qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 5433bb: migration/colo: Fix bdrv_graph_rdlock


From: Paolo Bonzini
Subject: [Qemu-commits] [qemu/qemu] 5433bb: migration/colo: Fix bdrv_graph_rdlock_main_loop: A...
Date: Mon, 27 May 2024 00:26:16 -0700

  Branch: refs/heads/staging-9.0
  Home:   https://github.com/qemu/qemu
  Commit: 5433bb518673584f144a150beffea0d99e2e8078
      
https://github.com/qemu/qemu/commit/5433bb518673584f144a150beffea0d99e2e8078
  Author: Li Zhijian <lizhijian@fujitsu.com>
  Date:   2024-04-25 (Thu, 25 Apr 2024)

  Changed paths:
    M migration/colo.c

  Log Message:
  -----------
  migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion 
`!qemu_in_coroutine()' failed.

bdrv_activate_all() should not be called from the coroutine context, move
it to the QEMU thread colo_process_incoming_thread() with the bql_lock
protected.

The backtrace is as follows:
 #4  0x0000561af7948362 in bdrv_graph_rdlock_main_loop () at 
../block/graph-lock.c:260
 #5  0x0000561af7907a68 in graph_lockable_auto_lock_mainloop (x=0x7fd29810be7b) 
at /patch/to/qemu/include/block/graph-lock.h:259
 #6  0x0000561af79167d1 in bdrv_activate_all (errp=0x7fd29810bed0) at 
../block.c:6906
 #7  0x0000561af762b4af in colo_incoming_co () at ../migration/colo.c:935
 #8  0x0000561af7607e57 in process_incoming_migration_co (opaque=0x0) at 
../migration/migration.c:793
 #9  0x0000561af7adbeeb in coroutine_trampoline (i0=-106876144, i1=22042) at 
../util/coroutine-ucontext.c:175
 #10 0x00007fd2a5cf21c0 in  () at /lib64/libc.so.6

Cc: qemu-stable@nongnu.org
Cc: Fabiano Rosas <farosas@suse.de>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2277
Fixes: 2b3912f135 ("block: Mark bdrv_first_blk() and bdrv_is_root_node() 
GRAPH_RDLOCK")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Tested-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240417025634.1014582-1-lizhijian@fujitsu.com
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 2cc637f1ea08d2a1b19fc5b1a30bc609f948de93)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 2a7c0a16a930cc89e5977072d0c616b41fb29c0d
      
https://github.com/qemu/qemu/commit/2a7c0a16a930cc89e5977072d0c616b41fb29c0d
  Author: Michael Tokarev <mjt@tls.msk.ru>
  Date:   2024-04-25 (Thu, 25 Apr 2024)

  Changed paths:
    M linux-user/syscall.c

  Log Message:
  -----------
  linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY

This setsockopt accepts zero-lengh optlen (current qemu implementation
does not allow this).  Also, there's no need to make a copy of the key,
it is enough to use lock_user() (which accepts zero length already).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2197
Fixes: f31dddd2fc "linux-user: Add support for setsockopt() option SOL_ALG"
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <20240331100737.2724186-2-mjt@tls.msk.ru>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 04f6fb897a5aeb3e356a7b889869c9962f9c16c7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: d6cdc6b29ad40623358023ad9d5b1c91303e3c7f
      
https://github.com/qemu/qemu/commit/d6cdc6b29ad40623358023ad9d5b1c91303e3c7f
  Author: Zhao Liu <zhao1.liu@intel.com>
  Date:   2024-04-25 (Thu, 25 Apr 2024)

  Changed paths:
    M docs/system/target-i386-desc.rst.inc

  Log Message:
  -----------
  docs: i386: pc: Update maximum CPU numbers for PC Q35

Commit e4e98c7eebfa ("pc: q35: Bump max_cpus to 4096 vcpus") increases
the supported CPUs for PC Q35 machine.

Update maximum CPU numbers for PC Q35 in the document.

Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Message-ID: <20240412085358.731560-1-zhao1.liu@linux.intel.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 838f82468a1282f7e89dbbd6c015c8742bfdafce)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 304dc04347e15568e83c3482b9b3b9ce00b7e434
      
https://github.com/qemu/qemu/commit/304dc04347e15568e83c3482b9b3b9ce00b7e434
  Author: Zhu Yangyang <zhuyangyang14@huawei.com>
  Date:   2024-04-28 (Sun, 28 Apr 2024)

  Changed paths:
    M nbd/client.c
    M nbd/common.c
    M nbd/nbd-internal.h
    M nbd/server.c

  Log Message:
  -----------
  nbd/server: do not poll within a coroutine context

Coroutines are not supposed to block. Instead, they should yield.

