[Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?

[Launchpad Bug Tracker]

This bug was fixed in the package qemu - 1:4.2-3ubuntu6.19

---
qemu (1:4.2-3ubuntu6.19) focal; urgency=medium

  * d/p/u/lp-1749393-linux-user-Reserve-space-for-brk.patch: fix static
use cases needing a lot of brk space (LP: #1749393)
  * d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
fix uretprobe in s390x TCG (LP: #1929926)

 -- Christian Ehrhardt   Mon, 26 Apr
2021 11:11:19 +0200

** Changed in: qemu (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393

Title:
  sbrk() not working under qemu-user with a PIE-compiled binary?

Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Focal:
  Fix Released

Bug description:
  [Impact]

   * The current space reserved can be too small and we can end up
     with no space at all for BRK. It can happen to any case, but is
     much more likely with the now common PIE binaries.

   * Backport the upstream fix which reserves a bit more space while loading
     and giving it back after interpreter and stack is loaded.

  [Test Plan]

   * On x86 run:
  sudo apt install -y qemu-user-static docker.io
  sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt 
install -y wget'
  ...
  Running hooks in /etc/ca-certificates/update.d...
  done.
  Errors were encountered while processing:
   libc-bin
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  
  Second test from bug 1928075

  $ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
  http://ftp.debian.org/debian

  In the bad case this is failing like
  W: Failure trying to run: /sbin/ldconfig
  W: See //debootstrap/debootstrap.log for detail

  And in that log file you'll see the segfault
  $ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault (core dumped)

  [Where problems could occur]

   * Regressions would be around use-cases of linux-user that is
     emulation not of a system but of binaries.
     Commonly uses for cross-tests and cross-builds so that is the
     space to watch for regressions

  [Other Info]

   * n/a

  ---

  In Debian unstable, we recently switched bash to be a PIE-compiled
  binary (for hardening). Unfortunately this resulted in bash being
  broken when run under qemu-user (for all target architectures, host
  being amd64 for me).

  $ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
  bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)

  bash has its own malloc implementation based on sbrk():
  https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c

  When we disable this internal implementation and rely on glibc's
  malloc, then everything is fine. But it might be that glibc has a
  fallback when sbrk() is not working properly and it might hide the
  underlying problem in qemu-user.

  This issue has also been reported to the bash upstream author and he 
suggested that the issue might be in qemu-user so I'm opening a ticket here. 
Here's the discussion with the bash upstream author:
  https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080

  You can find the problematic bash binary in that .deb file:
  
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb

  The version of qemu I have been using is 2.11 (Debian package qemu-
  user-static version 1:2.11+dfsg-1) but I have had reports that the
  problem is reproducible with older versions (back to 2.8 at least).

  Here are the related Debian bug reports:
  https://bugs.debian.org/889869
  https://bugs.debian.org/865599

  It's worth noting that bash used to have this problem (when compiled as a PIE 
binary) even when run directly but then something got fixed in the kernel and 
now the problem only appears when run under qemu-user:
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions

[Bug 1761798] Re: live migration intermittently fails in CI with "VQ 0 size 0x80 Guest index 0x12c inconsistent with Host index 0x134: delta 0xfff8"

[Launchpad Bug Tracker]

[Expired for OpenStack Compute (nova) because there has been no activity
for 60 days.]

** Changed in: nova
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1761798

Title:
  live migration intermittently fails in CI with "VQ 0 size 0x80 Guest
  index 0x12c inconsistent with Host index 0x134: delta 0xfff8"

Status in OpenStack Compute (nova):
  Expired
Status in QEMU:
  Expired

Bug description:
  Seen here:

  http://logs.openstack.org/37/522537/20/check/legacy-tempest-dsvm-
  multinode-live-
  migration/8de6e74/logs/subnode-2/libvirt/qemu/instance-0002.txt.gz

  2018-04-05T21:48:38.205752Z qemu-system-x86_64: -chardev 
pty,id=charserial0,logfile=/dev/fdset/1,logappend=on: char device redirected to 
/dev/pts/0 (label charserial0)
  warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
  2018-04-05T21:48:43.153268Z qemu-system-x86_64: VQ 0 size 0x80 Guest index 
0x12c inconsistent with Host index 0x134: delta 0xfff8
  2018-04-05T21:48:43.153288Z qemu-system-x86_64: Failed to load 
virtio-blk:virtio
  2018-04-05T21:48:43.153292Z qemu-system-x86_64: error while loading state for 
instance 0x0 of device ':00:04.0/virtio-blk'
  2018-04-05T21:48:43.153347Z qemu-system-x86_64: load of migration failed: 
Operation not permitted
  2018-04-05 21:48:43.198+: shutting down, reason=crashed

  And in the n-cpu logs on the other host:

  http://logs.openstack.org/37/522537/20/check/legacy-tempest-dsvm-
  multinode-live-migration/8de6e74/logs/screen-n-
  cpu.txt.gz#_Apr_05_21_48_43_257541

  There is a related Red Hat bug:

  https://bugzilla.redhat.com/show_bug.cgi?id=1450524

  The CI job failures are at present using the Pike UCA:

  ii  libvirt-bin 3.6.0-1ubuntu6.2~cloud0

  ii  qemu-system-x86 1:2.10+dfsg-0ubuntu3.5~cloud0

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1761798/+subscriptions

[Bug 1761798] Re: live migration intermittently fails in CI with "VQ 0 size 0x80 Guest index 0x12c inconsistent with Host index 0x134: delta 0xfff8"

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1761798

Title:
  live migration intermittently fails in CI with "VQ 0 size 0x80 Guest
  index 0x12c inconsistent with Host index 0x134: delta 0xfff8"

Status in OpenStack Compute (nova):
  Expired
Status in QEMU:
  Expired

Bug description:
  Seen here:

  http://logs.openstack.org/37/522537/20/check/legacy-tempest-dsvm-
  multinode-live-
  migration/8de6e74/logs/subnode-2/libvirt/qemu/instance-0002.txt.gz

  2018-04-05T21:48:38.205752Z qemu-system-x86_64: -chardev 
pty,id=charserial0,logfile=/dev/fdset/1,logappend=on: char device redirected to 
/dev/pts/0 (label charserial0)
  warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
  2018-04-05T21:48:43.153268Z qemu-system-x86_64: VQ 0 size 0x80 Guest index 
0x12c inconsistent with Host index 0x134: delta 0xfff8
  2018-04-05T21:48:43.153288Z qemu-system-x86_64: Failed to load 
virtio-blk:virtio
  2018-04-05T21:48:43.153292Z qemu-system-x86_64: error while loading state for 
instance 0x0 of device ':00:04.0/virtio-blk'
  2018-04-05T21:48:43.153347Z qemu-system-x86_64: load of migration failed: 
Operation not permitted
  2018-04-05 21:48:43.198+: shutting down, reason=crashed

  And in the n-cpu logs on the other host:

  http://logs.openstack.org/37/522537/20/check/legacy-tempest-dsvm-
  multinode-live-migration/8de6e74/logs/screen-n-
  cpu.txt.gz#_Apr_05_21_48_43_257541

  There is a related Red Hat bug:

  https://bugzilla.redhat.com/show_bug.cgi?id=1450524

  The CI job failures are at present using the Pike UCA:

  ii  libvirt-bin 3.6.0-1ubuntu6.2~cloud0

  ii  qemu-system-x86 1:2.10+dfsg-0ubuntu3.5~cloud0

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1761798/+subscriptions

[Bug 1921664] Re: Coroutines are racy for risc64 emu on arm64 - crash on Assertion

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1921664

Title:
  Coroutines are racy for risc64 emu on arm64 - crash on Assertion

Status in QEMU:
  Expired
Status in qemu package in Ubuntu:
  Expired

Bug description:
  Note: this could as well be "riscv64 on arm64" for being slow@slow and affect
  other architectures as well.

  The following case triggers on a Raspberry Pi4 running with arm64 on
  Ubuntu 21.04 [1][2]. It might trigger on other environments as well,
  but that is what we have seen it so far.

 $ wget 
https://github.com/carlosedp/riscv-bringup/releases/download/v1.0/UbuntuFocal-riscv64-QemuVM.tar.gz
 $ tar xzf UbuntuFocal-riscv64-QemuVM.tar.gz
 $ ./run_riscvVM.sh
  (wait ~2 minutes)
 [ OK ] Reached target Local File Systems (Pre).
 [ OK ] Reached target Local File Systems.
  Starting udev Kernel Device Manager...
  qemu-system-riscv64: ../../util/qemu-coroutine-lock.c:57: 
qemu_co_queue_wait_impl: Assertion `qemu_in_coroutine()' failed.

  This is often, but not 100% reproducible and the cases differ slightly we
  see either of:
  - qemu-system-riscv64: ../../util/qemu-coroutine-lock.c:57: 
qemu_co_queue_wait_impl: Assertion `qemu_in_coroutine()' failed.
  - qemu-system-riscv64: ../../block/aio_task.c:64: aio_task_pool_wait_one: 
Assertion `qemu_coroutine_self() == pool->main_co' failed.

  Rebuilding working cases has shown to make them fail, as well as rebulding
  (or even reinstalling) bad cases has made them work. Also the same builds on
  different arm64 CPUs behave differently. TL;DR: The full list of conditions
  influencing good/bad case here are not yet known.

  [1]: 
https://ubuntu.com/tutorials/how-to-install-ubuntu-on-your-raspberry-pi#1-overview
  [2]: 
http://cdimage.ubuntu.com/daily-preinstalled/pending/hirsute-preinstalled-desktop-arm64+raspi.img.xz

  
  --- --- original report --- ---

  I regularly run a RISC-V (RV64GC) QEMU VM, but an update a few days
  ago broke it.  Now when I launch it, it hits an assertion:

  OpenSBI v0.6
     _  _
    / __ \  / |  _ \_   _|
   | |  | |_ __   ___ _ __ | (___ | |_) || |
   | |  | | '_ \ / _ \ '_ \ \___ \|  _ < | |
   | |__| | |_) |  __/ | | |) | |_) || |_
    \/| .__/ \___|_| |_|_/|/_|
  | |
  |_|

  ...
  Found /boot/extlinux/extlinux.conf
  Retrieving file: /boot/extlinux/extlinux.conf
  618 bytes read in 2 ms (301.8 KiB/s)
  RISC-V Qemu Boot Options
  1:  Linux kernel-5.5.0-dirty
  2:  Linux kernel-5.5.0-dirty (recovery mode)
  Enter choice: 1:Linux kernel-5.5.0-dirty
  Retrieving file: /boot/initrd.img-5.5.0-dirty
  qemu-system-riscv64: ../../block/aio_task.c:64: aio_task_pool_wait_one: 
Assertion `qemu_coroutine_self() == pool->main_co' failed.
  ./run.sh: line 31:  1604 Aborted (core dumped) 
qemu-system-riscv64 -machine virt -nographic -smp 8 -m 8G -bios fw_payload.bin 
-device virtio-blk-devi
  ce,drive=hd0 -object rng-random,filename=/dev/urandom,id=rng0 -device 
virtio-rng-device,rng=rng0 -drive 
file=riscv64-UbuntuFocal-qemu.qcow2,format=qcow2,id=hd0 -devi
  ce virtio-net-device,netdev=usernet -netdev user,id=usernet,$ports

  Interestingly this doesn't happen on the AMD64 version of Ubuntu 21.04
  (fully updated).

  Think you have everything already, but just in case:

  $ lsb_release -rd
  Description:Ubuntu Hirsute Hippo (development branch)
  Release:21.04

  $ uname -a
  Linux minimacvm 5.11.0-11-generic #12-Ubuntu SMP Mon Mar 1 19:27:36 UTC 2021 
aarch64 aarch64 aarch64 GNU/Linux
  (note this is a VM running on macOS/M1)

  $ apt-cache policy qemu
  qemu:
    Installed: 1:5.2+dfsg-9ubuntu1
    Candidate: 1:5.2+dfsg-9ubuntu1
    Version table:
   *** 1:5.2+dfsg-9ubuntu1 500
  500 http://ports.ubuntu.com/ubuntu-ports hirsute/universe arm64 
Packages
  100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 21.04
  Package: qemu 1:5.2+dfsg-9ubuntu1
  ProcVersionSignature: Ubuntu 5.11.0-11.12-generic 5.11.0
  Uname: Linux 5.11.0-11-generic aarch64
  ApportVersion: 2.20.11-0ubuntu61
  Architecture: arm64
  CasperMD5CheckResult: unknown
  CurrentDmesg:
   Error: command ['pkexec', 'dmesg'] failed with exit code 127: 
polkit-agent-helper-1: error response to PolicyKit daemon: 
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
   Error executing command as another user: Not authorized

   This incident has been reported.
  Date: Mon Mar 29 02:33:25 2021
  Dependencies:

  KvmCmdLine: COMMAND STAT  EUID  RUID PIDPPID %CPU COMMAND
  Lspci-vt:
   -[:00]-+-00.0  Apple Inc. Device f020
  +-01.0  Red Hat, Inc. Virtio network device
  +-05.0  

[Bug 1921664] Re: Coroutines are racy for risc64 emu on arm64 - crash on Assertion

[Launchpad Bug Tracker]

[Expired for qemu (Ubuntu) because there has been no activity for 60
days.]

** Changed in: qemu (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1921664

Title:
  Coroutines are racy for risc64 emu on arm64 - crash on Assertion

Status in QEMU:
  Expired
Status in qemu package in Ubuntu:
  Expired

Bug description:
  Note: this could as well be "riscv64 on arm64" for being slow@slow and affect
  other architectures as well.

  The following case triggers on a Raspberry Pi4 running with arm64 on
  Ubuntu 21.04 [1][2]. It might trigger on other environments as well,
  but that is what we have seen it so far.

 $ wget 
https://github.com/carlosedp/riscv-bringup/releases/download/v1.0/UbuntuFocal-riscv64-QemuVM.tar.gz
 $ tar xzf UbuntuFocal-riscv64-QemuVM.tar.gz
 $ ./run_riscvVM.sh
  (wait ~2 minutes)
 [ OK ] Reached target Local File Systems (Pre).
 [ OK ] Reached target Local File Systems.
  Starting udev Kernel Device Manager...
  qemu-system-riscv64: ../../util/qemu-coroutine-lock.c:57: 
qemu_co_queue_wait_impl: Assertion `qemu_in_coroutine()' failed.

  This is often, but not 100% reproducible and the cases differ slightly we
  see either of:
  - qemu-system-riscv64: ../../util/qemu-coroutine-lock.c:57: 
qemu_co_queue_wait_impl: Assertion `qemu_in_coroutine()' failed.
  - qemu-system-riscv64: ../../block/aio_task.c:64: aio_task_pool_wait_one: 
Assertion `qemu_coroutine_self() == pool->main_co' failed.

  Rebuilding working cases has shown to make them fail, as well as rebulding
  (or even reinstalling) bad cases has made them work. Also the same builds on
  different arm64 CPUs behave differently. TL;DR: The full list of conditions
  influencing good/bad case here are not yet known.

  [1]: 
https://ubuntu.com/tutorials/how-to-install-ubuntu-on-your-raspberry-pi#1-overview
  [2]: 
http://cdimage.ubuntu.com/daily-preinstalled/pending/hirsute-preinstalled-desktop-arm64+raspi.img.xz

  
  --- --- original report --- ---

  I regularly run a RISC-V (RV64GC) QEMU VM, but an update a few days
  ago broke it.  Now when I launch it, it hits an assertion:

  OpenSBI v0.6
     _  _
    / __ \  / |  _ \_   _|
   | |  | |_ __   ___ _ __ | (___ | |_) || |
   | |  | | '_ \ / _ \ '_ \ \___ \|  _ < | |
   | |__| | |_) |  __/ | | |) | |_) || |_
    \/| .__/ \___|_| |_|_/|/_|
  | |
  |_|

  ...
  Found /boot/extlinux/extlinux.conf
  Retrieving file: /boot/extlinux/extlinux.conf
  618 bytes read in 2 ms (301.8 KiB/s)
  RISC-V Qemu Boot Options
  1:  Linux kernel-5.5.0-dirty
  2:  Linux kernel-5.5.0-dirty (recovery mode)
  Enter choice: 1:Linux kernel-5.5.0-dirty
  Retrieving file: /boot/initrd.img-5.5.0-dirty
  qemu-system-riscv64: ../../block/aio_task.c:64: aio_task_pool_wait_one: 
Assertion `qemu_coroutine_self() == pool->main_co' failed.
  ./run.sh: line 31:  1604 Aborted (core dumped) 
qemu-system-riscv64 -machine virt -nographic -smp 8 -m 8G -bios fw_payload.bin 
-device virtio-blk-devi
  ce,drive=hd0 -object rng-random,filename=/dev/urandom,id=rng0 -device 
virtio-rng-device,rng=rng0 -drive 
file=riscv64-UbuntuFocal-qemu.qcow2,format=qcow2,id=hd0 -devi
  ce virtio-net-device,netdev=usernet -netdev user,id=usernet,$ports

  Interestingly this doesn't happen on the AMD64 version of Ubuntu 21.04
  (fully updated).

  Think you have everything already, but just in case:

  $ lsb_release -rd
  Description:Ubuntu Hirsute Hippo (development branch)
  Release:21.04

  $ uname -a
  Linux minimacvm 5.11.0-11-generic #12-Ubuntu SMP Mon Mar 1 19:27:36 UTC 2021 
aarch64 aarch64 aarch64 GNU/Linux
  (note this is a VM running on macOS/M1)

  $ apt-cache policy qemu
  qemu:
    Installed: 1:5.2+dfsg-9ubuntu1
    Candidate: 1:5.2+dfsg-9ubuntu1
    Version table:
   *** 1:5.2+dfsg-9ubuntu1 500
  500 http://ports.ubuntu.com/ubuntu-ports hirsute/universe arm64 
Packages
  100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 21.04
  Package: qemu 1:5.2+dfsg-9ubuntu1
  ProcVersionSignature: Ubuntu 5.11.0-11.12-generic 5.11.0
  Uname: Linux 5.11.0-11-generic aarch64
  ApportVersion: 2.20.11-0ubuntu61
  Architecture: arm64
  CasperMD5CheckResult: unknown
  CurrentDmesg:
   Error: command ['pkexec', 'dmesg'] failed with exit code 127: 
polkit-agent-helper-1: error response to PolicyKit daemon: 
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
   Error executing command as another user: Not authorized

   This incident has been reported.
  Date: Mon Mar 29 02:33:25 2021
  Dependencies:

  KvmCmdLine: COMMAND STAT  EUID  RUID PIDPPID %CPU COMMAND
  Lspci-vt:
   -[:00]-+-00.0  Apple Inc. Device f020
  +-01.0  Red Hat, Inc. Virtio network device
   

[Bug 1770417] Re: Qemu can not parse long fqdns during drive-mirror

[Launchpad Bug Tracker]

[Expired for qemu (Ubuntu) because there has been no activity for 60
days.]

** Changed in: qemu (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1770417

Title:
  Qemu can not parse long fqdns during drive-mirror

Status in QEMU:
  Expired
Status in qemu package in Ubuntu:
  Expired

Bug description:
  During migration of an openstack booted instance, I got the following
  error:

  Apr 12 10:55:22 cmp1 libvirtd[4133]: 2018-04-12 10:55:22.133+:
  4139: error : qemuMonitorJSONCheckError:392 : internal error: unable
  to execute QEMU command 'drive-mirror': error parsing address
  'cmp0.sandriichenko-deploy-heat-virtual-mcp-pike-ovs-76.bud-
  mk.local:49153'

  A bit more info in libvirt bug
  https://bugzilla.redhat.com/show_bug.cgi?id=1568939

  To reproduce it with qemu only, I followed the guide at
  https://github.com/qemu/qemu/blob/master/docs/interop/live-block-
  operations.rst#id21. On dest and source compute nodes, I launched an
  instance:

  qemu-system-x86_64 -display none -nodefconfig -M q35 -nodefaults -m
  512 -blockdev node-name=node-
  TargetDisk,driver=qcow2,file.driver=file,file.node-
  name=file,file.filename=./test-instance-mirror.qcow2 -device virtio-
  blk,drive=node-TargetDisk,id=virtio0 -S -monitor stdio -qmp
  unix:./qmp-sock,server,nowait -incoming tcp:localhost:

  Then on dest node I launched nbd server:

  (qemu) nbd_server_start cmp0:49153
  (qemu) nbd_server_add -w node-TargetDisk

  On the source node:

  (qemu) drive_mirror -n  node-TargetDisk 
nbd:cmp0.vdrok-deploy-heat-virtual-mcp-pike-ovs-foobarbuzz.bud-mk.local:49153:exportname=node-TargetDisk
  error parsing address 
'cmp0.vdrok-deploy-heat-virtual-mcp-pike-ovs-foobarbuzz.bud-mk.local:49153'

  When using short host name instead of FQDN address seems to be parsed
  fine:

  (qemu) drive_mirror -n  node-TargetDisk 
nbd:cmp0:49153:exportname=node-TargetDisk qcow2
  Image is not in qcow2 format

  (not sure why it is not a qcow2 format, as I have qcow2 image with raw
  backing file, but this is unrelated)

  QEMU version is 2.11.1 from bionic

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1770417/+subscriptions

[Bug 1770417] Re: Qemu can not parse long fqdns during drive-mirror

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1770417

Title:
  Qemu can not parse long fqdns during drive-mirror

Status in QEMU:
  Expired
Status in qemu package in Ubuntu:
  Expired

Bug description:
  During migration of an openstack booted instance, I got the following
  error:

  Apr 12 10:55:22 cmp1 libvirtd[4133]: 2018-04-12 10:55:22.133+:
  4139: error : qemuMonitorJSONCheckError:392 : internal error: unable
  to execute QEMU command 'drive-mirror': error parsing address
  'cmp0.sandriichenko-deploy-heat-virtual-mcp-pike-ovs-76.bud-
  mk.local:49153'

  A bit more info in libvirt bug
  https://bugzilla.redhat.com/show_bug.cgi?id=1568939

  To reproduce it with qemu only, I followed the guide at
  https://github.com/qemu/qemu/blob/master/docs/interop/live-block-
  operations.rst#id21. On dest and source compute nodes, I launched an
  instance:

  qemu-system-x86_64 -display none -nodefconfig -M q35 -nodefaults -m
  512 -blockdev node-name=node-
  TargetDisk,driver=qcow2,file.driver=file,file.node-
  name=file,file.filename=./test-instance-mirror.qcow2 -device virtio-
  blk,drive=node-TargetDisk,id=virtio0 -S -monitor stdio -qmp
  unix:./qmp-sock,server,nowait -incoming tcp:localhost:

  Then on dest node I launched nbd server:

  (qemu) nbd_server_start cmp0:49153
  (qemu) nbd_server_add -w node-TargetDisk

  On the source node:

  (qemu) drive_mirror -n  node-TargetDisk 
nbd:cmp0.vdrok-deploy-heat-virtual-mcp-pike-ovs-foobarbuzz.bud-mk.local:49153:exportname=node-TargetDisk
  error parsing address 
'cmp0.vdrok-deploy-heat-virtual-mcp-pike-ovs-foobarbuzz.bud-mk.local:49153'

  When using short host name instead of FQDN address seems to be parsed
  fine:

  (qemu) drive_mirror -n  node-TargetDisk 
nbd:cmp0:49153:exportname=node-TargetDisk qcow2
  Image is not in qcow2 format

  (not sure why it is not a qcow2 format, as I have qcow2 image with raw
  backing file, but this is unrelated)

  QEMU version is 2.11.1 from bionic

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1770417/+subscriptions

[Bug 1858814] Re: 'make -C roms efi' does not update edk2 submodules

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1858814

Title:
  'make -C roms efi' does not update edk2 submodules

Status in QEMU:
  Expired

Bug description:
  On a fresh clone, 'make -C roms efi' fails because submodule is not
  initialized [1]:

  
/builds/philmd/qemu/roms/edk2/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf(-1):
 error 000E: File/directory not found in workspace
  /builds/philmd/qemu/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/e_os.h
  - Failed -

  Laszlo suggested [2] it is possibly a regression from commit f3e330e3c319:
  "roms/Makefile.edk2: don't pull in submodules when building from tarball"

  [1] https://gitlab.com/philmd/qemu/-/jobs/395644357#L436
  [2] https://www.mail-archive.com/qemu-devel@nongnu.org/msg668929.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1858814/+subscriptions

[Bug 1880763] Re: Missing page crossing check in use_goto_tb() for rx target

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880763

Title:
  Missing page crossing check in use_goto_tb() for rx target

Status in QEMU:
  Expired

Bug description:
  Currently the rx target doesn't have the page crossing check in its 
  use_goto_tb() function. 
  This is a required feature for stable system mode emulations that all 
  other targets implement.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880763/+subscriptions

[Bug 1913668] Re: FPE in npcm7xx_pwm_calculate_freq

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1913668

Title:
  FPE in npcm7xx_pwm_calculate_freq

Status in QEMU:
  Expired

Bug description:
  Reproducer:
  cat << EOF | ./qemu-system-aarch64 -M npcm750-evb \
  -accel qtest -qtest stdio
  write 0xf0103008 0x4 0x0900
  write 0xf010300c 0x4 0x
  EOF

