03.08.2023 07:42, Thomas Huth wrote:
On 03/08/2023 02.29, Luca Bonissi wrote:
From: Luca Bonissi
Date: Thu, 3 Aug 2023 02:15:57 +0200
Subject: [PATCH] Fixed incorrect LLONG alignment for openrisc and cris
OpenRISC (or1k) has long long alignment to 4 bytes, but currently not
defined in abitypes
04.08.2023 10:35, Thomas Huth пишет:
The check for nd->model being NULL was originally required, but in
commit e11f463295d95aba ("s390x/virtio: use qemu_check_nic_model()")
the corresponding code had been replaced by a call to the function
qemu_check_nic_model() - and this in turn calls qemu_find
04.08.2023 18:29, Daniel Henrique Barboza wrote:
..
Nicholas Piggin (3):
target/ppc: Implement ASDR register for ISA v3.0 for HPT
target/ppc: Fix pending HDEC when entering PM state
target/ppc: Fix VRMA page size for ISA v3.0
Should these 3 be picked up for -stable?
Thanks
Hi, I have a use for RR in SMP machine. It seems conceptually simple to
add, RR scheduler is driven in a deterministic way like everything else.
In practice, I'm not entirely sure if I have all the locking and corner
cases covered. The code is also a bit ugly at the moment in terms of
CPU switching
Jim Cromie writes:
> Change 2 error messages to display sizes in MB, not bytes.
>
> qemu: initrd is too large, cannot support this. (max: 2047 MB, need 5833 MB)
>
> Also, distinguish 2 sites by adding "it" and "this" respectively.
> This tells a careful reader that the error above is from the 2nd
04.07.2023 06:34, Hawkins Jiawei wrote:
According to VirtIO standard, "The class, command and
command-specific-data are set by the driver,
and the device sets the ack byte.
There is little it can do except issue a diagnostic
if ack is not VIRTIO_NET_OK."
Therefore, QEMU should stop sending the q
05.08.2023 08:58, Michael Tokarev wrote:
196ea60a73 hw/smbios: Fix core count in type4
7298fd7de5 hw/smbios: Fix thread count in type4
d79a284a44 hw/smbios: Fix smbios_smp_sockets caculation
plus this one:
a1d027be95 machine: Add helpers to get cores/threads per socket
/mjt
01.06.2023 12:29, Zhao Liu wrote:
From: Zhao Liu
From SMBIOS 3.0 specification, thread count field means:
Thread Count is the total number of threads detected by the BIOS for
this processor socket. It is a processor-wide count, not a
thread-per-core count. [1]
So here we should use threads p
31.05.2023 14:08, Jonathan Cameron via wrote:
On Wed, 31 May 2023 09:51:43 +0200
Philippe Mathieu-Daudé wrote:
On 31/5/23 08:07, Li Zhijian wrote:
Allocate targets and targets[n] resources when all sanity checks are
passed to avoid memory leaks.
Suggested-by: Philippe Mathieu-Daudé
Signed-o
On 8/4/23 16:40, Nathan Egge wrote:
The linux-user/syscall.c has many such places where this style check is failing. Should
these be fixed in a separate patch?
Yes, eventually.
r~
On 8/4/23 16:03, Ilya Leoshkevich wrote:
The vxe2 hwcap is not set for programs running in linux-user, but is
set by a Linux kernel running in softmmu. Add it to the former.
Signed-off-by: Ilya Leoshkevich
---
linux-user/elfload.c | 1 +
1 file changed, 1 insertion(+)
Reviewed-by: Richard H
On Tue, Aug 1, 2023 at 8:18 AM Alyssa Ross wrote:
> Gurchetan Singh writes:
>
> > On Mon, Jul 24, 2023 at 2:56 AM Alyssa Ross wrote:
> >>
> >> Gurchetan Singh writes:
> >>
> >> > In terms of API stability/versioning/packaging, once this series is
> >> > reviewed, the plan is to cut a "gfxstrea
Hi,
this series should hopefully fix the issue with __strstr_arch13(),
which Claudio reported. I have to admit I did not manage to fully
reproduce it, but at least with this change the traces of a simple test
from TCG and real hardware match.
