Commit Graph

89469 Commits

Author SHA1 Message Date
Peter Maydell
1f3afa5da2 qemu-ga patch queue for hard-freeze
* fix memory leak in guest_exec
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEzqzJ4VU066u4LT+gM1PJzvEItYQFAmER1ZcACgkQM1PJzvEI
 tYQuAgf9Haicx4FaFYUu7KuharaSlsaRpPdm5yjyITCGBUdktXZZoAPLwc18p0Wx
 euB8dQ+7OdXYWMYqVtJwoTyKNd0vKIDL+WmM1xJ2gnsrdOKq7vPthkx2Ci1DFZ2P
 V7UGVSVdH8s5tePxX+i0XNMDl8jBj1ugrmXwx8BxFct3u6mzvBm4Sto6qfPZGLPw
 FZNWQYLqYbws9Ig4QPKRmxcq96fKjzSvfGexZ/yiEgU+6Ln6ouAqaErvop/l3pY4
 hZOkb/FaseDyUsT7oyQnGZSrIrMrvKooes0Raus9ISnRjzA2y6qbFkibdR+n2sG1
 7YOBUSXthHoU8XL1zHRI7/ioRuBHtg==
 =73Wq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2021-08-09-tag' into staging

qemu-ga patch queue for hard-freeze

* fix memory leak in guest_exec

# gpg: Signature made Tue 10 Aug 2021 02:25:43 BST
# gpg:                using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full]
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>" [full]
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full]
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D  3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2021-08-09-tag:
  qga: fix leak of base64 decoded data on command error

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-10 09:42:06 +01:00
Daniel P. Berrangé
057489dd15 qga: fix leak of base64 decoded data on command error
If the guest command fails to be spawned, then we would leak the decoded
base64 input used for the command's stdin feed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-09 20:18:43 -05:00
Peter Maydell
e0d24696b9 Block patches for 6.1-rc3:
- Build fix for FUSE block exports
 - iotest 233 fix
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAmERXvESHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AgTkIALLjvAWWvcZc4JaGV4Wo6ZQZ7zfOXnYc
 jK/NhBLrKj1FPB0j00gAzTDlNcZB/39NImHtXjdI2sOvqIsG87efqrBheTOJ43+9
 tAB4efsQ1+HDHEtGoKd3ydYinJojradWzQQeoTVvsPSPsouUlEe8ZBIThe7SWy+9
 kmqZjIgaFkGaML/citMYg4FWDjm3IYt0K4BliIg3ySiJSCGEm6xIIe91PbaRru//
 zrBw+sIf0ax0fXSlOemUwm+gwQ4jHE7n9cnnRSK8crawwfdyqmfjjfiPDfCs5sFw
 Nr+qtwPmvLVpkbdsF9G9cB3MIO6Rb59aAIcLSpMouI1cQpGFMhZUOrE=
 =Ew2C
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/hreitz/tags/pull-block-2021-08-09' into staging

Block patches for 6.1-rc3:
- Build fix for FUSE block exports
- iotest 233 fix

# gpg: Signature made Mon 09 Aug 2021 17:59:29 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/hreitz/tags/pull-block-2021-08-09:
  tests: filter out TLS distinguished name in certificate checks
  block/export/fuse.c: fix musl build

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-09 21:14:24 +01:00
Daniel P. Berrangé
a6d2bb25cf tests: filter out TLS distinguished name in certificate checks
The version of GNUTLS in Fedora 34 has changed the order in which encodes
fields when generating new TLS certificates. This in turn changes the
order seen when querying the distinguished name. This ultimately breaks
the expected output in the NBD TLS iotests. We don't need to be
comparing the exact distinguished name text for the purpose of the test
though, so it is fine to filter it out.

Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210804180330.3469683-1-berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2021-08-09 17:32:43 +02:00
Fabrice Fontaine
50482fda98 block/export/fuse.c: fix musl build
Fix the following build failure on musl raised since version 6.0.0 and
4ca37a96a7
because musl does not define FALLOC_FL_ZERO_RANGE:

../block/export/fuse.c: In function 'fuse_fallocate':
../block/export/fuse.c:563:23: error: 'FALLOC_FL_ZERO_RANGE' undeclared (first use in this function)
  563 |     } else if (mode & FALLOC_FL_ZERO_RANGE) {
      |                       ^~~~~~~~~~~~~~~~~~~~

Fixes:
 - http://autobuild.buildroot.org/results/b96e3d364fd1f8bbfb18904a742e73327d308f64

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Message-Id: <20210809095101.1101336-1-fontaine.fabrice@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2021-08-09 17:19:27 +02:00
Peter Maydell
370ea52f72 hw/nvme fixes
* coverity fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmERCTYACgkQTeGvMW1P
 DekByggAqswnK64P7zjkq3aEjENKdD00lYfy0aInSn6HbV75D6f654izVWN/8NUn
 vBhcmuYDi87hXv/dfD9OvaIrpajiMuEmer0jUigIhJvXJseHx7R7tf3H6OSxbQtn
 NnhticUYtFQoHADoM129rtkh/r/KXbMMpVC+/EwuhLBGR8/GRG50yBs6ZgqUbydU
 rcO+1neFO1ee6bsV2TIDrQhs/vsDAQsOLkbe8g2LeNIxCOSKkTRnn4t2fq3Ue0up
 y8m3vEl3zq4GVpQW+MrSfSS1G5bdunoGtrrPlK9EkCRYT6HRX/YstLFSk2TWUdJ0
 rA/el4WN/XMvYOF6YSb+6d72ZK7uFw==
 =nrUW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into staging

hw/nvme fixes

* coverity fixes

# gpg: Signature made Mon 09 Aug 2021 11:53:42 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-next-pull-request:
  hw/nvme: fix missing variable initializers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-09 15:00:26 +01:00
Klaus Jensen
5f4884c441 hw/nvme: fix missing variable initializers
Coverity found that 'uuid', 'csi' and 'eui64' are uninitialized. While
we set most of the fields, we do not explicitly set the rsvd2 field in
the NvmeIdNsDescr header.

