[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 4319ae: tests: fix tpm-crb tpm-tis tests race
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 4319ae: tests: fix tpm-crb tpm-tis tests race |
|
Date: |
Thu, 02 Aug 2018 15:46:37 -0700 |
Branch: refs/heads/stable-2.12
Home: https://github.com/qemu/qemu
Commit: 4319ae939c8dd5d098f4d67e8456abbab22ad16e
https://github.com/qemu/qemu/commit/4319ae939c8dd5d098f4d67e8456abbab22ad16e
Author: Marc-André Lureau <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tests/tpm-emu.c
Log Message:
-----------
tests: fix tpm-crb tpm-tis tests race
No need to close the TPM data socket on the emulator end, qemu will
close it after a SHUTDOWN. This avoids a race between close() and
read() in the TPM data thread.
Reported-by: Peter Maydell <address@hidden>
Signed-off-by: Marc-André Lureau <address@hidden>
Signed-off-by: Stefan Berger <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
(cherry picked from commit 7647d5c6b5e3b3f36a6e0441c81ae3fe797eb233)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1783745673dd083cbceea6d9976a048fb03ab17b
https://github.com/qemu/qemu/commit/1783745673dd083cbceea6d9976a048fb03ab17b
Author: Geert Uytterhoeven <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M device_tree.c
Log Message:
-----------
device_tree: Increase FDT_MAX_SIZE to 1 MiB
It is not uncommon for a contemporary FDT to be larger than 64 KiB,
leading to failures loading the device tree from sysfs:
qemu-system-aarch64: qemu_fdt_setprop: Couldn't set ...: FDT_ERR_NOSPACE
Hence increase the limit to 1 MiB, like on PPC.
For reference, the largest arm64 DTB created from the Linux sources is
ca. 75 KiB large (100 KiB when built with symbols/fixup support).
Cc: address@hidden
Signed-off-by: Geert Uytterhoeven <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 14ec3cbd7c1e31dca4d23f028100c8f43e156573)
Signed-off-by: Michael Roth <address@hidden>
Commit: 8ca471da10838c58baf310bdda4c6f0ea0b329fe
https://github.com/qemu/qemu/commit/8ca471da10838c58baf310bdda4c6f0ea0b329fe
Author: Jason Andryuk <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/usb/dev-smartcard-reader.c
Log Message:
-----------
ccid: Fix dwProtocols advertisement of T=0
Commit d7d218ef02d87c637d20d64da8f575d434ff6f78 attempted to change
dwProtocols to only advertise support for T=0 and not T=1. The change
was incorrect as it changed 0x00000003 to 0x00010000.
lsusb -v in a linux guest shows:
"dwProtocols 65536 (Invalid values detected)", though the
smart card could still be accessed. Windows 7 does not detect inserted
smart cards and logs the the following Error in the Event Logs:
Source: Smart Card Service
Event ID: 610
Smart Card Reader 'QEMU QEMU USB CCID 0' rejected IOCTL SET_PROTOCOL:
Incorrect function. If this error persists, your smart card or reader
may not be functioning correctly
Command Header: 03 00 00 00
Setting to 0x00000001 fixes the Windows issue.
Signed-off-by: Jason Andryuk <address@hidden>
Message-id: address@hidden
Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 0ee86bb6c5beb6498488850104f7557c376d0bef)
Signed-off-by: Michael Roth <address@hidden>
Commit: cb7a41f3f93e9d85fc739e3036612e1b622a4651
https://github.com/qemu/qemu/commit/cb7a41f3f93e9d85fc739e3036612e1b622a4651
Author: Eric Blake <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M nbd/client.c
Log Message:
-----------
nbd/client: Fix error messages during NBD_INFO_BLOCK_SIZE
A missing space makes for poor error messages, and sizes can't
go negative. Also, we missed diagnosing a server that sends
a maximum block size less than the minimum.
Fixes: 081dd1fe
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
(cherry picked from commit e475d108f1b3d3163f0affea67cdedbe5fc9752b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 38b7a3ea724ecdf63dbe989620970e5aab96b14a
https://github.com/qemu/qemu/commit/38b7a3ea724ecdf63dbe989620970e5aab96b14a
Author: Cornelia Huck <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M pc-bios/s390-ccw/iplb.h
Log Message:
-----------
s390-ccw: force diag 308 subcode to unsigned long
We currently pass an integer as the subcode parameter. However,
the upper bits of the register containing the subcode need to
be 0, which is not guaranteed unless we explicitly specify the
subcode to be an unsigned long value.
Fixes: d046c51dad3 ("pc-bios/s390-ccw: Get device address via diag 308/6")
Cc: address@hidden
Signed-off-by: Cornelia Huck <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Tested-by: Thomas Huth <address@hidden>
Signed-off-by: Thomas Huth <address@hidden>
(cherry picked from commit 63d8b5ace31c1e1f3996fe4cd551d6d377594d5a)
Signed-off-by: Michael Roth <address@hidden>
Commit: b90c93106e71a4f4e558ba98b90aa6578919a031
https://github.com/qemu/qemu/commit/b90c93106e71a4f4e558ba98b90aa6578919a031
Author: Henry Wertz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tcg/arm/tcg-target.inc.c
Log Message:
-----------
tcg/arm: Fix memory barrier encoding
I found with qemu 2.11.x or newer that I would get an illegal instruction
error running some Intel binaries on my ARM chromebook. On investigation,
I found it was quitting on memory barriers.
qemu instruction:
mb $0x31
was translating as:
0x604050cc: 5bf07ff5 blpl #0x600250a8
After patch it gives:
0x604050cc: f57ff05b dmb ish
In short, I found INSN_DMB_ISH (memory barrier for ARMv7) appeared to be
correct based on online docs, but due to some endian-related shenanigans it
had to be byte-swapped to suit qemu; it appears INSN_DMB_MCR (memory
barrier for ARMv6) also should be byte swapped (and this patch does so).
I have not checked for correctness of aarch64's barrier instruction.
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Henry Wertz <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
(cherry picked from commit 3f814b803797c007abfe5c4041de754e01723031)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1ace462f9b15d6e126dcd80250a2d98a05ff2b07
https://github.com/qemu/qemu/commit/1ace462f9b15d6e126dcd80250a2d98a05ff2b07
Author: Peter Maydell <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M target/arm/translate.c
Log Message:
-----------
target/arm: Implement v8M VLLDM and VLSTM
For v8M the instructions VLLDM and VLSTM support lazy saving
and restoring of the secure floating-point registers. Even
if the floating point extension is not implemented, these
instructions must act as NOPs in Secure state, so they can
be used as part of the secure-to-nonsecure call sequence.
Fixes: https://bugs.launchpad.net/qemu/+bug/1768295
Cc: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
(cherry picked from commit b1e5336a9899016c53d59eba53ebf6abcc21995c)
Signed-off-by: Michael Roth <address@hidden>
Commit: 62f7a38610a9bdc5c0f7a990982b631ac9d29c11
https://github.com/qemu/qemu/commit/62f7a38610a9bdc5c0f7a990982b631ac9d29c11
Author: Greg Kurz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M target/ppc/machine.c
Log Message:
-----------
target/ppc: always set PPC_MEM_TLBIE in pre 2.8 migration hack
The pseries-2.7 and older machine types require CPUPPCState::insns_flags
to be strictly equal between source and destination. This checking is
abusive and breaks migration of KVM guests when the host CPU models
are different, even if they are compatible enough to allow the guest
to run transparently. This buggy behaviour was fixed for pseries-2.8
and we added some hacks to allow backward migration of older machine
types. These hacks assume that the CPU belongs to the POWER8 family,
which was true for most KVM based setup we cared about at the time.
But now POWER9 systems are coming, and backward migration of pre 2.8
guests running in POWER8 architected mode from a POWER9 host to a
POWER8 host is broken:
qemu-system-ppc64: error while loading state for instance 0x0 of device
'cpu'
qemu-system-ppc64: load of migration failed: Invalid argument
This happens because POWER9 doesn't set PPC_MEM_TLBIE in insns_flags,
while POWER8 does. Let's force PPC_MEM_TLBIE in the migration hack to
fix the issue. This is an acceptable hack because these old machine
types only support CPU models that do set PPC_MEM_TLBIE.
Signed-off-by: Greg Kurz <address@hidden>
Signed-off-by: David Gibson <address@hidden>
(cherry picked from commit bce009645b9f1d59195518e35747c8ea30f985f7)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2dbaba7af0ae803ff3ea9b12b1db72f8f152105a
https://github.com/qemu/qemu/commit/2dbaba7af0ae803ff3ea9b12b1db72f8f152105a
Author: Greg Kurz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/ppc/spapr.c
Log Message:
-----------
spapr: don't advertise radix GTSE if max-compat-cpu < power9
On a POWER9 host, if a guest runs in pre POWER9 compat mode, it necessarily
uses the hash MMU mode. In this case, we shouldn't advertise radix GTSE in
the ibm,arch-vec-5-platform-support DT property as the current code does.
The first reason is that it doesn't make sense, and the second one is that
causes the CAS-negotiated options subsection to be migrated. This breaks
backward migration to QEMU 2.7 and older versions on POWER8 hosts:
qemu-system-ppc64: error while loading state for instance 0x0 of device
'spapr'
qemu-system-ppc64: load of migration failed: No such file or directory
This patch hence initialize CPUs a bit earlier so that we can check the
requested compat mode, and don't set OV5_MMU_RADIX_GTSE for power8 and
older.
Signed-off-by: Greg Kurz <address@hidden>
Signed-off-by: David Gibson <address@hidden>
(cherry picked from commit 0550b1206a91d66051a21441a02c4ff126b531fe)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9ec09b654254f3031d08d13eb91263cdf9a84b35
https://github.com/qemu/qemu/commit/9ec09b654254f3031d08d13eb91263cdf9a84b35
Author: Gerd Hoffmann <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/display/qxl-render.c
Log Message:
-----------
qxl: fix local renderer crash
Make sure we only ask the spice local renderer for display updates in
case we have a valid primary surface. Without that spice is confused
and throws errors in case a display update request (triggered by
screendump for example) happens in parallel to a mode switch and hits
the race window where the old primary surface is gone and the new isn't
establisted yet.
Cc: address@hidden
Fixes: https://bugzilla.redhat.com//show_bug.cgi?id=1567733
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
(cherry picked from commit 5bd5c27c7d284d01477c5cc022ce22438c46bf9f)
Signed-off-by: Michael Roth <address@hidden>
Commit: f81672a5c6a8dc05f311f6ae8ec00c932f3183e5
https://github.com/qemu/qemu/commit/f81672a5c6a8dc05f311f6ae8ec00c932f3183e5
Author: Olaf Hering <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M configure
Log Message:
-----------
configure: recognize more rpmbuild macros
Extend the list of recognized, but ignored options from rpms %configure
macro. This fixes build on hosts running SUSE Linux.
Cc: address@hidden
Signed-off-by: Olaf Hering <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 181ce1d05c6d4f1c80f0e7ebb41e489c2b541edf)
Signed-off-by: Michael Roth <address@hidden>
Commit: f9e0e53add5c3f4ca9d7f1e5cf2a8360508d6fa7
https://github.com/qemu/qemu/commit/f9e0e53add5c3f4ca9d7f1e5cf2a8360508d6fa7
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: Resolve relative backing paths in rebase
Currently, rebase interprets a relative path for the new backing image
as follows:
(1) Open the new backing image with the given relative path (thus relative to
qemu-img's working directory).
(2) Write it directly into the overlay's backing path field (thus
relative to the overlay).
If the overlay is not in qemu-img's working directory, both will be
different interpretations, which may either lead to an error somewhere
(either rebase fails because it cannot open the new backing image, or
your overlay becomes unusable because its backing path does not point to
a file), or, even worse, it may result in your rebase being performed
for a different backing file than what your overlay will point to after
the rebase.
