[PATCH] tests/avocado: add hotplug_blk test

Introduce a test, that checks that plug/unplug of virtio-blk device works. (the test is developed by copying hotplug_cpu.py, so keep original copyright) Signed-off-by: Vladimir Sementsov-Ogievskiy --- tests/avocado/hotplug_blk.py | 69 1 file changed, 69 ins

Re: [PATCH v2 01/28] target/i386: Add tcg/access.[ch]

On 4/9/24 07:02, Richard Henderson wrote: Provide a method to amortize page lookup across large blocks. Signed-off-by: Richard Henderson --- target/i386/tcg/access.h| 40 + target/i386/tcg/access.c| 160 target/i386/tcg/meson.build | 1

Re: [PATCH v2 19/28] linux-user/i386: Fix -mregparm=3 for signal delivery

On 4/9/24 07:02, Richard Henderson wrote: Since v2.6.19, the kernel has supported -mregparm=3. Signed-off-by: Richard Henderson --- linux-user/i386/signal.c | 20 +--- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/linux-user/i386/signal.c b/linux-user/i386/si

[PULL 0/7] virtio,pc,pci: bugfixes

The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5: Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into staging (2024-04-04 15:28:06 +0100) are available in the Git repository at: https://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_ups

[PULL 1/7] Revert "hw/virtio: Add support for VDPA network simulation devices"

This reverts commit cd341fd1ffded978b2aa0b5309b00be7c42e347c. The patch adds non-upstream code in include/standard-headers/linux/virtio_pci.h which would make maintainance harder. Revert for now. Suggested-by: Jason Wang Message-Id: Acked-by: Jason Wang Signed-off-by: Michael S. Tsirkin ---

Re: [PATCH-for-9.1 v2 2/3] migration: Remove RDMA protocol handling

Hi Peter, On Mon, Apr 8, 2024 at 6:18 PM Peter Xu wrote: > > On Mon, Apr 08, 2024 at 04:07:20PM +0200, Jinpu Wang wrote: > > Hi Peter, > > Jinpu, > > Thanks for joining the discussion. > > > > > On Tue, Apr 2, 2024 at 11:24 PM Peter Xu wrote: > > > > > > On Mon, Apr 01, 2024 at 11:26:25PM +0200,

[PULL 7/7] qdev-monitor: fix error message in find_device_state()

From: Vladimir Sementsov-Ogievskiy This "hotpluggable" here is misleading. Actually we check is object a device or not. Let's drop the word. Suggested-by: Markus Armbruster Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Markus Armbruster Message-Id: <20240329183758.3360733-3-vsement

[PULL 5/7] vdpa-dev: Fix the issue of device status not updating when configuration interruption is triggered

From: lyx634449800 The set_config callback function vhost_vdpa_device_get_config in vdpa-dev does not fetch the current device status from the hardware device, causing the guest os to not receive the latest device status information. The hardware updates the config status of the vdpa device and

[PULL 4/7] hw/virtio: Fix packed virtqueue flush used_idx

From: Wafer In the event of writing many chains of descriptors, the device must write just the id of the last buffer in the descriptor chain, skip forward the number of descriptors in the chain, and then repeat the operations for the rest of chains. Current QEMU code writes all the buffer ids co

[PULL 2/7] virtio-snd: Enhance error handling for invalid transfers

From: Zheyu Ma This patch improves error handling in virtio_snd_handle_tx_xfer() and virtio_snd_handle_rx_xfer() in the VirtIO sound driver. Previously, 'goto' statements were used for error paths, leading to unnecessary processing and potential null pointer dereferences. Now, 'continue' is used

[PULL 3/7] virtio-snd: rewrite invalid tx/rx message handling

From: Manos Pitsidianakis The current handling of invalid virtqueue elements inside the TX/RX virt queue handlers is wrong. They are added in a per-stream invalid queue to be processed after the handler is done examining each message, but the invalid message might not be specifying any stream_id

[PULL 6/7] vhost-user-blk: simplify and fix vhost_user_blk_handle_config_change

From: Vladimir Sementsov-Ogievskiy Let's not care about what was changed and update the whole config, reasons: 1. config->geometry should be updated together with capacity, so we fix a bug. 2. Vhost-user protocol doesn't say anything about config change limitation. Silent ignore of change

Re: [PATCH v2 23/28] target/i386: Honor xfeatures in xrstor_sigcontext

On 4/9/24 07:02, Richard Henderson wrote: Signed-off-by: Richard Henderson --- linux-user/i386/signal.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c index d015fe520a..fd09c973d4 100644 --- a/linux-u