I've also fuzzed the changed helper and strstr() itsel
The length is always truncated to 16 bytes. Do not probe more than
that.
Cc: qemu-sta...@nongnu.org
Fixes: 0e0a5b49ad58 ("s390x/tcg: Implement VECTOR STORE WITH LENGTH")
Signed-off-by: Ilya Leoshkevich
---
target/s390x/tcg/vec_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich
---
tests/tcg/s390x/Makefile.target | 1 +
tests/tcg/s390x/vstl.c | 37 +
2 files changed, 38 insertions(+)
create mode 100644 tests/tcg/s390x/vstl.c
diff --git a/tests/tcg/s390x/
VFMIN and VFMAX should raise a specification exceptions when bits 1-3
of M5 are set.
Cc: qemu-sta...@nongnu.org
Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)")
Signed-off-by: Ilya Leoshkevich
---
target/s390x/tcg/translate_vx.c.inc | 2 +-
1 file changed, 1 insertion(+),
Core dumps produced by gdb's gcore when connected to qemu's gdbstub
lack stack. The reason is that gdb includes only anonymous memory in
core dumps, which is distinguished by a non-0 Anonymous: value.
Consider the mappings with PAGE_ANON fully anonymous, and the mappings
without it fully non-anony
On 2023-08-04 18:00, Richard Henderson wrote:
From: Akihiko Odaki
Later the returned value is compared with -1, and negated errno is not
expected.
Fixes: 00faf08c95 ("linux-user: Don't use MAP_FIXED in do_brk()")
Reviewed-by: Helge Deller
Signed-off-by: Akihiko Odaki
Message-Id: <20230802071
Currently the emulation of VSTRS recognizes partial matches in presence
of \0 in the haystack, which, according to PoP, is not correct:
If the ZS flag is one and a zero byte was detected
in the second operand, then there can not be a
partial match ...
Add a check for this. While at it
The vxe2 hwcap is not set for programs running in linux-user, but is
set by a Linux kernel running in softmmu. Add it to the former.
Signed-off-by: Ilya Leoshkevich
---
linux-user/elfload.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 861e
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich
---
tests/tcg/s390x/Makefile.target | 1 +
tests/tcg/s390x/vxeh2_vstrs.c | 88 +
2 files changed, 89 insertions(+)
create mode 100644 tests/tcg/s390x/vxeh2_vstrs.c
diff --git a/tests/tcg
From: Mikhail Tyutin
Apply save_iotlb_data() to io_readx() as well as to io_writex().
This fixes SEGFAULT on qemu_plugin_hwaddr_phys_addr() call plugins
for addresses inside of MMIO region.
Signed-off-by: Dmitriy Solovev
Signed-off-by: Mikhail Tyutin
Reviewed-by: Richard Henderson
Message-Id:
Rely on target_mmap to handle guest vs host page size mismatch.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 54 +++-
1 file changed, 23 insertions(+), 31 deleti
From: Akihiko Odaki
Later the returned value is compared with -1, and negated errno is not
expected.
Fixes: 00faf08c95 ("linux-user: Don't use MAP_FIXED in do_brk()")
Reviewed-by: Helge Deller
Signed-off-by: Akihiko Odaki
Message-Id: <20230802071754.14876-4-akihiko.od...@daynix.com>
Signed-off
If p_filesz == 0, then vaddr_ef == vaddr. We can reuse the
code in zero_bss rather than incompletely duplicating it in
load_elf_image.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 27 +++--
This variable is unused.
