Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qemu for openSUSE:Factory checked in at 2021-02-11 12:48:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qemu (Old) and /work/SRC/openSUSE:Factory/.qemu.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu" Thu Feb 11 12:48:33 2021 rev:195 rq:870728 version:5.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/qemu/qemu.changes 2021-02-01 14:41:58.820691585 +0100 +++ /work/SRC/openSUSE:Factory/.qemu.new.28504/qemu.changes 2021-02-11 12:52:19.757913722 +0100 @@ -1,0 +2,46 @@ +Mon Feb 8 20:53:03 UTC 2021 - Bruce Rogers <[email protected]> + +- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci + from being an x86 only Recommends, to a Recommends for all arch's + except s390x (boo#1181350) +- Fix qemu-hw-usb-smartcard to not be a Recommends for s390x +- Minor spec file tweaks for compatibility with upcoming spec file + formatter + +------------------------------------------------------------------- +Mon Feb 8 17:11:21 UTC 2021 - Bruce Rogers <[email protected]> + +- Make note that this patch takes care of an OOB access in ARM + interrupt handling (CVE-2021-20221 bsc#1181933) + hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch + +------------------------------------------------------------------- +Fri Feb 5 18:54:34 UTC 2021 - Bruce Rogers <[email protected]> + +- Include upstream patches designated as stable material and + reviewed for applicability to include here + block-Separate-blk_is_writable-and-blk_s.patch + hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch + hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch + hw-timer-slavio_timer-Allow-64-bit-acces.patch + net-Fix-handling-of-id-in-netdev_add-and.patch + target-arm-Don-t-decode-insns-in-the-XSc.patch + target-arm-Fix-MTE0_ACTIVE.patch + target-arm-Introduce-PREDDESC-field-defi.patch + target-arm-Update-PFIRST-PNEXT-for-pred_.patch + target-arm-Update-REV-PUNPK-for-pred_des.patch + target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch + tcg-Use-memset-for-large-vector-byte-rep.patch + ui-vnc-Add-missing-lock-for-send_color_m.patch + virtio-move-use-disabled-flag-property-t.patch + +------------------------------------------------------------------- +Thu Feb 4 18:21:28 UTC 2021 - Bruce Rogers <[email protected]> + +- binutils v2.36 has changed the handling of the assembler's + -mx86-used-note, resulting in a build failure. To compensate, we + now explicitly specify -mx86-used-note=no in the seabios Makefile + (boo#1181775) + build-be-explicit-about-mx86-used-note-n.patch + +------------------------------------------------------------------- New: ---- block-Separate-blk_is_writable-and-blk_s.patch build-be-explicit-about-mx86-used-note-n.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch net-Fix-handling-of-id-in-netdev_add-and.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch tcg-Use-memset-for-large-vector-byte-rep.patch ui-vnc-Add-missing-lock-for-send_color_m.patch virtio-move-use-disabled-flag-property-t.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qemu.spec ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.033916858 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.037916863 +0100 @@ -1,5 +1,5 @@ # -# spec file for package qemu +# spec file for package qemu%{name_suffix} # # Copyright (c) 2021 SUSE LLC # @@ -131,63 +131,78 @@ # This patch queue is auto-generated - see README.PACKAGING for process # Patches applied in base project: -Patch00000: block-Simplify-qmp_block_resize-error-pa.patch -Patch00001: block-Fix-locking-in-qmp_block_resize.patch -Patch00002: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch -Patch00003: audio-add-sanity-check.patch -Patch00004: build-no-pie-is-no-functional-linker-fla.patch -Patch00005: block-nfs-fix-int-overflow-in-nfs_client.patch -Patch00006: XXX-dont-dump-core-on-sigabort.patch -Patch00007: qemu-binfmt-conf-Modify-default-path.patch -Patch00008: qemu-cvs-gettimeofday.patch -Patch00009: qemu-cvs-ioctl_debug.patch -Patch00010: qemu-cvs-ioctl_nodirection.patch -Patch00011: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00012: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00013: linux-user-binfmt-support-host-binaries.patch -Patch00014: linux-user-Fake-proc-cpuinfo.patch -Patch00015: linux-user-use-target_ulong.patch -Patch00016: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00017: linux-user-lseek-explicitly-cast-non-set.patch -Patch00018: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00019: xen_disk-Add-suse-specific-flush-disable.patch -Patch00020: qemu-bridge-helper-reduce-security-profi.patch -Patch00021: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00022: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00023: Raise-soft-address-space-limit-to-hard-l.patch -Patch00024: increase-x86_64-physical-bits-to-42.patch -Patch00025: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00026: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00027: Make-installed-scripts-explicitly-python.patch -Patch00028: hw-smbios-handle-both-file-formats-regar.patch -Patch00029: xen-add-block-resize-support-for-xen-dis.patch -Patch00030: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00031: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00032: xen-ignore-live-parameter-from-xen-save-.patch -Patch00033: tests-change-error-message-in-test-162.patch -Patch00034: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00035: configure-only-populate-roms-if-softmmu.patch -Patch00036: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00037: roms-change-cross-compiler-naming-to-be-.patch -Patch00038: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00039: configure-remove-pkgversion-from-CONFIG_.patch -Patch00040: docs-add-SUSE-support-statements-to-html.patch -Patch00041: s390x-Fix-stringop-truncation-issue-repo.patch -Patch00042: Revert-qht-constify-qht_statistics_init.patch -Patch00043: qht-Revert-some-constification-in-qht.c.patch -Patch00044: meson-install-ivshmem-client-and-ivshmem.patch -Patch00045: Revert-roms-efirom-tests-uefi-test-tools.patch -Patch00046: Makefile-Don-t-check-pc-bios-as-pre-requ.patch -Patch00047: roms-Makefile-add-cross-file-to-qboot-me.patch -Patch00048: usb-Help-compiler-out-to-avoid-a-warning.patch -Patch00049: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch -Patch00050: module-for-virtio-gpu-pre-load-module-to.patch -Patch00051: spice-app-avoid-crash-when-core-spice-mo.patch -Patch00052: qom-handle-case-of-chardev-spice-module-.patch +Patch00000: ui-vnc-Add-missing-lock-for-send_color_m.patch +Patch00001: block-Simplify-qmp_block_resize-error-pa.patch +Patch00002: block-Fix-locking-in-qmp_block_resize.patch +Patch00003: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch +Patch00004: audio-add-sanity-check.patch +Patch00005: build-no-pie-is-no-functional-linker-fla.patch +Patch00006: block-nfs-fix-int-overflow-in-nfs_client.patch +Patch00007: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch +Patch00008: tcg-Use-memset-for-large-vector-byte-rep.patch +Patch00009: hw-timer-slavio_timer-Allow-64-bit-acces.patch +Patch00010: target-arm-Fix-MTE0_ACTIVE.patch +Patch00011: target-arm-Don-t-decode-insns-in-the-XSc.patch +Patch00012: hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch +Patch00013: target-arm-Introduce-PREDDESC-field-defi.patch +Patch00014: target-arm-Update-PFIRST-PNEXT-for-pred_.patch +Patch00015: target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch +Patch00016: target-arm-Update-REV-PUNPK-for-pred_des.patch +Patch00017: net-Fix-handling-of-id-in-netdev_add-and.patch +Patch00018: block-Separate-blk_is_writable-and-blk_s.patch +Patch00019: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch +Patch00020: virtio-move-use-disabled-flag-property-t.patch +Patch00021: XXX-dont-dump-core-on-sigabort.patch +Patch00022: qemu-binfmt-conf-Modify-default-path.patch +Patch00023: qemu-cvs-gettimeofday.patch +Patch00024: qemu-cvs-ioctl_debug.patch +Patch00025: qemu-cvs-ioctl_nodirection.patch +Patch00026: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00027: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00028: linux-user-binfmt-support-host-binaries.patch +Patch00029: linux-user-Fake-proc-cpuinfo.patch +Patch00030: linux-user-use-target_ulong.patch +Patch00031: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00032: linux-user-lseek-explicitly-cast-non-set.patch +Patch00033: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00034: xen_disk-Add-suse-specific-flush-disable.patch +Patch00035: qemu-bridge-helper-reduce-security-profi.patch +Patch00036: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00037: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00038: Raise-soft-address-space-limit-to-hard-l.patch +Patch00039: increase-x86_64-physical-bits-to-42.patch +Patch00040: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00041: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00042: Make-installed-scripts-explicitly-python.patch +Patch00043: hw-smbios-handle-both-file-formats-regar.patch +Patch00044: xen-add-block-resize-support-for-xen-dis.patch +Patch00045: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00046: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00047: xen-ignore-live-parameter-from-xen-save-.patch +Patch00048: tests-change-error-message-in-test-162.patch +Patch00049: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00050: configure-only-populate-roms-if-softmmu.patch +Patch00051: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00052: roms-change-cross-compiler-naming-to-be-.patch +Patch00053: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00054: configure-remove-pkgversion-from-CONFIG_.patch +Patch00055: docs-add-SUSE-support-statements-to-html.patch +Patch00056: s390x-Fix-stringop-truncation-issue-repo.patch +Patch00057: Revert-qht-constify-qht_statistics_init.patch +Patch00058: qht-Revert-some-constification-in-qht.c.patch +Patch00059: meson-install-ivshmem-client-and-ivshmem.patch +Patch00060: Revert-roms-efirom-tests-uefi-test-tools.patch +Patch00061: Makefile-Don-t-check-pc-bios-as-pre-requ.patch +Patch00062: roms-Makefile-add-cross-file-to-qboot-me.patch +Patch00063: usb-Help-compiler-out-to-avoid-a-warning.patch +Patch00064: module-for-virtio-gpu-pre-load-module-to.patch +Patch00065: spice-app-avoid-crash-when-core-spice-mo.patch +Patch00066: qom-handle-case-of-chardev-spice-module-.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch Patch01002: enable-cross-compilation-on-ARM.patch +Patch01003: build-be-explicit-about-mx86-used-note-n.patch # Patches applied in roms/ipxe/: Patch02000: stub-out-the-SAN-req-s-in-int13.patch Patch02001: ipxe-Makefile-fix-issues-of-build-reprod.patch @@ -352,20 +367,20 @@ Recommends: kvm_stat %endif Recommends: qemu-block-curl -Recommends: qemu-hw-usb-smartcard Recommends: qemu-ksm = %{qemuver} Recommends: qemu-tools Recommends: qemu-ui-curses %ifnarch s390x Recommends: qemu-hw-display-qxl +Recommends: qemu-hw-display-virtio-gpu +Recommends: qemu-hw-display-virtio-gpu-pci Recommends: qemu-hw-display-virtio-vga Recommends: qemu-hw-usb-redirect +Recommends: qemu-hw-usb-smartcard Recommends: qemu-ui-gtk Recommends: qemu-ui-spice-app %endif %ifarch %{ix86} x86_64 -Recommends: qemu-hw-display-virtio-gpu -Recommends: qemu-hw-display-virtio-gpu-pci Recommends: qemu-x86 %else Suggests: qemu-x86 @@ -468,10 +483,10 @@ Version: %{qemuver} Release: 0 Requires: %name = %{qemuver} -Recommends: qemu-ipxe -Recommends: qemu-vgabios Recommends: ovmf +Recommends: qemu-ipxe Recommends: qemu-uefi-aarch64 +Recommends: qemu-vgabios %description arm %{generic_qemu_description} @@ -485,8 +500,8 @@ Release: 0 Requires: %name = %{qemuver} Recommends: qemu-ipxe -Recommends: qemu-vgabios Recommends: qemu-skiboot +Recommends: qemu-vgabios %description extra %{generic_qemu_description} @@ -846,8 +861,8 @@ Requires: group(kvm) Requires(post): udev Supplements: modalias(acpi*:QEMU0002%3A*) -Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*) +Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) %{?systemd_ordering} %description guest-agent @@ -926,7 +941,7 @@ Release: 0 BuildArch: noarch Requires(post): update-alternatives -Requires(postun): update-alternatives +Requires(postun):update-alternatives Provides: %name:%_datadir/%name/forsplits/06 %description skiboot @@ -1037,28 +1052,43 @@ %patch00037 -p1 %patch00038 -p1 %patch00039 -p1 -%if %{legacy_qemu_kvm} %patch00040 -p1 -%endif %patch00041 -p1 %patch00042 -p1 %patch00043 -p1 %patch00044 -p1 %patch00045 -p1 %patch00046 -p1 -%ifarch aarch64 %patch00047 -p1 -%endif -%ifarch %arm %ix86 %patch00048 -p1 -%endif %patch00049 -p1 %patch00050 -p1 %patch00051 -p1 %patch00052 -p1 +%patch00053 -p1 +%patch00054 -p1 +%if %{legacy_qemu_kvm} +%patch00055 -p1 +%endif +%patch00056 -p1 +%patch00057 -p1 +%patch00058 -p1 +%patch00059 -p1 +%patch00060 -p1 +%patch00061 -p1 +%ifarch aarch64 +%patch00062 -p1 +%endif +%ifarch %arm %ix86 +%patch00063 -p1 +%endif +%patch00064 -p1 +%patch00065 -p1 +%patch00066 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 +%patch01003 -p1 %if 0%{?patch-possibly-applied-elsewhere} %patch02000 -p1 %endif ++++++ block-Separate-blk_is_writable-and-blk_s.patch ++++++ From: Kevin Wolf <[email protected]> Date: Mon, 18 Jan 2021 13:34:47 +0100 Subject: block: Separate blk_is_writable() and blk_supports_write_perm() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 86b1cf322789b79c8ace977430ac6a443d491cc0 Currently, blk_is_read_only() tells whether a given BlockBackend can only be used in read-only mode because its root node is read-only. Some callers actually try to answer a slightly different question: Is the BlockBackend configured to be writable, by taking write permissions on the root node? This can differ, for example, for CD-ROM devices which don't take write permissions, but may be backed by a writable image file. scsi-cd allows write requests to the drive if blk_is_read_only() returns false. However, the write request will immediately run into an assertion failure because the write permission is missing. This patch introduces separate functions for both questions. blk_supports_write_perm() answers the question whether the block node/image file can support writable devices, whereas blk_is_writable() tells whether the BlockBackend is currently configured to be writable. All calls of blk_is_read_only() are converted to one of the two new functions. Fixes: https://bugs.launchpad.net/bugs/1906693 Cc: [email protected] Signed-off-by: Kevin Wolf <[email protected]> Message-Id: <[email protected]> Reviewed-by: Philippe Mathieu-Daud?? <[email protected]> Reviewed-by: Max Reitz <[email protected]> Signed-off-by: Kevin Wolf <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- block/block-backend.c | 19 ++++++++++++++++--- hw/block/dataplane/xen-block.c | 2 +- hw/block/fdc.c | 9 +++++---- hw/block/m25p80.c | 6 +++--- hw/block/nand.c | 2 +- hw/block/nvme-ns.c | 7 ++++--- hw/block/onenand.c | 2 +- hw/block/pflash_cfi01.c | 2 +- hw/block/pflash_cfi02.c | 2 +- hw/block/swim.c | 6 +++--- hw/block/virtio-blk.c | 6 +++--- hw/block/xen-block.c | 2 +- hw/ide/core.c | 2 +- hw/misc/sifive_u_otp.c | 2 +- hw/ppc/pnv_pnor.c | 2 +- hw/scsi/scsi-disk.c | 10 +++++----- hw/scsi/scsi-generic.c | 4 ++-- hw/sd/sd.c | 6 +++--- hw/usb/dev-storage.c | 4 ++-- include/sysemu/block-backend.h | 3 ++- 20 files changed, 57 insertions(+), 41 deletions(-) diff --git a/block/block-backend.c b/block/block-backend.c index ce78d30794ade042fa9f1b8d2b68..e493f17515d88465796d298b5566 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -1826,17 +1826,30 @@ void blk_error_action(BlockBackend *blk, BlockErrorAction action, } } -bool blk_is_read_only(BlockBackend *blk) +/* + * Returns true if the BlockBackend can support taking write permissions + * (because its root node is not read-only). + */ +bool blk_supports_write_perm(BlockBackend *blk) { BlockDriverState *bs = blk_bs(blk); if (bs) { - return bdrv_is_read_only(bs); + return !bdrv_is_read_only(bs); } else { - return blk->root_state.read_only; + return !blk->root_state.read_only; } } +/* + * Returns true if the BlockBackend can be written to in its current + * configuration (i.e. if write permission have been requested) + */ +bool blk_is_writable(BlockBackend *blk) +{ + return blk->perm & BLK_PERM_WRITE; +} + bool blk_is_sg(BlockBackend *blk) { BlockDriverState *bs = blk_bs(blk); diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c index 71c337c7b7e74085532754bb28b2..f5b4f4c0790c26887e21649010f1 100644 --- a/hw/block/dataplane/xen-block.c +++ b/hw/block/dataplane/xen-block.c @@ -168,7 +168,7 @@ static int xen_block_parse_request(XenBlockRequest *request) }; if (request->req.operation != BLKIF_OP_READ && - blk_is_read_only(dataplane->blk)) { + !blk_is_writable(dataplane->blk)) { error_report("error: write req for ro device"); goto err; } diff --git a/hw/block/fdc.c b/hw/block/fdc.c index 4c2c35e223aa5fccb6b855b1aa9e..d6ba6c8f730092632770cf66908b 100644 --- a/hw/block/fdc.c +++ b/hw/block/fdc.c @@ -443,7 +443,7 @@ static void fd_revalidate(FDrive *drv) FLOPPY_DPRINTF("revalidate\n"); if (drv->blk != NULL) { - drv->ro = blk_is_read_only(drv->blk); + drv->ro = !blk_is_writable(drv->blk); if (!blk_is_inserted(drv->blk)) { FLOPPY_DPRINTF("No disk in drive\n"); drv->disk = FLOPPY_DRIVE_TYPE_NONE; @@ -478,8 +478,8 @@ static void fd_change_cb(void *opaque, bool load, Error **errp) blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort); } else { if (!blkconf_apply_backend_options(drive->conf, - blk_is_read_only(drive->blk), false, - errp)) { + !blk_supports_write_perm(drive->blk), + false, errp)) { return; } } @@ -552,7 +552,8 @@ static void floppy_drive_realize(DeviceState *qdev, Error **errp) * read-only node later */ read_only = true; } else { - read_only = !blk_bs(dev->conf.blk) || blk_is_read_only(dev->conf.blk); + read_only = !blk_bs(dev->conf.blk) || + !blk_supports_write_perm(dev->conf.blk); } if (!blkconf_blocksizes(&dev->conf, errp)) { diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index 483925f57a9023f349bd70e8db9a..efe490a52fe4ff5dfeaec609b3e3 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -499,7 +499,7 @@ static void flash_sync_page(Flash *s, int page) { QEMUIOVector *iov; - if (!s->blk || blk_is_read_only(s->blk)) { + if (!s->blk || !blk_is_writable(s->blk)) { return; } @@ -515,7 +515,7 @@ static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) { QEMUIOVector *iov; - if (!s->blk || blk_is_read_only(s->blk)) { + if (!s->blk || !blk_is_writable(s->blk)) { return; } @@ -1278,7 +1278,7 @@ static void m25p80_realize(SSISlave *ss, Error **errp) if (s->blk) { uint64_t perm = BLK_PERM_CONSISTENT_READ | - (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); + (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); if (ret < 0) { return; diff --git a/hw/block/nand.c b/hw/block/nand.c index 1d7a48a2ec2ad7ac77dc4b28f677..8c5087f96a960420fc3f7aea03a5 100644 --- a/hw/block/nand.c +++ b/hw/block/nand.c @@ -409,7 +409,7 @@ static void nand_realize(DeviceState *dev, Error **errp) pagesize = 1 << s->oob_shift; s->mem_oob = 1; if (s->blk) { - if (blk_is_read_only(s->blk)) { + if (!blk_supports_write_perm(s->blk)) { error_setg(errp, "Can't use a read-only drive"); return; } diff --git a/hw/block/nvme-ns.c b/hw/block/nvme-ns.c index 31c80cdf5b5ff302052383cbada1..2670787d2630f8a3d1b1c7f138b8 100644 --- a/hw/block/nvme-ns.c +++ b/hw/block/nvme-ns.c @@ -48,13 +48,14 @@ static void nvme_ns_init(NvmeNamespace *ns) static int nvme_ns_init_blk(NvmeCtrl *n, NvmeNamespace *ns, Error **errp) { + bool read_only; + if (!blkconf_blocksizes(&ns->blkconf, errp)) { return -1; } - if (!blkconf_apply_backend_options(&ns->blkconf, - blk_is_read_only(ns->blkconf.blk), - false, errp)) { + read_only = !blk_supports_write_perm(ns->blkconf.blk); + if (!blkconf_apply_backend_options(&ns->blkconf, read_only, false, errp)) { return -1; } diff --git a/hw/block/onenand.c b/hw/block/onenand.c index 5ff7be86bb798190b976779d7603..08994ca7da1aff06ff12615d4777 100644 --- a/hw/block/onenand.c +++ b/hw/block/onenand.c @@ -796,7 +796,7 @@ static void onenand_realize(DeviceState *dev, Error **errp) s->image = memset(g_malloc(size + (size >> 5)), 0xff, size + (size >> 5)); } else { - if (blk_is_read_only(s->blk)) { + if (!blk_supports_write_perm(s->blk)) { error_setg(errp, "Can't use a read-only drive"); return; } diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c index daae9658605f4a348d6e91c84b31..af0bb6c26342405dc558df1be36c 100644 --- a/hw/block/pflash_cfi01.c +++ b/hw/block/pflash_cfi01.c @@ -744,7 +744,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp) if (pfl->blk) { uint64_t perm; - pfl->ro = blk_is_read_only(pfl->blk); + pfl->ro = !blk_supports_write_perm(pfl->blk); perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); if (ret < 0) { diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c index 1b3d94e0473bd4490b7c97d7c7e7..1a855c5d3865c0d64b46c90a4cda 100644 --- a/hw/block/pflash_cfi02.c +++ b/hw/block/pflash_cfi02.c @@ -801,7 +801,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp) if (pfl->blk) { uint64_t perm; - pfl->ro = blk_is_read_only(pfl->blk); + pfl->ro = !blk_supports_write_perm(pfl->blk); perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); if (ret < 0) { diff --git a/hw/block/swim.c b/hw/block/swim.c index 20133a814c44095028ea0efe7d53..509c2f4900353c3b1e7fad9117f1 100644 --- a/hw/block/swim.c +++ b/hw/block/swim.c @@ -137,8 +137,8 @@ static void swim_change_cb(void *opaque, bool load, Error **errp) blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort); } else { if (!blkconf_apply_backend_options(drive->conf, - blk_is_read_only(drive->blk), false, - errp)) { + !blk_supports_write_perm(drive->blk), + false, errp)) { return; } } @@ -210,7 +210,7 @@ static void swim_drive_realize(DeviceState *qdev, Error **errp) dev->conf.werror = BLOCKDEV_ON_ERROR_AUTO; if (!blkconf_apply_backend_options(&dev->conf, - blk_is_read_only(dev->conf.blk), + !blk_supports_write_perm(dev->conf.blk), false, errp)) { return; } diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index bac2d6fa2b283854b21f225bea1c..e8600b069da36372f68c6b59baf9 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -1021,7 +1021,7 @@ static uint64_t virtio_blk_get_features(VirtIODevice *vdev, uint64_t features, virtio_has_feature(features, VIRTIO_BLK_F_CONFIG_WCE))) { virtio_add_feature(&features, VIRTIO_BLK_F_WCE); } - if (blk_is_read_only(s->blk)) { + if (!blk_is_writable(s->blk)) { virtio_add_feature(&features, VIRTIO_BLK_F_RO); } if (s->conf.num_queues > 1) { @@ -1175,8 +1175,8 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp) } if (!blkconf_apply_backend_options(&conf->conf, - blk_is_read_only(conf->conf.blk), true, - errp)) { + !blk_supports_write_perm(conf->conf.blk), + true, errp)) { return; } s->original_wce = blk_enable_write_cache(conf->conf.blk); diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c index 8a7a3f54523ed050587c3e2047de..20b23c699bc1cb4cd796bf352c45 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -574,7 +574,7 @@ static void xen_disk_realize(XenBlockDevice *blockdev, Error **errp) return; } - blockdev->info = blk_is_read_only(conf->blk) ? VDISK_READONLY : 0; + blockdev->info = blk_supports_write_perm(conf->blk) ? 0 : VDISK_READONLY; } static void xen_disk_class_init(ObjectClass *class, void *data) diff --git a/hw/ide/core.c b/hw/ide/core.c index e85821637c961121ad7a2ccfbaf9..50758a944172ba6ed12c3ca2bc4c 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -2537,7 +2537,7 @@ int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, error_setg(errp, "Device needs media, but drive is empty"); return -1; } - if (blk_is_read_only(blk)) { + if (!blk_is_writable(blk)) { error_setg(errp, "Can't use a read-only drive"); return -1; } diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c index 60066375abddfa4e74e424b7d693..84547ebf1ba4aae4c99be01342e5 100644 --- a/hw/misc/sifive_u_otp.c +++ b/hw/misc/sifive_u_otp.c @@ -218,7 +218,7 @@ static void sifive_u_otp_realize(DeviceState *dev, Error **errp) if (s->blk) { perm = BLK_PERM_CONSISTENT_READ | - (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); + (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); if (ret < 0) { return; diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c index c365ee58b884c02c77851a35f566..cc2a6a3db7eac7cab6750fe7f011 100644 --- a/hw/ppc/pnv_pnor.c +++ b/hw/ppc/pnv_pnor.c @@ -85,7 +85,7 @@ static void pnv_pnor_realize(DeviceState *dev, Error **errp) if (s->blk) { uint64_t perm = BLK_PERM_CONSISTENT_READ | - (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); + (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); if (ret < 0) { return; diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 90841ad79123a3a86547a70d6dd4..7ab2be05b3ce3f4fad2212037b34 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1269,7 +1269,7 @@ static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) if (s->qdev.type == TYPE_DISK) { dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; - if (blk_is_read_only(s->qdev.conf.blk)) { + if (!blk_is_writable(s->qdev.conf.blk)) { dev_specific_param |= 0x80; /* Readonly. */ } } else { @@ -1703,7 +1703,7 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) goto invalid_param_len; } - if (blk_is_read_only(s->qdev.conf.blk)) { + if (!blk_is_writable(s->qdev.conf.blk)) { block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); return; @@ -1794,7 +1794,7 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) return; } - if (blk_is_read_only(s->qdev.conf.blk)) { + if (!blk_is_writable(s->qdev.conf.blk)) { scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); return; } @@ -2206,7 +2206,7 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) case WRITE_VERIFY_10: case WRITE_VERIFY_12: case WRITE_VERIFY_16: - if (blk_is_read_only(s->qdev.conf.blk)) { + if (!blk_is_writable(s->qdev.conf.blk)) { scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); return 0; } @@ -2379,7 +2379,7 @@ static void scsi_realize(SCSIDevice *dev, Error **errp) } } - read_only = blk_is_read_only(s->qdev.conf.blk); + read_only = !blk_supports_write_perm(s->qdev.conf.blk); if (dev->type == TYPE_ROM) { read_only = true; } diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c index 2cb23ca8913c91fc06f497af21be..836479ab017326fa058381efbb87 100644 --- a/hw/scsi/scsi-generic.c +++ b/hw/scsi/scsi-generic.c @@ -305,7 +305,7 @@ static void scsi_read_complete(void * opaque, int ret) * readonly. */ if ((s->type == TYPE_DISK || s->type == TYPE_TAPE || s->type == TYPE_ZBC) && - blk_is_read_only(s->conf.blk) && + !blk_is_writable(s->conf.blk) && (r->req.cmd.buf[0] == MODE_SENSE || r->req.cmd.buf[0] == MODE_SENSE_10) && (r->req.cmd.buf[1] & 0x8) == 0) { @@ -693,7 +693,7 @@ static void scsi_generic_realize(SCSIDevice *s, Error **errp) return; } if (!blkconf_apply_backend_options(&s->conf, - blk_is_read_only(s->conf.blk), + !blk_supports_write_perm(s->conf.blk), true, errp)) { return; } diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 1842c037978c6b17c74d6b81a169..5cdcd54cfcbf467342b2e485ac3e 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -583,7 +583,7 @@ static void sd_reset(DeviceState *dev) sd_set_sdstatus(sd); g_free(sd->wp_groups); - sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false; + sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; sd->wpgrps_size = sect; sd->wp_groups = bitmap_new(sd->wpgrps_size); memset(sd->function_group, 0, sizeof(sd->function_group)); @@ -751,7 +751,7 @@ void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) { sd->readonly_cb = readonly; sd->inserted_cb = insert; - qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0); + qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0); qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); } @@ -2155,7 +2155,7 @@ static void sd_realize(DeviceState *dev, Error **errp) if (sd->blk) { int64_t blk_size; - if (blk_is_read_only(sd->blk)) { + if (!blk_supports_write_perm(sd->blk)) { error_setg(errp, "Cannot use read-only drive as SD card"); return; } diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index f0f005869d25976cc4d5d2394237..c49e8b819e97df5f3f1814f2f63f 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -613,8 +613,8 @@ static void usb_msd_storage_realize(USBDevice *dev, Error **errp) return; } - if (!blkconf_apply_backend_options(&s->conf, blk_is_read_only(blk), true, - errp)) { + if (!blkconf_apply_backend_options(&s->conf, !blk_supports_write_perm(blk), + true, errp)) { return; } diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h index 8203d7f6f90c792ca3f70e516909..880e9032930b0207e2e3e6fe1bd7 100644 --- a/include/sysemu/block-backend.h +++ b/include/sysemu/block-backend.h @@ -191,7 +191,8 @@ BlockErrorAction blk_get_error_action(BlockBackend *blk, bool is_read, int error); void blk_error_action(BlockBackend *blk, BlockErrorAction action, bool is_read, int error); -bool blk_is_read_only(BlockBackend *blk); +bool blk_supports_write_perm(BlockBackend *blk); +bool blk_is_writable(BlockBackend *blk); bool blk_is_sg(BlockBackend *blk); bool blk_enable_write_cache(BlockBackend *blk); void blk_set_enable_write_cache(BlockBackend *blk, bool wce); ++++++ build-be-explicit-about-mx86-used-note-n.patch ++++++ From: Bruce Rogers <[email protected]> Date: Thu, 4 Feb 2021 11:06:47 -0700 Subject: build: be explicit about -mx86-used-note=no binutils v2.36 switched the default for the assembler's -mx86-used-note, which caused breakage building seavgabios as follows: ld: section .note.gnu.property LMA [0000000000000000,0000000000000027] overlaps section .text LMA [0000000000000000,0000000000006e87] Fix by explicitly specifying -mx86-used-note=no to assembler in seabios' Makefile (boo#1181775) Signed-off-by: Bruce Rogers <[email protected]> --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile index 74a01853f26458d94d4a4e056b7b..16627562900bbca4b68c6f1df220 100644 --- a/roms/seabios/Makefile +++ b/roms/seabios/Makefile @@ -73,6 +73,7 @@ COMMONCFLAGS += $(call cc-option,$(CC),-fstack-check=no,) COMMONCFLAGS += $(call cc-option,$(CC),-Wno-address-of-packed-member,) COMMONCFLAGS += $(call cc-option,$(CC),-fcf-protection=none,) COMMA := , +COMMONCFLAGS += $(call cc-option,$(CC),-Wa$(COMMA)-mx86-used-note=no,) CFLAGS32FLAT := $(COMMONCFLAGS) -DMODE16=0 -DMODESEGMENT=0 CFLAGSSEG := $(COMMONCFLAGS) -DMODESEGMENT=1 -fno-defer-pop \ ++++++ bundles.tar.xz ++++++ Binary files old/553032db17440f8de011390e5a1cfddd13751b0b.bundle and new/553032db17440f8de011390e5a1cfddd13751b0b.bundle differ Binary files old/roms/seabios/155821a1990b6de78dde5f98fa5ab90e802021e0.bundle and new/roms/seabios/155821a1990b6de78dde5f98fa5ab90e802021e0.bundle differ ++++++ hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch ++++++ From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <[email protected]> Date: Sun, 31 Jan 2021 11:34:01 +0100 Subject: hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: edfe2eb4360cde4ed5d95bda7777edcb3510f76a References: bsc#1181933 Per the ARM Generic Interrupt Controller Architecture specification (document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, not 10: - 4.3 Distributor register descriptions - 4.3.15 Software Generated Interrupt Register, GICD_SG - Table 4-21 GICD_SGIR bit assignments The Interrupt ID of the SGI to forward to the specified CPU interfaces. The value of this field is the Interrupt ID, in the range 0-15, for example a value of 0b0011 specifies Interrupt ID 3. Correct the irq mask to fix an undefined behavior (which eventually lead to a heap-buffer-overflow, see [Buglink]): $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio [I 1612088147.116987] OPENED [R +0.278293] writel 0x8000f00 0xff4affb0 ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 This fixes a security issue when running with KVM on Arm with kernel-irqchip=off. (The default is kernel-irqchip=on, which is unaffected, and which is also the correct choice for performance.) Cc: [email protected] Fixes: CVE-2021-20221 Fixes: 9ee6e8bb853 ("ARMv7 support.") Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 Reported-by: Alexander Bulekov <[email protected]> Signed-off-by: Philippe Mathieu-Daud?? <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/intc/arm_gic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c index c60dc6b5e6e519e61b20dda66c7b..fbde60de05a20a607a64a5a91bad 100644 --- a/hw/intc/arm_gic.c +++ b/hw/intc/arm_gic.c @@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset, int target_cpu; cpu = gic_get_current_cpu(s); - irq = value & 0x3ff; + irq = value & 0xf; switch ((value >> 24) & 3) { case 0: mask = (value >> 16) & ALL_CPU_MASK; ++++++ hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch ++++++ From: Peter Maydell <[email protected]> Date: Fri, 8 Jan 2021 18:04:00 +0000 Subject: hw/net/lan9118: Fix RX Status FIFO PEEK value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: e7e29fdbbe07fb762d85af9c4d8eeff9b0f52a8e A copy-and-paste error meant that the return value for register offset 0x44 (the RX Status FIFO PEEK register) returned a byte from a bogus offset in the rx status FIFO. Fix the typo. Cc: [email protected] Fixes: https://bugs.launchpad.net/qemu/+bug/1904954 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daud?? <[email protected]> Message-id: [email protected] Signed-off-by: Bruce Rogers <[email protected]> --- hw/net/lan9118.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index ab57c02c8e10d3ea1feb258fa4c5..13d469fe24fd8dd3a03eb2b60a58 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -1206,7 +1206,7 @@ static uint64_t lan9118_readl(void *opaque, hwaddr offset, case 0x40: return rx_status_fifo_pop(s); case 0x44: - return s->rx_status_fifo[s->tx_status_fifo_head]; + return s->rx_status_fifo[s->rx_status_fifo_head]; case 0x48: return tx_status_fifo_pop(s); case 0x4c: ++++++ hw-timer-slavio_timer-Allow-64-bit-acces.patch ++++++ From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <[email protected]> Date: Sat, 5 Dec 2020 16:09:03 +0100 Subject: hw/timer/slavio_timer: Allow 64-bit accesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9 Per the "NCR89C105 Chip Specification" referenced in the header: Chip-level Address Map ------------------------------------------------------------------ | 1D0 0000 -> | Counter/Timers | W,D | | 1DF FFFF | | | ... The address map indicated the allowed accesses at each address. [...] W indicates a word access, and D indicates a double-word access. The SLAVIO timer controller is implemented expecting 32-bit accesses. Commit a3d12d073e1 restricted the memory accesses to 32-bit, while the device allows 64-bit accesses. This was not an issue until commit 5d971f9e67 which reverted ("memory: accept mismatching sizes in memory_region_access_valid"). Fix by renaming .valid MemoryRegionOps as .impl, and add the valid access range (W -> 4, D -> 8). Since commit 21786c7e598 ("memory: Log invalid memory accesses") this class of bug can be quickly debugged displaying 'guest_errors' accesses, as: $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d guest_errors Power-ON Reset Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size (min:4 max:4) $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S (qemu) info mtree address-space: memory 0000000000000000-ffffffffffffffff (prio 0, i/o): system ... 