Hyunggi Lee [Wed, 22 Feb 2023 03:10:05 +0000 (12:10 +0900)]
util: import GTree as QTree
The only reason to add this implementation is to control the memory allocator
used. Some users (e.g. TCG) cannot work reliably in multi-threaded
environments (e.g. forking in user-mode) with GTree's allocator, GSlice.
See https://gitlab.com/qemu-project/qemu/-/issues/285 for details.
Importing GTree is a temporary workaround until GTree migrates away
from GSlice.
This implementation is identical to that in glib v2.75.0, except that
we don't import recent additions to the API nor deprecated API calls,
none of which are used in QEMU.
I've imported tests from glib and added a benchmark just to
make sure that performance is similar. Note: it cannot be identical
because (1) we are not using GSlice, (2) we use different compilation flags
(e.g. -fPIC) and (3) we're linking statically.
$ cat /proc/cpuinfo| grep 'model name' | head -1
model name : AMD Ryzen 7 PRO 5850U with Radeon Graphics
$ echo '0' | sudo tee /sys/devices/system/cpu/cpufreq/boost
$ tests/bench/qtree-bench
Tree Op 32 1024 4096 131072
1048576
------------------------------------------------------------------------------------------------
GTree Lookup 83.23 43.08 25.31 19.40
16.22
QTree Lookup 113.42 (1.36x) 53.83 (1.25x) 28.38 (1.12x) 17.64
(0.91x) 13.04 (0.80x)
GTree Insert 44.23 29.37 25.83 19.49
17.03
QTree Insert 46.87 (1.06x) 25.62 (0.87x) 24.29 (0.94x) 16.83
(0.86x) 12.97 (0.76x)
GTree Remove 53.27 35.15 31.43 24.64
16.70
QTree Remove 57.32 (1.08x) 41.76 (1.19x) 38.37 (1.22x) 29.30
(1.19x) 15.07 (0.90x)
GTree RemoveAll 135.44 127.52 126.72 120.11
64.34
QTree RemoveAll 127.15 (0.94x) 110.37 (0.87x) 107.97 (0.85x) 97.13
(0.81x) 55.10 (0.86x)
GTree Traverse 277.71 276.09 272.78 246.72
98.47
QTree Traverse 370.33 (1.33x) 411.97 (1.49x) 400.23 (1.47x) 262.82
(1.07x) 78.52 (0.80x)
------------------------------------------------------------------------------------------------
As a sanity check, the same benchmark when Glib's version
is >= (i.e. QTree == GTree):
Tree Op 32 1024 4096 131072
1048576
------------------------------------------------------------------------------------------------
GTree Lookup 82.72 43.09 24.18 19.73
16.09
QTree Lookup 81.82 (0.99x) 43.10 (1.00x) 24.20 (1.00x) 19.76
(1.00x) 16.26 (1.01x)
GTree Insert 45.07 29.62 26.34 19.90
17.18
QTree Insert 45.72 (1.01x) 29.60 (1.00x) 26.38 (1.00x) 19.71
(0.99x) 17.20 (1.00x)
GTree Remove 54.48 35.36 31.77 24.97
16.95
QTree Remove 54.46 (1.00x) 35.32 (1.00x) 31.77 (1.00x) 24.91
(1.00x) 17.15 (1.01x)
GTree RemoveAll 140.68 127.36 125.43 121.45
68.20
QTree RemoveAll 140.65 (1.00x) 127.64 (1.00x) 125.01 (1.00x) 121.73
(1.00x) 67.06 (0.98x)
GTree Traverse 278.68 276.05 266.75 251.65
104.93
QTree Traverse 278.31 (1.00x) 275.78 (1.00x) 266.42 (1.00x) 247.89
(0.99x) 104.58 (1.00x)
------------------------------------------------------------------------------------------------
Related: #285
Change-Id: I5eee4511a911a39a9c4739fee3df78d8d0414233
Signed-off-by: Emilio Cota <cota@braap.org>
biao716.wang [Sat, 29 Jan 2022 08:13:17 +0000 (17:13 +0900)]
fix ldd run crash issue in aarch64
for example: build package gobject-introspection build error in aarch64
Change-Id: Ib9900c63100afbe396d36f0504f1dcb035752dcb
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Sat, 29 Jan 2022 07:33:41 +0000 (16:33 +0900)]
remove changelog section
Change-Id: Iabfc5ffc59de78046d6d9ee459fc2d65a8343a47
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Thu, 9 Dec 2021 07:07:01 +0000 (16:07 +0900)]
Fix .NET SEHException issue
refer to https://gitlab.com/qemu-project/qemu/-/issues/271
Change-Id: Ia8218fd963075448b55b7a5a705c6f35a722ada4
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Tue, 30 Nov 2021 08:40:26 +0000 (17:40 +0900)]
Applying pathces from tizen
1. packaging: mic-bootstrap link issue
5da1458d0040b2f758b3d5cd02218e10ac8e61b7
2. Add compatibility symlinks:
6b2685ec84dc5ab8a7eee3a3eb3df36f6ab93094
3. binfmt: translate symbolic links correctly with realpath:
cac56c4878d27ef636188093ba133729519cc22e
Change-Id: Ic8a28dc726825ec124a0a88d95a4b07a92fe7208
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Tue, 30 Nov 2021 01:40:10 +0000 (10:40 +0900)]
Add baselibs.conf file
patch stub-out-the-SAN-req-s-in-int13.patch has already been applied.
Change-Id: Iec5865645b5499b2f841d951dbc7907b1ce10159
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Tue, 30 Nov 2021 01:14:12 +0000 (10:14 +0900)]
revert the patch from openSUSE15.3 qemu roms-Makefile-add-cross-file-to-qboot-me.patch
%ifarch aarch64
%patch00079 -p1
%endif
if arch is aarch64, then will applay this patch
Change-Id: I0dc17a8545f9899aaa797eb3dc485c262d6dc2d4
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Mon, 29 Nov 2021 08:35:44 +0000 (17:35 +0900)]
change qemu package to enable qemu-linux-user build
Change-Id: I9a89de8e327a678a026bfbc80ca5d9acf93ce07e
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Mon, 29 Nov 2021 07:54:08 +0000 (16:54 +0900)]
Include-If: %ifarch aarch64 in spec file
We conditionally add a --cross-file reference so that we can do
cross compilation of qboot from an aarch64 build.x
Change-Id: I0831776821c3693370636925754f085646236092
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Mon, 29 Nov 2021 07:16:33 +0000 (16:16 +0900)]
fix spec file
rollback the change for non-aarch64 arch
Change-Id: I80e84f047b64755361c8f6afa062c43c417364b5
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
biao716.wang [Fri, 26 Nov 2021 02:27:00 +0000 (11:27 +0900)]
Use internal slirp, build without liburing and add qemu-linux-user.spec file
Change-Id: I85e0a9865d7178ba0c1c98491287feee21f776ec
Signed-off-by: biao716.wang <biao716.wang@samsung.com>
SoonKyu Park [Tue, 23 Nov 2021 04:46:22 +0000 (13:46 +0900)]
Autoremove imported patches from packaging
Removed all imported patches from qemu.spec
and patch files from the packaging dir.