Signed-off-by: Richard Henderson
---
bsd-user/qemu.h | 1 -
bsd-user/mmap.c | 2 --
2 files changed, 3 deletions(-)
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index edf9602f9b..8f2d6a3c78 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -232,7 +232,6 @@ abi_lon
Provide default values that are as close as possible to the
values used by the guest's kernel.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/aarch64/target_mman.h | 10 ++
linux-user/alpha/target_mman.h
Copy each guest kernel's default value, then bound it
against reserved_va or the host address space.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Signed-off-by: Richard Henderson
---
linux-user/aarch64/target_mman.h | 3 +++
linux-user/alpha/target_mman.h | 3 +++
linux-user/a
Remove TARGET_ELF_EXEC_PAGESIZE, and 3 other TARGET_ELF_PAGE* macros
based off of that. Rely on target_mmap to handle guest vs host page
size mismatch.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 17
If the address and size are aligned, send larger chunks
to the memory subsystem. This will be required to make
more use of these helpers.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
accel/tcg/cputlb.c | 76 +-
1 file chan
Follow the lead of the linux kernel in fs/binfmt_elf.c,
in which an ET_DYN executable which uses an interpreter
(usually a PIE executable) is loaded away from where the
interpreter itself will be loaded.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by:
Supercedes: 20230804014517.6361-1-richard.hender...@linaro.org
("[PATCH for-8.1 v8 00/17] linux-user: brk fixes")
Changes for linux-user brk v9:
Recover some changes that should have been in v8, had I
generated the patches from the correct tree:
- bsd-user: Remove last_brk
- Fix typos
From: Helge Deller
While we attempt to load a ET_DYN executable far away from
TASK_UNMAPPED_BASE, we are not completely in control of the
address space layout. If the interpreter lands close to
the executable, leaving insufficient heap space, move brk.
Tested-by: Helge Deller
Signed-off-by: He
Replace MMULookupPageData* with CPUTLBEntryFull, addr, size.
Move QEMU_IOTHREAD_LOCK_GUARD to the caller.
This simplifies the usage from do_ld16_beN and do_st16_leN, where
we weren't locking the entire operation, and required hoop jumping
for passing addr and size.
Reviewed-by: Philippe Mathieu-D
From: Nathan Egge
Set V bit for hwcap if misa is set.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1793
Signed-off-by: Nathan Egge
Reviewed-by: Daniel Henrique Barboza
Tested-by: Daniel Henrique Barboza
Message-Id: <20230803131424.40744-1-ne...@xiph.org>
Signed-off-by: Richard Hend
From: Akihiko Odaki
Linux 6.4.7 does nothing when a value smaller than the initial brk is
specified.
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Reviewed-by: Helge Deller
Signed-off-by: Akihiko Odaki
Message-Id: <20230802071754.14876-6-akihiko.od...@daynix.com>
Signed-off-by:
The heap starts at "brk" not "start_brk". With this fixed,
image_info.start_brk is unused and may be removed.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/qemu.h | 1 -
linux-user/flatload.c | 2 +-
linux-use
Ensure that the chosen values for mmap_next_start and
task_unmapped_base are within the guest address space.
Tested-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/user-mmap.h | 18 +-
linux-user/main.c | 28 +
From: Akihiko Odaki
Passing MAP_FIXED_NOREPLACE to host will fail for reserved_va because
the address space is reserved with mmap. Replace it with MAP_FIXED
in that case.
Signed-off-by: Akihiko Odaki
Message-Id: <20230802071754.14876-2-akihiko.od...@daynix.com>
[rth: Expand inline commentary.]
From: Akihiko Odaki
do_brk() minimizes calls into target_mmap() by aligning the address
with host page size, which is potentially larger than the target page
size. However, the current implementation of this optimization has two
bugs:
- The start of brk is rounded up with the host page size whil
From: Akihiko Odaki
MAP_FIXED_NOREPLACE can ensure the mapped address is fixed without
concerning that the new mapping overwrites something else.
Signed-off-by: Akihiko Odaki
Message-Id: <20230802071754.14876-5-akihiko.od...@daynix.com>
[rth: Pass -1 as fd for MAP_ANON]
Reviewed-by: Richard Hen
From: Akihiko Odaki
The man page states:
> Note that older kernels which do not recognize the MAP_FIXED_NOREPLACE
> flag will typically (upon detecting a collision with a preexisting
> mapping) fall back to a “non-MAP_FIXED” type of behavior: they will
> return an address that is different from t
Use this as extra protection for the guest mapping over
any qemu host mappings.