Fix this by explicitly zero-initializing the variables.

Reported-by: Coverity (CID 1458835, 1459295 and 1459580)
Fixes: 6870cfb814 ("hw/nvme: namespace parameter for EUI-64")
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-08-09 12:52:16 +02:00
Peter Maydell
632eda5404 Fix for gnutls-crypto detection
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmEQ+MQUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroMdtQf+NRP8oZyq1jTMIXqG7m8oChEl5FVE
 mEGYjRaTlspt48qlybwIXtGGnKf9EgHDuUY/buYL6lbrBB8SCbSawXNYZWHafbcZ
 nv9fce0hvVqyzz/82AeJblHODd/1WXog1ZU/YiJEZj+1h86a4B8GZTWpwJfBhDZG
 0AYVHxBLpnp5/Rg1WCkrhKihiJWEJKEgqwDkAL0FAcKrdhzncR1iF2U4ZPdVmEl7
 XHkqYM/dIMn1MkljNSH7A5ZHxN5b704U+g4YAXkh1oN4HNKGrEJU/gbnmJ/4tGPG
 jqADsHxhiRA/Jm8OMpwfOdl60ZN8IZ+ricTKA2yjTNyDNNQyp6cxNdd5Xg==
 =ZOOe
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

Fix for gnutls-crypto detection

# gpg: Signature made Mon 09 Aug 2021 10:43:32 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  meson: fix logic for gnutls check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-09 11:04:27 +01:00
Alyssa Ross
abc14fd056 meson: fix logic for gnutls check
The logic before was

	if not get_option('gnutls').auto() or have_system

Which is equivalent to

	if get_option('gnutls').enabled() or get_option('gnutls').disabled() or have_system

This means that the check for gnutls is performed even if gnutls is
disabled, which means that the build system will insist on having
libtasn1 if gnutls is found, even if gnutls support is disabled.

When gnutls is disabled, the check for gnutls shouldn't be performed,
to ensure that further build system logic (like the check for
libtasn1) doesn't make decisions based on the presence of gnutls,
rather than the gnutls option.

After making this change, I can successfully ./configure --disable-gnutls
on my system with gnutls installed, but not libtasn1.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20210806144947.321647-1-hi@alyssa.is>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2021-08-06 15:36:11 +00:00
Peter Maydell
dee64246de linux-user pull request 20210806
Fix endianness and addresses in i386 linux-user target
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmEM/fASHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748RIQQAJ/h0OQSZqu7X5CERvbrLkzuU8ZmzFmb
 TIBDqzbnM4AhmS3b8j5UEGbZ6UCrnyph+e1Ksf8l9mpmpuDPK178HfKG5NAe7lXY
 x2Y8e2JllZ9ASsRUqqUjnTfXirx5hx5S3V15KVLsdpYq4UG1K07jfh2aqZKijAdi
 zf64ZmMGTMwLO6PdrsDzxM+5fYy5o+ELG4XnHfhH2VsjND6wUSEkouXLVwnxsW3R
 reKFBrzqTX7ryEfAgli4LjdOJ4HPgiMlkQR0boAIYv/lJAc+pSPBO2FxUxJQ+AK/
 KVMjHPbx8aPUC6MADXhjkPdAXotRWX49coQoeR2MRbhIHuLD/JS4frpy5LMNLv8F
 MI+Hx5wCWyyF+V7X1ezkKduN512JPP7tl7EedxEG7OiOkcQuU3ssXbttwZuCf5tz
 dIbUSKUrpYJE+uB91/vL/Fg85c3/i0a7Nl/glzje/IOJ2J4ZSSvVGM9WcC8y5Mbk
 KiEF4jlDrz/lZeNYcVzpYBDzjnVvwIdd9nKYlaJT3VysVjJAxxJkimmK/wqkasEF
 EzmsU0y6pFttsodHm08Mm6U9qQZM6KfyjMOOp9BlUj+S9mv4nMXEOboHHzXUvDCG
 QkSOQqCI7ow6AeEkCeNPuBuGihAfCAdzUlEZNrTwADeEytZ1i7GXWe4mZIDQjrRk
 xTj9ir/H3qmQ
 =I2DD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.1-pull-request' into staging

linux-user pull request 20210806

Fix endianness and addresses in i386 linux-user target

# gpg: Signature made Fri 06 Aug 2021 10:16:32 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.1-pull-request:
  linux-user/elfload: byteswap i386 registers when dumping core
  linux-user: fix guest/host address mixup in i386 setup_rt_frame()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-06 10:28:33 +01:00
Peter Maydell
ca92f16276 QAPI patches patches for 2021-08-05
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmEL8FQSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTA/MP/ixcTS2eQXXzbckLNULfkODtLMq2S/o9
 lDYLDh3y39/4B/i70pfy6opQGUyiuMdrzqXK51Mh9WSxyn4CfxHEjfJVD/ex0hVQ
 DevTIpIY+W9pH5Tx/EXsm0bV0PDtRo08ov8oRg+6IXKZvVNI1tMPAn0UtSmLxDJJ
 saux+AA75DMTxJ4jUx+a6gz7yPJIL9ZIO7m5dp4hV8sT8PwGk6SIC1LGUPPquFvY
 fn0wIHEOTKKlrC27YkaVF8CQ3xmCqBiR5HznFkSBEkpupeK10Yeb4ZccBLhArwhj
 D4iF8VUYh/xR2No8W3lZ5SaW0aAWeKhsJrorBceiz9Qi/N/6fcT7NGf3H6D/D0Ho
 m3xoETnNYVvCPRkfiYykyYh7nyuhLK2uAOsHy0KpkOlVcdfdVXePesj9xiw6kGte
 Fv/UjXiNmiqIyZfVEt0tYk4ooRdgbBGTJ+ZnC73aKQpWZXC24SdB9xIyPPZ77W3s
 NuuGWar8iPzSB2ZeIvIzXFewDAz/Sg01xQBsjjS6X/QI2TdtMIuFD842MLlW1rzM
 ia0BGxmo6uyiNPUyDYZI6bSOk0huM09niXX2JFI0pGVIYoFVjoaLyr20hNLfqRfQ
 SFeUqj+6lKw/K2dEMhTtJe7U2KyJf6Hs3LWiL8TzrxshDPK/a7woWhCfH43GsWS0
 oE6kLCRX8v67
 =ge3b
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2021-08-05' into staging