Change-Id: Ib0ed124143fe6482e2ff28ad42ee5ee42a43c7b4
Bruce Rogers [Fri, 5 Mar 2021 20:25:44 +0000 (13:25 -0700)]
brotli: fix actual variable-array parameters to match declaration
References: boo#1181922
GCC 11 complains about the mismatch between the variable-array
parameters not being defined as such in the actual function definition.
Make them match.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Mon, 23 Nov 2020 14:06:37 +0000 (07:06 -0700)]
qboot: add cross.ini file to handle aarch64 based build
Signed-off-by: Bruce Rogers <brogers@suse.com>
Stefan Brüns [Mon, 5 Aug 2019 20:03:11 +0000 (20:03 +0000)]
Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH timestamp)
Signed-off-by: Bruce Rogers <brogers@suse.com
Bruce Rogers [Thu, 27 Jun 2019 15:38:43 +0000 (09:38 -0600)]
roms/sgabios: Fix csum8 to be built by host compiler
Signed-off-by: Bruce Rogers <brogers@suse.com
Bruce Rogers [Thu, 27 Jun 2019 16:15:24 +0000 (10:15 -0600)]
sgabios:Makefile: fix issues of build reproducibility
It is desirable to produce the same bits on subsequent
builds when the actual code of the package doesn't
change. (bsc#1011213)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bruce Rogers [Fri, 14 Aug 2020 00:23:35 +0000 (18:23 -0600)]
help compiler out by initializing array
The pre-release gcc 11 compiler is complaining that result_raw in
bigint_test_exec is flagged as possibly being uninitialized when used
(-Werror=maybe-uninitialized). Help the compiler by initializing the
array.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 27 Jun 2019 16:15:24 +0000 (10:15 -0600)]
ipxe:Makefile: fix issues of build reproducibility
References: bsc#1011213
It is desirable to produce the same bits on subsequent
builds when the actual code of the package doesn't
change. (bsc#1011213)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Mon, 24 Jul 2017 16:44:24 +0000 (10:44 -0600)]
stub out the SAN req's in int13
Include-If: %if 0%{?patch-possibly-applied-elsewhere}
We need to find some code or data to change so we can make the rom fit
into the legacy size requirements. Comment out SAN support, and
hopefully nobody will be impacted.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Tue, 16 Feb 2021 18:29:41 +0000 (11:29 -0700)]
Add missing AR5K_EEPROM_READ in ath5k_eeprom_read_turbo_modes
Git-commit:
19d0fab40f07eeea7fe6b9e0d4e8d4b0c2de215f
References: boo#1181922
The GCC11 compiler pointed out something that apparently no previous
compiler noticed: in ath5k_eeprom_pread_turbo_modes, local variable
val is used uninitialized. From what I can see, the code is just
missing an initial AR5K_EEPROM_READ. Add it right before the switch
statement.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Bruce Rogers [Thu, 4 Feb 2021 18:06:47 +0000 (11:06 -0700)]
build: be explicit about -mx86-used-note=no
binutils v2.36 switched the default for the assembler's -mx86-used-note,
which caused breakage building seavgabios as follows:
ld: section .note.gnu.property LMA [
0000000000000000,
0000000000000027]
overlaps section .text LMA [
0000000000000000,
0000000000006e87]
Fix by explicitly specifying -mx86-used-note=no to assembler in seabios'
Makefile (boo#1181775)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Mon, 26 Aug 2019 19:28:57 +0000 (13:28 -0600)]
enable cross compilation on ARM
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 27 Jun 2019 16:15:24 +0000 (10:15 -0600)]
seabios: switch to python3 as needed
Switch to python3 the places where "python2" is explicitly referenced.
(Ignore the uses of #!/usr/bin/env python, since that usage does the
right thing in our build environment).
Include changes proposed by the python3 2to3 tool.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 27 Jun 2019 16:15:24 +0000 (10:15 -0600)]
seabios: use python2 explicitly as needed
Switch to python2 the places where "python" is explicitly referenced.
(Ignore the uses of #!/usr/bin/env python, since that usage does the
right thing in our build environment).
Signed-off-by: Bruce Rogers <brogers@suse.com>
Li Qiang [Sun, 16 May 2021 03:04:03 +0000 (20:04 -0700)]
vhost-user-gpu: abstract vg_cleanup_mapping_iov
Git-commit:
3ea32d1355d446057c17458238db2749c52ee8f0
References: CVE-2021-3546 bsc#1185981
CVE-2021-3545 bsc#1185990
CVE-2021-3544 bsc#1186010
Currently in vhost-user-gpu, we free resource directly in
the cleanup case of resource. If we change the cleanup logic
we need to change several places, also abstruct a
'vg_create_mapping_iov' can be symmetry with the
'vg_create_mapping_iov'. This is like what virtio-gpu does,
no function changed.
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-9-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Li Qiang [Sun, 16 May 2021 03:04:02 +0000 (20:04 -0700)]
vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546)
Git-commit:
9f22893adcb02580aee5968f32baa2cd109b3ec2
References: CVE-2021-3546 bsc#1185981
If 'virgl_cmd_get_capset' set 'max_size' to 0,
the 'virgl_renderer_fill_caps' will write the data after the 'resp'.
