Commit Graph

76435 Commits

Author SHA1 Message Date
Janosch Frank
c3347ed0d2 s390x: protvirt: Support unpack facility
The unpack facility provides the means to setup a protected guest. A
protected guest cannot be introspected by the hypervisor or any
user/administrator of the machine it is running on.

Protected guests are encrypted at rest and need a special boot
mechanism via diag308 subcode 8 and 10.

Code 8 sets the PV specific IPLB which is retained separately from
those set via code 5.

Code 10 is used to unpack the VM into protected memory, verify its
integrity and start it.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Co-developed-by: Christian Borntraeger <borntraeger@de.ibm.com> [Changes
to machine]
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200323083606.24520-1-frankja@linux.ibm.com>
[CH: fixed up KVM_PV_VM_ -> KVM_PV_]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-04-29 14:30:54 +02:00
Janosch Frank
9b39d29470 s390x: Move diagnose 308 subcodes and rcs into ipl.h
They are part of the IPL process, so let's put them into the ipl
header.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200319131921.2367-2-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-04-28 12:29:46 +02:00
Cornelia Huck
dc6f8d458a linux-headers: update against Linux 5.7-rc3
commit 6a8b55ed4056ea5559ebe4f6a4b247f627870d4c

Reviewed-by: Michael S. Tsirkin <mst@redhat.com> # virtio/vhost parts
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200427102415.10915-3-cohuck@redhat.com>
2020-04-28 12:29:01 +02:00
Cornelia Huck
9904adfaca virtio-net: fix rsc_ext compat handling
virtio_net_rsc_ext_num_{packets,dupacks} needs to be available
independently of the presence of VIRTIO_NET_HDR_F_RSC_INFO.

Fixes: 2974e916df ("virtio-net: support RSC v4/v6 tcp traffic for Windows HCK")
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200427102415.10915-2-cohuck@redhat.com>
2020-04-28 12:28:48 +02:00
Peter Maydell
ee573f5326 Update version for v5.0.0-rc4 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-22 17:51:35 +01:00
Peter Maydell
e73c444347 target/arm: Fix ID_MMFR4 value on AArch64 'max' CPU
In commit 41a4bf1fea the added code to set the CNP
field in ID_MMFR4 for the AArch64 'max' CPU had a typo
where it used the wrong variable name, resulting in ID_MMFR4
fields AC2, XNX and LSM being wrong. Fix the typo.

Fixes: 41a4bf1fea
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20200422124501.28015-1-peter.maydell@linaro.org
2020-04-22 16:18:31 +01:00
Marc-André Lureau
7769c23774 slirp: update to fix CVE-2020-1983
This is an update on the stable-4.2 branch of libslirp.git:

git shortlog 55ab21c9a3..2faae0f778f81

Marc-André Lureau (1):
      Fix use-afte-free in ip_reass() (CVE-2020-1983)

CVE-2020-1983 is actually a follow up fix for commit
126c04acbabd7ad32c2b018fe10dfac2a3bc1210 ("Fix heap overflow in
ip_reass on big packet input") which was was included in qemu
v4.1 (commit e1a4a24d26 "slirp: update
with CVE-2019-14378 fix").

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200421170227.843555-1-marcandre.lureau@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-21 18:39:20 +01:00
Philippe Mathieu-Daudé
3119154db0 target/ppc: Fix TCG temporary leaks in gen_slbia()
This fixes:

  $ qemu-system-ppc64 \
  -machine pseries-4.1 -cpu power9 \
  -smp 4 -m 12G -accel tcg ...
  ...
  Quiescing Open Firmware ...
  Booting Linux via __start() @ 0x0000000002000000 ...
  Opcode 1f 12 0f 00 (7ce003e4) leaked temporaries
  Opcode 1f 12 0f 00 (7ce003e4) leaked temporaries
  Opcode 1f 12 0f 00 (7ce003e4) leaked temporaries

[*] https://www.mail-archive.com/qemu-discuss@nongnu.org/msg05400.html

Fixes: 0418bf78fe ("Fix ISA v3.0 (POWER9) slbia implementation")
Reported-by: Dennis Clarke <dclarke@blastwave.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200417090749.14310-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-20 22:22:49 +01:00
Peter Maydell
5b4273e462 ppc patch queue for 2020-04-17
Here are a few late bugfixes for qemu-5.0 in the ppc target code.
 Unless some really nasty last minute bug shows up, I expect this to be
 the last ppc pull request for qemu-5.0.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl6ZOFUACgkQbDjKyiDZ
 s5Kkuw//RoF+vcv70ZzoS7f9MgehObiTvfgTyamTGr7pDNlYnGJuK9OXz1e3sl6w
 acM/L+iE/AmoFA3+gWC9RxL2qOwTiLRJedk5l7PvESXoLHQek+idR0V5nt0VmG2S
 IEpMIRDtWFTOk5WbouFvuUnYaZyhxKZPZxEHvI3bv0/bI0AAgVtq3HTmy+CiRh3u
 SgbVJyvmEdlUeaozvMWcFfclLpN6sA1hwrx8C7+0Q1L5ONz8D6HL5zwmlsorPMlm
 owtHVT2rYtfsKGDVTmb76rwGZm8pj2Kd6kA3Fdo2mFUyxnvOcRrQ25P3ii0uhv8G
 htRuqXT5Da3OKiCxDOUpuEuoaZCQf2cliVDhapFl53HZ4upG5l7ZIYoQEPTAOmrx
 a29oRvNWR3hkFwuuXM3PIigf5bwKh2eyWBBGA0DgDA0wudSHJIvkjmiq8j+t2/h5
 9H9RWPpvYpkRYk5vCbKQyeYTdYcTribuIQ83/5FuLbWoK/54tkxPk+gfLvT8uprT
 6Ij3+nilKQehKcQJ8lqC8dMqB9KjkAWgO2tfPhkMjbBLPPcBuepWTt5Qu+DuCqxv
 kmE0vA1HxUJq4d09FRkMymf+zDdgKb1imNnS47pnp4vBrzxb3lAzLFsU2kl8oWTf
 +WXxRNuHOOIsO/nqdvGvId6j+0ZPbqYS5QiwAgtDtd3M0FccbNg=
 =KdBh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200417' into staging

ppc patch queue for 2020-04-17

Here are a few late bugfixes for qemu-5.0 in the ppc target code.
Unless some really nasty last minute bug shows up, I expect this to be
the last ppc pull request for qemu-5.0.

