[PATCH 2/4] block/nbd: correctly use qio_channel_detach_aio_context when needed

Don't use nbd_client_detach_aio_context() driver handler where we want to finalize the connection. We should directly use qio_channel_detach_aio_context() in such cases. Driver handler may (and will) contain another things, unrelated to the qio channel. Signed-off-by: Vladimir Sementsov-Ogievskiy

[PATCH 3/4] block/nbd: fix reconnect-delay

reconnect-delay has a design flaw: we handle it in the same loop where we do connection attempt. So, reconnect-delay may be exceeded by unpredictable time of connection attempt. Let's instead use separate timer. How to reproduce the bug: 1. Create an image on node1: qemu-img create -f qcow2 x

Re: [PATCH v8 13/14] docs/system: Add Nuvoton machine documentation

On 8/25/20 2:17 AM, Havard Skinnemoen via wrote: > Reviewed-by: Cédric Le Goater > Signed-off-by: Havard Skinnemoen > --- > docs/system/arm/nuvoton.rst | 90 + > docs/system/target-arm.rst | 1 + > 2 files changed, 91 insertions(+) > create mode 100644 docs

Re: [PATCH 8/8] tusb6010: Rename TUSB to TUSB6010

On 9/3/20 8:01 PM, Eduardo Habkost wrote: > Make type checking function name consistent with the TYPE_TUSB6010 > constant and QOM type name ("tusb6010"). > > Suggested-by: Philippe Mathieu-Daudé > Suggested-by: "Daniel P. Berrangé" > Signed-off-by: Eduardo Habkost > --- > Changes v1 -> v2: > *

[PATCH] decodetree: Improve identifier matching

Only argument set members have to be C identifiers, everything else gets prefixed during conversion to C. Some places just checked the leading character, and some places matched a leading character plus a C identifier. Convert everything to match full identifiers, including the [&%@&] prefix, and

Re: [PATCH 14/63] i8254: Rename TYPE_I8254 to TYPE_PIT

On 9/3/20 6:55 PM, Eduardo Habkost wrote: > On Thu, Sep 03, 2020 at 05:44:29PM +0100, Daniel P. Berrangé wrote: >> On Thu, Sep 03, 2020 at 12:18:09PM -0400, Eduardo Habkost wrote: >>> On Thu, Sep 03, 2020 at 02:47:03PM +0200, Philippe Mathieu-Daudé >>> wrote: On 9/3/20 12:42 AM, Eduar

Re: [PATCH v1 3/8] tests/docker: add python3-setuptools the docker images

On 9/3/20 1:21 PM, Alex Bennée wrote: > We need these now for builds to work. > > Signed-off-by: Alex Bennée Reviewed-by: Philippe Mathieu-Daudé > --- > tests/docker/dockerfiles/debian10.docker | 1 + > tests/docker/dockerfiles/debian9.docker | 1 + > 2 files changed, 2 insertions(+) > > di

[PATCH v2 0/1] 9pfs: log warning if msize <= 8192

I have updated the QEMU 9P setup wiki page about this 'msize' issue. For some reason the dedicated anchor 'msize' does not work though: https://wiki.qemu.org/Documentation/9psetup#msize Not sure whether that's a wiki installation problem? When I view the wiki source, it looks like it is showing s

[PATCH v2 1/1] 9pfs: log warning if msize <= 8192

It is essential to choose a reasonable high value for 'msize' to avoid severely degraded file I/O performance. This parameter can only be chosen on client/guest side, and a Linux client defaults to an 'msize' of only 8192 if the user did not explicitly specify a value for 'msize', which results in

Re: [PATCH v1 8/8] migration: use pstrcpy to copy run state

On 9/3/20 2:13 PM, Paolo Bonzini wrote: > Il gio 3 set 2020, 13:21 Alex Bennée > ha scritto: > > The gcov build triggered: > >   ../../migration/global_state.c:47:5: error: ‘strncpy’ specified >       bound 100 equals destination size [-Werror=stringop-

Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions

On Thu, Sep 03, 2020 at 07:53:33PM +0200, Paolo Bonzini wrote: > On 03/09/20 17:50, Edgar E. Iglesias wrote: > >>> Hmm, I guess it would make sense to have a configurable option in KVM > >>> to isolate passthrough devices so they only can DMA to guest RAM... > >> > >> Passthrough devices are always