Fix this by interpreting the target backing path as relative to the
overlay, like qemu-img does everywhere else.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1569835
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit d16699b64671466b42079c45b89127aeea1ca565)
Signed-off-by: Michael Roth <address@hidden>
Commit: b3a18683f999009bb8ffad2ceb2be2e776a3528b
https://github.com/qemu/qemu/commit/b3a18683f999009bb8ffad2ceb2be2e776a3528b
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tests/qemu-iotests/024
M tests/qemu-iotests/024.out
Log Message:
-----------
iotests: Add test for rebasing with relative paths
Signed-off-by: Max Reitz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-id: address@hidden
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit 28036a7f7044fddb79819e3c8fcb4ae5605c60e0)
Signed-off-by: Michael Roth <address@hidden>
Commit: e8d8f6a3aaf1c42af63f681835fde5ad9848dd68
https://github.com/qemu/qemu/commit/e8d8f6a3aaf1c42af63f681835fde5ad9848dd68
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M qemu-io.c
Log Message:
-----------
qemu-io: Use purely string blockdev options
Currently, qemu-io only uses string-valued blockdev options (as all are
converted directly from QemuOpts) -- with one exception: -U adds the
force-share option as a boolean. This in itself is already a bit
questionable, but a real issue is that it also assumes the value already
existing in the options QDict would be a boolean, which is wrong.
That has the following effect:
$ ./qemu-io -r -U --image-opts \
driver=file,filename=/dev/null,force-share=off
[1] 15200 segmentation fault (core dumped) ./qemu-io -r -U
--image-opts driver=file,filename=/dev/null,force-share=off
Since @opts is converted from QemuOpts, the value must be a string, and
we have to compare it as such. Consequently, it makes sense to also set
it as a string instead of a boolean.
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit 2a01c01f9ecb43af4c0a85fe6adc429ffc9c31b5)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9e724c05a02c97b30b5bdd1edb2041555bd20373
https://github.com/qemu/qemu/commit/9e724c05a02c97b30b5bdd1edb2041555bd20373
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: Use only string options in img_open_opts
img_open_opts() takes a QemuOpts and converts them to a QDict, so all
values therein are strings. Then it may try to call qdict_get_bool(),
however, which will fail with a segmentation fault every time:
$ ./qemu-img info -U --image-opts \
driver=file,filename=/dev/null,force-share=off
[1] 27869 segmentation fault (core dumped) ./qemu-img info -U
--image-opts driver=file,filename=/dev/null,force-share=off
Fix this by using qdict_get_str() and comparing the value as a string.
Also, when adding a force-share value to the QDict, add it as a string
so it fits the rest of the dict.
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit 4615f87832d2fcb7a544bedeece2741bf8c21f94)
Signed-off-by: Michael Roth <address@hidden>
Commit: ca3150da6dca19024e4c114fc3ab07ac553824fc
https://github.com/qemu/qemu/commit/ca3150da6dca19024e4c114fc3ab07ac553824fc
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tests/qemu-iotests/153
M tests/qemu-iotests/153.out
Log Message:
-----------
iotests: Add test for -U/force-share conflicts
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit 4e7d73c5fbd97e55ffe5af02f24d1f7dbe3bbf20)
Signed-off-by: Michael Roth <address@hidden>
Commit: 4f9df08749b22cb7a93da5028f5a435a208feb7d
https://github.com/qemu/qemu/commit/4f9df08749b22cb7a93da5028f5a435a208feb7d
Author: Michael Walle <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M target/lm32/op_helper.c
Log Message:
-----------
lm32: take BQL before writing IP/IM register
Writing to these registers may raise an interrupt request. Actually,
this prevents the milkymist board from starting.
Cc: address@hidden
Signed-off-by: Michael Walle <address@hidden>
Tested-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
(cherry picked from commit 81e9cbd0ca1131012b058df6804b1f626a6b730c)
Signed-off-by: Michael Roth <address@hidden>
Commit: 51691e924427f6ac9d63fbc8da8c471882f31a4f
https://github.com/qemu/qemu/commit/51691e924427f6ac9d63fbc8da8c471882f31a4f
Author: Fam Zheng <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block/raw-format.c
Log Message:
-----------
raw: Check byte range uniformly
We don't verify the request range against s->size in the I/O callbacks
except for raw_co_pwritev. This is inconsistent (especially for
raw_co_pwrite_zeroes and raw_co_pdiscard), so fix them, in the meanwhile
make the helper reusable by the coming new callbacks.
Note that in most cases the block layer already verifies the request
byte range against our reported image length, before invoking the driver
callbacks. The exception is during image creating, after
blk_set_allow_write_beyond_eof(blk, true) is called. But in that case,
the requests are not directly from the user or guest. So there is no
visible behavior change in adding the check code.
The int64_t -> uint64_t inconsistency, as shown by the type casting, is
pre-existing due to the interface.
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Fam Zheng <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 384455385248762e74a080978f18f0c8f74757fe)
Signed-off-by: Michael Roth <address@hidden>
Commit: 87efdb9820f82126b8b9d2889e2f4dfd25507cee
https://github.com/qemu/qemu/commit/87efdb9820f82126b8b9d2889e2f4dfd25507cee
Author: Cornelia Huck <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/s390x/css.c
Log Message:
-----------
s390x/css: disabled subchannels cannot be status pending
The 3270 code will try to post an attention interrupt when the
3270 emulator (e.g. x3270) attaches. If the guest has not yet
enabled the subchannel for the 3270 device, we will present a spurious
cc 1 (status pending) when it uses msch on it later on, e.g. when
trying to enable the subchannel.
To fix this, just don't do anything in css_conditional_io_interrupt()
if the subchannel is not enabled. The 3270 code will work fine with
that, and the other user of this function (virtio-ccw) never
attempts to post an interrupt for a disabled device to begin with.
CC: address@hidden
Reported-by: Thomas Huth <address@hidden>
Tested-by: Thomas Huth <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Acked-by: Halil Pasic <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit 6e9c893ecd00afd5344c35d0d0ded50eaa0938f6)
Signed-off-by: Michael Roth <address@hidden>
Commit: 3372a3168a67cf756f78d378083733fdebec8c12
https://github.com/qemu/qemu/commit/3372a3168a67cf756f78d378083733fdebec8c12
Author: Thomas Huth <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M pc-bios/s390-ccw/cio.h
Log Message:
-----------
pc-bios/s390-ccw: struct tpi_info must be declared as aligned(4)
I've run into a compilation error today with the current version of GCC 8:
In file included from s390-ccw.h:49,
from main.c:12:
cio.h:128:1: error: alignment 1 of 'struct tpi_info' is less than 4
[-Werror=packed-not-aligned]
} __attribute__ ((packed));
^
cc1: all warnings being treated as errors
Since the struct tpi_info contains an element ("struct subchannel_id schid")
which is marked as aligned(4), we've got to mark the struct tpi_info as
aligned(4), too.
CC: address@hidden
Signed-off-by: Thomas Huth <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit a6e4385dea94850d7b06b0542e7960c1063fdabd)
Signed-off-by: Michael Roth <address@hidden>
Commit: c9bb0778713397f10352cfecb38da09e5806bede
https://github.com/qemu/qemu/commit/c9bb0778713397f10352cfecb38da09e5806bede
Author: Cornelia Huck <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/s390x/virtio-ccw.c
Log Message:
-----------
virtio-ccw: common reset handler
All the different virtio ccw devices use the same reset handler,
so let's move setting it into the base virtio ccw device class.
CC: address@hidden
Reviewed-by: Thomas Huth <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Reviewed-by: Halil Pasic <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit 0c53057adb04d254bc09511880670c92ab185fc6)
Signed-off-by: Michael Roth <address@hidden>
Commit: a5c8fbbeac13adf2508da743e0564dd2a49c4e8a
https://github.com/qemu/qemu/commit/a5c8fbbeac13adf2508da743e0564dd2a49c4e8a
Author: Cornelia Huck <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/s390x/ccw-device.c
M hw/s390x/virtio-ccw.c
M hw/s390x/virtio-ccw.h
Log Message:
-----------
s390x/ccw: make sure all ccw devices are properly reset
Thomas reported that the subchannel for a 3270 device that ended up
in a broken state (status pending even though not enabled) did not
get out of that state even after a reboot (which involves a subsytem
reset). The reason for this is that the 3270 device did not define
a reset handler.
Let's fix this by introducing a base reset handler (set up for all
ccw devices) that resets the subchannel and have virtio-ccw call
its virtio-specific reset procedure in addition to that.
CC: address@hidden
Reported-by: Thomas Huth <address@hidden>
Suggested-by: Christian Borntraeger <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Tested-by: Thomas Huth <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Reviewed-by: Halil Pasic <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit 838fb84f83c84f00d15b1bede5e080b495644458)
Signed-off-by: Michael Roth <address@hidden>
Commit: 81e46e3c82982e3e051e2990baa1f9e29cdbf756
https://github.com/qemu/qemu/commit/81e46e3c82982e3e051e2990baa1f9e29cdbf756
Author: Michal Privoznik <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M ui/console.c
Log Message:
-----------
console: Avoid segfault in screendump
After f771c5440e04626f1 it is possible to select device and
head which to take screendump from. And even though we check if
provided head number falls within range, it may still happen that
the console has no surface yet leading to SIGSEGV:
qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \
-qmp stdio \
-device virtio-vga,id=video0,max_outputs=4
{"execute":"qmp_capabilities"}
{"execute":"screendump", "arguments":{"filename":"/tmp/screen.ppm",
"device":"video0", "head":1}}
Segmentation fault
#0 0x00005628249dda88 in ppm_save (filename=0x56282826cbc0 "/tmp/screen.ppm",
ds=0x0, errp=0x7fff52a6fae0) at ui/console.c:304
#1 0x00005628249ddd9b in qmp_screendump (filename=0x56282826cbc0
"/tmp/screen.ppm", has_device=true, device=0x5628276902d0 "video0",
has_head=true, head=1, errp=0x7fff52a6fae0) at ui/console.c:375
#2 0x00005628247740df in qmp_marshal_screendump (args=0x562828265e00,
ret=0x7fff52a6fb68, errp=0x7fff52a6fb60) at qapi/qapi-commands-ui.c:110
Here, @ds from frame #0 (or @surface from frame #1) is
dereferenced at the very beginning of ppm_save(). And because
it's NULL crash happens.
Signed-off-by: Michal Privoznik <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 08d9864fa4e0c616e076ca8b225d39a7ecb189af)
Signed-off-by: Michael Roth <address@hidden>
Commit: 91f61495926c9fefb29e782e0415ab102fdb319a
https://github.com/qemu/qemu/commit/91f61495926c9fefb29e782e0415ab102fdb319a
Author: Jan Kiszka <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/intc/arm_gicv3_cpuif.c
Log Message:
-----------
hw/intc/arm_gicv3: Fix APxR<n> register dispatching
There was a nasty flip in identifying which register group an access is
targeting. The issue caused spuriously raised priorities of the guest
when handing CPUs over in the Jailhouse hypervisor.
Cc: address@hidden
Signed-off-by: Jan Kiszka <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 887aae10f6150dfdc71c45d7588e8efe6c144019)
Signed-off-by: Michael Roth <address@hidden>
Commit: 93a53137be6c48074275c3c937f797ed7b113048
https://github.com/qemu/qemu/commit/93a53137be6c48074275c3c937f797ed7b113048
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
intel-iommu: send PSI always even if across PDEs
SECURITY IMPLICATION: without this patch, any guest with both assigned
device and a vIOMMU might encounter stale IO page mappings even if guest
has already unmapped the page, which may lead to guest memory
corruption. The stale mappings will only be limited to the guest's own
memory range, so it should not affect the host memory or other guests on
the host.
During IOVA page table walking, there is a special case when the PSI
covers one whole PDE (Page Directory Entry, which contains 512 Page
Table Entries) or more. In the past, we skip that entry and we don't
notify the IOMMU notifiers. This is not correct. We should send UNMAP
notification to registered UNMAP notifiers in this case.
For UNMAP only notifiers, this might cause IOTLBs cached in the devices
even if they were already invalid. For MAP/UNMAP notifiers like
vfio-pci, this will cause stale page mappings.
This special case doesn't trigger often, but it is very easy to be
triggered by nested device assignments, since in that case we'll
possibly map the whole L2 guest RAM region into the device's IOVA
address space (several GBs at least), which is far bigger than normal
kernel driver usages of the device (tens of MBs normally).