QAPI patches patches for 2021-08-05

# gpg: Signature made Thu 05 Aug 2021 15:06:12 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2021-08-05:
  docs: convert writing-qmp-commands.txt to writing-qmp-commands.rst
  docs/qapi-code-gen: add cross-references
  docs/qapi-code-gen: Beautify formatting
  docs: convert qapi-code-gen.txt to ReST
  docs/devel/qapi-code-gen: Update examples to match current code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-05 18:48:06 +01:00
Peter Maydell
287d53398a Chardev-related fixes
Hi
 
 Here are some bug fixes worthy for 6.1.
 
 thanks
 -----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmEL3vMcHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5fe7D/0U6k36kb02MePc2OIW
 OVYijYm4/LiJQ0Tae5yKhvcaG81+sXyjJa3MvU2lscHrLxFsT0Li2N8cDx8Tozfy
 ob2URg/Wd8sBllze4QSqLlMqpX5Fh7GsKjx+3d+RzFzKW3BE8ZUoxTsRH0f1imd3
 lZJmVbhvl5Bo65U0J5xp+VI4BZnEc9R/JHQOiUT+wnmwAbv4knjCz1LiW51LQvNP
 2A8cHhftN58ogm3yptSfD/5OHfFsn+16uhhTRtjuiro+9+zuVgBqxJSXENsDhzDU
 IuL5J9MHhnhSv6/QB4zuVCYZfBlMLB1CXo3bFLalSN5wCAkCxrFEozPVjj2f9gR+
 TrM1JxYK0CoAJZosHAlk1J+KGXZ4zs4Y3TyutFdLlhz9KYi4Xve3UYNQc8uK4jD8
 7eXbaxTS0b9T1LYZd7YNbyKYuUeZJSt9dwGEXdudZPhp2lRjJ/Bhhkx0RLdR8LTX
 qcpemc14AwMUh0zaUcXPuxCeWEJO8ffJyVzXY5j36tSIt5LMecDqJHEqv4ZjWgyz
 mc9AMHRDtzRx0WPV3vNHEEIioXKOqARmWuuUaW5hUDdWue3f1wuU81xoMEN92DKs
 LftUgetgdqD9vbobtoiYFI7qIjb4IaKKK5TCn6glq4Poyd2tErl/fcjkO60/IZPR
 bzDygkxX8thipWkxQhTVBaaHVA==
 =KDK+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/marcandre/tags/chr-fix-pull-request' into staging

Chardev-related fixes

Hi

Here are some bug fixes worthy for 6.1.

thanks

# gpg: Signature made Thu 05 Aug 2021 13:52:03 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/marcandre/tags/chr-fix-pull-request:
  chardev: report a simpler error about duplicated id
  chardev: give some context on chardev-add error
  chardev: fix qemu_chr_open_fd() with fd_in==fd_out
  chardev: fix qemu_chr_open_fd() being called with fd=-1
  chardev: fix fd_chr_add_watch() when in != out
  chardev: mark explicitly first argument as poisoned
  chardev/socket: print a more correct command-line address
  util: fix abstract socket path copy

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-05 16:25:44 +01:00
Marc-André Lureau
a68403b0a6 chardev: report a simpler error about duplicated id
Report:
  "Chardev with id 'char2' already exists"
Rather than:
  "Failed to add chardev 'char2': duplicate yank instance"

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
64195b0d36 chardev: give some context on chardev-add error
Description from Daniel P. Berrangé:
> The original code reported:
>
>  "attempt to add duplicate property 'char2' to object (type 'container')"
>
> Since adding yank support, the current code reports
>
>  "duplicate yank instance"
>
> With this patch applied it now reports:
>
>  "Failed to add chardev 'char2': duplicate yank instance"
>
> This is marginally better, but still not great, not that the original
> error was great either.
>
> It would be nice if we could report
>
>   "chardev with id 'char2' already exists"

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1984721

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
733ba02084 chardev: fix qemu_chr_open_fd() with fd_in==fd_out
The "serial" chardev calls qemu_chr_open_fd() with the same fd. This
may lead to double-close as each QIOChannel owns the fd.

Instead, share the reference to the same QIOChannel.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
46fe3ff6ea chardev: fix qemu_chr_open_fd() being called with fd=-1
The "file" chardev may call qemu_chr_open_fd() with fd_in=-1. This may
cause invalid system calls, as the QIOChannel is assumed to be properly
initialized later on.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
bb2b058f1a chardev: fix fd_chr_add_watch() when in != out
Create child sources for the different streams, and dispatch on the
parent source with the synthesized conditions.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
bf7b1eab25 chardev: mark explicitly first argument as poisoned
Since commit 9894dc0cdc "char: convert
from GIOChannel to QIOChannel", the first argument to the watch callback
can actually be a QIOChannel, which is not a GIOChannel (but a QEMU
Object).

Even though we never used that pointer, change the callback type to warn
the users. Possibly a better fix later, we may want to store the
callback and call it from intermediary functions.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Ilya Leoshkevich
030912e01c linux-user/elfload: byteswap i386 registers when dumping core
Core dumps from emulating x86_64 on big-endian hosts contain incorrect
register values.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210803172013.148446-1-iii@linux.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-08-05 12:17:30 +02:00
Ilya Leoshkevich
0c40c18ecd linux-user: fix guest/host address mixup in i386 setup_rt_frame()
setup_rt_frame() passes siginfo and ucontext host addresses to guest
signal handlers, causing problems when e.g. emulating x86_64 on s390x.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210803171858.148394-1-iii@linux.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-08-05 12:15:44 +02:00
Marc-André Lureau
30f80be34b chardev/socket: print a more correct command-line address
Better reflect the command line version of the socket address arguments,
following the now recommended long-form opt=on syntax.

