.0_base/20170828.000000 tizen_4.0.IoT.p1_release tizen_4.0.IoT.p2_release tizen_4.0.m1_release tizen_4.0.m2_release
Pavel Kopyl [Tue, 23 Aug 2016 13:42:07 +0000 (13:42 +0000)]
Use different names for qemu-user binary:

1. qemu-linux-user-x86_64-cross for 64-bit.
2. qemu-linux-user-x86-cross for 32-bit.
Also keep binaries with old names.

Change-Id: Ib2487b82c57189942e0925427cb2144dc8817dec
Signed-off-by: Pavel Kopyl <p.kopyl@samsung.com>
Signed-off-by: Chan Lee <chan45.lee@samsung.com>
(cherry picked from commit 4f4fc9b2f8ac86e081b08fb48d77fa860626d148)

8 years agoremoved qemu log (Unsupported syscall) 05/92405/1
Dongkyun, Son [Mon, 29 Aug 2016 06:17:44 +0000 (15:17 +0900)]
removed qemu log (Unsupported syscall)

blocked unexpeced warning message (qemu: Unsupported syscall: 219 or 311)

Change-Id: If17b6d80c0835fcc44822551127eca068b23eec9
Signed-off-by: Dongkyun, Son <dongkyun.s@samsung.com>
(cherry picked from commit 6b4067f8f34ee83f94042551267e951ab0b5e10e)

8 years agopackaging: mic-bootstrap link issue accepted/tizen_3.0_base qemu-2.7.0 tizen_3.0_base_not_used accepted/tizen/3.0/base/20161028.103448 submit/tizen_3.0_base/20161028.062326
hyokeun [Wed, 7 Sep 2016 08:54:56 +0000 (17:54 +0900)]
packaging: mic-bootstrap link issue

8 years agobinfmt: translate symbolic links correctly with realpath
Julien Isorce [Tue, 10 May 2016 12:18:06 +0000 (13:18 +0100)]
binfmt: translate symbolic links correctly with realpath

Change-Id: Ic0eeac9de40a8e1082c83b442829ac28f68bff04
Signed-off-by: Julien Isorce <j.isorce@samsung.com>
Signed-off-by: Yury Usishchev <y.usishchev@samsung.com>
8 years agoModify spec file to build qemu package in Tools:qemu project and aggregate it to...
SoonKyu Park [Fri, 19 Feb 2016 00:05:59 +0000 (09:05 +0900)]
Modify spec file to build qemu package in Tools:qemu project and aggregate it to use it

Change-Id: Id2db3f863d1d3fcdb57f841b69c3acda94e32cef

8 years agoAdd compatibility symlinks
Yury Usishchev [Wed, 5 Aug 2015 18:03:26 +0000 (21:03 +0300)]
Add compatibility symlinks

Symlinks to qemu binaries placed in directories where they are searched by
common non-Tizen binfmt_misc configurations (eq. in Ubuntu).

Change-Id: I6b8602736926dba24a7ffbc70c91222ec3ba5cc8

8 years agopackaging: ln -sf qemu-arm64, qemu-arm64-binfmt
hyokeun [Tue, 6 Sep 2016 04:58:06 +0000 (13:58 +0900)]
packaging: ln -sf qemu-arm64, qemu-arm64-binfmt

8 years agobinfmt: use binaries from /emul
Yury Usishchev [Wed, 5 Aug 2015 18:01:01 +0000 (21:01 +0300)]
binfmt: use binaries from /emul

This allows removing hardcoded architecture-dependent paths
from qemu-accel package. Also allows using symlinks for qemu-*-binfmt
as path don't depend on binary name now.

Change-Id: I92b9bc6df477ef925c761045d5307aca8cc1b2d4

8 years agoenable 32 bit qemu for Tizen.
Junfeng Dong [Tue, 19 Nov 2013 11:14:41 +0000 (19:14 +0800)]
enable 32 bit qemu for Tizen.