Without this patch applied to L1 QEMU, nested device assignment to L2
guests will dump some errors like:
qemu-system-x86_64: VFIO_MAP_DMA: -17
qemu-system-x86_64: vfio_dma_map(0x557305420c30, 0xad000, 0x1000,
0x7f89a920d000) = -17 (File exists)
CC: QEMU Stable <address@hidden>
Acked-by: Jason Wang <address@hidden>
[peterx: rewrite the commit message]
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 36d2d52bdb45f5b753a61fdaf0fe7891f1f5b61d)
Signed-off-by: Michael Roth <address@hidden>
Commit: d64604326f5f31f9b795a2afced688ea262889e9
https://github.com/qemu/qemu/commit/d64604326f5f31f9b795a2afced688ea262889e9
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel-iommu: remove IntelIOMMUNotifierNode
That is not really necessary. Removing that node struct and put the
list entry directly into VTDAddressSpace. It simplfies the code a lot.
Since at it, rename the old notifiers_list into vtd_as_with_notifiers.
CC: QEMU Stable <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit b4a4ba0d68f50f218ee3957b6638dbee32a5eeef)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5cf61b56a41600f56357680b084b2f6b91274a78
https://github.com/qemu/qemu/commit/5cf61b56a41600f56357680b084b2f6b91274a78
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel-iommu: add iommu lock
SECURITY IMPLICATION: this patch fixes a potential race when multiple
threads access the IOMMU IOTLB cache.
Add a per-iommu big lock to protect IOMMU status. Currently the only
thing to be protected is the IOTLB/context cache, since that can be
accessed even without BQL, e.g., in IO dataplane.
Note that we don't need to protect device page tables since that's fully
controlled by the guest kernel. However there is still possibility that
malicious drivers will program the device to not obey the rule. In that
case QEMU can't really do anything useful, instead the guest itself will
be responsible for all uncertainties.
CC: QEMU Stable <address@hidden>
Reported-by: Fam Zheng <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 1d9efa73e12ddf361ea997c2d532cc4afa6674d1)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1e5b93f620868ec94a025e275d3dc9597ae42674
https://github.com/qemu/qemu/commit/1e5b93f620868ec94a025e275d3dc9597ae42674
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel-iommu: only do page walk for MAP notifiers
For UNMAP-only IOMMU notifiers, we don't need to walk the page tables.
Fasten that procedure by skipping the page table walk. That should
boost performance for UNMAP-only notifiers like vhost.
CC: QEMU Stable <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 4f8a62a933a79094e44bc1b16b63bb23e62d67b4)
Signed-off-by: Michael Roth <address@hidden>
Commit: 28048f7bcd9f5b0071b93a0c6c6c1633cbff0699
https://github.com/qemu/qemu/commit/28048f7bcd9f5b0071b93a0c6c6c1633cbff0699
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
intel-iommu: introduce vtd_page_walk_info
During the recursive page walking of IOVA page tables, some stack
variables are constant variables and never changed during the whole page
walking procedure. Isolate them into a struct so that we don't need to
pass those contants down the stack every time and multiple times.
CC: QEMU Stable <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit fe215b0cbb8c1f4b4af0a64aa5c02042080dd537)
Signed-off-by: Michael Roth <address@hidden>
Commit: 78b85a98a387a57df522b5b06e5aa5e2e19cf6c2
https://github.com/qemu/qemu/commit/78b85a98a387a57df522b5b06e5aa5e2e19cf6c2
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
intel-iommu: pass in address space when page walk
We pass in the VTDAddressSpace too. It'll be used in the follow up
patches.
CC: QEMU Stable <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 2f764fa87d2a81812b313dd6d998e10126292653)
Signed-off-by: Michael Roth <address@hidden>
Commit: d5c60a950ab3abe25ca60f30f010cb16dcdd4435
https://github.com/qemu/qemu/commit/d5c60a950ab3abe25ca60f30f010cb16dcdd4435
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
M hw/i386/trace-events
Log Message:
-----------
intel-iommu: trace domain id during page walk
This patch only modifies the trace points.
Previously we were tracing page walk levels. They are redundant since
we have page mask (size) already. Now we trace something much more
useful which is the domain ID of the page walking. That can be very
useful when we trace more than one devices on the same system, so that
we can know which map is for which domain.
CC: QEMU Stable <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit d118c06ebbee2d23ddf873cae4a809311aa61310)
Signed-off-by: Michael Roth <address@hidden>
Commit: 08aa25f5f80b0c7719db0b127eac58e299d80e33
https://github.com/qemu/qemu/commit/08aa25f5f80b0c7719db0b127eac58e299d80e33
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M MAINTAINERS
A include/qemu/iova-tree.h
M util/Makefile.objs
A util/iova-tree.c
Log Message:
-----------
util: implement simple iova tree
Introduce a simplest iova tree implementation based on GTree.
CC: QEMU Stable <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit eecf5eedbdc0fc04f39abcf3afeedfbf21b25ca4)
Signed-off-by: Michael Roth <address@hidden>
Commit: f4b4095a8f01e15380a684e1b22ed11fbb1dce21
https://github.com/qemu/qemu/commit/f4b4095a8f01e15380a684e1b22ed11fbb1dce21
Author: Peter Xu <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/i386/intel_iommu.c
M hw/i386/trace-events
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel-iommu: rework the page walk logic
This patch fixes a potential small window that the DMA page table might
be incomplete or invalid when the guest sends domain/context
invalidations to a device. This can cause random DMA errors for
assigned devices.
This is a major change to the VT-d shadow page walking logic. It
includes but is not limited to:
- For each VTDAddressSpace, now we maintain what IOVA ranges we have
mapped and what we have not. With that information, now we only send
MAP or UNMAP when necessary. Say, we don't send MAP notifies if we
know we have already mapped the range, meanwhile we don't send UNMAP
notifies if we know we never mapped the range at all.
- Introduce vtd_sync_shadow_page_table[_range] APIs so that we can call
in any places to resync the shadow page table for a device.
- When we receive domain/context invalidation, we should not really run
the replay logic, instead we use the new sync shadow page table API to
resync the whole shadow page table without unmapping the whole
region. After this change, we'll only do the page walk once for each
domain invalidations (before this, it can be multiple, depending on
number of notifiers per address space).
While at it, the page walking logic is also refactored to be simpler.
CC: QEMU Stable <address@hidden>
Reported-by: Jintack Lim <address@hidden>
Tested-by: Jintack Lim <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 63b88968f139b6a77f2f81e6f1eedf70c0170a85)
Signed-off-by: Michael Roth <address@hidden>
Commit: 77df1900516616b8531f3efd6981f1123037b9b2
https://github.com/qemu/qemu/commit/77df1900516616b8531f3efd6981f1123037b9b2
Author: Shannon Zhao <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/intc/arm_gicv3_kvm.c
Log Message:
-----------
arm_gicv3_kvm: increase clroffset accordingly
It forgot to increase clroffset during the loop. So it only clear the
first 4 bytes.
Fixes: 367b9f527becdd20ddf116e17a3c0c2bbc486920
Cc: address@hidden
Signed-off-by: Shannon Zhao <address@hidden>
Reviewed-by: Eric Auger <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 34ffacae085914fce54590ea84bae9c6ad95e2a4)
Signed-off-by: Michael Roth <address@hidden>
Commit: df00a166c415da615610b38416a0a59fda6466f8
https://github.com/qemu/qemu/commit/df00a166c415da615610b38416a0a59fda6466f8
Author: John Thomson <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/usb/host-libusb.c
Log Message:
-----------
Fix libusb-1.0.22 deprecated libusb_set_debug with libusb_set_option
libusb-1.0.22 marked libusb_set_debug deprecated
it is replaced with
libusb_set_option(libusb_context, LIBUSB_OPTION_LOG_LEVEL, libusb_log_level);
details here:
https://github.com/libusb/libusb/commit/539f22e2fd916558d11ab9a66f10f461c5593168
Warning here:
CC hw/usb/host-libusb.o
/builds/xen/src/qemu-xen/hw/usb/host-libusb.c: In function 'usb_host_init':
/builds/xen/src/qemu-xen/hw/usb/host-libusb.c:250:5: error: 'libusb_set_debug'
is deprecated: Use libusb_set_option instead [-Werror=deprecated-declarations]
libusb_set_debug(ctx, loglevel);
^~~~~~~~~~~~~~~~
In file included from /builds/xen/src/qemu-xen/hw/usb/host-libusb.c:40:0:
/usr/include/libusb-1.0/libusb.h:1300:18: note: declared here
void LIBUSB_CALL libusb_set_debug(libusb_context *ctx, int level);
^~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make: *** [/builds/xen/src/qemu-xen/rules.mak:66: hw/usb/host-libusb.o] Error 1
make: Leaving directory '/builds/xen/src/xen/tools/qemu-xen-build'
Signed-off-by: John Thomson <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 9d8fa0df49af16a208fa961c2968fba4daffcc07)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5c9266fa9778c631a42345256d9619e68f062800
https://github.com/qemu/qemu/commit/5c9266fa9778c631a42345256d9619e68f062800
Author: John Snow <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
ahci: fix PxCI register race
Fixes: https://bugs.launchpad.net/qemu/+bug/1769189
AHCI presently signals completion prior to the PxCI register being
cleared to indicate completion. If a guest driver attempts to issue
a new command in its IRQ handler, it might be surprised to learn there
is still a command pending.
In the case of Windows 10's boot driver, it will actually poll the IRQ
register hoping to find out when the command is done running -- which
will never happen, as there isn't a command running.
Fix this: clear PxCI in ahci_cmd_done and not in the asynchronous BH.
Because it now runs synchronously, we don't need to check if the command
is actually done by spying on the ATA registers. We know it's done.
CC: qemu-stable <address@hidden>
Reported-by: François Guerraz <address@hidden>
Tested-by: Bruce Rogers <address@hidden>
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Message-id: address@hidden
Signed-off-by: John Snow <address@hidden>
(cherry picked from commit 5694c7eacce6b263ad7497cc1bb76aad746cfd4e)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5459c0c4585d692026a2e9d2d131c7b514f946a9
https://github.com/qemu/qemu/commit/5459c0c4585d692026a2e9d2d131c7b514f946a9
Author: Shannon Zhao <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/intc/arm_gicv3_common.c
M hw/intc/arm_gicv3_kvm.c
M include/hw/intc/arm_gicv3_common.h
Log Message:
-----------
arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR
While we skip the GIC_INTERNAL irqs, we don't change the register offset
accordingly. This will overlap the GICR registers value and leave the
last GIC_INTERNAL irq's registers out of update.
Fix this by skipping the registers banked by GICR.
Also for migration compatibility if the migration source (old version
qemu) doesn't send gicd_no_migration_shift_bug = 1 to destination, then
we shift the data of PPI to get the right data for SPI.
Fixes: 367b9f527becdd20ddf116e17a3c0c2bbc486920
Cc: address@hidden
Reviewed-by: Eric Auger <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Shannon Zhao <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 910e204841954b95c051b2ee49ab0f5c735ff93c)
Signed-off-by: Michael Roth <address@hidden>
Commit: bd64fec66591426708272310e5bc570099c16d19
https://github.com/qemu/qemu/commit/bd64fec66591426708272310e5bc570099c16d19
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block.c
M include/block/block.h
Log Message:
-----------
block: Make bdrv_is_writable() public
This is a useful function for the whole block layer, so make it public.
At the same time, users outside of block.c probably do not need to make
use of the reopen functionality, so rename the current function to
bdrv_is_writable_after_reopen() create a new bdrv_is_writable() function
that just passes NULL to it for the reopen queue.
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: John Snow <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit cc022140972f8b6ac3973c12ccf9dd6b1d2fd200)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5aa76f3a8ca94ccebe4cba7326340dd937337461
https://github.com/qemu/qemu/commit/5aa76f3a8ca94ccebe4cba7326340dd937337461
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block/qcow2.c
Log Message:
-----------
qcow2: Do not mark inactive images corrupt
When signaling a corruption on a read-only image, qcow2 already makes
fatal events non-fatal (i.e., they will not result in the image being
closed, and the image header's corrupt flag will not be set). This is
necessary because we cannot set the corrupt flag on read-only images,
and it is possible because further corruption of read-only images is
impossible.
Inactive images are effectively read-only, too, so we should do the same
for them. bdrv_is_writable() can tell us whether an image can actually
be written to, so use its result instead of !bs->read_only.
(Otherwise, the assert(!(bs->open_flags & BDRV_O_INACTIVE)) in
bdrv_co_pwritev() will fail, crashing qemu.)