0000000ff1300000-0000000ff130000f (prio 0, i/o): timer-1 ^^^^^^^^^ ^^^^^^^ \ memory region base address and name / (qemu) info qtree bus: main-system-bus dev: slavio_timer, id "" <-- device type name gpio-out "sysbus-irq" 17 num_cpus = 1 (0x1) mmio 0000000ff1310000/0000000000000014 mmio 0000000ff1300000/0000000000000010 <--- base address mmio 0000000ff1301000/0000000000000010 mmio 0000000ff1302000/0000000000000010 ... Reported-by: Yap KV <[email protected]> Buglink: https://bugs.launchpad.net/bugs/1906905 Fixes: a3d12d073e1 ("slavio_timer: convert to memory API") CC: [email protected] Signed-off-by: Philippe Mathieu-Daud?? <[email protected]> Message-Id: <[email protected]> Signed-off-by: Mark Cave-Ayland <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/timer/slavio_timer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/timer/slavio_timer.c b/hw/timer/slavio_timer.c index 5b2d20cb6a5a65a762e8021243cb..03e33fc592665360a72e87e1ac64 100644 --- a/hw/timer/slavio_timer.c +++ b/hw/timer/slavio_timer.c @@ -331,6 +331,10 @@ static const MemoryRegionOps slavio_timer_mem_ops = { .write = slavio_timer_mem_writel, .endianness = DEVICE_NATIVE_ENDIAN, .valid = { + .min_access_size = 4, + .max_access_size = 8, + }, + .impl = { .min_access_size = 4, .max_access_size = 4, }, ++++++ iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.385917343 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.385917343 +0100 @@ -954,11 +954,11 @@ {"return": {}} *** done diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out -index 8fbc7413e716462a4f196c39db5e..4e9c4607bdb3d46c24bad9e80f64 100644 +index fcaa71aeeebd855d684d8056410f..ff8e55864a53501197bb4a66bf99 100644 --- a/tests/qemu-iotests/153.out +++ b/tests/qemu-iotests/153.out -@@ -427,7 +427,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}} +@@ -425,7 +425,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c + { 'execute': 'qmp_capabilities' } {"return": {}} Adding drive -{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } @@ -967,7 +967,7 @@ {"return": "OKrn"} _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 -@@ -437,25 +438,30 @@ Creating overlay with qemu-img when the guest is running should be allowed +@@ -435,25 +436,30 @@ Creating overlay with qemu-img when the guest is running should be allowed _qemu_img_wrapper create -f qcow2 -b TEST_DIR/t.qcow2 -F qcow2 TEST_DIR/t.qcow2.overlay == Closing an image should unlock it == @@ -1629,7 +1629,7 @@ {"return": "Block node is read-onlyrn"} *** done diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu -index 4f2557cc568beed038223af7660b..3ecff3edfa7569d49ec7d81c2195 100644 +index de680cf1c7c92e50b82aa2bc0262..ef105dfc393e96c6ef2f34c1466d 100644 --- a/tests/qemu-iotests/common.qemu +++ b/tests/qemu-iotests/common.qemu @@ -146,14 +146,9 @@ _send_qemu_cmd() ++++++ net-Fix-handling-of-id-in-netdev_add-and.patch ++++++ From: Markus Armbruster <[email protected]> Date: Wed, 25 Nov 2020 11:02:20 +0100 Subject: net: Fix handling of id in netdev_add and netdev_del Git-commit: 831734cce6494032e9233caff4d8442b3a1e7fef CLI -netdev accumulates in option group "netdev". Before commit 08712fcb85 "net: Track netdevs in NetClientState rather than QemuOpt", netdev_add added to the option group, and netdev_del removed from it, both HMP and QMP. Thus, every netdev had a corresponding QemuOpts in this option group. Commit 08712fcb85 dropped this for QMP netdev_add and both netdev_del. Now a netdev has a corresponding QemuOpts only when it was created with CLI or HMP. Two issues: * QMP and HMP netdev_del can leave QemuOpts behind, breaking HMP netdev_add. Reproducer: $ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio QEMU 5.1.92 monitor - type 'help' for more information (qemu) netdev_add user,id=net0 (qemu) info network net0: index=0,type=user,net=10.0.2.0,restrict=off (qemu) netdev_del net0 (qemu) info network (qemu) netdev_add user,id=net0 upstream-qemu: Duplicate ID 'net0' for netdev Try "help netdev_add" for more information Fix by restoring the QemuOpts deletion in qmp_netdev_del(), but with a guard, because the QemuOpts need not exist. * QMP netdev_add loses its "no duplicate ID" check. Reproducer: $ qemu-system-x86_64 -S -display none -qmp stdio {"QMP": {"version": {"qemu": {"micro": 92, "minor": 1, "major": 5}, "package": "v5.2.0-rc2-1-g02c1f0142c"}, "capabilities": ["oob"]}} {"execute": "qmp_capabilities"} {"return": {}} {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}} {"return": {}} {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}} {"return": {}} Fix by adding a duplicate ID check to net_client_init1() to replace the lost one. The check is redundant for callers where QemuOpts still checks, i.e. for CLI and HMP. Reported-by: Andrew Melnichenko <[email protected]> Fixes: 08712fcb851034228b61f75bd922863a984a4f60 Cc: [email protected] Signed-off-by: Markus Armbruster <[email protected]> Reviewed-by: Eric Blake <[email protected]> Signed-off-by: Jason Wang <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- net/net.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/net/net.c b/net/net.c index 6a2c3d95670ed5fec78078276301..af35fb2db7cd99933d20f8613ab3 100644 --- a/net/net.c +++ b/net/net.c @@ -983,6 +983,7 @@ static int (* const net_client_init_fun[NET_CLIENT_DRIVER__MAX])( static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) { NetClientState *peer = NULL; + NetClientState *nc; if (is_netdev) { if (netdev->type == NET_CLIENT_DRIVER_NIC || @@ -1010,6 +1011,12 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) } } + nc = qemu_find_netdev(netdev->id); + if (nc) { + error_setg(errp, "Duplicate ID '%s'", netdev->id); + return -1; + } + if (net_client_init_fun[netdev->type](netdev, netdev->id, peer, errp) < 0) { /* FIXME drop when all init functions store an Error */ if (errp && !*errp) { @@ -1020,8 +1027,6 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) } if (is_netdev) { - NetClientState *nc; - nc = qemu_find_netdev(netdev->id); assert(nc); nc->is_netdev = true; @@ -1135,6 +1140,7 @@ void qmp_netdev_add(Netdev *netdev, Error **errp) void qmp_netdev_del(const char *id, Error **errp) { NetClientState *nc; + QemuOpts *opts; nc = qemu_find_netdev(id); if (!nc) { @@ -1149,6 +1155,16 @@ void qmp_netdev_del(const char *id, Error **errp) } qemu_del_net_client(nc); + + /* + * Wart: we need to delete the QemuOpts associated with netdevs + * created via CLI or HMP, to avoid bogus "Duplicate ID" errors in + * HMP netdev_add. + */ + opts = qemu_opts_find(qemu_find_opts("netdev"), id); + if (opts) { + qemu_opts_del(opts); + } } static void netfilter_print_info(Monitor *mon, NetFilterState *nf) ++++++ qemu.spec.in ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.541917558 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.541917558 +0100 @@ -1,5 +1,5 @@ # -# spec file for package qemu +# spec file for package qemu%{name_suffix} # # Copyright (c) 2021 SUSE LLC # @@ -281,20 +281,20 @@ Recommends: kvm_stat %endif Recommends: qemu-block-curl -Recommends: qemu-hw-usb-smartcard Recommends: qemu-ksm = %{qemuver} Recommends: qemu-tools Recommends: qemu-ui-curses %ifnarch s390x Recommends: qemu-hw-display-qxl +Recommends: qemu-hw-display-virtio-gpu +Recommends: qemu-hw-display-virtio-gpu-pci Recommends: qemu-hw-display-virtio-vga Recommends: qemu-hw-usb-redirect +Recommends: qemu-hw-usb-smartcard Recommends: qemu-ui-gtk Recommends: qemu-ui-spice-app %endif %ifarch %{ix86} x86_64 -Recommends: qemu-hw-display-virtio-gpu -Recommends: qemu-hw-display-virtio-gpu-pci Recommends: qemu-x86 %else Suggests: qemu-x86 @@ -397,10 +397,10 @@ Version: %{qemuver} Release: 0 Requires: %name = %{qemuver} -Recommends: qemu-ipxe -Recommends: qemu-vgabios Recommends: ovmf +Recommends: qemu-ipxe Recommends: qemu-uefi-aarch64 +Recommends: qemu-vgabios %description arm %{generic_qemu_description} @@ -414,8 +414,8 @@ Release: 0 Requires: %name = %{qemuver} Recommends: qemu-ipxe -Recommends: qemu-vgabios Recommends: qemu-skiboot +Recommends: qemu-vgabios %description extra %{generic_qemu_description} @@ -775,8 +775,8 @@ Requires: group(kvm) Requires(post): udev Supplements: modalias(acpi*:QEMU0002%3A*) -Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) Supplements: modalias(pci:v00005853d00000001sv*sd*bc*sc*i*) +Supplements: modalias(pci:v0000FFFDd00000101sv*sd*bc*sc*i*) %{?systemd_ordering} %description guest-agent @@ -855,7 +855,7 @@ Release: 0 BuildArch: noarch Requires(post): update-alternatives -Requires(postun): update-alternatives +Requires(postun):update-alternatives Provides: %name:%_datadir/%name/forsplits/06 %description skiboot ++++++ target-arm-Don-t-decode-insns-in-the-XSc.patch ++++++ From: Peter Maydell <[email protected]> Date: Fri, 8 Jan 2021 19:51:57 +0000 Subject: target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns Git-commit: e4d51ac6921dc861bfb3d20e4c7dcf345840a9da In commit cd8be50e58f63413c0 we converted the A32 coprocessor insns to decodetree. This accidentally broke XScale/iWMMXt insns, because it moved the handling of "cp insns which are handled by looking up the cp register in the hashtable" from after the call to the legacy disas_xscale_insn() decode to before it, with the result that all XScale/iWMMXt insns now UNDEF. Update valid_cp() so that it knows that on XScale cp 0 and 1 are not standard coprocessor instructions; this will cause the decodetree trans_ functions to ignore them, so that execution will correctly get through to the legacy decode again. Cc: [email protected] Reported-by: Guenter Roeck <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Tested-by: Guenter Roeck <[email protected]> Message-id: [email protected] Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/translate.