3.6 doesn't play keepaway with the socket object, so we don't need to go
fishing for it on this version. In fact, so long as 'sendmsg' is still
available, it's probably preferable to just use that method and only go
fishing for forbidden details when we absolutely have to.
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20211118204620.1897674-8-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
Despite all the previous fixes, it's still possible for
device-crash-test to wedge itself in the case that QEMU terminates *so
quickly* that it doesn't even begin a connection attempt to our QMP
client. Python will just joyfully wait ad infinitum for a connection
that will now never arrive.
The real fix is to use asyncio to simultaneously poll both the health of
the launched process AND the connection attempt. That's quite a bit more
invasive than just setting a connection timeout, though.
Do the very simplest thing for now.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 20211118204620.1897674-7-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
In the case that the QEMU process actually launches -- but then dies so
quickly that we can't establish a QMP connection to it -- QEMUMachine
currently calls _post_shutdown() assuming that it never launched the VM
process.
This isn't true, though: it "merely" may have failed to establish a QMP
connection and the process is in the middle of its own exit path.
If we don't wait for the subprocess, the caller may get a bogus `None`
return for .exitcode(). This behavior was observed from
device-crash-test; after the switch to Async QMP, the timings were
changed such that it was now seemingly possible to witness the failure
of "vm.launch()" *prior* to the exitcode becoming available.
The semantic of the `_launched` property is changed in this
patch. Instead of representing the condition "launch() executed
successfully", it will now represent "has forked a child process
successfully". This way, wait() when called in the exit path won't
become a no-op.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20211118204620.1897674-6-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
No need to clear them only to set them later.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20211118204620.1897674-5-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
If you create two instances of QEMUMachine(), they'll both create the
same nickname by default -- which is not that helpful.
Luckily, they'll both create unique temporary directories ... but due to
user configuration, they may share logging and sockfile directories,
meaning two instances can collide. The Python logging will also be quite
confusing, with no differentiation between the two instances.
Add an instance disambiguator (The memory address of the instance) to
the default nickname to foolproof this in all cases.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20211118204620.1897674-4-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
It doesn't matter if it was the user or the class itself that specified
where the sockfile should be created; the fact is that if we are using a
sockfile here, we created it and we can clean it up.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20211118204620.1897674-3-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
Analogous to temp_dir and log_dir, add a sock_dir property that defaults
to @temp_dir -- instead of base_temp_dir -- when the user hasn't
overridden the sock dir value in the initializer.
This gives us a much more unique directory to put sockfiles in by default.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20211118204620.1897674-2-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
* revert SMCCC/PSCI change, as it regresses some usecases for some boards
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmGbnjsZHHBldGVyLm1h
eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3qANEACGPK8M1HVvh2aVPlX+Dd2t
RCA7XyQTWlQaLqppe3II6blCjPKWRfmmaJzolRvjpZnp4z4fBYDd7QvHb0mDFLIu
nAyaLbtW103pDR1MaVs742tFVQCq7btE3FtNe0k6c9XbyNgGIGC7+Gzdx0jRMKFT
C2zkN99LaDjz0yPQfn7Y/Opzjxfv+wplf0sDlqrL1r4ALdt3BM9Sm4r4GPzkIlqT
BxxxB8FYwDWf746ounqsENDUt0yJ12zyh5xwvmQIu29cKuQqPSTTKASzljlK8Peg
KuWPuNzjwgiYkPZoNhRlmN9v2tokC5rkdRz4is4apiW761hBqMX02iLVOHGx61io
YddrimmaYUXLZrS7JCkvrXShFsbSExeSmg8yb/WvElInwJFao8x9EkKhtbfcFv9f
meivFGsDil/m1evzmwUR9W+pz95pcZp5Xoi17jQfv7jgq+/16JT6/vULZaK144tq
U/WnhIsDaVBQyjY9bGgUpA25hi+gW5Stk3uXHMk4wKLSWbqjqQIsXazAQCq5LtaY
3d+TgcHdsqsHMU77eMK80J4dObBMxsQ8hpXA+Vbd3ANdjbH1jy3yPMgcuGxbJZAg
5Eje5BCvBk8dk2pv20FFuSPbTKcr77UFCqW3eUG0Y04hBt+QpSSPeQzkAwjJTnQU
k1XestD9DjxjHBQrVvDF4A==
=gNAF
-----END PGP SIGNATURE-----
Merge tag 'pull-target-arm-20211122' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* revert SMCCC/PSCI change, as it regresses some usecases for some boards
# gpg: Signature made Mon 22 Nov 2021 02:42:19 PM CET
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
* tag 'pull-target-arm-20211122' of https://git.linaro.org/people/pmaydell/qemu-arm:
Revert "arm: tcg: Adhere to SMCCC 1.3 section 5.2"
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This reverts commit 9fcd15b919.