# gpg: Signature made Fri 17 Apr 2020 06:02:13 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-5.0-20200417:
  target/ppc: Fix mtmsr(d) L=1 variant that loses interrupts
  target/ppc: Fix wrong interpretation of the disposition flag.
  linux-user/ppc: Fix padding in mcontext_t for ppc64

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-20 19:57:18 +01:00
Peter Maydell
d5232d8b06 Fix epoll_create1() for qemu-alpha
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl6YeY8SHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L74888gQAJ823oxejX2wYElYDNmd3Fy4sFZYaYHJ
 MMN9bdhp+b8SlFc+fYmBtDN3GILbD8eAWmTG6rPEIbH2RMMvkfh+Lw4iOwvIbNdF
 FJ7LYSBAkPHQRgwdc5d0TSdmT2KDyqXJf0wLnh3MZhdYxiZ+g0lPBoflJT59cHUP
 1orOzxR1vFrxl7/2k45CqIUvjooHXQTGRH/WAWA5SWpJg+3C3OM6XW1wmQPAzu8Q
 jmFNbvCGdpd6P8Z06DJv9409oBQJ/y+/dqP3Sq6YAaLjsGbfegwVUNAPhLgxtXlx
 091t3YxC+b/oCSucZDj4m1YDhaiiki+wfgIE4dhzvvXmXVZqOkDuTMianMvLwh6f
 5xXq/kXP8eWDl7TAWwZOK8C7cZxOl+hMrwP1qh9uJUZgDvWtjcUst3Bg/6SPxJkk
 wr2FIB0PJLhj4AFhC9T+u5wR7cPvPXpq3WD9SByzYGWmYdGb8PUKp632Do+sRlSa
 ToO3YbwpKRdlixXj9efwFMEO+5Iy3EQwh1dLMmV1gmx60XD8DRGtLe5RDOmSQKCc
 P1W/EmmcOXk53gj/cTk/Let9X9NLIG7zMMfgFI1GQwUZ4MMWCMen2UV49zb/spb2
 cF8ZN6ZMOmf/zk9FFuoIsH1liXlXfjSuaKQdaOnUjIPMT4FggYRMfuuwHjfyNGKI
 pFHstyCyP9rW
 =INI5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.0-pull-request' into staging

Fix epoll_create1() for qemu-alpha

# gpg: Signature made Thu 16 Apr 2020 16:28:15 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.0-pull-request:
  linux-user/syscall.c: add target-to-host mapping for epoll_create1()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-20 14:43:10 +01:00
Chen Qun
ff0507c239 block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
There is an overflow, the source 'datain.data[2]' is 100 bytes,
 but the 'ss' is 252 bytes.This may cause a security issue because
 we can access a lot of unrelated memory data.

The len for sbp copy data should take the minimum of mx_sb_len and
 sb_len_wr, not the maximum.

If we use iscsi device for VM backend storage, ASAN show stack:

READ of size 252 at 0xfffd149dcfc4 thread T0
    #0 0xaaad433d0d34 in __asan_memcpy (aarch64-softmmu/qemu-system-aarch64+0x2cb0d34)
    #1 0xaaad45f9d6d0 in iscsi_aio_ioctl_cb /qemu/block/iscsi.c:996:9
    #2 0xfffd1af0e2dc  (/usr/lib64/iscsi/libiscsi.so.8+0xe2dc)
    #3 0xfffd1af0d174  (/usr/lib64/iscsi/libiscsi.so.8+0xd174)
    #4 0xfffd1af19fac  (/usr/lib64/iscsi/libiscsi.so.8+0x19fac)
    #5 0xaaad45f9acc8 in iscsi_process_read /qemu/block/iscsi.c:403:5
    #6 0xaaad4623733c in aio_dispatch_handler /qemu/util/aio-posix.c:467:9
    #7 0xaaad4622f350 in aio_dispatch_handlers /qemu/util/aio-posix.c:510:20
    #8 0xaaad4622f350 in aio_dispatch /qemu/util/aio-posix.c:520
    #9 0xaaad46215944 in aio_ctx_dispatch /qemu/util/async.c:298:5
    #10 0xfffd1bed12f4 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x512f4)
    #11 0xaaad46227de0 in glib_pollfds_poll /qemu/util/main-loop.c:219:9
    #12 0xaaad46227de0 in os_host_main_loop_wait /qemu/util/main-loop.c:242
    #13 0xaaad46227de0 in main_loop_wait /qemu/util/main-loop.c:518
    #14 0xaaad43d9d60c in qemu_main_loop /qemu/softmmu/vl.c:1662:9
    #15 0xaaad4607a5b0 in main /qemu/softmmu/main.c:49:5
    #16 0xfffd1a460b9c in __libc_start_main (/lib64/libc.so.6+0x20b9c)
    #17 0xaaad43320740 in _start (aarch64-softmmu/qemu-system-aarch64+0x2c00740)

0xfffd149dcfc4 is located 0 bytes to the right of 100-byte region [0xfffd149dcf60,0xfffd149dcfc4)
allocated by thread T0 here:
    #0 0xaaad433d1e70 in __interceptor_malloc (aarch64-softmmu/qemu-system-aarch64+0x2cb1e70)
    #1 0xfffd1af0e254  (/usr/lib64/iscsi/libiscsi.so.8+0xe254)
    #2 0xfffd1af0d174  (/usr/lib64/iscsi/libiscsi.so.8+0xd174)
    #3 0xfffd1af19fac  (/usr/lib64/iscsi/libiscsi.so.8+0x19fac)
    #4 0xaaad45f9acc8 in iscsi_process_read /qemu/block/iscsi.c:403:5
    #5 0xaaad4623733c in aio_dispatch_handler /qemu/util/aio-posix.c:467:9
    #6 0xaaad4622f350 in aio_dispatch_handlers /qemu/util/aio-posix.c:510:20
    #7 0xaaad4622f350 in aio_dispatch /qemu/util/aio-posix.c:520
    #8 0xaaad46215944 in aio_ctx_dispatch /qemu/util/async.c:298:5
    #9 0xfffd1bed12f4 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x512f4)
    #10 0xaaad46227de0 in glib_pollfds_poll /qemu/util/main-loop.c:219:9
    #11 0xaaad46227de0 in os_host_main_loop_wait /qemu/util/main-loop.c:242
    #12 0xaaad46227de0 in main_loop_wait /qemu/util/main-loop.c:518
    #13 0xaaad43d9d60c in qemu_main_loop /qemu/softmmu/vl.c:1662:9
    #14 0xaaad4607a5b0 in main /qemu/softmmu/main.c:49:5
    #15 0xfffd1a460b9c in __libc_start_main (/lib64/libc.so.6+0x20b9c)
    #16 0xaaad43320740 in _start (aarch64-softmmu/qemu-system-aarch64+0x2c00740)