Re: [PATCH v9] arm/kvm: Enable support for KVM_ARM_VCPU_PMU_V3_FILTER

Hi Thmoas, On 4/9/24 13:33, Thomas Huth wrote: +    assert_has_feature(qts, "host", "kvm-pmu-filter"); So you assert here that the feature is available ...   assert_has_feature(qts, "host", "kvm-steal-time");   assert_has_feature(qts, "host", "sve");   resp = do_q

Re: [PATCH v2 02/28] target/i386: Convert do_fldt, do_fstt to X86Access

On 4/9/24 07:02, Richard Henderson wrote: Signed-off-by: Richard Henderson --- target/i386/tcg/fpu_helper.c | 44 +--- 1 file changed, 31 insertions(+), 13 deletions(-) Three incorrect GETPC()s that get fixed later in the series: do_fsave: @@ -2459,15 +246

Re: [PATCH for-9.1 v2 00/28] linux-user/i386: Properly align signal frame

On 4/9/24 07:02, Richard Henderson wrote: v1: https://lore.kernel.org/qemu-devel/20230524054647.1093758-1-richard.hender...@linaro.org/ But v1 isn't particularly complet or korrect. Disconnect fpstate from sigframe, just like the kernel does. Return the separate portions of the frame from get_

[PATCH v2] hw/mem/cxl_type3: reset dvsecs in ct3d_reset()

After the kernel commit 0cab68720598 ("cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window") CXL type3 devices cannot be enabled again after the reboot because the control register(see 8.1.3.2 in CXL specifiction 2.0 for more details) was not reset. These registers coul

Re: [PULL 0/2] Migration 20240407 patches

On Sun, 7 Apr 2024 at 19:43, wrote: > > From: Peter Xu > > The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5: > > Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into > staging (2024-04-04 15:28:06 +0100) > > are available in the Git repository at:

Re: [PULL 0/2] target-arm queue

On Mon, 8 Apr 2024 at 16:23, Peter Maydell wrote: > > Two bug fixes for 9.0... > > -- PMM > > The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5: > > Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into > staging (2024-04-04 15:28:06 +0100) > > are a

Re: [PULL 00/35] misc patch queue

On Mon, 8 Apr 2024 at 18:51, Richard Henderson wrote: > > This started out to be tcg and linux-user only, but then added > a few target bug fixes, and the trolled back through my inbox > and picked up some other safe patch sets that got lost. > > > r~ > > > The following changes since commit ce64e

Re: Point where target instructions are read

On Mon, 8 Apr 2024 at 20:25, Gautam Bhat wrote: > > On Thu, Apr 4, 2024 at 2:23 PM Peter Maydell wrote: > > > This will not work (yet) -- CPUs do not get reset as part of the > > whole-system three-phase-reset, so using the exit phase method > > is not sufficient to avoid the reset ordering probl

Re: [RFC PATCH-for-9.1 3/4] hw/i2c: Convert to spec v7 terminology (automatically)

Hi Philippe, > One of the biggest change from I2C spec v6 -> v7 is: > > • Updated the terms "master/slave" to "controller/target" > > Since it follows the inclusive terminology from the "Conscious > Language in your Open Source Projects" guidelines [*], replace > the I2C terminology. ... > I

Re: [PATCH-for-9.1 v2 2/3] migration: Remove RDMA protocol handling

Peter Xu writes: > On Mon, Apr 08, 2024 at 04:07:20PM +0200, Jinpu Wang wrote: >> Hi Peter, > > Jinpu, > > Thanks for joining the discussion. > >> >> On Tue, Apr 2, 2024 at 11:24 PM Peter Xu wrote: >> > >> > On Mon, Apr 01, 2024 at 11:26:25PM +0200, Yu Zhang wrote: >> > > Hello Peter und Zhjian

Re: [PATCH] vhost: don't set vring call if no enabled msix

On Mon, Apr 08, 2024 at 02:08:42PM +0800, lyx634449800 wrote: > When conducting performance testing using testpmd in the guest os, > it was observed that the performance was lower compared to the > scenario of direct vfio-pci usage. > > In the virtual machine operating system, even if the virtio d

Re: [PATCH v2] vhost: don't set vring call if guest notifiers is not enabled

On Mon, Apr 08, 2024 at 03:33:11PM +0800, lyx634449800 wrote: > When conducting performance testing using testpmd in the guest os, > it was observed that the performance was lower compared to the > scenario of direct vfio-pci usage. > > In the commit 96a3d98d2cdbd897ff5ab33427aa4cfb94077665, the a

Re: [PATCH v3 0/3] target/riscv: Support Zve32x and Zve64x extensions

Hi Jason, We're in the middle of code freeze for the incoming 9.0 release. In this period the maintainer will only queue bug fixes. Your support is a new feature, so it'll only be pushed after the release is done. Current ETA for the release is Apr 16th if there's no rc4. A safe bet is to expec