[PATCH 0/2] Makefile: Some more cleanups for cscope/TAGS/ctags

The first patch is a leftover that could probably go through the trivial tree. The second one avoids an awkward indexation of the meson code if the meson submodule is present. --- Greg Kurz (2): Makefile: Drop extra phony cscope Makefile: Skip the meson subdir in cscope/TAGS/ctags

[PATCH 1/2] Makefile: Drop extra phony cscope

Commit d79864058a64 added a dedicated phony line for cscope. Signed-off-by: Greg Kurz --- Makefile |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ed354c43b0ba..a9d3e2c4d375 100644 --- a/Makefile +++ b/Makefile @@ -127,7 +127,7 @@ generated-files-

[PATCH 2/2] Makefile: Skip the meson subdir in cscope/TAGS/ctags

If the meson submodule is present, we don't really want to index its source code. Consolidate the find command in a single place and use it for cscope, ctags and etags. Note that this now causes ctags and etags to also index assembly files, but this is okay since they both have been supporting asse

Re: [PATCH 14/63] i8254: Rename TYPE_I8254 to TYPE_PIT

On Thu, Sep 03, 2020 at 09:26:16PM +0200, Philippe Mathieu-Daudé wrote: > On 9/3/20 6:55 PM, Eduardo Habkost wrote: > > On Thu, Sep 03, 2020 at 05:44:29PM +0100, Daniel P. Berrangé wrote: > >> On Thu, Sep 03, 2020 at 12:18:09PM -0400, Eduardo Habkost wrote: > >>> On Thu, Sep 03, 2020 at 02:47:03PM

Re: [PATCH 20/63] pc87312: Rename TYPE_PC87312_SUPERIO to TYPE_PC87312

On 9/3/20 7:22 PM, Eduardo Habkost wrote: > On Thu, Sep 03, 2020 at 12:16:47PM -0400, Eduardo Habkost wrote: >> On Thu, Sep 03, 2020 at 02:45:12PM +0200, Philippe Mathieu-Daudé >> wrote: >>> On 9/3/20 12:42 AM, Eduardo Habkost wrote: This will make the type name constant consistent wit

Re: [PATCH] decodetree: Improve identifier matching

On 9/3/20 9:23 PM, Richard Henderson wrote: > Only argument set members have to be C identifiers, everything > else gets prefixed during conversion to C. Some places just > checked the leading character, and some places matched a leading > character plus a C identifier. > > Convert everything to

Re: [PATCH 2/2] Makefile: Skip the meson subdir in cscope/TAGS/ctags

On 03/09/20 21:47, Greg Kurz wrote: > If the meson submodule is present, we don't really want to index its > source code. Consolidate the find command in a single place and use > it for cscope, ctags and etags. Note that this now causes ctags and > etags to also index assembly files, but this is ok

[PATCH v2 2/3] hw/arm/mps2: New board model mps2-an500

Implement a model of the MPS2 with the AN500 firmware. This is similar to the AN385, with the following differences: * Cortex-M7 CPU * PSRAM is at 0x6000_ * Ethernet is at 0xa000_ * No zbt_boot_ctrl remapping of the low 16K (but QEMU doesn't implement this anyway) * no "block RAM" a

[PATCH v2 1/3] hw/arm/mps2: New board model mps2-an386

Implement a model of the MPS2 with the AN386 firmware. This is essentially identical to the AN385 firmware, but it has a Cortex-M4 rather than a Cortex-M3. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé --- The docs update is new since v1, but I'

[PATCH v2 0/3] target/arm: New boards mps2-an386, mps2-an500

This series adds two new board models in the mps2 family. The AN386 is identical to the AN385 but with a Cortex-M4. The AN500 is a Cortex-M7 image which is almost the same as the AN385 but has a few minor differences, most notably the base address of the PSRAM and of the ethernet controller. The A

[PATCH v2 3/3] docs/system/arm/mps2.rst: Make board list consistent

Make the list of MPS2 boards consistent in the phrasing of each entry, use the correct casing of "Arm", and move the mps2-an511 entry so the list is in numeric order. Signed-off-by: Peter Maydell --- docs/system/arm/mps2.rst | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) d

Re: [PATCH v2] linux-user: fix implicit conversion from enumeration type error

On 9/2/20 5:57 AM, Laurent Vivier wrote: > MK_ARRAY(type,size) is used to fill the field_types buffer, and if the > "size" parameter is an enum type, clang [-Werror,-Wenum-conversion] reports > an error when it is assigned to field_types which is also an enum, argtypes. > > To avoid that, convert