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/target/arm/translate.c b/target/arm/translate.c index 6d04ca3a8a09818cfbfba706a4c3..8089a4ff7e542204a6a1bf6f5637 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -5275,7 +5275,14 @@ static bool valid_cp(DisasContext *s, int cp) * only cp14 and cp15 are valid, and other values aren't considered * to be in the coprocessor-instruction space at all. v8M still * permits coprocessors 0..7. + * For XScale, we must not decode the XScale cp0, cp1 space as + * a standard coprocessor insn, because we want to fall through to + * the legacy disas_xscale_insn() decoder after decodetree is done. */ + if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) { + return false; + } + if (arm_dc_feature(s, ARM_FEATURE_V8) && !arm_dc_feature(s, ARM_FEATURE_M)) { return cp >= 14; ++++++ target-arm-Fix-MTE0_ACTIVE.patch ++++++ From: Richard Henderson <[email protected]> Date: Mon, 21 Dec 2020 12:44:26 -0800 Subject: target/arm: Fix MTE0_ACTIVE Git-commit: cc97b0019bb590b9b3c2a623e9ebee48831e0ce3 In 50244cc76abc we updated mte_check_fail to match the ARM pseudocode, using the correct EL to select the TCF field. But we failed to update MTE0_ACTIVE the same way, which led to g_assert_not_reached(). Cc: [email protected] Buglink: https://bugs.launchpad.net/bugs/1907137 Signed-off-by: Richard Henderson <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 38cd35c049292d40df5a35854f4b..194d752763b2a74af2e4e45e0a96 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -12927,7 +12927,7 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV) && tbid && !(env->pstate & PSTATE_TCO) - && (sctlr & SCTLR_TCF0) + && (sctlr & SCTLR_TCF) && allocation_tag_access_enabled(env, 0, sctlr)) { flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1); } ++++++ target-arm-Introduce-PREDDESC-field-defi.patch ++++++ From: Richard Henderson <[email protected]> Date: Tue, 12 Jan 2021 20:26:47 -1000 Subject: target/arm: Introduce PREDDESC field definitions Git-commit: b64ee454a4a086ed459bcda4c0bbb54e197841e4 SVE predicate operations cannot use the "usual" simd_desc encoding, because the lengths are not a multiple of 8. But we were abusing the SIMD_* fields to store values anyway. This abuse broke when SIMD_OPRSZ_BITS was modified in e2e7168a214. Introduce a new set of field definitions for exclusive use of predicates, so that it is obvious what kind of predicate we are manipulating. To be used in future patches. Cc: [email protected] Signed-off-by: Richard Henderson <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/internals.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/arm/internals.h b/target/arm/internals.h index 5460678756d3c4e5f34abe5f6411..73698587d6b8eeffd6ccd1515e7a 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -1312,6 +1312,15 @@ void arm_log_exception(int idx); #define LOG2_TAG_GRANULE 4 #define TAG_GRANULE (1 << LOG2_TAG_GRANULE) +/* + * SVE predicates are 1/8 the size of SVE vectors, and cannot use + * the same simd_desc() encoding due to restrictions on size. + * Use these instead. + */ +FIELD(PREDDESC, OPRSZ, 0, 6) +FIELD(PREDDESC, ESZ, 6, 2) +FIELD(PREDDESC, DATA, 8, 24) + /* * The SVE simd_data field, for memory ops, contains either * rd (5 bits) or a shift count (2 bits). ++++++ target-arm-Update-PFIRST-PNEXT-for-pred_.patch ++++++ From: Richard Henderson <[email protected]> Date: Tue, 12 Jan 2021 20:26:48 -1000 Subject: target/arm: Update PFIRST, PNEXT for pred_desc Git-commit: 86300b5d044064046395ae8ed605cc19e63f2a7c These two were odd, in that do_pfirst_pnext passed the count of 64-bit words rather than bytes. Change to pass the standard pred_full_reg_size to avoid confusion. Cc: [email protected] Signed-off-by: Richard Henderson <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/sve_helper.c | 7 ++++--- target/arm/translate-sve.c | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c index 5f037c3a8f8cbc6c093433703153..ff01851bf288009ec3e7585b8e03 100644 --- a/target/arm/sve_helper.c +++ b/target/arm/sve_helper.c @@ -889,8 +889,9 @@ static intptr_t last_active_element(uint64_t *g, intptr_t words, intptr_t esz) return (intptr_t)-1 << esz; } -uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words) +uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t pred_desc) { + intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8); uint32_t flags = PREDTEST_INIT; uint64_t *d = vd, *g = vg; intptr_t i = 0; @@ -914,8 +915,8 @@ uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words) uint32_t HELPER(sve_pnext)(void *vd, void *vg, uint32_t pred_desc) { - intptr_t words = extract32(pred_desc, 0, SIMD_OPRSZ_BITS); - intptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); + intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8); + intptr_t esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); uint32_t flags = PREDTEST_INIT; uint64_t *d = vd, *g = vg, esz_mask; intptr_t i, next; diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c index 0c3a6d21210404a1340e58c9a021..efcb646f729b1dbe4f7989e2fb9d 100644 --- a/target/arm/translate-sve.c +++ b/target/arm/translate-sve.c @@ -1494,10 +1494,10 @@ static bool do_pfirst_pnext(DisasContext *s, arg_rr_esz *a, TCGv_ptr t_pd = tcg_temp_new_ptr(); TCGv_ptr t_pg = tcg_temp_new_ptr(); TCGv_i32 t; - unsigned desc; + unsigned desc = 0; - desc = DIV_ROUND_UP(pred_full_reg_size(s), 8); - desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); + desc = FIELD_DP32(desc, PREDDESC, OPRSZ, pred_full_reg_size(s)); + desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); tcg_gen_addi_ptr(t_pd, cpu_env, pred_full_reg_offset(s, a->rd)); tcg_gen_addi_ptr(t_pg, cpu_env, pred_full_reg_offset(s, a->rn)); ++++++ target-arm-Update-REV-PUNPK-for-pred_des.patch ++++++ From: Richard Henderson <[email protected]> Date: Tue, 12 Jan 2021 20:26:50 -1000 Subject: target/arm: Update REV, PUNPK for pred_desc Git-commit: 70acaafef2e053a312d54c09b6721c730690e72c Update all users of do_perm_pred2 for the new predicate descriptor field definitions. Cc: [email protected] Buglink: https://bugs.launchpad.net/bugs/1908551 Signed-off-by: Richard Henderson <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/sve_helper.c | 8 ++++---- target/arm/translate-sve.c | 13 ++++--------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c index 7eec4b6b73a273ecaf2fc218d8d4..844db08bd577016081329d6c4002 100644 --- a/target/arm/sve_helper.c +++ b/target/arm/sve_helper.c @@ -2036,8 +2036,8 @@ static uint8_t reverse_bits_8(uint8_t x, int n) void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc) { - intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; - int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); + intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); + int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); intptr_t i, oprsz_2 = oprsz / 2; if (oprsz <= 8) { @@ -2066,8 +2066,8 @@ void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc) void HELPER(sve_punpk_p)(void *vd, void *vn, uint32_t pred_desc) { - intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; - intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); + intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); + intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA); uint64_t *d = vd; intptr_t i; diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c index 0baca176a090001de915a7866af4..27402af23c0b58fa94b4ac185951 100644 --- a/target/arm/translate-sve.c +++ b/target/arm/translate-sve.c @@ -2145,19 +2145,14 @@ static bool do_perm_pred2(DisasContext *s, arg_rr_esz *a, bool high_odd, TCGv_ptr t_d = tcg_temp_new_ptr(); TCGv_ptr t_n = tcg_temp_new_ptr(); TCGv_i32 t_desc; - int desc; + uint32_t desc = 0; tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd)); tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn)); - /* Predicate sizes may be smaller and cannot use simd_desc. - We cannot round up, as we do elsewhere, because we need - the exact size