Tested-by: Helge Deller
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/elfload.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/l
In the single-page case we were issuing misaligned i/o to
the memory subsystem, which does not handle it properly.
Split such accesses via do_{ld,st}_mmio_*.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1800
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
acc
This variable is unused.
Reviewed-by: Helge Deller
Reviewed-by: Akihiko Odaki
Signed-off-by: Richard Henderson
---
linux-user/user-mmap.h | 1 -
linux-user/mmap.c | 2 --
2 files changed, 3 deletions(-)
diff --git a/linux-user/user-mmap.h b/linux-user/user-mmap.h
index 3fc986f92f..7265c2
From: Matheus Tavares Bernardino
Previously, qemu-user would always report PID 1 to GDB. This was changed
at dc14a7a6e9 (gdbstub: Report the actual qemu-user pid, 2023-06-30),
but read_thread_id() still considers GDB packets with "no PID" as "PID
1", which is not the qemu-user PID. Fix that by pa
When the offset is out of range of the non-prefixed insn, but
fits the 34-bit immediate of the prefixed insn, use that.
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 66
1 file changed, 66 insertions(+)
diff --git a/tcg/ppc/tcg-target.c
PADDI can load 34-bit immediates and 34-bit pc-relative addresses.
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 47
1 file changed, 47 insertions(+)
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 642d0fd128..7fa
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 511e14b180..642d0fd128 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -221,7 +
Emit one 64-bit instruction for large constants and pc-relatives.
With pc-relative addressing, we don't need REG_TB, which means we
can re-enable direct branching for goto_tb.
r~
Richard Henderson (7):
tcg/ppc: Untabify tcg-target.c.inc
tcg/ppc: Use PADDI in tcg_out_movi
tcg/ppc: Use pref
With Power v3.1, we have pc-relative addressing and so
do not require a register holding the current TB.
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index e8e
The prefixed instruction has a pc-relative form to use here.
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 24
1 file changed, 24 insertions(+)
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index d41c499b7d..a9e48a51c8 100644
--- a/t
The prefixed instructions have a pc-relative form to use here.
Signed-off-by: Richard Henderson
---
tcg/ppc/tcg-target.c.inc | 12
1 file changed, 12 insertions(+)
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index a9e48a51c8..e8eced7cf3 100644
--- a/tcg/ppc/tcg
When a direct branch is out of range, we can load the destination for
the indirect branch using PLA (for 16GB worth of buffer) and PLD from
the TranslationBlock for everything larger.
This means the patch affects exactly one instruction: B (plus filler),
PLA or PLD. Which means we can update and
Change 2 error messages to display sizes in MB, not bytes.
qemu: initrd is too large, cannot support this. (max: 2047 MB, need 5833 MB)
Also, distinguish 2 sites by adding "it" and "this" respectively.
This tells a careful reader that the error above is from the 2nd size
check.
With MB displayed
On Fri, Aug 04, 2023 at 05:48:49PM +0100, Daniel P. Berrangé wrote:
> On Fri, Aug 04, 2023 at 12:46:18PM -0400, Peter Xu wrote:
> > On Fri, Aug 04, 2023 at 05:29:19PM +0100, Daniel P. Berrangé wrote:
> > > On Fri, Aug 04, 2023 at 12:01:54PM -0400, Peter Xu wrote:
> > > > On Fri, Aug 04, 2023 at 02:
scripts/archive-source.sh needs meson in order to download the subprojects,
therefore meson needs to be part of the host environment in which VM-based
build jobs run.
Fixes: 2019cabfee0 ("meson: subprojects: replace submodules with wrap files",
2023-06-06)
Reported-by: Daniel P. Berrangé
Signed-
The following changes since commit c26d005e62f4fd177dae0cd70c24cb96761edebc:
Merge tag 'hppa-linux-user-speedup-pull-request' of
https://github.com/hdeller/qemu-hppa into staging (2023-08-03 18:49:45 -0700)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for
From: Matt Borgerson
When CR0.TS=1, execution of x87 FPU, MMX, and some SSE instructions will
cause a Device Not Available (DNA) exception (#NM). System software uses
this exception event to lazily context switch FPU state.