  Trace:
  ../hw/misc/npcm7xx_pwm.c:94:17: runtime error: division by zero
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
../hw/misc/npcm7xx_pwm.c:94:17 in
  AddressSanitizer:DEADLYSIGNAL
  =
  ==717868==ERROR: AddressSanitizer: FPE on unknown address 0x5597c7190150 (pc 
0x5597c7190150 bp 0x7fffcb17c5d0 sp 0x7fffcb17c4e0 T0)
  #0 0x5597c7190150 in npcm7xx_pwm_calculate_freq /hw/misc/npcm7xx_pwm.c:94:17
  #1 0x5597c7190150 in npcm7xx_pwm_update_freq /hw/misc/npcm7xx_pwm.c:122:21
  #2 0x5597c718f06d in npcm7xx_pwm_write /hw/misc/npcm7xx_pwm.c
  #3 0x5597c8d241fe in memory_region_write_accessor /softmmu/memory.c:491:5
  #4 0x5597c8d23bfb in access_with_adjusted_size /softmmu/memory.c:552:18
  #5 0x5597c8d23467 in memory_region_dispatch_write /softmmu/memory.c
  #6 0x5597c90b3ffb in flatview_write_continue /softmmu/physmem.c:2759:23
  #7 0x5597c90a971b in flatview_write /softmmu/physmem.c:2799:14
  #8 0x5597c90a971b in address_space_write /softmmu/physmem.c:2891:18
  #9 0x5597c8d11eee in qtest_process_command /softmmu/qtest.c:539:13
  #10 0x5597c8d0eb97 in qtest_process_inbuf /softmmu/qtest.c:797:9
  #11 0x5597c955f286 in fd_chr_read /chardev/char-fd.c:68:9
  #12 0x7f994c124aae in g_main_context_dispatch 
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51aae)
  #13 0x5597c9bba363 in glib_pollfds_poll /util/main-loop.c:232:9
  #14 0x5597c9bba363 in os_host_main_loop_wait /util/main-loop.c:255:5
  #15 0x5597c9bba363 in main_loop_wait /util/main-loop.c:531:11
  #16 0x5597c8c75599 in qemu_main_loop /softmmu/runstate.c:721:9
  #17 0x5597c6f021fd in main /softmmu/main.c:50:5
  #18 0x7f994bbc9cc9 in __libc_start_main csu/../csu/libc-start.c:308:16
  #19 0x5597c6e55bc9 in _start 
(/home/alxndr/Development/qemu/build/qemu-system-aarch64+0x3350bc9)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1913668/+subscriptions

[Bug 1878054] Re: Hang with high CPU usage in sdhci_data_transfer

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878054

Title:
  Hang with high CPU usage in sdhci_data_transfer

Status in QEMU:
  Expired

Bug description:
  Hello,
  While fuzzing, I found an input that causes QEMU to hang with 100% CPU usage.
  I have waited several minutes, and QEMU is still unresponsive. Using gdb, It
  appears that it is stuck in an sdhci_data_transfer:

  #0   memory_region_access_valid (mr=, addr=0x10284920, 
size=, is_write=0xff, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1378
  #1   memory_region_dispatch_write (mr=, addr=, 
data=, op=MO_32, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1463
  #2   flatview_write_continue (fv=, addr=0x10284920, attrs=..., 
ptr=, len=0xb7, addr1=0x582798e0, l=, 
mr=0x582798e0 ) at 
/home/alxndr/Development/qemu/exec.c:3137
  #3   flatview_write (fv=0x60645da0, addr=, attrs=..., 
buf=, len=) at 
/home/alxndr/Development/qemu/exec.c:3177
  #4   address_space_write (as=, addr=, 
attrs=..., buf=0xb04f325, len=0x4) at 
/home/alxndr/Development/qemu/exec.c:3268
  #5   address_space_rw (as=0x572509ac , 
addr=0x582798e0, attrs=..., attrs@entry=..., buf=0xb04f325, len=0x4, 
is_write=0xb8, is_write@entry=0x1) at
  /home/alxndr/Development/qemu/exec.c:3278
  #6   dma_memory_rw_relaxed (as=0x572509ac , 
addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) 
at /home/alxndr/Development/qemu/include/sysemu/dma.h:87
  #7   dma_memory_rw (as=0x572509ac , 
addr=0x582798e0, buf=0xb04f325, len=0x4, dir=DMA_DIRECTION_FROM_DEVICE) 
at /home/alxndr/Development/qemu/include/sysemu/dma.h:110
  #8   dma_memory_write (as=0x572509ac , 
addr=0x582798e0, buf=0xb04f325, len=0x4) at 
/home/alxndr/Development/qemu/include/sysemu/dma.h:122
  #9   sdhci_sdma_transfer_multi_blocks (s=) at 
/home/alxndr/Development/qemu/hw/sd/sdhci.c:618
  #10  sdhci_data_transfer (opaque=0x61e21080) at 
/home/alxndr/Development/qemu/hw/sd/sdhci.c:891
  #11  sdhci_send_command (s=0x61e21080) at 
/home/alxndr/Development/qemu/hw/sd/sdhci.c:364
  #12  sdhci_write (opaque=, offset=0xc, val=, 
size=) at /home/alxndr/Development/qemu/hw/sd/sdhci.c:1158
  #13  memory_region_write_accessor (mr=, addr=, 
value=, size=, shift=, 
mask=, attrs=...) at
  /home/alxndr/Development/qemu/memory.c:483
  #14  access_with_adjusted_size (addr=, value=, 
size=, access_size_min=, 
access_size_max=, access_fn=, mr=0x61e219f0, 
attrs=...) at /home/alxndr/Development/qemu/memory.c:544
  #15  memory_region_dispatch_write (mr=, addr=, 
data=0x1ffe0ff, op=, attrs=...) at 
/home/alxndr/Development/qemu/memory.c:1476
  #16  flatview_write_continue (fv=, addr=0xe106800c, attrs=..., 
ptr=, len=0xff3, addr1=0x582798e0, l=, 
mr=0x61e219f0) at /home/alxndr/Development/qemu/exec.c:3137
  #17  flatview_write (fv=0x60645da0, addr=, attrs=..., 
buf=, len=) at 
/home/alxndr/Development/qemu/exec.c:3177
  #18  address_space_write (as=, addr=, 
attrs=..., attrs@entry=..., buf=0xb04f325, buf@entry=0x6218ad00, 
len=0x4) at /home/alxndr/Development/qemu/exec.c:3268
  #19  qtest_process_command (chr=, chr@entry=0x5827c040 
, words=) at /home/alxndr/Development/qemu/qtest.c:567
  #20  qtest_process_inbuf (chr=0x5827c040 , 
inbuf=0x6190f640) at /home/alxndr/Development/qemu/qtest.c:710

  
  I am attaching the qtest commands for reproducing it.
  I can reproduce it in a qemu 5.0 build using:

  qemu-system-i386 -M pc-q35-5.0 -qtest stdio -device sdhci-pci,sd-spec-
  version=3 -device sd-card,drive=mydrive -drive
  if=sd,index=0,file=null-co://,format=raw,id=mydrive -nographic
  -nographic -serial none -monitor none < attachment

  Please let me know if I can provide any further info.
  -Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878054/+subscriptions

[Bug 721825] Re: VDI block driver bugs

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/721825

Title:
  VDI block driver bugs

Status in QEMU:
  Expired

Bug description:
  Chunqiang Tang reports the following issues with the VDI block driver,
  these are present in QEMU 0.14:

  "Bug 1. The most serious bug is caused by race condition in updating a new 
  bmap entry in memory and on disk. Considering the following operation 
  sequence. 
O1: VM issues a write to sector X
O2: VDI allocates a new bmap entry and updates in-memory s->bmap
O3: VDI writes data to disk
O4: The disk I/O for writing sector X fails
O5: VDI reports error to VM and returns.

  Note that the bmap entry is updated in memory, but not persisted on disk. 
  Now consider another write that immediately follows:
P1: VM issues a write to sector X+1, which locates in the same block as 
  the previously used sector X.
P2: s->bmap already has one entry for the block, and hence VDI writes 
  data directly without persisting the new s->bmap entry on disk.
P3: The write disk I/O succeeds
P4: VDI report success to VM, but the bitmap entry is still not 
  persisted on disk.

  Now suppose the VM powers off gracefully (i.e., the QEMU process quits) 
  and reboots. The second write to sector X+1, which is reported as finished 
  successfully, is simply lost, because the corresponding in-memory s->bmap 
  entry is never persisted on disk. This is exactly what FVD's testing tool 
  discovers. After the block device is closed and then re-opened, disk 
  content verification fails.

  This is just one example of the problem. Race condition plus host crash 
  also causes problems. Consider another example below.
Q1: VM issues a write to sector X
Q2: VDI allocates a new bmap entry and updates in-memory s->bmap
Q3: VDI writes sector X to disk and waits for the callback
Q4: VM issues a write to another sector X+1, which is in the same block 
  as sector X.
Q5: VDI sees the bitmap entry in s->bmap is already allocated, and 
  writes sector X+1 to disk.
Q6: Write to sector X+1 finishes, and VDI's callback is invoked.
Q7: VDI acknowledges to the VM the completion of writing sector X+1
Q8: After observing the completion of writing sector X+1, VM issues a 
  flush to ensure that sector X+1 is persisted on disk.
Q9: VDI finishes the flush and acknowledge the completion of the 
  operation.
Q10: ... (some other arbitrary operations, but the disk I/O for writing 
  sector X is still not finished)
Q11: The host crashes

  Now the new bitmap entry is not persisted on disk, while both writing to 
  sector X+1 and the flush has been acknowledged as finished. Sector X+1 is 
  lost, which is a corruption. This problem exists even if it uses O_DSYNC. 
  The root cause of the problem is that, if a request updates in-memory 
  s->bmap, another request that sees this update assumes that the update is 
  already persisted on disk, which is not.

  Bug 2: Similar to the bugs the FVD testing tool found for QCOW2, there are 
  several cases of the code below on failure handling path without setting 
  error return code, which mistakenly reports failure as success. This 
  mistake is caught by FVD when doing image content validation.
 if (acb->hd_aiocb == NULL) {
 /* missing ret = -EIO; */
  goto done; 
  } 

  Bug 3: Similar to the bugs the FVD testing tool found for QCOW2, 
  vdi_aio_cancel does not perform a complete clean up and there are several 
  related bugs. First, memory buffer is not freed, acb->orig_buf and 
  acb->block_buffer. Second, acb->bh is not cancelled. Third, 
  vdi_aio_setup() does not initialize acb->bh to NULL so that when a request 
  acb is cancelled and then later reused for another request, its acb->bh != 
  NULL and the new request fails in  vdi_schedule_bh(). This is caught by 
  FVD's testing tool, when it observes that no I/O failure is injected but 
  VDI reports a failed I/O request, which indicates a bug in the driver."

  http://permalink.gmane.org/gmane.comp.emulators.qemu/94340

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/721825/+subscriptions

[Bug 1885350] Re: RISCV dynamic rounding mode is not behaving correctly

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1885350

Title:
  RISCV dynamic rounding mode is not behaving correctly

Status in QEMU:
  Expired

Bug description:
  Hello,

  I’ve gone through the RISC-V code in latest QEMU release
  (qemu-5.0.0-rc2) and when checking the Floating point encodings I
  found the rounding mode is only updated if the opcode field “rm” is
  changed “ctx->frm == rm”. But according to RISC-V Volume I:
  Unprivileged ISA, there’s a dynamic mode when rm=7 where the rounding
  mode is set with frm value.

  So for the same rm value (=7) and when changing frm value seeking
  different rounding modes, and according to the below code, the
  rounding mode won’t be updated. Please correct me if I got this
  implementation wrong.

  static void gen_set_rm(DisasContext *ctx, int rm)
  {
  TCGv_i32 t0;
  if (ctx->frm == rm) {
  return;
  }
  ctx->frm = rm;
  t0 = tcg_const_i32(rm);
  gen_helper_set_rounding_mode(cpu_env, t0);
  tcg_temp_free_i32(t0);
  }

  
  My testcase:
  I set statically the rm field in the instruction to 7 and before this 
execution I changed the value of frm field in fcsr register. For the 1st time 
it worked (according to the code above, the rm is updated so the round mode 
will also be updated). But when changing fcsr register an re-execute the 
instruction, there's no difference and the rounding mode is the same like the 
previous frm value.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1885350/+subscriptions

[Bug 1886306] Re: qemu running slow when the window is in background

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1886306

Title:
  qemu running slow when the window is in background

Status in QEMU:
  Expired

Bug description:
  Reported by  on IRC:

  QEMU almost freezes when running with `GDK_BACKEND=x11` set and the
  parameter `gl=on` added to the `-display` option.

  GDK_BACKEND=x11 qemu-system-x86_64 -nodefaults -no-user-config
  -enable-kvm -machine q35 -cpu host -m 4G -display gtk,gl=on -vga std
  -usb -device usb-kbd -drive
  file=/tmp/Win10.qcow2,media=disk,format=qcow2 -drive
  file=~/Downloads/Win10_2004_EnglishInternational_x64.iso,media=cdrom

  Leaving out `GDK_BACKEND=x11` or `gl=on` fixes the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1886306/+subscriptions

[Bug 1924738] Re: Failed to restore domain - error load load virtio-balloon:virtio

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1924738

Title:
  Failed to restore domain - error load load virtio-balloon:virtio

Status in QEMU:
  Expired

Bug description:
  I noticed a domain restore error on my virtual machines.
  I can't reproduce the error on a test virtual machine.

  sudo virsh save linux2020 /var/lib/libvirt/qemu/save/linux2020.save
  Domain 'linux2020' saved to /var/lib/libvirt/qemu/save/linux2020.save

  sudo virsh restore /var/lib/libvirt/qemu/save/linux2020.save
  error: Failed to restore domain from /var/lib/libvirt/qemu/save/linux2020.save
  error: внутренняя ошибка: QEMU неожиданно завершил работу монитора: 
qemu-system-x86_64: -chardev socket,id=charchannel0,fd=52,server,nowait: 
warning: short-form boolean option 'server' deprecated
  Please use server=on instead
  qemu-system-x86_64: -chardev socket,id=charchannel0,fd=52,server,nowait: 
warning: short-form boolean option 'nowait' deprecated
  Please use wait=off instead
  qemu-system-x86_64: -spice 
port=5900,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on:
 warning: short-form boolean option 'disable-ticketing' deprecated
  Please use disable-ticketing=on instead
  2021-04-16T09:47:15.037700Z qemu-system-x86_64: VQ 0 size 0x80 < 
last_avail_idx 0x0 - used_idx 0x
  2021-04-16T09:47:15.037737Z qemu-system-x86_64: Failed to load 
virtio-balloon:virtio
  2021-04-16T09:47:15.037744Z qemu-system-x86_64: error while loading state for 
instance 0x0 of device ':00:02.0/virtio-balloon'
  2021-04-16T09:47:15.037849Z qemu-system-x86_64: load of migration failed: 
Operation not permitted

  If in the machine configuration replace
  hvm
  to
  hvm
  the virtual machine is recovering normally

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1924738/+subscriptions

[Bug 1926996] Re: qemu-user clone syscall fails

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926996

Title:
  qemu-user clone syscall fails

Status in QEMU:
  Expired

Bug description:
  qemu-user fails to emulate clone()
  (https://linux.die.net/man/2/clone).  The architecture doesn't seem to
  matter, tho I've mostly been testing aarch64.

  Attached is clone_test.c that demonstrates the problem.  Running it natively 
looks like this:
  $ bin/x86_64/clone_test
  The variable was 9
  clone returned 4177: 0 Success
  The variable is now 42

  However, running it via qemu looks like:
  $ qemu-aarch64-static --version
  qemu-aarch64 version 5.2.0 (v5.2.0)
  Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

  $ qemu-aarch64-static bin/aarch64/clone_test
  The variable was 9
  clone returned -1: 22 Invalid argument
  The variable is now 9

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926996/+subscriptions

[Bug 1907952] Re: qemu-system-aarch64: with "-display gtk" arrow keys are received as just ^[ on ttyAMA0

[Launchpad Bug Tracker]

This bug was fixed in the package qemu - 1:6.0+dfsg-1~ubuntu3

---
qemu (1:6.0+dfsg-1~ubuntu3) impish; urgency=medium

  * d/p/u/lp-1935617-target-ppc-Fix-load-endianness-for-lxvwsx-lxvdsx.patch:
fix TCG emulation for ppc64 (LP: #1935617)

qemu (1:6.0+dfsg-1~ubuntu2) impish; urgency=medium

  * d/control: remove fuse2 trial-build (LP 1934510)

qemu (1:6.0+dfsg-1~ubuntu1) impish; urgency=medium

  * Merge with Debian experimental, Among many other things this fixes LP Bugs:
(LP: #1907952) broken arrow keys in -display gtk on aarch64
- qemu-kvm to systemd unit
  - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
  - d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
  - d/qemu-system-common.install: install helper script
  - d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
  - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
  (LP: 1304107 1621042 1776189 1761372 1761372 1776189)
  - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
  - d/qemu-system-x86.NEWS Info on fixed machine type defintions
for host-phys-bits=true
  - Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
  - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
  - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
  - Make qemu-system-common depend on qemu-block-extra
  - Make qemu-utils depend on qemu-block-extra
  - Let qemu-utils recommend sharutils
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
  - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
  - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
  package qemu-system-x86-xen as alternative
  [includes compat links changes of 5.0-5ubuntu4]
- Fix upgrade module handling (LP 1905377)
  --enable-module-upgrades for qemu-xen which doesn't exist in Debian
  * Dropped Changes [in 6.0]:
- d/p/ubuntu/lp-1907789-build-no-pie-is-no-functional-liker-flag.patch: fix
  ld usage of -no-pie (LP 1907789)
- d/p/u/lp-1916230-hw-s390x-fix-build-for-virtio-9p-ccw.patch: fix
  virtio-9p-ccw being missing (LP 1916230)
- d/p/u/lp-1916705-disas-Fix-build-with-glib2.0-2.67.3.patch: Fix FTFBS due
  to glib2.0 >=2.67.3 (LP 1916705)
- d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
  on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
  (LP 1921754)
- d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
  (LP 1921880)
- d/p/u/lp-1922010-linux-user-s390x-Use-the-guest-pointer-for-the-sigre*:
  fix go in qemu-s390x-static (LP 1922010)
  * Dropped Changes [in Debian]:
- Allow qemu to load old modules post upgrade (LP 1847361)
  - Drop d/qemu-block-extra.*.in, d/qemu-system-gui.*.in
  - d/rules: Drop generating package version into maintainer scripts
  * Dropped Changes [No more needed >21.04]:
  - d/qemu-system-gui.prerm: add no-op prerm to overcome upgrade issues on
the bad old prerm (LP 1906245 1905377)
  * Added Changes
- Disable fuse export (universe dependency)
- d/p/ubuntu/enable-svm-by-default.patch: update to match v6.0
- d/p/ubuntu/define-ubuntu-machine-types.patch: add ubuntu machine types
  for v6.0
- d/p/ubuntu/lp-1929926-*: avoid segfaults by uretprobes (LP: #1929926)
- Ease the use of module retention on upgrades (LP: #1913421)
  - d/run-qemu.mount, d/rules: provide run-qemu.mount in qemu-block-extra
  - d/rules: only save modules if /run/qemu isn't noexec
  - d/rules: clear all (current and former) modules on purge
  - debian/qemu-block-extra.postinst: enable mount unit on install/upgrade
- d/control: qemu 6.0 broke libvirt <7.2 add a breaks to avoid partial
  upgrade issues (LP: #1932264)
- Enable SDL as secondary UI backend (LP: #1256185)
  - d/control: add build dependency libsdl2-dev
  - d/control: enable sdl graphics on build
  - d/qemu-system-gui.install: add ui-sdl.so
  - d/control: add runtime dependency to libgl1
- d/rules: qemu-system-x86-xen builds modules as well now (follows the
  other packages)

qemu (1:6.0+dfsg-1~exp0) experimental; 

[Bug 1924914] Re: Running sway in a QEMU VM results in a GPU hang of the guest (virtio-gpu driver)

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1924914

Title:
  Running sway in a QEMU VM results in a GPU hang of the guest (virtio-
  gpu driver)

Status in QEMU:
  Expired

Bug description:
  System is Arch Linux (guest and host OS).

  Problem:

  Basically, when using sway on a guest and running certain applications
  via Xwayland (on the guest), the GUI will freeze and won't be usable
  anymore, I can still ssh to the guest and run commands.

  This is the command I use to run my guest:

  qemu-system-x86_64 -enable-kvm -cdrom
  ~/Downloads/linux/archlinux/archlinux-2021.04.01-x86_64.iso -m 4G -vga
  virtio -nic user,hostfwd=tcp::10022-:22

  This doesn't happen when I use X with i3-wm.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1924914/+subscriptions

[Bug 1924987] Re: Storage | Two decimal digits precision

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1924987

Title:
  Storage | Two decimal digits precision

Status in QEMU:
  Expired

Bug description:
  Tested on: Fedora 34; Component: qemu-img-5.2.0-5.fc34.1.x86_64

  Hello. A two decimal digits precision is most appropriated on systems
  whose storage capacities have to be saved. That is one of the reason
  why such precision is supported in the context of creation of virtual
  machines in several Unix/Linux virtualization platforms; virt-manager
  is one of them. That last exhibits virtual disks size values with such
  precision – 128.00 GiB – nevertheless it lacks yet a mention
  illustrating physical disks size values.

  Storage values exhibited in qemu-img and virt-manager are already
  according to a clear format; thus, values are not attached to their
  measure units (#value# #units#).

  $ qemu-img info ~/.local/share/libvirt/images/fedora_default.img | sed -n 
'2,4p'
  file format: qcow2
  virtual size: 128 GiB (137438953472 bytes)
  disk size: 147 MiB

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1924987/+subscriptions

[Bug 1925094] Re: DISCARD support for Crypto Block Devices

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1925094

Title:
  DISCARD support for Crypto Block Devices

Status in QEMU:
  Expired

Bug description:
  It appears that running `fstrim` or similar is useless when the VM is
  on a LUKS-encrypted device using QEMU's native LUKS support.

  Looking at the source, it seems that block/crypto.c lacks an
  implementation for bdrv_co_pdiscard, which probably needs to delegate
  to a per-crypto type discard helper.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1925094/+subscriptions

[Bug 1920934] Re: Heap-use-after-free in io_writex / cputlb.c results in Linux kernel crashes

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1920934

Title:
  Heap-use-after-free in io_writex / cputlb.c results in Linux kernel
  crashes

Status in QEMU:
  Expired

Bug description:
  qemu version: git 5ca634afcf83215a9a54ca6e66032325b5ffb5f6; 5.2.0

  We've encountered that booting the Linux kernel in TCG mode, results
  in a racy heap-use-after-free. The bug can be detected by ASan [A],
  but in the majority of runs results in a crashing kernel [B].

  To reproduce, the following command line was used:

  $> while ./qemu-system-x86_64 -no-reboot -smp 10 -m 2G -kernel
  arch/x86/boot/bzImage -nographic -append "oops=panic panic_on_warn=1
  panic=1 kfence.sample_interval=1 nokaslr"; do sleep 0.5s; done

  The crashes in the kernel [B] appear to receive an interrupt in a code
  location where the instructions are periodically patched (via the
  jump_label infrastructure).

  [A]:
  = 


 
  ==3552508==ERROR: AddressSanitizer: heap-use-after-free on address 
0x6190007fef50 at pc 0x55885b0b4d1b bp 0x7f83baffb800 sp 0x7f83baffb7f8 


  READ of size 8 at 0x6190007fef50 thread T4


 
  [4.616506][T1] pci :00:02.0: reg 0x18: [mem 
0xfebf-0xfebf0fff]  

   
  [4.670567][T1] pci :00:02.0: reg 0x30: [mem 0xfebe-0xfebe 
pref]   

 
  [4.691345][T1] pci :00:03.0: [8086:100e] type 00 class 0x02   


 
  [4.701540][T1] pci :00:03.0: reg 0x10: [mem 
0xfebc-0xfebd]  

   
  [4.711076][T1] pci :00:03.0: reg 0x14: [io  0xc000-0xc03f]


 
  [4.746869][T1] pci :00:03.0: reg 0x30: [mem 0xfeb8-0xfebb 
pref]   

 
  [4.813612][T1] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 *10 11)


 
  #0 0x55885b0b4d1a in io_writex ../accel/tcg/cputlb.c:1408 


 
  #1 0x55885b0d3b9f in store_helper ../accel/tcg/cputlb.c:2444  


 
  #2 0x55885b0d3b9f in helper_le_stl_mmu ../accel/tcg/cputlb.c:2510 


 
  [4.820927][T1] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)


 
  #3 0x7f843cedf8dc  () 

  

[Bug 1925109] Re: usbredirparser: bulk transfer length exceeds limits

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1925109

Title:
  usbredirparser: bulk transfer length exceeds limits

Status in QEMU:
  Expired

Bug description:
  2021-04-20T01:26:36.662244Z qemu-system-x86_64: usbredirparser: bulk transfer 
length exceeds limits 131072 > 65536
  2021-04-20T01:26:36.662276Z qemu-system-x86_64: usbredirparser: error 
usbredirparser_send_* call invalid params, please report!!
  2021-04-20T01:26:57.670412Z qemu-system-x86_64: usbredirparser: bulk transfer 
length exceeds limits 131072 > 65536
  2021-04-20T01:26:57.670445Z qemu-system-x86_64: usbredirparser: error 
usbredirparser_send_* call invalid params, please report!!
  2021-04-20T01:37:01.920613Z qemu-system-x86_64: usbredirparser: bulk transfer 
length exceeds limits 131072 > 65536
  2021-04-20T01:37:01.920624Z qemu-system-x86_64: usbredirparser: error 
usbredirparser_send_* call invalid params, please report!!
  host:
  Linux version 5.11.15-arch1-2 (linux@archlinux) (gcc (GCC) 10.2.0, GNU ld 
(GNU Binutils) 2.36.1) #1 SMP PREEMPT Sat, 17 Apr 2021 00:22:30 +
  guest:
  win10 20H2
  usb device:
  Bus 002 Device 007: ID 0781:55ab SanDisk Corp.  SanDisk 3.2Gen1
  size 250G

  
https://gitlab.freedesktop.org/spice/usbredir/-/blob/master/usbredirparser/usbredirparser.c#L32

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1925109/+subscriptions

[Bug 1926202] Re: qemu-user can't run some ppc binaries

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926202

Title:
  qemu-user can't run some ppc binaries

Status in QEMU:
  Expired

Bug description:
  qemu-user v6.0.0-rc5, built in static mode, will crash for certain ppc
  binaries.  It seems to have something to do with glibc for some Centos
  versions.  The problem is easiest to see with statically-linked
  binaries.

  The attached Dockerfile shows how to produce a ppc binary that will
  crash qemu-user.  Here is how to reproduce the problem:

  $ uname -m
  x86_64

  $ docker run --rm --privileged multiarch/qemu-user-static --reset -p
  yes

  $ docker build -t qemu-bug:centos -f Dockerfile.centos .

  $ docker run --rm -it -v$PWD:$PWD -w$PWD qemu-bug:centos cp
  /helloworld-centos.static.ppc .