Change-Id: I75ecb5ef6952d1083c030f5e48ba2a24e4d6f4a1
Signed-off-by: Junfeng Dong <junfeng.dong@intel.com>
8 years agopackaging: Adding permissions-file-setuid-bit
hyokeun [Tue, 6 Sep 2016 01:18:07 +0000 (10:18 +0900)]
packaging: Adding permissions-file-setuid-bit

8 years agopackaging: BuildRequires: -post-build-checks
hyokeun [Mon, 5 Sep 2016 11:12:59 +0000 (20:12 +0900)]
packaging: BuildRequires: -post-build-checks

Change-Id: I27b7123c2637e7af82d59ca5e7d5bd139d727647

8 years agopackaging: Disable libseccomp
hyokeun [Tue, 6 Sep 2016 05:29:28 +0000 (14:29 +0900)]
packaging: Disable libseccomp

Change-Id: I177741ece64572b63c7fbad8267324449735ca97

8 years agopackaging: add packaging directory
hyokeun [Mon, 5 Sep 2016 04:22:58 +0000 (13:22 +0900)]
packaging: add packaging directory

Change-Id: I7eb77abf7c4e5afdc9606c723c125910280c65e6

8 years agoconfigure: Fix detection of seccomp on s390x
markkp [Thu, 11 Aug 2016 20:28:39 +0000 (16:28 -0400)]
configure: Fix detection of seccomp on s390x

Signed-off-by: Mark Post <mpost@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoqemu-binfmt-conf: use qemu-ARCH-binfmt
Andreas Schwab [Fri, 12 Aug 2016 16:20:49 +0000 (18:20 +0200)]
qemu-binfmt-conf: use qemu-ARCH-binfmt

Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoqemu-bridge-helper: reduce security profile
Bruce Rogers [Tue, 2 Aug 2016 17:36:02 +0000 (11:36 -0600)]
qemu-bridge-helper: reduce security profile

Change from using glib alloc and free routines to those
from libc. Also perform safety measure of dropping privs
to user if configured no-caps.

[BR: BOO#988279]
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoxen: SUSE xenlinux unplug for emulated PCI
Olaf Hering [Tue, 21 Jun 2016 16:42:45 +0000 (18:42 +0200)]
xen: SUSE xenlinux unplug for emulated PCI

Implement SUSE specific unplug protocol for emulated PCI devices
in PVonHVM guests
(bsc#953339, bsc#953362, bsc#953518, bsc#984981)

Signed-off-by: Olaf Hering <ohering@suse.de>
8 years agobuild: link with libatomic on powerpc-linux
Olaf Hering [Fri, 1 Apr 2016 10:27:16 +0000 (12:27 +0200)]
build: link with libatomic on powerpc-linux

Building on powerpc-linux fails with undefined reference to
__atomic_load_8 in icount_warp_rt(). Force linking to -latomic.

Fixes a0aa44b ("include/qemu/atomic.h: default to __atomic functions")

Signed-off-by: Olaf Hering <olaf@aepfle.de>
8 years agoxen_disk: Add suse specific flush disable handling and map to QEMU equiv
Bruce Rogers [Wed, 9 Mar 2016 22:18:11 +0000 (15:18 -0700)]
xen_disk: Add suse specific flush disable handling and map to QEMU equiv

Add code to read the suse specific suse-diskcache-disable-flush flag out
of xenstore, and set the equivalent flag within QEMU.

Patch taken from Xen's patch queue, Olaf Hering being the original author.
[bsc#879425]

Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Olaf Hering <olaf@aepfle.de>
8 years agodictzip: Fix on big endian systems
Alexander Graf [Mon, 15 Jun 2015 15:36:32 +0000 (17:36 +0200)]
dictzip: Fix on big endian systems

The dictzip code in SLE11 received some treatment over time to support
running on big endian hosts. Somewhere in the transition to SLE12 this
support got lost. Add it back in again from the SLE11 code base.

Furthermore while at it, fix up the debug prints to not emit warnings.

[AG: BSC#937572]
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoAIO: Reduce number of threads for 32bit hosts
Alexander Graf [Wed, 14 Jan 2015 00:32:11 +0000 (01:32 +0100)]
AIO: Reduce number of threads for 32bit hosts

On hosts with limited virtual address space (32bit pointers), we can very
easily run out of virtual memory with big thread pools.

Instead, we should limit ourselves to small pools to keep memory footprint
low on those systems.