Re: [RFC PATCH-for-9.1 3/4] hw/i2c: Convert to spec v7 terminology (automatically)

On 9/4/24 10:58, Paolo Bonzini wrote: Il lun 8 apr 2024, 23:34 Philippe Mathieu-Daudé > ha scritto: Note, the QOM type definition is not modified, TYPE_I2C_TARGET remains defined as "i2c-slave". Is this actually necessary? The only thing that could break is

Re: [RFC PATCH 0/4] target/riscv/kvm: QEMU support for KVM Guest Debug on RISC-V

Hi Daniel and all, The KVM patches have been reviewd and are in the queue. https://lore.kernel.org/all/20240402062628.5425-1-duc...@eswincomputing.com/ Could you please review in the QEMU side ? Then I will rebase this series with your comments. Some Notes: 1. As the first stage, only the softwa

[PATCH-for-9.0? v2] backends/cryptodev: Do not abort for invalid session ID

Instead of aborting when a session ID is invalid, return VIRTIO_CRYPTO_INVSESS ("Invalid session id"). Reproduced using: $ cat << EOF | qemu-system-i386 -display none \ -machine q35,accel=qtest -m 512M -nodefaults \ -object cryptodev-backend-builtin,id=cryptodev0 \ -device virtio

Re: [PULL 00/35] misc patch queue

On 9/4/24 10:50, Peter Maydell wrote: On Mon, 8 Apr 2024 at 18:51, Richard Henderson wrote: This started out to be tcg and linux-user only, but then added a few target bug fixes, and the trolled back through my inbox and picked up some other safe patch sets that got lost. r~ The following

how does the qemu emulate the "atomic" semantics on host that DOES NOT support atomic instructions?

Hi folks: How does the qemu emulate the target that support "atomic" ISA, such as riscv "amo" instruction on host machine that does NOT support atomic instructions ? is this scenario happends? thank you! BRs zlcao.

Re: how does the qemu emulate the "atomic" semantics on host that DOES NOT support atomic instructions?

On Tue, 9 Apr 2024 at 10:58, tugouxp <13824125...@163.com> wrote: >How does the qemu emulate the target that support "atomic" ISA, such as > riscv "amo" instruction on host machine that does NOT support atomic > instructions ? > is this scenario happends? All hosts that can run QEMU support

Re: [PATCH for-9.0] linux-user: Preserve unswapped siginfo_t for strace

On 9/4/24 02:34, Richard Henderson wrote: Passing the tswapped structure to strace means that our internal si_type is also gone, which then aborts in print_siginfo. Fixes: 4d6d8a05a0a ("linux-user: Move tswap_siginfo out of target code") Signed-off-by: Richard Henderson --- linux-user/signal.

Re: [PATCH] xen-hvm: Avoid livelock while handling buffered ioreqs

On Thu, Apr 04, 2024 at 03:08:33PM +0100, Ross Lagerwall wrote: > diff --git a/hw/xen/xen-hvm-common.c b/hw/xen/xen-hvm-common.c > index 1627da739822..1116b3978938 100644 > --- a/hw/xen/xen-hvm-common.c > +++ b/hw/xen/xen-hvm-common.c > @@ -521,22 +521,30 @@ static bool handle_buffered_iopage(XenIO

Re: [PATCH-for-9.0? v2] backends/cryptodev: Do not abort for invalid session ID

LGTM, thanks! Reviewed-by: zhenwei pi On 4/9/24 17:47, Philippe Mathieu-Daudé wrote: Instead of aborting when a session ID is invalid, return VIRTIO_CRYPTO_INVSESS ("Invalid session id"). Reproduced using: $ cat << EOF | qemu-system-i386 -display none \ -machine q35,accel=qtest -m 51

Re:Re: how does the qemu emulate the "atomic" semantics on host that DOES NOT support atomic instructions?

Hi peter; much, much appreciate your explanation! > ..but the host doesn't have one, we arrange to pause execution of all the > other guest vCPU threads, ===>yes, i somehow a little bit of guess such like that, but when try to find some code in qemu to prove the guess, i found i was lost and

Re: [PATCH-for-9.0? 1/3] hw/block/nand: Factor nand_load_iolen() method out

Am 08.04.2024 um 10:36 hat Philippe Mathieu-Daudé geschrieben: > Signed-off-by: Philippe Mathieu-Daudé > --- > hw/block/nand.c | 32 +++- > 1 file changed, 19 insertions(+), 13 deletions(-) > > diff --git a/hw/block/nand.c b/hw/block/nand.c > index d1435f2207..6fa9038

Re: Re: how does the qemu emulate the "atomic" semantics on host that DOES NOT support atomic instructions?