The client performs TLS upgrade outside of an AIOContext, during
synchronous handshake; this still requires g_main_loop.  But the
server responds to TLS upgrade inside a coroutine, so a nested
g_main_loop is wrong.  Since the two callbacks no longer share more
than the setting of data.complete and data.error, it's just as easy to
use static helpers instead of trying to share a common code path.  It
is also possible to add assertions that no other code is interfering
with the eventual path to qio reaching the callback, whether or not it
required a yield or main loop.

Fixes: f95910f ("nbd: implement TLS support in the protocol negotiation")
Signed-off-by: Zhu Yangyang <zhuyangyang14@huawei.com>
[eblake: move callbacks to their use point, add assertions]
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20240408160214.1200629-5-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
(cherry picked from commit ae6d91a7e9b77abb029ed3fa9fad461422286942)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 9ae59100b8b8d9a8f2c1d66b405c90c8b306d440
      
https://github.com/qemu/qemu/commit/9ae59100b8b8d9a8f2c1d66b405c90c8b306d440
  Author: Eric Blake <eblake@redhat.com>
  Date:   2024-04-28 (Sun, 28 Apr 2024)

  Changed paths:
    M nbd/server.c

  Log Message:
  -----------
  nbd/server: Mark negotiation functions as coroutine_fn

nbd_negotiate() is already marked coroutine_fn.  And given the fix in
the previous patch to have nbd_negotiate_handle_starttls not create
and wait on a g_main_loop (as that would violate coroutine
constraints), it is worth marking the rest of the related static
functions reachable only during option negotiation as also being
coroutine_fn.

Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20240408160214.1200629-6-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
[eblake: drop one spurious coroutine_fn marking]
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 4fa333e08dd96395a99ea8dd9e4c73a29dd23344)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: b789fae749ad589508e53e98f388d52e2c1145a9
      
https://github.com/qemu/qemu/commit/b789fae749ad589508e53e98f388d52e2c1145a9
  Author: Li Zhijian <lizhijian@fujitsu.com>
  Date:   2024-04-30 (Tue, 30 Apr 2024)

  Changed paths:
    M backends/cryptodev-builtin.c

  Log Message:
  -----------
  backends/cryptodev-builtin: Fix local_error leaks

It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: zhenwei pi <pizhenwei@bytedance.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 06479dbf3d7d245572c4b3016e5a1d923ff04d66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 068cbf9b946569d72bcc9af48309214de993d2da
      
https://github.com/qemu/qemu/commit/068cbf9b946569d72bcc9af48309214de993d2da
  Author: Michael Tokarev <mjt@tls.msk.ru>
  Date:   2024-04-30 (Tue, 30 Apr 2024)

  Changed paths:
    M target/loongarch/cpu.c

  Log Message:
  -----------
  target/loongarch/cpu.c: typo fix: expection

Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert 
failed with the option '-d int'")
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 0cbb322f70e8a87e4acbffecef5ea8f9448f3513)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: f90bf4c154b035ae6fe3e184ea3657bffcdf9146
      
https://github.com/qemu/qemu/commit/f90bf4c154b035ae6fe3e184ea3657bffcdf9146
  Author: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
  Date:   2024-04-30 (Tue, 30 Apr 2024)

  Changed paths:
    M target/riscv/kvm/kvm-cpu.c

  Log Message:
  -----------
  target/riscv/kvm: remove sneaky strerrorname_np() instance

Commit d424db2354 excluded some strerrorname_np() instances because they
break musl libc builds. Another instance happened to slip by via commit
d4ff3da8f4.

Remove it before it causes trouble again.

Fixes: d4ff3da8f4 (target/riscv/kvm: initialize 'vlenb' via get-reg-list)
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit e4426353175f21f54095701c704ba4c50724cb80)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: dde9f0f0b7c7004c08108f1d96dbdd0d262bd465
      
https://github.com/qemu/qemu/commit/dde9f0f0b7c7004c08108f1d96dbdd0d262bd465
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-01 (Wed, 01 May 2024)

  Changed paths:
    M target/arm/tcg/hflags.c

  Log Message:
  -----------
  target/arm: Restrict translation disabled alignment check to VMSA

For cpus using PMSA, when the MPU is disabled, the default memory
type is Normal, Non-cachable. This means that it should not
have alignment restrictions enforced.