Re: [PULL v3 00/15] Cirrus-CI improvements, and other CI-related fixes, m68k

On Thu, 3 Sep 2020 at 13:31, Thomas Huth wrote: > > Hi Peter! > > The following changes since commit ed215cec0fcaeaece064b0fdf37fe3bceb06d76c: > > Merge remote-tracking branch > 'remotes/ehabkost/tags/machine-next-pull-request' into staging (2020-09-02 > 15:26:38 +0100) > > are available in t

[PULL 02/27] qom: provide convenient macros for declaring and defining types

From: Daniel P. Berrangé When creating new QOM types, there is a lot of boilerplate code that must be repeated using a standard pattern. This is tedious to write and liable to suffer from subtle inconsistencies. Thus it would benefit from some simple automation. QOM was loosely inspired by GLib'

[PULL 05/27] qom: Make type checker functions accept const pointers

The existing type check macros all unconditionally drop const qualifiers from their arguments. Keep this behavior in the macros generated by DECLARE_*CHECKER* by now. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Signed-off-by: Eduardo Habkost Message-Id: <20200831210740.

[PULL 13/27] gpex: Fix type checking function name

This looks like a copy/paste mistake: the instance type checking macro for TYPE_GPEX_ROOT_DEVICE was named MCH_PCI_DEVICE. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-2-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw

[PULL 01/27] qom: make object_ref/unref use a void * instead of Object *.

From: Daniel P. Berrangé The object_ref/unref methods are intended for use with any subclass of the base Object. Using "Object *" in the signature is not adding any meaningful level of type safety, since callers simply use "OBJECT(ptr)" and this expands to an unchecked cast "(Object *)". By usin

[PULL 12/27] Use OBJECT_DECLARE_SIMPLE_TYPE when possible

Generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=ObjectDeclareType $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé Signed-off-by: Eduardo Habkost Message-Id: <20200831210740.126168-19-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/authz

[PULL 00/27] QOM boilerplate cleanup

The following changes since commit 67a7bfe560a1bba59efab085cb3430f45176d382: Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-09= -03' into staging (2020-09-03 16:58:25 +0100) are available in the Git repository at: git://github.com/ehabkost/qemu.git tags/machine-next

[PULL 06/27] codeconverter: script for automating QOM code cleanups

This started as a simple script that scanned for regular expressions, but became more and more complex when exceptions to the rules were found. I don't know if this should be maintained in the QEMU source tree long term (maybe it can be reused for other code transformations that Coccinelle can't h

[PULL 16/27] dev-smartcard-reader: Rename CCID_DEV_NAME to TYPE_USB_CCID_DEV

This will make the type name constant consistent with the name of the type checking macro. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-7-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- hw/usb/dev-smartcard-reader.c | 8

[PULL 03/27] qom: Allow class type name to be specified in OBJECT_DECLARE*

Many QOM types don't follow the Type/TypeClass pattern on the instance/struct names. Let the class struct name be specified in the OBJECT_DECLARE* macros. Reviewed-by: Daniel P. Berrangé Signed-off-by: Eduardo Habkost Message-Id: <20200831210740.126168-4-ehabk...@redhat.com> Signed-off-by: Edua

[PULL 18/27] vmgenid: Rename VMGENID_DEVICE to TYPE_VMGENID

This will make the type name constant consistent with the name of the type checking macro. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-11-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw/acpi/vmgenid.h | 6 +++--- hw/

[PULL 04/27] qom: DECLARE_*_CHECKERS macros

Sometimes the typedefs are buried inside another header, but we want to benefit from the automatic definition of type cast functions. Introduce macros that will let type checkers be defined when typedefs are already available. Reviewed-by: Daniel P. Berrangé Signed-off-by: Eduardo Habkost Messa

[PULL 17/27] vfio: Rename VFIO_AP_DEVICE_TYPE to TYPE_VFIO_AP_DEVICE

This will make the type name constant consistent with the name of the type checking macro. Signed-off-by: Eduardo Habkost Reviewed-by: Thomas Huth Message-Id: <20200902224311.1321159-9-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- hw/vfio/ap.c | 8 1 file changed, 4 insertio

[PATCH 11/77] 9pfs: local: ignore O_NOATIME if we don't have permissions

From: Omar Sandoval QEMU's local 9pfs server passes through O_NOATIME from the client. If the QEMU process doesn't have permissions to use O_NOATIME (namely, it does not own the file nor have the CAP_FOWNER capability), the open will fail. This causes issues when from the client's point of view,