On Tue, 9 Apr 2024 at 11:40, tugouxp <13824125...@163.com> wrote: > ===>yes, i somehow a little bit of guess such like that, but when try to find > some code in qemu to prove the guess, i found i was lost and exausted in the > ocean of the code and complex logic of qeumu. > because in my thougth,

[PATCH-for-9.0 v2 0/4] hw/virtio: Protect from more DMA re-entrancy bugs

Fixes for CVE-2024-3446. Gerd suggested to use the transport guard to protect the device from DMA re-entrancy abuses. Since v1: - Take a DeviceState argument, not VirtIODevice, so it works seamlessly with CCW devices (actually the original code from Gerd). - Build and test :> I'll send a PR

[PATCH-for-9.0 v2 3/4] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs

Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed. Fixes: CVE-2024-3446 Cc: qemu-sta...@nongnu.org Suggested-by: Alexander Bulekov Reviewed-by: Gerd Hoffmann Acked-by: Michael S. Tsirkin Sig

[PATCH-for-9.0 v2 1/4] hw/virtio: Introduce virtio_bh_new_guarded() helper

Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded() but using the transport memory guard, instead of the device one (there can only be one virtio device per virtio bus). Inspired-by: Gerd Hoffmann Reviewed-by: Gerd Hoffmann Acked-by: Michael S. Tsirkin Signed-off-by: Philippe Ma

Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

Am 08.04.2024 um 10:36 hat Philippe Mathieu-Daudé geschrieben: > Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446 > > Philippe Mathieu-Daudé (3): > hw/block/nand: Factor nand_load_iolen() method out > hw/block/nand: Have blk_load() return boolean indicating success > hw/block/nand:

[PATCH-for-9.0 v2 4/4] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs

Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed. Fixes: CVE-2024-3446 Cc: qemu-sta...@nongnu.org Suggested-by: Alexander Bulekov Reviewed-by: Gerd Hoffmann Acked-by: Michael S. Tsirkin Sig

[PATCH-for-9.0 v2 2/4] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs

Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed: $ cat << EOF | qemu-system-i386 -display none -nodefaults \ -machine q35,accel=qtest \

Re: [PATCH] target/i386: fix direction of "32-bit MMU" test

Hi Michael & Paolo, On Fri, Apr 05, 2024 at 08:30:43PM +0300, Michael Tokarev wrote: > Date: Fri, 5 Apr 2024 20:30:43 +0300 > From: Michael Tokarev > Subject: Re: [PATCH] target/i386: fix direction of "32-bit MMU" test > > 01.04.2024 09:02, Michael Tokarev: > > > Anyone can guess why this rathe

[PATCH v2 1/3] fixup! tests/qtest/migration: Add negative tests to validate migration QAPIs

Signed-off-by: Het Gala --- tests/qtest/migration-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index d03a655f83..584d7c496f 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -17

[PATCH v2 0/3] qtest/migration: Fixes around multifd_tcp_channels_none migration qtest

With the introduction of new patchset to have 'channels' as the start argument of migrate QAPIs instead of 'uri' (tests/qtest/migration: Add tests for introducing 'channels' argument in migrate QAPIs), a few minor issues got went unnoticed, which were caught while trying to introduce similar qtests

[PATCH v2 3/3] fixup! tests/qtest/migration: Add multifd_tcp_plain test using list of channels instead of uri

Signed-off-by: Het Gala --- tests/qtest/migration-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 584d7c496f..5d6d8cd634 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -17

[PATCH v2 2/3] fixup! tests/qtest/migration: Add migrate_set_ports into migrate_qmp to update migration port value

Signed-off-by: Het Gala --- tests/qtest/migration-helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/qtest/migration-helpers.c b/tests/qtest/migration-helpers.c index b2a90469fb..3b72cad6c1 100644 --- a/tests/qtest/migration-helpers.c +++ b/tests/qtest/migrati

Re:Re: Re: how does the qemu emulate the "atomic" semantics on host that DOES NOT support atomic instructions?

