[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] d38d74: target/arm: Fix SME FMOPA (16-bit), B
|
From: |
Patrick Venture |
|
Subject: |
[Qemu-commits] [qemu/qemu] d38d74: target/arm: Fix SME FMOPA (16-bit), BFMOPA |
|
Date: |
Mon, 11 Dec 2023 10:13:28 -0800 |
Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: d38d749a9935092e7f71107f6944b3a30a420fda
https://github.com/qemu/qemu/commit/d38d749a9935092e7f71107f6944b3a30a420fda
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-11-22 (Wed, 22 Nov 2023)
Changed paths:
M target/arm/sme_helper.c
Log Message:
-----------
target/arm: Fix SME FMOPA (16-bit), BFMOPA
Perform the loop increment unconditionally, not nested
within the predication.
Cc: qemu-stable@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1985
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231117193135.1180657-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 3efd8495735c69b863476e9003e624877382a72d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b9fd6d95211fb5190c3aa862b2f26b6735916791
https://github.com/qemu/qemu/commit/b9fd6d95211fb5190c3aa862b2f26b6735916791
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-11-22 (Wed, 22 Nov 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: fix legacy software reset
Legacy software contains a standard mechanism for generating a reset to a
Serial ATA device - setting the SRST (software reset) bit in the Device
Control register.
Serial ATA has a more robust mechanism called COMRESET, also referred to
as port reset. A port reset is the preferred mechanism for error
recovery and should be used in place of software reset.
Commit e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
(mjt: 1e5ad6b06b1e in stable-7.2 series, v7.2.6)
improved the handling of PxCI, such that PxCI gets cleared after handling
a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
receiving anything - even a FIS that failed to parse, which should NOT
clear PxCI, so that you can see which command slot that caused an error).
However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
enough, we also need to clear PxCI when receiving a SRST in the Device
Control register.
A legacy software reset is performed by the host sending two H2D FISes,
the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
The first H2D FIS will not get a D2H reply, and requires the FIS to have
the C bit set to one, such that the HBA itself will clear the bit in PxCI.
The second H2D FIS will get a D2H reply once the diagnostic is completed.
The clearing of the bit in PxCI for this command should ideally be done
in ahci_init_d2h() (if it was a legacy software reset that caused the
reset (a COMRESET does not use a command slot)). However, since the reset
value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
that way we can avoid complex logic in ahci_init_d2h().
This fixes an issue for FreeBSD where the device would fail to reset.
The problem was not noticed in Linux, because Linux uses a COMRESET
instead of a legacy software reset by default.
Fixes: e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-ID: <20231108222657.117984-1-nks@flawful.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit eabb921250666501ae78714b60090200b639fcfe)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: mention 1e5ad6b06b1e for stable-7.2)
Commit: fdebed6dcd788e408deaa0e9bf1abe85af139623
https://github.com/qemu/qemu/commit/fdebed6dcd788e408deaa0e9bf1abe85af139623
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M hw/net/allwinner-sun8i-emac.c
M hw/net/allwinner_emac.c
M hw/net/cadence_gem.c
M hw/net/dp8393x.c
M hw/net/e1000.c
M hw/net/e1000e.c
M hw/net/eepro100.c
M hw/net/etraxfs_eth.c
M hw/net/fsl_etsec/etsec.c
M hw/net/ftgmac100.c
M hw/net/i82596.c
M hw/net/imx_fec.c
M hw/net/lan9118.c
M hw/net/mcf_fec.c
M hw/net/mipsnet.c
M hw/net/msf2-emac.c
M hw/net/mv88w8618_eth.c
M hw/net/ne2000-isa.c
M hw/net/ne2000-pci.c
M hw/net/npcm7xx_emc.c
M hw/net/opencores_eth.c
M hw/net/pcnet.c
M hw/net/rocker/rocker_fp.c
M hw/net/rtl8139.c
M hw/net/smc91c111.c
M hw/net/spapr_llan.c
M hw/net/stellaris_enet.c
M hw/net/sungem.c
M hw/net/sunhme.c
M hw/net/tulip.c
M hw/net/virtio-net.c
M hw/net/vmxnet3.c
M hw/net/xen_nic.c
M hw/net/xgmac.c
M hw/net/xilinx_axienet.c
M hw/net/xilinx_ethlite.c
M hw/usb/dev-network.c
M include/net/net.h
M net/net.c
Log Message:
-----------
net: Provide MemReentrancyGuard * to qemu_new_nic()
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 7d0fefdf81f5973334c344f6b8e1896c309dff66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup in hw/net/xen_nic.c due to lack of v8.1.0-2771-g25967ff69f
"hw/xen: update Xen PV NIC to XenDevice model"
and removed hw/net/igb.c bits)
Commit: 3c0463a650008aec7de29cf84540652730510921
https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M include/net/net.h
M net/net.c
Log Message:
-----------
net: Update MemReentrancyGuard for NIC
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
This implementation follows what bottom half does, but it does not add
a tracepoint for the case that the network device backend started
delivering a packet to a device which is already engaging in I/O. This
is because such reentrancy frequently happens for
qemu_flush_queued_packets() and is insignificant.