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Reviewed-by: John Snow <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit ddf3b47ef4b5ed0bf6558d4c2c8ae130b8d8a580)
Signed-off-by: Michael Roth <address@hidden>
Commit: 081eac8b3013380538cfd4319f933ae185834035
https://github.com/qemu/qemu/commit/081eac8b3013380538cfd4319f933ae185834035
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tests/qemu-iotests/060
M tests/qemu-iotests/060.out
Log Message:
-----------
iotests: Add case for a corrupted inactive image
Reviewed-by: John Snow <address@hidden>
Tested-by: Jeff Cody <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit c50abd175a88cd41c2c08339de91f6f6e4a7b162)
Signed-off-by: Michael Roth <address@hidden>
Commit: ef67e67388f06193bb375d5be2dad147f0efaeb0
https://github.com/qemu/qemu/commit/ef67e67388f06193bb375d5be2dad147f0efaeb0
Author: Alberto Garcia <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block/throttle.c
Log Message:
-----------
throttle: Fix crash on reopen
The throttle block filter can be reopened, and with this it is
possible to change the throttle group that the filter belongs to.
The way the code does that is the following:
- On throttle_reopen_prepare(): create a new ThrottleGroupMember
and attach it to the new throttle group.
- On throttle_reopen_commit(): detach the old ThrottleGroupMember,
delete it and replace it with the new one.
The problem with this is that by replacing the ThrottleGroupMember the
previous value of io_limits_disabled is lost, causing an assertion
failure in throttle_co_drain_end().
This problem can be reproduced by reopening a throttle node:
$QEMU -monitor stdio
-object throttle-group,id=tg0,x-iops-total=1000 \
-blockdev node-name=hd0,driver=qcow2,file.driver=file,file.filename=hd.qcow2
\
-blockdev
node-name=root,driver=throttle,throttle-group=tg0,file=hd0,read-only=on
(qemu) block_stream root
block/throttle.c:214: throttle_co_drain_end: Assertion
`tgm->io_limits_disabled' failed.
Since we only want to change the throttle group on reopen there's no
need to create a ThrottleGroupMember and discard the old one. It's
easier if we simply detach it from its current group and attach it to
the new one.
Signed-off-by: Alberto Garcia <address@hidden>
Message-id: address@hidden
Signed-off-by: Max Reitz <address@hidden>
(cherry picked from commit bc33c047d1ec0b35c9cd8be62bcefae2da28654f)
Signed-off-by: Michael Roth <address@hidden>
Commit: 8a302f42a5f84d89c4590022e55b1b61621b7f79
https://github.com/qemu/qemu/commit/8a302f42a5f84d89c4590022e55b1b61621b7f79
Author: Daniel P. Berrangé <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Konrad Rzeszutek Wilk <address@hidden>
Signed-off-by: Konrad Rzeszutek Wilk <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
(cherry picked from commit d19d1f965904a533998739698020ff4ee8a103da)
Signed-off-by: Michael Roth <address@hidden>
Commit: 3129ddb9436fc059d9163a24b227a30ab694c282
https://github.com/qemu/qemu/commit/3129ddb9436fc059d9163a24b227a30ab694c282
Author: Konrad Rzeszutek Wilk <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M target/i386/cpu.h
M target/i386/kvm.c
M target/i386/machine.c
Log Message:
-----------
i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639)
"Some AMD processors only support a non-architectural means of enabling
speculative store bypass disable (SSBD). To allow a simplified view of
this to a guest, an architectural definition has been created through a new
CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a
hypervisor can virtualize the existence of this definition and provide an
architectural method for using SSBD to a guest.
Add the new CPUID feature, the new MSR and update the existing SSBD
support to use this MSR when present." (from x86/speculation: Add virtualized
speculative store bypass disable support in Linux).
Signed-off-by: Konrad Rzeszutek Wilk <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
(cherry picked from commit cfeea0c021db6234c154dbc723730e81553924ff)
Signed-off-by: Michael Roth <address@hidden>
Commit: 43163837d3d163baa8fe44fa2b08080f1cf2ed9d
https://github.com/qemu/qemu/commit/43163837d3d163baa8fe44fa2b08080f1cf2ed9d
Author: Konrad Rzeszutek Wilk <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
AMD Zen expose the Intel equivalant to Speculative Store Bypass Disable
via the 0x80000008_EBX[25] CPUID feature bit.
This needs to be exposed to guest OS to allow them to protect
against CVE-2018-3639.
Signed-off-by: Konrad Rzeszutek Wilk <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
(cherry picked from commit 403503b162ffc33fb64cfefdf7b880acf41772cd)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2f2b1892350251b2dc98a2baea5a626f7f531c40
https://github.com/qemu/qemu/commit/2f2b1892350251b2dc98a2baea5a626f7f531c40
Author: Brijesh Singh <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M net/tap.c
Log Message:
-----------
tap: set vhostfd passed from qemu cli to non-blocking
A guest boot hangs while probing the network interface when
iommu_platform=on is used.
The following qemu cli hangs without this patch:
# $QEMU \
-netdev tap,fd=3,id=hostnet0,vhost=on,vhostfd=4 3<>/dev/tap67
4<>/dev/host-net \
-device
virtio-net-pci,netdev=hostnet0,id=net0,iommu_platform=on,disable-legacy=on \
...
Commit: c471ad0e9bd46 (vhost_net: device IOTLB support) took care of
setting vhostfd to non-blocking when QEMU opens /dev/host-net but if
the fd is passed from qemu cli then we need to ensure that fd is set
to non-blocking.
Fixes: c471ad0e9bd46 ("vhost_net: device IOTLB support")
Cc: address@hidden
Cc: Michael S. Tsirkin <address@hidden>
Cc: Jason Wang <address@hidden>
Signed-off-by: Brijesh Singh <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
(cherry picked from commit d542800d1edc62f63f8a29cfa6bdd1a9536ae11c)
Signed-off-by: Michael Roth <address@hidden>
Commit: fb7f173c2cc4b1f03bdc88845fac9d7f3ec869d0
https://github.com/qemu/qemu/commit/fb7f173c2cc4b1f03bdc88845fac9d7f3ec869d0
Author: linzhecheng <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M net/vhost-user.c
Log Message:
-----------
vhost-user: delete net client if necessary
As qemu_new_net_client create new ncs but error happens later,
ncs will be left in global net_clients list and we can't use them any
more, so we need to cleanup them.
Cc: address@hidden
Signed-off-by: linzhecheng <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
(cherry picked from commit c67daf4a24442d1bb404a11a6a54dc45ea10f234)
Conflicts:
net/vhost-user.c
* drop functional dep on 4d0cf552
Signed-off-by: Michael Roth <address@hidden>
Commit: 26cdf35f69472694ecdba8dc3de914d090bbbc61
https://github.com/qemu/qemu/commit/26cdf35f69472694ecdba8dc3de914d090bbbc61
Author: Eric Blake <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: Fix assert when mapping unaligned raw file
Commit a290f085 exposed a latent bug in qemu-img map introduced
during the conversion of block status to be byte-based. Earlier in
commit 5e344dd8, the internal interface get_block_status() switched
to take byte-based parameters, but still called a sector-based
block layer function; as such, rounding was added in the lone
caller to obey the contract. However, commit 237d78f8 changed
get_block_status() to truly be byte-based, at which point rounding
to sector boundaries can result in calling bdrv_block_status() with
'bytes == 0' (a coding error) when the boundary between data and a
hole falls mid-sector (true for the past-EOF implicit hole present
in POSIX files). Fix things by removing the rounding that is now
no longer necessary.
See also https://bugzilla.redhat.com/1589738
Fixes: 237d78f8
Reported-by: Dan Kenigsberg <address@hidden>
Reported-by: Nir Soffer <address@hidden>
Reported-by: Maor Lipchuk <address@hidden>
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit e0b371ed5e2db079051139136fd0478728b6a58f)
Signed-off-by: Michael Roth <address@hidden>
Commit: 396d79c36cf91de3ecf0741c6157688a1600399b
https://github.com/qemu/qemu/commit/396d79c36cf91de3ecf0741c6157688a1600399b
Author: Eric Blake <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
A tests/qemu-iotests/221
A tests/qemu-iotests/221.out
M tests/qemu-iotests/group
Log Message:
-----------
iotests: Add test 221 to catch qemu-img map regression
Although qemu-img creates aligned files (by rounding up), it
must also gracefully handle files that are not sector-aligned.
Test that the bug fixed in the previous patch does not recur.
It's a bit annoying that we can see the (implicit) hole past
the end of the file on to the next sector boundary, so if we
ever reach the point where we report a byte-accurate size rather
than our current behavior of always rounding up, this test will
probably need a slight modification.
Signed-off-by: Eric Blake <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit c6a9d2f6f9bc0c163b3a3073126464a2446bad5f)
Conflicts:
tests/qemu-iotests/group
* drop context dep on tests not present in 2.12
Signed-off-by: Michael Roth <address@hidden>
Commit: c5dd07b5295402bb1ae8b1a8f1e3307b67841e05
https://github.com/qemu/qemu/commit/c5dd07b5295402bb1ae8b1a8f1e3307b67841e05
Author: Shannon Zhao <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/intc/arm_gicv3_kvm.c
Log Message:
-----------
arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by
GICR_IPRIORITYR
While for_each_dist_irq_reg loop starts from GIC_INTERNAL, it forgot to
offset the date array and index. This will overlap the GICR registers
value and leave the last GIC_INTERNAL irq's registers out of update.
Fixes: 367b9f527becdd20ddf116e17a3c0c2bbc486920
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Eric Auger <address@hidden>
Signed-off-by: Shannon Zhao <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 1dcf3675196a1cec616ce71b067d9498590a60a6)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5da7e93f51d88ab9086cd09fefc2a6cd1621b90b
https://github.com/qemu/qemu/commit/5da7e93f51d88ab9086cd09fefc2a6cd1621b90b
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/usb/redirect.c
Log Message:
-----------
usb: correctly handle Zero Length Packets
USB Specification Revision 2.0, §5.5.3:
The Data stage of a control transfer from an endpoint to the host is complete
when the endpoint does one of the following:
• Has transferred exactly the amount of data specified during the Setup stage
• Transfers a packet with a payload size less than wMaxPacketSize or
transfers a zero-length packet"
hw/usb/redirect.c:802:9: warning: Declared variable-length array (VLA) has zero
size
uint8_t buf[size];
^~~~~~~~~~~ ~~~~
Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit bf78fb1c1b61a819a47f7a1dbecf9934b9f32a0d)
Signed-off-by: Michael Roth <address@hidden>
Commit: 073198b8e80ed9f72e2a1f74bfab9af76a019a2f
https://github.com/qemu/qemu/commit/073198b8e80ed9f72e2a1f74bfab9af76a019a2f
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/usb/dev-mtp.c
Log Message:
-----------
usb/dev-mtp: Fix use of uninitialized values
This fixes:
hw/usb/dev-mtp.c:971:5: warning: 4th function call argument is an
uninitialized value
trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path,
c->argv[1], c->argv[2]);
^~~~~~~~~~
and:
hw/usb/dev-mtp.c:981:12: warning: Assigned value is garbage or undefined
offset = c->argv[1];
^ ~~~~~~~~~~
Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 62713a2e50f653162387451034f1a2490e87be88)
Signed-off-by: Michael Roth <address@hidden>
Commit: 05a3e663b1d3caf6353ae733bda4d7b36e4ca0b9
https://github.com/qemu/qemu/commit/05a3e663b1d3caf6353ae733bda4d7b36e4ca0b9
Author: Gerd Hoffmann <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M ui/vnc.c
Log Message:
-----------
vnc: fix use-after-free
When vnc_client_read() return value is -1
vs is not valid any more.
Fixes: d49b87f0d1e0520443a990fc610d0f02bc63c556
Reported-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Tested-by: Marc-André Lureau <address@hidden>
Tested-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
(cherry picked from commit 1bc3117abad28d6465ecdb2c944b22943df0e4f3)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9eb3e5a8a8cfd24f2b2b5eff447ff2a9c0629888
https://github.com/qemu/qemu/commit/9eb3e5a8a8cfd24f2b2b5eff447ff2a9c0629888
Author: Stefan Hajnoczi <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block/mirror.c
M tests/qemu-iotests/185.out
Log Message:
-----------
block/mirror: honor ratelimit again
Commit b76e4458b1eb3c32e9824fe6aa51f67d2b251748 ("block/mirror: change
the semantic of 'force' of block-job-cancel") accidentally removed the
ratelimit in the mirror job.