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200418062602.10776-1-kuhn.chenqun@huawei.com
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-20 11:31:46 +01:00
Nicholas Piggin
5ed195065c target/ppc: Fix mtmsr(d) L=1 variant that loses interrupts
If mtmsr L=1 sets MSR[EE] while there is a maskable exception pending,
it does not cause an interrupt. This causes the test case to hang:

https://lists.gnu.org/archive/html/qemu-ppc/2019-10/msg00826.html

More recently, Linux reduced the occurance of operations (e.g., rfi)
which stop translation and allow pending interrupts to be processed.
This started causing hangs in Linux boot in long-running kernel tests,
running with '-d int' shows the decrementer stops firing despite DEC
wrapping and MSR[EE]=1.

https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208301.html

The cause is the broken mtmsr L=1 behaviour, which is contrary to the
architecture. From Power ISA v3.0B, p.977, Move To Machine State Register,
Programming Note states:

    If MSR[EE]=0 and an External, Decrementer, or Performance Monitor
    exception is pending, executing an mtmsrd instruction that sets
    MSR[EE] to 1 will cause the interrupt to occur before the next
    instruction is executed, if no higher priority exception exists

Fix this by handling L=1 exactly the same way as L=0, modulo the MSR
bits altered.

The confusion arises from L=0 being "context synchronizing" whereas L=1
is "execution synchronizing", which is a weaker semantic. However this
is not a relaxation of the requirement that these exceptions cause
interrupts when MSR[EE]=1 (e.g., when mtmsr executes to completion as
TCG is doing here), rather it specifies how a pipelined processor can
have multiple instructions in flight where one may influence how another
behaves.

Cc: qemu-stable@nongnu.org
Reported-by: Anton Blanchard <anton@ozlabs.org>
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200414111131.465560-1-npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-17 10:39:03 +10:00
Ganesh Goudar
211a7784b9 target/ppc: Fix wrong interpretation of the disposition flag.
Bitwise AND with kvm_run->flags to evaluate if we recovered from
MCE or not is not correct, As disposition in kvm_run->flags is a
two-bit integer value and not a bit map, So check for equality
instead of bitwise AND.

Without the fix qemu treats any unrecoverable mce error as recoverable
and ends up in a mce loop inside the guest, Below are the MCE logs before
and after the fix.

Before fix:

[   66.775757] MCE: CPU0: Initiator CPU
[   66.775891] MCE: CPU0: Unknown
[   66.776587] MCE: CPU0: machine check (Harmless) Host UE Indeterminate [Recovered]
[   66.776857] MCE: CPU0: NIP: [c0080000000e00b8] mcetest_tlbie+0xb0/0x128 [mcetest_tlbie]

After fix:

[ 20.650577] CPU: 0 PID: 1415 Comm: insmod Tainted: G M O 5.6.0-fwnmi-arv+ #11
[ 20.650618] NIP: c0080000023a00e8 LR: c0080000023a00d8 CTR: c000000000021fe0
[ 20.650660] REGS: c0000001fffd3d70 TRAP: 0200 Tainted: G M O (5.6.0-fwnmi-arv+)
[ 20.650708] MSR: 8000000002a0b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 42000222 XER: 20040000
[ 20.650758] CFAR: c00000000000b940 DAR: c0080000025e00e0 DSISR: 00000200 IRQMASK: 0
[ 20.650758] GPR00: c0080000023a00d8 c0000001fddd79a0 c0080000023a8500 0000000000000039
[ 20.650758] GPR04: 0000000000000001 0000000000000000 0000000000000000 0000000000000007
[ 20.650758] GPR08: 0000000000000007 c0080000025e00e0 0000000000000000 00000000000000f7
[ 20.650758] GPR12: 0000000000000000 c000000001900000 c00000000101f398 c0080000025c052f
[ 20.650758] GPR16: 00000000000003a8 c0080000025c0000 c0000001fddd7d70 c0000000015b7940
[ 20.650758] GPR20: 000000000000fff1 c000000000f72c28 c0080000025a0988 0000000000000000
[ 20.650758] GPR24: 0000000000000100 c0080000023a05d0 c0000000001f1d70 0000000000000000
[ 20.650758] GPR28: c0000001fde20000 c0000001fd02b2e0 c0080000023a0000 c0080000025e0000
[ 20.651178] NIP [c0080000023a00e8] mcetest_tlbie+0xe8/0xf0 [mcetest_tlbie]
[ 20.651220] LR [c0080000023a00d8] mcetest_tlbie+0xd8/0xf0 [mcetest_tlbie]
[ 20.651262] Call Trace:
[ 20.651280] [c0000001fddd79a0] [c0080000023a00d8] mcetest_tlbie+0xd8/0xf0 [mcetest_tlbie] (unreliable)
[ 20.651340] [c0000001fddd7a10] [c00000000001091c] do_one_initcall+0x6c/0x2c0
[ 20.651390] [c0000001fddd7af0] [c0000000001f7998] do_init_module+0x90/0x298
[ 20.651433] [c0000001fddd7b80] [c0000000001f61a8] load_module+0x1f58/0x27a0
[ 20.651476] [c0000001fddd7d40] [c0000000001f6c70] __do_sys_finit_module+0xe0/0x100
[ 20.651526] [c0000001fddd7e20] [c00000000000b9d0] system_call+0x5c/0x68
[ 20.651567] Instruction dump:
[ 20.651594] e8410018 3c620000 e8638020 480000cd e8410018 3c620000 e8638028 480000bd
[ 20.651646] e8410018 7be904e4 39400000 612900e0 <7d434a64> 4bffff74 3c4c0001 38428410
[ 20.651699] ---[ end trace 4c40897f016b4340 ]---
[ 20.653310]
Bus error
[ 20.655575] MCE: CPU0: machine check (Harmless) Host UE Indeterminate [Not recovered]
[ 20.655575] MCE: CPU0: NIP: [c0080000023a00e8] mcetest_tlbie+0xe8/0xf0 [mcetest_tlbie]
[ 20.655576] MCE: CPU0: Initiator CPU
[ 20.655576] MCE: CPU0: Unknown