Complement/fixes commit 9d902d51 "chardev: do not use short form boolean
options in non-QemuOpts character device descriptions".

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-08-04 23:23:31 +04:00
Marc-André Lureau
4cfd970ec1 util: fix abstract socket path copy
Commit 776b97d360 "qemu-sockets: add abstract UNIX domain socket
support" neglected to update socket_sockaddr_to_address_unix() and
copied the whole sun_path without taking "salen" into account.

Later, commit 3b14b4ec49 "sockets: Fix socket_sockaddr_to_address_unix()
for abstract sockets" handled the abstract UNIX path, by stripping the
leading \0 character and fixing address details, but didn't use salen
either.

Not taking "salen" into account may result in incorrect "path" being
returned in monitors commands, as we read past the address which is not
necessarily \0-terminated.

Fixes: 776b97d360
Fixes: 3b14b4ec49
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: xiaoqiang zhao <zxq_yx_007@163.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-04 23:23:31 +04:00
Peter Maydell
bccabb3a5d Update version for v6.1.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 16:56:14 +01:00
Peter Maydell
f17d05569a pc,pci: bugfixes
Small bugfixes all over the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmEJp+sPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpKuoH/inLOUmbyv9dxQL88qIfKUtDoVYWV1TspaR9
 nswKltOZjLopLFZUMcfJsH5KxdM6CPM5d2/OQqMivKbwTxMSWQvfL+G/PdEqQ+Fb
 21zkd483B6RhuLDeamSD2DGQImlZlpCOEVxucHxrnhsD9PqDGdMX4aYj1kfNcXnj
 2X4apEPTMeeN8VAv0VgV6zXW1ksgAetVCKLuyktv6UerBT7yHAssGMPEX0j86TGX
 lg8nbtJ5LXMcCaY6vsBI/dSAhUmvilkvaIooTb7n604WgkUIHy1v7hDzACwZNyCP
 ZWDqz5oCtF7DIMKnHEzJlW7X7cxtmo151g4IVXBGYkuc+WXOVrU=
 =eYH0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci: bugfixes

Small bugfixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 03 Aug 2021 21:32:43 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  Drop _DSM 5 from expected DSDTs on ARM
  Revert "acpi/gpex: Inform os to keep firmware resource map"
  arm/acpi: allow DSDT changes
  acpi: x86: pcihp: add support hotplug on multifunction bridges
  hw/pcie-root-port: Fix hotplug for PCI devices requiring IO

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 13:53:38 +01:00
Peter Maydell
700d82c9bc SD/MMC patches queue
- sdcard: Fix assertion accessing out-of-range addresses
   with SEND_WRITE_PROT (CMD30)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmEJfvsACgkQ4+MsLN6t
 wN5eKRAA0dWxmsr4eZGHQababmorVWs46T1IXW+slmSQL781+KMBme0XiKS0o7y/
 +1TlL2KWyvx8davAnW2eVYbhwEo5j48gWWxSNPcvKj5gAy9Hd6/NOPTMT7XTHYNI
 zhhk1+Gjvrlg4KIoJoBECDBh/9fy/pmgENow3wnbkbDj55RQq6XT1us0ypVlWwCp
 ug57g3vyYDPTPNdzdgyQsikgiyLqsk2CVhet2c+1IuBrCwdA5ZgflsxNmAH+hsHX
 okHK8FreFKcyscj38vXP8tZi7GHj+hJE3EBL0Fz16gTWLkxONc3DYYxzhtvXRE8l
 ANSslmWNQw+TLverT+a/0I1QKFO27q7MoXBs08Wf4YdB3Pgsx+y9FXzuPMbauK5T
 Z8RNSKU3CoAtcOD1TOyItH0fZaaYuVcprsKLR6ZsSIs2rIoeUNfd7pUjxAs7rZvC
 fAbYJrFjxYlrSxZT+jEAMZFE4PzH8Hb/+NeOk8xfI5+uNdr2UgGvcZdXZQPfQEPK
 lRQSwoHOlPy+UYMzVwJP9YsRiUNcZr082cif3d7BBcymeJ//SFusdQSj5jktkszq
 Dn5SL6Up86UmU3QCMgtFURKavashUZ+SnBJ+GdJpXCz16sBfHY70gPpfDhm9+vOy
 pf/7S4fA64EHvV6rfVH6sqeqnV5YAc+1ubEHK5vP3w3FOzFJ06c=
 =EaXR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20210803' into staging

SD/MMC patches queue

- sdcard: Fix assertion accessing out-of-range addresses
  with SEND_WRITE_PROT (CMD30)

# gpg: Signature made Tue 03 Aug 2021 18:38:03 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/sdmmc-20210803:
  hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30
  hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 11:40:27 +01:00
John Snow
68e6dc594a docs: convert writing-qmp-commands.txt to writing-qmp-commands.rst
This does about the bare minimum, converting section headers to ReST
ones and adding an indent for code blocks.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210721165015.2180311-1-jsnow@redhat.com>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2021-08-04 11:18:05 +02:00
John Snow
9c66762a60 docs/qapi-code-gen: add cross-references
Add clickables to many places.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210720235619.2048797-4-jsnow@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2021-08-04 11:05:52 +02:00
John Snow
55927c5f32 docs/qapi-code-gen: Beautify formatting
Mostly, add ``literal`` markers to a lot of things like C types, add
code blocks, and fix the way a few things render.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210720235619.2048797-3-jsnow@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2021-08-04 11:05:48 +02:00
John Snow
f7aa076dbd docs: convert qapi-code-gen.txt to ReST
This is a very rudimentary conversion from .txt to .rst changing as
little as possible, but getting it to render somewhat nicely; without
using any Sphinx directives. (It is 'native' ReST.)