This patch fixes random VM stalls like

  (process:25114): GLib-ERROR **: gmem.c:103: failed to allocate 1048576 bytes

on 32bit ARM systems for me.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoconfigure: Enable PIE for ppc and ppc64 hosts
Dinar Valeev [Wed, 2 Oct 2013 15:56:03 +0000 (17:56 +0200)]
configure: Enable PIE for ppc and ppc64 hosts

Signed-off-by: Dinar Valeev <dvaleev@suse.com>
[AF: Rebased for v1.7]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agovirtfs-proxy-helper: Provide __u64 for broken sys/capability.h
Bruce Rogers [Thu, 16 May 2013 10:39:10 +0000 (12:39 +0200)]
virtfs-proxy-helper: Provide __u64 for broken sys/capability.h

Fixes the build on SLE 11 SP2.

[AF: Extend to ppc64]

8 years agolinux-user: lseek: explicitly cast non-set offsets to signed
Alexander Graf [Thu, 13 Dec 2012 13:29:22 +0000 (14:29 +0100)]
linux-user: lseek: explicitly cast non-set offsets to signed

When doing lseek, SEEK_SET indicates that the offset is an unsigned variable.
Other seek types have parameters that can be negative.

When converting from 32bit to 64bit parameters, we need to take this into
account and enable SEEK_END and SEEK_CUR to be negative, while SEEK_SET stays
absolute positioned which we need to maintain as unsigned.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoMake char muxer more robust wrt small FIFOs
Alexander Graf [Thu, 1 Apr 2010 15:36:23 +0000 (17:36 +0200)]
Make char muxer more robust wrt small FIFOs

Virtio-Console can only process one character at a time. Using it on S390
gave me strage "lags" where I got the character I pressed before when
pressing one. So I typed in "abc" and only received "a", then pressed "d"
but the guest received "b" and so on.

While the stdio driver calls a poll function that just processes on its
queue in case virtio-console can't take multiple characters at once, the
muxer does not have such callbacks, so it can't empty its queue.

To work around that limitation, I introduced a new timer that only gets
active when the guest can not receive any more characters. In that case
it polls again after a while to check if the guest is now receiving input.

This patch fixes input when using -nographic on s390 for me.

[AF: Rebased for v2.7.0-rc2]

8 years agoconsole: add question-mark escape operator
Alexander Graf [Mon, 6 Jun 2011 04:53:52 +0000 (06:53 +0200)]
console: add question-mark escape operator

Some termcaps (found using SLES11SP1) use [? sequences. According to man
console_codes (http://linux.die.net/man/4/console_codes) the question mark
is a nop and should simply be ignored.

This patch does exactly that, rendering screen output readable when
outputting guest serial consoles to the graphical console emulator.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agoLegacy Patch kvm-qemu-preXX-dictzip3.patch
Alexander Graf [Wed, 12 Dec 2012 18:11:30 +0000 (19:11 +0100)]
Legacy Patch kvm-qemu-preXX-dictzip3.patch

8 years agoblock: Add tar container format
Alexander Graf [Wed, 5 Aug 2009 15:28:38 +0000 (17:28 +0200)]
block: Add tar container format

Tar is a very widely used format to store data in. Sometimes people even put
virtual machine images in there.

So it makes sense for qemu to be able to read from tar files. I implemented a
written from scratch reader that also knows about the GNU sparse format, which
is what pigz creates.

This version checks for filenames that end on well-known extensions. The logic
could be changed to search for filenames given on the command line, but that
would require changes to more parts of qemu.

The tar reader in conjunctiuon with dzip gives us the chance to download
tar'ed up virtual machine images (even via http) and instantly make use of
them.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[TH: Use bdrv_open options instead of filename]
Signed-off-by: Tim Hardeck <thardeck@suse.de>
[AF: bdrv_file_open got an Error **errp argument, bdrv_delete -> brd_unref]
[AF: qemu_opts_create_nofail() -> qemu_opts_create(),
     bdrv_file_open() -> bdrv_open(), based on work by brogers]
[AF: error_is_set() dropped for v2.1.0-rc0]
[AF: BlockDriverAIOCB -> BlockAIOCB,
     BlockDriverCompletionFunc -> BlockCompletionFunc,
     qemu_aio_release() -> qemu_aio_unref(),
     drop tar_aio_cancel()]
[AF: common-obj-y -> block-obj-y, drop probe hook (bsc#945778)]
[AF: Drop bdrv_open() drv parameter for 2.5]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Changed bdrv_open() bs parameter and return value for v2.7.0-rc2,
     for bdrv_pread() and bdrv_aio_readv() s/s->hd/s->hd->file/]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoblock: Add support for DictZip enabled gzip files
Alexander Graf [Wed, 5 Aug 2009 07:49:37 +0000 (09:49 +0200)]
block: Add support for DictZip enabled gzip files

DictZip is an extension to the gzip format that allows random seeks in gzip
compressed files by cutting the file into pieces and storing the piece offsets
in the "extra" header of the gzip format.