[PULL 22/27] rs6000_mc: Rename RS6000MC_DEVICE to RS6000MC

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Hervé Poussineau Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-48-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- hw/ppc/rs6000_mc.c | 4 ++-- 1

[PULL 11/27] Use OBJECT_DECLARE_TYPE where possible

Replace DECLARE_OBJ_CHECKERS with OBJECT_DECLARE_TYPE where the typedefs can be safely removed. Generated running: $ ./scripts/codeconverter/converter.py -i \ --pattern=DeclareObjCheckers $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé Message-Id: <20200831210740.126168-16-ehabk

[PULL 07/27] Delete duplicate QOM typedefs

Generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=QOMDuplicatedTypedefs $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé Signed-off-by: Eduardo Habkost Message-Id: <20200831210740.126168-8-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/cr

[PULL 20/27] esp: Rename ESP_STATE to ESP

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Hervé Poussineau Message-Id: <20200902224311.1321159-40-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw/scsi/esp.h | 2 +- hw/dma/sparc32_dma.c | 2 +- hw/m68k

[PATCH 19/77] iotests/283: Use consistent size for source and target

From: Kevin Wolf The test case forgot to specify the null-co size for the target node. When adding a check to backup that both sizes match, this would fail because of the size mismatch and not the behaviour that the test really wanted to test. Fixes: a541fcc27c98b96da187c7d4573f3270f3ddd283 Sign

[PULL 24/27] usb: Rename USB_SERIAL_DEV to USB_SERIAL

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-54-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- hw/usb/dev-serial.c | 4 ++-- 1 file changed, 2 insertions(+)

[PULL 10/27] Use DECLARE_*CHECKER* when possible (--force mode)

Separate run of the TypeCheckMacro converter using the --force flag, for the cases where typedefs weren't found in the same header nor in typedefs.h. Generated initially using: $ ./scripts/codeconverter/converter.py --force -i \ --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]') Then eac

[PULL 23/27] sabre: Rename SABRE_DEVICE to SABRE

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-49-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw/pci-host/sabre.h | 2 +- hw/pci-host/sabre.c

[PATCH 23/77] KVM: x86: believe what KVM says about WAITPKG

From: Paolo Bonzini Currently, QEMU is overriding KVM_GET_SUPPORTED_CPUID's answer for the WAITPKG bit depending on the "-overcommit cpu-pm" setting. This is a bad idea because it does not even check if the host supports it, but it can be done in x86_cpu_realizefn just like we do for the MONITOR

[PULL 21/27] filter-rewriter: Rename FILTER_COLO_REWRITER to FILTER_REWRITER

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Zhang Chen Message-Id: <20200902224311.1321159-41-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- net/filter-rewriter.c | 18 +- 1 file changed, 9 insertio

[PULL 14/27] chardev: Rename TYPE_CHARDEV_* to TYPE_*_CHARDEV

This will make the TYPE_* constants consistent with the name of most type checking macros we have today. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-3-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- chardev/chardev-internal.h

[PULL 26/27] pc87312: Rename TYPE_PC87312_SUPERIO to TYPE_PC87312

This will make the type name constant consistent with the name of the type checking macro. Signed-off-by: Eduardo Habkost Reviewed-by: Hervé Poussineau Message-Id: <20200902224311.1321159-21-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw/isa/pc87312.h | 4 ++-- hw/isa/pc873

[PULL 19/27] ahci: Rename ICH_AHCI to ICH9_AHCI

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200902224311.1321159-33-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw/ide/ahci.h | 2 +- hw/ide/ahci.c | 4 ++--

[PATCH 29/77] memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"

From: "Michael S. Tsirkin" Memory API documentation documents valid .min_access_size and .max_access_size fields and explains that any access outside these boundaries is blocked. This is what devices seem to assume. However this is not what the implementation does: it simply ignores the boundar

[PULL 15/27] ap-device: Rename AP_DEVICE_TYPE to TYPE_AP_DEVICE

This will make the type name constant consistent with the name of the type checking macro. Signed-off-by: Eduardo Habkost Reviewed-by: Thomas Huth Message-Id: <20200902224311.1321159-6-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- include/hw/s390x/ap-device.h | 4 ++-- hw/s390x/ap-de