Before this patch, enter_mmx helpers may be generated just before #NM
ge
On Tue, Jun 27, 2023 at 04:23:49PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> On 08.06.23 16:56, Eric Blake wrote:
> > The NBD spec states that if the client negotiates extended headers,
> > the server must avoid NBD_REPLY_TYPE_BLOCK_STATUS and instead use
> > NBD_REPLY_TYPE_BLOCK_STATUS_EXT whic
repository at:
https://gitlab.com/danielhb/qemu.git tags/pull-ppc-20230804
for you to fetch changes up to 0e2a3ec36885f6d79a96230f582d4455878c6373:
target/ppc: Fix VRMA page size for ISA v3.0 (2023-08-04 12:22:03 -0300)
On Fri, Jun 16, 2023 at 09:48:18PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> On 08.06.23 16:56, Eric Blake wrote:
> > Although extended mode is not yet enabled, once we do turn it on, we
> > need to reply with extended headers to all messages. Update the low
> > level entry points necessary so
From: zhenwei pi
For symmetric algorithms, the length of ciphertext must be as same
as the plaintext.
The missing verification of the src_len and the dst_len in
virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
This patch is originally written by Yiming Tao for QEMU-SECURITY,
rese
From: Thomas Huth
On big endian hosts, we need to reverse the bitfield order in the
struct VTDInvDescIEC, just like it is already done for the other
bitfields in the various structs of the intel-iommu device.
Signed-off-by: Thomas Huth
Message-Id: <20230802135723.178083-4-th...@redhat.com>
Revi
From: Thomas Huth
The values in "addr" are populated locally in this function in host
endian byte order, so we must not swap the index_l field here.
Signed-off-by: Thomas Huth
Message-Id: <20230802135723.178083-5-th...@redhat.com>
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirk
From: Viktor Prutyanov
According to PCIe Address Translation Services specification 5.1.3.,
ATS Control Register has Enable bit to enable/disable ATS. Guest may
enable/disable PCI ATS and, accordingly, Device-TLB for the VirtIO PCI
device. So, raise/lower a flag and call a trigger function to pas
From: Helge Deller
When running a 32-bit guest on a 64-bit host, fcntl[64](F_GETFL) should
return with the TARGET_O_LARGEFILE flag set, because all 64-bit hosts
support large files unconditionally.
But on 64-bit hosts, O_LARGEFILE has the value 0, so the flag
translation can't be done with the f
From: Peter Maydell
The arguments for deposit64 are (value, start, length, fieldval); this
appears to have thought they were (value, fieldval, start,
length). Reorder the parameters to match the actual function.
Cc: qemu-sta...@nongnu.org
Fixes: 950272506d ("target/m68k: Use semihosting/syscalls
From: Viktor Prutyanov
The guest can disable or never enable Device-TLB. In these cases,
it can't be used even if enabled in QEMU. So, check Device-TLB state
before registering IOMMU notifier and select unmap flag depending on
that. Also, implement a way to change IOMMU notifier flag if Device-TL
From: Richard Henderson
The change to use translator_use_goto_tb went too far, as the
CF_SINGLE_STEP flag managed by the translator only handles
gdb single stepping and not the architectural single stepping
modeled in DisasContext.singlestep_enabled.
Fixes: 6e9cc373ec5 ("target/ppc: Use translat
From: Thomas Huth
The first bitfield here is supposed to be used as a 64-bit equivalent
to the "uint64_t msi_addr" in the union. To make this work correctly
on big endian hosts, too, the __addr_hi field has to be part of the
bitfield, and the the bitfield members must be declared with "uint64_t"
From: David Woodhouse
Coverity points out (CID 1508128) a bounds checking error. We need to check
for gsi >= IOAPIC_NUM_PINS, not just greater-than.