Hi peter: i see, much, much helpfull. thank you! :). At 2024-04-09 18:51:26, "Peter Maydell" wrote: >On Tue, 9 Apr 2024 at 11:40, tugouxp <13824125...@163.com> wrote: >> ===>yes, i somehow a little bit of guess such like that, but when try to >> find some code in qemu to prove the guess, i f

Re: [PATCH] target/i386: fix direction of "32-bit MMU" test

On Tue, Apr 9, 2024 at 12:59 PM Zhao Liu wrote: > > Hi Michael & Paolo, > > On Fri, Apr 05, 2024 at 08:30:43PM +0300, Michael Tokarev wrote: > > Date: Fri, 5 Apr 2024 20:30:43 +0300 > > From: Michael Tokarev > > Subject: Re: [PATCH] target/i386: fix direction of "32-bit MMU" test > > > > 01.04.20

[PATCH] mailmap: Fix Yuxue Liu author email

Fixes: 6ae72f609a ("vdpa-dev: Fix device status not updating on config INT") Cc: Yuxue Liu Signed-off-by: Philippe Mathieu-Daudé --- .mailmap | 1 + 1 file changed, 1 insertion(+) diff --git a/.mailmap b/.mailmap index 88fb68143e..67c8dfad28 100644 --- a/.mailmap +++ b/.mailmap @@ -38,6 +38,7 @

Re: [PATCH-for-9.0 v2 0/4] hw/virtio: Protect from more DMA re-entrancy bugs

On Tue, Apr 09, 2024 at 12:55:33PM +0200, Philippe Mathieu-Daudé wrote: > Fixes for CVE-2024-3446. > > Gerd suggested to use the transport guard to protect the > device from DMA re-entrancy abuses. > > Since v1: > - Take a DeviceState argument, not VirtIODevice, so it > works seamlessly with CC

Re: [PATCH-for-9.0] hw/sd/sdhci: Discard excess of data written to Buffer Data Port register

On Mon, 8 Apr 2024 at 17:42, Peter Maydell wrote: > So another approach here would be... That said, this is all quite complicated looking, so for 9.0 and backports at least this patch is fine. Reviewed-by: Peter Maydell thanks -- PMM

Re: [PULL 0/7] virtio,pc,pci: bugfixes

On Tue, 9 Apr 2024 at 08:32, Michael S. Tsirkin wrote: > > The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5: > > Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into > staging (2024-04-04 15:28:06 +0100) > > are available in the Git repository at:

Re: [PULL 0/3] 9.0 bugfixes for 2024-04-08

On Mon, 8 Apr 2024 at 20:25, Paolo Bonzini wrote: > > The following changes since commit ce64e6224affb8b4e4b019f76d2950270b391af5: > > Merge tag 'qemu-sparc-20240404' of https://github.com/mcayland/qemu into > staging (2024-04-04 15:28:06 +0100) > > are available in the Git repository at: > >

[PATCH] hw/dma: prevent overflow in soc_dma_set_request

ch->num can reach values up to 31. Add casting to a larger type before performing left shift to prevent integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: afbb5194d4 ("Handle on-chip DMA controllers in one place, convert OMAP DMA to use it.") Signed-off-by

Re: [PATCH v2 0/3] qtest/migration: Fixes around multifd_tcp_channels_none migration qtest

On Tue, Apr 09, 2024 at 11:00:08AM +, Het Gala wrote: > With the introduction of new patchset to have 'channels' as the start > argument of migrate QAPIs instead of 'uri' (tests/qtest/migration: Add > tests for introducing 'channels' argument in migrate QAPIs), a few minor > issues got went unn

Re: [PATCH] hw/dma: prevent overflow in soc_dma_set_request

On Tue, 9 Apr 2024 at 12:54, Anastasia Belova wrote: > > ch->num can reach values up to 31. Add casting to > a larger type before performing left shift to > prevent integer overflow. If ch->num can only reach up to 31, then 1 << ch->num is fine, because QEMU can assume that integers are 32 bits,

Re: [PATCH-for-9.0? 2/2] hw/net/lan9118: Fix overflow in TX FIFO

On 8/4/24 16:24, Peter Maydell wrote: On Mon, 8 Apr 2024 at 11:52, Philippe Mathieu-Daudé wrote: When the TX FIFO is full, raise the TX Status FIFO Overflow (TXSO) flag, "Generated when the TX Status FIFO overflows" [*]. This doesn't sound right. The TX Status FIFO and the TX Data FIFO are s

Re: [PATCH] target/riscv/cpu_helper.c: fix wrong exception raise

On 3/29/24 10:45, Alexei Filippov wrote: Successed two stage translation, but failed pmp check can cause guest page fault instead of regular page fault. In case of execution ld instuction in VS mode we can face situation when two stages of translation was passed successfully, and if PMP check

Re: [PATCH 1/1] virtio-net: fix bug 1451 aka "assert(!virtio_net_get_subqueue(nc)->async_tx.elem);"