This change turns out to cause regressions, for instance on the
imx6ul boards as described here:
https://lore.kernel.org/qemu-devel/c8b89685-7490-328b-51a3-48711c140a84@tribudubois.net/
The primary cause of that regression is that the guest code running
at EL3 expects SMCs (not related to PSCI) to do what they would if
our PSCI emulation was not present at all, but after this change
they instead set a value in R0/X0 and continue.
We could fix that by a refactoring that allowed us to only turn on
the PSCI emulation if we weren't booting the guest at EL3, but there
is a more tangled problem with the highbank board, which:
(1) wants to enable PSCI emulation
(2) has a bit of guest code that it wants to run at EL3 and
to perform SMC calls that trap to the monitor vector table:
this is the boot stub code that is written to memory by
arm_write_secure_board_setup_dummy_smc() and which the
highbank board enables by setting bootinfo->secure_board_setup
We can't satisfy both of those and also have the PSCI emulation
handle all SMC instruction executions regardless of function
identifier value.
This is too tricky to try to sort out before 6.2 is released;
revert this commit so we can take the time to get it right in
the 7.0 release.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211119163419.557623-1-peter.maydell@linaro.org
To work correctly -dump-vmstate and vmstate-static-checker.py need to
dump all the supported vmstates.
But as some devices can be modules, they are not loaded at startup and not
dumped. Fix that by loading all available modules before dumping the
machine vmstate.
Fixes: 7ab6e7fcce ("qdev: device module support")
Cc: kraxel@redhat.com
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211116072840.132731-1-lvivier@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
vnc_server_cut_text_caps() is not guaranteed to be called only once.
If it called twice, we finally call notifier_list_add() twice with same
element. Which leads to loopback QLIST. So, on next
notifier_list_notify() we'll loop forever and QEMU stuck.
So, let's only register new notifier if it's not yet registered.
Note, that similar check is used in vdagent_chr_recv_caps() (before
call qemu_clipboard_peer_register()), and also before
qemu_clipboard_peer_unregister() call in vdagent_disconnect() and in
vnc_disconnect_finish().
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20211110103800.2266729-1-vsementsov@virtuozzo.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The dmabuf often becomes invalid right after unblocking pipeline
and graphic_hw_gl_flushed in case a new scanout blob is submitted
because the dmabuf associated with the current guest scanout is
freed after swapping.
So both graphic_hw_gl_block and graphic_hw_gl_flushed should be
executed after closing fence_fd for the current dmabuf.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-Id: <20211121172237.14937-1-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
target_mmap() can fail and return -1, but we don't check for that and
instead assume it's always valid.