Also fix up an assert() that has the same problem, that Coverity didn't see.
Fixes: 4f81baa33ed6 ("hw/xen: Support GSI mapping to PIRQ")
Signed-of
From: Eric Auger
In the virtio_iommu_handle_command() when a PROBE request is handled,
output_size takes a value greater than the tail size and on a subsequent
iteration we can get a stack out-of-band access. Initialize the
output_size on each iteration.
The issue was found with ASAN. Credits to
From: Keith Packard
Instead of using R_ARG0 (the semihost function number), use R_ARG1
(the provided exit status).
Signed-off-by: Keith Packard
Reviewed-by: Peter Maydell
Message-Id: <20230801152245.332749-1-kei...@keithp.com>
Signed-off-by: Philippe Mathieu-Daudé
(cherry picked from commit c
The following patches are queued for QEMU stable v8.0.4:
https://gitlab.com/qemu-project/qemu/-/commits/staging-8.0
Patch freeze is 2023-08-05, and the release is planned for 2023-08-07:
https://wiki.qemu.org/Planning/8.0
Please respond here or CC qemu-sta...@nongnu.org on any additional pa
From: Keith Packard
The arguments for deposit64 are (value, start, length, fieldval); this
appears to have thought they were (value, fieldval, start,
length). Reorder the parameters to match the actual function.
Signed-off-by: Keith Packard
Reviewed-by: Philippe Mathieu-Daudé
Fixes: d1e23cbaa4
From: Yuri Benditovich
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224964
In migration with VF failover, Windows guest and ACPI hot
unplug we do not need to satisfy config requests, otherwise
the guest immediately detects the device and brings up its
driver. Many network VF's are stuck o
From: Thomas Huth
The values in "msg" are assembled in host endian byte order (the other
field are also not swapped), so we must not swap the __addr_head here.
Signed-off-by: Thomas Huth
Message-Id: <20230802135723.178083-6-th...@redhat.com>
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Micha
From: Thomas Huth
The code already tries to do some endianness handling here, but
currently fails badly:
- While it already swaps the data when logging errors / tracing, it fails
to byteswap the value before e.g. accessing entry->irte.present
- entry->irte.source_id is swapped with le32_to_cpu(
From: Helge Deller
Commit 7f4f0d9ea870 ("linux-user/arm: Implement __kernel_cmpxchg with host
atomics") switched to use qatomic_cmpxchg() to swap a word with the memory
content, but missed to endianess-swap the oldval and newval values when
emulating an armeb CPU, which expects words to be stored
From: Helge Deller
On hppa the Instruction Address Offset Queue (IAOQ) registers specifies
the next to-be-executed instructions addresses. Each generated TB writes those
registers at least once, so those registers are used heavily in generated
code.
Looking at the generated assembly, for a x86-6
From: Peter Maydell
The implementation of the SMMUv3 has multiple places where it reads a
data structure from the guest and directly operates on it without
doing a guest-to-host endianness conversion. Since all SMMU data
structures are little-endian, this means that the SMMU doesn't work
on a bi
From: Thomas Huth
The test in tests/avocado/machine_loongarch.py is currently failing
on big endian hosts like s390x. By comparing the traces between running
the QEMU_EFI.fd bios on a s390x and on a x86 host, it's quickly obvious
that the CSRRD instruction for the CPUID is behaving differently. A
From: Anthony PERARD
thread_pool_free() might have been called on the `pool`, which would
be a reason for worker_thread() to quit. In this case,
`pool->request_cond` is been destroyed.
If worker_thread() didn't managed to signal `request_cond` before it
been destroyed by thread_pool_free(), we g
From: Li Feng
When the vhost-user reconnect to the backend, the notifer should be
cleanup. Otherwise, the fd resource will be exhausted.
Fixes: f9a09ca3ea ("vhost: add support for configure interrupt")
Signed-off-by: Li Feng
Reviewed-by: Raphael Norwitz
Message-Id: <20230731121018.2856310-2-f
From: zhenwei pi
Generally guest side should discover which services the device is
able to offer, then do requests on device.