On Mon, Apr 08, 2024 at 03:26:35PM +0800, Jason Wang wrote: > On Fri, Apr 5, 2024 at 7:22 PM Alexey Dobriyan > wrote: > > > > Don't send zero length packets in virtio_net_flush_tx(). > > > > Reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1451 > > creates small packet (1 segment, le

Re: [PATCH] edk2: get version + date from git submodule

On Mon, 25 Mar 2024 at 14:45, Gerd Hoffmann wrote: > > Turned out hard-coding version and date in the Makefile wasn't a bright > idea. Updating it on edk2 updates is easily forgotten. Fetch the info > from git instead. > > Signed-off-by: Gerd Hoffmann > --- > roms/Makefile | 7 +-- > 1 fil

Re: [PATCH] hw/dma: prevent overflow in soc_dma_set_request

On 9/4/24 14:02, Peter Maydell wrote: On Tue, 9 Apr 2024 at 12:54, Anastasia Belova wrote: ch->num can reach values up to 31. Add casting to a larger type before performing left shift to prevent integer overflow. If ch->num can only reach up to 31, then 1 << ch->num is fine, because QEMU can

Re: [PATCH] hw/dma: prevent overflow in soc_dma_set_request

09/04/24 15:02, Peter Maydell пишет: On Tue, 9 Apr 2024 at 12:54, Anastasia Belova wrote: ch->num can reach values up to 31. Add casting to a larger type before performing left shift to prevent integer overflow. If ch->num can only reach up to 31, then 1 << ch->num is fine, because QEMU can

[PATCH-for-9.0 v2 01/11] hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition

The magic 2048 is explained in the LAN9211 datasheet (DS2414A) in chapter 1.4, "10/100 Ethernet MAC": The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs. [...] Signed-off-by: Philippe Mathieu-

Re: [PATCH] hw/dma: prevent overflow in soc_dma_set_request

On Tue, 9 Apr 2024 at 14:32, Anastasia Belova wrote: > > > > 09/04/24 15:02, Peter Maydell пишет: > > On Tue, 9 Apr 2024 at 12:54, Anastasia Belova wrote: > >> ch->num can reach values up to 31. Add casting to > >> a larger type before performing left shift to > >> prevent integer overflow. > > I

[PATCH-for-9.0 v2 00/11] hw/net/lan9118: Fix overflow in TX FIFO

Fix for https://gitlab.com/qemu-project/qemu/-/issues/2267 Since v1: - Renamed definition as MIL_TXFIFO_SIZE - Addressed Peter review comments in patches 1 & 2 (add comment, return TXE INT) - Trivial patches while digesting Peter's analysis [*] More work expected during 9.1. [*] https://lore.

[PATCH-for-9.1 v2 03/11] hw/net/lan9118: Remove duplicated assignment

s->txp->fifo_used is zeroed in the next 3 lines. Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index 91d81b410b..d6f0e37eb1 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -438,7 +438,6 @@

[PATCH-for-9.1 v2 05/11] hw/net/lan9118: Add definitions for FIFO allocated sizes

Add definitions for the TX_FIF_SZ=5 case, per TABLE 5-3 "VALID TX/RX FIFO ALLOCATIONS". Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index a6a869de32..00409927fe 100644 --- a/hw/net

[PATCH-for-9.0 v2 02/11] hw/net/lan9118: Fix overflow in MIL TX FIFO

When the MAC Interface Layer (MIL) transmit FIFO is full, truncate the packet, and raise the Transmitter Error (TXE) flag. Broken since model introduction in commit 2a42499017 ("LAN9118 emulation"). When using the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/2267 we get: hw/ne

[PATCH-for-9.1 v2 08/11] hw/net/lan9118: Use RX_STATUS_FIFO_BYTES definition

rx_status_fifo[] is an array of words, rx_status_fifo_size is a word count. Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index a983ce193b..cace22381d 100644 --- a/hw/net

[PATCH-for-9.1 v2 04/11] hw/net/lan9118: Replace magic '5' value by TX_FIF_SZ_RESET definition

TX_FIF_SZ is described in chapter 5.3.9, "HW_CFG — HARDWARE CONFIGURATION REGISTER". Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index d6f0e37eb1..a6a869de32 100644 --- a/hw/

[PATCH-for-9.1 v2 09/11] hw/net/lan9118: Rename rx_status_fifo_size -> rx_status_fifo_wordcount

rx_status_fifo_size is a word count, rename it to avoid confusion. Suggested-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index cace22381d..66

[PATCH-for-9.1 v2 10/11] hw/net/lan9118: Use RX_DATA_FIFO_BYTES definition

rx_fifo[] is an array of words, rx_fifo_size is a word count. Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index 663776f575..56cc52d450 100644 --- a/hw/net/lan9118.c +++