Cc: qemu-stable@nongnu.org
Fixes: 59754f85ed3 ("target/arm: Do memory type alignment check when 
translation disabled")
Reported-by: Clément Chigot <chigot@adacore.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Clément Chigot <chigot@adacore.com>
Message-id: 20240422170722.117409-1-richard.henderson@linaro.org
[PMM: trivial comment, commit message tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 7b19a3554d2df22d29c75319a1dac17615d1b20e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 7b5096360346de050580b9c8c13748d672c7702d
      
https://github.com/qemu/qemu/commit/7b5096360346de050580b9c8c13748d672c7702d
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-05-01 (Wed, 01 May 2024)

  Changed paths:
    M tests/avocado/boot_linux_console.py
    M tests/avocado/replay_kernel.py

  Log Message:
  -----------
  tests/avocado: update sunxi kernel from armbian to 6.6.16

The Linux kernel 5.10.16 binary for sunxi has been removed from
apt.armbian.com. This means that the avocado tests for these machines
will be skipped (status CANCEL) if the old binary isn't present in
the avocado cache.

Update to 6.6.16, in the same way we did in commit e384db41d8661
when we moved to 5.10.16 in 2021.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2284
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20240415151845.1564201-1-peter.maydell@linaro.org
(cherry picked from commit dcc5c018c7e6acddf81951bcbdf1019b9ab45f56)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 0909194eddf79e7fa5ea0447c081548750f290dc
      
https://github.com/qemu/qemu/commit/0909194eddf79e7fa5ea0447c081548750f290dc
  Author: Thomas Huth <thuth@redhat.com>
  Date:   2024-05-01 (Wed, 01 May 2024)

  Changed paths:
    M .gitlab-ci.d/cirrus.yml

  Log Message:
  -----------
  .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs

Cirrus-CI introduced limitations to the free CI minutes. To avoid that
we are consuming them too fast, let's drop the usual targets that are
not that important since they are either a subset of another target
(like i386 or ppc being a subset of x86_64 or ppc64 respectively), or
since there is still a similar target with the opposite endianness
(like xtensa/xtensael, microblaze/microblazeel etc.).

Message-ID: <20240429100113.53357-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a88a04906b966ffdcda23a5a456abe10aa8c826e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 1b6e140cd8157b81def55427406656f3f03f937c
      
https://github.com/qemu/qemu/commit/1b6e140cd8157b81def55427406656f3f03f937c
  Author: Jeuk Kim <jeuk20.kim@samsung.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M hw/ufs/ufs.c

  Log Message:
  -----------
  hw/ufs: Fix buffer overflow bug

It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.

You can reproduce it by:

cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000058 0x1 0xa7
write 0xa 0x1 0x50
EOF

Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
(cherry picked from commit f2c8aeb1afefcda92054c448b21fc59cdd99db30)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 64378d92df5de0912fd471597ff1bd5523b131e6
      
https://github.com/qemu/qemu/commit/64378d92df5de0912fd471597ff1bd5523b131e6
  Author: Alexandra Diupina <adiupina@astralinux.ru>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M hw/dma/xlnx_dpdma.c

  Log Message:
  -----------
  hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields

The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
 https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field

However, we misimplemented this address extension in several ways:
 * we only extracted 12 bits of the extension fields, not 16
 * we didn't shift the extension field up far enough
 * we accidentally did the shift as 32-bit arithmetic, which
   meant that we would have an overflow instead of setting
   bits [47:32] of the resulting 64-bit address

Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Cc: qemu-stable@nongnu.org
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Message-id: 20240428181131.23801-1-adiupina@astralinux.ru
[PMM: adjusted commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4b00855f0ee2e2eee8fd2500ffef27c108be6dc3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 380703d6a9864c8b95756f9d498fba1973e5bca6
      
https://github.com/qemu/qemu/commit/380703d6a9864c8b95756f9d498fba1973e5bca6
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M hw/arm/npcm7xx.c

  Log Message:
  -----------
  hw/arm/npcm7xx: Store derivative OTP fuse key in little endian

Use little endian for derivative OTP fuse key.

Cc: qemu-stable@nongnu.org
Fixes: c752bb079b ("hw/nvram: NPCM7xx OTP device model")
Suggested-by: Avi Fishman <Avi.Fishman@nuvoton.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240422125813.1403-1-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit eb656a60fd93262b1e519b3162888bf261df7f68)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: ea8665201987dab2550cd8b1d8c8c9da78dc2af5
      
https://github.com/qemu/qemu/commit/ea8665201987dab2550cd8b1d8c8c9da78dc2af5
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-04 (Sat, 04 May 2024)

  Changed paths:
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-addv.c

  Log Message:
  -----------
  target/sh4: Fix ADDV opcode

The documentation says:

  ADDV Rm, Rn        Rn + Rm -> Rn, overflow -> T

But QEMU implementation was:

  ADDV Rm, Rn        Rn + Rm -> Rm, overflow -> T

Fix by filling the correct Rm register.

Add tests provided by Paul Cercueil.