Fixes: CVE-2023-3019
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e79947a57fe0150b42eeb666557c5e894543dcce
https://github.com/qemu/qemu/commit/e79947a57fe0150b42eeb666557c5e894543dcce
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Fix loaddr computation for some elf files
The file offset of the load segment is not relevant to the
low address, only the beginning of the virtual address page.
Cc: qemu-stable@nongnu.org
Fixes: a93934fecd4 ("elf: take phdr offset into account when calculating the
program load address")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1952
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 82d70a84c8ee42ef969a9cfddc0f5b30b16165f5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: dff579171c529f0330325f00370f131a2eab3a1b
https://github.com/qemu/qemu/commit/dff579171c529f0330325f00370f131a2eab3a1b
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M docs/devel/testing.rst
M tests/avocado/cpu_queries.py
M tests/avocado/empty_cpu_model.py
M tests/avocado/pc_cpu_hotplug_props.py
M tests/avocado/x86_cpu_model_versions.py
Log Message:
-----------
tests/avocado: Replace assertEquals() for Python 3.12 compatibility
assertEquals() has been removed in Python 3.12 and should be replaced by
assertEqual(). See: https://docs.python.org/3.12/whatsnew/3.12.html#id3
Message-ID: <20231114134326.287242-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 861f724d03e1748cda1c5b9ec8457a368590cbd5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context in pc_cpu_hotplug_props.py & cpu_queries.py for before
v8.1.0-1582-g684750ab4f "python/qemu: rename command() to cmd()")
Commit: d9a0224b2a2e5c4310de51f4b70af9b04e561727
https://github.com/qemu/qemu/commit/d9a0224b2a2e5c4310de51f4b70af9b04e561727
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M docs/devel/testing.rst
M tests/avocado/version.py
Log Message:
-----------
tests/avocado: Replace assertRegexpMatches() for Python 3.12 compatibility
assertRegexpMatches() has been removed in Python 3.12 and should be replaced by
assertRegex(). See: https://docs.python.org/3.12/whatsnew/3.12.html#id3
Inspired-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20231114144832.71612-1-philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit f0a663b4ced2bf315936c774c2b6ff398fce8905)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context for before v8.1.0-1582-g684750ab4f
"python/qemu: rename command() to cmd()")
Commit: ac179ffe7e1c611b731a8705ae28fbfa04e89539
https://github.com/qemu/qemu/commit/ac179ffe7e1c611b731a8705ae28fbfa04e89539
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M target/arm/syndrome.h
Log Message:
-----------
target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes
The syndrome register value always has an IL field at bit 25, which
is 0 for a trap on a 16 bit instruction, and 1 for a trap on a 32
bit instruction (or for exceptions which aren't traps on a known
instruction, like PC alignment faults). This means that our
syn_*() functions should always either take an is_16bit argument to
determine whether to set the IL bit, or else unconditionally set it.