However it's also possible to break this rule in a guest. Handle
unexpected request here to avoid NULL pointer dereference.
Fixes: e7a775fd ('cryptodev: Account statisti
From: Thomas Huth
After reading the guest memory with dma_memory_read(), we have
to make sure that we byteswap the little endian data to the host's
byte order.
Signed-off-by: Thomas Huth
Message-Id: <20230802135723.178083-2-th...@redhat.com>
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Micha
From: Peter Maydell
In commit 0b188ea05acb5 we changed the implementation of
trans_CSEL() to use tcg_constant_i32(). However, this change
was incorrect, because the implementation of the function
sets up the TCGv_i32 rn and rm to be either zero or else
a TCG temp created in load_reg(), and these
From: Anthony PERARD
Commit 189829399070 ("xen-block: Use specific blockdev driver")
introduced a new error path, without taking care of allocated
resources.
So only allocate the qdicts after the error check, and free both
`filename` and `driver` when we are about to return and thus taking
care
From: Richard Henderson
Fixes a race condition (generally without optimization) in which
the subtree is re-read after the protecting if condition.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
(cherry picked from commit 055b86e0f0b4325117055d8d31c490112
From: Richard Henderson
Ensure that the stores to rb_left and rb_right are complete before
inserting the new node into the tree. Otherwise a concurrent reader
could see garbage in the new leaf.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
(cherry pick
From: Viktor Prutyanov
If vhost is enabled for virtio-net, Device-TLB enable/disable events
must be passed to vhost for proper IOMMU unmap flag selection.
Signed-off-by: Viktor Prutyanov
Acked-by: Jason Wang
Message-Id: <20230626091258.24453-3-vik...@daynix.com>
Reviewed-by: Michael S. Tsirkin
From: Peter Maydell
A lot of the code called from helper_exception_bkpt_insn() is written
assuming A-profile, but we will also call this helper on M-profile
CPUs when they execute a BKPT insn. This used to work by accident,
but recent changes mean that we will hit an assert when some of this
cod
From: Daniel P. Berrangé
The TLS handshake make take some time to complete, during which time an
I/O watch might be registered with the main loop. If the owner of the
I/O channel invokes qio_channel_close() while the handshake is waiting
to continue the I/O watch must be removed. Failing to remov
From: "Denis V. Lunev"
Unfortunately
commit 03b67621445d601c9cdc7dfe25812e9f19b81488
(8.0: feb0814b3b48e75b336ad72eb303f9d579c94083)
Author: Denis V. Lunev
Date: Mon Jul 17 16:55:40 2023 +0200
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
has intro
From: "Denis V. Lunev"
Unfortunately
commit 03b67621445d601c9cdc7dfe25812e9f19b81488
(7.2: 6e216d21b56a7545a05080a370b5ca7491fecfb3)
Author: Denis V. Lunev
Date: Mon Jul 17 16:55:40 2023 +0200
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
has intro
From: Thomas Huth
After reading the guest memory with dma_memory_read(), we have
to make sure that we byteswap the little endian data to the host's
byte order.
Signed-off-by: Thomas Huth
Message-Id: <20230802135723.178083-2-th...@redhat.com>
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Micha
From: Anthony PERARD
Commit 189829399070 ("xen-block: Use specific blockdev driver")
introduced a new error path, without taking care of allocated
resources.
So only allocate the qdicts after the error check, and free both
`filename` and `driver` when we are about to return and thus taking
care
From: zhenwei pi
For symmetric algorithms, the length of ciphertext must be as same
as the plaintext.
The missing verification of the src_len and the dst_len in
virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
This patch is originally written by Yiming Tao for QEMU-SECURITY,
rese
From: Thomas Huth
The first bitfield here is supposed to be used as a 64-bit equivalent
to the "uint64_t msi_addr" in the union. To make this work correctly
on big endian hosts, too, the __addr_hi field has to be part of the
bitfield, and the the bitfield members must be declared with "uint64_t"
1 - 100 of 248 matches
Mail list logo