Thanks to that extension, we can use gzip compressed files as block backend,
though only in read mode.

This makes a lot of sense when stacked with tar files that can then be shipped
to VM users. If a VM image is inside a tar file that is inside a DictZip
enabled gzip file, the user can run the tar.gz file as is without having to
extract the image first.

Tar patch follows.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[TH: Use bdrv_open options instead of filename]
Signed-off-by: Tim Hardeck <thardeck@suse.de>
[AF: Error **errp added for bdrv_file_open, bdrv_delete -> bdrv_unref]
[AF: qemu_opts_create_nofail() -> qemu_opts_create(),
     bdrv_file_open() -> bdrv_open(), based on work by brogers]
[AF: error_is_set() dropped for v2.1.0-rc0]
[AF: BlockDriverAIOCB -> BlockAIOCB,
     BlockDriverCompletionFunc -> BlockCompletionFunc,
     qemu_aio_release() -> qemu_aio_unref(),
     drop dictzip_aio_cancel()]
[AF: common-obj-y -> block-obj-y, drop probe hook (bsc#945778)]
[AF: Drop bdrv_open() drv parameter for 2.5]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Drop bdrv_open() bs parameter and change return value for v2.7.0-rc2,
     for bdrv_pread() and bdrv_aio_readv() do s/s->hd/s->hd->file/]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agolinux-user: use target_ulong
Alexander Graf [Tue, 9 Oct 2012 07:06:49 +0000 (09:06 +0200)]
linux-user: use target_ulong

Linux syscalls pass pointers or data length or other information of that sort
to the kernel. This is all stuff you don't want to have sign extended.
Otherwise a host 64bit variable parameter with a size parameter will extend
it to a negative number, breaking lseek for example.

Pass syscall arguments as ulong always.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agovnc: password-file= and incoming-connections=
Andreas Färber [Wed, 29 Aug 2012 18:06:01 +0000 (20:06 +0200)]
vnc: password-file= and incoming-connections=

TBD (from SUSE Studio team)

8 years agoslirp: -nooutgoing
Andreas Färber [Wed, 29 Aug 2012 16:42:56 +0000 (18:42 +0200)]
slirp: -nooutgoing

TBD (from SUSE Studio team)

8 years agolinux-user: XXX disable fiemap
Alexander Graf [Tue, 21 Aug 2012 12:20:40 +0000 (14:20 +0200)]
linux-user: XXX disable fiemap

agraf: fiemap breaks in libarchive. Disable it for now.

8 years agolinux-user: implement FS_IOC_SETFLAGS ioctl
Alexander Graf [Sun, 19 Aug 2012 22:07:13 +0000 (00:07 +0200)]
linux-user: implement FS_IOC_SETFLAGS ioctl

Signed-off-by: Alexander Graf <agraf@suse.de>
---

v1 -> v2

  - use TYPE_LONG instead of TYPE_INT

8 years agolinux-user: implement FS_IOC_GETFLAGS ioctl
Alexander Graf [Sun, 19 Aug 2012 22:02:52 +0000 (00:02 +0200)]
linux-user: implement FS_IOC_GETFLAGS ioctl

Signed-off-by: Alexander Graf <agraf@suse.de>
---

v1 -> v2:

  - use TYPE_LONG instead of TYPE_INT

8 years agolinux-user: Fake /proc/cpuinfo
Alexander Graf [Mon, 23 Jul 2012 08:24:14 +0000 (10:24 +0200)]
linux-user: Fake /proc/cpuinfo

Fedora 17 for ARM reads /proc/cpuinfo and fails if it doesn't contain
ARM related contents. This patch implements a quick hack to expose real
/proc/cpuinfo data taken from a real world machine.