We missed setting the IL bit for the syndrome for three kinds of trap:
* an SVE access exception
* a pointer authentication check failure
* a BTI (branch target identification) check failure
All of these traps are AArch64 only, and so the instruction causing
the trap is always 64 bit. This means we can unconditionally set
the IL bit in the syn_*() function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120150121.3458408-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 11a3c4a286d5dc603582ea0a1fca62c2ec0a1aee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c2c630c32c4f6bdd26daee195ac9837d4fdc58c2
https://github.com/qemu/qemu/commit/c2c630c32c4f6bdd26daee195ac9837d4fdc58c2
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M target/arm/helper.c
M tests/tcg/aarch64/Makefile.softmmu-target
A tests/tcg/aarch64/system/vtimer.c
Log Message:
-----------
target/arm: Handle overflow in calculation of next timer tick
In commit edac4d8a168 back in 2015 when we added support for
the virtual timer offset CNTVOFF_EL2, we didn't correctly update
the timer-recalculation code that figures out when the timer
interrupt is next going to change state. We got it wrong in
two ways:
* for the 0->1 transition, we didn't notice that gt->cval + offset
can overflow a uint64_t
* for the 1->0 transition, we didn't notice that the transition
might now happen before the count rolls over, if offset > count
In the former case, we end up trying to set the next interrupt
for a time in the past, which results in QEMU hanging as the
timer fires continuously.
In the latter case, we would fail to update the interrupt
status when we are supposed to.
Fix the calculations in both cases.
The test case is Alex Bennée's from the bug report, and tests
the 0->1 transition overflow case.
Fixes: edac4d8a168 ("target-arm: Add CNTVOFF_EL2")
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/60
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120173506.3729884-1-peter.maydell@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 8d37a1425b9954d7e445615dcad23456515e24c0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fdeedfc4329a7419907d30336276b9964f043364
https://github.com/qemu/qemu/commit/fdeedfc4329a7419907d30336276b9964f043364
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/virtio/virtio-iommu-pci.c
Log Message:
-----------
hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize()
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 8077b8e549 added:
DEFINE_PROP_ARRAY("reserved-regions", VirtIOIOMMUPCI,
vdev.nb_reserved_regions, vdev.reserved_regions,
qdev_prop_reserved_region, ReservedRegion),
but forgot to free the 'vdev.reserved_regions' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 8077b8e549 ("virtio-iommu-pci: Add array of Interval properties") #
v5.1.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20231121174051.63038-3-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit c9a4aa06dfce0fde1e279e1ea0c1945582ec0d16)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup hw/virtio/virtio-iommu-pci.c for before v8.1.0-2552-g41cc70cdf5,
"virtio-iommu: Rename reserved_regions into prop_resv_regions" -- so now
patch subject matches actual change again)
Commit: 5ebfad9144575872fd52c8f2c94d4688fd226065
https://github.com/qemu/qemu/commit/5ebfad9144575872fd52c8f2c94d4688fd226065
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/misc/mps2-scc.c
Log Message:
-----------
hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 4fb013afcc added:
DEFINE_PROP_ARRAY("oscclk", MPS2SCC, num_oscclk, oscclk_reset,
qdev_prop_uint32, uint32_t),
but forgot to free the 'oscclk_reset' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 4fb013afcc ("hw/misc/mps2-scc: Support configurable number of OSCCLK
values") # v6.0.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-4-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 896dd6ff7b9f2575f1a908a07f26a70b58d8b675)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f4af85df01576b603f015cb442c73332dd743700
https://github.com/qemu/qemu/commit/f4af85df01576b603f015cb442c73332dd743700
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/nvram/xlnx-efuse.c
Log Message:
-----------
hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] array on finalize()
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 68fbcc344e added:
DEFINE_PROP_ARRAY("read-only", XlnxEFuse, ro_bits_cnt, ro_bits,
qdev_prop_uint32, uint32_t),
but forgot to free the 'ro_bits' array. Do it in the instance_finalize
handler.