This patch avoid this by checking the returned 'max_size'.
virtio-gpu fix:
abd7f08b23 ("display: virtio-gpu-3d: check
virgl capabilities max_size")
Fixes: CVE-2021-3546
Reported-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-8-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Li Qiang [Sun, 16 May 2021 03:04:01 +0000 (20:04 -0700)]
vhost-user-gpu: fix leak in 'virgl_resource_attach_backing' (CVE-2021-3544)
Git-commit:
63736af5a6571d9def93769431e0d7e38c6677bf
References: CVE-2021-3544 bsc#1186010
If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will
be leaked.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix:
33243031da ("virtio-gpu-3d: fix memory leak
in resource attach backing")
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-7-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
[jrz: tweak title to not break spec file]
Li Qiang [Sun, 16 May 2021 03:04:00 +0000 (20:04 -0700)]
vhost-user-gpu: fix leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)
Git-comit:
f6091d86ba9ea05f4e111b9b42ee0005c37a6779
References: CVE-2021-3544 bsc#1186010
The 'res->iov' will be leaked if the guest trigger following sequences:
virgl_cmd_create_resource_2d
virgl_resource_attach_backing
virgl_cmd_resource_unref
This patch fixes this.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix:
5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref"
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-6-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
[jrz: tweaked title to not break spec file]
Li Qiang [Sun, 16 May 2021 03:03:59 +0000 (20:03 -0700)]
vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544)
Git-commit:
b7afebcf9e6ecf3cf9b5a9b9b731ed04bca6aa3e
References: CVE-2021-3544 bsc#1186010
If the guest trigger following sequences, the attach_backing will be leaked:
vg_resource_create_2d
vg_resource_attach_backing
vg_resource_unref
This patch fix this by freeing 'res->iov' in vg_resource_destroy.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix:
5e8e3c4c75 ("virtio-gpu: fix resource leak
in virgl_cmd_resource_unref")
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-5-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Li Qiang [Sun, 16 May 2021 03:03:58 +0000 (20:03 -0700)]
vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544)
Git-commit:
b9f79858a614d95f5de875d0ca31096eaab72c3b
References: CVE-2021-3544 bsc#1186010
Check whether the 'res' has already been attach_backing to avoid
memory leak.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix:
204f01b309 ("virtio-gpu: fix memory leak
in resource attach backing")
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-4-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Li Qiang [Sun, 16 May 2021 03:03:57 +0000 (20:03 -0700)]
vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)
Git-commit:
86dd8fac2acc366930a5dc08d3fb1b1e816f4e1e
References: CVE-2021-3544 bsc#1186010
Call 'vugbm_buffer_destroy' in error path to avoid resource leak.
Fixes: CVE-2021-3544
Reported-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-3-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Li Qiang [Sun, 16 May 2021 03:03:56 +0000 (20:03 -0700)]
vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545)
Git-commit:
121841b25d72d13f8cad554363138c360f1250ea
References: CVE-2021-3545 bsc#1185990
Otherwise some of the 'resp' will be leaked to guest.
Fixes: CVE-2021-3545
Reported-by: Li Qiang <liq3ea@163.com>
virtio-gpu fix:
42a8dadc74 ("virtio-gpu: fix information leak
in getting capset info dispatch")
Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210516030403.107723-2-liq3ea@163.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Marc Hartmayer [Fri, 16 Apr 2021 07:47:36 +0000 (09:47 +0200)]
pc-bios/s390-ccw: don't try to read the next block if end of chunk is reached
Git-commit:
a6625d38cce3901a7c1cba069f0abcf743a293f1
References: bsc#1186290
Don't read the block if a null block number is reached, because this means that
the end of chunk is reached.
Reviewed-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Message-Id: <
20210416074736.17409-1-mhartmay@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Bruce Rogers [Tue, 26 Jan 2021 05:09:27 +0000 (22:09 -0700)]
qom: handle case of chardev-spice module unavailability
When qemu is built with modules, but a given module doesn't load
qemu should handle that gracefully. When chardev-spice.so isn't
able to be loaded and qemu is invoked with -display spice-app,
qemu will reach an abort call. Explicitly detect these conditions
and error out in a normal way before we reach the abort.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 21 Jan 2021 23:34:32 +0000 (16:34 -0700)]
module: for virtio-gpu, pre-load module to avoid abort on missing module
If the hw-display-virtio-gpu module is not loadable when the virtio-gpu
device is referenced either on the command line or the monitor, qemu
will call abort. We can fail gracefully by moving the attempted module
load to a context better situated to handle errors properly. (bsc#1181103)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 3 Dec 2020 23:48:13 +0000 (16:48 -0700)]
usb: Help compiler out to avoid a warning on x86 compilation
Include-If: %ifarch %arm %ix86 ppc
There is an assert present which already should give the compiler
enough information about the value of i as used in the snprintf,
but if I remember right, for x86, because memory is tighter some of
the compiler smarts are turned off, so we get the uninformed warning
there and not on other archs. So on x86 only we'll add some code to
help the compiler out, so we can again compile qemu with
--enable-werror.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Mon, 23 Nov 2020 14:13:23 +0000 (07:13 -0700)]
roms/Makefile: add --cross-file to qboot meson setup for aarch64
Include-If: %ifarch aarch64
We conditionally add a --cross-file reference so that we can do
cross compilation of qboot from an aarch64 build.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Mon, 19 Oct 2020 21:05:15 +0000 (15:05 -0600)]
Makefile: Don't check pc-bios as pre-requisite for config-host.mak
This check isn't needed when we know this is a fresh build, which of
course it is when we are building the qemu packages.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Mon, 14 Sep 2020 20:15:00 +0000 (14:15 -0600)]
Revert "roms/efirom, tests/uefi-test-tools: update edk2's own submodules first"
This reverts commit
ec87b5daca761039bbcf781eedbe4987f790836f.
No need. In our build system submodules are checked out.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Fri, 28 Aug 2020 19:50:40 +0000 (13:50 -0600)]
meson: install ivshmem-client and ivshmem-server
Turn on the meson install flag for these executables
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 13 Aug 2020 19:16:13 +0000 (13:16 -0600)]
qht: Revert some constification in qht.c
This change partially addresses https://bugs.launchpad.net/qemu/+bug/1886155
where a pre-release gcc 11 warns about const qualifier abuse.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 13 Aug 2020 19:07:56 +0000 (13:07 -0600)]
Revert "qht: constify qht_statistics_init"
This reverts commit
6579f10779b5b5ed2e978e7b8cae7bcbf8665254.
This change partially addresses https://bugs.launchpad.net/qemu/+bug/1886155
where a pre-release gcc 11 warns about const qualifier abuse.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 13 Aug 2020 20:03:29 +0000 (14:03 -0600)]
s390x: Fix stringop-truncation issue reported by gcc 11
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Tue, 28 Apr 2020 15:53:49 +0000 (09:53 -0600)]
docs: add SUSE support statements to html docs
Include-If: %if %{legacy_qemu_kvm}
We can fairly easily produce an html version of our support statements.
Now that qemu includes fairly good html-based documentation, leverage it
to expose our SUSE specific in-package support documentation.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Fri, 17 Apr 2020 19:07:37 +0000 (13:07 -0600)]
configure: remove $pkgversion from CONFIG_STAMP input to broaden compatibility
As part of the effort to close the gap with Leap I think we are fine
removing the $pkgversion component to creating a unique CONFIG_STAMP.