Further patches will add cross-references and Sphinx-specific extensions
to make it sparkle.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210720235619.2048797-2-jsnow@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2021-08-04 11:05:43 +02:00
Markus Armbruster
e0366f9f2b docs/devel/qapi-code-gen: Update examples to match current code
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210712150214.624281-1-armbru@redhat.com>
Acked-by: John Snow <jsnow@redhat.com>
2021-08-04 11:04:16 +02:00
Peter Maydell
ef6607edf0 Block layer patches
- Fix hang after request padding error (Windows + 512-on-4k emulation)
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmEJVUoRHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9bTtw//bab1AYur6kTf9verEcdiUo9/9rfxKoz/
 Lf+W2MLEF/hYkXuGSuHRM/8/y7CHY34IDf/EeizNIfJo2zT29jY1kvUGzbFsCu04
 9R6RxnYnjULtDidtJc5FW9Hcx/nU+ymzXcc66MIOy0HcY/2ED4CbabP+SKEgEC9R
 tzFYqSjQRnSJCYD5q2siL9l4je0Of7pTw6glzxtA3l57T0HTffXuV1JHmiFstB/7
 QFYEyYXg/f/hLdvc5GlTmoS4q2Rcu0WvhZtoui3lLRedeu4FBYx5XLsZ5Ni4BT3j
 qde0Fn/rcRfwUvuS3WiWGV7ptSMPsro0/o6DKczFeQ1bF2o7kPBq0V44xLE3UW6W
 ZQszdD7d/DAYUucuxeWt9QDmkq24JGknjOWHxeaPu1hlO3+oG0QRckTLk6h3hz/a
 h20FlBLt59z/JGOTnHI/PDjMt69drIR/IOuJUeD25blRlgIqXJTdBPRfdx3GxD/M
 n6/YBAEoGxMl5TjrCu3HDwJxVQ2mihkjeruUynx/qoMHyRsxvZNcnP4V+t6PQiMe
 Iyrl8LbbGI5mTww+AcbEJVXU+5Sro4HlB9VrHD8VmxGhENGrKiPzfVEbdNPEKDtZ
 ToZgBkB5HYnPGaVmFjWVg0vyy3iInIj4ZagKR9iFCH3OKcz9moCe2tFzfJ7nXtJ3
 waeT1U/76Vo=
 =s3q9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

- Fix hang after request padding error (Windows + 512-on-4k emulation)

# gpg: Signature made Tue 03 Aug 2021 15:40:10 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  block: Fix in_flight leak in request padding error path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 09:27:24 +01:00
Michael S. Tsirkin
62a4db5522 Drop _DSM 5 from expected DSDTs on ARM
diff -rup /tmp/old/tests/data/acpi/microvm/DSDT.pcie.dsl /tmp/new/tests/data/acpi/microvm/DSDT.pcie.dsl
--- /tmp/old/tests/data/acpi/microvm/DSDT.pcie.dsl	2021-08-03 16:22:52.289295442 -0400
+++ /tmp/new/tests/data/acpi/microvm/DSDT.pcie.dsl	2021-08-03 16:22:40.102286317 -0400
@@ -1302,14 +1302,9 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS "
                     {
                         Return (Buffer (One)
                         {
-                             0x21                                             // !
+                             0x01                                             // .
                         })
                     }
-
-                    If ((Arg2 == 0x05))
-                    {
-                        Return (Zero)
-                    }
                 }

                 Return (Buffer (One)

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:32:35 -04:00
Michael S. Tsirkin
40c3472a29 Revert "acpi/gpex: Inform os to keep firmware resource map"
This reverts commit 0cf8882fd0.

Which this commit, with aarch64 when using efi PCI devices with IO ports
do not work.  The reason is that EFI creates I/O port mappings below
0x1000 (in fact, at 0). However Linux, for legacy reasons, does not
support I/O ports <= 0x1000 on PCI, so the I/O assignment created by EFI
is rejected.

EFI creates the mappings primarily for itself, and up until DSM #5
started to be enforced, all PCI resource allocations that existed at
boot were ignored by Linux and recreated from scratch.

Also, the commit in question looks dubious - it seems unlikely that
Linux would fail to create a resource tree. What does
happen is that BARs get moved around, which may cause trouble in some
cases: for instance, Linux had to add special code to the EFI framebuffer
driver to copy with framebuffer BARs being relocated.

DSM #5 has a long history of debate and misinterpretation.

Link: https://lore.kernel.org/r/20210724185234.GA2265457@roeck-us.net/
Fixes: 0cf8882fd0 ("acpi/gpex: Inform os to keep firmware resource map")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:32:34 -04:00
Michael S. Tsirkin
5cd4a8d4e5 arm/acpi: allow DSDT changes
We are going to commit ccee1a8140 ("acpi: Update _DSM method in expected files").
Allow changes to DSDT on ARM. Only configs with pci are
affected thus all virt variants but for microvm only the pcie variant.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:32:34 -04:00
Igor Mammedov
d7346e614f acpi: x86: pcihp: add support hotplug on multifunction bridges
Commit [1] switched PCI hotplug from native to ACPI one by default.

That however breaks hotplug on following CLI that used to work:
   -nodefaults -machine q35 \
   -device pcie-root-port,id=pcie-root-port-0,multifunction=on,bus=pcie.0,addr=0x1,chassis=1 \
   -device pcie-root-port,id=pcie-root-port-1,port=0x1,addr=0x1.0x1,bus=pcie.0,chassis=2

where PCI device is hotplugged to pcie-root-port-1 with error on guest side:

  ACPI BIOS Error (bug): Could not resolve symbol [^S0B.PCNT], AE_NOT_FOUND (20201113/psargs-330)
  ACPI Error: Aborting method \_SB.PCI0.PCNT due to previous error (AE_NOT_FOUND) (20201113/psparse-531)
  ACPI Error: Aborting method \_GPE._E01 due to previous error (AE_NOT_FOUND) (20201113/psparse-531)
  ACPI Error: AE_NOT_FOUND, while evaluating GPE method [_E01] (20201113/evgpe-515)

cause is that QEMU's ACPI hotplug never supported functions other then 0
and due to bug it was generating notification entries for not described
functions.