Reintroduce the ratelimit but keep the block-job-cancel force=true
behavior that was added in commit
b76e4458b1eb3c32e9824fe6aa51f67d2b251748.
Note that block_job_sleep_ns() returns immediately when the job is
cancelled. Therefore it's safe to unconditionally call
block_job_sleep_ns() - a cancelled job does not sleep.
This commit fixes the non-deterministic qemu-iotests 185 output. The
test relies on the ratelimit to make the job sleep until the 'quit'
command is processed. Previously the job could complete before the
'quit' command was received since there was no ratelimit.
Cc: Liang Li <address@hidden>
Cc: Jeff Cody <address@hidden>
Cc: Kevin Wolf <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Message-id: address@hidden
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit ddc4115efdfa6619689fe18871aa2d37890b3463)
Signed-off-by: Michael Roth <address@hidden>
Commit: 54eb6cc6d7ad88ee634fc95a435dc5072f90c019
https://github.com/qemu/qemu/commit/54eb6cc6d7ad88ee634fc95a435dc5072f90c019
Author: Cédric Le Goater <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M cpus.c
Log Message:
-----------
cpus: tcg: fix never exiting loop on unplug
Commit 9b0605f9837b ("cpus: tcg: unregister thread with RCU, fix
exiting of loop on unplug") changed the exit condition of the loop in
the vCPU thread function but forgot to remove the beginning 'while (1)'
statement. The resulting code :
while (1) {
...
} while (!cpu->unplug || cpu_can_run(cpu));
is a sequence of two distinct two while() loops, the first not exiting
in case of an unplug event.
Remove the first while (1) to fix CPU unplug.
Signed-off-by: Cédric Le Goater <address@hidden>
Message-Id: <address@hidden>
Cc: address@hidden
Fixes: 9b0605f9837b68fd56c7fc7c96a3a1a3b983687d
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Cédric Le Goater <address@hidden>
(cherry picked from commit 54961aac190df28d311802364d19e18d5cda8bab)
Signed-off-by: Michael Roth <address@hidden>
Commit: f155487beffb720a8ca7fe88f3b05bea0ddb2a56
https://github.com/qemu/qemu/commit/f155487beffb720a8ca7fe88f3b05bea0ddb2a56
Author: Vladimir Sementsov-Ogievskiy <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M nbd/client.c
Log Message:
-----------
nbd/client: fix nbd_negotiate_simple_meta_context
Initialize received variable. Otherwise, is is possible for server to
answer without any contexts, but we will set context_id to something
random (received_id is not initialized too) and return 1, which is
wrong.
To solve it, just initialize received to false. Initialize received_id
too, just to make all possible checkers happy.
Bug was introduced in 78a33ab58782efdb206de14 "nbd: BLOCK_STATUS for
standard get_block_status function: client part" with the whole
function.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
(cherry picked from commit 89aa0d87634e2cb98517509dc8bdb876f26ecf8b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 3b52d474181f4ea03267af11420d5a6033bcd925
https://github.com/qemu/qemu/commit/3b52d474181f4ea03267af11420d5a6033bcd925
Author: Vladimir Sementsov-Ogievskiy <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M migration/block-dirty-bitmap.c
Log Message:
-----------
migration/block-dirty-bitmap: fix memory leak in dirty_bitmap_load_bits
Release buf on error path too.
Bug was introduced in b35ebdf076d697bc "migration: add postcopy
migration of dirty bitmaps" with the whole function.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
(cherry picked from commit 16a2227893dc1d5cad78ed376ad1d7e300978fbe)
Signed-off-by: Michael Roth <address@hidden>
Commit: 3882183fda1993577e364ce1d72f3c04c83c4acb
https://github.com/qemu/qemu/commit/3882183fda1993577e364ce1d72f3c04c83c4acb
Author: Laszlo Ersek <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M cpus.c
M qapi/misc.json
Log Message:
-----------
qapi: fill in CpuInfoFast.arch in query-cpus-fast
* Commit ca230ff33f89 added the @arch field to @CpuInfoFast, but it failed
to set the new field in qmp_query_cpus_fast(), when TARGET_S390X was not
defined. The updated @query-cpus-fast example in "qapi-schema.json"
showed "arch":"x86" only because qmp_query_cpus_fast() calls g_malloc0()
to allocate @CpuInfoFast, and the CPU_INFO_ARCH_X86 enum constant is
generated with value 0.
All @arch values other than @s390 implied the @CpuInfoOther sub-struct
for @CpuInfoFast -- at the time of writing the patch --, thus no fields
other than @arch needed to be set when TARGET_S390X was not defined. Set
@arch now, by copying the corresponding assignments from
qmp_query_cpus().
* Commit 25fa194b7b11 added the @riscv enum constant to @CpuInfoArch (used
in both @CpuInfo and @CpuInfoFast -- the return types of the @query-cpus
and @query-cpus-fast commands, respectively), and assigned, in both
return structures, the @CpuInfoRISCV sub-structure to the new enum
value.
However, qmp_query_cpus_fast() would not populate either the @arch field
or the @CpuInfoRISCV sub-structure, when TARGET_RISCV was defined; only
qmp_query_cpus() would.
Assign @CpuInfoOther to the @riscv enum constant in @CpuInfoFast, and
populate only the @arch field in qmp_query_cpus_fast(). Getting CPU
state without interrupting KVM is an exceptional thing that only S390X
does currently. Quoting Cornelia Huck <address@hidden>, "s390x is
exceptional in that it has state in QEMU that is actually interesting
for upper layers and can be retrieved without performance penalty". See
also
<https://www.redhat.com/archives/libvir-list/2018-February/msg00121.html>.
Cc: Cornelia Huck <address@hidden>
Cc: Eric Blake <address@hidden>
Cc: Markus Armbruster <address@hidden>
Cc: Viktor VM Mihajlovski <address@hidden>
Cc: address@hidden
Fixes: ca230ff33f89bf7102cbfbc2328716da6750aaed
Fixes: 25fa194b7b11901561532e435beb83d046899f7a
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
(cherry picked from commit 96054f56396eaa0b9b5c681fc3e42a0004b17ade)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1eddfab31cf9cf81d4527ea42cb7fd371cabbb60
https://github.com/qemu/qemu/commit/1eddfab31cf9cf81d4527ea42cb7fd371cabbb60
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block/mirror.c
Log Message:
-----------
block/mirror: Make cancel always cancel pre-READY
Commit b76e4458b1eb3c32e9824fe6aa51f67d2b251748 made the mirror block
job respect block-job-cancel's @force flag: With that flag set, it would
now always really cancel, even post-READY.
Unfortunately, it had a side effect: Without that flag set, it would now
never cancel, not even before READY. Considering that is an
incompatible change and not noted anywhere in the commit or the
description of block-job-cancel's @force parameter, this seems
unintentional and we should revert to the previous behavior, which is to
immediately cancel the job when block-job-cancel is called before source
and target are in sync (i.e. before the READY event).
Cc: address@hidden
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1572856
Reported-by: Yanan Fu <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-id: address@hidden
Reviewed-by: Jeff Cody <address@hidden>
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit eb36639f7bbc16055e551593b81365e8ae3b0b05)
Signed-off-by: Michael Roth <address@hidden>
Commit: 7bc615f88f215cc923d4d23928118e62f008b152
https://github.com/qemu/qemu/commit/7bc615f88f215cc923d4d23928118e62f008b152
Author: Max Reitz <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
A tests/qemu-iotests/218
A tests/qemu-iotests/218.out
M tests/qemu-iotests/group
Log Message:
-----------
iotests: Add test for cancelling a mirror job
We already have an extensive mirror test (041) which does cover
cancelling a mirror job, especially after it has emitted the READY
event. However, it does not check what exact events are emitted after
block-job-cancel is executed. More importantly, it does not use
throttling to ensure that it covers the case of block-job-cancel before
READY.
It would be possible to add this case to 041, but considering it is
already our largest test file, it makes sense to create a new file for
these cases.
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit dc885fff972c447f51572afc4c921a26b880731b)
Conflicts:
tests/qemu-iotests/group
* fix minor conflicts with test groups
Signed-off-by: Michael Roth <address@hidden>
Commit: 26cf05c1a15e5500b12b2502f93dba0a6a83b462
https://github.com/qemu/qemu/commit/26cf05c1a15e5500b12b2502f93dba0a6a83b462
Author: KONRAD Frederic <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/riscv/riscv_htif.c
Log Message:
-----------
riscv: spike: allow base == 0
The sanity check on base doesn't allow htif to be mapped @0. Check if the
symbol exists instead so we can map it where we want.
Reviewed-by: Michael Clark <address@hidden>
Signed-off-by: KONRAD Frederic <address@hidden>
Signed-off-by: Michael Clark <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 17b9751e85b9989cc841ed387794d7f1e8aa5e46)
Signed-off-by: Michael Roth <address@hidden>
Commit: db6f66eff78a55f6506eb0674059face684f8e96
https://github.com/qemu/qemu/commit/db6f66eff78a55f6506eb0674059face684f8e96
Author: KONRAD Frederic <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M hw/riscv/riscv_htif.c
Log Message:
-----------
riscv: htif: increase the priority of the htif subregion
The htif device is supposed to be mapped over an other subregion. So increase
its priority to one to avoid any conflict.
Here is the output of info mtree:
Before:
(qemu) info mtree
address-space: memory
0000000000000000-ffffffffffffffff (prio 0, i/o): system
0000000000000000-000000000000000f (prio 0, i/o): riscv.htif.uart
0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram
address-space: I/O
0000000000000000-000000000000ffff (prio 0, i/o): io
address-space: cpu-memory-0
0000000000000000-ffffffffffffffff (prio 0, i/o): system
0000000000000000-000000000000000f (prio 0, i/o): riscv.htif.uart
0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram
After:
(qemu) info mtree
address-space: memory
0000000000000000-ffffffffffffffff (prio 0, i/o): system
0000000000000000-000000000000000f (prio 1, i/o): riscv.htif.uart
0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram
address-space: I/O
0000000000000000-000000000000ffff (prio 0, i/o): io
address-space: cpu-memory-0
0000000000000000-ffffffffffffffff (prio 0, i/o): system
0000000000000000-000000000000000f (prio 1, i/o): riscv.htif.uart
0000000000000000-0000000000011fff (prio 0, ram): riscv.spike.bootrom
0000000002000000-000000000200ffff (prio 0, i/o): riscv.sifive.clint
0000000080000000-0000000087ffffff (prio 0, ram): riscv.spike.ram
Reviewed-by: Michael Clark <address@hidden>
Signed-off-by: KONRAD Frederic <address@hidden>
Signed-off-by: Michael Clark <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit 6fad7d1893f6ea926063067af957009bc320406f)
Signed-off-by: Michael Roth <address@hidden>
Commit: b129914a8dbb4ad85c31f805e7444860661b0fff
https://github.com/qemu/qemu/commit/b129914a8dbb4ad85c31f805e7444860661b0fff
Author: KONRAD Frederic <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M configure
Log Message:
-----------
riscv: requires libfdt
When compiling on a machine without libfdt installed the configure script
should try to get libfdt from the git or should die because otherwise
CONFIG_LIBFDT is not set and the build process end in an error in the link
phase.. eg:
hw/riscv/virt.o: In function `riscv_virt_board_init':
qemu/src/hw/riscv/virt.c:317: undefined reference to `qemu_fdt_setprop_cell'
qemu/src/hw/riscv/virt.c:319: undefined reference to `qemu_fdt_setprop_cell'
qemu/src/hw/riscv/virt.c:345: undefined reference to `qemu_fdt_dumpdtb'
collect2: error: ld returned 1 exit status
make[1]: *** [qemu-system-riscv64] Error 1
make: *** [subdir-riscv64-softmmu] Error 2
Cc: address@hidden
Reviewed-by: Bastian Koppelmann <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Michael Clark <address@hidden>
Signed-off-by: KONRAD Frederic <address@hidden>
Signed-off-by: Michael Clark <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit a666409f0df5dce113a5bd2c4c144a0792f2a4a3)
Signed-off-by: Michael Roth <address@hidden>
Commit: 6951158023e7923c18b0185d1eb48937767c7e8a
https://github.com/qemu/qemu/commit/6951158023e7923c18b0185d1eb48937767c7e8a
Author: Eric Blake <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M block/nbd-client.c
Log Message:
-----------
nbd/client: Relax handling of large NBD_CMD_BLOCK_STATUS reply
The NBD spec is proposing a relaxation of NBD_CMD_BLOCK_STATUS
where a server may have the final extent per context give a
length beyond the original request, if it can easily prove that
subsequent bytes have the same status, on the grounds that a
client can take advantage of this information for fewer block
status requests. Since qemu 2.12 as a client always sends
NBD_CMD_FLAG_REQ_ONE, and rejects a server that sends extra
length, the upstream NBD spec will probably limit this behavior
to clients that don't request REQ_ONE semantics; but it doesn't
hurt to relax qemu to always be permissive of this server
behavior, even if it continues to use REQ_ONE.