This stamp is only used in creating a unique symbol used in ensuring the
dynamically loaded modules correspond correctly to the loading qemu.
The default inputs to producing this unique symbol are somewhat reasonable
as a generic mechanism, but specific packaging and maintenance practices
might require the default to be modified for best use. This is an example
of that.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Sat, 5 Oct 2019 15:09:42 +0000 (09:09 -0600)]
test: add mapping from arch of i686 to qemu_arch=i386
While we don't specifically set QEMU_PROG, the code which detects the
host architecture needs a little help mapping the output of uname -m to
what the qemu project uses to reference that architecture.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 20 Jun 2019 23:58:37 +0000 (17:58 -0600)]
roms: change cross compiler naming to be suse specific
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Wed, 29 May 2019 15:59:02 +0000 (09:59 -0600)]
pc-bios/s390-ccw/net: avoid warning about packed structure members
This is hopefully temporary. Simply disable the warning about taking
the address of packed structure members which is new in gcc9.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Tue, 28 May 2019 20:23:37 +0000 (14:23 -0600)]
configure: only populate roms if softmmu
Currently roms are mistakenly getting built in a linux-user only
configuration. Add check for softmmu in all places where our list of
roms is being added to.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Wed, 15 May 2019 19:32:01 +0000 (13:32 -0600)]
hw/intc/exynos4210_gic: provide more room when formatting alias names
sprintf related parameter validation complains about the size of the
buffer being written to in exynos4210_gic_realize(). Provide a bit more
space to avoid the following warning:
/home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c: In function 'exynos4210_gic_realize':
/home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c:316:36: error: '%x' directive writing between 1 and 7 bytes into a region of size between 4 and 28 [-Werror=format-overflow=]
316 | sprintf(cpu_alias_name, "%s%x", cpu_prefix, i);
| ^~
/home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c:316:33: note: directive argument in the range [0,
29020050]
316 | sprintf(cpu_alias_name, "%s%x", cpu_prefix, i);
| ^~~~~~
In file included from /usr/include/stdio.h:867,
from /home/abuild/rpmbuild/BUILD/qemu-4.0.0/include/qemu/osdep.h:99,
from /home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c:23:
/usr/include/bits/stdio2.h:36:10: note: '__builtin___sprintf_chk' output between 2 and 32 bytes into a destination of size 28
36 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
37 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c:326:37: error: '%x' directive writing between 1 and 7 bytes into a region of size between 3 and 28 [-Werror=format-overflow=]
326 | sprintf(dist_alias_name, "%s%x", dist_prefix, i);
| ^~
/home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c:326:34: note: directive argument in the range [0,
29020050]
326 | sprintf(dist_alias_name, "%s%x", dist_prefix, i);
| ^~~~~~
In file included from /usr/include/stdio.h:867,
from /home/abuild/rpmbuild/BUILD/qemu-4.0.0/include/qemu/osdep.h:99,
from /home/abuild/rpmbuild/BUILD/qemu-4.0.0/hw/intc/exynos4210_gic.c:23:
/usr/include/bits/stdio2.h:36:10: note: '__builtin___sprintf_chk' output between 2 and 33 bytes into a destination of size 28
36 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
37 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Tue, 12 Mar 2019 04:02:37 +0000 (22:02 -0600)]
tests: change error message in test 162
Since we have a quite restricted execution environment, as far as
networking is concerned, we need to change the error message we expect
in test 162. There is actually no routing set up so the error we get is
"Network is unreachable". Change the expected output accordingly.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Olaf Hering [Tue, 8 Jan 2019 13:20:08 +0000 (14:20 +0100)]
xen: ignore live parameter from xen-save-devices-state
References: bsc#1079730, bsc#1101982, bsc#1063993
The final step of xl migrate|save for an HVM domU is saving the state of
qemu. This also involves releasing all block devices. While releasing
backends ought to be a separate step, such functionality is not
implemented.
Unfortunately, releasing the block devices depends on the optional
'live' option. This breaks offline migration with 'virsh migrate domU
dom0' because the sending side does not release the disks, as a result
the receiving side can not properly claim write access to the disks.
As a minimal fix, remove the dependency on the 'live' option. Upstream
may fix this in a different way, like removing the newly added 'live'
parameter entirely.
Fixes:
5d6c599fe1 ("migration, xen: Fix block image lock issue on live migration")
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Tue, 15 Oct 2019 17:16:14 +0000 (11:16 -0600)]
tests: Fix block tests to be compatible with membarrier configuration
The use of membarriers collides with the block test's practice of
SIGKILLing test vm's. Have them quit politely. Tests: 130, 153 - and
though test 161 seems to have the same issue, it is not yet fixed, but
just marked here as possibly needing a fix.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Tue, 20 Nov 2018 22:46:41 +0000 (15:46 -0700)]
tests/qemu-iotests: Triple timeout of i/o tests due to obs environment
Executing tests in obs is very fickle, since you aren't guaranteed
reliable cpu time. Triple the timeout for each test to help ensure
we don't fail a test because the stars align against us.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Wed, 16 Jan 2019 23:29:36 +0000 (16:29 -0700)]
xen: add block resize support for xen disks
Provide monitor naming of xen disks, and plumb guest driver
notification through xenstore of resizing instigated via the
monitor.
[BR: minor edits to pass qemu's checkpatch script]
[BR: significant rework needed due to upstream xen disk qdevification]
[BR: At this point, monitor_add_blk call is all we need to add!]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Sat, 6 Apr 2019 03:10:30 +0000 (21:10 -0600)]
hw/smbios: handle both file formats regardless of machine type
References: bsc#994082, bsc#1084316, boo#1131894
It's easy enough to handle either per-spec or legacy smbios structures
in the smbios file input without regard to the machine type used, by
simply applying the basic smbios formatting rules. then depending on
what is detected. terminal numm bytes are added or removed for machine
type specific processing.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Thu, 25 Jan 2018 21:16:10 +0000 (14:16 -0700)]
Make installed scripts explicitly python3
References: bsc#1077564
We want to explicitly reference python3 in the scripts we install.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Andreas Färber [Wed, 31 Jul 2013 15:32:35 +0000 (17:32 +0200)]
acpi_piix4: Fix migration from SLE11 SP2
References: bnc#812836
qemu-kvm 0.15 uses the same GPE format as qemu 1.4, but as version 2
rather than 3.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Wed, 31 Jul 2013 15:05:29 +0000 (17:05 +0200)]
i8254: Fix migration from SLE11 SP2
References: bnc#812836
qemu-kvm 0.15 had a VMSTATE_UINT32(flags, PITState) field that
qemu 1.4 does not have.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bruce Rogers [Fri, 17 May 2013 22:49:58 +0000 (16:49 -0600)]
increase x86_64 physical bits to 42
Allow for guests with higher amounts of ram. The current thought
is that 2TB specified on qemu commandline would be an appropriate
limit. Note that this requires the next higher bit value since
the highest address is actually more than 2TB due to the pci
memory hole.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Andreas Färber [Sun, 15 Jan 2012 18:53:49 +0000 (19:53 +0100)]
Raise soft address space limit to hard limit
For SLES we want users to be able to use large memory configurations
with KVM without fiddling with ulimit -Sv.