[PATCH 34/77] hw/net/e1000e: Do not abort() on invalid PSRCTL register value

From: Philippe Mathieu-Daudé libFuzzer found using 'qemu-system-i386 -M q35': qemu: hardware error: e1000e: PSRCTL.BSIZE0 cannot be zero CPU #0: EAX= EBX= ECX= EDX=0663 ESI= EDI= EBP= ESP= EIP=fff0 EFL=0002 [---] CPL=0 II=0

[PATCH 12/77] 9pfs: include linux/limits.h for XATTR_SIZE_MAX

From: Dan Robertson linux/limits.h should be included for the XATTR_SIZE_MAX definition used by v9fs_xattrcreate. Fixes: 3b79ef2cf488 ("9pfs: limit xattr size in xattrcreate") Signed-off-by: Dan Robertson Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Christian Schoenebeck Message-Id: <2020

[PATCH 09/77] virtio-balloon: unref the iothread when unrealizing

From: David Hildenbrand We took a reference when realizing, so let's drop that reference when unrealizing. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alexander Duyck Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") Cc: qemu-sta...@nongnu.org Cc: Wei Wang Cc: Alexa

[PATCH 03/77] qemu-nbd: Close inherited stderr

From: Raphael Pour Close inherited stderr of the parent if fork_process is false. Otherwise no one will close it. (introduced by e6df58a5) This only affected 'qemu-nbd -c /dev/nbd0'. Signed-off-by: Raphael Pour Message-Id: Reviewed-by: Eric Blake [eblake: Enhance commit message] Signed-off-b

[PATCH 16/77] ati-vga: check mm_index before recursive call (CVE-2020-13800)

From: Prasad J Pandit While accessing VGA registers via ati_mm_read/write routines, a guest may set 's->regs.mm_index' such that it leads to infinite recursion. Check mm_index value to avoid such recursion. Log an error message for wrong values. Reported-by: Ren Ding Reported-by: Hanqing Zhao

[PULL 27/27] tusb6010: Rename TUSB to TUSB6010

Make type checking function name consistent with the TYPE_TUSB6010 constant and QOM type name ("tusb6010"). Suggested-by: Philippe Mathieu-Daudé Suggested-by: "Daniel P. Berrangé" Signed-off-by: Eduardo Habkost Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200903180128.1523959-9-ehabk...@

[PATCH 13/77] xen-9pfs: Fix log messages of reply errors

From: Christian Schoenebeck If delivery of some 9pfs response fails for some reason, log the error message by mentioning the 9P protocol reply type, not by client's request type. The latter could be misleading that the error occurred already when handling the request input. Signed-off-by: Christ

[PATCH 43/77] util: Introduce qemu_get_host_name()

From: Michal Privoznik This function offers operating system agnostic way to fetch host name. It is implemented for both POSIX-like and Windows systems. Signed-off-by: Michal Privoznik Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Cc: qemu-sta...@nongnu.org Signed-off-by

[PATCH 20/77] virtiofsd: add --rlimit-nofile=NUM option

From: Stefan Hajnoczi Make it possible to specify the RLIMIT_NOFILE on the command-line. Users running multiple virtiofsd processes should allocate a certain number to each process so that the system-wide limit can never be exhausted. When this option is set to 0 the rlimit is left at its curren

[PULL 25/27] vfio: Rename PCI_VFIO to VFIO_PCI

Make the type checking macro name consistent with the TYPE_* constant. Signed-off-by: Eduardo Habkost Reviewed-by: Eric Auger Message-Id: <20200902224311.1321159-56-ehabk...@redhat.com> Signed-off-by: Eduardo Habkost --- hw/vfio/pci.h | 2 +- hw/vfio/pci.c | 22 +++--- 2 files

[PATCH 14/77] Revert "9p: init_in_iov_from_pdu can truncate the size"

From: Stefano Stabellini This reverts commit 16724a173049ac29c7b5ade741da93a0f46edff7. It causes https://bugs.launchpad.net/bugs/1877688. Signed-off-by: Stefano Stabellini Reviewed-by: Christian Schoenebeck Message-Id: <20200521192627.15259-1-sstabell...@kernel.org> Signed-off-by: Greg Kurz (

[PATCH 44/77] qga: Use qemu_get_host_name() instead of g_get_host_name()

From: Michal Privoznik Problem with g_get_host_name() is that on the first call it saves the hostname into a global variable and from then on, every subsequent call returns the saved hostname. Even if the hostname changes. This doesn't play nicely with guest agent, because if the hostname is acqu

[PATCH 22/77] net: use peer when purging queue in qemu_flush_or_purge_queue_packets()