Fixes: db2af69d6b ("linux-user: Add infrastructure for a signal trampoline page")
Cc: richard.henderson@linaro.org
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211121151711.331653-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
- Deprecate IF_NONE for SiFive OTP
- Don't reset SiFive OTP content
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmGbPewACgkQIeENKd+X
cFTl1Qf/dTZHH/bgzanGvoU6Wx3cnUUGZ/wRvYlk2+FJ4ZtZiSEo7DcGVv1qgX+v
z/2y6EhXWeuCDB/5fp6JDnwObMxDXwQm9huNzH4gM0JJgRZjXFnj2RLs/rD9OBs7
OWG7zs4xYxWuEW/4WFzrWYiLRBA1lc6f/NpLnP7pOv3PvNrc3ax8N34WH9sfAi4E
JYLnquBetNDsg9+0BEkXR8IJDI4fKfDEOWpptuWWNau3gnHeeRjEltAtvfWrQykK
ZaESAthuJ2i+zAfD6EK2dtH5XCWot6+0SdeopgTM2iLVHgBPNfgP9iAx25a1fXF0
SywYo03Jzu9wGvaYhzrjWZjn8OLJuA==
=d0D3
-----END PGP SIGNATURE-----
Merge tag 'pull-riscv-to-apply-20211122' of github.com:alistair23/qemu into staging
Seventh RISC-V PR for QEMU 6.2
- Deprecate IF_NONE for SiFive OTP
- Don't reset SiFive OTP content
# gpg: Signature made Mon 22 Nov 2021 07:51:24 AM CET
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
* tag 'pull-riscv-to-apply-20211122' of github.com:alistair23/qemu:
hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset
hw/misc/sifive_u_otp: Use IF_PFLASH for the OTP device instead of IF_NONE
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Once a "One Time Programmable" is programmed, it shouldn't be reset.
Do not re-initialize the OTP content in the DeviceReset handler,
initialize it once in the DeviceRealize one.
Fixes: 9fb45c62ae ("riscv: sifive: Implement a model for SiFive FU540 OTP")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20211119104757.331579-1-f4bug@amsat.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Configuring a drive with "if=none" is meant for creation of a backend
only, it should not get automatically assigned to a device frontend.
Use "if=pflash" for the One-Time-Programmable device instead (like
it is e.g. also done for the efuse device in hw/arm/xlnx-zcu102.c).
Since the old way of configuring the device has already been published
with the previous QEMU versions, we cannot remove this immediately, but
have to deprecate it and support it for at least two more releases.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20211119102549.217755-1-thuth@redhat.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Always allocate host storage; this ensures that the struct
is sufficiently aligned for the host. Merge the three host
implementations of getdents via a few ifdefs. Utilize the
same method for do_getdents64.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/704
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211114103539.298686-5-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
The host uint64_t (etc) does not have the correct
alignment constraint as the guest: use abi_* types.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211114103539.298686-4-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
We currently use a flexible array member for target_dirent,
but use incorrectly fixed length arrays for target_dirent64,
linux_dirent and linux_dirent64.
This requires that we adjust the definition of the VFAT READDIR
ioctls which hard-code the 256 namelen size into the ioctl constant.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211114103539.298686-3-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Retain all 3 implementations of getdents for now.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211114103539.298686-2-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
-----BEGIN PGP SIGNATURE-----
iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAmGaF+0eHG1hcmsuY2F2
ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIf8GsH/iEcrjlhzXUgpjZ/
PNsE/negj+HWJnmOeoXUKwB+C/+ppHSKnC4FBOgeA6YC5bkfkqm1rENkHlGOzBFt
PGO7t7T9jyskdyBYB0N5a/m9B0zVH0XE38OMCsv8rzZXr249QUg+3SLmcbdWTnj0
0KF2wK9tVYip3eL7RnRche4YKjgqCIWK9SpFsSZXvS6FS4yx/tnPTmnAPBOcp2rH
KF2Z/sC4O663C9sD4//ghH40OzsUn64TEOdZlMSADBfzE5kWcZN13B7EfVUJhAGF
6Xh0z4G6T1NMEKJeZByo1lcLvq+o+hhXOKmH4dA6rpz4iPraUEMRrIFpv8Nb7G6l
oppYkmI=
=2pFX
-----END PGP SIGNATURE-----
Merge tag 'qemu-sparc-20211121' of git://github.com/mcayland/qemu into staging
qemu-sparc queue
# gpg: Signature made Sun 21 Nov 2021 10:57:01 AM CET
# gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg: issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
* tag 'qemu-sparc-20211121' of git://github.com/mcayland/qemu:
escc: update the R_SPEC register SPEC_ALLSENT bit when writing to W_TXCTRL1
escc: always set STATUS_TXEMPTY in R_STATUS on device reset
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The ESCC datasheet states that SPEC_ALLSENT is always set in sync mode and set
in async mode once all characters have cleared the transmitter. Since writes to
SERIAL_DATA use a synchronous chardev API, the guest can never see the state when
transmission is in progress so it is possible to set SPEC_ALLSENT in the
R_SPEC register unconditionally.