Signed-off-by: Andreas Färber <afaerber@suse.de>
[BR: add include for sys/resource.h]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bruce Rogers [Sat, 19 Nov 2016 15:06:30 +0000 (08:06 -0700)]
roms/Makefile: pass a packaging timestamp to subpackages with date info
References: bsc#1011213
Certain rom subpackages build from qemu git-submodules call the date
program to include date information in the packaged binaries. This
causes repeated builds of the package to be different, wkere the only
real difference is due to the fact that time build timestamp has
changed. To promote reproducible builds and avoid customers being
prompted to update packages needlessly, we'll use the timestamp of the
VERSION file as the packaging timestamp for all packages that build in a
timestamp for whatever reason.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Andreas Schwab [Fri, 12 Aug 2016 16:20:49 +0000 (18:20 +0200)]
qemu-binfmt-conf: use qemu-ARCH-binfmt
Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bruce Rogers [Tue, 2 Aug 2016 17:36:02 +0000 (11:36 -0600)]
qemu-bridge-helper: reduce security profile
References: boo#988279
Change from using glib alloc and free routines to those
from libc. Also perform safety measure of dropping privs
to user if configured no-caps.
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Bruce Rogers [Wed, 9 Mar 2016 22:18:11 +0000 (15:18 -0700)]
xen_disk: Add suse specific flush disable handling and map to QEMU equiv
Add code to read the suse specific suse-diskcache-disable-flush flag out
of xenstore, and set the equivalent flag within QEMU.
Patch taken from Xen's patch queue, Olaf Hering being the original author.
[bsc#879425]
[BR: minor edits to pass qemu's checkpatch script]
[BR: With qdevification of xen-block, code has changed significantly]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Alexander Graf [Wed, 14 Jan 2015 00:32:11 +0000 (01:32 +0100)]
AIO: Reduce number of threads for 32bit hosts
On hosts with limited virtual address space (32bit pointers), we can very
easily run out of virtual memory with big thread pools.
Instead, we should limit ourselves to small pools to keep memory footprint
low on those systems.
This patch fixes random VM stalls like
(process:25114): GLib-ERROR **: gmem.c:103: failed to allocate 1048576 bytes
on 32bit ARM systems for me.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Thu, 13 Dec 2012 13:29:22 +0000 (14:29 +0100)]
linux-user: lseek: explicitly cast non-set offsets to signed
When doing lseek, SEEK_SET indicates that the offset is an unsigned variable.
Other seek types have parameters that can be negative.
When converting from 32bit to 64bit parameters, we need to take this into
account and enable SEEK_END and SEEK_CUR to be negative, while SEEK_SET stays
absolute positioned which we need to maintain as unsigned.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Thu, 1 Apr 2010 15:36:23 +0000 (17:36 +0200)]
Make char muxer more robust wrt small FIFOs
Virtio-Console can only process one character at a time. Using it on S390
gave me strange "lags" where I got the character I pressed before when
pressing one. So I typed in "abc" and only received "a", then pressed "d"
but the guest received "b" and so on.
While the stdio driver calls a poll function that just processes on its
queue in case virtio-console can't take multiple characters at once, the
muxer does not have such callbacks, so it can't empty its queue.
To work around that limitation, I introduced a new timer that only gets
active when the guest can not receive any more characters. In that case
it polls again after a while to check if the guest is now receiving input.
This patch fixes input when using -nographic on s390 for me.
[AF: Rebased for v2.7.0-rc2]
[BR: minor edits to pass qemu's checkpatch script]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Alexander Graf [Tue, 9 Oct 2012 07:06:49 +0000 (09:06 +0200)]
linux-user: use target_ulong
Linux syscalls pass pointers or data length or other information of that sort
to the kernel. This is all stuff you don't want to have sign extended.
Otherwise a host 64bit variable parameter with a size parameter will extend
it to a negative number, breaking lseek for example.
Pass syscall arguments as ulong always.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Mon, 23 Jul 2012 08:24:14 +0000 (10:24 +0200)]
linux-user: Fake /proc/cpuinfo
Fedora 17 for ARM reads /proc/cpuinfo and fails if it doesn't contain
ARM related contents. This patch implements a quick hack to expose real
/proc/cpuinfo data taken from a real world machine.
The real fix would be to generate at least the flags automatically based
on the selected CPU. Please do not submit this patch upstream until this
has happened.
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased for v1.6 and v1.7]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Thu, 2 Feb 2012 17:02:33 +0000 (18:02 +0100)]
linux-user: binfmt: support host binaries
When we have a working host binary equivalent for the guest binary we're
trying to run, let's just use that instead as it will be a lot faster.
Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Fri, 6 Jan 2012 00:05:55 +0000 (01:05 +0100)]
PPC: KVM: Disable mmu notifier check
When using hugetlbfs (which is required for HV mode KVM on 970), we
check for MMU notifiers that on 970 can not be implemented properly.
So disable the check for mmu notifiers on PowerPC guests, making
KVM guests work there, even if possibly racy in some odd circumstances.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Alexander Graf [Fri, 30 Sep 2011 17:40:36 +0000 (19:40 +0200)]
linux-user: add binfmt wrapper for argv[0] handling
When using qemu's linux-user binaries through binfmt, argv[0] gets lost
along the execution because qemu only gets passed in the full file name
to the executable while argv[0] can be something completely different.
This breaks in some subtile situations, such as the grep and make test
suites.
This patch adds a wrapper binary called qemu-$TARGET-binfmt that can be
used with binfmt's P flag which passes the full path _and_ argv[0] to
the binfmt handler.
The binary would be smart enough to be versatile and only exist in the
system once, creating the qemu binary path names from its own argv[0].
However, this seemed like it didn't fit the make system too well, so
we're currently creating a new binary for each target archictecture.