From: Jason Wang The sender of packet will be checked in the qemu_net_queue_purge() but we use NetClientState not its peer when trying to purge the incoming queue in qemu_flush_or_purge_packets(). This will trigger the assert in virtio_net_reset since we can't pass the sender check: hw/net/virti

[PATCH 15/77] xen/9pfs: yield when there isn't enough room on the ring

From: Stefano Stabellini Instead of truncating replies, which is problematic, wait until the client reads more data and frees bytes on the reply ring. Do that by calling qemu_coroutine_yield(). The corresponding qemu_coroutine_enter_if_inactive() is called from xen_9pfs_bh upon receiving the nex

[PATCH 10/77] block: Call attention to truncation of long NBD exports

From: Eric Blake Commit 93676c88 relaxed our NBD client code to request export names up to the NBD protocol maximum of 4096 bytes without NUL terminator, even though the block layer can't store anything longer than 4096 bytes including NUL terminator for display to the user. Since this means the

[PATCH 45/77] docs/orangepi: Add instructions for resizing SD image to power of two

From: Niek Linnenbank SD cards need to have a size of a power of two. Update the Orange Pi machine documentation to include instructions for resizing downloaded images using the qemu-img command. Signed-off-by: Niek Linnenbank Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200712183708.154

[PATCH 18/77] Fix tulip breakage

From: Helge Deller The tulip network driver in a qemu-system-hppa emulation is broken in the sense that bigger network packages aren't received any longer and thus even running e.g. "apt update" inside the VM fails. The breakage was introduced by commit 8ffb7265af ("check frame size and r/w data

[PATCH 49/77] tests/acceptance: refactor boot_linux_console test to allow code reuse

From: Pavel Dovgalyuk This patch splits code in BootLinuxConsole class into two different classes to allow reusing it by record/replay tests. Signed-off-by: Pavel Dovgalyuk Reviewed-by: Alex Bennée Tested-by: Philippe Mathieu-Daudé Message-Id: <159073588490.20809.13942096070255577558.stgit@pa

[PATCH 32/77] acpi: accept byte and word access to core ACPI registers

From: Michael Tokarev All ISA registers should be accessible as bytes, words or dwords (if wide enough). Fix the access constraints for acpi-pm-evt, acpi-pm-tmr & acpi-cnt registers. Fixes: 5d971f9e67 (memory: Revert "memory: accept mismatching sizes in memory_region_access_valid") Fixes: afaf

[PATCH 00/77] Patch Round-up for stable 5.0.1, freeze on 2020-09-10

Hi everyone, The following new patches are queued for QEMU stable v5.0.1: https://github.com/mdroth/qemu/commits/stable-5.0-staging Patch freeze is 2020-09-10, and the release is planned for 2020-09-15: https://wiki.qemu.org/Planning/5.0 Please respond here or CC qemu-sta...@nongnu.org on

[PATCH 47/77] tests/acceptance: allow console interaction with specific VMs

From: Pavel Dovgalyuk Console interaction in avocado scripts was possible only with single default VM. This patch modifies the function parameters to allow passing a specific VM as a parameter to interact with it. Signed-off-by: Pavel Dovgalyuk Reviewed-by: Willian Rampazzo Reviewed-by: Alex B

[PATCH 40/77] nbd: Avoid off-by-one in long export name truncation

From: Eric Blake When snprintf returns the same value as the buffer size, the final byte was truncated to ensure a NUL terminator. Fortunately, such long export names are unusual enough, with no real impact other than what is displayed to the user. Fixes: 5c86bdf12089 Reported-by: Max Reitz Si

[PATCH 21/77] virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)

From: Stefan Hajnoczi The system-wide fs.file-max sysctl value determines how many files can be open. It defaults to a value calculated based on the machine's RAM size. Previously virtiofsd would try to set RLIMIT_NOFILE to 1,000,000 and this allowed the FUSE client to exhaust the number of ope

[PATCH 17/77] es1370: check total frame count against current frame

From: Prasad J Pandit A guest user may set channel frame count via es1370_write() such that, in es1370_transfer_audio(), total frame count 'size' is lesser than the number of frames that are processed 'cnt'. int cnt = d->frame_cnt >> 16; int size = d->frame_cnt & 0x; if (size < cnt)

[PATCH 51/77] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards

From: Philippe Mathieu-Daudé Only SCSD cards support Class 6 (Block Oriented Write Protection) commands. "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" 4.3.14 Command Functional Difference in Card Capacity Types * Write Protected Group SDHC and SDXC do not support wr