Cc: qemu-stable@nongnu.org
Fixes: 68fbcc344e ("hw/nvram: Introduce Xilinx eFuse QOM") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-5-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 49b3e28b7bdfe771150d05c4b5860aa7854a4232)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 30533ae255fe2abc6a6191dd17ec36bef9899e4a
https://github.com/qemu/qemu/commit/30533ae255fe2abc6a6191dd17ec36bef9899e4a
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/nvram/xlnx-versal-efuse-ctrl.c
Log Message:
-----------
hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 9e4aa1fafe added:
DEFINE_PROP_ARRAY("pg0-lock",
XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),
but forgot to free the 'extra_pg0_lock_spec' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 9e4aa1fafe ("hw/nvram: Xilinx Versal eFuse device") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-6-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4f10c66077e39969940d928077560665e155cac8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 93f9a26097aa9cc87f4b00ac6a9f2f965d3ed9af
https://github.com/qemu/qemu/commit/93f9a26097aa9cc87f4b00ac6a9f2f965d3ed9af
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/virtio/virtio-pci.c
M include/hw/virtio/virtio-pci.h
Log Message:
-----------
hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
The VirtioPCIDeviceTypeInfo structure, added in commit a4ee4c8baa
("virtio: Helper for registering virtio device types") got extended
in commit 8ea90ee690 ("virtio: add class_size") with the @class_size
field. Do similarly with the @instance_finalize field.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-2-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 837053a7f491b445088eac647abe7f462c50f59a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8ad06fb09f54c5b9934708c1378542e22e35c8a6
https://github.com/qemu/qemu/commit/8ad06fb09f54c5b9934708c1378542e22e35c8a6
Author: Fam Zheng <fam@euphon.net>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M block/vmdk.c
M tests/qemu-iotests/059
M tests/qemu-iotests/059.out
Log Message:
-----------
vmdk: Don't corrupt desc file in vmdk_write_cid
If the text description file is larger than DESC_SIZE, we force the last
byte in the buffer to be 0 and write it out.
This results in a corruption.
Try to allocate a big buffer in this case.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1923
Signed-off-by: Fam Zheng <fam@euphon.net>
Message-ID: <20231124115654.3239137-1-fam@euphon.net>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9fb7b350ba9816ebca8a7614fec486fd4269ab2d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixups in block/vmdk.c due to missing-in-7.2 v8.0.0-2084-g28944f99c4
"vmdk: mark more functions as coroutine_fns and GRAPH_RDLOCK")
Commit: 8019e729acef06271a361cbf3c08b0eb1967a924
https://github.com/qemu/qemu/commit/8019e729acef06271a361cbf3c08b0eb1967a924
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/mips/malta.c
Log Message:
-----------
hw/mips/malta: Fix the malta machine on big endian hosts
Booting a Linux kernel with the malta machine is currently broken
on big endian hosts. The cpu_to_gt32 macro wants to byteswap a value
for little endian targets only, but uses the wrong way to do this:
cpu_to_[lb]e32 works the other way round on big endian hosts! Fix
it by using the same ways on both, big and little endian hosts.
Fixes: 0c8427baf0 ("hw/mips/malta: Use bootloader helper to set BAR registers")
Cc: qemu-stable@nongnu.org
Message-Id: <20230330152613.232082-1-thuth@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit dc96009afd8cf2372fa1bbced0bcbcbb2c5d6f1b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context for before v7.2.0-677-g0e45355c5c)
Commit: b75e5d34a22baaab226e9c91a40237b4cbb10e16
https://github.com/qemu/qemu/commit/b75e5d34a22baaab226e9c91a40237b4cbb10e16
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/audio/hda-codec.c
Log Message:
-----------
hw/audio/hda-codec: fix multiplication overflow
After a relatively short time, there is an multiplication overflow
when multiplying (now - buft_start) with hda_bytes_per_second().
While the uptime now - buft_start only overflows after 2**63 ns
= 292.27 years, this happens hda_bytes_per_second() times faster
with the multiplication. At 44100 samples/s * 2 channels
* 2 bytes/channel = 176400 bytes/s that is 14.52 hours. After the
multiplication overflow the affected audio stream stalls.
Replace the multiplication and following division with muldiv64()
to prevent a multiplication overflow.
Fixes: 280c1e1cdb ("audio/hda: create millisecond timers that handle IO")
Reported-by: M_O_Bz <m_o_bz@163.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20231105172552.8405-1-vr_qemu@t-online.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 74e8593e7e51d6b11ae9c56a3f4e7bb714bac4ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b0cd642d0fbbdfd9ecf5e4c4404bcf108940ce07
https://github.com/qemu/qemu/commit/b0cd642d0fbbdfd9ecf5e4c4404bcf108940ce07
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/pci/pcie_sriov.c
Log Message:
-----------
pcie_sriov: Remove g_new assertion
g_new() aborts if the allocation fails so it returns NULL only if the
requested allocation size is zero. register_vfs() makes such an
allocation if NumVFs is zero so it should not assert that g_new()
returns a non-NULL value.