Signed-off-by: Ganesh Goudar <ganeshgr@linux.ibm.com>
Message-Id: <20200408170944.16003-1-ganeshgr@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-17 10:38:29 +10:00
Richard Henderson
5da5f47e6c linux-user/ppc: Fix padding in mcontext_t for ppc64
The padding that was added in 95cda4c44e was added to a union,
and so it had no effect.  This fixes misalignment errors detected
by clang sanitizers for ppc64 and ppc64le.

In addition, only ppc64 allocates space for VSX registers, so do
not save them for ppc32.  The kernel only has references to
CONFIG_SPE in signal_32.c, so do not attempt to save them for ppc64.

Fixes: 95cda4c44e
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200407032105.26711-1-richard.henderson@linaro.org>
Acked-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-17 10:38:29 +10:00
Sergei Trofimovich
386d386568 linux-user/syscall.c: add target-to-host mapping for epoll_create1()
Noticed by Barnabás Virágh as a python-3.7 failue on qemu-alpha.

The bug shows up on alpha as it's one of the targets where
EPOLL_CLOEXEC differs from other targets:
    sysdeps/unix/sysv/linux/alpha/bits/epoll.h: EPOLL_CLOEXEC  = 01000000
    sysdeps/unix/sysv/linux/bits/epoll.h:        EPOLL_CLOEXEC = 02000000

Bug: https://bugs.gentoo.org/717548
Reported-by: Barnabás Virágh
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
CC: Riku Voipio <riku.voipio@iki.fi>
CC: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200415220508.5044-1-slyfox@gentoo.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-04-16 09:24:22 +02:00
Peter Maydell
20038cd7a8 Update version for v5.0.0-rc3 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-15 20:51:54 +01:00
Philippe Mathieu-Daudé
4ff97121a3 vhost-user-gpu: Release memory returned by vu_queue_pop() with free()
vu_queue_pop() returns memory that must be freed with free().

Cc: qemu-stable@nongnu.org
Reported-by: Coverity (CID 1421887 ALLOC_FREE_MISMATCH)
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-15 19:00:39 +01:00
Peter Maydell
6329df5b53 qemu-ga patch queue for hard-freeze
* enforce 48MB limit for guest-file-read to avoid memory allocation
   failures
 -----BEGIN PGP SIGNATURE-----
 
 iQFOBAABCgA4FiEEzqzJ4VU066u4LT+gM1PJzvEItYQFAl6XGPQaHG1kcm90aEBs
 aW51eC52bmV0LmlibS5jb20ACgkQM1PJzvEItYQBsgf/Y8C/ZtV0QTYDQLhZV9o2
 GrSlZrWsub1XLwL0ykKNAm1AYaimv08KebyV53fUz0IvRiw9Y9x+FEHFXLOflbGA
 EB7Jut8pOSo9MEPpmkyEkF4eFA5ur4xww+mJXbnTrgEJfRwnuRrmrpznzH09iiN/
 sgCGDJLb/Oqr2hmTn/xShNPyWT7bk1QAr2wUKEPlsQK4x+BVir3HRT+ZxTP09uJ/
 Rf2L2S/3CqJC7Y/No+JEeVs7BvyAop1jzlm5E2jrQV3M7/tmZITjSPDbE3nkqwUH
 RGTwCv0pbm/b9FAiJP8MZjNWn43dD4uA57fG9ixyjUs2b5ZGpLVbBGEHcjNWpBNr
 vA==
 =+IAh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2020-04-15-tag' into staging

qemu-ga patch queue for hard-freeze

* enforce 48MB limit for guest-file-read to avoid memory allocation
  failures

# gpg: Signature made Wed 15 Apr 2020 15:23:48 BST
# gpg:                using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584
# gpg:                issuer "mdroth@linux.vnet.ibm.com"
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full]
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>" [full]
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full]
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D  3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2020-04-15-tag:
  qga: Restrict guest-file-read count to 48 MB to avoid crashes
  qga: Extract qmp_guest_file_read() to common commands.c
  qga: Extract guest_file_handle_find() to commands-common.h
  Revert "prevent crash when executing guest-file-read with large count"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-15 17:03:51 +01:00
Philippe Mathieu-Daudé
1329651fb4 qga: Restrict guest-file-read count to 48 MB to avoid crashes
On [*] Daniel Berrangé commented:

  The QEMU guest agent protocol is not sensible way to access huge
  files inside the guest. It requires the inefficient process of
  reading the entire data into memory than duplicating it again in
  base64 format, and then copying it again in the JSON serializer /
  monitor code.

  For arbitrary general purpose file access, especially for large
  files, use a real file transfer program or use a network block
  device, not the QEMU guest agent.

To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his
suggestion to put a low, hard limit on "count" in the guest agent
QAPI schema, and don't allow count to be larger than 48 MB.

[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html

Fixes: CVE-2018-12617
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054
Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
*update schema documentation to indicate 48MB limit instead of 10MB
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-04-15 09:18:48 -05:00
Philippe Mathieu-Daudé
ead83a136d qga: Extract qmp_guest_file_read() to common commands.c
Extract the common code shared by both POSIX/Win32 implementations.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-04-15 09:15:53 -05:00
Philippe Mathieu-Daudé
5d3586b834 qga: Extract guest_file_handle_find() to commands-common.h
As we are going to reuse this method, declare it in common
header.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-04-15 09:15:53 -05:00
Philippe Mathieu-Daudé
f62ebb6384 Revert "prevent crash when executing guest-file-read with large count"
As noted by Daniel Berrangé in [*], the fix from commit 807e2b6fce
which replaced malloc() by try_malloc() is not enough, the process
can still run out of memory a few line later:

 346     buf = g_try_malloc0(count + 1);
 347     if (!buf) {
 348         error_setg(errp,
 349                    "failed to allocate sufficient memory "
 350                    "to complete the requested service");
 351         return NULL;
 352     }
 353     is_ok = ReadFile(fh, buf, count, &read_count, NULL);
 354     if (!is_ok) {
 355         error_setg_win32(errp, GetLastError(), "failed to read file");
 356         slog("guest-file-read failed, handle %" PRId64, handle);
 357     } else {
 358         buf[read_count] = 0;
 359         read_data = g_new0(GuestFileRead, 1);
                         ^^^^^^

Instead we are going to put a low hard limit on 'count' in the next
commits. This reverts commit 807e2b6fce.