The real fix would be to generate at least the flags automatically based
on the selected CPU. Please do not submit this patch upstream until this
has happened.

Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased for v1.6 and v1.7]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agolinux-user: lock tb flushing too
Alexander Graf [Wed, 11 Jul 2012 14:47:42 +0000 (16:47 +0200)]
linux-user: lock tb flushing too

Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto exec.c/translate-all.c split for 1.4]
[AF: Rebased onto tb_alloc() changes for v2.5.0-rc0]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agolinux-user: Run multi-threaded code on a single core
Alexander Graf [Tue, 10 Jul 2012 18:40:55 +0000 (20:40 +0200)]
linux-user: Run multi-threaded code on a single core

Running multi-threaded code can easily expose some of the fundamental
breakages in QEMU's design. It's just not a well supported scenario.

So if we pin the whole process to a single host CPU, we guarantee that
we will never have concurrent memory access actually happen. We can still
get scheduled away at any time, so it's no complete guarantee, but apparently
it reduces the odds well enough to get my test cases to pass.

This gets Java 1.7 working for me again on my test box.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agolinux-user: lock tcg
Alexander Graf [Thu, 5 Jul 2012 15:31:39 +0000 (17:31 +0200)]
linux-user: lock tcg

The tcg code generator is not thread safe. Lock its generation between
different threads.

Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto exec.c/translate-all.c split for 1.4]
[AF: Rebased for v2.1.0-rc0]
[AF: Rebased onto tcg_gen_code_common() drop for v2.5.0-rc0]
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agolinux-user: binfmt: support host binaries
Alexander Graf [Thu, 2 Feb 2012 17:02:33 +0000 (18:02 +0100)]
linux-user: binfmt: support host binaries

When we have a working host binary equivalent for the guest binary we're
trying to run, let's just use that instead as it will be a lot faster.

Signed-off-by: Alexander Graf <agraf@suse.de>
8 years agolinux-user: fix segfault deadlock
Alexander Graf [Fri, 13 Jan 2012 16:05:41 +0000 (17:05 +0100)]
linux-user: fix segfault deadlock

When entering the guest we take a lock to ensure that nobody else messes
with our TB chaining while we're doing it. If we get a segfault inside that
code, we manage to work on, but will not unlock the lock.

This patch forces unlocking of that lock in the segv handler. I'm not sure
this is the right approach though. Maybe we should rather make sure we don't
segfault in the code? I would greatly appreciate someone more intelligible
than me to look at this :).

Example code to trigger this is at: http://csgraf.de/tmp/conftest.c

Reported-by: Fabio Erculiani <lxnay@sabayon.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Drop spinlock_safe_unlock() and switch to tb_lock_reset() (bonzini)]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoPPC: KVM: Disable mmu notifier check
Alexander Graf [Fri, 6 Jan 2012 00:05:55 +0000 (01:05 +0100)]
PPC: KVM: Disable mmu notifier check

When using hugetlbfs (which is required for HV mode KVM on 970), we
check for MMU notifiers that on 970 can not be implemented properly.

So disable the check for mmu notifiers on PowerPC guests, making
KVM guests work there, even if possibly racy in some odd circumstances.

8 years agolinux-user: add binfmt wrapper for argv[0] handling
Alexander Graf [Fri, 30 Sep 2011 17:40:36 +0000 (19:40 +0200)]
linux-user: add binfmt wrapper for argv[0] handling

When using qemu's linux-user binaries through binfmt, argv[0] gets lost
along the execution because qemu only gets passed in the full file name
to the executable while argv[0] can be something completely different.

This breaks in some subtile situations, such as the grep and make test
suites.

This patch adds a wrapper binary called qemu-$TARGET-binfmt that can be
used with binfmt's P flag which passes the full path _and_ argv[0] to
the binfmt handler.

The binary would be smart enough to be versatile and only exist in the
system once, creating the qemu binary path names from its own argv[0].
However, this seemed like it didn't fit the make system too well, so
we're currently creating a new binary for each target archictecture.