for ZIP2 and REV. We retain the style for - the other helpers for consistency. */ - - desc = vsz - 2; - desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); - desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd); + desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz); + desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); + desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd); t_desc = tcg_const_i32(desc); fn(t_d, t_n, t_desc); ++++++ target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch ++++++ From: Richard Henderson <[email protected]> Date: Tue, 12 Jan 2021 20:26:49 -1000 Subject: target/arm: Update ZIP, UZP, TRN for pred_desc Git-commit: f9b0fcceccfc05cde62ff7577fbf2bc13b842414 Update all users of do_perm_pred3 for the new predicate descriptor field definitions. Cc: [email protected] Signed-off-by: Richard Henderson <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- target/arm/sve_helper.c | 18 +++++++++--------- target/arm/translate-sve.c | 12 ++++-------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c index ff01851bf288009ec3e7585b8e03..7eec4b6b73a273ecaf2fc218d8d4 100644 --- a/target/arm/sve_helper.c +++ b/target/arm/sve_helper.c @@ -1868,9 +1868,9 @@ static uint64_t compress_bits(uint64_t x, int n) void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) { - intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; - int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); - intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); + intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); + int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); + intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA); uint64_t *d = vd; intptr_t i; @@ -1929,9 +1929,9 @@ void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) { - intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; - int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); - int odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1) << esz; + intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); + int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); + int odd = FIELD_EX32(pred_desc, PREDDESC, DATA) << esz; uint64_t *d = vd, *n = vn, *m = vm; uint64_t l, h; intptr_t i; @@ -1986,9 +1986,9 @@ void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) void HELPER(sve_trn_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) { - intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; - uintptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); - bool odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); + intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); + int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); + int odd = FIELD_EX32(pred_desc, PREDDESC, DATA); uint64_t *d = vd, *n = vn, *m = vm; uint64_t mask; int shr, shl; diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c index efcb646f729b1dbe4f7989e2fb9d..0baca176a090001de915a7866af4 100644 --- a/target/arm/translate-sve.c +++ b/target/arm/translate-sve.c @@ -2110,19 +2110,15 @@ static bool do_perm_pred3(DisasContext *s, arg_rrr_esz *a, bool high_odd, unsigned vsz = pred_full_reg_size(s); - /* Predicate sizes may be smaller and cannot use simd_desc. - We cannot round up, as we do elsewhere, because we need - the exact size for ZIP2 and REV. We retain the style for - the other helpers for consistency. */ TCGv_ptr t_d = tcg_temp_new_ptr(); TCGv_ptr t_n = tcg_temp_new_ptr(); TCGv_ptr t_m = tcg_temp_new_ptr(); TCGv_i32 t_desc; - int desc; + uint32_t desc = 0; - desc = vsz - 2; - desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); - desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd); + desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz); + desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); + desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd); tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd)); tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn)); ++++++ tcg-Use-memset-for-large-vector-byte-rep.patch ++++++ From: Richard Henderson <[email protected]> Date: Tue, 15 Dec 2020 11:47:59 -0600 Subject: tcg: Use memset for large vector byte replication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-commit: 6d3ef04893bdea3e7aa08be3cce5141902836a31 In f47db80cc07, we handled odd-sized tail clearing for the case of hosts that have vector operations, but did not handle the case of hosts that do not have vector ops. This was ok until e2e7168a214b, which changed the encoding of simd_desc such that the odd sizes are impossible. Add memset as a tcg helper, and use that for all out-of-line byte stores to vectors. This includes, but is not limited to, the tail clearing operation in question. Cc: [email protected] Buglink: https://bugs.launchpad.net/bugs/1907817 Reviewed-by: Philippe Mathieu-Daud?? <[email protected]> Signed-off-by: Richard Henderson <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- accel/tcg/tcg-runtime.h | 11 +++++++++++ include/exec/helper-proto.h | 4 ++++ tcg/tcg-op-gvec.c | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+) diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h index 4eda24e63af46de4873822cdabf5..2e36d6eb0c66393ffa3656e88401 100644 --- a/accel/tcg/tcg-runtime.h +++ b/accel/tcg/tcg-runtime.h @@ -28,6 +28,17 @@ DEF_HELPER_FLAGS_1(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env) DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env) +#ifndef IN_HELPER_PROTO +/* + * Pass calls to memset directly to libc, without a thunk in qemu. + * Do not re-declare memset, especially since we fudge the type here; + * we assume sizeof(void *) == sizeof(size_t), which is true for + * all supported hosts. + */ +#define helper_memset memset +DEF_HELPER_FLAGS_3(memset, TCG_CALL_NO_RWG, ptr, ptr, int, ptr) +#endif /* IN_HELPER_PROTO */ + #ifdef CONFIG_SOFTMMU DEF_HELPER_FLAGS_5(atomic_cmpxchgb, TCG_CALL_NO_WG, diff --git a/include/exec/helper-proto.h b/include/exec/helper-proto.h index a0a8d9aa46f02eaeec1ffdd6a547..659f9298e8fe2935cd3ea9931d44 100644 --- a/include/exec/helper-proto.h +++ b/include/exec/helper-proto.h @@ -35,11 +35,15 @@ dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2), dh_ctype(t3), \ dh_ctype(t4), dh_ctype(t5), dh_ctype(t6), \ dh_ctype(t7)); +#define IN_HELPER_PROTO + #include "helper.h" #include "trace/generated-helpers.h" #include "tcg-runtime.h" #include "plugin-helpers.h" +#undef IN_HELPER_PROTO + #undef DEF_HELPER_FLAGS_0 #undef DEF_HELPER_FLAGS_1 #undef DEF_HELPER_FLAGS_2 diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c index ddbe06b71a81fad997c6348b68d9..1a41dfa90871740669799867f34d 100644 --- a/tcg/tcg-op-gvec.c +++ b/tcg/tcg-op-gvec.c @@ -547,6 +547,9 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz, in_c = dup_const(vece, in_c); if (in_c == 0) { oprsz = maxsz; + vece = MO_8; + } else if (in_c == dup_const(MO_8, in_c)) { + vece = MO_8; } } @@ -628,6 +631,35 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz, /* Otherwise implement out of line. */ t_ptr = tcg_temp_new_ptr(); tcg_gen_addi_ptr(t_ptr, cpu_env, dofs); + + /* + * This may be expand_clr for the tail of an operation, e.g. + * oprsz == 8 && maxsz == 64. The size of the clear is misaligned + * wrt simd_desc and will assert. Simply pass all replicated byte + * stores through to memset. + */ + if (oprsz == maxsz && vece == MO_8) { + TCGv_ptr t_size = tcg_const_ptr(oprsz); + TCGv_i32 t_val; + + if (in_32) { + t_val = in_32; + } else if (in_64) { + t_val = tcg_temp_new_i32(); + tcg_gen_extrl_i64_i32(t_val, in_64); + } else { + t_val = tcg_const_i32(in_c); + } + gen_helper_memset(t_ptr, t_ptr, t_val, t_size); + + if (!in_32) { + tcg_temp_free_i32(t_val); + } + tcg_temp_free_ptr(t_size); + tcg_temp_free_ptr(t_ptr); + return; + } + t_desc = tcg_const_i32(simd_desc(oprsz, maxsz, 0)); if (vece == MO_64) { ++++++ tests-Fix-block-tests-to-be-compatible-w.patch ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.701917778 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.701917778 +0100 @@ -84,7 +84,7 @@ echo echo "== Detecting -U and force-share conflicts ==" diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out -index fcaa71aeeebd855d684d8056410f..8fbc7413e716462a4f196c39db5e 100644 +index ff8e55864a53501197bb4a66bf99..4e9c4607bdb3d46c24bad9e80f64 100644 --- a/tests/qemu-iotests/153.out +++ b/tests/qemu-iotests/153.out @@ -424,6 +424,8 @@ Is another process using the image [TEST_DIR/t.qcow2]? @@ -94,9 +94,9 @@ +{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}} +{"return": {}} Adding drive - { 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } - {"return": "OKrn"} -@@ -457,6 +459,8 @@ Closing the other + { 'execute': 'human-monitor-command', + 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } +@@ -463,6 +465,8 @@ Closing the other {"return": ""} _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 ++++++ tests-qemu-iotests-Triple-timeout-of-i-o.patch ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.717917800 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.717917800 +0100 @@ -13,7 +13,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu -index de680cf1c7c92e50b82aa2bc0262..4f2557cc568beed038223af7660b 100644 +index ef105dfc393e96c6ef2f34c1466d..3ecff3edfa7569d49ec7d81c2195 100644 --- a/tests/qemu-iotests/common.qemu +++ b/tests/qemu-iotests/common.qemu @@ -76,7 +76,7 @@ _timed_wait_for() ++++++ ui-vnc-Add-missing-lock-for-send_color_m.patch ++++++ From: Peng Liang <[email protected]> Date: Mon, 16 Nov 2020 22:13:38 +0800 Subject: ui/vnc: Add missing lock for send_color_map Git-commit: 947191b4312a547621566d77d7b922d9e13bb63d vnc_write() should be locked after the RFB protocol is initialized. Fixes: 0c426e4534b4 ("vnc: Add support for color map") Cc: [email protected] Reported-by: Euler Robot <[email protected]> Signed-off-by: Peng Liang <[email protected]> Message-id: [email protected] Signed-off-by: Gerd Hoffmann <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- ui/vnc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ui/vnc.c b/ui/vnc.c index 49235056f7a893f5f7c86500afbc..ca3fc376aeb547681e5a26a480b6 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2156,6 +2156,7 @@ static void send_color_map(VncState *vs) { int i; + vnc_lock_output(vs); vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); vnc_write_u8(vs, 0); /* padding */ vnc_write_u16(vs, 0); /* first color */ @@ -2168,6 +2169,7 @@ static void send_color_map(VncState *vs) vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); } + vnc_unlock_output(vs); } static void set_pixel_format(VncState *vs, int bits_per_pixel, ++++++ update_git.sh ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.741917833 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.741917833 +0100 @@ -159,10 +159,10 @@ rm -rf $BUNDLE_DIR mkdir -p $BUNDLE_DIR tar xJf bundles.tar.xz -C $BUNDLE_DIR -BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$") +ID_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "id$") -for entry in ${BUNDLE_FILES[@]}; do - if [[ $entry =~ ^(.*)[/]*([a-f0-9]{40})[.]bundle$ ]]; then +for entry in ${ID_FILES[@]}; do + if [[ $entry =~ ^(.*)[/]*([a-f0-9]{40})[.]id$ ]]; then SUBDIR=${BASH_REMATCH[1]} GITREPO_COMMIT_ISH=${BASH_REMATCH[2]} else @@ -175,20 +175,29 @@ break fi done + if [[ "$i" = "REPO_COUNT" ]]; then + echo "ERROR! BUNDLE SUBPROJECT NOT MENTIONED IN config.sh! Fix!" + exit + fi LOCAL_REPO=$(readlink -f ${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]}) if [ -e $LOCAL_REPO ]; then git -C $LOCAL_REPO remote remove bundlerepo || true - # git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?) + # git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?) git -C $LOCAL_REPO checkout master -f git -C $LOCAL_REPO branch -D frombundle || true - git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$entry - git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD - git -C $LOCAL_REPO branch frombundle FETCH_HEAD - git -C $LOCAL_REPO remote remove bundlerepo + if [ -e $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle ]; then + git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle + git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD + git -C $LOCAL_REPO branch frombundle FETCH_HEAD + git -C $LOCAL_REPO remote remove bundlerepo + fi else - echo "No local repo $LOCAL_REPO corresponding to archived git bundle!" - exit + if [ -e $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle ]; then + # TODO: We should be able to handle this case with some more coding, but for now... + echo "No local repo $LOCAL_REPO available to process git bundle! Please create one" + exit + fi fi done rm -rf $BUNDLE_DIR @@ -265,7 +274,7 @@ # MOVE BUNDLE COMMITS OVER TO LOCAL frombundle BRANCH #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -bundle2local +bundle2local #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # REBASE frombundle patches USING COMMIT_IDS_BY_SUBMODULE, ALSO USING OLD ID'S STORED IN OLD BUNDLE @@ -282,7 +291,7 @@ if [[ $GITREPO_COMMIT_ISH =~ .*(.{40})[.]id ]]; then GITREPO_COMMIT_ISH=${BASH_REMATCH[1]} fi - git -C ${LOCAL_REPO_MAP[$i]} checkout frombundle -f + git -C ${LOCAL_REPO_MAP[$i]} checkout -f frombundle git -C ${LOCAL_REPO_MAP[$i]} branch -D $GIT_BRANCH git -C ${LOCAL_REPO_MAP[$i]} checkout -b $GIT_BRANCH if [[ "$SUBDIR" = "" ]]; then @@ -309,9 +318,9 @@ rm -rf $BUNDLE_DIR mkdir -p $BUNDLE_DIR -#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# NOW PROCESS BUNDLES INTO COMMITS AND FILL SPEC FILE -#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# CONVERT BUNDLES INTO COMMITS AND FILL SPEC FILE +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! tar xJf bundles.tar.xz -C $BUNDLE_DIR BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$") @@ -588,6 +597,7 @@ rm -rf checkdir osc service localrun format_spec_file +sed -i 's/^# spec file for package qemu$/# spec file for package qemu%{name_suffix}/g' qemu.spec } #============================================================================== @@ -739,7 +749,7 @@ echo "be lost. Then run script again without the continue option" exit fi - redo_tarball_and_rebase_patches &> /tmp/latest.log + redo_tarball_and_rebase_patches &> /tmp/latest.log # This includes a bundle2local if [[ "$REBASE_FAILS" ]]; then echo "ERROR! Rebase of the $GIT_BRANCH branch failed in the following local git repos:" echo $REBASE_FAILS ++++++ virtio-move-use-disabled-flag-property-t.patch ++++++ From: Stefano Garzarella <[email protected]> Date: Fri, 8 Jan 2021 18:12:52 +0100 Subject: virtio: move 'use-disabled-flag' property to hw_compat_4_2 Git-commit: c126b4c57e0164549de606ca35d1512762051083 Commit 9d7bd0826f introduced a new 'use-disabled-flag' property set to true by default. To allow the migration, we set this property to false in the hw_compat, but in the wrong place (hw_compat_4_1). Since commit 9d7bd0826f was released with QEMU 5.0, we move 'use-disabled-flag' property to hw_compat_4_2, so 4.2 machine types will have the pre-patch behavior and the migration can work. The issue was discovered with vhost-vsock device and 4.2 machine type without running any kernel in the VM: $ qemu-4.2 -M pc-q35-4.2,accel=kvm \ -device vhost-vsock-pci,guest-cid=4 \ -monitor stdio -incoming tcp:0:3333 $ qemu-5.2 -M pc-q35-4.2,accel=kvm \ -device vhost-vsock-pci,guest-cid=3 \ -monitor stdio (qemu) migrate -d tcp:0:3333 # qemu-4.2 output qemu-system-x86_64: Failed to load virtio-vhost_vsock:virtio qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-vhost_vsock' qemu-system-x86_64: load of migration failed: No such file or directory Reported-by: Jing Zhao <[email protected]> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1907255 Fixes: 9d7bd0826f ("virtio-pci: disable vring processing when bus-mastering is disabled") Cc: [email protected] CC: [email protected] Signed-off-by: Stefano Garzarella <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- hw/core/machine.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/core/machine.c b/hw/core/machine.c index d0408049b53c795d095ca7ec8c28..9e83400ecbfdd1c8ab20a54ff39c 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -62,12 +62,12 @@ GlobalProperty hw_compat_4_2[] = { { "qxl", "revision", "4" }, { "qxl-vga", "revision", "4" }, { "fw_cfg", "acpi-mr-restore", "false" }, + { "virtio-device", "use-disabled-flag", "false" }, }; const size_t hw_compat_4_2_len = G_N_ELEMENTS(hw_compat_4_2); GlobalProperty hw_compat_4_1[] = { { "virtio-pci", "x-pcie-flr-init", "off" }, - { "virtio-device", "use-disabled-flag", "false" }, }; const size_t hw_compat_4_1_len = G_N_ELEMENTS(hw_compat_4_1); ++++++ xen-add-block-resize-support-for-xen-dis.patch ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.761917861 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.761917861 +0100 @@ -15,7 +15,7 @@ 1 file changed, 3 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 1a379e8771faee970808dd2efd89..310b9639e06b0d543f22652fadd9 100644 +index 5f96036c98cc2eada06186ff181c..903633e028266d6c7e73239672b0 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -270,6 +270,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp) ++++++ xen_disk-Add-suse-specific-flush-disable.patch ++++++ --- /var/tmp/diff_new_pack.65b40n/_old 2021-02-11 12:52:22.777917883 +0100 +++ /var/tmp/diff_new_pack.65b40n/_new 2021-02-11 12:52:22.777917883 +0100 @@ -18,7 +18,7 @@ 1 file changed, 12 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 8a7a3f54523ed050587c3e2047de..1a379e8771faee970808dd2efd89 100644 +index 20b23c699bc1cb4cd796bf352c45..5f96036c98cc2eada06186ff181c 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -729,6 +729,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