[PATCH 25/77] aio-posix: disable fdmon-io_uring when GSource is used

From: Stefan Hajnoczi The glib event loop does not call fdmon_io_uring_wait() so fd handlers waiting to be submitted build up in the list. There is no benefit is using io_uring when the glib GSource is being used, so disable it instead of implementing a more complex fix. This fixes a memory leak

[PATCH 01/77] hostmem: don't use mbind() if host-nodes is empty

From: Igor Mammedov Since 5.0 QEMU uses hostmem backend for allocating main guest RAM. The backend however calls mbind() which is typically NOP in case of default policy/absent host-nodes bitmap. However when runing in container with black-listed mbind() syscall, QEMU fails to start with error "

[PATCH 46/77] tests/acceptance/boot_linux: Tag tests using a SD card with 'device:sd'

From: Philippe Mathieu-Daudé Avocado tags are handy to automatically select tests matching the tags. Since these tests use a SD card, tag them. We can run all the tests using a SD card at once with: $ avocado --show=app run -t u-boot tests/acceptance/ $ AVOCADO_ALLOW_LARGE_STORAGE=ok \

[PATCH 26/77] linux-user/strace.list: fix epoll_create{, 1} -strace output

From: Sergei Trofimovich Fix syscall name and parameters priinter. Before the change: ``` $ alpha-linux-user/qemu-alpha -strace -L /usr/alpha-unknown-linux-gnu/ /tmp/a ... 1274697 %s(%d)(2097152,274903156744,274903156760,274905840712,274877908880,274903235616) = 3 1274697 exit_group(0) ``` A

[PATCH 48/77] tests/acceptance: refactor boot_linux to allow code reuse

From: Pavel Dovgalyuk This patch moves image downloading functions to the separate class to allow reusing them from record/replay tests. Signed-off-by: Pavel Dovgalyuk Tested-by: Philippe Mathieu-Daudé Message-Id: <159073593167.20809.17582679291556188984.stgit@pasha-ThinkPad-X280> Signed-off-b

[PATCH 52/77] hw/sd/sdcard: Simplify realize() a bit

From: Philippe Mathieu-Daudé We don't need to check if sd->blk is set twice. Reviewed-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-Id: <20200630133912.9428-18-f4...@amsat.org> (cherry picked from commit 6dd3a164f5b31c703c7d8372841ad3bd6a57de6d)

[PATCH 24/77] aio-posix: don't duplicate fd handler deletion in fdmon_io_uring_destroy()

From: Stefan Hajnoczi The io_uring file descriptor monitoring implementation has an internal list of fd handlers that are pending submission to io_uring. fdmon_io_uring_destroy() deletes all fd handlers on the list. Don't delete fd handlers directly in fdmon_io_uring_destroy() for two reasons: 1

[PATCH 62/77] virtio-balloon: always indicate S_DONE when migration fails

From: David Hildenbrand If something goes wrong during precopy, before stopping the VM, we will never send a S_DONE indication to the VM, resulting in the hinted pages not getting released to be used by the guest OS (e.g., Linux). Easy to reproduce: 1. Start migration (e.g., HMP "migrate -d 'exe

[PATCH 02/77] target/arm: Clear tail in gvec_fmul_idx_*, gvec_fmla_idx_*

From: Richard Henderson Must clear the tail for AdvSIMD when SVE is enabled. Fixes: ca40a6e6e39 Cc: qemu-sta...@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20200513163245.17915-15-richard.hender...@linaro.org Signed-off-by: Peter Maydell (cherry picked f

[PATCH 53/77] hw/sd/sdcard: Do not allow invalid SD card sizes

From: Philippe Mathieu-Daudé QEMU allows to create SD card with unrealistic sizes. This could work, but some guests (at least Linux) consider sizes that are not a power of 2 as a firmware bug and fix the card size to the next power of 2. While the possibility to use small SD card images has been

[PATCH 30/77] hw/riscv: Allow 64 bit access to SiFive CLINT

From: Alistair Francis Commit 5d971f9e672507210e77d020d89e0e89165c8fc9 "memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"" broke most RISC-V boards as they do 64 bit accesses to the CLINT and QEMU would trigger a fault. Fix this failure by allowing 8 byte accesses.