Fixes: 7c0fa8dff8 ("pcie: Add support for Single Root I/O Virtualization
(SR/IOV)")
Buglink: https://issues.redhat.com/browse/RHEL-17209
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20231123075630.12057-1-akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Yanghang Liu<yanghliu@redhat.com>
Reviewed-by: Cédric Le Goater <<a href="mailto:clg@redhat.com";
target="_blank">clg@redhat.com</a>><br>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 714a1415d7a69174e1640fcdd6eaae180fe438aa)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f42d49a4aecdf686e27d735606fda83e4af33604
https://github.com/qemu/qemu/commit/f42d49a4aecdf686e27d735606fda83e4af33604
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/acpi/erst.c
Log Message:
-----------
hw/acpi/erst: Do not ignore Error* in realize handler
erst_realizefn() passes @errp to functions without checking for
failure. If it runs into another failure, it trips error_setv()'s
assertion.
Use the ERRP_GUARD() macro and check *errp, as suggested in commit
ae7c80a7bd ("error: New macro ERRP_GUARD()").
Cc: qemu-stable@nongnu.org
Fixes: f7e26ffa59 ("ACPI ERST: support for ACPI ERST feature")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20231120130017.81286-1-philmd@linaro.org>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 20bc50137f3add52eb4788b420d717de27fed14b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a34ae0f8fbc17b53b8d20be779c8d118a8f1bc64
https://github.com/qemu/qemu/commit/a34ae0f8fbc17b53b8d20be779c8d118a8f1bc64
Author: Robert Hoo <robert.hoo.linux@gmail.com>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M hw/pci/msix.c
Log Message:
-----------
msix: unset PCIDevice::msix_vector_poll_notifier in rollback
In the rollback in msix_set_vector_notifiers(), original patch forgot to
undo msix_vector_poll_notifier pointer.
Fixes: bbef882cc193 ("msi: add API to get notified about pending bit poll")
Signed-off-by: Robert Hoo <robert.hoo.linux@gmail.com>
Message-Id: <20231113081349.1307-1-robert.hoo.linux@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 2d37fe9e5e61b04bddbed00dbb7436e61a01c115)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a0352cf5452c81cb6efd0ee4f099cc544e7e8c68
https://github.com/qemu/qemu/commit/a0352cf5452c81cb6efd0ee4f099cc544e7e8c68
Author: Antonio Caggiano <quic_acaggian@quicinc.com>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: Check EGLSurface before doing scanout
The first time gd_egl_scanout_texture() is called, there's a possibility
that the GTK drawing area might not be realized yet, in which case its
associated GdkWindow is NULL. This means gd_egl_init() was also skipped
and the EGLContext and EGLSurface stored in the VirtualGfxConsole are
not valid yet.
Continuing with the scanout in this conditions would result in hitting
an assert in libepoxy: "Couldn't find current GLX or EGL context".
A possible workaround is to just ignore the scanout request, giving the
the GTK drawing area some time to finish its realization. At that point,
the gd_egl_init() will succeed and the EGLContext and EGLSurface stored
in the VirtualGfxConsole will be valid.
Signed-off-by: Antonio Caggiano <quic_acaggian@quicinc.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231016123215.2699269-1-quic_acaggian@quicinc.com>
(cherry picked from commit 6f189a08c1b0085808af1bfbf4567f0da193ecc1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d19c15dcaa9983231db8eb73a4c038dbdb7b8bb6
https://github.com/qemu/qemu/commit/d19c15dcaa9983231db8eb73a4c038dbdb7b8bb6
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: move function calls back to regular code path
Commit 6f189a08c1 ("ui/gtk-egl: Check EGLSurface before doing
scanout") introduced a regression when QEMU is running with a
virtio-gpu-gl-device on a host under X11. After the guest has
initialized the virtio-gpu-gl-device, the guest screen only
shows "Display output is not active.".