This fixes a hang when using the Sun PROM as it attempts to enumerate the
onboard serial devices, and a similar hang in OpenBSD SPARC32 where in both cases
the boot process will not proceed until SPEC_ALLSENT has been set after writing
to W_TXCTRL1.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20211118181835.18497-3-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
The "Transmit Interrupts and Transmit Buffer Empty Bit" section of the ESCC
datasheet states the following about the STATUS_TXEMPTY bit: "After a hardware
reset (including a hardware reset by software), or a channel reset, this bit
is set to 1".
Update escc_reset() to set the STATUS_TXEMPTY bit in the R_STATUS register
on device reset as described which fixes a regression whereby the Sun PROM
checks this bit early on startup and gets stuck in an infinite loop if it is
not set.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20211118181835.18497-2-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmGXb2kUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroNkQggArLP8V1vL9XW9LJ6v4UdO4dp78MRb
mP5zZhzY6CZ9NnbLW3rtS8GLrQ7XJdHl4huVIckIF3HW+TOBas2gXOiyWdskZRFS
UGSoeejj2RHmTzBKWZN77G/GB0ElyKt3wvXeCEx0F8yiJXZhkw6n6tp3U/lGnic3
sJmniTBZ+m3GGtrAaEL11x8ITdtdGEE4uIhspqN8X0kU+WkSsklm8+GAORzMpWGq
Fqo46dd1C+st1GvbDOnghltYOEPPyKE6pZYOnZwB8X8hi01Ex53wXBXl98G8r8rt
qA6P0lc5Eh8E3M7xm+kJBw1XNSkxjQioJ1SElmQFW5w5rVtYVSDEsaL4MQ==
=3kjz
-----END PGP SIGNATURE-----
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Bugfixes for 6.2.
# gpg: Signature made Fri 19 Nov 2021 10:33:29 AM CET
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
chardev/wctable: don't free the instance in wctablet_chr_finalize
meson.build: Support ncurses on MacOS and OpenBSD
docs: Spell QEMU all caps
qtest/am53c974-test: add test for reset before transfer
esp: ensure that async_len is reset to 0 during esp_hard_reset()
nvmm: Fix support for stable version
meson: fix botched compile check conversions
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* fix pmu vmstate
* Fix compile of byte_reverse on new compilers
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmGXj0oACgkQUaNDx8/7
7KE2Yw//YonJIl8xqa179mC1RDRzVb7hFMYYmtcn0pbN732A4Fc3acXu29FyKJpR
91ZV/y4gMJKCFyH3KlSHuQD0Oe2tXE7PZk5sxzd0o8fElLmMr1nAmNoT8Udfm2y0
9IbnuPcGPz78fX6saN5MKlswHNuzDJGUpOzZjDkAjo3JZFbIg/YS76tMuc4GbkDH
tDWa0mCm+vmJVd5lD35I2iUcRwZcF2kH3DWbS95s0yg4x20YUclELDty35xDdXK4
wmTpgs2crMkP1ctWNkei+GOEzhmki7qcj+9iUJCV+2oLDWwUoVlXG0h4eke87/4d
x0y2eeqJYn4PcDR8X0wktUPd532hP9hFn6l26UVwZk1bHYQqWxg3JR32c18WkQlz
T2OhuEoTFUOJjTTReotZXdeZyaCsQkMUr7HL0y7p4hbvdGfdtCLNAgn5ppEWpb5+
dHRb7sKv613qUN1zaqb6Trepjn0MwEjrdnNJwoXXP+ALimKRCwcGsMlSGehmCyTI
kY2ZksQEq7z3TKCPi1VAS/gRbHBDn+FBGkptYv+N8xY1v+cmKpLogOsyLbACutZW
EhNDZC0YlqXZS2+OQ91SuNzhQZvARP88bVJFn29syFgS8WA6qoWihdRBXxkRFvFe
La8L3jwk5Z2kDLhdzp/NcZWv3ua210ITpt1/oSjtyJTUTQKeS+4=
=jJBv
-----END PGP SIGNATURE-----
Merge tag 'pull-ppc-20211119' of https://github.com/legoater/qemu into staging
ppc 6.2 queue:
* fix pmu vmstate
* Fix compile of byte_reverse on new compilers
# gpg: Signature made Fri 19 Nov 2021 12:49:30 PM CET
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-ppc-20211119' of https://github.com/legoater/qemu:
tests/tcg/ppc64le: Fix compile flags for byte_reverse
pmu: fix pmu vmstate subsection list
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Object is supposed to be freed by invoking obj->free, and not
obj->instance_finalize. This would lead to use-after-free followed by
double free in object_unref/object_finalize.