[*] https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03471.html

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2020-04-15 09:15:53 -05:00
Peter Maydell
73995d1555 More small fixes for rc3
- tweak docker FEATURE flags for document building
   - include sphinx configure check in config.log
   - disable PIE for Windows builds
   - fix /proc/self/stat handling
   - a number of gdbstub fixups following GByteArray conversion
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAl6W5EAACgkQ+9DbCVqe
 KkRFhgf/VI6kzqMqIZiijTvVP/g5UsoyWYQIUNA7jnqgkUXtuhfa8mGS/B0KaWuS
 2xrg7iQ7BeH/Now9xZmErh4SzVOagbZGAz2fL9BqQ9ODnYKZYeVjMWEvAt8TQmwa
 8lcfRmSjy7E3x3QqjoBihmbs5SWiRihuTT+hdQovtt1vVB9TdvJFJnRqGEQfOkcC
 E1dXJU5GVdUlIgB9FgJVhPxLD943upBp324ekgn0oTkb0eDjs/pnr5d6uNlVRRd2
 v5tMkhfk9XSublPw2AQQiXpIklM4sfhm3THeJGbzkcH9N7eRJ6mVOIrKl+bb1Yan
 c3h3s+QTTgtU25iLkN2Dh7e/LVuqkA==
 =Kx1J
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-more-fixes-150420-1' into staging

More small fixes for rc3

  - tweak docker FEATURE flags for document building
  - include sphinx configure check in config.log
  - disable PIE for Windows builds
  - fix /proc/self/stat handling
  - a number of gdbstub fixups following GByteArray conversion

# gpg: Signature made Wed 15 Apr 2020 11:38:56 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-more-fixes-150420-1:
  gdbstub: Introduce gdb_get_float32() to get 32-bit float registers
  gdbstub: Do not use memset() on GByteArray
  gdbstub: i386: Fix gdb_get_reg16() parameter to unbreak gdb
  target/m68k/helper: Fix m68k_fpu_gdb_get_reg() use of GByteArray
  linux-user: fix /proc/self/stat handling
  configure: disable PIE for Windows builds
  configure: redirect sphinx-build check to config.log
  tests/docker: add docs FEATURE flag and use for test-misc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-15 12:02:59 +01:00
Philippe Mathieu-Daudé
377f8f08be gdbstub: Introduce gdb_get_float32() to get 32-bit float registers
Since we now use a GByteArray, we can not use stfl_p() directly.
Introduce the gdb_get_float32() helper to load a float32 register.

Fixes: a010bdbe71 ("extend GByteArray to read register helpers")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200414163853.12164-2-philmd@redhat.com>
Message-Id: <20200414200631.12799-14-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Philippe Mathieu-Daudé
7b8c1527ae gdbstub: Do not use memset() on GByteArray
Introduce gdb_get_zeroes() to fill a GByteArray with zeroes.

Fixes: a010bdbe71 ("extend GByteArray to read register helpers")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200414102427.7459-1-philmd@redhat.com>
[AJB: used slightly more gliby set_size approach]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200414200631.12799-13-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Peter Xu
bbc40fefce gdbstub: i386: Fix gdb_get_reg16() parameter to unbreak gdb
We should only pass in gdb_get_reg16() with the GByteArray* object
itself, no need to shift.  Without this patch, gdb remote attach will
crash QEMU:

  (gdb) target remote :1234
  Remote debugging using :1234
  Remote communication error.  Target disconnected.: Connection reset by peer.
  $ qemu-system-x86_64 -m 1G -smp 4 ... -s
  ERROR:qemu/gdbstub.c:1843:handle_read_all_regs: assertion failed: (len == gdbserver_state.mem_buf->len)
  Bail out! ERROR:qemu/gdbstub.c:1843:handle_read_all_regs: assertion failed: (len == gdbserver_state.mem_buf->len)

Fixes: a010bdbe71 ("extend GByteArray to read register helpers")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200409164954.36902-3-peterx@redhat.com>
Message-Id: <20200414200631.12799-12-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Philippe Mathieu-Daudé
4b27f9b083 target/m68k/helper: Fix m68k_fpu_gdb_get_reg() use of GByteArray
Since a010bdbe71 the gdbstub API takes a GByteArray*. Unfortunately
we forgot to update the gdb_get_reg*() calls. Do it now.

Fixes: a010bdbe71 ("extend GByteArray to read register helpers")
Reported-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200409172509.4078-1-philmd@redhat.com>
Message-Id: <20200414200631.12799-11-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Alex Bennée
7ad4d5a43e linux-user: fix /proc/self/stat handling
In the original bug report long files names in Guix caused
/proc/self/stat be truncated without the trailing ") " as specified in
proc manpage which says:
    (2) comm  %s
           The  filename of the executable, in parentheses.  This
           is visible whether or not the  executable  is  swapped
           out.

In the kernel this is currently done by do_task_stat calling
proc_task_name() which uses a structure limited by TASK_COMM_LEN (16).

Additionally it should only be reporting the executable name rather
than the full path. Fix both these failings while cleaning up the code
to use GString to build up the reported values. As the whole function
is cleaned up also adjust the white space to the current coding style.

Message-ID: <fb4c55fa-d539-67ee-c6c9-de8fb63c8488@inria.fr>
Reported-by: Brice Goglin <Brice.Goglin@inria.fr>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200414200631.12799-10-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Alex Bennée
469a788cdd configure: disable PIE for Windows builds
It seems on some compilers the test can pass but still give you
broken binaries.