Cc: qemu-stable@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <paul@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2317
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-2-philmd@linaro.org>
(cherry picked from commit c365e6b0705788866a65e7b8206bd4c5332595cd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 30e8861a90a539ac23053de7645fc4b38e53130a
      
https://github.com/qemu/qemu/commit/30e8861a90a539ac23053de7645fc4b38e53130a
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-04 (Sat, 04 May 2024)

  Changed paths:
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-subv.c

  Log Message:
  -----------
  target/sh4: Fix SUBV opcode

The documentation says:

  SUBV Rm, Rn        Rn - Rm -> Rn, underflow -> T

The overflow / underflow can be calculated as:

  T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31

However we were using the incorrect:

  T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31

Fix by using the Rn register instead of Rm.

Add tests provided by Paul Cercueil.

Cc: qemu-stable@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <paul@crapouillou.net>
Suggested-by: Paul Cercueil <paul@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-3-philmd@linaro.org>
(cherry picked from commit e88a856efd1d3c3ffa8e53da4831eff8da290808)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 1974871416700d64382b5456f7fe29f0fc2c741e
      
https://github.com/qemu/qemu/commit/1974871416700d64382b5456f7fe29f0fc2c741e
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-05 (Sun, 05 May 2024)

  Changed paths:
    M plugins/core.c

  Log Message:
  -----------
  plugins: Update stale comment

"plugin_mask" was renamed as "event_mask" in commit c006147122
("plugins: create CPUPluginState and migrate plugin_mask").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-3-philmd@linaro.org>
(cherry picked from commit e096d370ad877f8573e20266f7e843084f9611d8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 97ffb299985abe8a713c519906e910359d4d2196
      
https://github.com/qemu/qemu/commit/97ffb299985abe8a713c519906e910359d4d2196
  Author: Ruihan Li <lrh2000@pku.edu.cn>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Give IRQs a chance when resetting HF_INHIBIT_IRQ_MASK

When emulated with QEMU, interrupts will never come in the following
loop. However, if the NOP instruction is uncommented, interrupts will
fire as normal.

        loop:
                cli
                call do_sti
                jmp loop

        do_sti:
                sti
                # nop
                ret

This behavior is different from that of a real processor. For example,
if KVM is enabled, interrupts will always fire regardless of whether the
NOP instruction is commented or not. Also, the Intel Software Developer
Manual states that after the STI instruction is executed, the interrupt
inhibit should end as soon as the next instruction (e.g., the RET
instruction if the NOP instruction is commented) is executed.

This problem is caused because the previous code may choose not to end
the TB even if the HF_INHIBIT_IRQ_MASK has just been reset (e.g., in the
case where the STI instruction is immediately followed by the RET
instruction), so that IRQs may not have a change to trigger. This commit
fixes the problem by always terminating the current TB to give IRQs a
chance to trigger when HF_INHIBIT_IRQ_MASK is reset.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn>
Message-ID: <20240415064518.4951-4-lrh2000@pku.edu.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 6a5a63f74ba5c5355b7a8468d3d814bfffe928fb)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 63a58450a6fa36083dc1430379b29bbdee248275
      
https://github.com/qemu/qemu/commit/63a58450a6fa36083dc1430379b29bbdee248275
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/sparc/helper.h
    M target/sparc/insns.decode
    M target/sparc/translate.c
    M target/sparc/vis_helper.c

  Log Message:
  -----------
  target/sparc: Fix FEXPAND

This is a 2-operand instruction, not 3-operand.
Worse, we took the source from the wrong operand.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-3-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
(cherry picked from commit 7b616f36de0bde126e1ba6b0793ed26fc414a1ff)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 6d027e1bf95f50aaa6ddee21af6a4847163cdb18
      
https://github.com/qemu/qemu/commit/6d027e1bf95f50aaa6ddee21af6a4847163cdb18
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/sparc/helper.h
    M target/sparc/translate.c
    M target/sparc/vis_helper.c

  Log Message:
  -----------
  target/sparc: Fix FMUL8x16

This instruction has f32 as source1, which alters the
decoding of the register number, which means we've been
passing the wrong data for odd register numbers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-4-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
(cherry picked from commit 9157dccc7e71f7c94581c38f38acbef9a21bbe9a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 098f10e9a830305cfc0ea1bc43fef1b3005e6f85
      
https://github.com/qemu/qemu/commit/098f10e9a830305cfc0ea1bc43fef1b3005e6f85
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/sparc/helper.h
    M target/sparc/translate.c
    M target/sparc/vis_helper.c

  Log Message:
  -----------
  target/sparc: Fix FMUL8x16A{U,L}

These instructions have f32 inputs, which changes the decode
of the register numbers.  While we're fixing things, use a
common helper for both insns, extracting the 16-bit scalar
in tcg beforehand.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-5-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
(cherry picked from commit a859602c746baf4892cc8ca1ce003e92411d1716)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: b7f629b431ff9044655858a751c92ff6158890ea
      
https://github.com/qemu/qemu/commit/b7f629b431ff9044655858a751c92ff6158890ea
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/sparc/helper.h
    M target/sparc/translate.c
    M target/sparc/vis_helper.c