CC: Reinhard Max <max@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
[AF: Rebased onto new Makefile infrastructure, twice]
[AF: Updated for aarch64 for v2.0.0-rc1]
[AF: Rebased onto Makefile changes for v2.1.0-rc0]
[AF: Rebased onto script rewrite for v2.7.0-rc2 - to be fixed]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Tue, 14 Apr 2009 14:27:36 +0000 (16:27 +0200)]
qemu-cvs-ioctl_nodirection
the direction given in the ioctl should be correct so we can assume the
communication is uni-directional. The alsa developers did not like this
concept though and declared ioctls IOC_R and IOC_W even though they were
IOC_RW.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
[BR: minor edits to pass qemu's checkpatch script]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Alexander Graf [Tue, 14 Apr 2009 14:26:33 +0000 (16:26 +0200)]
qemu-cvs-ioctl_debug
Extends unsupported ioctl debug output.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Ulrich Hecht <uli@suse.de>
[BR: minor edits to pass qemu's checkpatch script]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Ulrich Hecht [Tue, 14 Apr 2009 14:25:41 +0000 (16:25 +0200)]
qemu-cvs-gettimeofday
No clue what this is for.
[BR: minor edits to pass qemu's checkpatch script]
Signed-off-by: Bruce Rogers <brogers@suse.com>
Andreas Färber [Wed, 10 Aug 2016 17:00:24 +0000 (19:00 +0200)]
qemu-binfmt-conf: Modify default path
Change QEMU_PATH from /usr/local/bin to /usr/bin prefix.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Alexander Graf [Mon, 21 Nov 2011 22:50:36 +0000 (23:50 +0100)]
XXX dont dump core on sigabort
Signed-off-by: Bruce Rogers <brogers@suse.com>
Prasad J Pandit [Sat, 30 Jan 2021 13:16:52 +0000 (18:46 +0530)]
net: vmxnet3: validate configuration values during activate (CVE-2021-20203)
Git-commit:
0000000000000000000000000000000000000000
References: bsc#1181639
While activating device in vmxnet3_acticate_device(), it does not
validate guest supplied configuration values against predefined
minimum - maximum limits. This may lead to integer overflow or
OOB access issues. Add checks to avoid it.
Fixes: CVE-2021-20203
Buglink: https://bugs.launchpad.net/qemu/+bug/1913873
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Michael Tokarev [Mon, 19 Apr 2021 13:42:47 +0000 (15:42 +0200)]
mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392)
Git-commit:
3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
While processing SCSI i/o requests in mptsas_process_scsi_io_request(),
the Megaraid emulator appends new MPTSASRequest object 'req' to
the 's->pending' queue. In case of an error, this same object gets
dequeued in mptsas_free_request() only if SCSIRequest object
'req->sreq' is initialised. This may lead to a use-after-free issue.
Since s->pending is actually not used, simply remove it from
MPTSASState.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Message-id:
20210419134247.1467982-1-f4bug@amsat.org
Message-Id: <
20210416102243.1293871-1-mjt@msgid.tls.msk.ru>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
BugLink: https://bugs.launchpad.net/qemu/+bug/1914236
Fixes:
e351b826112 ("hw: Add support for LSI SAS1068 (mptsas) device")
[PMD: Reworded description, added more tags]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Philippe Mathieu-Daudé [Wed, 24 Mar 2021 13:54:43 +0000 (14:54 +0100)]
hw/isa/piix4: Migrate Reset Control Register
Git-commit:
62271205bcfaee440d06c06060ee79dac657caff
When adding the Reset register in commit
5790b757cfb we
forgot to migrate it.
While it is possible a VM using the PIIX4 is migrated just
after requesting a system shutdown, it is very unlikely.
However when restoring a migrated VM, we might have the
RCR bit #4 set on the stack and when the VM resume it
directly shutdowns.
Add a post_load() migration handler and set the default
RCR value to 0 for earlier versions, assuming the VM was
not going to shutdown before migration.
Fixes:
5790b757cfb ("piix4: Add the Reset Control Register")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <
20210324200334.729899-1-f4bug@amsat.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Philippe Mathieu-Daudé [Tue, 2 Mar 2021 08:00:42 +0000 (09:00 +0100)]
hw/isa/Kconfig: Add missing dependency VIA VT82C686 -> APM
Git-commit:
50fab4cc672233fee22fff2cf51543af57602c7d
TYPE_VIA_PM calls apm_init() in via_pm_realize(), so
requires APM to be selected.
Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Fixes:
dd0ff8191ab ("isa: express SuperIO dependencies with Kconfig")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210302080531.913802-1-f4bug@amsat.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Zenghui Yu [Fri, 2 Apr 2021 08:47:31 +0000 (16:47 +0800)]
hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} interrupts
Git-commit:
0c38f607836af40921ea2b58676b7c4a9fe33bef
The GSIV values in SMMUv3 IORT node are not correct as they don't match
the SMMUIrq enumeration, which describes the IRQ<->PIN mapping used by
our emulated vSMMU.
Fixes:
a703b4f6c1ee ("hw/arm/virt-acpi-build: Add smmuv3 node in IORT table")
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id:
20210402084731.93-1-yuzenghui@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Greg Kurz [Fri, 9 Apr 2021 16:03:39 +0000 (18:03 +0200)]
cpu/core: Fix "help" of CPU core device types
Git-commit:
0b47ec4b95ad1952e55e639711d442f8ec6e1345
Calling qdev_get_machine() from a QOM instance_init function is
fragile because we can't be sure the machine object actually
exists. And this happens to break when passing ",help" on the
command line to get the list of properties for a CPU core
device types :
$ ./qemu-system-ppc64 -device power8_v2.0-spapr-cpu-core,help
qemu-system-ppc64: ../../hw/core/machine.c:1290:
qdev_get_machine: Assertion `machine != NULL' failed.
Aborted (core dumped)
This used to work before QEMU 5.0, but commit
3df261b6676b
unwillingly introduced a subtle regression : the above command
line needs to create an instance but the instance_init function
of the base class calls qdev_get_machine() before
qemu_create_machine() has been called, which is a programming bug.
Use current_machine instead. It is okay to skip the setting of
nr_thread in this case since only its type is displayed.
Fixes:
3df261b6676b ("softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default machine'")
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Cc: peter.maydell@linaro.org
Message-Id: <
20210409160339.500167-3-groug@kaod.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Philippe Mathieu-Daudé [Wed, 7 Apr 2021 13:37:42 +0000 (15:37 +0200)]
hw/block/fdc: Fix 'fallback' property on sysbus floppy disk controllers
Git-commit:
da64789d3a16b2c5b5f1be9c75b00c2b8ae393a0
Setting the 'fallback' property corrupts the QOM instance state
(FDCtrlSysBus) because it accesses an incorrect offset (it uses
the offset of the FDCtrlISABus state).