Commit 6f189a08c1 moved all function calls in
gd_egl_scanout_texture() to a code path which is only called
once after gd_egl_init() succeeds in gd_egl_scanout_texture().
Move all function calls in gd_egl_scanout_texture() back to
the regular code path so they get always called if one of the
gd_egl_init() calls was successful.
Fixes: 6f189a08c1 ("ui/gtk-egl: Check EGLSurface before doing scanout")
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231111104020.26183-1-vr_qemu@t-online.de>
(cherry picked from commit 53a939f1bf8e4a3e38f9449fac44f572676966ad)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2c071a39249880919255d79c5cb1486c47a5641b
https://github.com/qemu/qemu/commit/2c071a39249880919255d79c5cb1486c47a5641b
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M ui/vnc-clipboard.c
Log Message:
-----------
ui/vnc-clipboard: fix inflate_buffer
Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
required, because it can happen that stream.avail_in becomes zero
before coming across a return value of Z_STREAM_END in the loop.
This fixes the host->guest direction of the clipboard with noVNC and
TigerVNC as clients.
Fixes: d921fea338 ("ui/vnc-clipboard: fix infinite loop in inflate_buffer
(CVE-2023-3255)")
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231122125826.228189-1-f.ebner@proxmox.com>
(cherry picked from commit ebfbf394671163c14e2b24d98f3927a3151d1aff)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ee0d64d09629b5e6669b095bafa45d1c713a7680
https://github.com/qemu/qemu/commit/ee0d64d09629b5e6669b095bafa45d1c713a7680
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M target/arm/cpu.c
Log Message:
-----------
target/arm: Disable SME if SVE is disabled
There is no architectural requirement that SME implies SVE, but
our implementation currently assumes it. (FEAT_SME_FA64 does
imply SVE.) So if you try to run a CPU with eg "-cpu max,sve=off"
you quickly run into an assert when the guest tries to write to
SMCR_EL1:
#6 0x00007ffff4b38e96 in __GI___assert_fail
(assertion=0x5555566e69cb "sm", file=0x5555566e5b24
"../../target/arm/helper.c", line=6865, function=0x5555566e82f0
<__PRETTY_FUNCTION__.31> "sve_vqm1_for_el_sm") at ./assert/assert.c:101
#7 0x0000555555ee33aa in sve_vqm1_for_el_sm (env=0x555557d291f0, el=2,
sm=false) at ../../target/arm/helper.c:6865
#8 0x0000555555ee3407 in sve_vqm1_for_el (env=0x555557d291f0, el=2) at
../../target/arm/helper.c:6871
#9 0x0000555555ee3724 in smcr_write (env=0x555557d291f0, ri=0x555557da23b0,
value=2147483663) at ../../target/arm/helper.c:6995
#10 0x0000555555fd1dba in helper_set_cp_reg64 (env=0x555557d291f0,
rip=0x555557da23b0, value=2147483663) at ../../target/arm/tcg/op_helper.c:839
#11 0x00007fff60056781 in code_gen_buffer ()
Avoid this unsupported and slightly odd combination by
disabling SME when SVE is not present.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2005
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231127173318.674758-1-peter.maydell@linaro.org
(cherry picked from commit f7767ca301796334f74b9b642b395a4bd3e3dbac)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9dca93062d806d526f091d0078fabf0c33f1e0c0
https://github.com/qemu/qemu/commit/9dca93062d806d526f091d0078fabf0c33f1e0c0
Author: Patrick Venture <venture@google.com>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M softmmu/memory.c
Log Message:
-----------
system/memory: use ldn_he_p/stn_he_p
Using direct pointer dereferencing can allow for unaligned accesses,
which was seen during execution with sanitizers enabled.
Cc: qemu-stable@nongnu.org
Reviewed-by: Chris Rauer <crauer@google.com>
Reviewed-by: Peter Foley <pefoley@google.com>
Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20231116163633.276671-1-venture@google.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 2b8fe81b3c2e76d241510a9a85496d544e42f5ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/14f0c7e3be85...9dca93062d80
- [Qemu-commits] [qemu/qemu] d38d74: target/arm: Fix SME FMOPA (16-bit), BFMOPA,
Patrick Venture <=