  Log Message:
  -----------
  target/sparc: Fix FMULD8*X16

Not only do these instructions have f32 inputs, they also do not
perform rounding.  Since these are relatively simple, implement
them properly inline.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240502165528.244004-6-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
(cherry picked from commit be8998e046c2a7e434494b75cf468ffd9d536025)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 6466cf4131c8edce2d4098ab382d8ede0b49b0f1
      
https://github.com/qemu/qemu/commit/6466cf4131c8edce2d4098ab382d8ede0b49b0f1
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/sparc/helper.h
    M target/sparc/translate.c
    M target/sparc/vis_helper.c

  Log Message:
  -----------
  target/sparc: Fix FPMERGE

This instruction has f32 inputs, which changes the decode
of the register numbers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240502165528.244004-7-richard.henderson@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
(cherry picked from commit d3ef26afde77fbdedd5b30282134ff99d0fe5cc5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: f6d315ffdf36fe768e5f1eaf44cd7a636285da1c
      
https://github.com/qemu/qemu/commit/f6d315ffdf36fe768e5f1eaf44cd7a636285da1c
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M target/sh4/translate.c

  Log Message:
  -----------
  target/sh4: Update DisasContextBase.insn_start

Match the extra inserts of INDEX_op_insn_start, fixing
the db->num_insns != 1 assert in translator_loop.

Fixes: dcd092a0636 ("accel/tcg: Improve can_do_io management")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit ca51921158e3cc07520a0ef5eb33739e5852ac6e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: d92179b57ebfe620ce8a9db76dc10ccbdb93d0eb
      
https://github.com/qemu/qemu/commit/d92179b57ebfe620ce8a9db76dc10ccbdb93d0eb
  Author: Song Gao <gaosong@loongson.cn>
  Date:   2024-05-10 (Fri, 10 May 2024)

  Changed paths:
    M hw/loongarch/virt.c

  Log Message:
  -----------
  hw/loongarch/virt: Fix memory leak

The char pointer 'ramName' point to a block of memory,
but never free it. Use 'g_autofree' to automatically free it.

Resolves: Coverity CID 1544773

Fixes: 0cf1478d6 ("hw/loongarch: Add numa support")
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240507022239.3113987-1-gaosong@loongson.cn>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 54c52ec719fb8c83bbde54cb87b58688ab27c166)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fixup in hw/loongarch/virt.c due to missing-in-9.0
      v9.0.0-266-gd771ca1c10 "hw/loongarch: Move boot functions to boot.c")


  Commit: 230b5c968e359789bddd7a324fac3fb0348d4562
      
https://github.com/qemu/qemu/commit/230b5c968e359789bddd7a324fac3fb0348d4562
  Author: Mattias Nissler <mnissler@rivosinc.com>
  Date:   2024-05-10 (Fri, 10 May 2024)

  Changed paths:
    M hw/remote/vfio-user-obj.c

  Log Message:
  -----------
  hw/remote/vfio-user: Fix config space access byte order

PCI config space is little-endian, so on a big-endian host we need to
perform byte swaps for values as they are passed to and received from
the generic PCI config space access machinery.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
Message-ID: <20240507094210.300566-6-mnissler@rivosinc.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit e6578f1f68a0e90789a841ada532c3e494c9a04c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 08eb23e4c954f6371570807862e47ded2b518b20
      
https://github.com/qemu/qemu/commit/08eb23e4c954f6371570807862e47ded2b518b20
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: fix operand size for DATA16 REX.W POPCNT

According to the manual, 32-bit vs 64-bit is governed by REX.W
and REX ignores the 0x66 prefix.  This can be confirmed with this
program:

    #include <stdio.h>
    int main()
    {
       int x = 0x12340000;
       int y;
       asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y);
       asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); 
printf("%x\n", y);
       asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); 
printf("%x\n", y);
    }

which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000
on QEMU.

Cc: qemu-stable@nongnu.org
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: drop removal of mo_64_32() helper function in target/i386/tcg/translate.c
 due to missing-in-9.0 v9.0.0-542-gaef4f4affde2
 "target/i386: remove now-converted opcodes from old decoder"
 which removed other user of it)


  Commit: 1e5c6ceb2705f3e8369f3cb47a656fd69ad96969
      
https://github.com/qemu/qemu/commit/1e5c6ceb2705f3e8369f3cb47a656fd69ad96969
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: rdpkru/wrpkru are no-prefix instructions

Reject 0x66/0xf3/0xf2 in front of them.

Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 40a3ec7b5ffde500789d016660a171057d6b467c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 6cb4afc418f11b1b9b56240b562762cccb1d8c8a
      
https://github.com/qemu/qemu/commit/6cb4afc418f11b1b9b56240b562762cccb1d8c8a
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/i386/cpu.c

  Log Message:
  -----------
  target/i386: fix feature dependency for WAITPKG

The VMX feature bit depends on general availability of WAITPKG,
not the other way round.

Fixes: 33cc88261c3 ("target/i386: add support for 
VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE", 2023-08-28)
Cc: qemu-stable@nongnu.org
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit fe01af5d47d4cf7fdf90c54d43f784e5068c8d72)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 52d96ce37da898b7febdb8bde3943dc7ab00be6a
      
https://github.com/qemu/qemu/commit/52d96ce37da898b7febdb8bde3943dc7ab00be6a
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M configure

  Log Message:
  -----------
  configure: quote -D options that are passed through to meson

Ensure that they go through unmodified, instead of removing one layer
of quoting.

-D is a pretty specialized option and most options that can have spaces
do not need it (for example, c_args is covered by --extra-cflags).
Therefore it's unlikely that this causes actual trouble.  However,
a somewhat realistic failure case would be with -Dpkg_config_path
and a pkg-config directory that contains spaces.

Cc: qemu-stable@nongnu.org
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 23b1f53c2c8990ed745acede171e49645af3d6d0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 33a17bcbaf7bee4eb2dff5eaff17236a159fa3f3
      
https://github.com/qemu/qemu/commit/33a17bcbaf7bee4eb2dff5eaff17236a159fa3f3
  Author: Thomas Huth <thuth@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M configure

  Log Message:
  -----------
  configure: Fix error message when C compiler is not working

If you try to run the configure script on a system without a working
C compiler, you get a very misleading error message:

 ERROR: Unrecognized host OS (uname -s reports 'Linux')

Some people already opened bug tickets because of this problem:

 https://gitlab.com/qemu-project/qemu/-/issues/2057
 https://gitlab.com/qemu-project/qemu/-/issues/2288

We should rather tell the user that we were not able to use the C
compiler instead, otherwise they will have a hard time to figure
out what was going wrong.

While we're at it, let's also suppress the "unrecognized host CPU"
message in this case since it is rather misleading than helpful.

Fixes: 264b803721 ("configure: remove compiler sanity check")
Message-ID: <20240513114010.51608-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 371d60dfdb47dd18d163a7759968ba138089371e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: ba27e719763673057a3aa9a2581272cdbedb7f6c
      
https://github.com/qemu/qemu/commit/ba27e719763673057a3aa9a2581272cdbedb7f6c
  Author: hikalium <hikalium@hikalium.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M ui/gtk.c

  Log Message:
  -----------
  ui/gtk: Fix mouse/motion event scaling issue with GTK display backend

Remove gtk_widget_get_scale_factor() usage from the calculation of
the motion events in the GTK backend to make it work correctly on
environments that have `gtk_widget_get_scale_factor() != 1`.

This scale factor usage had been introduced in the commit f14aab420c and
at that time the window size was used for calculating the things and it
was working correctly. However, in the commit 2f31663ed4 the logic
switched to use the widget size instead of window size and because of
the change the usage of scale factor becomes invalid (since widgets use
`vc->gfx.scale_{x, y}` for scaling).

Tested on Crostini on ChromeOS (15823.51.0) with an external display.

Fixes: 2f31663ed4 ("ui/gtk: use widget size for cursor motion event")
Fixes: f14aab420c ("ui: fix incorrect pointer position on highdpi with
gtk")

Signed-off-by: hikalium <hikalium@hikalium.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240512111435.30121-3-hikalium@hikalium.com>
(cherry picked from commit 37e91415018db3656b46cdea8f9e4d47b3ff130d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: bbfe1d4e8b0a46ccde5039aca9355f8b7fd18ae5
      
https://github.com/qemu/qemu/commit/bbfe1d4e8b0a46ccde5039aca9355f8b7fd18ae5
  Author: Dongwon Kim <dongwon.kim@intel.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M ui/gtk-egl.c
    M ui/gtk-gl-area.c
    M ui/gtk.c

  Log Message:
  -----------
  ui/gtk: Check if fence_fd is equal to or greater than 0

'fence_fd' needs to be validated always before being referenced
And the passing condition should include '== 0' as 0 is a valid
value for the file descriptor.

Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-Id: <20240508175403.3399895-2-dongwon.kim@intel.com>
(cherry picked from commit e4e62514e3cc2fc9dbae44af8b80f61c730beab4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 2965ecc4870a55648508f2c5cbf63a02b9a55387
      
https://github.com/qemu/qemu/commit/2965ecc4870a55648508f2c5cbf63a02b9a55387
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M tcg/loongarch64/tcg-target.c.inc

  Log Message:
  -----------
  tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs

TCG register spill/fill uses tcg_out_ld/st with all types,
not necessarily going through INDEX_op_{ld,st}_vec.

Cc: qemu-stable@nongnu.org
Fixes: 16288ded944 ("tcg/loongarch64: Lower basic tcg vec ops to LSX")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2336
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Tested-by: Song Gao <gaosong@loongson.cn>
(cherry picked from commit c9290dfebfdba5c13baa5e1f10e13a1c876b0643)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 2569dec929737f8bef4b9e1501ff0e41acf7af3c
      
https://github.com/qemu/qemu/commit/2569dec929737f8bef4b9e1501ff0e41acf7af3c
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M hw/block/pflash_cfi01.c

  Log Message:
  -----------
  hw/pflash: fix block write start

Move the pflash_blk_write_start() call.  We need the offset of the
first data write, not the offset for the setup (number-of-bytes)
write.  Without this fix u-boot can do block writes to the first
flash block only.

While being at it drop a leftover FIXME.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2343
Fixes: 284a7ee2e290 ("hw/pflash: implement update buffer for block writes")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240516121237.534875-1-kraxel@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 2563be6317fa9b5e661d79581538c704ecb90a1a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 285cef5c3944efac176cef60036748184d1bf5af
      
https://github.com/qemu/qemu/commit/285cef5c3944efac176cef60036748184d1bf5af
  Author: donsheng <dongsheng.x.zhang@intel.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/i386/kvm/hyperv.c

  Log Message:
  -----------
  target-i386: hyper-v: Correct kvm_hv_handle_exit return value

This bug fix addresses the incorrect return value of kvm_hv_handle_exit for
KVM_EXIT_HYPERV_SYNIC, which should be EXCP_INTERRUPT.

Handling of KVM_EXIT_HYPERV_SYNIC in QEMU needs to be synchronous.
This means that async_synic_update should run in the current QEMU vCPU
thread before returning to KVM, returning EXCP_INTERRUPT to guarantee this.
Returning 0 can cause async_synic_update to run asynchronously.

One problem (kvm-unit-tests's hyperv_synic test fails with timeout error)
caused by this bug:

When a guest VM writes to the HV_X64_MSR_SCONTROL MSR to enable Hyper-V SynIC,
a VM exit is triggered and processed by the kvm_hv_handle_exit function of the
QEMU vCPU. This function then calls the async_synic_update function to set
synic->sctl_enabled to true. A true value of synic->sctl_enabled is required
before creating SINT routes using the hyperv_sint_route_new() function.

If kvm_hv_handle_exit returns 0 for KVM_EXIT_HYPERV_SYNIC, the current QEMU
vCPU thread may return to KVM and enter the guest VM before running
async_synic_update. In such case, the hyperv_synic test’s subsequent call to
synic_ctl(HV_TEST_DEV_SINT_ROUTE_CREATE, ...) immediately after writing to
HV_X64_MSR_SCONTROL can cause QEMU’s hyperv_sint_route_new() function to return
prematurely (because synic->sctl_enabled is false).

If the SINT route is not created successfully, the SINT interrupt will not be
fired, resulting in a timeout error in the hyperv_synic test.

Fixes: 267e071bd6d6 (“hyperv: make overlay pages for SynIC”)
Suggested-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Dongsheng Zhang <dongsheng.x.zhang@intel.com>
Message-ID: <20240521200114.11588-1-dongsheng.x.zhang@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 84d4b72854869821eb89813c195927fdd3078c12)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 41558f42b3f26e933287d17d6e8f1a5eddf3e191
      
https://github.com/qemu/qemu/commit/41558f42b3f26e933287d17d6e8f1a5eddf3e191
  Author: Fiona Ebner <f.ebner@proxmox.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M hw/core/machine.c

  Log Message:
  -----------
  hw/core/machine: move compatibility flags for VirtIO-net USO to machine 8.1

Migration from an 8.2 or 9.0 binary to an 8.1 binary with machine
version 8.1 can fail with:

> kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7
> kvm: Failed to load virtio-net:virtio
> kvm: error while loading state for instance 0x0 of device 
> '0000:00:12.0/virtio-net'
> kvm: load of migration failed: Operation not permitted

The series

53da8b5a99 virtio-net: Add support for USO features
9da1684954 virtio-net: Add USO flags to vhost support.
f03e0cf63b tap: Add check for USO features
2ab0ec3121 tap: Add USO support to tap device.

only landed in QEMU 8.2, so the compatibility flags should be part of
machine version 8.1.