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
(cherry picked from commit acfd8f7a5f92e703d2d046cbe3d510008a697194)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0e4b4b4fd36c70f0c4030a4d0be7b442616ec5da
https://github.com/qemu/qemu/commit/0e4b4b4fd36c70f0c4030a4d0be7b442616ec5da
Author: Peter Maydell <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tcg/i386/tcg-target.inc.c
Log Message:
-----------
tcg/i386: Fix dup_vec in non-AVX2 codepath
The VPUNPCKLD* instructions are all "non-destructive source",
indicated by "NDS" in the encoding string in the x86 ISA manual.
This means that they take two source operands, one of which is
encoded in the VEX.vvvv field. We were incorrectly treating them
as if they were destructive-source and passing 0 as the 'v'
argument of tcg_out_vex_modrm(). This meant we were always
using %xmm0 as one of the source operands, causing incorrect
results if the register allocator happened to want to use
something else. For instance the input AArch64 insn:
DUP v26.16b, w21
which becomes TCG IR ops:
dup_vec v128,e8,tmp2,x21
st_vec v128,e8,tmp2,env,$0xa40
was assembled to:
0x607c568c: c4 c1 7a 7e 86 e8 00 00 vmovq 0xe8(%r14), %xmm0
0x607c5694: 00
0x607c5695: c5 f9 60 c8 vpunpcklbw %xmm0, %xmm0, %xmm1
0x607c5699: c5 f9 61 c9 vpunpcklwd %xmm1, %xmm0, %xmm1
0x607c569d: c5 f9 70 c9 00 vpshufd $0, %xmm1, %xmm1
0x607c56a2: c4 c1 7a 7f 8e 40 0a 00 vmovdqu %xmm1, 0xa40(%r14)
0x607c56aa: 00
when the vpunpcklwd insn should be "%xmm1, %xmm1, %xmm1".
This resulted in our incorrectly setting the output vector to
q26=0000320000003200:0000320000003200
when given an input of x21 == 0000000002803200
rather than the expected all-zeroes.
Pass the correct source register number to tcg_out_vex_modrm()
for these insns.
Fixes: 770c2fc7bb70804a
Cc: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
(cherry picked from commit 7eb30ef0ba2eb59e7430d4848ae8d4bf4e50f768)
Signed-off-by: Michael Roth <address@hidden>
Commit: 51d5decb322303b9e8a99a614d228ef7317741b8
https://github.com/qemu/qemu/commit/51d5decb322303b9e8a99a614d228ef7317741b8
Author: Peter Maydell <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M fpu/softfloat.c
Log Message:
-----------
softfloat: Handle default NaN mode after pickNaNMulAdd, not before
It is implementation defined whether a multiply-add of
(0,inf,qnan) or (inf,0,qnan) raises InvalidaOperation or
not, so we let the target-specific pickNaNMulAdd function
handle this. This means that we must do the "return the
default NaN in default NaN mode" check after the call,
not before. Correct the ordering, and restore the comment
from the old propagateFloat64MulAddNaN() that warned about
this corner case.
This fixes a regression from 2.11 for Arm guests where we would
incorrectly fail to set the Invalid flag for these cases.
Cc: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
(cherry picked from commit 1839189bbf89889076aadf0c793c1b57977b28d7)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9363c3482544aedb65b159a6463eea8bf4024665
https://github.com/qemu/qemu/commit/9363c3482544aedb65b159a6463eea8bf4024665
Author: Richard Henderson <address@hidden>
Date: 2018-07-11 (Wed, 11 Jul 2018)
Changed paths:
M tcg/tcg.c
M tcg/tcg.h
Log Message:
-----------
tcg: Limit the number of ops in a TB
In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.
However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case. This is still
much less than the maximum forward branch distance of 32764 bytes.
Cc: address@hidden
Fixes: 15fa08f845 ("tcg: Dynamically allocate TCGOps")
Reviewed-by: Laurent Vivier <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
(cherry picked from commit abebf92597186be2bc48d487235da28b1127860f)
Signed-off-by: Michael Roth <address@hidden>
Commit: 4a67f4a9536582e066639387b6610f0b98b195c8
https://github.com/qemu/qemu/commit/4a67f4a9536582e066639387b6610f0b98b195c8
Author: Michael Clark <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M hw/riscv/sifive_u.c
Log Message:
-----------
RISC-V: Minimal QEMU 2.12 fix for sifive_u machine
The 'sifive_u' board has a bug where the ROM is
created as RAM at the wrong address and marked
readonly. The bug renders the board unusable.
This is a minimal fix and allows booting Linux.
5aec3247c190f10654250203a1742490ae7343a2
"RISC-V: Mark ROM read-only after copying in code"
contains a comprehensive fix using the ROM APIs
memory_region_init_rom and rom_add_blob_fixed_as
which could be backported.
Cc: Sagar Karandikar <address@hidden>
Cc: Bastian Koppelmann <address@hidden>
Cc: Palmer Dabbelt <address@hidden>
Cc: Alistair Francis <address@hidden>
Cc: address@hidden
Signed-off-by: Michael Clark <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Commit: 0779afdc8979e86d9c9723c898249e4571df45fe
https://github.com/qemu/qemu/commit/0779afdc8979e86d9c9723c898249e4571df45fe
Author: John Snow <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M blockjob.c
M qapi/block-core.json
Log Message:
-----------
blockjob: expose error string via query
When we've reached the concluded state, we need to expose the error
state if applicable. Add the new field.
This should be sufficient for determining if a job completed
successfully or not after concluding; if we want to discriminate
based on how it failed more mechanically, we can always add an
explicit return code enumeration later.
I didn't bother to make it only show up if we are in the concluded
state; I don't think it's necessary.
Cc: address@hidden
Signed-off-by: John Snow <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Alberto Garcia <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit ab9ba614556ac5b0f8d96b99e0dba19f1e28d6c2)
Signed-off-by: Michael Roth <address@hidden>
Commit: fbaeb1068c731021aedb5c416b9a5f7000923cc8
https://github.com/qemu/qemu/commit/fbaeb1068c731021aedb5c416b9a5f7000923cc8
Author: Peter Maydell <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/cpu.c
Log Message:
-----------
target/arm: Fix fp_status_f16 tininess before rounding
In commit d81ce0ef2c4f105 we added an extra float_status field
fp_status_fp16 for Arm, but forgot to initialize it correctly
by setting it to float_tininess_before_rounding. This currently
will only cause problems for the new V8_FP16 feature, since the
float-to-float conversion code doesn't use it yet. The effect
would be that we failed to set the Underflow IEEE exception flag
in all the cases where we should.
Add the missing initialization.
Fixes: d81ce0ef2c4f105
Cc: address@hidden
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Message-id: address@hidden
(cherry picked from commit bcc531f0364796104df4443d17f99b5fb494eca2)
Signed-off-by: Michael Roth <address@hidden>
Commit: e653eee8d800890723018de9cbc6c44de91cdf7d
https://github.com/qemu/qemu/commit/e653eee8d800890723018de9cbc6c44de91cdf7d
Author: Peter Maydell <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M fpu/softfloat.c
Log Message:
-----------
fpu/softfloat: Don't set Invalid for float-to-int(MAXINT)
In float-to-integer conversion, if the floating point input
converts exactly to the largest or smallest integer that
fits in to the result type, this is not an overflow.
In this situation we were producing the correct result value,
but were incorrectly setting the Invalid flag.
For example for Arm A64, "FCVTAS w0, d0" on an input of
0x41dfffffffc00000 should produce 0x7fffffff and set no flags.
Fix the boundary case to take the right half of the if()
statements.
This fixes a regression from 2.11 introduced by the softfloat
refactoring.
Cc: address@hidden
Fixes: ab52f973a50
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
(cherry picked from commit 333583757c5e910b040bef793974773635ce1918)
Signed-off-by: Michael Roth <address@hidden>
Commit: 994b0cf9975486d6082d80f0bff177204fbd56d0
https://github.com/qemu/qemu/commit/994b0cf9975486d6082d80f0bff177204fbd56d0
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement vector shifted SCVF/UCVF for fp16
While we have some of the scalar paths for *CVF for fp16,
we failed to decode the fp16 version of these instructions.
Cc: address@hidden
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit a6117fae4576edfe7a5a5b802a742c33112c0993)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0aaf1cca02dd166aa1f1585afc26cb703ed7c8ee
https://github.com/qemu/qemu/commit/0aaf1cca02dd166aa1f1585afc26cb703ed7c8ee
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement vector shifted FCVT for fp16
While we have some of the scalar paths for FCVT for fp16,
we failed to decode the fp16 version of these instructions.
Cc: address@hidden
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit d0ba8e74acd299b092786ffc30b306638d395a9e)
Signed-off-by: Michael Roth <address@hidden>
Commit: c708ce7d6ea9fdaf108fc3510beee5d6ad96f598
https://github.com/qemu/qemu/commit/c708ce7d6ea9fdaf108fc3510beee5d6ad96f598
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/helper.c
M target/arm/helper.h
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Fix float16 to/from int16
The instruction "ucvtf v0.4h, v04h, #2", with input 0x8000u,
overflows the intermediate float16 to infinity before we have a
chance to scale the output. Use float64 as the intermediate type
so that no input argument (uint32_t in this case) can overflow
or round before scaling. Given the declared argument, the signed
int32_t function has the same problem.
When converting from float16 to integer, using u/int32_t instead
of u/int16_t means that the bounding is incorrect.
Cc: address@hidden
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 88808a022c06f98d81cd3f2d105a5734c5614839)
Signed-off-by: Michael Roth <address@hidden>
Commit: e5af958dd2aac7ceb2a8313dca3074d8a99c5a7c
https://github.com/qemu/qemu/commit/e5af958dd2aac7ceb2a8313dca3074d8a99c5a7c
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Clear SVE high bits for FMOV
Use write_fp_dreg and clear_vec_high to zero the bits
that need zeroing for these cases.
Cc: address@hidden
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 9a9f1f59521f46e8ff4527d9a2b52f83577e2aa3)
Signed-off-by: Michael Roth <address@hidden>
Commit: 781cde6d940253e511b954cbfcbaea687ed0e2ee
https://github.com/qemu/qemu/commit/781cde6d940253e511b954cbfcbaea687ed0e2ee
Author: Petr Tesarik <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M fpu/softfloat.c
Log Message:
-----------
fpu/softfloat: Fix conversion from uint64 to float128
The significand is passed to normalizeRoundAndPackFloat128() as high
first, low second. The current code passes the integer first, so the
result is incorrectly shifted left by 64 bits.
This bug affects the emulation of s390x instruction CXLGBR (convert
from logical 64-bit binary-integer operand to extended BFP result).
Cc: address@hidden
Tested-by: Alex Bennée <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Petr Tesarik <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
(cherry picked from commit 6603d50648901e8b9e6d66ec1142accf0b1df1e6)
Signed-off-by: Michael Roth <address@hidden>
Commit: 4ec6a17a04428f1a126216622b7f89107a185b50
https://github.com/qemu/qemu/commit/4ec6a17a04428f1a126216622b7f89107a185b50
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FMOV (general) for fp16
Adding the fp16 moves to/from general registers.