Fixes: d2cd29e307
Fixes: https://bugs.launchpad.net/qemu/+bug/1871798
Cc: Bug 1871798 <1871798@bugs.launchpad.net>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Tested-by: James Le Cuirot <chewi@aura-online.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200414200631.12799-9-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Alex Bennée
988ae6c3a7 configure: redirect sphinx-build check to config.log
Otherwise it's hard to debug whats going on.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200414200631.12799-8-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Alex Bennée
551affb61e tests/docker: add docs FEATURE flag and use for test-misc
The test-misc docker test fails on a number of images which don't have
the prerequisites to build the docs. Use the FEATURES flag so we can
skip those tests.

As the sphinx test fails to detect whatever feature we need to get
hxtool to work we drop them from debian9 so the windows build doesn't
attempt to build the docs.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200414200631.12799-7-alex.bennee@linaro.org>
2020-04-15 11:38:23 +01:00
Peter Maydell
2f7cc1fbd6 Bugfixes, and reworking of the atomics documentation.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAl6VyskUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOQSwf9Gdw54Or8ziw/P1GhwnrZSBqDZ3hj
 a2kVukbCeTPUFdGLVpvuBb+xXpjyR+ixzyfBgUu87lJuJuTPB01UUfozt9PsQyWG
 4eMFXbuS/ofC3SNsnzuZIZ58BPG4MYiXXTYZgLxaWaePlIVkYKNQgK0yCIDzh566
 f8cMRhpxMQQBzW1vAnKnOzfo29ilEpPDyUWCy18BRuFuqAD7X8OxFxPnQ2DuHXHf
 ZU39fFFiiiAW8ro4d3DvsVVpLu7M0XxkoIwieLE/pJH0am8FDYIQw9XHV76f6mFZ
 dKZZkA8kg1OeE7jOF3ovWZI+JP5jwh0nSZBC01xZ9I8ZbPCjl7GD8hAfAA==
 =CQCd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bugfixes, and reworking of the atomics documentation.

# gpg: Signature made Tue 14 Apr 2020 15:38:01 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  hax: Windows doesn't like posix device names
  tests: numa: test one backend with prealloc enabled
  hostmem: set default prealloc_threads to valid value

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-14 20:09:52 +01:00
Peter Maydell
a457215ed2 patch queue:
* Fix some problems that trip up Coverity's scanner
  * run-coverity-scan: New script automating the scan-and-upload process
  * docs: Improve our gdbstub documentation
  * configure: Honour --disable-werror for Sphinx
  * docs: Fix errors produced when building with Sphinx 3.0
  * docs: Require Sphinx 1.6 or better
  * Add deprecation notice for KVM support on AArch32 hosts
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl6V4/IZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3psxD/0c/d3iszhs74Tc7D0DcKqU
 vFyjSOAKFX0WUR8irDCeiV2btyXAPgv8+d+3yTpRFuw7GXUDB84xbBNeF1DQMWTf
 fOBwfjo1feMQmanBwrnz9cECA3PKufaeZ5L5TtJXs8qiRH3ezlt+nK7sI5L44Y4w
 x/DZdryPPjEbhV/wQePBZ3ikG57HGTzP3VblhNKFfqvKgKBLdM56tpbgIN+CIslu
 6LV7GIt3SI7DOgA38Fl++/fwNIdchp/O1i9JI24wxyBmaif5V09GmBLHDwGso0HZ
 TH4giub8KZHMHJcTmFAgx5l87FyJUexzaSSfhXdPHFaQ/ojX9jcabPVtO3or9Sku
 LsRO91b/D2FFOFWaD4nGPvO0H9FTW20H2o+KtmLMqWzT1rVE9aQ/GxXm5iXv2OZU
 XciKBkB9boSMhooimwlL7Y91OONKtgQnF01kDdaOc4HVcFQlZNi2PqO71LuxKsEL
 mtS37z2nWEFf5loGGByfIlD4LYGfSMW9ebSQHJN+Q06Uys6DBqS2RCiNyN32ZKpp
 aoiCqCJcauhT/tGzr2fx/tPnjwK//8ZgMP8iEwclQmjLM95SyogSNLhzajmQuxRc
 YmEJIlL9Sg0+RyC9iWaD+m7kf6wBv9IcnWdYkj8R/Grz5G1qiG7I6ISQcYYt5bVu
 f9NupayROjLkM8RXWCT7yA==
 =cAU4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200414' into staging

patch queue:
 * Fix some problems that trip up Coverity's scanner
 * run-coverity-scan: New script automating the scan-and-upload process
 * docs: Improve our gdbstub documentation
 * configure: Honour --disable-werror for Sphinx
 * docs: Fix errors produced when building with Sphinx 3.0
 * docs: Require Sphinx 1.6 or better
 * Add deprecation notice for KVM support on AArch32 hosts

# gpg: Signature made Tue 14 Apr 2020 17:25:22 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200414:
  Deprecate KVM support for AArch32
  docs: Require Sphinx 1.6 or better
  kernel-doc: Use c:struct for Sphinx 3.0 and later
  scripts/kernel-doc: Add missing close-paren in c:function directives
  configure: Honour --disable-werror for Sphinx
  docs: Improve our gdbstub documentation
  scripts/coverity-scan: Add Docker support
  scripts/run-coverity-scan: Script to run Coverity Scan build
  linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
  thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock() etc
  thread.h: Fix Coverity version of qemu_cond_timedwait()
  osdep.h: Drop no-longer-needed Coverity workarounds

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-14 17:27:00 +01:00
Peter Maydell
84f82ddcbb Deprecate KVM support for AArch32
The Linux kernel has dropped support for allowing 32-bit Arm systems
to host KVM guests (kernel commit 541ad0150ca4aa663a2, which just
landed upstream in the 5.7 merge window).  Mark QEMU's support for
this configuration as deprecated, so that we can delete that support
code in 5.2.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
2020-04-14 17:20:22 +01:00
Peter Maydell
bf3f857342 docs: Require Sphinx 1.6 or better
Versions of Sphinx older than 1.6 can't build all of our documentation,
because they are too picky about the syntax of the argument to the
option:: directive; see Sphinx bugs #646, #3366:

  https://github.com/sphinx-doc/sphinx/issues/646
  https://github.com/sphinx-doc/sphinx/issues/3366

Trying to build with a 1.4.x Sphinx fails with
 docs/system/images.rst:4: SEVERE: Duplicate ID: "cmdoption-qcow2-arg-encrypt"
and a 1.5.x Sphinx fails with
 docs/system/invocation.rst:544: WARNING: Malformed option description '[enable=]PATTERN', should look like "opt", "-opt
args", "--opt args", "/opt args" or "+opt args"

Update our needs_sphinx setting to indicate that we require at least
1.6.  This will allow configure to fall back to "don't build the
docs" rather than causing the build to fail entirely, which is
probably what most users building on a host old enough to have such
an old Sphinx would want; if they do want the docs then they'll have
a useful indication of what they need to do (upgrade Sphinx!) rather
than a confusing error message.