  $ qemu-ppc-static --version
  qemu-ppc version 5.2.95 (v6.0.0-rc5)
  Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers

  $ qemu-ppc-static ./helloworld-centos.static.ppc
  emu: uncaught target signal 4 (Illegal instruction) - core dumped
  [1]16678 illegal hardware instruction (core dumped)  qemu-ppc-static 
./helloworld-centos.static.ppc

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926202/+subscriptions

[Bug 1925966] Re: Win10 guest freezes randomly

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1925966

Title:
  Win10 guest freezes randomly

Status in QEMU:
  Expired

Bug description:
  In addition to bug #1916775, my Win10 Home guest freezes randomly and
  infrequently. Unlike bug ​#1916775, this is unrecoverable and I see on
  the host (Debian 4.19.171-2) via iotop that all disk IO has stopped.
  My only recourse is a hard reset of the guest.

  My setup uses PCI-pass-through graphics (GTX 1650), host cpu (Ryzen 7
  3800XT). It seems to occur more frequently (every few hours) after
  switching from "kvm=off,vendor=GenuineIntel" to "kvm=on" and maybe
  using 3 monitors rather than 2 on the pass-through graphics card
  further increases frequency. The switch to "kvm=on" was necessary to
  enable nested virtualization, which now works. It occurs whether or
  not I use the qcow disk drive.

  qemu-system-x86_64
    -cpu 
host,kvm=on,l3-cache=on,hv_relaxed,hv_vapic,hv_time,hv_spinlocks=0x1fff,hv_vendor_id=hv_dummy
    -smp 8
    -rtc clock=host,base=localtime
    -machine type=q35,accel=kvm,kernel_irqchip=on
    -enable-kvm
    -drive if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_CODE.fd
    -drive if=pflash,format=raw,file=/tmp/OVMF_VARS.fd
    -m 32G
    -usb
    -device usb-tablet
    -vga none
    -serial none
    -parallel none
    -boot cd
    -nographic
    -device usb-host,vendorid=0x045e,productid=0x00db
    -device usb-host,vendorid=0x1bcf,productid=0x0005
    -drive 
id=disk0,index=0,format=qcow2,if=virtio,cache=off,file=./win10_boot_priv.qcow2
    -drive 
id=disk2,index=2,aio=native,cache.direct=on,if=virtio,cache=off,format=raw,discard=unmap,detect-zeroes=unmap,file=/dev/vg0/win10_hdpriv
    -device vfio-pci,host=09:00.0,addr=0x02.0x0,multifunction=on
    -device vfio-pci,host=09:00.1,addr=0x02.0x1
    -device vfio-pci,host=09:00.2,addr=0x02.0x2
    -device vfio-pci,host=09:00.3,addr=0x02.0x3
    -netdev tap,id=netid,ifname=taplan,script=no,downscript=no
    -device e1000,netdev=netid,mac=52:54:00:01:02:03

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1925966/+subscriptions

[Bug 1926596] Re: qemu-monitor-event command gets stuck randomly

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926596

Title:
  qemu-monitor-event command gets stuck randomly

Status in QEMU:
  Expired

Bug description:
  We are using kvm virtualization on our servers, We use 
"qemu-monitor-command"(drive-backup) to take qcow2 backups and to monitor them 
we use "qemu-monitor-event" command 
  For eg:-
  /usr/bin/virsh qemu-monitor-event VPSNAME --event 
"BLOCK_JOB_COMPLETED\|BLOCK_JOB_ERROR" --regex

  the above command stucks randomly (backup completes but still it is
  waiting) and because of which other vms backup are stucked until we
  kill that process.

  Can you suggest how can we debug this further to find the actual
  issue.

  
  /usr/bin/virsh version

  Compiled against library: libvirt 4.5.0
  Using library: libvirt 4.5.0
  Using API: QEMU 4.5.0
  Running hypervisor: QEMU 2.0.0

  cat /etc/os-release
  NAME="CentOS Linux"
  VERSION="7 (Core)"
  ID="centos"
  ID_LIKE="rhel fedora"
  VERSION_ID="7"
  PRETTY_NAME="CentOS Linux 7 (Core)"
  ANSI_COLOR="0;31"
  CPE_NAME="cpe:/o:centos:centos:7"
  HOME_URL="https://www.centos.org/;
  BUG_REPORT_URL="https://bugs.centos.org/;

  CENTOS_MANTISBT_PROJECT="CentOS-7"
  CENTOS_MANTISBT_PROJECT_VERSION="7"
  REDHAT_SUPPORT_PRODUCT="centos"
  REDHAT_SUPPORT_PRODUCT_VERSION="7"

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926596/+subscriptions

[Bug 1926231] Re: SCSI passthrough of SATA cdrom -> errors & performance issues

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926231

Title:
  SCSI passthrough of SATA cdrom -> errors & performance issues

Status in QEMU:
  Expired

Bug description:
  qemu 5.0, compiled from git

  I am passing through a SATA cdrom via SCSI passthrough, with this
  libvirt XML:

  

  
  



  

  It seems to mostly work, I have written discs with it, except I am
  getting errors that cause reads to take about 5x as long as they
  should, under certain circumstances.  It appears to be based on the
  guest's read block size.

  I found that if on the guest I run, say `dd if=$some_large_file
  bs=262144|pv > /dev/null`, `iostat` and `pv` disagree about how much
  is being read by a factor of about 2.  Also many kernel messages like
  this happen on the guest:

  [  190.919684] sr 0:0:0:0: [sr0] tag#160 FAILED Result: hostbyte=DID_OK 
driverbyte=DRIVER_SENSE cmd_age=0s
  [  190.919687] sr 0:0:0:0: [sr0] tag#160 Sense Key : Aborted Command 
[current] 
  [  190.919689] sr 0:0:0:0: [sr0] tag#160 Add. Sense: I/O process terminated
  [  190.919691] sr 0:0:0:0: [sr0] tag#160 CDB: Read(10) 28 00 00 18 a5 5a 00 
00 80 00
  [  190.919694] blk_update_request: I/O error, dev sr0, sector 6460776 op 
0x0:(READ) flags 0x80700 phys_seg 5 prio class 0

  If I change to bs=131072 the errors stop and performance is normal.

  (262144 happens to be the block size ultimately used by md5sum, which
  is how I got here)

  I also ran strace on the qemu process while it was happening, and
  noticed SG_IO calls like this:

  21748 10:06:29.330910 ioctl(22, SG_IO, {interface_id='S', 
dxfer_direction=SG_DXFER_FROM_DEV, cmd_len=10, 
cmdp="\x28\x00\x00\x12\x95\x5a\x00\x00\x80\x00", mx_sb_len=252, iovec_count=0, 
dxfer_len=262144, timeout=4294967295, flags=SG_FLAG_DIRECT_IO 
  21751 10:06:29.330976 ioctl(22, SG_IO, {interface_id='S', 
dxfer_direction=SG_DXFER_FROM_DEV, cmd_len=10, 
cmdp="\x28\x00\x00\x12\x94\xda\x00\x00\x02\x00", mx_sb_len=252, iovec_count=0, 
dxfer_len=4096, timeout=4294967295, flags=SG_FLAG_DIRECT_IO 
  21749 10:06:29.331586 ioctl(22, SG_IO, {interface_id='S', 
dxfer_direction=SG_DXFER_FROM_DEV, cmd_len=10, 
cmdp="\x28\x00\x00\x12\x94\xdc\x00\x00\x02\x00", mx_sb_len=252, iovec_count=0, 
dxfer_len=4096, timeout=4294967295, flags=SG_FLAG_DIRECT_IO 
  [etc]

  I suspect qemu is the culprit because I have tried a 4.19 guest kernel
  as well as a 5.9 one, with the same result.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926231/+subscriptions

[Bug 1922773] Re: RISCV32 illegal instruction exception

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922773

Title:
  RISCV32 illegal instruction exception

Status in QEMU:
  Expired

Bug description:
  I'm running a machine learning model on qemu riscv32 and I ran into
  illegal instruction exception for some reason. I wasn't sure if this
  is a bug and if so whether it is related to zephyr or qemu, however
  I'll try to provide as much as information to get a better
  understanding.

  Here is the assembly code that I'm running:

  0x8000bd74 <+0>:  lw  a4,0(a0)
 0x8000bd76 <+2>:   lw  a5,8(a0)
 0x8000bd78 <+4>:   lw  a0,0(a4)
 0x8000bd7a <+6>:   lw  a1,0(a5)
 0x8000bd7c <+8>:   li  a3,0
 0x8000bd7e <+10>:  j   0x8000bda4 
 0x8000bd80 <+12>:  addia5,a3,-2
 0x8000bd84 <+16>:  li  a2,27
 0x8000bd86 <+18>:  bgeua2,a5,0x8000bdae 

  => 0x8000bd8a <+22>:  fmv.w.x fa5,zero
 0x8000bd8e <+26>:  sllia5,a3,0x5
 0x8000bd92 <+30>:  add a5,a5,a4
 0x8000bd94 <+32>:  sllia5,a5,0x2
 0x8000bd96 <+34>:  add a5,a5,a1
 0x8000bd98 <+36>:  fsw fa5,0(a5)
 0x8000bd9a <+38>:  addia4,a4,1
 0x8000bd9c <+40>:  li  a5,31
 0x8000bd9e <+42>:  bge a5,a4,0x8000bd80 

 0x8000bda2 <+46>:  addia3,a3,1
 0x8000bda4 <+48>:  li  a5,31
 0x8000bda6 <+50>:  blt a5,a3,0x8000bde0 

 0x8000bdaa <+54>:  li  a4,0
 0x8000bdac <+56>:  j   0x8000bd9c 
 0x8000bdae <+58>:  li  a5,1
 0x8000bdb0 <+60>:  bge a5,a4,0x8000bdd4 

 0x8000bdb4 <+64>:  li  a5,29
 0x8000bdb6 <+66>:  blt a5,a4,0x8000bdda 

 0x8000bdba <+70>:  li  a5,28
 0x8000bdbc <+72>:  mul a5,a3,a5
 0x8000bdc0 <+76>:  add a5,a5,a4
 0x8000bdc2 <+78>:  lui a2,0x4
 0x8000bdc6 <+82>:  addia2,a2,-58 # 0x3fc6
 0x8000bdca <+86>:  add a5,a5,a2
 0x8000bdcc <+88>:  sllia5,a5,0x2
 0x8000bdce <+90>:  add a5,a5,a0
 0x8000bdd0 <+92>:  flw fa5,0(a5)
 0x8000bdd2 <+94>:  j   0x8000bd8e 
 0x8000bdd4 <+96>:  fmv.w.x fa5,zero
 0x8000bdd8 <+100>: j   0x8000bd8e 
 0x8000bdda <+102>: fmv.w.x fa5,zero
 0x8000bdde <+106>: j   0x8000bd8e 
 0x8000bde0 <+108>: li  a0,0
 0x8000bde2 <+110>: ret

  My code breaks on line 0x8000bd8a and then the mcause register is
  loaded with value 0x02 which translates to illegal instruction. Please
  let me know if you need more information about this.

  I also posted this on ZephyrProject in case it is related to the
  Zephyr: https://github.com/zephyrproject-rtos/zephyr/issues/34026

  I have tested on both QEMU 5.1.0 and 5.2.0 versions. I ran the same
  code on qemu riscv64 and didn't have the same problem. Here is the
  assembly code that is generated for the same operation:

  => 0x8000b446 <+0>:   ld  a4,0(a0)
 0x8000b448 <+2>:   ld  a5,8(a0)
 0x8000b44a <+4>:   ld  a0,0(a4)
 0x8000b44c <+6>:   ld  a1,0(a5)
 0x8000b44e <+8>:   li  a3,0
 0x8000b450 <+10>:  j   0x8000b476 

 0x8000b452 <+12>:  addiw   a5,a3,-2
 0x8000b456 <+16>:  li  a2,27
 0x8000b458 <+18>:  bgeua2,a5,0x8000b480 

 0x8000b45c <+22>:  li  a2,0
 0x8000b460 <+26>:  slliw   a5,a3,0x5
 0x8000b464 <+30>:  addwa5,a5,a4
 0x8000b466 <+32>:  sllia5,a5,0x2
 0x8000b468 <+34>:  add a5,a5,a1
 0x8000b46a <+36>:  sw  a2,0(a5)
 0x8000b46c <+38>:  addiw   a4,a4,1
 0x8000b46e <+40>:  li  a5,31
 0x8000b470 <+42>:  bge a5,a4,0x8000b452 

 0x8000b474 <+46>:  addiw   a3,a3,1
 0x8000b476 <+48>:  li  a5,31
 0x8000b478 <+50>:  blt a5,a3,0x8000b4ac 

 0x8000b47c <+54>:  li  a4,0
 0x8000b47e <+56>:  j   0x8000b46e 

 0x8000b480 <+58>:  li  a5,1
 0x8000b482 <+60>:  bge a5,a4,0x8000b4a0 

 0x8000b486 <+64>:  li  a5,29
 0x8000b488 <+66>:  blt a5,a4,0x8000b4a6 

 0x8000b48c <+70>:  li  a5,28
 0x8000b48e <+72>:  mulwa5,a5,a3
 0x8000b492 <+76>:  addwa5,a5,a4
 0x8000b494 <+78>:  addiw   a5,a5,-58
 0x8000b498 <+82>:  sllia5,a5,0x2
 0x8000b49a <+84>:  add a5,a5,a0
 0x8000b49c <+86>:  lw  a2,0(a5)
 0x8000b49e <+88>:  j   0x8000b460 

 0x8000b4a0 <+90>:  li  a2,0
 0x8000b4a4 <+94>:  j   0x8000b460 

 0x8000b4a6 <+96>:  li  a2,0
 0x8000b4aa <+100>: j   0x8000b460 

 

[Bug 1926782] Re: configure script --extra-cflags not passed to config-meson.cross

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926782

Title:
  configure script --extra-cflags not passed to config-meson.cross

Status in QEMU:
  Expired

Bug description:
  Since qemu 5.2, when building, the configure would not finish, but
  would return this error instead:

 qemu ../meson.build:852:2: ERROR: C header 'sasl/sasl.h' not found

  This is for a cross build, and I invoke qemu with the --extra-cflags
  and --extra-ldflags containing all the proper paths to the headers,
  libraries etc. It worked properly with qemu 3.1 to 5.1.

  After looking into the configure script, it seems that meson is passed
  the CFLAGS environment variable instead of QEMU_CFLAGS, and only the
  latter contains the --extra-cflags argument:

  echo "c_args = [${CFLAGS:+$(meson_quote $CFLAGS)}]" >> $cross

  Using the CFLAGS and LDFLAGS environment variable instead of --extra-
  cflags and --extra-ldflags fixes the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926782/+subscriptions

[Bug 1926952] Re: SPICE support broken with 6.0

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926952

Title:
  SPICE support broken with 6.0

Status in QEMU:
  Expired

Bug description:
  Using latest relase 6.0.0 while using Intel GVT-G DMA-BUF and SPICE
  for usb redirection Qemu won't start:

  qemu-system-x86_64: The console requires display DMABUF support.

  However just patching ui/console.c:

  if (flags & GRAPHIC_FLAGS_DMABUF &&
  !displaychangelistener_has_dmabuf(dcl)) {
  error_setg(errp, "The console requires display DMABUF support.");
  return false;
  }

  to always return true for dmabuf part works just fine:

  if (flags & GRAPHIC_FLAGS_DMABUF &&
  !displaychangelistener_has_dmabuf(dcl)) {
  error_setg(errp, "The console requires display DMABUF support.");
  return true;
  }

  This behavior wasn't in qemu 5.x version.

  To reproduce this bug need to use:

  /usr/bin/qemu-system-x86_64 \
  -machine q35 \
  -enable-kvm \
  -no-user-config \
  -nodefaults \
  -no-hpet \
  -display gtk,gl=on \
  -device 
pcie-root-port,port=0x0,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x1 
\
  -device 
vfio-pci,id=hostdev2,driver=vfio-pci-nohotplug,romfile=/sys/devices/pci:00/:00:02.0/gvt_firmware,sysfsdev=/sys/bus/mdev/devices/1ae40c36-b180-4af0-8fab-c27de21f597d,x-igd-opregion=on,ramfb=on,display=on,xres=1920,yres=1080,bus=pcie.0,multifunction=on,addr=0x2
 \
  -spice port=5900,addr=127.0.0.1,disable-ticketing=on

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926952/+subscriptions

[Bug 1926174] Re: Laggy and/or displaced mouse input on CloudReady (Chrome OS) VM

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926174

Title:
  Laggy and/or displaced mouse input on CloudReady (Chrome OS) VM

Status in QEMU:
  Expired

Bug description:
  This weekend I tried to get a CloudReady (Chrome OS) VM running on
  qemu 5.2. This seems to wok quite well, performance seems to be great
  in fact. Only problem is mouse input.

  Using SDL display, there is no visible mouse unless I set "show-
  cursor=on". After that the mouse pointer flickers a bit and most of
  the time is displaced so I need to press below a button in order to
  hit it. After switching to fullscreen and back using ctrl-alt-f this
  effect seems to be fixed for a while but the mouse pointer does not
  reach all parts of the emulated screen anymore.

  Using SPICE instead the mouse pointer is drawn, but it is *very*
  laggy. In fact it is only drawn every few seconds so it is unusable
  but placement seems to be correct. Text input is instant, so general
  emulation speed is not an issue here.

  To reproduce, download the free image from
  https://www.neverware.com/freedownload#home-edition-install

  Then run one of the following commands:

  qemu-system-x86_64 -drive driver=raw,file=cloudready-
  free-89.3.3-64bit.bin -machine pc,accel=kvm -m 2048 -device virtio-
  vga,virgl=on -display sdl,gl=on,show-cursor=on -usb -device usb-mouse
  -device intel-hda -device hda-duplex

  qemu-system-x86_64 -drive driver=raw,file=cloudready-
  free-89.3.3-64bit.bin -machine pc,accel=kvm -m 2048 -device virtio-
  vga,virgl=on -display spice-app,gl=on -usb -device usb-mouse -device
  intel-hda -device hda-duplex

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926174/+subscriptions

[Bug 1926497] Re: dp83932 stops working after a short while

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1926497

Title:
  dp83932 stops working after a short while

Status in QEMU:
  Expired

Bug description:
  Following the instructions here
  https://wiki.qemu.org/Documentation/Platforms/m68k I was able to
  successfully install debian. However, running apt-get update stalls
  after the first 1-2MB.

  root@debian:~# apt-get update
  Get:1 http://ftp.ports.debian.org/debian-ports sid InRelease [55.3 kB]
  Ign:1 http://ftp.ports.debian.org/debian-ports sid InRelease
  Get:2 http://ftp.ports.debian.org/debian-ports sid/main all Packages [8,735 
kB]
  18% [2 Packages 2,155 kB/8,735 kB 25%]

  After running apt-get update. I don't seem to be able to send any
  packets anymore. ping host lookups fail and a subsequent apt-get
  update makes no progress.

  I'm launching qemu with:

qemu-system-m68k -boot c \
   -M q800 -serial none -serial mon:stdio -m 1000M \
   -net nic,model=dp83932 -net user \
   -append "root=/dev/sda2 rw console=ttyS0 console=tty" \
   -kernel vmlinux-4.16.0-1-m68k \
   -initrd initrd.img-4.16.0-1-m68k \
   -drive file=m68k-deb10.qcow2,format=qcow2 \
   -nographic

  I see this with qemu v6.0.0-rc5

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1926497/+subscriptions

[Bug 1921082] Re: VM crash when process broadcast MCE

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1921082

Title:
  VM crash when process broadcast MCE

Status in QEMU:
  Expired

Bug description:
  When i do memory SRAR test for VM, I meet the following issue:

  My VM has 16 vCPU, I will inject one UE error to memory which is accessed by 
VM, Then host MCE is raised and SIGBUS is send to VM, and qemu take control.
  Qemu will check the broadcast attribute by following  
cpu_x86_support_mca_broadcast();  

  Then Qemu may inject MCE to all vCPU, as vCPU is just one process for
  HOST, we can't guarantee all the vCPUs will enter MCE hander in 1S
  sync time, and the VM may panic.

  This issue will be easily fixed by expand monarch_timeout
  configuration, but the exact monarch_timeout can't be easily got, as
  it will depand on the num of vCPUs and current system schedule status.

  I am wondering why VM need broadcast attribute for MCE, When qeme
  process MCE event form host, it will always be signaled for one vCPU?
  If so, why does qemu need boradcast the MCE event to all vCPUs?

  Can weu just deliver LMCE to one specifc vCPU and make this behavior
  default?

  If anything wrong, Please point out.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1921082/+subscriptions

[Bug 1918084] Re: Build fails on macOS 11.2.2

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1918084

Title:
  Build fails on macOS 11.2.2

Status in QEMU:
  Expired

Bug description:
  Hi,

  I got the latest version from git. I have pre-compiled the dependency
  libraries. All good. configure creates the necessary files. When I
  build I got the following error:

  [1368/6454] Compiling C object 
libcapstone.a.p/capstone_arch_AArch64_AArch64InstPrinter.c.o
  ninja: build stopped: subcommand failed.
  make[1]: *** [run-ninja] Error 1
  make: *** [all] Error 2

  I've ran make as make -j 8

  original config:

  
PKG_CONFIG_PATH="$SERVERPLUS_DIR/dependencies/glib/lib/pkgconfig:$SERVERPLUS_DIR/dependencies/pixman/lib/pkgconfig:$SERVERPLUS_DIR/dependencies/cyrus-
  sasl/lib/pkgconfig" ./configure --prefix="$SERVERPLUS_DIR" --enable-
  hvf --enable-cocoa --enable-vnc-sasl --enable-auth-pam
  --ninja=/opt/build/build/stage/tools/ninja/ninja
  --python="$SERVERPLUS_DIR/dependencies/python/bin/python3" --enable-
  bsd-user

  if I build with --target-list=x86_64-softmmu then it will build but I
  will get only the x86_64 QEMU built. With 5.0 I could build all
  emulators.

  $SERVERPLUS_DIR is my target dir.

  Thanks,

  Eddy

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1918084/+subscriptions

[Bug 1920211] Re: shrink option for discard (for bad host-filesystems and -backup solutions)

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1920211

Title:
  shrink option for discard (for bad host-filesystems and -backup
  solutions)

Status in QEMU:
  Expired

Bug description:
  When using discard=unmap for virtio or scsi devices with QCOW2 images,
  space discarded by the guest will be unmaped on the host, which is
  basically great!

  This will turn the QCOW2 image into a sparse file which is efficient
  for most scenarios. But it may be that you need to avoid big sparse
  files on your host. For example because you need to use a backup
  solution which doesn't support sparse files well. Or maybe the QCOW2
  image is on a filesystem mount which doesn't support sparse files at
  all.

  For those scenarios an alternative option for the discard setting 
(discard=shrink) would be great, so that the QCOW2 file itself gets shrunken 
again.
  I'm not sure about how the initial growing* of QCOW2 images is implemented 
and if there are maybe limitations. But I hope it may be possible do the 
inverse and actually shrink (not sparse) an QCOW2 image with internally 
discarded blocks.

  
  I'm using Qemu-5.2.0 and Linux >= 5.3 (host and guest).

  *If you use "qemu-img create -f qcow2 ..." withOUT the "preallocation"
  option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1920211/+subscriptions

[Bug 1918149] Re: qemu-user reports wrong fault_addr in signal handler

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1918149

Title:
  qemu-user reports wrong fault_addr in signal handler

Status in QEMU:
  Expired

Bug description:
  When a SEGV signal occurs and si_addr of the info struct is nil, qemu
  still tries to translate the address from host to guest
  (handle_cpu_signal in accel/tcg/user-exec.c). This means, that the
  actual signal handler, will receive a fault_addr that is something
  like 0xbf709000.

  I was able to get this to happen, by branching to a non canonical address on 
aarch64.
  I used 5.2 (commit: 553032db17). However, building from source, this only 
seems to happen, if I use the same configure flags as the debian build:

  ../configure --static --target-list=aarch64-linux-user --disable-
  system --enable-trace-backends=simple --disable-linux-io-uring
  --disable-pie --extra-cflags="-fstack-protector-strong -Wformat
  -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2"  --extra-
  ldflags="-Wl,-z,relro -Wl,--as-needed"

  Let me know, if you need more details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1918149/+subscriptions

[Bug 1920871] Re: netperf UDP_STREAM high packet loss on QEMU tap network

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1920871

Title:
  netperf UDP_STREAM high packet loss on QEMU tap network

Status in QEMU:
  Expired

Bug description:
  Hi, I boot a guest with "-netdev
  tap,id=hn0,vhost=off,br=br0,helper=/usr/local/libexec/qemu-bridge-
  helper" network option, and using "netperf -H IP -t UDP_STREAM" to
  test guest UDP performance, I got the following output:

  Socket  Message  Elapsed  Messages
  SizeSize Time Okay Errors   Throughput
  bytes   bytessecs#  #   10^6bits/sec

  212992   65507   10.00  144710  07583.56
  212992   10.00  32  1.68

  We can find most of UDP packets are lost. But I test another host machine or 
use "-netdev usr,x". I can got:
  Socket  Message  Elapsed  Messages
  SizeSize Time Okay Errors   Throughput
  bytes   bytessecs#  #   10^6bits/sec

  212992   65507   10.00   18351  0 961.61
  212992   10.00   18350961.56

  most of UDP packets are recived.