Technically there is no reason not to describe cold-plugged bridges
(root ports) on functions other then 0, as they similarly to bridge
on function 0 are unpluggable.

So since we need to describe multifunction devices iterate over
fuctions as well. But describe only cold-plugged bridges[root ports]
on functions other than 0 as well.

1)
Fixes: 17858a1695 (hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35)
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20210723090424.2092226-1-imammedo@redhat.com>
Fixes: 17858a1695 (hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35)<br>
Signed-off-by: Igor Mammedov &lt;<a href="mailto:imammedo@redhat.com" target="_blank">imammedo@redhat.com</a>&gt;<br>
Reported-by: Laurent Vivier &lt;<a href="mailto:lvivier@redhat.com" target="_blank">lvivier@redhat.com</a>&gt;<br>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:31:07 -04:00
Marcel Apfelbaum
e2a6290aab hw/pcie-root-port: Fix hotplug for PCI devices requiring IO
Q35 has now ACPI hotplug enabled by default for PCI(e) devices.
As opposed to native PCIe hotplug, guests like Fedora 34
will not assign IO range to pcie-root-ports not supporting
native hotplug, resulting into a regression.

Reproduce by:
    qemu-bin -M q35 -device pcie-root-port,id=p1 -monitor stdio
    device_add e1000,bus=p1
In the Guest OS the respective pcie-root-port will have the IO range
disabled.

Fix it by setting the "reserve-io" hint capability of the
pcie-root-ports so the firmware will allocate the IO range instead.

Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210802090057.1709775-1-marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:31:07 -04:00
Peter Maydell
cb2f4b8750 * Fixes for SIGILL and SIGFPE of the s390x linux-user target
-----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmEJRQ4RHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbU8XA/9H8uXt/S/I53oAJK9xL84cEm5qoRR6CNf
 gZAcczg/tIvPt+uRV7e39KyKhQRBCqR0mr+IP5tZ8dekB9qbj1k0nH6v6iSbhHs6
 MxKQ9QQ/9bDrgLSlIN+zerLzxzowtdR7b9x/YcifThqUOqL6rE7JJPrzL6Yykk+y
 cI/MU5AsZNeSNkWIDEBTFXScB1059bUzMgza9Gdao5ROnCbDrpE+SwRih27wntNQ
 sLrlDdGZzO62jl681YqYAbLSZYbE9nbv/oJ8wLeD7b937qWfovdQgF5Esf9mPaME
 oEFUCqP0SJ9/6HimVnQg7owV28twqVmPhhgvXO7H+BVj7AjiI1AbNUStnKSvdhV2
 8LVhzwxgf+ClVfetM4I60e6smMxTtpFHGDmsBQfOYkxnh1fMQVXyvmGztAvyc8MY
 LRbdV22nAkzKGdavTFlkj/GVVrf3h6F7hsdccPCBv8C6IEinhXO2E0k8Xznb6eky
 KUsNN2j0r36RbENpBbOCR4lmp+0jWVKYYcF2Do91ispTw1ta7DGvw4NrCFIbzQeo
 sejYElt6CRMfBuyZgg5zaQ8W9bxR4vrDpYfZ23Afj+JOaUoZuMctkXpvUyea6nhL
 5yq88jo13rbpobpLJ/ngDwIQXues6ru3DC4aE1t4ec0wA7pPaSApyaadQcZceEAE
 UTCUloOucAE=
 =1YMM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-08-03' into staging

* Fixes for SIGILL and SIGFPE of the s390x linux-user target

# gpg: Signature made Tue 03 Aug 2021 14:30:54 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/thuth-gitlab/tags/pull-request-2021-08-03:
  tests/tcg: Test that compare-and-trap raises SIGFPE
  linux-user/s390x: signal with SIGFPE on compare-and-trap
  target/s390x: Fix SIGILL and SIGFPE psw.addr reporting

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-03 19:50:43 +01:00
Philippe Mathieu-Daudé
4ac0b72bae hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30
OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers the assertion added in commit 84816fb63e
("hw/sd/sdcard: Assert if accessing an illegal group"):

  qemu-fuzz-i386-target-generic-fuzz-sdhci-v3: ../hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t):
  Assertion `wpnum < sd->wpgrps_size' failed.
  #3 0x7f62a8b22c91 in __assert_fail
  #4 0x5569adcec405 in sd_wpbits hw/sd/sd.c:824:9
  #5 0x5569adce5f6d in sd_normal_command hw/sd/sd.c:1389:38
  #6 0x5569adce3870 in sd_do_command hw/sd/sd.c:1737:17
  #7 0x5569adcf1566 in sdbus_do_command hw/sd/core.c💯16
  #8 0x5569adcfc192 in sdhci_send_command hw/sd/sdhci.c:337:12
  #9 0x5569adcfa3a3 in sdhci_write hw/sd/sdhci.c:1186:9
  #10 0x5569adfb3447 in memory_region_write_accessor softmmu/memory.c:492:5

It is legal for the CMD30 to query for out-of-range addresses.
Such invalid addresses are simply ignored in the response (write
protection bits set to 0).

In commit 84816fb63e ("hw/sd/sdcard: Assert if accessing an illegal
group") we misplaced the assertion *before* we test the address is
in range. Move it *after*.

Include the qtest reproducer provided by Alexander Bulekov:

  $ make check-qtest-i386
  ...
  Running test qtest-i386/fuzz-sdcard-test
  qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < sd->wpgrps_size' failed.

Cc: qemu-stable@nongnu.org
Reported-by: OSS-Fuzz (Issue 29225)
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 84816fb63e ("hw/sd/sdcard: Assert if accessing an illegal group")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/495
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-3-f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
2021-08-03 19:34:51 +02:00
Philippe Mathieu-Daudé
2a0396285d hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT
Per the 'Physical Layer Simplified Specification Version 3.01',
Table 4-22: 'Block Oriented Write Protection Commands'

  SEND_WRITE_PROT (CMD30)

  If the card provides write protection features, this command asks
  the card to send the status of the write protection bits [1].