In theory our distro support policy would suggest that we should
support building on the Sphinx shipped in those distros, but:
 * EPEL7 has Sphinx 1.2.3 (which we've never supported!)
 * Debian Stretch has Sphinx 1.4.8

Trying to get our docs to work with Sphinx 1.4 is not tractable
for the 5.0 release and I'm not sure it's worthwhile effort anyway;
at least with this change the build as a whole now succeeds.

Thanks to John Snow for doing the investigation and testing to
confirm what Sphinx versions fail in what ways and what distros
shipped what.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-04-14 17:19:38 +01:00
Peter Maydell
152d1967f6 kernel-doc: Use c:struct for Sphinx 3.0 and later
The kernel-doc Sphinx plugin and associated script currently emit
'c:type' directives for "struct foo" documentation.

Sphinx 3.0 warns about this:
  /home/petmay01/linaro/qemu-from-laptop/qemu/docs/../include/exec/memory.h:3: WARNING: Type must be either just a name or a typedef-like declaration.
  If just a name:
    Error in declarator or parameters
    Invalid C declaration: Expected identifier in nested name, got keyword: struct [error at 6]
      struct MemoryListener
      ------^
  If typedef-like declaration:
    Error in declarator or parameters
    Invalid C declaration: Expected identifier in nested name. [error at 21]
      struct MemoryListener
      ---------------------^

because it wants us to use the new-in-3.0 'c:struct' instead.

Plumb the Sphinx version through to the kernel-doc script
and use it to select 'c:struct' for newer versions than 3.0.

Fixes: LP:1872113
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-14 17:15:33 +01:00
Peter Maydell
a62d563796 scripts/kernel-doc: Add missing close-paren in c:function directives
When kernel-doc generates a 'c:function' directive for a function
one of whose arguments is a function pointer, it fails to print
the close-paren after the argument list of the function pointer
argument, for instance in the memory API documentation:
  .. c:function:: void memory_region_init_resizeable_ram (MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, uint64_t max_size, void (*resized) (const char*, uint64_t length, void *host, Error ** errp)

which should have a ')' after the 'void *host' which is the
last argument to 'resized'.

Older versions of Sphinx don't try to parse the argumnet
to c:function, but Sphinx 3.0 does do this and will complain:

  /home/petmay01/linaro/qemu-from-laptop/qemu/docs/../include/exec/memory.h:834: WARNING: Error in declarator or parameters
  Invalid C declaration: Expecting "," or ")" in parameters, got "EOF". [error at 208]
    void memory_region_init_resizeable_ram (MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, uint64_t max_size, void (*resized) (const char*, uint64_t length, void *host, Error ** errp)
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------^

Add the missing close-paren.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200411182934.28678-3-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-14 17:14:18 +01:00
Volker Rümelin
9f5a066418 hax: Windows doesn't like posix device names
Patch acb9f95a7c "i386: Fix GCC warning with snprintf when HAX
is enabled" replaced Windows device names with posix device
names. Revert this.

Fixes: acb9f95a7c "i386: Fix GCC warning with snprintf when HAX is enabled"

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20200322210211.29603-1-vr_qemu@t-online.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-14 10:37:42 -04:00
Igor Mammedov
e43651ff88 tests: numa: test one backend with prealloc enabled
Cannibalize one backend in the HMAT test to make sure that
prealloc=y is tested.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200325094423.24293-3-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-14 10:35:44 -04:00
Igor Mammedov
2a4e02d104 hostmem: set default prealloc_threads to valid value
Commit 4ebc74dbbf removed default prealloc_threads initialization
by mistake, and that makes QEMU crash with division on zero at
  numpages_per_thread = numpages / memset_num_threads;
when QEMU is started with following backend
  -object memory-backend-ram,id=ram-node0,prealloc=yes,size=128M

Return back initialization removed by 4ebc74dbbf to fix issue.

Fixes: 4ebc74dbbf
Reported-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20200325094423.24293-2-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-14 10:35:08 -04:00
Peter Maydell
516e8b7d4a configure: Honour --disable-werror for Sphinx
If we are not making warnings fatal for compilation, make them
non-fatal when building the Sphinx documentation also.  (For instance
Sphinx 3.0 warns about some constructs that older versions were happy
with, which is a build failure if we use the warnings-as-errors
flag.)

This provides a workaround at least for LP:1872113.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200411182934.28678-2-peter.maydell@linaro.org
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-14 13:15:40 +01:00
Peter Maydell
e5910d42dd docs: Improve our gdbstub documentation
The documentation of our -s and -gdb options is quite old; in
particular it still claims that it will cause QEMU to stop and wait
for the gdb connection, when this has not been true for some time:
you also need to pass -S if you want to make QEMU not launch the
guest on startup.

Improve the documentation to mention this requirement in the
executable's --help output, the documentation of the -gdb option in
the manual, and in the "GDB usage" chapter.

Includes some minor tweaks to these paragraphs of documentation
since I was editing them anyway (such as dropping the description
of our gdb support as "primitive").

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200403094014.9589-1-peter.maydell@linaro.org
2020-04-14 13:15:40 +01:00
Peter Maydell
9edfa3580f scripts/coverity-scan: Add Docker support
Add support for running the Coverity Scan tools inside a Docker
container rather than directly on the host system.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200319193323.2038-7-peter.maydell@linaro.org
2020-04-14 13:15:40 +01:00
Peter Maydell
9c263d07fd scripts/run-coverity-scan: Script to run Coverity Scan build
Add a new script to automate the process of running the Coverity
Scan build tools and uploading the resulting tarball to the
website.