[PATCH 27/77] libqos: usb-hcd-ehci: use 32-bit write for config register

From: Paolo Bonzini The memory region ops have min_access_size == 4 so obey it. Tested-by: Thomas Huth Signed-off-by: Paolo Bonzini (cherry picked from commit 89ed83d8b23c11d250c290593cad3ca839d5b053) Signed-off-by: Michael Roth --- tests/qtest/usb-hcd-ehci-test.c | 2 +- 1 file changed, 1 i

[PATCH 71/77] migration/block-dirty-bitmap: fix dirty_bitmap_mig_before_vm_start

From: Vladimir Sementsov-Ogievskiy Using the _locked version of bdrv_enable_dirty_bitmap to bypass locking is wrong as we do not already own the mutex. Moreover, the adjacent call to bdrv_dirty_bitmap_enable_successor grabs the mutex. Fixes: 58f72b965e9e1q Cc: qemu-sta...@nongnu.org # v3.0 Sign

[PATCH 33/77] hw/display/artist: Unbreak size mismatch memory accesses

From: Helge Deller Commit 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes in memory_region_access_valid") broke the artist driver in a way that the dtwm window manager on HP-UX rendered wrong. Fixes: 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes in memory_regio

[PATCH 28/77] libqos: pci-pc: use 32-bit write for EJ register

From: Paolo Bonzini The memory region ops have min_access_size == 4 so obey it. Tested-by: Thomas Huth Signed-off-by: Paolo Bonzini (cherry picked from commit 4b7c06837ae0b1ff56473202a42e7e386f53d6db) Signed-off-by: Michael Roth --- tests/qtest/libqos/pci-pc.c | 2 +- 1 file changed, 1 inser

[PATCH 55/77] hw/sd/sdcard: Do not switch to ReceivingData if address is invalid

From: Philippe Mathieu-Daudé Only move the state machine to ReceivingData if there is no pending error. This avoids later OOB access while processing commands queued. "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" 4.3.3 Data Read Read command is rejected if BLOCK_LEN_ER

[PATCH 57/77] tpm: tpm_spapr: Exit on TPM backend failures

From: Stefan Berger Exit on TPM backend failures in the same way as the TPM CRB and TIS device models do. With this change we now get an error report when the backend did not start up properly: error: internal error: qemu unexpectedly closed the monitor: 2020-07-07T12:49:28.333928Z qemu-system-p

[PATCH 31/77] xhci: fix valid.max_access_size to access address registers

From: Laurent Vivier QEMU XHCI advertises AC64 (64-bit addressing) but doesn't allow 64-bit mode access in "runtime" and "operational" MemoryRegionOps. Set the max_access_size based on sizeof(dma_addr_t) as AC64 is set. XHCI specs: "If the xHC supports 64-bit addressing (AC64 = ‘1’), then softw

[PATCH 36/77] hw/audio/gus: Fix registers 32-bit access

From: Allan Peramaki Fix audio on software that accesses DRAM above 64k via register peek/poke and some cases when more than 16 voices are used. Cc: qemu-sta...@nongnu.org Fixes: 135f5ae1974c ("audio: GUSsample is int16_t") Signed-off-by: Allan Peramaki Tested-by: Volker Rümelin Reviewed-by: V

[PATCH 74/77] nbd: Fix large trim/zero requests

From: Eric Blake Although qemu as NBD client limits requests to <2G, the NBD protocol allows clients to send requests almost all the way up to 4G. But because our block layer is not yet 64-bit clean, we accidentally wrap such requests into a negative size, and fail with EIO instead of performing

[PATCH 08/77] virtio-balloon: fix free page hinting check on unrealize

From: David Hildenbrand Checking against guest features is wrong. We allocated data structures based on host features. We can rely on "free_page_bh" as an indicator whether to un-do stuff instead. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alexander Duyck Fixes: c13c4153f76d ("virtio-bal

[PATCH 05/77] net: Do not include a newline in the id of -nic devices

From: Thomas Huth The '\n' sneaked in by accident here, an "id" string should really not contain a newline character at the end. Fixes: 78cd6f7bf6b ('net: Add a new convenience option "--nic" ...') Signed-off-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200518074352.23125

[PATCH 35/77] virtiofsd: Whitelist fchmod

From: Max Reitz lo_setattr() invokes fchmod() in a rarely used code path, so it should be whitelisted or virtiofsd will crash with EBADSYS. Said code path can be triggered for example as follows: On the host, in the shared directory, create a file with the sticky bit set and a security.capabili

<    1   2   3   4   5   6   7   >