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20211117142349.836279-1-d-tatianin@yandex-team.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
MacOS provides header files for curses 5.7 with support
for wide characters, but requires _XOPEN_SOURCE_EXTENDED=1
to activate that.
By default those old header files are used even if there
is a newer Homebrew installation of ncurses 6.2 available.
Change also the old macro definition of NCURSES_WIDECHAR
and set it to 1 like it is done in newer versions of
curses.h when _XOPEN_SOURCE_EXTENDED=1 is defined.
OpenBSD has the same version of ncurses and needs the same fix.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Brad Smith <brad@comstyle.com>
Message-Id: <20211117205355.1392292-1-sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Based upon the qtest reproducer posted to Gitlab issue #724 at
https://gitlab.com/qemu-project/qemu/-/issues/724.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211118100327.29061-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If a reset command is sent after data has been transferred into the SCSI buffer
ensure that async_len is reset to 0. Otherwise a subsequent TI command assumes
the SCSI buffer contains data to be transferred to the device causing it to
dereference the stale async_buf pointer.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/724
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211118100327.29061-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
NVMM user version 1 is the version being shipped with netbsd-9,
which is the most recent stable branch of NetBSD. This makes it
possible to use the NVMM accelerator on the most recent NetBSD
release, 9.2, which lacks nvmm_cpu_stop.
(CC'ing maintainers)
Signed-off-by: Nia Alarie <nia@NetBSD.org>
Reviewed-by: Kamil Rytarowski <kamil@netbsd.org>
Message-Id: <YWblCe2J8GwCaV9U@homeworld.netbsd.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Version: GnuPG v1
iQEcBAABAgAGBQJhlx3cAAoJEO8Ells5jWIRS2QH/0o9xGF696ERTuxO4PtdEQRf
Em9HmPSB2yMQNrPfo6/P5PTyXfrPSi9LrDjw0JR7WmAI8JbYuxUm8D9iFwCdWwHk
SOKbShk+JPWD0j1C4DO40aXfelN+0yUa4bccvgr7vnt2LeZuJg7k4lG7U5GUdhHG
OWxqR8wC4+obkQYuPOxocOaoYgFfgNkOayVKPZkSW3wOKwRj8w8pMT31V2xKMkPH
OXeMiShbVKkcrBXZKxjQR3I0NWDJfjkYH2mcxq2uAHenzHuixd7LhbRiMtX991No
ckOz1kjCBooXUBG/uXmqW5zqiRr0h7CBXVekfhX3iZPkr6oMfj6VVGZj3KwTPXQ=
=m0td
-----END PGP SIGNATURE-----
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# gpg: Signature made Fri 19 Nov 2021 04:45:32 AM CET
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net/colo-compare.c: Fix incorrect return when input wrong size
net/colo-compare.c: Fix ACK track reverse issue
net: vmxnet3: validate configuration values during activate (CVE-2021-20203)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Change namespaces to be shared namespaces by default (parameter
shared=on). Keep shared=off for older machine types.
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
With commit 5ffbaeed16 ("hw/nvme: fix controller hot unplugging")
namespaces get moved from the controller to the subsystem if one
is specified.
That keeps the namespaces alive after a controller hot-unplug, but
after a controller hotplug we have to reconnect the namespaces
from the subsystem to the controller.
Fixes: 5ffbaeed16 ("hw/nvme: fix controller hot unplugging")
Cc: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Hannes Reinecke <hare@suse.de>
[k.jensen: only attach to shared and non-detached namespaces]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
The TCP protocol ACK maybe bigger than uint32_t MAX.
At this time, the ACK will reverse to 0. This patch
fix the max_ack and min_ack track issue.