This is intended eventually to be driven from Travis,
but it can be run locally, if you are a maintainer of the
QEMU project on the Coverity Scan website and have the secret
upload token.

The script must be run on a Fedora 30 system.  Support for using a
Docker container is added in a following commit.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200319193323.2038-6-peter.maydell@linaro.org
2020-04-14 09:44:31 +01:00
Peter Maydell
94db8de179 linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
The target_flat.h file is a QEMU header, so we should include it using
quotes, not angle brackets.

Coverity otherwise is unable to find the header:

"../linux-user/flatload.c", line 40: error #1712: cannot open source file
          "target_flat.h"
  #include <target_flat.h>
                          ^

because the relevant directory is only on the -iquote path, not the -I path.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200319193323.2038-5-peter.maydell@linaro.org
2020-04-14 09:44:31 +01:00
Peter Maydell
2e79802445 thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock() etc
All the Coverity-specific definitions of qemu_mutex_lock() and friends
have a trailing semicolon. This works fine almost everywhere because
of QEMU's mandatory-braces coding style and because most callsites are
simple, but target/s390x/sigp.c has a use of qemu_mutex_trylock() as
an if() statement, which makes the ';' a syntax error:
"../target/s390x/sigp.c", line 461: warning #18: expected a ")"
      if (qemu_mutex_trylock(&qemu_sigp_mutex)) {
          ^

Remove the bogus semicolons from the macro definitions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200319193323.2038-4-peter.maydell@linaro.org
2020-04-14 09:44:31 +01:00
Peter Maydell
062c73c51e thread.h: Fix Coverity version of qemu_cond_timedwait()
For Coverity's benefit, we provide simpler versions of functions like
qemu_mutex_lock(), qemu_cond_wait() and qemu_cond_timedwait().  When
we added qemu_cond_timedwait() in commit 3dcc9c6ec4, a cut and
paste error meant that the Coverity version of qemu_cond_timedwait()
was using the wrong _impl function, which makes the Coverity parser
complain:

"/qemu/include/qemu/thread.h", line 159: warning #140: too many arguments in
          function call
      return qemu_cond_timedwait(cond, mutex, ms);
             ^

"/qemu/include/qemu/thread.h", line 159: warning #120: return value type does
          not match the function type
      return qemu_cond_timedwait(cond, mutex, ms);
             ^

"/qemu/include/qemu/thread.h", line 156: warning #1563: function
          "qemu_cond_timedwait" not emitted, consider modeling it or review
          parse diagnostics to improve fidelity
  static inline bool (qemu_cond_timedwait)(QemuCond *cond, QemuMutex *mutex,
                      ^

These aren't fatal, but reduce the scope of the analysis. Fix the error.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200319193323.2038-3-peter.maydell@linaro.org
2020-04-14 09:44:31 +01:00
Peter Maydell
c160f17cd6 osdep.h: Drop no-longer-needed Coverity workarounds
In commit a1a98357e3 in 2018 we added some workarounds for Coverity
not being able to handle the _Float* types introduced by recent
glibc.  Newer versions of the Coverity scan tools have support for
these types, and will fail with errors about duplicate typedefs if we
have our workaround.  Remove our copy of the typedefs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200319193323.2038-2-peter.maydell@linaro.org
2020-04-14 09:44:31 +01:00
Peter Maydell
14e5526b51 pc: bugfixes, maintainers
A couple of bugfixes.
 Add a new vhost-user-blk maintainer.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAl6URY0PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpkakH/Rr37dpu7ASDPebezMXh/1vztrgyw7Eyj18G
 crWCOeHLt6FjUmOzy3zmnjpVTR6Sg+1BQdH6n+p4jQ2mCTrYdCTphdf3l4p+KGfh
 9fuK30Ir4k+6gtX8qPehmEmhbNSsO+7Hh630bFFj/vcc9PycHFxSDx5sZze1WiBW
 4etKSJXrTRgDW2YDM+P9TUu9TJkYI5JpDJ7cyoVxfZ/L6TNvQqKCoRJ9EtsOAwH5
 9BzxrHqpcms8bmT72dpXTBjO7psLC5ElKCRnwOMtZ7y9dbhHswiCbky5bqkwcaFs
 r21cBCZbzF/2ujoiN2v5vemaZKSaid/hvSJtf00Xy4/cpJzHZIk=
 =r6Fb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc: bugfixes, maintainers

A couple of bugfixes.
Add a new vhost-user-blk maintainer.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 13 Apr 2020 11:57:17 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  exec: Fix for qemu_ram_resize() callback
  fw_cfg: Migrate ACPI table mr sizes separately
  acpi: Use macro for table-loader file name
  MAINTAINERS: Add myself as vhost-user-blk maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-13 15:42:51 +01:00
Peter Maydell
e33d61cc9a Bugfixes, and reworking of the atomics documentation.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAl6UDRYUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOSGggAgy/pnlhh5NjGc0PZLhz09O1MlOiT
 iS8/RCudLR/yDJ0K7pweWKc1lGrS11G1n1P+58G6sK7al4NOdlMMgtk1VtZAlMJ4
 dSQ+DGV7JaoPztu5ec2V7LiJmhyxrVaKx7xg9JGx0bZ/1wCC1GqZUlZ2hYdgQ8L4
 EchdwqzRd2sznlUVAP19ZcPb6sYG2VlkIzFytd5p3xZqrr0g3RJa7nmWRWAnEx1L
 5/13U6g2PEU3jFKTtOcELFq8F/tB8id+fwIE2GB3glKzBHXnJSAfpzBV3/8L72xV
 JqSUa62O12qGX5k5F9BJPgcfxs40wyEkWTBJuW+WQvsmI73EJ3B30gjkhw==
 =8Dsv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bugfixes, and reworking of the atomics documentation.

# gpg: Signature made Mon 13 Apr 2020 07:56:22 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  module: increase dirs array size by one
  memory: Do not allow direct write access to rom_device regions
  vl.c: error out if -mem-path is used together with -M memory-backend
  rcu: do not mention atomic_mb_read/set in documentation
  atomics: update documentation
  atomics: convert to reStructuredText
  oslib-posix: take lock before qemu_cond_broadcast
  piix: fix xenfv regression, add compat machine xenfv-4.2

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-13 13:11:38 +01:00