  And If we check the tap qemu used, we can see:
  ifconfig tap0
  tap0: flags=4419  mtu 1500
  inet6 fe80::ecc6:21ff:fe6f:b174  prefixlen 64  scopeid 0x20
  ether ee:c6:21:6f:b1:74  txqueuelen 1000  (Ethernet)
  RX packets 282  bytes 30097 (29.3 KiB)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 9086214  bytes 12731596673 (11.8 GiB)
  TX errors 0  dropped 16349024 overruns 0  carrier 0  collisions 0
  lots of TX packets are dropped.

  list other packet size:

  ➜  boot netperf -H 192.168.199.200 -t UDP_STREAM -- -m 1
  MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 
192.168.199.200 () port 0 AF_INET
  Socket  Message  Elapsed  Messages
  SizeSize Time Okay Errors   Throughput
  bytes   bytessecs#  #   10^6bits/sec

  212992   1   10.00 2297941  0   1.84
  212992   10.00 1462024  1.17

  ➜  boot netperf -H 192.168.199.200 -t UDP_STREAM -- -m 128
  MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 
192.168.199.200 () port 0 AF_INET
  Socket  Message  Elapsed  Messages
  SizeSize Time Okay Errors   Throughput
  bytes   bytessecs#  #   10^6bits/sec

  212992 128   10.00 2311547  0 236.70
  212992   10.00 1359834139.25

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1920871/+subscriptions

[Bug 1921280] Re: OpenIndiana stuck in boot loop when using hvf

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1921280

Title:
  OpenIndiana stuck in boot loop when using hvf

Status in QEMU:
  Expired

Bug description:
  I'm using QEMU version 5.2.0 on macOS, and running the "OpenIndiana
  Hipster 2020.10 Text Install DVD (64-bit x86)" ISO:

  qemu-system-x86_64 -cdrom ~/Downloads/OI-hipster-text-20201031.iso -m
  2048 -accel hvf -cpu host

  It gets to "Booting...", stays there for a bit, and then restarts.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1921280/+subscriptions

[Bug 1921444] Re: Q35 doesn't support to hot add the 2nd PCIe device to KVM guest

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1921444

Title:
  Q35 doesn't support to hot add the 2nd PCIe device to KVM guest

Status in QEMU:
  Expired

Bug description:
  KVM: https://git.kernel.org/pub/scm/virt/kvm/kvm.git  branch: next, commit: 
4a98623d
  Qemu: https://git.qemu.org/git/qemu.git  branch: master, commit: 9e2e9fe3

  Created a KVM guest with Q35 chipset, and try to hot add 2 PCIe device
  to guest with qemu internal command device_add, the 1st device can be
  added successfully, but the 2nd device failed to hot add.

  If guest chipset is legacy i440fx, the 2 device can be added
  successfully.

  1. Enable VT-d in BIOS
  2. load KVM modules in Linux OS: modprobe kvm; modprobe kvm_intel
  3. Bind 2 device to vfio-pci
  echo :b1:00.0 > /sys/bus/pci/drivers/i40e/unbind
  echo "8086 1572" > /sys/bus/pci/drivers/vfio-pci/new_id 
  echo :b1:00.1 > /sys/bus/pci/drivers/i40e/unbind
  echo "8086 1572" > /sys/bus/pci/drivers/vfio-pci/new_id 

  4. create guest with Q35 chipset:
  qemu-system-x86_64 --accel kvm -m 4096 -smp 4 -drive 
file=/home/rhel8.2.qcow2,if=none,id=virtio-disk0 -device 
virtio-blk-pci,drive=virtio-disk0 -cpu host -machine q35 -device 
pcie-root-port,id=root1 -daemonize

  5. hot add the 1st device to guest successfully
  in guest qemu monitor "device_add vfio-pci,host=b1:00.0,id=nic0,bus=root1"
  6. hot add the 2nd device to guest
  in guest qemu monitor "device_add vfio-pci,host=b1:00.1,id=nic1,bus=root1"
  The 2nd device doesn't be added in guest, and the 1st device is removed from 
guest. 

  Guest partial log:
  [  110.452272] pcieport :00:04.0: pciehp: Slot(0): Attention button 
pressed
  [  110.453314] pcieport :00:04.0: pciehp: Slot(0) Powering on due to 
button press
  [  110.454156] pcieport :00:04.0: pciehp: Slot(0): Card present
  [  110.454792] pcieport :00:04.0: pciehp: Slot(0): Link Up
  [  110.580927] pci :01:00.0: [8086:1572] type 00 class 0x02
  [  110.582560] pci :01:00.0: reg 0x10: [mem 0x-0x007f 64bit 
pref]
  [  110.583453] pci :01:00.0: reg 0x1c: [mem 0x-0x7fff 64bit 
pref]
  [  110.584278] pci :01:00.0: reg 0x30: [mem 0x-0x0007 pref]
  [  110.585051] pci :01:00.0: Max Payload Size set to 128 (was 512, max 
2048)
  [  110.586621] pci :01:00.0: PME# supported from D0 D3hot D3cold
  [  110.588140] pci :01:00.0: BAR 0: no space for [mem size 0x0080 
64bit pref]
  [  110.588954] pci :01:00.0: BAR 0: failed to assign [mem size 0x0080 
64bit pref]
  [  110.589797] pci :01:00.0: BAR 6: assigned [mem 0xfe80-0xfe87 
pref]
  [  110.590703] pci :01:00.0: BAR 3: assigned [mem 0xfe00-0xfe007fff 
64bit pref]
  [  110.592085] pcieport :00:04.0: PCI bridge to [bus 01]
  [  110.592755] pcieport :00:04.0:   bridge window [io  0x1000-0x1fff]
  [  110.594403] pcieport :00:04.0:   bridge window [mem 
0xfe80-0xfe9f]
  [  110.595847] pcieport :00:04.0:   bridge window [mem 
0xfe00-0xfe1f 64bit pref]
  [  110.597867] PCI: No. 2 try to assign unassigned res
  [  110.597870] release child resource [mem 0xfe00-0xfe007fff 64bit pref]
  [  110.597871] pcieport :00:04.0: resource 15 [mem 0xfe00-0xfe1f 
64bit pref] released
  [  110.598881] pcieport :00:04.0: PCI bridge to [bus 01]
  [  110.600789] pcieport :00:04.0: BAR 15: assigned [mem 
0x18000-0x180bf 64bit pref]
  [  110.601731] pci :01:00.0: BAR 0: assigned [mem 0x18000-0x1807f 
64bit pref]
  [  110.602849] pci :01:00.0: BAR 3: assigned [mem 0x18080-0x180807fff 
64bit pref]
  [  110.604069] pcieport :00:04.0: PCI bridge to [bus 01]
  [  110.604941] pcieport :00:04.0:   bridge window [io  0x1000-0x1fff]
  [  110.606237] pcieport :00:04.0:   bridge window [mem 
0xfe80-0xfe9f]
  [  110.607401] pcieport :00:04.0:   bridge window [mem 
0x18000-0x180bf 64bit pref]
  [  110.653661] i40e: Intel(R) Ethernet Connection XL710 Network Driver
  [  110.654443] i40e: Copyright (c) 2013 - 2019 Intel Corporation.
  [  110.655314] i40e :01:00.0: enabling device (0140 -> 0142)
  [  110.672396] i40e :01:00.0: fw 6.0.48442 api 1.7 nvm 6.01 0x800035b1 
1.1747.0 [8086:1572] [8086:0008]
  [  110.750054] i40e :01:00.0: MAC address: 3c:fd:fe:c0:59:98
  [  110.751792] i40e :01:00.0: FW LLDP is enabled
  [  110.764644] i40e :01:00.0 eth1: NIC Link is Up, 10 Gbps Full Duplex, 
Flow Control: None
  [  110.779390] i40e :01:00.0: PCI-Express: Speed 8.0GT/s Width x8
  [  110.789841] i40e :01:00.0: Features: PF-id[0] VFs: 64 VSIs: 66 QP: 4 
RSS FD_ATR FD_SB NTUPLE DCB VxLAN Geneve PTP VEPA
  [  111.817553] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
 

[Bug 1921635] Re: ESP SCSI adapter not working with DOS ASPI drivers

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1921635

Title:
  ESP SCSI adapter not working with DOS ASPI drivers

Status in QEMU:
  Expired

Bug description:
  I have been trying to install the DOS ASPI drivers for the ESP scsi
  card. Both in am53c974 and dc390 modes. Neither works but they don't
  work in different ways.

  The following things appear to be problematic:

  * The am53c974 should work with the PcSCSI drivers (AMSIDA.SYS) but the ASPI 
driver never manages to get past initializing the card. The VM never continues.
  * The dc390 ASPI driver fares a little better. The ASPI driver loads and is 
semi-functional but the drivers for the peripherals don't work.
   - ASPI.SYS (creative name) loads
   - TRMDISK.SYS fails to load when a cd-drive is attached and will crashs 
scanning the scsi-id where the cd drive is attached
   - TRMDISK.SYS loads without a CD drive attached but fails to read any 
scsi-hd devices attached. The TFDISK.EXE formatter crashes.
   - TRMCD.SYS loads, but can not detect any CD drives.

  The various permutations:
  am53c974 hang on ASPI driver load: (CD only attached)

  ~/src/qemu/build/qemu-system-i386 -m 64 -device am53c974,id=scsi0
  -device scsi-cd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0
  -drive file=../Windows\ 98\ Second\ Edition.iso,if=none,id=drive0 -vga
  cirrus -fda am53c974_aspi.img -bios /home/hp/src/seabios/out/bios.bin
  -boot a  -trace 'scsi*' -trace 'esp*' -D log

  dc390 crash because of CDROM attachment and loading TRMDISK.SYS (Only CD 
attached)
  ~/src/qemu/build/qemu-system-i386 -m 64 -device dc390,id=scsi0,rombar=0 
-device scsi-cd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0 -drive 
file=../Windows\ 98\ Second\ Edition.iso,if=none,id=drive0 -vga cirrus -fda 
dc390_all.img  -bios /home/hp/src/seabios/out/bios.bin -boot a  -trace 'scsi*' 
-trace 'esp*' -D log

  dc390 successful boot, but TRMDISK.SYS not working (TFDISK.EXE will crash)
  ~/src/qemu/build/qemu-system-i386 -m 64 -device dc390,id=scsi0 -device 
scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0,logical_block_size=512
 -drive file=small.qcow2,if=none,id=drive0 -vga cirrus -fda dc390_all.img -bios 
/home/hp/src/seabios/out/bios.bin -boot a  -trace 'scsi*' -trace 'esp*' -D log

  dc390 successful boot, TRMDISK.SYS not loaded, only TRMCD.SYS. CDROM not 
detected
  ~/src/qemu/build/qemu-system-i386 -m 64 -device dc390,id=scsi0,rombar=0 
-device scsi-cd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0 -drive 
file=../Windows\ 98\ Second\ Edition.iso,if=none,id=drive0 -vga cirrus -fda 
dc390_cd.img  -bios /home/hp/src/seabios/out/bios.bin -boot a  -trace 'scsi*' 
-trace 'esp*' -D log

  All of these tests were done on
  7b9a3c9f94bcac23c534bc9f42a9e914b433b299 as well as the 'esp-next'
  branch found here: https://github.com/mcayland/qemu/tree/esp-next

  The bios file is a seabios master with all int13 support disabled.
  With it enabled even less works but I figured this would be a seabios
  bug and not a qemu one.

  The actual iso and qcow2 files used don't appear the matter. the
  'small.qcow2' is an empty drive of 100MB. I have also tried other ISOs
  in the CD drives, or even not put any cd in the drives with the same
  results.

  I will attach all of the above images.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1921635/+subscriptions

[Bug 1915327] Re: x86_64 cmpxchg behavior in qemu tcg does not match the real CPU

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1915327

Title:
  x86_64 cmpxchg behavior in qemu tcg does not match the real CPU

Status in QEMU:
  Expired

Bug description:
  QEMU version:
  1214d55d1c (HEAD, origin/master, origin/HEAD) Merge remote-tracking branch 
'remotes/nvme/tags/nvme-next-pull-request' into staging

  Consider the following little program:

  $ cat 1.c
  #include 
  int main() {
int mem = 0x12345678;
register long rax asm("rax") = 0x1234567812345678;
register int edi asm("edi") = 0x;
asm("cmpxchg %[edi],%[mem]"
: [ mem ] "+m"(mem), [ rax ] "+r"(rax)
: [ edi ] "r"(edi));
long rax2 = rax;
printf("rax2 = %lx\n", rax2);
  }

  According to the Intel Manual, cmpxchg should not touch the
  accumulator in case the values are equal, which is indeed the case on
  the real CPU:

  $ gcc 1.c
  $ ./a.out 
  rax2 = 1234567812345678

  However, QEMU appears to zero extend EAX to RAX:

  $ qemu-x86_64 ./a.out 
  rax2 = 12345678

  This is also the case for lock cmpxchg.

  Found in BPF development context:
  
https://lore.kernel.org/bpf/b1792bb3c51eb3e94b9d27e67665d3f2209bba7e.ca...@linux.ibm.com

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1915327/+subscriptions

[Bug 1914986] Re: KVM internal error. Suberror: 1 - OVMF / Audio related

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1914986

Title:
  KVM internal error. Suberror: 1  -  OVMF / Audio related

Status in QEMU:
  Expired

Bug description:
  This is latest release QEMU-5.2.0 on Arch Linux running kernel
  5.10.13, latest OVMF etc.

  I'm seeing the following crash when loading an audio driver from the
  OpenCore[1] project in the UEFI shell:

  KVM internal error. Suberror: 1
  emulation failure
  RAX= RBX= RCX= 
RDX=
  RSI= RDI=7e423628 RBP=7fee6a90 
RSP=7fee6a08
  R8 = R9 =0080 R10= 
R11=
  R12=7eeaf828 R13= R14= 
R15=7fee6a67
  RIP=000b RFL=0246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =0030   00c09300 DPL=0 DS   [-WA]
  CS =0038   00a09b00 DPL=0 CS64 [-RA]
  SS =0030   00c09300 DPL=0 DS   [-WA]
  DS =0030   00c09300 DPL=0 DS   [-WA]
  FS =0030   00c09300 DPL=0 DS   [-WA]
  GS =0030   00c09300 DPL=0 DS   [-WA]
  LDT=   8200 DPL=0 LDT
  TR =   8b00 DPL=0 TSS64-busy
  GDT= 7f9ee698 0047
  IDT= 7f27a018 0fff
  CR0=80010033 CR2= CR3=7fc01000 CR4=0668
  DR0= DR1= DR2= 
DR3= 
  DR6=0ff0 DR7=0400
  EFER=0d00
  Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ff ff 
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

  
  Here's the QEMU command line I'm using:

  qemu-system-x86_64 \
  -machine q35,accel=kvm \
  -cpu host,+topoext,+invtsc \
  -smp 4,sockets=1,cores=2 \
  -m 4096 \
  -drive 
file=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \
  -drive file=OVMF_VARS.fd,if=pflash,format=raw \
  -usb -device usb-tablet -device usb-kbd \
  -drive file=OpenCore-0.6.6.img,format=raw \
  -device ich9-intel-hda,bus=pcie.0,addr=0x1b \
  -device hda-micro,audiodev=hda \
  -audiodev pa,id=hda,server=/run/user/1000/pulse/native

  The driver loads fine when using the "no connect" switch. eg:

  Shell> load -nc fs0:\efi\oc\drivers\audiodxe.efi
  Shell> Image 'fs0:\EFI\OC\Drivers\AudioDxe.efi' loaded at 7E3C7000 - Success

  However, the crash occurs when loading normally.

  Any ideas? Thanks.

  [1]: https://github.com/acidanthera/OpenCorePkg/releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914986/+subscriptions

[Bug 1915431] Re: QEMU processes started by Acceptance Tests are left running

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1915431

Title:
  QEMU processes started by Acceptance Tests are left running

Status in QEMU:
  Expired

Bug description:
  Every now and then, QEMU processes started by the Acceptance Tests
  (thus by Avocado) will be left running.

  From Avocado's perspective, when everything "goes well" and a test
  reaches completion, there's no attempt to terminate any processes it
  indirectly started.  Some frameworks and tests built on top of
  Avocado, for instance Avocado-VT, will keep processes running between
  various tests.

  When a job (and consequently a test) is manually interrupted, then
  Avocado tries to terminate the entire process tree.

  It may be possible to improve the situation in which, at the very least, the 
user is:
   * notified of left over processes
   * have a configuration option that will attempt to kill all processes at the 
end of the test execution

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1915431/+subscriptions

[Bug 1917542] Re: qemu-img crash on M1 Mac

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1917542

Title:
  qemu-img crash on M1 Mac

Status in QEMU:
  Expired

Bug description:
  1. Symptom
  $ qemu-img create -f qcow2 disk.qcow2 10G
  [1] 72373 killed qemu-img create -f qcow2 disk.qcow2 10G

  2. System environment
  CPU: Apple M1
  OS: Big Sur 11.2.2
  qemu:  stable 5.2.0 (Binary installed by homebrew)

  3. Kernel logs
  $ sudo log show --predicate ‘eventMessage LIKE “qemu”’ --debug
  ntID Dirty: 1 Event: com.apple.stability.crash 
{“appVersion”:"???",“exceptionType”:1,“logwritten”:1,“process”:“qemu-img”,“responsibleApp”:“iTerm2”,“timestamp”:1614666875993238}
  2021-03-02 15:36:52.728210+0900 0xfb308 Default 0x0 0 0 kernel: CODE SIGNING: 
cs_invalid_page(0x10293): p=72373[qemu-img] final status 0x23000200, 
denying page sending SIGKILL
  2021-03-02 15:36:52.728222+0900 0xfb308 Default 0x0 0 0 kernel: CODE SIGNING: 
process 72373[qemu-img]: rejecting invalid page at address 0x10293 from 
offset 0x0 in file “/opt/homebrew/Cellar/libssh/0.9.5_1/lib/libssh.4.8.6.dylib” 
(cs_mtime:1614297740.413435328 == mtime:1614297740.413435328) (signed:1 
validated:1 tainted:1 nx:0 wpmapped:0 dirty:0 depth:0)
  2021-03-02 15:36:52.728477+0900 0xfab09 Default 0x0 919 0 ReportCrash: 
Parsing corpse data for process qemu-img [pid 72373]
  2021-03-02 15:36:52.884736+0900 0xfab09 Default 0x0 919 0 ReportCrash: 
(CrashReporterSupport) Saved crash report for qemu-img[72373] version 0 to 
qemu-img_2021-03-02-153652_.crash

  4. Crash logs
  $ sudo cat 
/Users//Library/Logs/DiagnosticReports/qemu-img_2021-03-02-153652_.crash
  Process: qemu-img [72373]
  Path: /opt/homebrew/*/qemu-img
  Identifier: qemu-img
  Version: 0
  Code Type: ARM-64 (Native)
  Parent Process: zsh [67484]
  Responsible: iTerm2 [556]
  User ID: 501

  Date/Time: 2021-03-02 15:36:52.710 +0900
  OS Version: macOS 11.2.2 (20D80)
  Report Version: 12
  Anonymous UUID: AF87D5F0-2BED-EB72-1DC8-26F63A24DA7C

  Sleep/Wake UUID: 3862EA39-132E-42BD-A4BB-5A36F36607F1

  Time Awake Since Boot: 89000 seconds
  Time Since Wake: 520 seconds

  System Integrity Protection: enabled

  Crashed Thread: 0

  Exception Type: EXC_BAD_ACCESS (Code Signature Invalid)
  Exception Codes: 0x0032, 0x00010293
  Exception Note: EXC_CORPSE_NOTIFY

  Termination Reason: Namespace CODESIGNING, Code 0x2

  kernel messages:

  VM Regions Near 0x10293:
  __LINKEDIT 102908000-10293 [ 160K] r–/r-- SM=COW /opt/homebrew/*
  → mapped file 10293-102934000 [ 16K] r–/r-x SM=PRV Object_id=fc8cc3db
  __TEXT 1029bc000-102a38000 [ 496K] r-x/r-x SM=COW /usr/lib/dyld

  Application Specific Information:
  dyld: launch, loading dependent libraries
  /opt/homebrew/opt/libssh/lib/libssh.4.dylib

  Thread 0 Crashed:
  0 dyld 0x000102a18780 bcmp + 16
  1 dyld 0x0001029d9408 
ImageLoaderMachO::validateFirstPages(linkedit_data_command const*, int, 
unsigned char const*, unsigned long, long long, ImageLoader::LinkContext 
const&) + 136
  2 dyld 0x0001029e03b8 
ImageLoaderMachOCompressed::instantiateFromFile(char const*, int, unsigned char 
const*, unsigned long, unsigned long long, unsigned long long, stat const&, 
unsigned int, unsigned int, linkedit_data_command const*, 
encryption_info_command const*, ImageLoader::LinkContext const&) + 268
  3 dyld 0x0001029d7ffc ImageLoaderMachO::instantiateFromFile(char const*, 
int, unsigned char const*, unsigned long, unsigned long long, unsigned long 
long, stat const&, ImageLoader::LinkContext const&) + 172
  4 dyld 0x0001029c0290 dyld::loadPhase6(int, stat const&, char const*, 
dyld::LoadContext const&) + 668
  5 dyld 0x0001029c8dd8 dyld::loadPhase5(char const*, char const*, 
dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 1328
  6 dyld 0x0001029c8824 dyld::loadPhase4(char const, char const*, 
dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 208
  7 dyld 0x0001029c8530 dyld::loadPhase3(char const, char const*, 
dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 1100
  8 dyld 0x0001029c7cf0 dyld::loadPhase1(char const, char const*, 
dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 212
  9 dyld 0x0001029bfe0c dyld::loadPhase0(char const, char const*, 
dyld::LoadContext const&, unsigned int&, std::__1::vector >) + 468
  10 dyld 0x0001029bf9b0 dyld::load(char const, dyld::LoadContext const&, 
unsigned int&) + 196
  11 dyld 0x0001029c977c dyld::libraryLocator(char const*, bool, char 
const*, ImageLoader::RPathChain const*, unsigned int&) + 56
  12 dyld 0x0001029d39d4 
ImageLoader::recursiveLoadLibraries(ImageLoader::LinkContext const&, bool, 
ImageLoader::RPathChain const&, char const*) + 344
  13 dyld 0x0001029d21ac 

[Bug 1916269] Re: TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1916269

Title:
  TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction

Status in QEMU:
  Expired

Bug description:
  If I run FreeBSD on QEMU 5.2 with TCG acceleration -cpu Nehalem, I get
  a FPU exception when executing crc32
  (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253617). This is
  not a problem with the default CPU (or KVM) since that does not
  support SSE 4.2.

  Attaching GDB shows this is triggered in
  target/i386/tcg/translate.c:3067

  /* simple MMX/SSE operation */
  if (s->flags & HF_TS_MASK) {
  gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
  return;
  }

  However, according to
  https://software.intel.com/sites/default/files/m/8/b/8/D9156103.pdf,
  page 61 the CRC32 instruction works no matter what the value of the TS
  bit.

  The code sequence in question is:
  0x8105a4de <+126>:f2 48 0f 38 f1 de   crc32q %rsi,%rbx
  0x8105a4e4 <+132>:f2 48 0f 38 f1 ca   crc32q %rdx,%rcx.

  This should work even with the FPU disabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1916269/+subscriptions

[Bug 1916344] Re: User mode networking not working properly on QEMU on Mac OS X host

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1916344

Title:
  User mode networking not working properly on QEMU on Mac OS X host

Status in QEMU:
  Expired

Bug description:
  Steps to reproduce:

  1. Install QEMU using homebrew on Mac OS X (I tried on Catalina and Big Sur)
  2. Spin up a guest VM (say) Cent OS 8 using user mode networking.
  3. Install podman inside the guest
  4. Run podman pull alpine

  The result is:

  [root@localhost ~]# podman pull alpine
  Resolved "alpine" as an alias 
(/etc/containers/registries.conf.d/shortnames.conf)
  Trying to pull docker.io/library/alpine:latest...
  Getting image source signatures
  Copying blob ba3557a56b15 [==] 2.7MiB / 
2.7MiB
    unexpected EOF
  Error: Error writing blob: error storing blob to file 
"/var/tmp/storage851171596/1": error happened during read: unexpected EOF

  This is happening because QEMU is telling the guest that the TCP
  connection is closed even before reading all the data from the host
  socket and forwarding it to the guest.

  This issue doesn't happen on a Linux host. So, that tells me that this
  has something to do with QEMU installation on Mac OS X.

  This could be a slirp related issue. So, QEMU/slirp may need to work
  together on fixing this. Here's the link to the libslirp issue:

  https://gitlab.freedesktop.org/slirp/libslirp/-/issues/35

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1916344/+subscriptions

[Bug 1917940] Re: -bios edk2-$arch-code doesn't work for x86

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1917940

Title:
  -bios edk2-$arch-code doesn't work for x86

Status in QEMU:
  Expired

Bug description:
  Whilst creating a flash device is recommended, -bios  is
  extremely useful in many cases as it automatically searches
  $PREFIX/share/qemu rather than requiring the caller (be it a human or
  a script) to work out where that directory is for the QEMU being
  called and prepend it to the file name.

  Currently, all the x86 EDK2 FD code files are 3653632 bytes in size,
  or 0x37c000 bytes. However, for some reason I cannot find the answer
  to (I traced the code back to
  7587cf44019d593bb12703e7046bd7738996c55c), x86's -bios only allows
  files that are multiples of 64K in size (x86_bios_rom_init), which
  would require the EDK2 ROMs to be rounded up to 0x38 bytes. If I
  delete the check, QEMU is able to load the only-16K-multiple-sized
  EDK2 and boot an OS just fine. If I pad EDK2 with 16K of zeroes at the
  *start* (since the ROM gets mapped counting backwards), it also works
  just fine (but padding at the *end* doesn't). Please therefore either
  relax the check in x86_bios_rom_init or ensure the EDK2 binary is
  suitably padded.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1917940/+subscriptions

[Bug 1915682] Re: i386-linux-user wine exception regression tests fail

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1915682

Title:
  i386-linux-user wine exception regression tests fail

Status in QEMU:
  Expired

Bug description:
  When trying to run wine (latest devel from git) regression tests for
  ntdll in a statically linked qemu-i386 (commit
  392b9a74b9b621c52d05e37bc6f41f1bbab5c6f8) on arm32 (raspberry pi 4) in
  a debian buster chroot, the exception tests fail at the first test
  with an infinite exception loop.