Cc: qemu-stable@nongnu.org
Fixes:
a73275dd6fc ("fdc: Add fallback option")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210407133742.1680424-1-f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Stefano Garzarella [Mon, 29 Mar 2021 15:01:29 +0000 (17:01 +0200)]
block/rbd: Fix memory leak in qemu_rbd_co_create_opts()
Git-commit:
b084b420d9d6347dede328fbcf18c8e4c695f7e8
When we allocate 'q_namespace', we forgot to set 'has_q_namespace'
to true. This can cause several issues, including a memory leak,
since qapi_free_BlockdevCreateOptions() does not deallocate that
memory, as reported by valgrind:
13 bytes in 1 blocks are definitely lost in loss record 7 of 96
at 0x4839809: malloc (vg_replace_malloc.c:307)
by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x180010: qemu_rbd_co_create_opts (rbd.c:446)
by 0x1AE72C: bdrv_create_co_entry (block.c:492)
by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173)
by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so)
by 0x1FFEFFFA6F: ???
Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'.
Fixes:
19ae9ae014 ("block/rbd: Add support for ceph namespaces")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <
20210329150129.121182-3-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: Modified subject to acheive unique patchname]
Stefano Garzarella [Mon, 29 Mar 2021 15:01:28 +0000 (17:01 +0200)]
block/rbd: fix memory leak in qemu_rbd_connect()
Git-commit:
c1c1f6cf511496b985cb9a1c536d59c9be7b9317
In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
using g_strjoinv(), but it's only freed in the error path, leaking
memory in the success path as reported by valgrind:
80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
at 0x4839809: malloc (vg_replace_malloc.c:307)
by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
by 0x87D07E: qemu_rbd_connect (rbd.c:562)
by 0x87E1CE: qemu_rbd_open (rbd.c:740)
by 0x840EB1: bdrv_open_driver (block.c:1528)
by 0x8453A9: bdrv_open_common (block.c:1802)
by 0x8453A9: bdrv_open_inherit (block.c:3444)
by 0x8464C2: bdrv_open (block.c:3537)
by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
by 0x907EA4: aio_bh_poll (async.c:164)
Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.
Fixes:
0a55679b4a5061f4d74bdb1a0e81611ba3390b00
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <
20210329150129.121182-2-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Pierre Morel [Thu, 8 Apr 2021 16:32:09 +0000 (18:32 +0200)]
s390x: css: report errors from ccw_dstream_read/write
Git-commit:
d895d25ae2bb8519aa715dd2a97f09d4a66b189d
ccw_dstream_read/write functions returned values are sometime
not taking into account and reported back to the upper level
of interpretation of CCW instructions.
It follows that accessing an invalid address does not trigger
a subchannel status program check to the guest as it should.
Let's test the return values of ccw_dstream_write[_buf] and
ccw_dstream_read[_buf] and report it to the caller.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <
1617899529-9329-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Jason Wang [Tue, 6 Apr 2021 04:03:30 +0000 (12:03 +0800)]
virtio-pci: compat page aligned ATS
Git-commit:
d83f46d189a26fa32434139954d264326f199a45
Commit
4c70875372b8 ("pci: advertise a page aligned ATS") advertises
the page aligned via ATS capability (RO) to unbrek recent Linux IOMMU
drivers since 5.2. But it forgot the compat the capability which
breaks the migration from old machine type:
(qemu) qemu-kvm: get_pci_config_device: Bad config data: i=0x104 read:
0 device: 20 cmask: ff wmask: 0 w1cmask:0
This patch introduces a new parameter "x-ats-page-aligned" for
virtio-pci device and turns it on for machine type which is newer than
5.1.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Cc: qemu-stable@nongnu.org
Fixes:
4c70875372b8 ("pci: advertise a page aligned ATS")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <
20210406040330.11306-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Andrew Melnychenko [Thu, 3 Dec 2020 11:07:13 +0000 (13:07 +0200)]
hw/virtio-pci Added AER capability.
Git-commit:
fdfa3b1d6f9edd97c807df496a0d8e9ea49240da
Added AER capability for virtio-pci devices.
Also added property for devices, by default AER is disabled.
Signed-off-by: Andrew Melnychenko <andrew@daynix.com>
Message-Id: <
20201203110713.204938-3-andrew@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: needed for stable commit
d83f46d189a26fa32434139954d264326f199a45]
Andrew Melnychenko [Thu, 3 Dec 2020 11:07:12 +0000 (13:07 +0200)]
hw/virtio-pci Added counter for pcie capabilities offsets.
Git-commit:
06e97442420b03a1e0ff05e8eb554fac684ca736
Removed hardcoded offset for ats. Added cap offset counter
for future capabilities like AER.
Signed-off-by: Andrew Melnychenko <andrew@daynix.com>
Message-Id: <
20201203110713.204938-2-andrew@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
[BR: needed for stable commit
d83f46d189a26fa32434139954d264326f199a45]
Max Filippov [Tue, 30 Mar 2021 07:25:24 +0000 (00:25 -0700)]
target/xtensa: fix meson.build rule for xtensa cores
Git-commit:
84317d57e8c61ff68eeaa1f2de93472fa930a6a4
import_core.sh tries to change Makefile.objs when importing new xtensa
core, but that file no longer exists. Rewrite meson.build rule to pick
up all source files that match core-*.c pattern and drop commands that
change Makefile.objs.
Cc: qemu-stable@nongnu.org # v5.2.0
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Marc-André Lureau [Tue, 16 Mar 2021 13:44:56 +0000 (17:44 +0400)]
util: fix use-after-free in module_load_one
Git-commit:
64e16fbbf49ce81b37841480d14b0caf5753c98e
g_hash_table_add always retains ownership of the pointer passed in as
the key. Its return status merely indicates whether the added entry was
new, or replaced an existing entry. Thus key must never be freed after
this method returns.
Spotted by ASAN:
==2407186==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020003ac4f0 at pc 0x7ffff766659c bp 0x7fffffffd1d0 sp 0x7fffffffc980
READ of size 1 at 0x6020003ac4f0 thread T0
#0 0x7ffff766659b (/lib64/libasan.so.6+0x8a59b)
#1 0x7ffff6bfa843 in g_str_equal ../glib/ghash.c:2303
#2 0x7ffff6bf8167 in g_hash_table_lookup_node ../glib/ghash.c:493
#3 0x7ffff6bf9b78 in g_hash_table_insert_internal ../glib/ghash.c:1598
#4 0x7ffff6bf9c32 in g_hash_table_add ../glib/ghash.c:1689
#5 0x5555596caad4 in module_load_one ../util/module.c:233
#6 0x5555596ca949 in module_load_one ../util/module.c:225
#7 0x5555596ca949 in module_load_one ../util/module.c:225
#8 0x5555596cbdf4 in module_load_qom_all ../util/module.c:349
Typical C bug...