Moving the flags unfortunately breaks forward migration with machine
version 8.1 from a binary without this patch to a binary with this
patch.

Fixes: 53da8b5a99 ("virtio-net: Add support for USO features")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
(cherry picked from commit 9710401276a0eb2fc6d467d9abea1f5e3fe2c362)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: d27df7187bd67ec9abaffcd2af23a89bae948bf8
      
https://github.com/qemu/qemu/commit/d27df7187bd67ec9abaffcd2af23a89bae948bf8
  Author: Song Gao <gaosong@loongson.cn>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/loongarch/kvm/kvm.c

  Log Message:
  -----------
  target/loongarch/kvm: fpu save the vreg registers high 192bit

On kvm side, get_fpu/set_fpu save the vreg registers high 192bits,
but QEMU missing.

Cc: qemu-stable@nongnu.org
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-Id: <20240514110752.989572-1-gaosong@loongson.cn>
(cherry picked from commit 07c0866103d4aa2dd83c7c3e7898843e28e3893a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 16b1ecee52effa3346fb34dcc351e4645e4ab53e
      
https://github.com/qemu/qemu/commit/16b1ecee52effa3346fb34dcc351e4645e4ab53e
  Author: Song Gao <gaosong@loongson.cn>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M hw/loongarch/virt.c

  Log Message:
  -----------
  hw/loongarch: Fix fdt memory node wrong 'reg'

The right fdt memory node like [1], not [2]

  [1]
        memory@0 {
                device_type = "memory";
                reg = <0x00 0x00 0x00 0x10000000>;
        };
  [2]
        memory@0 {
                device_type = "memory";
                reg = <0x02 0x00 0x02 0x10000000>;
        };

Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20240426091551.2397867-10-gaosong@loongson.cn>
(cherry picked from commit b11f9814526b833b3a052be2559457b1affad7f5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 085446905000d6b80978815594a7cd34d54ff46b
      
https://github.com/qemu/qemu/commit/085446905000d6b80978815594a7cd34d54ff46b
  Author: Jiaxun Yang <jiaxun.yang@flygoat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M hw/loongarch/virt.c

  Log Message:
  -----------
  hw/loongarch/virt: Fix FDT memory node address width

Higher bits for memory nodes were omitted at qemu_fdt_setprop_cells.

Cc: qemu-stable@nongnu.org
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20240520-loongarch-fdt-memnode-v1-1-5ea9be93911e@flygoat.com>
Signed-off-by: Song Gao <gaosong@loongson.cn>
(cherry picked from commit 6204af704a071ea68d3af55c0502b112a7af9546)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 2774c7ffa45e7f87e545e571d75a47e2bf1c7a9a
      
https://github.com/qemu/qemu/commit/2774c7ffa45e7f87e545e571d75a47e2bf1c7a9a
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M tests/docker/dockerfiles/debian-all-test-cross.docker
    M tests/docker/dockerfiles/debian-hexagon-cross.docker
    M tests/docker/dockerfiles/debian-legacy-test-cross.docker
    M tests/docker/dockerfiles/debian-loongarch-cross.docker
    M tests/docker/dockerfiles/debian-tricore-cross.docker
    M tests/docker/dockerfiles/debian-xtensa-cross.docker
    M tests/docker/dockerfiles/fedora-cris-cross.docker

  Log Message:
  -----------
  dockerfiles: add 'MAKE' env variable to remaining containers

All the lcitool generated containers define a "MAKE" env. It will be
convenient for later patches if all containers do this.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20240513111551.488088-2-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit bad7a2759c69417a5558f0f19d4ede58c08705e8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 033fa7a8b55b36323dd1907ddd005dec1d57401f
      
https://github.com/qemu/qemu/commit/033fa7a8b55b36323dd1907ddd005dec1d57401f
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: disable jmp_opt if EFLAGS.RF is 1

If EFLAGS.RF is 1, special processing in gen_eob_worker() is needed and
therefore goto_tb cannot be used.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 8225bff7c5db504f50e54ef66b079854635dba70)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 1c5f8398f4f2fb8fcf49938e23616061b5e7d5c5
      
https://github.com/qemu/qemu/commit/1c5f8398f4f2fb8fcf49938e23616061b5e7d5c5
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2024-05-27 (Mon, 27 May 2024)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: no single-step exception after MOV or POP SS

Intel SDM 18.3.1.4 "If an occurrence of the MOV or POP instruction
loads the SS register executes with EFLAGS.TF = 1, no single-step debug
exception occurs following the MOV or POP instruction."

Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f0f0136abba688a6516647a79cc91e03fad6d5d7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/5433bb518673%5E...1c5f8398f4f2

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications



reply via email to

[Prev in Thread] Current Thread [Next in Thread]