[PATCH-for-9.1 v2 06/11] hw/net/lan9118: Use TX_DATA_FIFO_BYTES definition

Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index 00409927fe..ba92681e2e 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -456,7 +456,7 @@ static void lan9118_reset(Device

[PATCH-for-9.1 v2 11/11] hw/net/lan9118: Rename rx_fifo_size -> rx_fifo_wordcount

rx_fifo_size is a word count, rename it to avoid confusion. Suggested-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 21 +++-- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index 56cc52d450..3d

[PATCH-for-9.1 v2 07/11] hw/net/lan9118: Rename tx_fifo_size -> tx_fifo_bytes

tx_fifo_size is a byte count, rename it to avoid confusion. Signed-off-by: Philippe Mathieu-Daudé --- hw/net/lan9118.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index ba92681e2e..a983ce193b 100644 --- a/hw/net/lan9118.c +++

Re: [PATCH-for-9.0 v2 01/11] hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > The magic 2048 is explained in the LAN9211 datasheet (DS2414A) > in chapter 1.4, "10/100 Ethernet MAC": > > The MAC Interface Layer (MIL), within the MAC, contains a > 2K Byte transmit and a 128 Byte receive FIFO which is separ

Re: [PATCH-for-9.0 v2 02/11] hw/net/lan9118: Fix overflow in MIL TX FIFO

On Tue, 9 Apr 2024 at 14:38, Philippe Mathieu-Daudé wrote: > > When the MAC Interface Layer (MIL) transmit FIFO is full, > truncate the packet, and raise the Transmitter Error (TXE) > flag. > > Broken since model introduction in commit 2a42499017 > ("LAN9118 emulation"). > > When using the reprodu

Re: [PATCH-for-9.1 v2 03/11] hw/net/lan9118: Remove duplicated assignment

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > s->txp->fifo_used is zeroed in the next 3 lines. > > Signed-off-by: Philippe Mathieu-Daudé > --- > hw/net/lan9118.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c > index 91d81b410b..d6f0e

Re: [PATCH-for-9.1 v2 04/11] hw/net/lan9118: Replace magic '5' value by TX_FIF_SZ_RESET definition

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > TX_FIF_SZ is described in chapter 5.3.9, > "HW_CFG — HARDWARE CONFIGURATION REGISTER". > > Signed-off-by: Philippe Mathieu-Daudé > --- Reviewed-by: Peter Maydell thanks -- PMM

Re: [PATCH-for-9.1 v2 05/11] hw/net/lan9118: Add definitions for FIFO allocated sizes

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > Add definitions for the TX_FIF_SZ=5 case, per TABLE 5-3 > "VALID TX/RX FIFO ALLOCATIONS". > > Signed-off-by: Philippe Mathieu-Daudé > --- > hw/net/lan9118.c | 11 +++ > 1 file changed, 11 insertions(+) > > diff --git a/hw/net

Re: [PATCH-for-9.1 v2 07/11] hw/net/lan9118: Rename tx_fifo_size -> tx_fifo_bytes

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > tx_fifo_size is a byte count, rename it to avoid confusion. But we don't consistently use it as a byte count. In tx_fifo_push(): if (s->txp->fifo_used == s->tx_fifo_size) { s->int_sts |= TDFO_INT; return; } w

Re: [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

On 8/4/24 17:45, Mauro Matteo Cascella wrote: On Mon, Apr 8, 2024 at 10:36 AM Philippe Mathieu-Daudé wrote: Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446 Does hw/block/nand meet the security requirements for CVE assignment? => https://www.qemu.org/docs/master/system/security.ht

[PATCH-for-9.0 v2 2/3] hw/block/nand: Have blk_load() take unsigned offset and return boolean

Negative offset is meaningless, use unsigned type. Return a boolean value indicating success. Reviewed-by: Richard Henderson Reviewed-by: Kevin Wolf Signed-off-by: Philippe Mathieu-Daudé --- hw/block/nand.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/hw/

Re: [PATCH-for-9.1 v2 08/11] hw/net/lan9118: Use RX_STATUS_FIFO_BYTES definition

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > rx_status_fifo[] is an array of words, > rx_status_fifo_size is a word count. > > Signed-off-by: Philippe Mathieu-Daudé > --- > hw/net/lan9118.c | 9 + > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/hw/net

[PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446 Since v1: - Addressed Kevin trivial suggestions (unsigned offset) Philippe Mathieu-Daudé (3): hw/block/nand: Factor nand_load_iolen() method out hw/block/nand: Have blk_load() take unsigned offset and return boolean hw/block/nand: F