  WINEDEBUG=+seh wine wine/dlls/ntdll/tests/ntdll_test.exe exception

  
  Working x86_64 system running 32-bit code

  0024:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception 
(code=c005) raised
  0024:trace:seh:dispatch_exception  eax= ebx=7ffc2000 ecx=004e0ef4 
edx=003c0004 esi=003c edi=
  0024:trace:seh:dispatch_exception  ebp=0085fa08 esp=0085f9ac cs=0023 ds=002b 
es=002b fs=0063 gs=006b flags=00010246
  0024:trace:seh:call_vectored_handlers calling handler at 7B00B460 
code=c005 flags=0
  0024:trace:seh:call_vectored_handlers handler at 7B00B460 returned 0
  0024:trace:seh:call_stack_handlers calling handler at 004178B0 code=c005 
flags=0
  0024:trace:seh:call_stack_handlers handler at 004178B0 returned 0
  0024:trace:seh:dispatch_exception  call_stack_handlers continuing
  0024:trace:seh:NtGetContextThread 0xfffe: dr0=42424240 dr1= 
dr2=126bb070 dr3=0badbad0 dr6= dr7=0115

  
  Non-working qemu

  0024:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception 
(code=c005) raised
  0024:trace:seh:dispatch_exception  eax= ebx=3ffe2000 ecx=004e0ef4 
edx=003c0004 esi=003c edi=
  0024:trace:seh:dispatch_exception  ebp=0085fa08 esp=0085f9ac cs=0023 ds=002b 
es=002b fs=003b gs=0033 flags=0246
  0024:trace:seh:call_vectored_handlers calling handler at 7B00B460 
code=c005 flags=0
  0024:trace:seh:call_vectored_handlers handler at 7B00B460 returned 0
  0024:trace:seh:call_stack_handlers calling handler at 004178B0 code=c005 
flags=0
  0024:trace:seh:call_stack_handlers handler at 004178B0 returned 0
  0024:trace:seh:dispatch_exception  call_stack_handlers continuing
  0024:trace:seh:dispatch_exception  call_stack_handlers ret status = 0
  0024:trace:seh:dispatch_exception code=0 flags=1 addr=7BC2389C ip=7bc2389c 
tid=0024

  The non-working verion is never managing to set the CPU context using
  NtContinue/SetContextThread back to the correct running thread stack
  and IP. It executes as if the context restore just returns to the
  function that called NtContinue() (dispatch_exception(), not the
  function that raised the exception or one of its parent exception
  handlers).

  It looks like NtSetContextThread(), specifically the asm function
  set_full_cpu_context() is being handled incorrectly.

  wine code below. note interesting use of iret with no previous
  interrupt call. The exception handler is called with a jmp.

  /***
   *   set_full_cpu_context
   *
   * Set the new CPU context.
   */
  extern void set_full_cpu_context( const CONTEXT *context );
  __ASM_GLOBAL_FUNC( set_full_cpu_context,
 "movl $0,%fs:0x1f8\n\t" /* 
x86_thread_data()->syscall_frame = NULL */
 "movl 4(%esp),%ecx\n\t"
 "movw 0x8c(%ecx),%gs\n\t"  /* SegGs */
 "movw 0x90(%ecx),%fs\n\t"  /* SegFs */
 "movw 0x94(%ecx),%es\n\t"  /* SegEs */
 "movl 0x9c(%ecx),%edi\n\t" /* Edi */
 "movl 0xa0(%ecx),%esi\n\t" /* Esi */
 "movl 0xa4(%ecx),%ebx\n\t" /* Ebx */
 "movl 0xb4(%ecx),%ebp\n\t" /* Ebp */
 "movw %ss,%ax\n\t"
 "cmpw 0xc8(%ecx),%ax\n\t"  /* SegSs */
 "jne 1f\n\t"
 /* As soon as we have switched stacks the context 
structure could
  * be invalid (when signal handlers are executed for 
example). Copy
  * values on the target stack before changing ESP. */
 "movl 0xc4(%ecx),%eax\n\t" /* Esp */
 "leal -4*4(%eax),%eax\n\t"
 "movl 0xc0(%ecx),%edx\n\t" /* EFlags */
 ".byte 0x36\n\t"
 "movl %edx,3*4(%eax)\n\t"
 "movl 0xbc(%ecx),%edx\n\t" /* SegCs */
 ".byte 0x36\n\t"
 "movl %edx,2*4(%eax)\n\t"
 "movl 0xb8(%ecx),%edx\n\t" /* Eip */
 ".byte 0x36\n\t"
 "movl %edx,1*4(%eax)\n\t"
 "movl 0xb0(%ecx),%edx\n\t" /* Eax */
 ".byte 0x36\n\t"
   

[Bug 1908416] Re: qemu-system-aarch64 can't run Windows 10 for ARM version 2004

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908416

Title:
  qemu-system-aarch64 can't run Windows 10 for ARM version 2004

Status in QEMU:
  Expired

Bug description:
  Problem: qemu-system-aarch64 can't run Windows 10 for ARM version 2004
  (20H2) or newer

  Host OS: Windows 10 x64 version 20H2
  CPU: Intel Pentium Dual-core T4300 (no vt-x)
  QEMU   : QEMU version 5.1.0 from qemu.org

  cmdline: qemu-system-aarch64.exe -M virt -cpu cortex-a72 -smp 3
  --accel tcg,thread=multi -m 2048 -pflash QEMU_EFI.img -pflash
  QEMU_VARS.img -device VGA -device nec-usb-xhci -device usb-kbd -device
  usb-mouse -device usb-storage,drive=cdrom -drive
  file="isofile.iso",media=cdrom,if=none,id=cdrom

  Note: QEMU_VARS and QEMU_EFI are taken from edk2

  Details: From this post (https://kitsunemimi.pw/notes/posts/running-
  windows-10-for-arm64-in-a-qemu-virtual-machine.html) and from what I
  have tried, QEMU can't run Windows ARM newer or equal to the 2004
  version. When we boot a 2004 iso (made from uupdump.ml), it stuck as
  the boot screen with the Windows ARM logo and nothing else. When I
  check the machine state and registers through the QEMU monitor, it
  shows that the VM is still running, but the registers are completely
  frozen! But if I try the older version, like 19H2, it works! Please
  help!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908416/+subscriptions

[Bug 1916506] Re: make check-venv may leave stale and incomplete tests/venv directory directory

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1916506

Title:
  make check-venv may leave stale and incomplete tests/venv directory
  directory

Status in QEMU:
  Expired

Bug description:
  As reported by "Philippe Mathieu-Daudé" , a "make
  check-venv" can be run and fail to properly create a suitable virtual
  environment, leaving the tests/venv directory which is the target for
  "make check-venv" itself.

  This means that on a subsequent run:

  > $ make check-venv
  >   GIT ui/keycodemapdb tests/fp/berkeley-testfloat-3
  > tests/fp/berkeley-softfloat-3 dtc capstone slirp
  > make: Nothing to be done for 'check-venv'.

  And the venv will still be incomplete.  The causes of such failures to
  create a suitable virtual environment are too many (in the reported
  case it was because of missing *required* Python packages).  Some more
  evolved virtual environments + Python packaging systems exist that
  could probably be used here (Pipenv) but would add further core
  requirements.

  The current mitigation is to run "make check-clean" when the venv
  appears to be incomplete.

  The goal of this bug is to attempt to make the venv setup atomic and
  more reliable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1916506/+subscriptions

[Bug 1917591] Re: qemu-i386 under aarch64: Segfaulting on Steamcmd

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1917591

Title:
  qemu-i386 under aarch64: Segfaulting on Steamcmd

Status in QEMU:
  Expired

Bug description:
  I am trying to set up a Valheim server on my Raspberry Pi 4 (8GB). I
  have installed the aarch64 image of Arm Arch Linux.

  I installed qemu-user-static (version 5.2.0 at this time of writing) from the 
AUR: https://aur.archlinux.org/packages/qemu-user-static/
  I have correctly set up binfmt support: 
https://aur.archlinux.org/packages/binfmt-qemu-static-all-arch/

  This allows me to successfully run i386 and amd64 docker images:

  [alarm@server ~]$ sudo docker run --rm i386/debian uname -a
  WARNING: The requested image's platform (linux/386) does not match the 
detected host platform (linux/arm64/v8) and no specific platform was requested
  Linux 9fd8d345b0aa 5.11.1-1-ARCH #1 SMP Tue Feb 23 20:00:47 MST 2021 i686 
GNU/Linux

  and

  [alarm@server ~]$ sudo docker run --rm amd64/debian uname -a
  WARNING: The requested image's platform (linux/amd64) does not match the 
detected host platform (linux/arm64/v8) and no specific platform was requested
  Linux 4f50fd228ab6 5.11.1-1-ARCH #1 SMP Tue Feb 23 20:00:47 MST 2021 x86_64 
GNU/Linux

  However, when I try to run the docker image that is going to host the
  server, the download of Valheim never succeeds because the used
  steamcmd application segfaults:

  The following command successfully runs the server: sudo docker run -d
  --name valheim-server -p 2456-2458:2456-2458/udp -e SERVER_NAME="My
  Server" -e WORLD_NAME="Neotopia" -e SERVER_PASS="secret" lloesche
  /valheim-server

  However, when we look into the container's logs via this command: sudo
  docker logs valheim-server

  We see the following entry in the log file: ./steamcmd.sh: line 38:
  86 Segmentation fault  (core dumped) $DEBUGGER "$STEAMEXE" "$@"

  This means that the download never completes, and therefor the Valheim
  server is never actually started. Any help would be much appreciated.
  If there is anything unclear or if you need more details, please let
  me know!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1917591/+subscriptions

[Bug 1917661] Re: qemu gdb wrong registers group for riscv64

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1917661

Title:
  qemu gdb wrong registers group for riscv64

Status in QEMU:
  Expired

Bug description:
  Step to reproduce:
  1. run qemu-system-riscv64 in gdb mode
  2. attach gdb
  3. set a breakpoint and run
  4. print register-groups using "maintenance print register-groups" command

  ...
   sbadaddr   4162 4162   1628   8 longall,general
   msounteren 4163 4163   1636   8 longall,general
   mbadaddr   4164 4164   1644   8 longall,general
   htimedeltah 4165 4165   1652   8 longall,general

  These registers don't belong to general group, instead they belong to
  all, system and csr groups.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1917661/+subscriptions

[Bug 1917565] Re: Windows 10 fails with "Boot device inaccessible"

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1917565

Title:
  Windows 10 fails with "Boot device inaccessible"

Status in QEMU:
  Expired

Bug description:
  The issue is happening on all versions I tried after the following
  commit. I can also remove this individual change from master and it
  starts to work.

  OVMF_CODE.fd is what comes with Ubuntu 20.04 through package manager.

  
  git diff af1b80ae56c9495999e8ccf7b70ef894378de642~ 
af1b80ae56c9495999e8ccf7b70ef894378de642
  diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
  index b7bc2a..7a5a8b3521 100644
  --- a/hw/i386/acpi-build.c
  +++ b/hw/i386/acpi-build.c
  @@ -1497,7 +1497,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
   dev = aml_device("PCI0");
   aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
   aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
  -aml_append(dev, aml_name_decl("_UID", aml_int(1)));
  +aml_append(dev, aml_name_decl("_UID", aml_int(0)));
   aml_append(sb_scope, dev);
   aml_append(dsdt, sb_scope);

  @@ -1512,7 +1512,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
   aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08")));
   aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03")));
   aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
  -aml_append(dev, aml_name_decl("_UID", aml_int(1)));
  +aml_append(dev, aml_name_decl("_UID", aml_int(0)));
   aml_append(dev, build_q35_osc_method());
   aml_append(sb_scope, dev);
   aml_append(dsdt, sb_scope);

  The virtual machine start command:
  x86_64-softmmu/qemu-system-x86_64 -name guest=win10-dev,debug-threads=on 
-blockdev 
'{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
 -blockdev 
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
 -blockdev 
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/win10-dev_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
 -blockdev 
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
 -machine 
pc-q35-4.2,accel=kvm,usb=off,vmport=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format
 -cpu 
Skylake-Client-IBRS,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,clflushopt=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,pdpe1gb=on,ibpb=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff
 -m 6144 -overcommit mem-lock=off -smp 4,sockets=4,cores=1,threads=1 -uuid 
5646e540-5022-4ace-8d6a-d7c4b61a6d3d -no-user-config -nodefaults -rtc 
base=localtime,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet 
-global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on 
-device 
pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2
 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 
-device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 
-device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 
-device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 
-device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device 
virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -blockdev 
'{"driver":"host_device","filename":"/dev/disk/by-id/scsi-1SanDisk_Extreme_SSD_20072F404043","aio":"native","node-name":"libvirt-2-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}'
 -blockdev 
'{"node-name":"libvirt-2-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-2-storage"}'
 -device 
ide-hd,bus=ide.0,drive=libvirt-2-format,id=sata0-0-0,bootindex=1,write-cache=on 
-device ide-cd,bus=ide.1,id=sata0-0-1 -netdev user,id=hostnet0 -device 
e1000e,netdev=hostnet0,id=net0,mac=52:54:00:10:5b:55,bus=pci.1,addr=0x0 
-chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 
-chardev spicevmc,id=charchannel0,name=vdagent -device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
 -device usb-tablet,id=input0,bus=usb.0,port=1 -spice 
port=5900,addr=127.0.0.1,disable-ticketing=on,image-compression=off,seamless-migration=on
 -device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pcie.0,addr=0x1
 -device ich9-intel-hda,id=sound0,bus=pcie.0,addr=0x1b -device 
hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 

[Bug 1910696] Re: Qemu fails to start with error " There is no option group 'spice'"

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1910696

Title:
  Qemu fails to start with error " There is no option group 'spice'"

Status in QEMU:
  Expired

Bug description:
  After upgrade from 5.1.0 to 5.2.0, qemu fails on start with error:
  `
  /usr/bin/qemu-system-x86_64 -S -name trinti -uuid 
f8ad2ff6-8808-4f42-8f0b-9e23acd20f84 -daemonize -cpu host -nographic -serial 
chardev:console -nodefaults -no-reboot -no-user-config -sandbox 
on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny 
-readconfig /var/log/lxd/trinti/qemu.conf -pidfile /var/log/lxd/trinti/qemu.pid 
-D /var/log/lxd/trinti/qemu.log -chroot /var/lib/lxd/virtual-machines/trinti 
-smbios type=2,manufacturer=Canonical Ltd.,product=LXD -runas nobody: 
  qemu-system-x86_64:/var/log/lxd/trinti/qemu.conf:27: There is no option group 
'spice'
  qemu-system-x86_64: -readconfig /var/log/lxd/trinti/qemu.conf: read config 
/var/log/lxd/trinti/qemu.conf: Invalid argument
  `
  Bisected to first bad commit: 
https://github.com/qemu/qemu/commit/cbe5fa11789035c43fd2108ac6f45848954954b5

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1910696/+subscriptions

[Bug 1907969] Re: linux-user/i386: Segfault when mixing threads and signals

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907969

Title:
  linux-user/i386: Segfault when mixing threads and signals

Status in QEMU:
  Expired

Bug description:
  Given the following C program, qemu-i386 will surely and certainly segfault 
when executing it.
  The problem is only noticeable if the program is statically linked to musl's 
libc and, as written
  in the title, it only manifests when targeting i386.

  Removing the pthread calls or the second raise() makes it not
  segfault.

  The crash is in some part of the TCG-generated code, right when it tries to 
perform a
  %gs-relative access.

  If you want a quick way of cross-compiling this binary:

  * Download a copy of the Zig compiler from https://ziglang.org/download/
  * Compile it with
`zig cc -target i386-linux-musl  -o `

  ```
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 

  void sig_func(int sig)
  {
  write(1, "hi!\n", strlen("hi!\n"));
  }

  void func(void *p) { }

  typedef void *(*F)(void *);

  int main()
  {
  pthread_t tid;

  struct sigaction action;
  action.sa_flags = 0;
  action.sa_handler = sig_func;

  if (sigaction(SIGUSR1, , NULL) == -1) {
  return 1;
  }

  // This works.
  raise(SIGUSR1);

  pthread_create(, NULL, (F)func, NULL);
  pthread_join(tid, NULL);

  // This makes qemu segfault.
  raise(SIGUSR1);
  }
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907969/+subscriptions

[Bug 1908781] Re: x86-64 not faulting when CS.L = 1 and CS.D = 1

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908781

Title:
  x86-64 not faulting when CS.L = 1 and CS.D = 1

Status in QEMU:
  Expired

Bug description:
  In a UEFI application I accidentally created a code segment descriptor
  where both the L and D bits were 1. This is supposed to generate a GP
  fault (e.g. see page 2942 of
  https://software.intel.com/sites/default/files/managed/39/c5/325462
  -sdm-vol-1-2abcd-3abcd.pdf). When running with KVM a fault did indeed
  occur, but when not specifying any acceleration, no fault occurred.

  Let me know if you need me to develop a minimum example to debug from.
  At the moment it's all part of a slightly more complicated bit of
  code.

  Version: 5.2.0 (compiled from source)
  Command line options: -smp cores=4 -m 8192 (plus whatever uefi-run adds to 
plug in OVMF and my UEFI application).
  Environment: Ubuntu 20.04 on Ryzen 3700X

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908781/+subscriptions

[Bug 1910605] Re: qemu-arm-static ioctl USBDEVFS_BULK return -1 (EFAULT) Bad address

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1910605

Title:
  qemu-arm-static ioctl USBDEVFS_BULK return -1 (EFAULT) Bad address

Status in QEMU:
  Expired

Bug description:

  Snippet of code sample:

  struct usbdevfs_bulktransfer Bulk;
  Bulk.ep = hUsb->UsbOut;  
  Bulk.len = Len;  
  Bulk.data = (void *)pData;  
  Bulk.timeout = Timeout;
  Bytes = ioctl(hUsb->fd, USBDEVFS_BULK, )

  The above code sample return -1 (EFAULT) Bad address when using qemu-
  arm-static but is running ok when on qemu-aarch64-static.

  I use a 64-bit intel laptop

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1910605/+subscriptions

[Bug 1912170] Re: NUMA nodes created with memory-backend-ram shows size different than requested

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1912170

Title:
  NUMA nodes created with memory-backend-ram shows size different than
  requested

Status in QEMU:
  Expired

Bug description:
  I created system with 7 NUMA nodes where nodes 0-3 should have 268435456 
bytes size and nodes 4-6 exactly 1610612736 bytes size, but when I run "numactl 
-H" I got different (smaller) sizes.
  It is essential for me to be able to emulate a system with nodes of exact 
size - is it possible?

  QEMU version:

  QEMU emulator version 5.1.0
  Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

  QEMU command:

  qemu-system-x86_64 -hda qemu-image/ubuntu-1804.img -enable-kvm -cpu
  Cascadelake-Server -vnc :5 -netdev user,id=net0,hostfwd=tcp::10022-:22
  -device virtio-net,netdev=net0 -boot c -m 5632.0M -object memory-
  backend-ram,id=ram-node0,size=268435456 -numa
  node,nodeid=0,cpus=0-3,memdev=ram-node0 -object memory-backend-ram,id
  =ram-node1,size=268435456 -numa node,nodeid=1,cpus=4-7,memdev=ram-
  node1 -object memory-backend-ram,id=ram-node2,size=268435456 -numa
  node,nodeid=2,cpus=8-11,memdev=ram-node2 -object memory-backend-ram,id
  =ram-node3,size=268435456 -numa node,nodeid=3,cpus=12-15,memdev=ram-
  node3 -object memory-backend-ram,id=ram-node4,size=1610612736 -numa
  node,nodeid=4,memdev=ram-node4 -object memory-backend-ram,id=ram-
  node5,size=1610612736 -numa node,nodeid=5,memdev=ram-node5 -object
  memory-backend-ram,id=ram-node6,size=1610612736 -numa
  node,nodeid=6,memdev=ram-node6 -numa dist,src=0,dst=0,val=10 -numa
  dist,src=0,dst=1,val=21 -numa dist,src=0,dst=2,val=31 -numa
  dist,src=0,dst=3,val=21 -numa dist,src=0,dst=4,val=17 -numa
  dist,src=0,dst=5,val=38 -numa dist,src=0,dst=6,val=28 -numa
  dist,src=1,dst=0,val=21 -numa dist,src=1,dst=1,val=10 -numa
  dist,src=1,dst=2,val=21 -numa dist,src=1,dst=3,val=31 -numa
  dist,src=1,dst=4,val=28 -numa dist,src=1,dst=5,val=17 -numa
  dist,src=1,dst=6,val=38 -numa dist,src=2,dst=0,val=31 -numa
  dist,src=2,dst=1,val=21 -numa dist,src=2,dst=2,val=10 -numa
  dist,src=2,dst=3,val=21 -numa dist,src=2,dst=4,val=28 -numa
  dist,src=2,dst=5,val=28 -numa dist,src=2,dst=6,val=28 -numa
  dist,src=3,dst=0,val=21 -numa dist,src=3,dst=1,val=31 -numa
  dist,src=3,dst=2,val=21 -numa dist,src=3,dst=3,val=10 -numa
  dist,src=3,dst=4,val=28 -numa dist,src=3,dst=5,val=28 -numa
  dist,src=3,dst=6,val=17 -numa dist,src=4,dst=0,val=17 -numa
  dist,src=4,dst=1,val=28 -numa dist,src=4,dst=2,val=28 -numa
  dist,src=4,dst=3,val=28 -numa dist,src=4,dst=4,val=10 -numa
  dist,src=4,dst=5,val=28 -numa dist,src=4,dst=6,val=28 -numa
  dist,src=5,dst=0,val=38 -numa dist,src=5,dst=1,val=17 -numa
  dist,src=5,dst=2,val=28 -numa dist,src=5,dst=3,val=28 -numa
  dist,src=5,dst=4,val=28 -numa dist,src=5,dst=5,val=10 -numa
  dist,src=5,dst=6,val=28 -numa dist,src=6,dst=0,val=38 -numa
  dist,src=6,dst=1,val=28 -numa dist,src=6,dst=2,val=28 -numa
  dist,src=6,dst=3,val=17 -numa dist,src=6,dst=4,val=28 -numa
  dist,src=6,dst=5,val=28 -numa dist,src=6,dst=6,val=10  -smp
  16,sockets=4,dies=1,cores=4,threads=1  -fsdev
  local,security_model=passthrough,id=fsdev0,path=/home/mysuser/share
  -device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=share_host
  -daemonize

  output from numactl -H:

  $ numactl -H
  available: 7 nodes (0-6)
  node 0 cpus: 0 1 2 3
  node 0 size: 250 MB
  node 0 free: 191 MB
  node 1 cpus: 4 5 6 7
  node 1 size: 251 MB
  node 1 free: 199 MB
  node 2 cpus: 8 9 10 11
  node 2 size: 251 MB
  node 2 free: 218 MB
  node 3 cpus: 12 13 14 15
  node 3 size: 251 MB
  node 3 free: 118 MB
  node 4 cpus:
  node 4 size: 1511 MB
  node 4 free: 1507 MB
  node 5 cpus:
  node 5 size: 1447 MB
  node 5 free: 1443 MB
  node 6 cpus:
  node 6 size: 1489 MB
  node 6 free: 1484 MB
  node distances:
  node   0   1   2   3   4   5   6
0:  10  21  31  21  17  38  28
1:  21  10  21  31  28  17  38
2:  31  21  10  21  28  28  28
3:  21  31  21  10  28  28  17
4:  17  28  28  28  10  28  28
5:  38  17  28  28  28  10  28
6:  38  28  28  17  28  28  10

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1912170/+subscriptions

[Bug 1911188] Re: qemu-system-x86_64 prints obscure error message and exits when encountering an empty argument

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1911188

Title:
  qemu-system-x86_64 prints obscure error message and exits when
  encountering an empty argument

Status in QEMU:
  Expired

Bug description:
  QEMU emulator version 4.2.1 (qemu-4.2.1-1.fc32) on Fedora 32.

  When writing a script to start qemu automatically, I ran into a very
  confusing error message due to a bug in my script and had trouble
  understanding it. I isolated the problem to the following:

  $ qemu-system-x86_64 ""
  qemu-system-x86_64: Initialization of device ide-hd failed: Device needs 
media, but drive is empty

  As you can see, running qemu with an empty argument prints a seemingly
  random and unrelated error message about an ide-hd device, and the
  program immediately exits with code 1. This happens when an empty
  argument appears anywhere in the arguments list, always causing the
  program to immediately die with this error.

  This is a simply baffling message to be encountering when the problem
  is really an empty argument.

  Expected behaviour: Either flatly ignore the empty argument, or at
  most trigger a warning (eg, "warning: saw empty argument"). It should
  not at all prevent the program from running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1911188/+subscriptions

[Bug 1908626] Re: Atomic test-and-set instruction does not work on qemu-user

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1908626

Title:
  Atomic test-and-set instruction does not work on qemu-user

Status in QEMU:
  Expired

Bug description:
  I try to compile and run PostgreSQL/Greenplum database inside docker 
container/qemu-aarch64-static:
  ```
   host: CentOS7 x86_64
   container: centos:centos7.9.2009 --platform linux/arm64/v8
   qemu-user-static: https://github.com/multiarch/qemu-user-static/releases/
  ```

  However, GP/PG's spinlock always gets stuck and reports PANIC errors. It 
seems its spinlock
  has something wrong.
  ```
  https://github.com/greenplum-db/gpdb/blob/master/src/include/storage/s_lock.h
  
https://github.com/greenplum-db/gpdb/blob/master/src/backend/storage/lmgr/s_lock.c
  ```

  So I extract its spinlock implementation into one test C source file (see 
attachment file),
  and get reprodcued:

  ```
  $ gcc spinlock_qemu.c
  $ ./a.out 
  C -- slock inited, lock value is: 0
  parent 139642, child 139645
  P -- slock lock before, lock value is: 0
  P -- slock locked, lock value is: 1
  P -- slock unlock after, lock value is: 0
  C -- slock lock before, lock value is: 1
  P -- slock lock before, lock value is: 1
  C -- slock locked, lock value is: 1
  C -- slock unlock after, lock value is: 0
  C -- slock lock before, lock value is: 1
  P -- slock locked, lock value is: 1
  P -- slock unlock after, lock value is: 0
  P -- slock lock before, lock value is: 1
  C -- slock locked, lock value is: 1
  C -- slock unlock after, lock value is: 0
  P -- slock locked, lock value is: 1
  C -- slock lock before, lock value is: 1
  P -- slock unlock after, lock value is: 0
  C -- slock locked, lock value is: 1
  P -- slock lock before, lock value is: 1
  C -- slock unlock after, lock value is: 0
  P -- slock locked, lock value is: 1
  C -- slock lock before, lock value is: 1
  P -- slock unlock after, lock value is: 0
  C -- slock locked, lock value is: 1
  P -- slock lock before, lock value is: 1
  C -- slock unlock after, lock value is: 0
  P -- slock locked, lock value is: 1
  C -- slock lock before, lock value is: 1
  P -- slock unlock after, lock value is: 0
  P -- slock lock before, lock value is: 1
  spin timeout, lock value is 1 (pid 139642)
  spin timeout, lock value is 1 (pid 139645)
  spin timeout, lock value is 1 (pid 139645)
  spin timeout, lock value is 1 (pid 139642)
  spin timeout, lock value is 1 (pid 139645)
  spin timeout, lock value is 1 (pid 139642)
  ...
  ...
  ...
  ```

  NOTE: this code always works on PHYSICAL ARM64 server.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1908626/+subscriptions

[Bug 1913913] Re: i386-linux-user returns -1 in sigcontext->trapno

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1913913

Title:
  i386-linux-user returns -1 in sigcontext->trapno

Status in QEMU:
  Expired

Bug description:
  QEMU development version, git commit
  74208cd252c5da9d867270a178799abd802b9338. Behaviour has been noted in
  5.2.0 generally.

  Certain 16-bit windows programs crash WINE under QEMU linux-user with:

  0084:err:seh:segv_handler Got unexpected trap -1
  wine: Unhandled illegal instruction at address 6D65 (thread 0084), 
starting debugger...

  They run correctly on native i386.

  Upon further inspection,it becomes clear these programs are failing at
  addresses where they are making DOS calls (int 21h ie CD 21 for
  instance).

  It is also clear that WINE is expecting an exception/signal at this
  point, to patch in the actual int21h handling code inside WINE.

  However, wine uses sigcontext output extensively to do its structured
  exception handling. sigcontext->trapno being set to -1 seems to
  confuse it, causing it to treat the exception as an actual unhandled
  error.

  I do not know if exception_index is being left at -1 due to the case
  of privileged instructions being executed in 16-bit ldts not being
  handled specifically, or if there is some other illegal instruction
  case causing this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1913913/+subscriptions

[Bug 1913315] Re: qemu-system-x86_64 crash: in memory_region_access_valid+0x13

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1913315

Title:
  qemu-system-x86_64 crash: in memory_region_access_valid+0x13

Status in QEMU:
  Expired

Bug description:
  Recently we started to get intermittent qemu crashes. There is
  catchsegv report:

  ```
  + qemu-system-x86_64 -m 77766M -smp 8 -nodefaults -nographic -no-reboot 
-fsdev local,id=root,path=/,security_model=none,multidevs=remap -device 
virtio-9p-pci,fsdev=root,mount_tag=/dev/root -device virtio-rng-pci -serial 
mon:stdio -kernel 
/usr/src/tmp/kernel-image-rt-buildroot/boot/vmlinuz-4.19.165-rt-alt1.rt70 
-initrd /usr/src/tmp/initramfs-4.19.165-rt-alt1.rt70.img -bios bios.bin -append 
'console=ttyS0 mitigations=off nokaslr quiet panic=-1 no_timer_check'
  *** signal 11
  Register dump:

   RAX:    RBX: 03400340   RCX: 0001
   RDX: 0004   RSI: 0300   RDI: 03400340
   RBP: 0300   R8 :    R9 : 03400340
   R10: 0370   R11: 0002   R12: 0004
   R13: 0004   R14: 55b473fef5e0   R15: 0002
   RSP: 7fd7edffae90

   RIP: 55b4717ef653   EFLAGS: 00010206

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask: 7ffbfa77   CR2: 0388

   FPUCW: 037f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  qemu-system-x86_64(memory_region_access_valid+0x13)[0x55b4717ef653]
  qemu-system-x86_64(memory_region_dispatch_write+0x48)[0x55b4717ef8c8]
  qemu-system-x86_64(+0x69fdfc)[0x55b471851dfc]
  qemu-system-x86_64(helper_le_stl_mmu+0x2c5)[0x55b471858995]
  [0x7feaed070925]

  ```
  QEMU release 5.2.0.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1913315/+subscriptions

[Bug 1913926] Re: [QEMU User-Mode] Mesa Fails To Load RadeonSI Driver When In Docker Image

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1913926

Title:
  [QEMU User-Mode] Mesa Fails To Load RadeonSI Driver When In Docker
  Image

Status in QEMU:
  Expired

Bug description:
  # System Details
  AMD Ryzen 7 3700U
  Ubuntu 20.04 Focal Focus

  # Dockerfile

  FROM arm32v7/debian:bullseye

  RUN apt-get update && apt-get install -y mesa-utils

  ENTRYPOINT glxgears

  # Instructions For Reproduction
  1. Install Docker
  2. Build Docker Image: docker build --tag mesa-arm-test .
  3. Run: docker run -v /tmp/.X11-unix:/tmp/.X11-unix --device 
/dev/dri:/dev/dri -e "DISPLAY=${DISPLAY}" mesa-arm-test

  The Output Is:

  amdgpu_device_initialize: amdgpu_query_info(ACCEL_WORKING) failed (-38)
  amdgpu: amdgpu_device_initialize failed.
  libGL error: failed to create dri screen
  libGL error: failed to load driver: radeonsi
  libGL error: failed to get magic
  libGL error: failed to load driver: radeonsi

  It then appears to run using software rendering.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1913926/+subscriptions

[Bug 1912857] Re: virtio-serial blocks hostfwd ssh on windows 10 host

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1912857

Title:
  virtio-serial blocks hostfwd ssh on windows 10 host

Status in QEMU:
  Expired

Bug description:
  qemu-system-x86_64
    -display none
    -hda archlinux.qcow2
    -m 4G
    -netdev user,id=n1,hostfwd=tcp::-:22
    -device virtio-net-pci,netdev=n1

  --> THIS WORKS - meaning I can ssh into the vm via port 

  qemu-system-x86_64
    -display none
    -hda archlinux.qcow2
    -m 4G
    -netdev user,id=n1,hostfwd=tcp::-:22
    -device virtio-net-pci,netdev=n1
    -device virtio-serial
    -device virtserialport,chardev=cid0
    -chardev socket,id=cid0,host=localhost,port=55298,server,nowait

  --> DOES NOT WORK - meaning I cannot ssh into the vm

  Not only does the port  not work, but I am not able to perform any
  serial transfer on port 55298 as well.

  The following doesn't work either:

  qemu-system-x86_64
    -display none
    -hda archlinux.qcow2
    -m 4G
    -netdev user,id=n1,hostfwd=tcp::-:22
    -device virtio-net-pci,netdev=n1
    -device virtio-serial
    -device virtserialport,chardev=cid0
    -chardev file,id=cid0,path=mypath

  No matter which character device I use for my virtserialport
  communication (socket or udp or file or pipe), the hostfwd doesn't
  work.

  Also, if I enable the display, I am unable to type anything in the
  emulator window when I use virtserialport.

  Host: Windows 10
  Guest: archlinux
  QEMU version 5.2

  The same thing works just fine on a Mac OS X host (tested on Big Sur)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1912857/+subscriptions

[Bug 1913505] Re: Windows XP slow on Apple M1

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1913505

Title:
  Windows XP slow on Apple M1

Status in QEMU:
  Expired

Bug description:
  Qemu installed by using brew install qemu -s on M1

  QEMU emulator version 5.2.0
  XP image from: https://archive.org/details/WinXPProSP3x86

  Commands run:
  $ qemu-img create -f qcow2 xpsp3.img 10G
  $ qemu-system-i386 -m 512 -hda xpsp3.img -cdrom 
WinXPProSP3x86/en_windows_xp_professional_with_service_pack_3_x86_cd_vl_x14-73974.iso
 -boot d

  It's taken 3 days now with qemu running at around 94% CPU and
  installation hasn't finished. The mouse pointer moves and occasionally
  changes between the pointer and hourglass so it doesn't seem to have
  frozen.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1913505/+subscriptions

[Bug 1914294] Re: Windows XP displays black screen when smp option is used

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1914294

Title:
  Windows XP displays black screen when smp option is used

Status in QEMU:
  Expired

Bug description:
  When I use Windows XP with the -smp option, the screen goes black. The
  only thing I can see is a cursor. I have tried -smp 2, -smp cores=4,
  and -smp cores=2.

  My info:

  Host:
  M1 Mac
  Mac OS 11.1
  QEMU 5.2 at cf7ca7d5b9faca13f1f8e3ea92cfb2f741eb0c0e.

  Guest:
  32-bit Windows XP SP3 build 2600.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914294/+subscriptions

[Bug 1914021] Re: qemu: uncaught target signal 4 (Illegal instruction) but gdb remote-debug exited normally

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1914021

Title:
  qemu: uncaught target signal 4 (Illegal instruction) but gdb remote-
  debug exited normally

Status in QEMU:
  Expired

Bug description:
  I'm getting Illegal instruction (core dumped) when running the
  attached a.out_err binary in qemu, but when using Gdb to remote-debug
  the program, it exited normally. will appreciate if you can help look
  into this qemu issue.

  readelf -h a.out_err
  ELF Header:
Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data:  2's complement, little endian
Version:   1 (current)
OS/ABI:UNIX - System V
ABI Version:   0
Type:  EXEC (Executable file)
Machine:   ARM
Version:   0x1
Entry point address:   0x8220
Start of program headers:  52 (bytes into file)
Start of section headers:  54228 (bytes into file)
Flags: 0x5000200, Version5 EABI, soft-float ABI
Size of this header:   52 (bytes)
Size of program headers:   32 (bytes)
Number of program headers: 3
Size of section headers:   40 (bytes)
Number of section headers: 16
Section header string table index: 15

  qemu-arm version 4.0.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914021/+subscriptions

[Bug 1914667] Re: High cpu usage when guest is idle on qemu-system-i386

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1914667

Title:
  High cpu usage when guest is idle on qemu-system-i386

Status in QEMU:
  Expired

Bug description:
  When running Windows XP in qemu-system-i386, the cpu usage of QEMU is
  about 100% even when the guest CPU usage is close to 2%. The host cpu
  usage should be low when the guest cpu usage is low.

  Command: qemu-system-i386 -hda 

  Using this command also shows around 100% host CPU usage:
  qemu-system-i386 -m 700 -hda  -usb -device usb-audio 
-net nic,model=rtl8139 -net user -hdb mountable.img -soundhw pcspk

  Using the Penryn CPU option also saw this problem:
  qemu-system-i386 -hda  -m 700 -cpu Penryn-v1

  Using "-cpu pentium2" saw the same high host cpu usage.

  
  My Info:
  M1 MacBook Air
  Mac OS 11.1
  qemu-system-i386 version 5.2 (1ba089f2255bfdb071be3ce6ac6c3069e8012179)
  Windows XP SP3 Build 2600

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1914667/+subscriptions

[Bug 1779955] Re: qemu linux-user requires read permissions on memory passed to syscalls that should only need write access

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1779955

Title:
  qemu linux-user requires read permissions on memory passed to syscalls
  that should only need write access

Status in QEMU:
  Expired

Bug description:
  When read() function takes an mmap'ed address as output buffer, it
  returns EFAULT. The expected behavior is it should just work.

  The following code works for qemu-system-arm, but not for qemu-arm-
  static.

  QEMU version affected: latest release 2.12.0.

  Steps to reproduce (please substitute /path/to/qemu-arm-static with
  the path of the binary, and /tmp/a.cpp with the example source code
  attached):

  # First register binfmt_misc
  [hidden]$ docker run --rm --privileged multiarch/qemu-user-static:register 
--reset

  # Compile the code and run
  [hidden]$ docker run --rm -it -v /tmp/a.cpp:/tmp/a.cpp -v 
/path/to/qemu-arm-static:/usr/bin/qemu-arm-static arm32v7/ubuntu:18.04 bash -c 
'{ apt update -y && apt install -y g++; } >& /dev/null && g++ -std=c++14 
/tmp/a.cpp -o /tmp/a.out && echo hehe > /tmp/haha.txt && /tmp/a.out'
  ofd=3
  ftruncate=0
  mmap=0xff3f5000
  fd=4
  0xff3f5023 -1 14

  The expected result in qemu-system-arm as well as natively on x86_64 host:
  hidden$ ./a.out
  ofd=3
  ftruncate=0
  mmap=0xb6fb7000
  fd=4
  0xb6fb7023 5 0

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1779955/+subscriptions

[Bug 1785734] Re: movdqu partial write at page boundary

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1785734

Title:
  movdqu partial write at page boundary

Status in QEMU:
  Expired

Bug description:
  In TCG mode, when a 16-byte write instruction (such as movdqu) is
  executed at a page boundary and causes a page fault, a partial write
  is executed in the first page. See the attached code for an example.

  Tested on the qemu-3.0.0-rc1 release.

  % gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out
  [snip]
  page fault: addr=0x70001000 err=0x7
  *(0x7ff8+ 0) = aa
  *(0x7ff8+ 1) = aa
  *(0x7ff8+ 2) = aa
  *(0x7ff8+ 3) = aa
  *(0x7ff8+ 4) = aa
  *(0x7ff8+ 5) = aa
  *(0x7ff8+ 6) = aa
  *(0x7ff8+ 7) = aa
  *(0x7ff8+ 8) = 55
  *(0x7ff8+ 9) = 55
  *(0x7ff8+10) = 55
  *(0x7ff8+11) = 55
  *(0x7ff8+12) = 55
  *(0x7ff8+13) = 55
  *(0x7ff8+14) = 55
  *(0x7ff8+15) = 55

  [snip]
  page fault: addr=0x70001000 err=0x6
  *(0x7ff8+ 0) = 77
  *(0x7ff8+ 1) = 66
  *(0x7ff8+ 2) = 55
  *(0x7ff8+ 3) = 44
  *(0x7ff8+ 4) = 33
  *(0x7ff8+ 5) = 22
  *(0x7ff8+ 6) = 11
  *(0x7ff8+ 7) = 0
  *(0x7ff8+ 8) = 55
  *(0x7ff8+ 9) = 55
  *(0x7ff8+10) = 55
  *(0x7ff8+11) = 55
  *(0x7ff8+12) = 55
  *(0x7ff8+13) = 55
  *(0x7ff8+14) = 55
  *(0x7ff8+15) = 55

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1785734/+subscriptions

[Bug 1862874] Re: java may stuck for a long time in system mode with "-cpu max"

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1862874

Title:
  java may stuck for a long time in system mode with "-cpu max"

Status in QEMU:
  Expired

Bug description:
  Bug Description:
  Run "java -version" in guest VM, java may stuck for a long time (several 
hours) and then recover.

  Steps to reproduce:
  1. Launch VM by attached simple script: launch.sh
  2. Execute "java -version" and then print "date" in a loop
  while :
  do
/home/bot/jdk/bin/java -version
date
  done
  3. A long time gap will be observed: may > 24 hours.

  Technical details:
  * host: x86_64 Linux 4.15.0-70-generic
  * qemu v4.2.0
  * java: tried two versions: openjdk-11-jre-headless or compiled java-13 
  * command-line: (See details in launch.sh)
  /home/bot/qemu/qemu-build/qemu-4.2.0/binaries/bin/qemu-system-x86_64 \
-drive "file=${img},format=qcow2" \
-drive "file=${user_data},format=raw" \
-cpu max \
-m 24G \
-serial mon:stdio \
-smp 8 \
-nographic \
  ;

  * Observed by java core dump generated by "kill -SIGSEGV" when java stucked:
  Different pthreads are blocked on their own condition variables:

Id   Target Id Frame
1Thread 0x7f48a041a080 (LWP 22470) __GI_raise (sig=sig@entry=6)
  at ../sysdeps/unix/sysv/linux/raise.c:51
2Thread 0x7f487197d700 (LWP 22473) 0x7f489f5c49f3 in 
futex_wait_cancelable (private=, expected=0, 
futex_word=0x7f48980197c0)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:88
3Thread 0x7f4861b89700 (LWP 22483) 0x7f489f5c4ed9 in 
futex_reltimed_wait_cancelable (private=, 
reltime=0x7f4861b88960, expected=0,
  futex_word=0x7f489801b084)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:142
4Thread 0x7f4861e8c700 (LWP 22480) 0x7f489f5c76d6 in 
futex_abstimed_wait_cancelable (private=0, abstime=0x0, expected=0, 
futex_word=0x7f48980107c0)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:205
5Thread 0x7f4861c8a700 (LWP 22482) 0x7f489f5c4ed9 in 
futex_reltimed_wait_cancelable (private=, 
reltime=0x7f4861c89800, expected=0,
  futex_word=0x7f489801ed44)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:142
6Thread 0x7f48a0418700 (LWP 22471) 0x7f4880b13200 in ?? ()
7Thread 0x7f48703ea700 (LWP 22478) 0x7f489f5c49f3 in 
futex_wait_cancelable (private=, expected=0, 
futex_word=0x7f489801dfc0)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:88
8Thread 0x7f48702e9700 (LWP 22479) 0x7f489f5c49f3 in 
futex_wait_cancelable (private=, expected=0, 
futex_word=0x7f489838cd84)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:88
9Thread 0x7f4870f71700 (LWP 22475) 0x7f489f5c49f3 in 
futex_wait_cancelable (private=, expected=0, 
futex_word=0x7f489801a300)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:88
10   Thread 0x7f487187b700 (LWP 22474) 0x7f489f5c76d6 in 
futex_abstimed_wait_cancelable (private=0, abstime=0x0, expected=0, 
futex_word=0x7f48980cf770)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:205
11   Thread 0x7f4871a7f700 (LWP 22472) 0x7f489f5c76d6 in 
futex_abstimed_wait_cancelable (private=0, abstime=0x0, expected=0, 
futex_word=0x7f489809ba30)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:205
12   Thread 0x7f4861d8b700 (LWP 22481) 0x7f489f5c4ed9 in 
futex_reltimed_wait_cancelable (private=, 
reltime=0x7f4861d8a680, expected=0,
  futex_word=0x7f489801ed44)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:142
13   Thread 0x7f48704ec700 (LWP 22477) 0x7f489f5c4ed9 in 
futex_reltimed_wait_cancelable (private=, 
reltime=0x7f48704eb910, expected=0,
  futex_word=0x7f489801d120)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:142
14   Thread 0x7f4870e6f700 (LWP 22476) 0x7f489f5c4ed9 in 
futex_reltimed_wait_cancelable (private=, 
reltime=0x7f4870e6eb20, expected=0,
  futex_word=0x7f489828abd0)
  at ../sysdeps/unix/sysv/linux/futex-internal.h:142

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1862874/+subscriptions

[Bug 1870331] Re: default nic device created even though supplied by configfile

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1870331

Title:
  default nic device created even though supplied by configfile

Status in QEMU:
  Expired

Bug description:
  QEMU emulator version 4.1.94

  Documentation states that qemu will create a default nic as long as
  not explicitly forbidden (-nic none) or defined ( e.g. -nic
  ).

  Observation:
  Even though qemu-system-ppc is started with "-readconfig" (which defines a 
nic), another nic gets created. When additionally suppling "-nic none", only 
the nic of the config file is created.
  As matter of fact, if all items that are defined in config file are supplied 
as command line arguments, no further nic is created. 

  Expectation:
  When a nic is defined in config file, the default guest-nic should not get 
created.
  That would match behavior when all items, defined in config file are supplied 
as command line arguments.

  
  Attached config file.

  (qemu) info pci
   Bus 0, device 0, function 0:
   Host bridge: PCI device 1057:0002
   PCI subsystem 1af4:1100
   id ""
   Bus 0, device 1, function 0:
   VGA controller: PCI device 1234:
   PCI subsystem 1af4:1100
   BAR0: 32 bit prefetchable memory at 0x8000 [0x80ff].
   BAR2: 32 bit memory at 0x8100 [0x81000fff].
   BAR6: 32 bit memory at 0x [0xfffe].
   id ""
   Bus 0, device 2, function 0:
   Ethernet controller: PCI device 10ec:8029
   PCI subsystem 1af4:1100
   IRQ 23.
   BAR0: I/O at 0x1000 [0x10ff].
   BAR6: 32 bit memory at 0x [0x0007fffe].
   id ""
   Bus 0, device 3, function 0:
   Ethernet controller: PCI device 10ec:8029
   PCI subsystem 1af4:1100
   IRQ 24.
   BAR0: I/O at 0x1100 [0x11ff].
   BAR6: 32 bit memory at 0x [0x0007fffe].
   id ""

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1870331/+subscriptions

[Bug 1897481] Re: qemu crashes with VGA pass-through, e-GPU, nvidia 1060

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1897481

Title:
  qemu crashes with VGA pass-through, e-GPU, nvidia 1060

Status in QEMU:
  Expired

Bug description:
  I try to pass-through nvidia 1060 6gb card, which is connected via
  ExpressCard (EXP-GDC converter).

  I can successfully run my virtual machine without pass-through, but
  when I try to add the devices, qemu crashes.

  The coredump contains:

  Stack trace of thread 3289311:
  #0  0x00614c49 memory_region_update_container_subregions 
(qemu-system-x86_64 + 0x214c49)
  #1  0x005c0e8c vfio_probe_nvidia_bar0_quirk (qemu-system-x86_64 + 
0x1c0e8c)
  #2  0x005bcec0 vfio_realize (qemu-system-x86_64 + 0x1bcec0)
  #3  0x0079b423 pci_qdev_realize (qemu-system-x86_64 + 0x39b423)
  #4  0x006facda device_set_realized (qemu-system-x86_64 + 0x2facda)
  #5  0x00887e57 property_set_bool (qemu-system-x86_64 + 0x487e57)
  #6  0x0088ac48 object_property_set (qemu-system-x86_64 + 0x48ac48)
  #7  0x0088d1d2 object_property_set_qobject (qemu-system-x86_64 + 
0x48d1d2)
  #8  0x0088b1f7 object_property_set_bool (qemu-system-x86_64 + 
0x48b1f7)
  #9  0x00693785 qdev_device_add (qemu-system-x86_64 + 0x293785)
  #10 0x0061aad0 device_init_func (qemu-system-x86_64 + 0x21aad0)
  #11 0x0098c87b qemu_opts_foreach (qemu-system-x86_64 + 0x58c87b)
  #12 0x006211cb qemu_init (qemu-system-x86_64 + 0x2211cb)
  #13 0x005002aa main (qemu-system-x86_64 + 0x1002aa)
  #14 0x7fce8af21152 __libc_start_main (libc.so.6 + 0x28152)
  #15 0x0050087e _start (qemu-system-x86_64 + 0x10087e)

  The whole running command is pretty long, since I use libvirt to
  manage my machines:

  LC_ALL=C \
  PATH=/usr/local/sbin:/usr/local/bin:/usr/bin \
  HOME=/var/lib/libvirt/qemu/domain-2-Win10 \
  XDG_DATA_HOME=/var/lib/libvirt/qemu/domain-2-Win10/.local/share \
  XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain-2-Win10/.cache \
  XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain-2-Win10/.config \
  QEMU_AUDIO_DRV=spice \
  /usr/bin/qemu-system-x86_64 \
  -name guest=Win10,debug-threads=on \
  -S \
  -blockdev 
'{"driver":"file","filename":"/usr/share/edk2-ovmf/x64/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
 \
  -blockdev 
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
 \
  -blockdev 
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/Win10_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}'
 \
  -blockdev 
'{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}'
 \
  -machine 
pc-q35-5.1,accel=kvm,usb=off,vmport=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format
 \
  -cpu host,migratable=on,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff \
  -m 8192 \
  -overcommit mem-lock=off \
  -smp 2,sockets=2,cores=1,threads=1 \
  -uuid 7043c77b-4903-4527-8089-9679d9a17fee \
  -no-user-config \
  -nodefaults \
  -chardev stdio,mux=on,id=charmonitor \
  -mon chardev=charmonitor,id=monitor,mode=control \
  -rtc base=localtime,driftfix=slew \
  -global kvm-pit.lost_tick_policy=delay \
  -no-hpet \
  -no-shutdown \
  -global ICH9-LPC.disable_s3=1 \
  -global ICH9-LPC.disable_s4=1 \
  -boot strict=on \
  -device 
pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2
 \
  -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 \
  -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 \
  -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 \
  -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 \
  -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 \
  -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 \
  -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 \
  -blockdev '{"driver":"file","filename":"/home/sergiy/VirtualBox 
VMs/win4games.img","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}'
 \
  -blockdev 
'{"node-name":"libvirt-2-format","read-only":false,"driver":"raw","file":"libvirt-2-storage"}'
 \
  -device ide-hd,bus=ide.0,drive=libvirt-2-format,id=sata0-0-0,bootindex=1 \
  -blockdev 
'{"driver":"file","filename":"/home/sergiy/Downloads/Win10_2004_Ukrainian_x64.iso","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}'
 \
  -blockdev 
'{"node-name":"libvirt-1-format","read-only":true,"driver":"raw","file":"libvirt-1-storage"}'
 \
  -device ide-cd,bus=ide.1,drive=libvirt-1-format,id=sata0-0-1 \
  -chardev pty,id=charserial0 \
  -device 

[Bug 1869006] Re: PCIe cards passthrough to TCG guest works on 2GB of guest memory but fails on 4GB (vfio_dma_map invalid arg)

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1869006

Title:
  PCIe cards passthrough to TCG guest works on 2GB of guest memory but
  fails on 4GB (vfio_dma_map invalid arg)

Status in QEMU:
  Expired

Bug description:
  During one meeting coworker asked "did someone tried to passthrough
  PCIe card to other arch guest?" and I decided to check it.

  Plugged SATA and USB3 controllers into spare slots on mainboard and
  started playing. On 1GB VM instance it worked (both cold- and hot-
  plugged). On 4GB one it did not:

  Błąd podczas uruchamiania domeny: internal error: process exited while 
connecting to monitor: 2020-03-25T13:43:39.107524Z qemu-system-aarch64: -device 
vfio-pci,host=:29:00.0,id=hostdev0,bus=pci.3,addr=0x0: VFIO_MAP_DMA: -22
  2020-03-25T13:43:39.107560Z qemu-system-aarch64: -device 
vfio-pci,host=:29:00.0,id=hostdev0,bus=pci.3,addr=0x0: vfio :29:00.0: 
failed to setup container for group 28: memory listener initialization failed: 
Region mach-virt.ram: vfio_dma_map(0x563169753c80, 0x4000, 0x1, 
0x7fb2a3e0) = -22 (Invalid argument)

  Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in 
cb_wrapper
  callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmpcb
  callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 
66, in newfn
  ret = fn(self, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/domain.py", line 1279, in 
startup
  self._backend.create()
File "/usr/lib64/python3.8/site-packages/libvirt.py", line 1234, in create
  if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
  libvirt.libvirtError: internal error: process exited while connecting to 
monitor: 2020-03-25T13:43:39.107524Z qemu-system-aarch64: -device 
vfio-pci,host=:29:00.0,id=hostdev0,bus=pci.3,addr=0x0: VFIO_MAP_DMA: -22
  2020-03-25T13:43:39.107560Z qemu-system-aarch64: -device 
vfio-pci,host=:29:00.0,id=hostdev0,bus=pci.3,addr=0x0: vfio :29:00.0: 
failed to setup container for group 28: memory listener initialization failed: 
Region mach-virt.ram: vfio_dma_map(0x563169753c80, 0x4000, 0x1, 
0x7fb2a3e0) = -22 (Invalid argument)

  
  I played with memory and 3054 MB is maximum value possible to boot VM with 
coldplugged host PCIe cards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1869006/+subscriptions

[Bug 1902306] Re: Allow setting usb storage device ID parameters

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1902306

Title:
  Allow setting usb storage device ID parameters

Status in QEMU:
  Expired

Bug description:
  Some stubborn software requires certain VID/PID/Serial to authenticate
  and refuses to start in emulation. This poses a problem with
  unsupported programs which often require keeping an ancient hardware
  praying that the USB stick will not die before the (often defunct)
  company making it.

  Virtualizing such environment is desired. However, QEMU doesn't allow
  setting VID/PID/Serial/Name of emulated USB devices, but instead uses
  hardcoded values:
  
https://github.com/qemu/qemu/blob/c99fa56b95a72f6debd50a280561895d078ae020/hw/usb
  /dev-storage.c#L95

  This request (including a patch) was already made in 2015 on the list
  but never got any response: https://lists.nongnu.org/archive/html
  /qemu-discuss/2015-07/msg00072.html

  
  WDYT of adding such functionality?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1902306/+subscriptions

[Bug 1873769] Re: SB16 audio playback freezes emulation in Windows 95 guest

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1873769

Title:
  SB16 audio playback freezes emulation in Windows 95 guest

Status in QEMU:
  Expired

Bug description:
  - QEMU 4.2.93 (v5.0.0-rc3) built from latest git master
  20038cd7a8412feeb49c01f6ede89e36c8995472 using MSYS2 on Windows 10 and
  launched on same Windows 10

  - Launched using "qemu-system-i386.exe -drive format=raw,file=hdd-
  2gb.img -soundhw pcspk,sb16 -m 16 -cpu pentium -vga std -cdrom
  Windows_95.iso -boot c"

  - I have attached video screen capture of the issue

  ---

  I decided to make my first ever QEMU build after encountering the
  dsound issues using the latest 4.2.0 binary from
  https://qemu.weilnetz.de/w64/. In my 5.0.0-rc3 build the sound
  playback is working correctly, however the whole Windows 95 UI freezes
  while sound is playing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1873769/+subscriptions

[Bug 1878501] Re: qemu-i386 does not define AT_SYSINFO

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878501

Title:
  qemu-i386 does not define AT_SYSINFO

Status in QEMU:
  Expired

Bug description:
  qemu-i386 does not define the AT_SYSINFO auxval when running i386
  Linux binaries.

  On most libcs, this is properly handled, but this is mandatory for the
  i686 Bionic (Android) libc or it will segfault.

  This is due to a blind assumption that getauxval(AT_SYSINFO) will
  return a valid function pointer:

  The code varies from version to version, but it looks like this:

  void *__libc_sysinfo;
  // mangled as _Z19__libc_init_sysinfov
  void __libc_init_sysinfo() {
bool dummy;
// __bionic_getauxval = getauxval
__libc_sysinfo = reinterpret_cast(__bionic_getauxval(AT_SYSINFO, 
dummy));
  }

  A simple way to reproduce is to compile a basic C program against the
  NDK:

  int main(void) { return 0; }

  $ i686-linux-android-clang -static empty.c -o empty
  $ qemu-i386 -cpu max ./empty
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault

  The place where it segfaults is misleading: It will, at least on the
  current NDK, crash on __set_thread_area, this is due to it calling a
  function pointer to __libc_sysinfo returned by __kernel_syscall.

  QEMU 4.1.1 (aarch64)
  Pixel 2 XL via Termux

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1878501/+subscriptions

[Bug 1904490] Re: intel-hda: valid registers are unknown

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904490

Title:
  intel-hda: valid registers are unknown

Status in QEMU:
  Expired

Bug description:
  According to HDA specification, "3.1.2 General Register Behaviors and
  Access Requirements":

  "All controller registers must be addressable as byte, Word, and Dword
  quantities."

  But e.g. if you try the following to reset and enable the CORB,
  assuming es:esi contains the base MMIO address of the controller,

   es or [esi+4bh], byte 80h   ; reset CORB
  corbresetloop:
   es test [esi+4bh], byte 80h ; is HW done resetting yet?
   jnz corbreset1ok; yes, bit is now 1
   hlt ; wait a little bit
   jmp corbresetloop   ; and check again
  corbreset1ok:
   es and [esi+4bh], byte 7fh  ; clear the bit

  It will hang indefinitely because the bit never gets set, and if you
  enable debug output of the controller with "-device intel-
  hda,debug=1", you will see infinitely the line "unknown register, addr
  0x4b" output. The same code on a real hardware (I tried with ICH7M)
  works fine, as it should according to the spec.

  Host/guest/version does not matter (I am writing own drivers) --- as
  of right now, latest version still has this code:

  https://github.com/qemu/qemu/blob/master/hw/audio/intel-hda.c

  which seems to emit "unknown register" message in
  intel_hda_reg_find(), and this function does not take into account
  range of addresses that each register occupies.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904490/+subscriptions

[Bug 1904317] Re: cpu feature selection is not affected to guest 's cpuid with whpx

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904317

Title:
  cpu feature selection is not affected to guest 's cpuid with whpx

Status in QEMU:
  Expired

Bug description:
  On windows with -accel whpx, "-cpu" is ignored without any messages.
  Guest recognizes features as same as host's.

  Confirmed on v5.2.0-rc1.

  I suggest qemu may do,

  - Warn with incompatible -cpu options were given.
  - Enhance cpuid handling.

  Background:
  I was investigated mmio and block copy issue in Linux kernel.
  I met a problem that Linux went ill for touching mmio with whpx. (not with 
tcg)
  I suspect erms(enhanced rep movs) might trigger.
  I tried to mask erms on qemu with -feature,erms, but it was ineffective.

  At last, I disabled erms manually, to tweak whpx-all.c to mask erms in
  cpuid.

  FYI, qemu with whpx from/to mmio, "rep movsb" does byte access regardless of 
erms.
  Linux kernel tends to choose not "rep movsq" but "rep movsb" with erms.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904317/+subscriptions

[Bug 1904315] Re: CTRL+ALT is ignored on gtk window (configured with gtk and sdl)

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904315

Title:
  CTRL+ALT is ignored on gtk window (configured with gtk and sdl)

Status in QEMU:
  Expired

Bug description:
  I am building and using qemu on Windows 10 via git.
  Building for targeting windows, on debian.

  Since meson is introduced, my executable, qemu-system-x86_64.exe, tends to 
ignore hotkeys
  (like CTRL+ATL+G, CTRL+ALT+2)

  As far as I have been investigating the issue, I am suspicious that gtk and 
sdl might be incompatible.
  With configure --disable-sdl, my executable works fine.
  My application doesn't require sdl.

  Possibly due to link order, especially SDLmain, I guess.

  I suggest;
  - Clarify that gtk and sdl are incompatible.
  - Tweak built script or startup not to prevent gtk and sdl each other.

  Excuse me, the issue has not been reproduced at home yet. I met it at work.
  (My manager said it's fine to report issues by me at home)
  I will construct reproducible environment at home, if my further 
investigation would be required.

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904315/+subscriptions

[Bug 1906181] Re: Mouse starts jumping wildly on guest desktop

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906181

Title:
  Mouse starts jumping wildly on guest desktop

Status in QEMU:
  Expired

Bug description:
  Sometimes mouse goes completely crazy and starts jumping around the
  guest desktop by itself and becomes completely unusable.

  This does not happen on every boot, only sometimes. It may be caused
  by some input combination but I haven't yet found any specific cause.
  It happens soon after the desktop has been loaded and rebooting seems
  to be the only way to resolve the situation.

  
  Guest: Kubuntu 20.04 64-bit (live), with KDE desktop
  Host: Arch Linux, with KDE desktop
  QEMU version: 5.1.0

  QEMU start command:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga virtio -soundhw hda 
-display sdl,gl=on

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906181/+subscriptions

[Bug 1874888] Re: certain programs make QEMU crash with "tcg fatal error"

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1874888

Title:
  certain programs make QEMU crash with "tcg fatal error"

Status in QEMU:
  Expired

Bug description:
  The following code snippet crashes qemu with

  .../tcg/tcg.c:3279: tcg fatal error
  qemu-x86_64: 
/usr/local/google/home/kostik/qemu-5.0.0-rc4/accel/tcg/cpu-exec.c:701: int 
cpu_exec(CPUState *): Assertion `!have_mmap_lock()' failed.

  
  int main() {
/*
   <.data>:
 0:   2e 45 71 ff cs rex.RB jno 0x3
 4:   e9 00 00 f0 00  jmp0xf9
 9:   c4 42 7d 31 3e  vpmovzxbd ymm15,QWORD PTR [r14]
 e:   c4 a3 7d 08 64 82 44vroundps ymm4,YMMWORD PTR [rdx+r8*4+0x44],0x0
15:   00 
16:   0f 1e 0anopDWORD PTR [rdx]
19:   43 0f ec 20 rex.XB paddsb mm4,QWORD PTR [r8]
1d:   66 47 0f 3a 0c 3d 00rex.RXB blendps xmm15,XMMWORD PTR 
[rip+0x8000],0x0# 0x8028
24:   80 00 00 00 
28:   c4 e3 f9 df 5f 86 0dvaeskeygenassist xmm3,XMMWORD PTR 
[rdi-0x7a],0xd
2f:   c4 e2 55 92 74 fc 0avgatherdps ymm6,DWORD PTR 
[rsp+ymm7*8+0xa],ymm5
36:   c4 e2 f9 17 9a 01 00vptest xmm3,XMMWORD PTR [rdx+0x1]
3d:   00 00 
  */
char buf[] = {
  0x2E, 0x45, 0x71, 0xFF, 0xE9, 0x00, 0x00, 0xF0, 0x00, 0xC4, 0x42, 0x7D, 
0x31, 0x3E, 0xC4, 0xA3, 0x7D, 0x08, 0x64, 0x82, 0x44, 0x00, 0x0F, 0x1E, 0x0A, 
0x43, 0x0F, 0xEC, 0x20, 0x66, 0x47, 0x0F, 0x3A, 0x0C, 0x3D, 0x00, 0x80, 0x00, 
0x00, 0x00, 0xC4, 0xE3, 0xF9, 0xDF, 0x5F, 0x86, 0x0D, 0xC4, 0xE2, 0x55, 0x92, 
0x74, 0xFC, 0x0A, 0xC4, 0xE2, 0xF9, 0x17, 0x9A, 0x01, 0x00, 0x00, 0x00
};
void (*f)(void) = (void (*) (void))buf;
f();
return 0;
  }
  
  Steps to reproduce:
  1) clang -static repro.c -o repro
  2) qemu-x86_64-static repro

  Tested with 4.2.0 and 5.0.0-rc4. Both -user and -system variants are
  affected.

  A few more snippets that cause the same sort of behavior:
  1) 0x64, 0x46, 0x7D, 0xFF, 0xDF, 0x27, 0x46, 0x0F, 0xD4, 0x83, 0x5E, 0x00, 
0x00, 0x00, 0x3E, 0x0F, 0x6A, 0xEF, 0x0F, 0x05, 0xC4, 0x42, 0xFD, 0x1E, 0xCF, 
0x46, 0x18, 0xE3, 0x47, 0xCD, 0x4E, 0x6E, 0x0F, 0x0F, 0x16, 0x8A

  2) 0x67, 0x45, 0xDB, 0xD0, 0xAA, 0xC4, 0xE2, 0xB1, 0x01, 0x57, 0x00,
  0xF3, 0x6F, 0xF3, 0x42, 0x0F, 0x1E, 0xFD, 0x64, 0x2E, 0xF2, 0x45,
  0xD9, 0xC4, 0x3E, 0xF3, 0x0F, 0xAE, 0xF4, 0x3E, 0x47, 0x0F, 0x1C,
  0x22, 0x42, 0x73, 0xFF, 0xD9, 0xFD

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1874888/+subscriptions

[Bug 1906184] Re: Lots of stuttering/crackling in guest sound

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906184

Title:
  Lots of stuttering/crackling in guest sound

Status in QEMU:
  Expired

Bug description:
  When listening to music (e.g. with VLC) or watching Youtube on the
  guest, there's lots of stuttering and crackling in the sound.

  
  Tested with the following QEMU start commands:

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga virtio -soundhw
  hda -display sdl,gl=on

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda
  -display sdl

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda
  -display gtk

  
  If I use the following command (QXL graphics, "remote" access via SPICE over 
unix socket), stuttering is not completely gone but MUCH less annoying:

  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom
  ./linux/kubuntu-20.04-desktop-amd64.iso -boot d -soundhw hda -vga qxl
  -device virtio-serial-pci -device
  virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev
  spicevmc,id=spicechannel0,name=vdagent -spice
  unix,addr=/tmp/vm_spice.socket,disable-ticketing

  and this command for accessing the VM:
  remote-viewer spice+unix:///tmp/vm_spice.socket 


  Guest: Kubuntu 20.04 64-bit (live), but occurs with many other as well
  Host: Arch Linux, with KDE desktop
  CPU: Intel Xeon E3-1230v2 (4 cores + hyperthreading)
  RAM: 16 GB
  GPU: Nvidia GTX 980 Ti

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906184/+subscriptions

[Bug 1905226] Re: intel-hda: stream reset bits are broken

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1905226

Title:
  intel-hda: stream reset bits are broken

Status in QEMU:
  Expired

Bug description:
  From HD audio spec, section 3.3.35:

  "Stream Reset (SRST): Writing a 1 causes the corresponding stream to
  be reset. [...] After the stream hardware has completed sequencing
  into the reset state, it will report a 1 in this bit. Software must
  read a 1 from this bit to verify that the stream is in reset. Writing
  a 0 causes the corresponding stream to exit reset. When the stream
  hardware is ready to begin operation, it will report a 0 in this bit.
  Software must read a 0 from this bit before accessing any of the
  stream registers."

  So to reset a stream I set the bit, but it never reads back as 1 so
  the driver either times out or will hang forever waiting for it to
  become 1. I looked into why this happens and found that as of the
  latest version (8110fa1), in function intel_hda_set_st_ctl() of the
  https://github.com/qemu/qemu/blob/master/hw/audio/intel-hda.c,

  if (st->ctl & 0x01) {
  /* reset */
  dprint(d, 1, "st #%d: reset\n", reg->stream);
  st->ctl = SD_STS_FIFO_READY << 24;
  }

  This causes the bit to immediately become set to 0 even if I write a
  1, and clearly does not meet the spec. I checked behaviour of real
  hardware and it works as expected, i.e. I see the bit will become 1
  and 0 when I write to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1905226/+subscriptions

[Bug 1904652] Re: Assertion failure in usb-ohci

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904652

Title:
  Assertion failure in usb-ohci

Status in QEMU:
  Expired

Bug description:
  Hello,

  Using hypervisor fuzzer, hyfuzz, I found an assertion failure through
  usb-ohci.

  A malicious guest user/process could use this flaw to abort the QEMU
  process on the host, resulting in a denial of service.

  This was found in version 5.2.0 (master)

  