  [1] 32 write protection bits (representing 32 write protect groups
  starting at the specified address) [...]
  The last (least significant) bit of the protection bits corresponds
  to the first addressed group. If the addresses of the last groups
  are outside the valid range, then the corresponding write protection
  bits shall be set to 0.

Split the if() statement (without changing the behaviour of the code)
to better position the description comment.

Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-2-f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
2021-08-03 19:34:00 +02:00
Peter Maydell
2cd9e2bd09 Update libslirp
Hi,
 
 v4:
  - drop subproject patch
  - fix OSX linking issue
 
 v3:
  - rebased
  - (checked compilation with P. Maydell extra-cflags reported failure & gitlab CI)
 
 v2:
  - fix unused variables on macos
  - fork_exec_child_setup: improve signal handling
 -----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmEJUAMcHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5TI3D/0TwPcmvCQ6CuOUvqC0
 LjO/hfORv6HT2t1FKPstmIY00kbtdto0OVmZlxbVLkCa9/TFm8JdzLcUe6nDl8kj
 p1ZHu4QOpQX8q29D+HPof11LuOzG26LZFWWLzyYnCvqRA/IuC49afoQmTF+vRmFP
 CvU5auW5Sx76PadM2K/2LUQ0yo17jX0tuNUx+MTdU/y0bMvoOikvFnUKw8F7nlSr
 9Rq3ec7gaL29TEc1X/JhS6S2atOctJkEUHy+VyDyOQvl+Dgm0NSoXhA24k9SaIx5
 4DM0dcrf71cUELG91sFLAb6U4SJwcsr8Gkg7NrRa4hkg/8kel2NvF+57rTGyEHyS
 RFc+Xw58lNLxFZQ9VTpUgg2P+0wbUVy5u4/2mhwKs3cvxFRJSZlPUyApLye5HQMp
 sFG+cSgWZI5/bHnibi95q5LNZT0ISg6vpiI36YF0Pp6D0qdMVoirpqUdZri5nJGh
 Fw2XV14gdg0P6O6qd1PjqAkDvp3gPz0KwA4jwNzn7rlu46TJCrU0Dcl9Yl20xk1Z
 Z8dhIg66JtdyI9yGmkKixKmb0CaK+JCKkw5dMqw9QVjKKFGcnWECQkP1+azjehPE
 XRoymG+WjZ+kSMBz7tO2FbD7p7wW+S/JqKW5hs/Cfj1uZR8Jsl9rXn3F3WyZ7yUk
 wXD6II3nlQPomgzq07zKhrbk8g==
 =6lw9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/elmarco/tags/libslirp-pull-request' into staging

Update libslirp

Hi,

v4:
 - drop subproject patch
 - fix OSX linking issue

v3:
 - rebased
 - (checked compilation with P. Maydell extra-cflags reported failure & gitlab CI)

v2:
 - fix unused variables on macos
 - fork_exec_child_setup: improve signal handling

# gpg: Signature made Tue 03 Aug 2021 15:17:39 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/libslirp-pull-request:
  Update libslirp to v4.6.1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-03 17:50:29 +01:00
Peter Maydell
acf8200722 qemu-ga patch queue for hard-freeze
* w32: Fix missing/incorrect DLLs in MSI installer
 * w32: Fix memory leaks in guest-get-osinfo/guest-get-fsinfo
 * w32: Increase timeout for guest-fsfreeze-freeze
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEzqzJ4VU066u4LT+gM1PJzvEItYQFAmEJMesACgkQM1PJzvEI
 tYTjxgf/Rf+mMm/O3vMQ1AjiARHS2a7oY0jr8WknisgPwkfwWtAX/VegiPLy2tHS
 5POLnisuTGlCcLJFOeV2xyq5GUM72G1f5U+F0qeFpG6YzYU/xZSfbC5OMX53nRC3
 ZQD8NqT/ZmR6vp+SkInoX14moOnxoGDifb/qin1rJrOqCfSeCgIRdb95q9jzAhaw
 xJj9eRE87jVI2qlDhZL2ewSuhh+HAGkS438mEBXgARz2gMdDmlePVPttD7UkP7Um
 BiSCENaqe7eI1C3/sN+X/vZhl0CLQt2BDALDxNUG/VHxAXnSqmran/Jr83gn/cwz
 EAc4ue+9KMUADbrTek0YYSEXTbpBRQ==
 =Dz96
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2021-08-03-pull-tag' into staging

qemu-ga patch queue for hard-freeze

* w32: Fix missing/incorrect DLLs in MSI installer
* w32: Fix memory leaks in guest-get-osinfo/guest-get-fsinfo
* w32: Increase timeout for guest-fsfreeze-freeze

# gpg: Signature made Tue 03 Aug 2021 13:09:15 BST
# gpg:                using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full]
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>" [full]
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full]
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D  3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2021-08-03-pull-tag:
  qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
  qemu-ga/msi: fix w32 libgcc name
  qga-win: Free GMatchInfo properly
  qga-win: Fix handle leak in ga_get_win_product_name()
  qga-win: Fix build_guest_fsinfo() close of nonexistent
  qga-win: Increase VSS freeze timeout to 60 secs instead of 10

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-03 14:48:57 +01:00
Kevin Wolf
87ab880252 block: Fix in_flight leak in request padding error path
When bdrv_pad_request() fails in bdrv_co_preadv_part(), bs->in_flight
has been increased, but is never decreased again. This leads to a hang
when trying to drain the block node.

This bug was observed with Windows guests which issue a request that
fully uses IOV_MAX during installation, so that when padding is
necessary (O_DIRECT with a 4k sector size block device on the host),
adding another entry causes failure.

Call bdrv_dec_in_flight() to fix this. There is a larger problem to
solve here because this request shouldn't even fail, but Windows doesn't
seem to care and with this minimal fix the installation succeeds. So
given that we're already in freeze, let's take this minimal fix for 6.1.