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
While activating device in vmxnet3_acticate_device(), it does not
validate guest supplied configuration values against predefined
minimum - maximum limits. This may lead to integer overflow or
OOB access issues. Add checks to avoid it.
Fixes: CVE-2021-20203
Buglink: https://bugs.launchpad.net/qemu/+bug/1913873
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
- The 'sev-guest' object gains a boolean 'kernel-hashes' property
which must be enabled to request a measured kernel launch.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmGWViUACgkQvobrtBUQ
T9+nmw/+OIAj3gWwpPNrUdi2KeqmBdSBMG13CUCFXfAmQUDD8GkYZ78Cgzm7gkjm
kH/bNiOWxA8QnteeEC6K1SF0z+wlyl0Q6SKxP+Zo+iRWw0fJkKivvtz/e7bE3E/K
A8l7u5ZUUSGcP8fc/LbPzXKwS0C46B506MekeKbV4A03renXxfK0WLsNDcB29n7G
/f4JEDbs96WyfRJdyzo9U4oumndKEvh6c8CazRk9g3PZQlULmLq5JpvbQzap/4HL
Z/46ZalJkbrAMrby+0e9wNBE+5g+vkD/bVOJwHG9bv6ZEvp1vWMYwI0wF5T7Y0Wx
2Uv4d0z+mjP5zPoxhKHmVrZNGoYKG80vnOIO45WqTWeJFsF7khLZ+oBEy6ito/Zy
+DOo/FJCeCxdlh6JRB2xPM452iswx8moC/1fY6jeuVDF14s/Br5TpIYP+cqeBF1B
YKzyzPSOUKZWoyVTHCVzEu4ddrlIyw9FHemG4RvBRuVd7ed12xzWHs3pa6i8smHf
zmroL34X+//MorgFk5fzNbTmR65EzXTjR6gp/UbEmgaOZRpM2Gyh94DQttaOm3Kq
FaLHP+jLFmuJPcfthJYRpzC7WvVoX2YT5mk3xQNXtEPzA6ESodzWPc1cTignth3t
5/+sYkT+KCj5BhENqKWxUPmewpmgM3L+GxNWyucEqX62TNxRN8g=
=1HDG
-----END PGP SIGNATURE-----
Merge tag 'sev-hashes-pull-request' of https://gitlab.com/berrange/qemu into staging
Add property for requesting AMD SEV measured kernel launch
- The 'sev-guest' object gains a boolean 'kernel-hashes' property
which must be enabled to request a measured kernel launch.
# gpg: Signature made Thu 18 Nov 2021 02:33:25 PM CET
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
* tag 'sev-hashes-pull-request' of https://gitlab.com/berrange/qemu:
target/i386/sev: Replace qemu_map_ram_ptr with address_space_map
target/i386/sev: Perform padding calculations at compile-time
target/i386/sev: Fail when invalid hashes table area detected
target/i386/sev: Rephrase error message when no hashes table in guest firmware
target/i386/sev: Add kernel hashes only if sev-guest.kernel-hashes=on
qapi/qom,target/i386: sev-guest: Introduce kernel-hashes=on|off option
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Use address_space_map/unmap and check for errors.
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
[Two lines wrapped for length - Daniel]
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
In sev_add_kernel_loader_hashes, the sizes of structs are known at
compile-time, so calculate needed padding at compile-time.
No functional change intended.
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit cff03145ed ("sev/i386: Introduce sev_add_kernel_loader_hashes
for measured linux boot", 2021-09-30) introduced measured direct boot
with -kernel, using an OVMF-designated hashes table which QEMU fills.
However, no checks are performed on the validity of the hashes area
designated by OVMF. Specifically, if OVMF publishes the
SEV_HASH_TABLE_RV_GUID entry but it is filled with zeroes, this will
cause QEMU to write the hashes entries over the first page of the
guest's memory (GPA 0).
Add validity checks to the published area. If the hashes table area's
base address is zero, or its size is too small to fit the aligned hashes
table, display an error and stop the guest launch. In such case, the
following error will be displayed:
qemu-system-x86_64: SEV: guest firmware hashes table area is invalid (base=0x0 size=0x0)
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reported-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>