  ```

  Program terminated with signal SIGABRT, Aborted.

  #0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
  51  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
  [Current thread is 1 (Thread 0x7f34d0411440 (LWP 9418))]
  gdb-peda$ bt
  #0  0x7f34c8d4ef47 in __GI_raise (sig=sig@entry=0x6) at 
../sysdeps/unix/sysv/linux/raise.c:51
  #1  0x7f34c8d508b1 in __GI_abort () at abort.c:79
  #2  0x55d3a2081844 in ohci_frame_boundary (opaque=0x55d3a4ecdaf0) at 
../hw/usb/hcd-ohci.c:1297
  #3  0x55d3a25be155 in timerlist_run_timers (timer_list=0x55d3a3fd9840) at 
../util/qemu-timer.c:574
  #4  0x55d3a25beaba in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at 
../util/qemu-timer.c:588
  #5  0x55d3a25beaba in qemu_clock_run_all_timers () at 
../util/qemu-timer.c:670
  #6  0x55d3a25e69a1 in main_loop_wait (nonblocking=) at 
../util/main-loop.c:531
  #7  0x55d3a2433972 in qemu_main_loop () at ../softmmu/vl.c:1678
  #8  0x55d3a1d0969b in main (argc=, argc@entry=0x15, 
argv=,
  argv@entry=0x7ffc6de722a8, envp=) at ../softmmu/main.c:50
  #9  0x7f34c8d31b97 in __libc_start_main (main=
  0x55d3a1d09690 , argc=0x15, argv=0x7ffc6de722a8, init=, fini=, rtld_fini=, 
stack_end=0x7ffc6de72298) at ../csu/libc-start.c:310
  #10 0x55d3a1d095aa in _start ()
  ```

  To reproduce the assertion failure, please run the QEMU with the
  following command line.

  ```
  [Terminal 1]

  $ qemu-system-i386 -m 512 -drive
  file=./fs.img,index=1,media=disk,format=raw -drive
  file=./hyfuzz.img,index=0,media=disk,format=raw -drive
  if=none,id=stick,file=./usbdisk.img,format=raw -device pci-ohci,id=usb
  -device usb-storage,bus=usb.0,drive=stick

  [Terminal 2]

  $ ./repro_log ./fs.img ./pci-ohci

  ```

  Please let me know if I can provide any further info.
  -Cheolwoo, Myung (Seoul National University)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904652/+subscriptions

[Bug 1906185] Re: Guest display resolution cannot be changed when using certain graphics/interface combinations

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906185

Title:
  Guest display resolution cannot be changed when using certain
  graphics/interface combinations

Status in QEMU:
  Expired

Bug description:
  Guest display resolution cannot be changed with certain virtual
  graphics card (-vga) and interface (-display) combinations.

  For example, resolution changing doesn't work with the following QEMU
  start commands, it resets to the default resolution immediately:

  QXL with SDL interface:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda -display 
sdl

  QXL with GTK interface:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -vga qxl -soundhw hda -display 
gtk

  QXL with "remote" SPICE interface via unix socket:
  qemu-system-x86_64 -enable-kvm -m 6G -cpu host -smp 3 -cdrom 
./linux/kubuntu-20.04-desktop-amd64.iso -boot d -soundhw hda -vga qxl -device 
virtio-serial-pci -device 
virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev 
spicevmc,id=spicechannel0,name=vdagent -spice 
unix,addr=/tmp/vm_spice.socket,disable-ticketing

  for "remote" access:
  remote-viewer spice+unix:///tmp/vm_spice.socket


  Other tested combinations:
  -- virtio + SDL (GL on): works!
  -- virtio + GTK (GL on): does not work properly. The resolution is changed 
but window size is not so the guest screen will look like garbage.
  -- vmware: The initial Kubuntu setup screen is visible but booting does not 
progress to the desktop
  -- std + GTK: works!
  -- std + SDL: works!

  
  QEMU version: 5.1.0
  Guest: Kubuntu 20.04 64-bit (live) with 5.4.0-26 kernel; may occur with other 
guests as well
  Host: Arch Linux, with KDE desktop

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906185/+subscriptions

[Bug 1905297] Re: Zynq7000 UART clock reset initialization

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1905297

Title:
  Zynq7000 UART clock reset initialization

Status in QEMU:
  Expired

Bug description:
  Hello,

  we have come across a strange behavior in the Zynq7000 model of Qemu
  that seems to have been  introduced between 5.0.0 and 5.1.0.

  
  The reset values of the SLCR register, in particular those for UART_CLK_CTRL, 
are such that
  the UARTs should find functional clocks. Up to 5.0.0 this was also the 
behavior that was
  implemented in QEMU.

  Starting in 5.1.0, we found that - despite correct reset values [1] - the 
UARTs are non-functional
  upon reset. Some investigation revealed that the cause for that is that the 
corresponding
  clocks are not properly initialized.

  Between 5.0.0 and 5.1.0, there are three commits  that touch the Zynq
  UART clocks [2]. The last of them [3] triggers the faulty behavior.

  Attached is a patch that applies 5.2.0-rc2 and yields a functional UART. We 
surmise that the
  underlying device release issue runs much deeper, so it is only meant to 
identify the issue.


  [1] hw/misc/zynq_slcr.c
static void zynq_slcr_reset_init(Object *obj, ResetType type)
 s->regs[R_UART_CLK_CTRL]  = 0x3F03;
  [2] 38867cb7ec90..5b49a34c6800
  [3] commit 5b49a34c6800d0cb917f959d8e75e5775f0fac3f (refs/bisect/bad)
Author: Damien Hedde 
Date:   Mon Apr 6 15:52:50 2020 +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1905297/+subscriptions

[Bug 1907061] Re: qemu-system-x86_64 minimizing window causes keyboard input lag globally

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907061

Title:
  qemu-system-x86_64 minimizing window causes keyboard input lag
  globally

Status in QEMU:
  Expired

Bug description:
  After qemu window is minimized, it causes keyboard lag on the host for all 
applications, pressed keys will be delayed and very laggy, typing to notepad or 
any other text extremely slowly appear on the screen, queue is slowly processed.
  If qemu window is open back to normal size, keyboard is back to normal, 
everything is back to normal and stable, this behavior i have been testing 
since several months of qemu releases, i am reporting a bit late here, not 
breaking but it seems important and everytime i accidently minimize qemu, i 
remember it later and take qemu window to normal size back always, i try never 
minimize it anymore.
  This problem does not occur if using -display none
  Guest OS doesn't matter for this behavior, result is always same
  I am using:
  qemu 5.1.0.0
  qemu-system-x86_64w.exe
  Windows 10 build 2004
  4K screen dpi scaling set to 150%

  If requested, i can record a video to see the problem clearly, but i
  think all information i give already clear now.

  Thanks for making quality software, hope all bugs fixed

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907061/+subscriptions

[Bug 1905562] Re: Guest seems suspended after host freed memory for it using oom-killer

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1905562

Title:
  Guest seems suspended after host freed memory for it using oom-killer

Status in QEMU:
  Expired

Bug description:
  Host: qemu 5.1.0, linux 5.5.13
  Guest: Windows 7 64-bit

  This guest ran a memory intensive process, and triggered oom-killer on
  host.  Luckily, it killed chromium.  My understanding is this should
  mean qemu should have continued running unharmed.  But, the spice
  connection shows the host system clock is stuck at the exact time oom-
  killer was triggered.  The host is completely unresponsive.

  I can telnet to the qemu monitor.  "info status" shows "running".
  But, multiple times running "info registers -a" and saving the output
  to text files shows the registers are 100% unchanged, so it's not
  really running.

  On the host, top shows around 4% CPU usage by qemu.  strace shows
  about 1,000 times a second, these 6 lines repeat:

  0.000698 ioctl(18, KVM_IRQ_LINE_STATUS, 0x7fff1f030c10) = 0 <0.10>
  0.34 ioctl(18, KVM_IRQ_LINE_STATUS, 0x7fff1f030c60) = 0 <0.09>
  0.31 ioctl(18, KVM_IRQ_LINE_STATUS, 0x7fff1f030c20) = 0 <0.07>
  0.28 ioctl(18, KVM_IRQ_LINE_STATUS, 0x7fff1f030c70) = 0 <0.07>
  0.30 ppoll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, 
events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=11, events
 =POLLIN}, {fd=16, events=POLLIN}, {fd=32, events=POLLIN}, {fd=34, 
events=POLLIN}, {fd=39, events=POLLIN}, {fd=40, events=POLLIN}, {fd=41, 
events=POLLI N}, {fd=42, events=POLLIN}, {fd=43, events=POLLIN}, 
{fd=44, events=POLLIN}, {fd=45, events=POLLIN}], 16, {tv_sec=0, tv_nsec=0}, 
NULL, 8) = 0 (Timeout)  <0.09>
  0.43 ppoll([{fd=4, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, 
events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=11, events
 =POLLIN}, {fd=16, events=POLLIN}, {fd=32, events=POLLIN}, {fd=34, 
events=POLLIN}, {fd=39, events=POLLIN}, {fd=40, events=POLLIN}, {fd=41, 
events=POLLI N}, {fd=42, events=POLLIN}, {fd=43, events=POLLIN}, 
{fd=44, events=POLLIN}, {fd=45, events=POLLIN}], 16, {tv_sec=0, 
tv_nsec=769662}, NULL, 8) = 0 (Tim eout) <0.000788>

  In the monitor, "info irq" shows IRQ 0 is increasing about 1,000 times
  a second.  IRQ 0 seems to be for the system clock, and 1,000 times a
  second seems to be the frequency a windows 7 guest might have the
  clock at.

  Those fd's are for: (9) [eventfd]; [signalfd], type=STREAM, 4 x the
  spice socket file, and "TCP localhost:ftnmtp->localhost:36566
  (ESTABLISHED)".

  Because the guest's registers aren't changing, it seems to me like
  monitor thinks the VM is running, but it's actually effectively in a
  paused state.  I think all the strace activity shown above must be
  generated by the host.  Perhaps it's repeatedly trying to contact the
  guest to inject a new clock, and communicate with it on the various
  eventfd's, spice socket, etc.  So, I'm thinking the strace doesn't
  give any information about the real reason why the VM is acting as if
  it's paused.

  I've checked "info block", and there's nothing showing that a device
  is paused, or that there's any issues with them.  (Can't remember what
  term can be there, but a paused/blocked/etc block device I think
  caused a VM to act like this for me in the past.)

  
  Is there something I can provide to help fix the bug here?

  Is there something I can do, to try to get the VM running again?  (I
  sadly have unsaved work in it.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1905562/+subscriptions

[Bug 1906516] Re: [RISCV] sfence.vma need to end the translation block

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906516

Title:
  [RISCV] sfence.vma need to end the translation block

Status in QEMU:
  Expired

Bug description:
  QEMU emulator version 5.0.0

  sfence.vma will flush the tlb, so after this instruction, the translation 
block should be end. The following code will only work in single step mode:
  ```
  relocate:
   li a0, OFFSET

   la t0, 1f
   add t0, t0, a0
   csrw stvec, t0

  la t0, early_pgtbl
   srl t0, t0, PAGE_SHIFT
   li t1, SATP_SV39
   or t0, t1, t0

  csrw satp, t0
  1:
   sfence.vma
   la t0, trap_s
   csrw stvec, t0
   ret
  ```

  In this code, I want to relocate pc to virtual address with the OFFSET
  prefix. Before writing to satp, pc run at physic address, stvec has
  been set to label 1 with a virtual prefix and virtual address has been
  mapping in early_pgtbl, after writing satp, qemu will throw a page
  fault, and pc will set to virtual address of label 1.

  The problem is that, in this situation, the translation block will not
  end after sfence.vma, and stvec will be set to trap_s,