Cc: address@hidden
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 68130236e30a1ec64363f4915349feee181bfbc1)
Signed-off-by: Michael Roth <address@hidden>
Commit: baa552e54f1612e85ca76149eca328dd268a4695
https://github.com/qemu/qemu/commit/baa552e54f1612e85ca76149eca328dd268a4695
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/helper.c
M target/arm/helper.h
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FCVT (scalar, integer) for fp16
Cc: address@hidden
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 564a0632504fad840491aa9a59453f4e64a316c4)
Signed-off-by: Michael Roth <address@hidden>
Commit: 7c38f3703d55aa1577614ae00b4240906aa5e33c
https://github.com/qemu/qemu/commit/7c38f3703d55aa1577614ae00b4240906aa5e33c
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FCVT (scalar, fixed-point) for fp16
Cc: address@hidden
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 2752728016bef06e7c9cfb961019272859beeca4)
Signed-off-by: Michael Roth <address@hidden>
Commit: d1ed4a60baf2750f041d36395e03b21b0fa82793
https://github.com/qemu/qemu/commit/d1ed4a60baf2750f041d36395e03b21b0fa82793
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Introduce and use read_fp_hreg
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 3d99d931266eaeaf7e83703a53f32232cd6faad7)
Signed-off-by: Michael Roth <address@hidden>
Commit: 7133cd4cfe61d76dc1897677b06232a4f01bfaa7
https://github.com/qemu/qemu/commit/7133cd4cfe61d76dc1897677b06232a4f01bfaa7
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FP data-processing (2 source) for fp16
We missed all of the scalar fp16 binary operations.
Cc: address@hidden
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit b8f5171cf01420a9f0ee895c5591e9b9914f391a)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0819a172503320cacfc5adcdf714b5b08be07d8f
https://github.com/qemu/qemu/commit/0819a172503320cacfc5adcdf714b5b08be07d8f
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FP data-processing (3 source) for fp16
We missed all of the scalar fp16 fma operations.
Cc: address@hidden
Reviewed-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 95f9864fde6078e2d2c036a07cc4fe44f199be96)
Signed-off-by: Michael Roth <address@hidden>
Commit: 246dad2f3cba8b0ffcc62c327591b9d1181a8912
https://github.com/qemu/qemu/commit/246dad2f3cba8b0ffcc62c327591b9d1181a8912
Author: Alex Bennée <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/helper-a64.c
M target/arm/helper-a64.h
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FCMP for fp16
These where missed out from the rest of the half-precision work.
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
[rth: Diagnose lack of FP16 before fp_access_check]
Signed-off-by: Richard Henderson <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 7a1929256ea1a03df12625e75ed571c60dca5bfb)
Signed-off-by: Michael Roth <address@hidden>
Commit: f3816879f9a48614b9b70b875543c79bb346d11b
https://github.com/qemu/qemu/commit/f3816879f9a48614b9b70b875543c79bb346d11b
Author: Alex Bennée <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FCSEL for fp16
These were missed out from the rest of the half-precision work.
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
[rth: Fix erroneous check vs type]
Signed-off-by: Richard Henderson <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit ace97feef3613194900d4eb9ffc6819b840fbaeb)
Signed-off-by: Michael Roth <address@hidden>
Commit: ffc3a15018c483ce5237bbe20588d49a079be27a
https://github.com/qemu/qemu/commit/ffc3a15018c483ce5237bbe20588d49a079be27a
Author: Alex Bennée <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Implement FMOV (immediate) for fp16
All the hard work is already done by vfp_expand_imm, we just need to
make sure we pick up the correct size.
Cc: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Alex Bennée <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Message-id: address@hidden
[rth: Merge unallocated_encoding check with TCGMemOp conversion.]
Signed-off-by: Richard Henderson <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 6ba28ddb9be37bdb67e3e38007a53ccbdcd010df)
Signed-off-by: Michael Roth <address@hidden>
Commit: ca11f0ab77d78b389b46f347841b7df2669881f0
https://github.com/qemu/qemu/commit/ca11f0ab77d78b389b46f347841b7df2669881f0
Author: Alex Bennée <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm: Fix sqrt_f16 exception raising
We are meant to explicitly pass fpst, not cpu_env.
Cc: address@hidden
Signed-off-by: Alex Bennée <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Tested-by: Alex Bennée <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>
(cherry picked from commit 905edee9101c54cda5b72286b7f7607cf1c3c4d1)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5e10c00f61f913ea67722d16834714e4e9eb530a
https://github.com/qemu/qemu/commit/5e10c00f61f913ea67722d16834714e4e9eb530a
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M hw/isa/isa-superio.c
Log Message:
-----------
hw/isa/superio: Fix inconsistent use of Chardev->be
4c3119a6e3e and cd9526ab7c0 introduced an incorrect and inconsistent
use of Chardev->be. Also, this CharBackend member is private and is
not supposed to be accessible.
Fix it by removing the inconsistent check.
Cc: address@hidden
Reported-by: Marc-André Lureau <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
(cherry picked from commit d4c8fcd91abba584f2788dfe5fba5245cea380f0)
Conflicts:
hw/isa/isa-superio.c
* avoid context dep on 9bca0edb28
Signed-off-by: Michael Roth <address@hidden>
Commit: 008ffc7a2f96fd3b5f69a35b82351237c78a0070
https://github.com/qemu/qemu/commit/008ffc7a2f96fd3b5f69a35b82351237c78a0070
Author: Marc-André Lureau <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M chardev/char-mux.c
M tests/test-char.c
Log Message:
-----------
mux: fix ctrl-a b again
Commit fb5e19d2e1472e96d72d5e4d89c20033f8ab345c originally fixed the
regression, but was inadvertently broken again in merge commit
2d6752d38d8acda.
Fixes:
https://bugs.launchpad.net/qemu/+bug/1654137
Cc: address@hidden
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit eeaa6715050ed3f9cbedd322220f31570a503217)
Signed-off-by: Michael Roth <address@hidden>
Commit: 58119514f5999a7e2d57f03acabbdff20a854d15
https://github.com/qemu/qemu/commit/58119514f5999a7e2d57f03acabbdff20a854d15
Author: Kevin Wolf <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M block/nfs.c
Log Message:
-----------
nfs: Remove processed options from QDict
Commit c22a03454 QAPIfied option parsing in the NFS block driver, but
forgot to remove all the options we processed. Therefore, we get an
error in bdrv_open_inherit(), which thinks the remaining options are
invalid. Trying to open an NFS image will result in an error like this:
Block protocol 'nfs' doesn't support the option 'server.host'
Remove all options from the QDict to make the NFS driver work again.
Cc: address@hidden
Signed-off-by: Kevin Wolf <address@hidden>
Message-id: address@hidden
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit c82be42cc803b36fd7aed5dceec68312c7056fd5)
Signed-off-by: Michael Roth <address@hidden>
Commit: 6d3ed3798b0774d9ca03754aba3c7284498933e8
https://github.com/qemu/qemu/commit/6d3ed3798b0774d9ca03754aba3c7284498933e8
Author: Olaf Hering <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M util/vfio-helpers.c
Log Message:
-----------
replace functions which are only available in glib-2.24
Currently the minimal supported version of glib is 2.22.
Since testing is done with a glib that claims to be 2.22, but in fact
has APIs from newer version of glib, this bug was not caught during
submit of the patch referenced below.
Replace g_realloc_n, which is available only since 2.24, with g_renew.
Fixes commit 418026ca43 ("util: Introduce vfio helpers")
Signed-off-by: Olaf Hering <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
CC: address@hidden
(cherry picked from commit d29eb678bcfbb2fbf4b79423797253ee02f5c6cf)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2cb041a82d60e07749be14f61296fd4a634b6309
https://github.com/qemu/qemu/commit/2cb041a82d60e07749be14f61296fd4a634b6309
Author: Alex Williamson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Default display option to "off"
Commit a9994687cb9b ("vfio/display: core & wireup") added display
support to vfio-pci with the default being "auto", which breaks
existing VMs when the vGPU requires GL support but had no previous
requirement for a GL compatible configuration. "Off" is the safer
default as we impose no new requirements to VM configurations.
Fixes: a9994687cb9b ("vfio/display: core & wireup")
Cc: address@hidden
Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>
(cherry picked from commit 8151a9c56d31eeeea872b8103c8b86d03c411667)
Signed-off-by: Michael Roth <address@hidden>
Commit: d8a7ec1deb2fb9283b420c4ac5601f873e93879a
https://github.com/qemu/qemu/commit/d8a7ec1deb2fb9283b420c4ac5601f873e93879a
Author: Vladimir Sementsov-Ogievskiy <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M migration/block-dirty-bitmap.c
Log Message:
-----------
migration/block-dirty-bitmap: fix dirty_bitmap_load
dirty_bitmap_load_header return code is obtained but not handled. Fix
this.
Bug was introduced in b35ebdf076d697bc
"migration: add postcopy migration of dirty bitmaps" with the whole
function.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: John Snow <address@hidden>
Signed-off-by: Dr. David Alan Gilbert <address@hidden>
(cherry picked from commit a36f6ff46f115672cf86d0e1e7cdb1c2fa4d304b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 78747264b96113810c1743b4019c301c4317196c
https://github.com/qemu/qemu/commit/78747264b96113810c1743b4019c301c4317196c
Author: Richard Henderson <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M tcg/aarch64/tcg-target.inc.c
M tcg/arm/tcg-target.inc.c
M tcg/i386/tcg-target.inc.c
M tcg/mips/tcg-target.inc.c
M tcg/ppc/tcg-target.inc.c
M tcg/s390/tcg-target.inc.c
M tcg/sparc/tcg-target.inc.c
M tcg/tcg.c
M tcg/tcg.h
M tcg/tci/tcg-target.inc.c
Log Message:
-----------
tcg: Reduce max TB opcode count
Also, assert that we don't overflow any of two different offsets into
the TB. Both unwind and goto_tb both record a uint16_t for later use.
This fixes an arm-softmmu test case utilizing NEON in which there is
a TB generated that runs to 7800 opcodes, and compiles to 96k on an
x86_64 host. This overflows the 16-bit offset in which we record the
goto_tb reset offset. Because of that overflow, we install a jump
destination that goes to neverland. Boom.
With this reduced op count, the same TB compiles to about 48k for
aarch64, ppc64le, and x86_64 hosts, and neither assertion fires.
Cc: address@hidden
Reported-by: "Jason A. Donenfeld" <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
(cherry picked from commit 9f754620651d3432114f4bb89c7f12cbea814b3e)
Signed-off-by: Michael Roth <address@hidden>
Commit: f8b3b02933f51d3c5625b479bcbff9147b4e612e
https://github.com/qemu/qemu/commit/f8b3b02933f51d3c5625b479bcbff9147b4e612e
Author: Eric Blake <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M nbd/server.c
Log Message:
-----------
nbd/server: Reject 0-length block status request
The NBD spec says that behavior is unspecified if the client
requests 0 length for block status; but since the structured
reply is documenting as returning a non-zero length, it's
easier to just diagnose this with an EINVAL error than to
figure out what to return.
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
(cherry picked from commit d8b20291cba6aa9bb295885a34f2b5f05d59d1b2)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2379ac134abf6dc82dd07dd536913b9d2bd5c56d
https://github.com/qemu/qemu/commit/2379ac134abf6dc82dd07dd536913b9d2bd5c56d
Author: Eric Blake <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M block/iscsi.c
Log Message:
-----------
iscsi: Avoid potential for get_status overflow
Detected by Coverity: Multiplying two 32-bit int and assigning
the result to a 64-bit number is a risk of overflow. Prior to
the conversion to byte-based interfaces, the block layer took
care of ensuring that a status request never exceeded 2G in
the driver; but after that conversion, the block layer expects
drivers to deal with any size request (the driver can always
truncate the request size back down, as long as it makes
progress). So, in the off-chance that someone makes a large
request, we are at the mercy of whether iscsi_get_lba_status_task()
will cap things to at most INT_MAX / iscsilun->block_size when
it populates lbasd->num_blocks; since I could not easily audit
that, it's better to be safe than sorry by just forcing a 64-bit
multiply.
Fixes: 92809c36
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
(cherry picked from commit 8ee1cef4593a7bda076891470c0620e79333c0d0)
Signed-off-by: Michael Roth <address@hidden>
Commit: d109f8eb7edcdaceb27a49487ee4e579067cf914
https://github.com/qemu/qemu/commit/d109f8eb7edcdaceb27a49487ee4e579067cf914
Author: Pankaj Gupta <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M hw/virtio/virtio-rng.c
Log Message:
-----------
virtio-rng: process pending requests on DRIVER_OK
virtio-rng device causes old guest kernels(2.6.32) to hang on latest qemu.