Fixes:
90629122d2e ("module: use g_hash_table_add()")
Cc: qemu-stable@nongnu.org
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20210316134456.3243102-1-marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Gerd Hoffmann [Wed, 17 Mar 2021 09:56:22 +0000 (10:56 +0100)]
s390x: modularize virtio-gpu-ccw
Git-commit:
adcf33a504de29feb720736051dc32889314c9e6
References: bsc#1181103
Since the virtio-gpu-ccw device depends on the hw-display-virtio-gpu
module, which provides the type virtio-gpu-device, packaging the
hw-display-virtio-gpu module as a separate package that may or may not
be installed along with the qemu package leads to problems. Namely if
the hw-display-virtio-gpu is absent, qemu continues to advertise
virtio-gpu-ccw, but it aborts not only when one attempts using
virtio-gpu-ccw, but also when libvirtd's capability probing tries
to instantiate the type to introspect it.
Let us thus introduce a module named hw-s390x-virtio-gpu-ccw that
is going to provide the virtio-gpu-ccw device. The hw-s390x prefix
was chosen because it is not a portable device.
With virtio-gpu-ccw built as a module, the correct way to package a
modularized qemu is to require that hw-display-virtio-gpu must be
installed whenever the module hw-s390x-virtio-gpu-ccw.
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <
20210317095622.2839895-4-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Gerd Hoffmann [Wed, 17 Mar 2021 09:56:21 +0000 (10:56 +0100)]
s390x: add have_virtio_ccw
Git-commit:
2dd9d8cfb4f3bd30d9cdfc2edba5cb7ee5917f4b
References: bsc#1181103
Introduce a symbol which can be used to prevent ccw modules
being loaded into system emulators without ccw support.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <
20210317095622.2839895-3-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Gerd Hoffmann [Wed, 17 Mar 2021 09:56:20 +0000 (10:56 +0100)]
s390x: move S390_ADAPTER_SUPPRESSIBLE
Git-commit:
d4c603d7be2e4173252c5b55e62d30ddd26edaca
References: bsc#1181103
The definition S390_ADAPTER_SUPPRESSIBLE was moved to "cpu.h", per
suggestion of Thomas Huth. From interface design perspective, IMHO, not
a good thing as it belongs to the public interface of
css_register_io_adapters(). We did this because CONFIG_KVM requeires
NEED_CPU_H and Thomas, and other commenters did not like the
consequences of that.
Moving the interrupt related declarations to s390_flic.h was suggested
by Cornelia Huck.
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <
20210317095622.2839895-2-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Gavin Shan [Thu, 18 Mar 2021 02:38:01 +0000 (10:38 +0800)]
hw/arm/virt: Disable pl011 clock migration if needed
Git-commit:
e6fa978d8343ec7cf20b9c8b2dcb390646242457
A clock is added by commit
aac63e0e6ea3 ("hw/char/pl011: add a clock
input") since v5.2.0 which corresponds to virt-5.2 machine type. It
causes backwards migration failure from upstream to downstream (v5.1.0)
when the machine type is specified with virt-5.1.
This fixes the issue by following instructions from section "Connecting
subsections to properties" in docs/devel/migration.rst. With this applied,
the PL011 clock is migrated based on the machine type.
virt-5.2 or newer: migration
virt-5.1 or older: non-migration
Cc: qemu-stable@nongnu.org # v5.2.0+
Fixes:
aac63e0e6ea3 ("hw/char/pl011: add a clock input")
Suggested-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id:
20210318023801.18287-1-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Anthony PERARD [Mon, 8 Mar 2021 14:32:32 +0000 (14:32 +0000)]
xen-block: Fix removal of backend instance via xenstore
Git-commit:
b807ca3fa0ca29ec015adcf4045e716337cd3635
Whenever a Xen block device is detach via xenstore, the image
associated with it remained open by the backend QEMU and an error is
logged:
qemu-system-i386: failed to destroy drive: Node xvdz-qcow2 is in use
This happened since object_unparent() doesn't immediately frees the
object and thus keep a reference to the node we are trying to free.
The reference is hold by the "drive" property and the call
xen_block_drive_destroy() fails.
In order to fix that, we call drain_call_rcu() to run the callback
setup by bus_remove_child() via object_unparent().
Fixes:
2d24a6466154 ("device-core: use RCU for list of children of a bus")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <
20210308143232.83388-1-anthony.perard@citrix.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Bin Meng [Wed, 3 Mar 2021 12:26:39 +0000 (20:26 +0800)]
hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] when a different block size is programmed
Git-commit:
cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085
References: bsc#1182282, CVE-2021-3409
If the block size is programmed to a different value from the
previous one, reset the data pointer of s->fifo_buffer[] so that
s->fifo_buffer[] can be filled in using the new block size in
the next transfer.
With this fix, the following reproducer:
outl 0xcf8 0x80001010
outl 0xcfc 0xe0000000
outl 0xcf8 0x80001001
outl 0xcfc 0x06000000
write 0xe000002c 0x1 0x05
write 0xe0000005 0x1 0x02
write 0xe0000007 0x1 0x01
write 0xe0000028 0x1 0x10
write 0x0 0x1 0x23
write 0x2 0x1 0x08
write 0xe000000c 0x1 0x01
write 0xe000000e 0x1 0x20
write 0xe000000f 0x1 0x00
write 0xe000000c 0x1 0x32
write 0xe0000004 0x2 0x0200
write 0xe0000028 0x1 0x00
write 0xe0000003 0x1 0x40
cannot be reproduced with the following QEMU command line:
$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 \
-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio
Cc: qemu-stable@nongnu.org
Fixes: CVE-2020-17380
Fixes: CVE-2020-25085
Fixes: CVE-2021-3409
Fixes:
d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum)
Reported-by: Sergej Schumilo (Ruhr-Universität Bochum)
Reported-by: Simon Wörner (Ruhr-Universität Bochum)
Buglink: https://bugs.launchpad.net/qemu/+bug/1892960
Buglink: https://bugs.launchpad.net/qemu/+bug/1909418
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <
20210303122639.20004-6-bmeng.cn@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
projects / platform / upstream / qemu.git / log