  ```
  
  IN:
  Priv: 1; Virt: 0
  0x80dc:  00a080b3  add ra,ra,a0
  0x80e0:  7297  auipc   t0,28672# 
0x800070e0
  0x80e4:  f2028293  addit0,t0,-224
  0x80e8:  00c2d293  srlit0,t0,12
  0x80ec:  fff0031b  addiw   t1,zero,-1
  0x80f0:  03f31313  sllit1,t1,63
  0x80f4:  005362b3  or  t0,t1,t0
  0x80f8:  18029073  csrrw   zero,satp,t0

  
  IN:
  Priv: 1; Virt: 0
  0x80fc:  1273  sfence.vma  zero,zero
  0x8100:  0297  auipc   t0,0# 
0x8100
  0x8104:  1c828293  addit0,t0,456
  0x8108:  10529073  csrrw   zero,stvec,t0

  riscv_raise_exception: 12
  riscv_raise_exception: 12
  riscv_raise_exception: 12
  riscv_raise_exception: 12
  ...
  ```

  So, the program will crash, and the program will work in single step mode:
  ```
  
  IN:
  Priv: 1; Virt: 0
  0x80f8:  18029073  csrrw   zero,satp,t0

  
  IN:
  Priv: 1; Virt: 0
  0x80fc:  1273  sfence.vma  zero,zero

  riscv_raise_exception: 12
  
  IN:
  Priv: 1; Virt: 0
  0x80fc:  1273  sfence.vma  zero,zero

  
  IN:
  Priv: 1; Virt: 0
  0x8100:  0297  auipc   t0,0# 
0x8100

  ```
  The pc will set to label 1, instead of trap_s.

  I try to patch the code in fence.i in trans_rvi.inc.c to sfence.vma:
  ```
  tcg_gen_movi_tl(cpu_pc, ctx->pc_succ_insn);
  exit_tb(ctx);
  ctx->base.is_jmp = DISAS_NORETURN;
  ```
  This codes can help to end the tranlate block, since I'm not a qemu guy, I'm 
not sure if this is a corret method.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906516/+subscriptions

[Bug 1907926] Re: Implement TPM2 configuration for emulators that provide TCP interface

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907926

Title:
  Implement TPM2 configuration for emulators that provide TCP interface

Status in QEMU:
  Expired

Bug description:
  swtpm provides several interfaces for its emulated device: unix socket
  (can be used by qemu), chardev. swtpm also provides TCP interface for
  the device which is very convenient for testing as it does not require
  root permissions.

  It would be very useful to have QEMU to work with TPM devices emulated
  via TCP.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907926/+subscriptions

[Bug 1907210] Re: QEMU gdbstub command "?" issue

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907210

Title:
  QEMU gdbstub command "?" issue

Status in QEMU:
  Expired

Bug description:
  I am using some third party GDB client, and I have noticed that every time 
"?" command is send from the client, QEMU gdbstub removes all break points. 
This behaviour is not expected since "?" command should only return stop reason.
  Here is documentation from official gdb:
  ‘?’ Indicate the reason the target halted. The reply is the same as for step 
and
  continue. This packet has a special interpretation when the target is in 
non-stop
  mode; see Section E.10 [Remote Non-Stop], page 733.
  Reply: See Section E.3 [Stop Reply Packets], page 693, for the reply 
specifications.

  With some help on the irc, we have been able to pin point the failure 
point(in attachement file gdbstub.c).
  Function that handles "?" command has this comment in it:
  /*
   * Remove all the breakpoints when this query is issued,
   * because gdb is doing an initial connect and the state
   * should be cleaned up.
   */
  From which it is clear that developer that wrote that code assumed, that 
because most popular gdb client only uses "?" command at initial connect, it is 
safe to also remove all BPs.
  In my opinion initial connect should be detected in some other way, and not 
with "?" command.
  Also note that official gdbserver does not remove the BPs when this command 
is send, this issue is present in QEMU and apparently also on kgdb(I was told 
that on irc, have not tested it myself)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907210/+subscriptions

[Bug 1905651] Re: Tests cannot call g_error

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1905651

Title:
  Tests cannot call g_error

Status in QEMU:
  Expired

Bug description:
  I stumbled on this writing a new test, using tests/qtest/e1000e-test.c
  as a template.

  g_error() causes SIGTRAP, not SIGABRT, and thus the abort handler doesn't get 
run.
  This in turn means qemu is not killed, which hangs the test because the 
tap-driver.pl script hangs waiting for more input.
  There are a few tests that call g_error().

  The SIGABRT handler explicitly kills qemu, e.g.:

  qos-test.c:
  qtest_add_abrt_handler(kill_qemu_hook_func, s);

  ref:
  
https://git.qemu.org/?p=qemu.git;a=blob;f=tests/qtest/libqtest.c;h=e49f3a1e45f4cd96279241fdb2bbe231029ab922;hb=HEAD#l272

  But not unexpectedly there's no such handler for SIGTRAP.

  Apply this patch to trigger a repro:

  diff --git a/tests/qtest/e1000e-test.c b/tests/qtest/e1000e-test.c
  index fc226fdfeb..e83ace1b5c 100644
  --- a/tests/qtest/e1000e-test.c
  +++ b/tests/qtest/e1000e-test.c
  @@ -87,6 +87,9 @@ static void e1000e_send_verify(QE1000E *d, int 
*test_sockets, QGuestAllocator *a
   /* Wait for TX WB interrupt */
   e1000e_wait_isr(d, E1000E_TX0_MSG_ID);

  +g_message("Test g_error hang ...");
  +g_error("Pretend something timed out");
  +
   /* Check DD bit */
   g_assert_cmphex(le32_to_cpu(descr.upper.data) & dsta_dd, ==, dsta_dd);

  Then:

  configure
  make
  make check-qtest-i386

  check-qtest-i386 will take awhile. To repro faster:

  $ grep qtest-i386/qos-test Makefile.mtest
  .test.name.229 := qtest-i386/qos-test
  $ make run-test-229
  Running test qtest-i386/qos-test
  ** Message: 18:40:49.821: Test g_error hang ...

  ** (tests/qtest/qos-test:3820728): ERROR **: 18:40:49.821: Pretend something 
timed out
  ERROR qtest-i386/qos-test - Bail out! FATAL-ERROR: Pretend something timed out

  At this point things are hung because tap-driver.pl is still waiting
  for input because qemu is still running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1905651/+subscriptions

[Bug 1906536] Re: Unable to set SVE VL to 1024 bits or above since 7b6a2198

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906536

Title:
  Unable to set SVE VL to 1024 bits or above since 7b6a2198

Status in QEMU:
  Expired

Bug description:
  Prior to 7b6a2198e71794c851f39ac7a92d39692c786820, the QEMU option
  sve-max-vq could be used to set the vector length of the
  implementation. This is useful (among other reasons) for testing
  software compiled with a fixed SVE vector length. Since this commit,
  the vector length is capped at 512 bits.

  To reproduce the issue:

  $ cat rdvl.s
  .global _start
  _start:
rdvl x0, #1
asr x0, x0, #4
mov x8, #93 // exit
svc #0
  $ aarch64-linux-gnu-as -march=armv8.2-a+sve rdvl.s -o rdvl.o
  $ aarch64-linux-gnu-ld rdvl.o
  $ for vl in 1 2 4 8 16; do ../build-qemu/aarch64-linux-user/qemu-aarch64 -cpu 
max,sve-max-vq=$vl a.out; echo $?; done
  1
  2
  4
  4
  4

  For a QEMU built prior to the above revision, we get the output:
  1
  2
  4
  8
  16

  as expected. It seems that either the old behavior should be restored,
  or there should be an option to force a higher vector length?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906536/+subscriptions

[Bug 1907776] Re: Mounting VFat drive yields error messages.

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1907776

Title:
  Mounting VFat drive yields error messages.

Status in QEMU:
  Expired

Bug description:
  Mounting a virtual Fat drive results in error messages (see attached
  image).

  * https://www.qemu.org/docs/master/system/images.html#virtual-fat-
  disk-images

  The "drive" is however mounted, and as a test, saving a text file to
  the drive is successfully stored in the directory `/tmp`, which can be
  read after shutdown of Qemu.

  Archlinux 5.9.11-arch2-1 (64-bit)
  qemu-headless 5.1.0-3

  qemu-system-x86_64 -boot order=d -name test \
-enable-kvm -m 2G -cpu host -k sv \
-daemonize \
-drive 
if=pflash,format=raw,readonly,file=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd \
-drive if=pflash,format=raw,file=~/vm/OVMF_VARS.local.fd \
-drive if=ide,format=raw,media=disk,index=1,file=fat:rw:/tmp \
-vnc :1 \
-cdrom /obj/archlinux/release/2020.10.01-x86_64.iso \
-drive format=raw,index=0,media=disk,file=~/vm/qemu.raw

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1907776/+subscriptions

[Bug 1906608] Re: [Feature request]For some ehci controller, qemu should implement using portsc[26-27] to detect the speed of device.

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1906608

Title:
   [Feature request]For some ehci controller, qemu should implement
  using portsc[26-27]  to detect the speed of device.

Status in QEMU:
  Expired

Bug description:
  for some ehci controller ,for example ehci controller on fsl_imx6,it
  using portsc[26-27] to decide a full speed device or high speed device
  was connected, hub-ehci.c should set the portsc[26-27] to return the
  right speed.

  line:1001 in hub-ehci.c
  if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
  val |= PORTSC_PED;
  }

  below is the spec for fsl_imx6 USB PART.
  PORTSC:27–26 :PSPD
  Port Speed - Read Only.
  This register field indicates the speed at which the port is operating.
  00 Full Speed
  01 Low Speed
  10 High Speed
  11 Undefined

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1906608/+subscriptions

[Bug 1741718] Re: qemu-system-sparc64: "panic[cpu0]/thread=180e000: lgrp_traverse: No memory blocks found" with tribblix-sparc-0m16.iso

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1741718

Title:
  qemu-system-sparc64: "panic[cpu0]/thread=180e000: lgrp_traverse: No
  memory blocks found" with tribblix-sparc-0m16.iso

Status in QEMU:
  Expired

Bug description:
  qemu-system-sparc64 Niagara VM running Tribblix crashes with
  "panic[cpu0]/thread=180e000: lgrp_traverse: No memory blocks found" on
  QEMU 2.11.0. Happens also with 1 GB, 4 GB, and 8 GB of RAM.

  $ qemu-system-sparc64 -nographic -M niagara -L 
/home/newman/Downloads/OpenSPARCT1_Arch.1.5/S10image/ -drive 
if=pflash,readonly=on,file=/home/newman/Downloads/tribblix-sparc-0m16.iso -m 
2048
  cpu Probing I/O buses

  
  Sun Fire T2000, No Keyboard
  Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  OpenBoot 4.20.0, 256 MB memory available, Serial #1122867.
  [mo23723 obp4.20.0 #0]
  Ethernet address 0:80:3:de:ad:3, Host ID: 80112233.


  ok boot
  Boot device: vdisk  File and args: 
  hsfs-file-system 
  Loading: /platform/sun4v/boot_archive
  ramdisk-root ufs-file-system 
  Loading: /platform/sun4v/kernel/sparcv9/unix
  \
  panic[cpu0]/thread=180e000: lgrp_traverse: No memory blocks found

  Warning - stack not written to the dumpbuf
  0180b710 unix:lgrp_traverse+120 (fff32000, 10d5f30, 2000, 7efefeff, 
81010100, ff00)
%l0-3: 01876c00  010d6c00 
%l4-7: 80008f000740 80008fc54750 f0254cc4 010dedd0
  0180b800 unix:plat_lgrp_init+14 (4, 180e000, 4, 0, 180b950, 1)
%l0-3: fff32000 fff340e0 fff34590 010d5f28
%l4-7: 0016  0016 0011
  0180b8b0 unix:lgrp_plat_init+74 (0, 0, 0, 180ba08, 180ba00, 91)
%l0-3: 2000 fff34000 01874c00 01874c00
%l4-7:  01874c00 0180b950 010de048
  0180b960 unix:lgrp_init+4 (0, 2000, 70002000, 0, 180c0e8, 0)
%l0-3: 0180e380 0183c678 0180ba08 010d4f90
%l4-7: 010d4fa0 010d1c00 4000 80001070
  0180ba10 unix:mlsetup+2f4 (180bb80, 180bec0, 0, 0, f025496c, 0)
%l0-3: 018ee000 70002000 70002000 0180bad0
%l4-7: 0190c4d8 0001001f56e0  80001070

  
  ERROR: Last Trap: Level 14 Interrupt
  [Exception handlers interrupted, please file a bug]
  [type 'resume' to attempt a normal recovery]

  
  Without "if=pflash" VM hangs:

  $ qemu-system-sparc64 -nographic -M niagara -L 
/home/newman/Downloads/OpenSPARCT1_Arch.1.5/S10image/ -drive 
readonly=on,file=/home/newman/Downloads/tribblix-sparc-0m16.iso -m 4096
  cpu Probing I/O buses

  
  Sun Fire T2000, No Keyboard
  Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  OpenBoot 4.20.0, 256 MB memory available, Serial #1122867.
  [mo23723 obp4.20.0 #0]
  Ethernet address 0:80:3:de:ad:3, Host ID: 80112233.


  ok boot
  Boot device: vdisk  File and args: 
  qemu: fatal: Trap 0x0032 while trap level (6) >= MAXTL (6), Error state
  pc: 0040f01c  npc: 0040f020
  %g0-3:    00970280
  %g4-7: 1000   
  %o0-3:  8ffd6000 8000  
  %o4-7:  00f0 fff55701 f020d78c 
  %l0-3: 0002fd10 7ffe 8000  
  %l4-7: 000b 80008fffa750 f026fbf0 f022a0d8 
  %i0-3: 8000 1000   
  %i4-7:     
  %f00:     
  %f08:     
  %f16:     
  %f24:     
  %f32:     
  %f40:     
  %f48:     
  %f56:     
  pstate: 0014 ccr: 11 (icc: ---C xcc: ---C) asi: 20 tl: 6 pil: d gl: 6
  tbr: f020 hpstate: 0004 htba: 0040
  cansave: 6 canrestore: 0 otherwin: 0 wstate: 0 cleanwin: 7 cwp: 0
  fsr:  y:  fprs: 0004

To manage notifications about this bug go to:

[Bug 1895602] Re: older OS's do not detect CD change

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1895602

Title:
  older OS's do not detect CD change

Status in QEMU:
  Expired

Bug description:
  There are at least two older operating systems, being FreeBSD 2.2 and
  FreeDOS 1.2, that misbehave when the change command is used on the IDE
  CD drive, and work fine on a real machine.  In both cases, changing
  the CD causes the guest to either refuse to read the disc or appear to
  read bad data, and in both cases the guest read the disc without issue
  after a system_reset.

  A HD image that demonstrates this behavior can be produced if
  necessary, however the FreeDOS 1.2 CD can be booted directly and used
  to test:

  http://freedos.org/download/download/FD12CD.iso

  (choose install then abort and you get a prompt in which you can type
  "dir D:", say)

  note, running eject before the change command does nothing to help.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1895602/+subscriptions

[Bug 1839807] Re: Snapshots freeze guest Sabrelite IMX.6 board

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1839807

Title:
  Snapshots freeze guest Sabrelite IMX.6 board

Status in QEMU:
  Expired

Bug description:
  Hello,

  I'm trying to take and restore  a snapshot with the whole system state of the 
Sabrelite IMX.6 board running on QEMU with commands savevm/loadvm.
  It seems that I am able to take a snapshot but loading the snapshot fails.

  For comparison I checked out snapshots on 32bit ARM Virt with Debian as well 
as on the Versatilepb board with a bare metal application and it works fine.
  The problem occurs only with that one particular board.

  My environment is:
  Ubuntu 18.04
  QEMU 3.0.1 (I see the same issue in QEMU 4.0.0 as well)
  The kernel and device tree used for the board was 5.1.14 version from 
kernel.org

  The file system was build from imx_v6_v7_defconfig config in buildroot
  as and sd card image.

  Problem:

  Loading snapshot stops the whole machine and it's impossible to resume
  it.

  Steps to reproduce problem:

  1.  I converted the sdcard.img built from the buildroot to qcow2
  using command qemu-img convert -f raw -O qcow2 sdcard.img
  sdcard.qcow2, since the raw doesn't support snapshots.

  2.  I start QEMU with a command
  ./arm-softmmu/qemu-system-arm -m 512 -M sabrelite -kernel zImage -append 
"rootfstype=ext4 root=/dev/mmcblk2p2 rw rootwait" -rtc base=localtime,clock=vm 
-dtb imx6dl-sabresd.dtb -drive file=sdcard.qcow2,index=2,format=qcow2,id=mycard 
-device sd-card,drive=mycard -nographic -net nic -net user

  3.  I run a simple program which print characters to the console
  in the background and add some files in user directory, to differ from
  original image.

  4.  I switch to QEMU monitor, and type “savevm ”.
  When I type “info snapshots”, the snapshot is listed.
  So I assume it was saved correctly.

  5.  Then I switch back to Linux console from monitor, remove the
  added files and stop the background printing process.

  6.  I switch back to monitor and I'm trying now to load the
  snapshot by “loadvm ” command.

  That’s where the problem occurs. QEMU stops and I can't switch back from 
monitor to Linux.
  Typing “cont” doesn’t help.
  It seems like the simulation has freezed. CPU usage on my Laptop machine 
equals 100% until I exit QEMU.

  
  What’s interesting when I exit the QEMU and then start it again the Linux 
boots and after it reaches the command prompt I can see the files which were 
removed after saving the snapshot.

  It looks like loading the snapshots works for restoring disk space but
  it fails for restoring the running processes.

  Due to the answer on QEMU mailing list
  (https://lists.nongnu.org/archive/html/qemu-
  discuss/2019-08/msg00016.html) it is QEMUs bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1839807/+subscriptions

[Bug 1849894] Re: hw/scsi/scsi-disk.c line 2554 allocation overflow

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1849894

Title:
  hw/scsi/scsi-disk.c line 2554 allocation overflow

Status in QEMU:
  Expired

Bug description:
  When compiling qemu from git master (at commit
  03bf012e523ecdf047ac56b2057950247256064d ) on Linux amd64, with gcc-9
  9.2.1 , and using `-march=native -flto`, during linking of most target
  binaries, compiler does detect an issue with allocation in
  scsi_disk_new_request_dump and aborts compilation.

  
  make[1]: Entering directory '/home/user/qemu/slirp'
  make[1]: Nothing to be done for 'all'.
  make[1]: Leaving directory '/home/user/qemu/slirp'
  nm: stats64.o: no symbols
LINKaarch64-softmmu/qemu-system-aarch64
  In function ‘scsi_disk_new_request_dump’,
  inlined from ‘scsi_new_request’ at hw/scsi/scsi-disk.c:2580:9,
  inlined from ‘scsi_new_request’ at hw/scsi/scsi-disk.c:2564:21:
  hw/scsi/scsi-disk.c:2554:19: error: argument 1 value ‘18446744073709551612’ 
exceeds maximum object size 9223372036854775807 
[-Werror=alloc-size-larger-than=]
  hw/scsi/scsi-disk.c: In function ‘scsi_new_request’:
  /usr/include/glib-2.0/glib/gmem.h:78:10: note: in a call to allocation 
function ‘g_malloc’ declared here
 78 | gpointer g_malloc (gsize  n_bytes) G_GNUC_MALLOC 
G_GNUC_ALLOC_SIZE(1);
|  ^
  lto1: all warnings being treated as errors
  lto-wrapper: fatal error: c++ returned 1 exit status
  compilation terminated.
  /usr/bin/ld: error: lto-wrapper failed
  collect2: error: ld returned 1 exit status


  same happens for most other targets: alpha-softmmu/qemu-system-alpha
  arm-softmmu/qemu-system-arm hppa-softmmu/qemu-system-hppa i386-softmmu
  /qemu-system-i386 lm32-softmmu/qemu-system-lm32 mips-softmmu/qemu-
  system-mips mips64-softmmu/qemu-system-mips64 mips64el-softmmu/qemu-
  system-mips64el mipsel-softmmu/qemu-system-mipsel ppc-softmmu/qemu-
  system-ppc ppc64-softmmu/qemu-system-ppc64 riscv32-softmmu/qemu-
  system-riscv32 riscv64-softmmu/qemu-system-riscv64 s390x-softmmu/qemu-
  system-s390x sh4-softmmu/qemu-system-sh4 sh4eb-softmmu/qemu-system-
  sh4eb sparc-softmmu/qemu-system-sparc sparc64-softmmu/qemu-system-
  sparc64 x86_64-softmmu/qemu-system-x86_64 xtensa-softmmu/qemu-system-
  xtensa xtensaeb-softmmu/qemu-system-xtensaeb

  Notice -softmmu being a common factor here.


  The size of the allocation for the temporary buffer for dumping using
  snprintf is determined based on the size of the buffer via call to
  scsi_cdb_length. I believe the heavy inlining and constant propagation
  makes scsi_cdb_length return -1, so len = -1. Then allocation size is
  5*len + 1, or -4. Which overflows to 2^64 - 4 or so.

  The case of len==-1 from scsi_cdb_length happens if the (buf[0] >> 5)
  is not 0, 1, 2, 4 or 5.

  However, I can't find out how gcc figures out that buf[0] is not one
  of these variables. To me looking at this function, compiler should
  not know anything about buf[0].

  I tried following the chain of calls back, including devirtualize
  alloc_req, and I found scsi_device_alloc_req calling these alloc_req
  callbacks, but it is itself called from scsi_req_new, which is called
  in  get_scsi_requests , just after buf is filled from QEMUFile using
  qemu_get_buffer, which ultimately goes even further into read paths,
  which there might be many AFAIK.


  
  glib2 version 2.62.1-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1849894/+subscriptions

[Bug 1861161] Re: qemu-arm-static stuck with 100% CPU when cross-compiling emacs

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1861161

Title:
  qemu-arm-static stuck with 100% CPU when cross-compiling emacs

Status in QEMU:
  Expired

Bug description:
  Hello,

  I'm trying to build multi-arch docker images for
  https://hub.docker.com/r/silex/emacs.

  Here is the machine I'm building on (hetzner cloud machine):

  root@ubuntu-4gb-fsn1-1:~# lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 18.04.3 LTS
  Release:18.04
  Codename:   bionic
  root@ubuntu-4gb-fsn1-1:~# uname -a
  Linux ubuntu-4gb-fsn1-1 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 
UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

  Whenever I try to build the following alpine Dockerfile
  https://gitlab.com/Silex777/docker-
  emacs/blob/master/26.3/alpine/3.9/dev/Dockerfile like this:

  $ sysctl kernel.randomize_va_space=0
  $ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
  $ docker build --pull -t test --platform arm .

  It builds fine until this:

  root@ubuntu-4gb-fsn1-1:~# ps -ef | grep qemu
  root 26473 26465 99 14:26 pts/001:59:58 /usr/bin/qemu-arm-static 
../src/bootstrap-emacs -batch --no-site-file --no-site-lisp --eval (setq 
load-prefer-newer t) -f batch-byte-compile emacs-lisp/macroexp.el

  This is supposed to take a few seconds, but here it takes 100% CPU and
  never ends. When I strace the process I see a never ending loop like
  this:

  getdents64(5, /* 0 entries */, 2048)= 0
  lseek(5, 0, SEEK_SET)   = 0
  getdents64(5, /* 5 entries */, 2048)= 120
  tgkill(5875, 5878, SIGRT_2) = -1 EAGAIN (Resource temporarily 
unavailable)
  getdents64(5, /* 0 entries */, 2048)= 0
  lseek(5, 0, SEEK_SET)   = 0
  getdents64(5, /* 5 entries */, 2048)= 120
  tgkill(5875, 5878, SIGRT_2) = -1 EAGAIN (Resource temporarily 
unavailable)
  getdents64(5, /* 0 entries */, 2048)= 0
  lseek(5, 0, SEEK_SET)   = 0
  getdents64(5, /* 5 entries */, 2048)= 120
  tgkill(5875, 5878, SIGRT_2) = -1 EAGAIN (Resource temporarily 
unavailable)
  getdents64(5, /* 0 entries */, 2048)= 0
  lseek(5, 0, SEEK_SET)   = 0
  getdents64(5, /* 5 entries */, 2048)= 120
  tgkill(5875, 5878, SIGRT_2) = -1 EAGAIN (Resource temporarily 
unavailable)
  getdents64(5, /* 0 entries */, 2048)= 0
  lseek(5, 0, SEEK_SET)   = 0
  getdents64(5, /* 5 entries */, 2048)= 120
  tgkill(5875, 5878, SIGRT_2) = -1 EAGAIN (Resource temporarily 
unavailable)

  It happens with all the QEMU versions I tested:
  - 2.11.1 (OS version)
  - 4.1.1-1 (from multiarch/qemu-user-static:4.1.1-1)
  - 4.2.0-2 (from multiarch/qemu-user-static)

  Any ideas of what I could do to debug it further?

  Kind regards,
  Philippe

  p.s: Everything builds fine when the base image is ubuntu. I also had
  similar hangs with basic commands like "apt-get install foo"
  sometimes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1861161/+subscriptions