The driver attempts to read from the virtio-rng device too early in it's
initialization. Qemu detects guest is not ready and returns, resulting in
hang.
To fix handle pending requests when guest is running and driver status is
set to 'VIRTIO_CONFIG_S_DRIVER_OK'.
CC: address@hidden
Reported-by: Sergio lopez <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Pankaj Gupta <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 5d9c9ea22ab4f3b3ee497523e34b6f4d3281f62d)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0935356e43a2f3f707de7e2fdcb525e4848fb0d4
https://github.com/qemu/qemu/commit/0935356e43a2f3f707de7e2fdcb525e4848fb0d4
Author: Emilio G. Cota <address@hidden>
Date: 2018-07-18 (Wed, 18 Jul 2018)
Changed paths:
M target/ppc/translate.c
Log Message:
-----------
target/ppc: set is_jmp on ppc_tr_breakpoint_check
The use of GDB breakpoints was broken by b0c2d52 ("target/ppc: convert
to TranslatorOps", 2018-02-16).
Fix it by setting is_jmp, so that we break from the translation loop
as originally intended.
Tested-by: Mark Cave-Ayland <address@hidden>
Reported-by: Mark Cave-Ayland <address@hidden>
Signed-off-by: Emilio G. Cota <address@hidden>
Signed-off-by: David Gibson <address@hidden>
(cherry picked from commit 2a8ceefca23bc2aaafe711f8afd7585be3c27064)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1b817abcd4dbb8c0db98fdd9f4f805a50c45e1bb
https://github.com/qemu/qemu/commit/1b817abcd4dbb8c0db98fdd9f4f805a50c45e1bb
Author: Yunjian Wang <address@hidden>
Date: 2018-07-23 (Mon, 23 Jul 2018)
Changed paths:
M net/tap.c
Log Message:
-----------
tap: fix memory leak on success to create a tap device
The memory leak on success to create a tap device. And the nfds and
nvhosts may not be the same and need to be processed separately.
Fixes: 07825977 ("tap: fix memory leak on failure to create a multiqueue tap
device")
Fixes: 264986e2 ("tap: multiqueue support")
Cc: address@hidden
Signed-off-by: Yunjian Wang <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
(cherry picked from commit 323e7c117754e4d4ce6b4282d74ad01c99d67714)
Signed-off-by: Michael Roth <address@hidden>
Commit: 3afe55ff387d95e1245ea095a7d0734b9ada265a
https://github.com/qemu/qemu/commit/3afe55ff387d95e1245ea095a7d0734b9ada265a
Author: Peter Lieven <address@hidden>
Date: 2018-07-23 (Mon, 23 Jul 2018)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: avoid overflow of min_sparse parameter
the min_sparse convert parameter can overflow (e.g. -S 1024G)
in the conversion from int64_t to int resulting in a negative
min_sparse parameter. Avoid this by limiting the valid parameters
to sane values. In fact anything exceeding the convert buffer size
is also pointless. While at it also forbid values that are non
multiple of 512 to avoid undesired behaviour. For instance, values
between 1 and 511 were legal, but resulted in full allocation.
Cc: address@hidden
Signed-off-by: Peter Lieven <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 6360ab278cc1ac3e1235e0755e4cba1f918e6f3c)
Signed-off-by: Michael Roth <address@hidden>
Commit: e8488edcb3768f08cda7c3cc00def6b1b2f6c615
https://github.com/qemu/qemu/commit/e8488edcb3768f08cda7c3cc00def6b1b2f6c615
Author: Richard Henderson <address@hidden>
Date: 2018-07-23 (Mon, 23 Jul 2018)
Changed paths:
M tcg/i386/tcg-target.inc.c
Log Message:
-----------
tcg/i386: Mark xmm registers call-clobbered
When host vector registers and operations were introduced, I failed
to mark the registers call clobbered as required by the ABI.
Fixes: 770c2fc7bb7
Cc: address@hidden
Reported-by: Jason A. Donenfeld <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
(cherry picked from commit 672189cd586ea38a2c1d8ab91eb1f9dcff5ceb05)
Signed-off-by: Michael Roth <address@hidden>
Commit: c16427177a67bc86aa7560331143bfc9c885b27d
https://github.com/qemu/qemu/commit/c16427177a67bc86aa7560331143bfc9c885b27d
Author: Cornelia Huck <address@hidden>
Date: 2018-07-24 (Tue, 24 Jul 2018)
Changed paths:
M pc-bios/s390-ccw.img
Log Message:
-----------
pc-bios/s390-ccw.img: update image for stable
Contains the following commits:
- s390-ccw: force diag 308 subcode to unsigned long
- pc-bios/s390-ccw: struct tpi_info must be declared as aligned(4)
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 90b2d941230fca5e96747b8f0749ea52ef94276e
https://github.com/qemu/qemu/commit/90b2d941230fca5e96747b8f0749ea52ef94276e
Author: Marc-André Lureau <address@hidden>
Date: 2018-07-24 (Tue, 24 Jul 2018)
Changed paths:
M hw/usb/ccid-card-passthru.c
Log Message:
-----------
ccid-card-passthru: fix regression in realize()
Since cc847bfd16d894fd8c1a2ce25f31772f6cdbbc74, CCID card-passthru
fails to intialize, because it changed a debug line to an error,
probably by mistake. Change it back to a DPRINTF debug.
(solves Boxes creating VM with smartcard passthru failing to start)
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit e58d64a16abc2304c4dcb644411eb9580bf63b1e)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2f36efaeb15761d6863ea29c6fbeaf15d596cc17
https://github.com/qemu/qemu/commit/2f36efaeb15761d6863ea29c6fbeaf15d596cc17
Author: Michael Roth <address@hidden>
Date: 2018-07-24 (Tue, 24 Jul 2018)
Changed paths:
M pc-bios/s390-ccw.img
Log Message:
-----------
Merge tag 's390x-20180724-212-stable' into stable-2.12-staging
update s390-ccw.img for stable
Commit: 441784598e7cf1695657cd958a5f6e3326da01f9
https://github.com/qemu/qemu/commit/441784598e7cf1695657cd958a5f6e3326da01f9
Author: Markus Armbruster <address@hidden>
Date: 2018-07-24 (Tue, 24 Jul 2018)
Changed paths:
M include/qapi/qmp/qjson.h
M qobject/qjson.c
Log Message:
-----------
qobject: New qdict_from_jsonf_nofail()
Many uses of qobject_from_jsonf() convert JSON objects. Create new
convenience function qdict_from_jsonf_nofail() that includes the
conversion to QDict. The next few commits will put it to use.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit a193352ff9c7cd2cd07846118bc49921d0f53af8)
Signed-off-by: Michael Roth <address@hidden>
Commit: 08c4a51c65fcde99255d8ab9eabbaefeca5f9250
https://github.com/qemu/qemu/commit/08c4a51c65fcde99255d8ab9eabbaefeca5f9250
Author: Markus Armbruster <address@hidden>
Date: 2018-07-24 (Tue, 24 Jul 2018)
Changed paths:
M include/qapi/qmp/dispatch.h
M monitor.c
M qapi/qmp-dispatch.c
M qga/main.c
Log Message:
-----------
qmp: De-duplicate error response building
All callers of qmp_build_error_object() duplicate the code to wrap it
in a response object. Replace it by qmp_error_response() that
captures the duplicated code, including error_free().
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
(cherry picked from commit cee32796cadc9510ee00f029a933009df7a28ae2)
Conflicts:
include/qapi/qmp/dispatch.h
qapi/qmp-dispatch.c
qga/main.c
* drop context dep on cb3e7f08ae
* prereq for ae7da1e5f6
Signed-off-by: Michael Roth <address@hidden>
Commit: bf1cb819e983494f2606f9d7ff0726c210a6c757
https://github.com/qemu/qemu/commit/bf1cb819e983494f2606f9d7ff0726c210a6c757
Author: Marc-André Lureau <address@hidden>
Date: 2018-07-24 (Tue, 24 Jul 2018)
Changed paths:
M qga/main.c
Log Message:
-----------
qga: process_event() simplification and leak fix
json_parser_parse_err() may return something else than a QDict, in
which case we loose the object. Let's keep track of the original
object to avoid leaks.
When an error occurs, "qdict" contains the response, but we still
check the "execute" key there. Untangle a bit this code, by having a
clear error path.
CC: Michael Roth <address@hidden>
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Cc: address@hidden
Signed-off-by: Michael Roth <address@hidden>
(cherry picked from commit ae7da1e5f658ea21d96e565514de20ff2cf24fa1)
* drop context dep on d43b16945a
* drop functional dep on cb3e7f08ae
Signed-off-by: Michael Roth <address@hidden>
Commit: 336cd382dcf2e5de6c47a6dd185a3a563655d626
https://github.com/qemu/qemu/commit/336cd382dcf2e5de6c47a6dd185a3a563655d626
Author: Christian Borntraeger <address@hidden>
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M hw/s390x/sclp.c
Log Message:
-----------
s390x/sclp: fix maxram calculation
We clamp down ram_size to match the sclp increment size. We do
not do the same for maxram_size, which means for large guests
with some sizes (e.g. -m 50000) maxram_size differs from ram_size.
This can break other code (e.g. CMMA migration) which uses maxram_size
to calculate the number of pages and then throws some errors.
Fixes: 82fab5c5b90e468f3e9d54c ("s390x/sclp: remove memory hotplug support")
Signed-off-by: Christian Borntraeger <address@hidden>
CC: address@hidden
CC: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
(cherry picked from commit 408e5ace517ff18c9c7cd918fc93358162e6e26d)
Signed-off-by: Michael Roth <address@hidden>
Commit: b102aea574939d93b996a01c1aebc49a30e2bb15
https://github.com/qemu/qemu/commit/b102aea574939d93b996a01c1aebc49a30e2bb15
Author: KONRAD Frederic <address@hidden>
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M block/qcow.c
Log Message:
-----------
qcow: fix a reference leak
Since 42a3e1ab367cdf38cce093de24eb406b99a4ef96 qemu asserts when using the
vvfat driver:
git clone git://qemu.org/qemu.git
cd qemu
./configure --target-list=ppc-softmmu --enable-debug
make -j8
mkdir foo
touch foo/hello
./ppc-softmmu/qemu-system-ppc -M prep --nographic --monitor null \
-hda fat:rw:./foo
"Ctrl-C"
qemu-system-ppc: block.c:3368: bdrv_close_all: Assertion \
`((&all_bdrv_states)->tqh_first == ((void *)0))' failed.
This is because we reference bs twice in qcow_co_create(..) one time in
bdrv_open_blockdev_ref(..) and in blk_insert_bs(..) but we unref it only once
in blk_unref which leads to the reference leak.
Note that I didn't tested much QCOW after this change as I don't use it much.
Signed-off-by: KONRAD Frederic <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 41b6513436d2ebb64c7df8f009f630922a8e8990)
Signed-off-by: Michael Roth <address@hidden>
Commit: aae299a68ddb1945e571487b3de8f20e4366a225
https://github.com/qemu/qemu/commit/aae299a68ddb1945e571487b3de8f20e4366a225
Author: Fam Zheng <address@hidden>
Date: 2018-07-31 (Tue, 31 Jul 2018)
Changed paths:
M block/file-posix.c
Log Message:
-----------
file-posix: Handle EINTR in preallocation=full write
Cc: address@hidden
Signed-off-by: Fam Zheng <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit a1c81f4f16a74d0d544f5d3ac405bcaad83541fd)
Conflicts:
block/file-posix.c
* avoid dep on 93f4e2ff by adding check to raw_regular_truncate instead
Signed-off-by: Michael Roth <address@hidden>
Commit: e22f675bdd3689472032d0de0799519c3e07fd2c
https://github.com/qemu/qemu/commit/e22f675bdd3689472032d0de0799519c3e07fd2c
Author: Michael Roth <address@hidden>
Date: 2018-08-02 (Thu, 02 Aug 2018)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 2.12.1 release
Signed-off-by: Michael Roth <address@hidden>
Compare: https://github.com/qemu/qemu/compare/4319ae939c8d^...e22f675bdd36
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 4319ae: tests: fix tpm-crb tpm-tis tests race,
GitHub <=