CC: Reinhard Max <max@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto new Makefile infrastructure, twice]
[AF: Updated for aarch64 for v2.0.0-rc1]
[AF: Rebased onto Makefile changes for v2.1.0-rc0]
[AF: Rebased onto script rewrite for v2.7.0-rc2 - to be fixed]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoqemu-cvs-ioctl_nodirection
Alexander Graf [Tue, 14 Apr 2009 14:27:36 +0000 (16:27 +0200)]
qemu-cvs-ioctl_nodirection

the direction given in the ioctl should be correct so we can assume the
communication is uni-directional. The alsa developers did not like this
concept though and declared ioctls IOC_R and IOC_W even though they were
IOC_RW.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
8 years agoqemu-cvs-ioctl_debug
Alexander Graf [Tue, 14 Apr 2009 14:26:33 +0000 (16:26 +0200)]
qemu-cvs-ioctl_debug

Extends unsupported ioctl debug output.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
8 years agoqemu-cvs-gettimeofday
Ulrich Hecht [Tue, 14 Apr 2009 14:25:41 +0000 (16:25 +0200)]
qemu-cvs-gettimeofday

No clue what this is for.

8 years agoqemu-cvs-alsa_mmap
Alexander Graf [Tue, 14 Apr 2009 14:24:15 +0000 (16:24 +0200)]
qemu-cvs-alsa_mmap

Hack to prevent ALSA from using mmap() interface to simplify emulation.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
8 years agoqemu-cvs-alsa_ioctl
Alexander Graf [Tue, 14 Apr 2009 14:23:27 +0000 (16:23 +0200)]
qemu-cvs-alsa_ioctl

Implements ALSA ioctls on PPC hosts.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoqemu-cvs-alsa_bitfield
Alexander Graf [Tue, 14 Apr 2009 14:20:50 +0000 (16:20 +0200)]
qemu-cvs-alsa_bitfield

Implements TYPE_INTBITFIELD partially. (required for ALSA support)

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
8 years agoqemu-binfmt-conf: Modify default path
Andreas Färber [Wed, 10 Aug 2016 17:00:24 +0000 (19:00 +0200)]
qemu-binfmt-conf: Modify default path

Change QEMU_PATH from /usr/local/bin to /usr/bin prefix.

Signed-off-by: Andreas Färber <afaerber@suse.de>
8 years agoXXX dont dump core on sigabort
Alexander Graf [Mon, 21 Nov 2011 22:50:36 +0000 (23:50 +0100)]
XXX dont dump core on sigabort

8 years agoImported Upstream version 2.7.0 upstream/2.7.0
hyokeun [Tue, 6 Sep 2016 05:09:22 +0000 (14:09 +0900)]
Imported Upstream version 2.7.0

8 years agoImported Upstream version 2.6.0 90/81590/2 upstream/2.6.0
Yonghee Han [Wed, 27 Jul 2016 07:43:51 +0000 (16:43 +0900)]
Imported Upstream version 2.6.0

Change-Id: I8e3ccf55257695533c385aa8706484c73a733251

8 years agoImported Upstream version 2.5.1.1 89/81589/2 upstream/2.5.1.1
Yonghee Han [Wed, 27 Jul 2016 07:42:54 +0000 (16:42 +0900)]
Imported Upstream version 2.5.1.1

Change-Id: Ie290b0e68882590d8a64fab165a943940b7c98ed

8 years agoImported Upstream version 2.4.1 88/81588/2 upstream/2.4.1
Yonghee Han [Wed, 27 Jul 2016 07:40:17 +0000 (16:40 +0900)]
Imported Upstream version 2.4.1

Change-Id: I0b584f569cb0e0f4eac13cdb79e110c2dbc34bfc

8 years agoImported Upstream version 2.3.1 87/81587/2 upstream/2.3.1
Yonghee Han [Wed, 27 Jul 2016 07:39:12 +0000 (16:39 +0900)]
Imported Upstream version 2.3.1

Change-Id: I2161522ea1d7ff10cd1d697609d473243c05e1df

9 years agoImported Upstream version 2.2.0 upstream/2.2.0 upstream/2.2.1
Chanho Park [Wed, 10 Dec 2014 06:42:55 +0000 (15:42 +0900)]
Imported Upstream version 2.2.0

10 years agoImported Upstream version 2.1.0 upstream/2.1.0
Chanho Park [Fri, 5 Sep 2014 11:35:53 +0000 (20:35 +0900)]
Imported Upstream version 2.1.0