Fixes: 98ca45494f
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1972079
Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210727154923.91067-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-08-03 15:43:30 +02:00
Jonathan Albrecht
50e36dd616 tests/tcg: Test that compare-and-trap raises SIGFPE
Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Message-Id: <20210709160459.4962-3-jonathan.albrecht@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:38 +02:00
Jonathan Albrecht
ccb5f2708f linux-user/s390x: signal with SIGFPE on compare-and-trap
Currently when a compare-and-trap instruction is executed, qemu will
always raise a SIGILL signal. On real hardware, a SIGFPE is raised.

Change the PGM_DATA case in cpu_loop to follow the behavior in
linux kernel /arch/s390/kernel/traps.c.
 * Only raise SIGILL if DXC == 0
 * If DXC matches a non-simulated IEEE exception, raise SIGFPE with
   correct si_code
 * Raise SIGFPE with si_code == 0 for everything else

When applied on 20210705210434.45824-2-iii@linux.ibm.com, this fixes
crashes in the java jdk such as the linked bug.

Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Buglink: https://bugs.launchpad.net/qemu/+bug/1920913
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210709160459.4962-2-jonathan.albrecht@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:38 +02:00
Ilya Leoshkevich
54ba2161d8 target/s390x: Fix SIGILL and SIGFPE psw.addr reporting
For SIGILL, SIGFPE and SIGTRAP the PSW must point after the
instruction, and at the instruction for other signals. Currently under
qemu-user for SIGFILL and SIGFPE it points at the instruction.

Fix by advancing psw.addr for these signals.

Co-developed-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210705210434.45824-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:32 +02:00
Marc-André Lureau
43f547b73d Update libslirp to v4.6.1
Switch from stable-4.2 branch to upstream v4.6.1 release + fixes.

## [Unreleased]

### Fixed

 - Haiku fixes. !98 !99
 - Fix a minor DHCP regression introduced in 4.6.0. !97

## [4.6.1] - 2021-06-18

### Fixed

 - Fix DHCP regression introduced in 4.6.0. !95

## [4.6.0] - 2021-06-14

### Added

 - mbuf: Add debugging helpers for allocation. !90

### Changed

 -  Revert "Set macOS deployment target to macOS 10.4". !93

### Fixed

 - mtod()-related buffer overflows (CVE-2021-3592 #44, CVE-2021-3593 #45,
   CVE-2021-3594 #47, CVE-2021-3595 #46).
 - poll_fd: add missing fd registration for UDP and ICMP
 - ncsi: make ncsi_calculate_checksum work with unaligned data. !89
 - Various typos and doc fixes. !88

## [4.5.0] - 2021-05-18

### Added

 - IPv6 forwarding. !62 !75 !77
 - slirp_neighbor_info() to dump the ARP/NDP tables. !71

### Changed

 - Lazy guest address resolution for IPv6. !81
 - Improve signal handling when spawning a child. !61
 - Set macOS deployment target to macOS 10.4. !72
 - slirp_add_hostfwd: Ensure all error paths set errno. !80
 - More API documentation.

### Fixed

 - Assertion failure on unspecified IPv6 address. !86
 - Disable polling for PRI on MacOS, fixing some closing streams issues. !73
 - Various memory leak fixes on fastq/batchq. !68
 - Memory leak on IPv6 fast-send. !67
 - Slow socket response on Windows. !64
 - Misc build and code cleanups. !60 !63 !76 !79 !84

## [4.4.0] - 2020-12-02

### Added

 - udp, udp6, icmp: handle TTL value. !48
 - Enable forwarding ICMP errors. !49
 - Add DNS resolving for iOS. !54

### Changed

 - Improve meson subproject() support. !53
 - Removed Makefile-based build system. !56

### Fixed

 - socket: consume empty packets. !55
 - check pkt_len before reading protocol header (CVE-2020-29129). !57
 - ip_stripoptions use memmove (fixes undefined behaviour). !47
 - various Coverity-related changes/fixes.

## [4.3.1] - 2020-07-08

### Changed

 - A silent truncation could occur in `slirp_fmt()`, which will now print a
   critical message. See also #22.

### Fixed

 - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data leakage.
   See !44 and !42.
 - Fix win32 builds by using the SLIRP_PACKED definition.
 - Various coverity scan errors fixed. !41
 - Fix new GCC warnings. !43

## [4.3.0] - 2020-04-22

### Added

 - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building from git
 - `SlirpConfig.disable_dns`, to disable DNS redirection #16

### Changed

 - `slirp_version_string()` now has the git sha suffix when building form git
 - Limit DNS redirection to port 53 #16

### Fixed

 - Fix build regression with mingw & NetBSD
 - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Doug Evans <dje@google.com>
2021-08-03 16:07:22 +04:00
Michael Roth
e300858ed4 qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
libstdc++ is required for the qga-vss.dll that provides fsfreeze
functionality. Currently it is not provided by the MSI installer,
resulting in fsfreeze being disabled in guest environments where it has
not been installed by other means.

In the future this would be better handled via gcc-cpp ComponentGroup
provided by msitools, but that would be better handled with a general
rework of DLL dependency handling in the installer build. Keep it
simple for now to fix this regression.

Tested with Fedora 34 mingw build environment.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kostiantyn Kostiuk <konstantin@daynix.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-03 07:01:36 -05:00
Gerd Hoffmann
5f2a8b1fc1 qemu-ga/msi: fix w32 libgcc name
This is what I find on my Fedora 34 mingw install.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:20:01 -05:00
Kostiantyn Kostiuk
24328b7a83 qga-win: Free GMatchInfo properly
The g_regex_match function creates match_info even if it
returns FALSE. So we should always call g_match_info_free.
A better solution is using g_autoptr for match_info variable.

Signed-off-by: Kostiantyn Kostiuk <konstantin@daynix.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
ce72f11274 qga-win: Fix handle leak in ga_get_win_product_name()
In ga_get_win_product_name() a handle to Registry key was open but not
closed.

In this patch the handle is closed as part of the free routine.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1929144

Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Basil Salman <bsalman@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00