[PATCH-for-9.0 v2 1/3] hw/block/nand: Factor nand_load_iolen() method out

Reviewed-by: Richard Henderson Reviewed-by: Kevin Wolf Signed-off-by: Philippe Mathieu-Daudé --- hw/block/nand.c | 35 ++- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/hw/block/nand.c b/hw/block/nand.c index d1435f2207..f33eb2d552 100644 --- a/

[PATCH-for-9.0 v2 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

nand_command() and nand_getio() don't check @offset points into the block, nor the available data length (s->iolen) is not negative. In order to fix: - check the offset is in range in nand_blk_load_NAND_PAGE_SIZE(), - do not set @iolen if blk_load() failed. Reproducer: $ cat << EOF | qemu-sys

Re: [PATCH-for-9.1 v2 09/11] hw/net/lan9118: Rename rx_status_fifo_size -> rx_status_fifo_wordcount

On Tue, 9 Apr 2024 at 14:38, Philippe Mathieu-Daudé wrote: > > rx_status_fifo_size is a word count, rename it to avoid confusion. > > Suggested-by: Peter Maydell > Signed-off-by: Philippe Mathieu-Daudé > --- > hw/net/lan9118.c | 16 > 1 file changed, 8 insertions(+), 8 deletion

Re: [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

On 9/4/24 15:59, Philippe Mathieu-Daudé wrote: Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446 Since v1: - Addressed Kevin trivial suggestions (unsigned offset) $ git backport-diff Key: [] : patches are identical [] : number of functional differences between upstream/downstr

Re: [PATCH-for-9.1 v2 10/11] hw/net/lan9118: Use RX_DATA_FIFO_BYTES definition

On Tue, 9 Apr 2024 at 14:39, Philippe Mathieu-Daudé wrote: > > rx_fifo[] is an array of words, > rx_fifo_size is a word count. True, but that's not why rx_fifo[] has been sized to 3360. It's 3360 because that is the worst-case RX data FIFO size in words (if TX_FIF_SZ is 2 then the RX data FIFO is

Re: [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

Am 09.04.2024 um 15:59 hat Philippe Mathieu-Daudé geschrieben: > Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446 > > Since v1: > - Addressed Kevin trivial suggestions (unsigned offset) You already kept the Reviewed-by tags, but looks good to me. Kevin

Re: [PATCH] edk2: get version + date from git submodule

On Tue, 9 Apr 2024 at 15:14, Gerd Hoffmann wrote: > > Hi, > > > > + --version-override "$(EDK2_STABLE)-for-qemu" \ > > > + --release-date "$(EDK2_DATE)" \ > > > > Hi -- I've just noticed that we never made this change to > > automate the date/version for EDK2 ROMs, bu

Re: [PATCH] xen-hvm: Avoid livelock while handling buffered ioreqs

On Tue, Apr 9, 2024 at 11:20 AM Anthony PERARD wrote: > > On Thu, Apr 04, 2024 at 03:08:33PM +0100, Ross Lagerwall wrote: > > diff --git a/hw/xen/xen-hvm-common.c b/hw/xen/xen-hvm-common.c > > index 1627da739822..1116b3978938 100644 > > --- a/hw/xen/xen-hvm-common.c > > +++ b/hw/xen/xen-hvm-common

Re: [PATCH v2 0/3] edk2: get version + date from git submodule

On Wed, 27 Mar 2024 at 10:26, Gerd Hoffmann wrote: > > v2 changes: > - store version information in git > > Gerd Hoffmann (3): > edk2: get version + date from git submodule > edk2: commit version info > edk2/seabios: use common extra version > > roms/Makefile | 25 ++---

Re: [PATCH v2 1/3] edk2: get version + date from git submodule

On Wed, 27 Mar 2024 at 10:26, Gerd Hoffmann wrote: > > Turned out hard-coding version and date in the Makefile wasn't a bright > idea. Updating it on edk2 updates is easily forgotten. Fetch the info > from git instead. Store in edk2-version, so this can be committed to > the repo and is present

Re: [PATCH-for-9.0 v2 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer

On 9/4/24 16:18, Kevin Wolf wrote: Am 09.04.2024 um 15:59 hat Philippe Mathieu-Daudé geschrieben: Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446 Since v1: - Addressed Kevin trivial suggestions (unsigned offset) You already kept the Reviewed-by tags, but looks good to me. Less wo

Re: [PATCH] edk2: get version + date from git submodule

Hi, > > + --version-override "$(EDK2_STABLE)-for-qemu" \ > > + --release-date "$(EDK2_DATE)" \ > > Hi -- I've just noticed that we never made this change to > automate the date/version for EDK2 ROMs, but we also never > updated the version by hand. So at the moment w

  1   2   3   >