Select Git revision
Search by author
- Any Author
- authors
-
Adrien Ricciardi
RICCIARDI-Adrien-BayLibre
-
Alexandre Bailon abailon
-
Andrew Stubbs
ams
-
Anne Françoise Gros afgros
-
BayLibreCI baylibreCI
-
Bernhard Rosenkränzer
bero
-
Carlo Caione carlo.caione
-
Christophe Baylibre
BLChristopheCBO
-
Drew Fustini dfustini
-
Guillaume LA ROQUE glaroque
-
Guillaume Pain gpain
-
Guillaume Ranquet granquet
-
Jeremy Robinson jrobinson
-
Jerome Brunet
jbrunet
-
Julien Masson
JulienMasson
-
Julien Morin
jmorin2
-
Julien Stephan jstephan
-
Jérémie Garcia jgarcia
-
Kevin Hilman khilman
-
Markus Schneider-Pargmann msp8
- Mar 30, 2023
-
-
Michael Tokarev authored
Signed-off-by:Michael Tokarev <mjt@tls.msk.ru>
-
- Mar 29, 2023
-
-
Marc-André Lureau authored
On msys2, the shader-to-C script produces bad C: ./ui/shader/texture-blit-vert.h:2:5: error: missing terminating " character [-Werror] Fix it by changing the line ending from crlf to lf, and convert the script to Python (qemu build seems perl-free after that). Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by:
Thomas Huth <thuth@redhat.com> Message-Id: <20230110132700.833690-2-marcandre.lureau@redhat.com> Signed-off-by:
Alex Bennée <alex.bennee@linaro.org> Message-Id: <20230124180127.1881110-6-alex.bennee@linaro.org> (cherry picked from commit e2c4012b) Signed-off-by:
-
Alex Bennée authored
The latest hexagon compiler picks up that we never consume wcount. Given the name of the #define that rcount checks against is WCOUNT_MAX I figured the check just got missed. Signed-off-by:
Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221221090411.1995037-5-alex.bennee@linaro.org> (cherry picked from commit 2bc6c794) Signed-off-by:
-
Anton Johansson authored
* 7.55.0 deprecates CURLINFO_CONTENT_LENGTH_DOWNLOAD in favour of a *_T version, which returns curl_off_t instead of a double. * 7.85.0 deprecates CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS in favour of *_STR variants, specifying the desired protocols via a string. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1440 Signed-off-by:
Anton Johansson <anjo@rev.ng> Message-Id: <20230123201431.23118-1-anjo@rev.ng> Reviewed-by:
Kevin Wolf <kwolf@redhat.com> Signed-off-by:
-
Jason Wang authored
Without dt mode, device IOTLB notifier won't work since guest won't send device IOTLB invalidation descriptor in this case. Let's fail early instead of misbehaving silently. Reviewed-by:
Laurent Vivier <lvivier@redhat.com> Tested-by:
Viktor Prutyanov <viktor@daynix.com> Buglink: https://bugzilla.redhat.com/2156876 Signed-off-by:
Jason Wang <jasowang@redhat.com> Message-Id: <20230223065924.42503-3-jasowang@redhat.com> Reviewed-by:
Peter Xu <peterx@redhat.com> Reviewed-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Jason Wang authored
Without caching mode, MAP notifier won't work correctly since guest won't send IOTLB update event when it establishes new mappings in the I/O page tables. Let's fail the IOMMU notifiers early instead of misbehaving silently. Reviewed-by:
Eric Auger <eric.auger@redhat.com> Tested-by:
-
Yajun Wu authored
After live migration with virtio block device, qemu crash at: #0 0x000055914f46f795 in object_dynamic_cast_assert (obj=0x559151b7b090, typename=0x55914f80fbc4 "qio-channel", file=0x55914f80fb90 "/images/testvfe/sw/qemu.gerrit/include/io/channel.h", line=30, func=0x55914f80fcb8 <__func__.17257> "QIO_CHANNEL") at ../qom/object.c:872 #1 0x000055914f480d68 in QIO_CHANNEL (obj=0x559151b7b090) at /images/testvfe/sw/qemu.gerrit/include/io/channel.h:29 #2 0x000055914f4812f8 in qio_net_listener_set_client_func_full (listener=0x559151b7a720, func=0x55914f580b97 <tcp_chr_accept>, data=0x5591519f4ea0, notify=0x0, context=0x0) at ../io/net-listener.c:166 #3 0x000055914f580059 in tcp_chr_update_read_handler (chr=0x5591519f4ea0) at ../chardev/char-socket.c:637 #4 0x000055914f583dca in qemu_chr_be_update_read_handlers (s=0x5591519f4ea0, context=0x0) at ../chardev/char.c:226 #5 0x000055914f57b7c9 in qemu_chr_fe_set_handlers_full (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false, sync_state=true) at ../chardev/char-fe.c:279 #6 0x000055914f57b86d in qemu_chr_fe_set_handlers (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false) at ../chardev/char-fe.c:304 #7 0x000055914f378caf in vhost_user_async_close (d=0x559152bf21a0, chardev=0x559152bf23a0, vhost=0x559152bf2420, cb=0x55914f2fb8c1 <vhost_user_blk_disconnect>) at ../hw/virtio/vhost-user.c:2725 #8 0x000055914f2fba40 in vhost_user_blk_event (opaque=0x559152bf21a0, event=CHR_EVENT_CLOSED) at ../hw/block/vhost-user-blk.c:395 #9 0x000055914f58388c in chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:61 #10 0x000055914f583905 in qemu_chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:81 #11 0x000055914f581275 in char_socket_finalize (obj=0x5591519f4ea0) at ../chardev/char-socket.c:1083 #12 0x000055914f46f073 in object_deinit (obj=0x5591519f4ea0, type=0x5591519055c0) at ../qom/object.c:680 #13 0x000055914f46f0e5 in object_finalize (data=0x5591519f4ea0) at ../qom/object.c:694 #14 0x000055914f46ff06 in object_unref (objptr=0x5591519f4ea0) at ../qom/object.c:1202 #15 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b76c50, name=0x559151b7b250 "char3", opaque=0x5591519f4ea0) at ../qom/object.c:1747 #16 0x000055914f46ee86 in object_property_del_all (obj=0x559151b76c50) at ../qom/object.c:632 #17 0x000055914f46f0d2 in object_finalize (data=0x559151b76c50) at ../qom/object.c:693 #18 0x000055914f46ff06 in object_unref (objptr=0x559151b76c50) at ../qom/object.c:1202 #19 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b6b560, name=0x559151b76630 "chardevs", opaque=0x559151b76c50) at ../qom/object.c:1747 #20 0x000055914f46ef67 in object_property_del_child (obj=0x559151b6b560, child=0x559151b76c50) at ../qom/object.c:654 #21 0x000055914f46f042 in object_unparent (obj=0x559151b76c50) at ../qom/object.c:673 #22 0x000055914f58632a in qemu_chr_cleanup () at ../chardev/char.c:1189 #23 0x000055914f16c66c in qemu_cleanup () at ../softmmu/runstate.c:830 #24 0x000055914eee7b9e in qemu_default_main () at ../softmmu/main.c:38 #25 0x000055914eee7bcc in main (argc=86, argv=0x7ffc97cb8d88) at ../softmmu/main.c:48 In char_socket_finalize after s->listener freed, event callback function vhost_user_blk_event will be called to handle CHR_EVENT_CLOSED. vhost_user_blk_event is calling qio_net_listener_set_client_func_full which is still using s->listener. Setting s->listener = NULL after object_unref(OBJECT(s->listener)) can solve this issue. Signed-off-by:
Yajun Wu <yajunw@nvidia.com> Acked-by:
Jiri Pirko <jiri@nvidia.com> Message-Id: <20230214021430.3638579-1-yajunw@nvidia.com> Reviewed-by:
-
Carlos López authored
Check the return value for malloc(), avoiding a NULL pointer dereference, and propagate error in function callers. Found with GCC 13 and -fanalyzer: ../subprojects/libvhost-user/libvhost-user.c: In function ‘virtqueue_alloc_element’: ../subprojects/libvhost-user/libvhost-user.c:2556:19: error: dereference of possibly-NULL ‘elem’ [CWE-690] [-Werror=analyzer-possible-null-dereference] 2556 | elem->out_num = out_num; | ~~~~~~~~~~~~~~^~~~~~~~~ ‘virtqueue_alloc_element’: event 1 | | 2554 | assert(sz >= sizeof(VuVirtqElement)); | | ^~~~~~ | | | | | (1) following ‘true’ branch (when ‘sz > 31’)... | ‘virtqueue_alloc_element’: events 2-4 | | 2555 | elem = malloc(out_sg_end); | | ^~~~ ~~~~~~~~~~~~~~~~~~ | | | | | | | (3) this call could return NULL | | (2) ...to here | 2556 | elem->out_num = out_num; | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ‘elem’ could be NULL: unchecked value from (3) | Signed-off-by:Carlos López <clopez@suse.de> Message-Id: <20230210112514.16858-1-clopez@suse.de> Reviewed-by:
-
Carlos López authored
In vhost_svq_poll(), if vhost_svq_get_buf() fails due to a device providing invalid descriptors, len is left uninitialized and returned to the caller, potentally leaking stack data or causing undefined behavior. Fix this by initializing len to 0. Found with GCC 13 and -fanalyzer (abridged): ../hw/virtio/vhost-shadow-virtqueue.c: In function ‘vhost_svq_poll’: ../hw/virtio/vhost-shadow-virtqueue.c:538:12: warning: use of uninitialized value ‘len’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 538 | return len; | ^~~ ‘vhost_svq_poll’: events 1-4 | | 522 | size_t vhost_svq_poll(VhostShadowVirtqueue *svq) | | ^~~~~~~~~~~~~~ | | | | | (1) entry to ‘vhost_svq_poll’ |...... | 525 | uint32_t len; | | ~~~ | | | | | (2) region created on stack here | | (3) capacity: 4 bytes |...... | 528 | if (vhost_svq_more_used(svq)) { | | ~ | | | | | (4) inlined call to ‘vhost_svq_more_used’ from ‘vhost_svq_poll’ (...) | 528 | if (vhost_svq_more_used(svq)) { | | ^~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(8) ...to here | | (7) following ‘true’ branch... |...... | 537 | vhost_svq_get_buf(svq, &len); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) calling ‘vhost_svq_get_buf’ from ‘vhost_svq_poll’ | +--> ‘vhost_svq_get_buf’: events 10-11 | | 416 | static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq, | | ^~~~~~~~~~~~~~~~~ | | | | | (10) entry to ‘vhost_svq_get_buf’ |...... | 423 | if (!vhost_svq_more_used(svq)) { | | ~ | | | | | (11) inlined call to ‘vhost_svq_more_used’ from ‘vhost_svq_get_buf’ | (...) | ‘vhost_svq_get_buf’: event 14 | | 423 | if (!vhost_svq_more_used(svq)) { | | ^ | | | | | (14) following ‘false’ branch... | ‘vhost_svq_get_buf’: event 15 | |cc1: | (15): ...to here | <------+ | ‘vhost_svq_poll’: events 16-17 | | 537 | vhost_svq_get_buf(svq, &len); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (16) returning to ‘vhost_svq_poll’ from ‘vhost_svq_get_buf’ | 538 | return len; | | ~~~ | | | | | (17) use of uninitialized value ‘len’ here Note by Laurent Vivier <lvivier@redhat.com>: The return value is only used to detect an error: vhost_svq_poll vhost_vdpa_net_cvq_add vhost_vdpa_net_load_cmd vhost_vdpa_net_load_mac -> a negative return is only used to detect error vhost_vdpa_net_load_mq -> a negative return is only used to detect error vhost_vdpa_net_handle_ctrl_avail -> a negative return is only used to detect error Fixes: d368c0b0 ("vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush") Signed-off-by: -
Eugenio Pérez authored
Not stopping them leave the device in a bad state when virtio-net fronted device is unplugged with device_del monitor command. This is not triggable in regular poweroff or qemu forces shutdown because cleanup is called right after vhost_vdpa_dev_start(false). But devices hot unplug does not call vdpa device cleanups. This lead to all the vhost_vdpa devices without stop the SVQ but the last. Fix it and clean the code, making it symmetric with vhost_vdpa_svqs_start. Fixes: dff4426f ("vhost: Add Shadow VirtQueue kick forwarding capabilities") Reported-by:
Lei Yang <leiyang@redhat.com> Signed-off-by:
Eugenio Pérez <eperezma@redhat.com> Message-Id: <20230209170004.899472-1-eperezma@redhat.com> Tested-by:
-
Akihiko Odaki authored
The expiration time provided for timer_mod() can overflow if a ridiculously large value is set to the comparator register. The resulting value can represent a past time after rounded, forcing the timer to fire immediately. If the timer is configured as periodic, it will rearm the timer again, and form an endless loop. Check if the expiration value will overflow, and if it will, stop the timer instead of rearming the timer with the overflowed time. This bug was found by Alexander Bulekov when fuzzing igb, a new network device emulation: https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/ The fixed test case is: fuzz/crash_2d7036941dcda1ad4380bb8a9174ed0c949bcefd Fixes: 16b29ae1 ("Add HPET emulation to qemu (Beth Kon)") Signed-off-by:
Akihiko Odaki <akihiko.odaki@daynix.com> Acked-by:
-
Dr. David Alan Gilbert authored
In bad9c5a5 ("virtio-rng-pci: fix migration compat for vectors") I fixed the virtio-rng-pci migration compatibility, but it was discovered that we also need to fix the other aliases of the device for the transitional cases. Fixes: 9ea02e8f ('virtio-rng-pci: Allow setting nvectors, so we can use MSI-X') bz: https://bugzilla.redhat.com/show_bug.cgi?id=2162569 Signed-off-by:
Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20230207174944.138255-1-dgilbert@redhat.com> Reviewed-by:
-
Dr. David Alan Gilbert authored
Fixup the migration compatibility for existing machine types so that they do not enable msi-x. Symptom: (qemu) qemu: get_pci_config_device: Bad config data: i=0x34 read: 84 device: 98 cmask: ff wmask: 0 w1cmask:0 qemu: Failed to load PCIDevice:config qemu: Failed to load virtio-rng:virtio qemu: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-rng' qemu: load of migration failed: Invalid argument Note: This fix will break migration from 7.2->7.2-fixed with this patch bz: https://bugzilla.redhat.com/show_bug.cgi?id=2155749 Fixes: 9ea02e8f ("virtio-rng-pci: Allow setting nvectors, so we can use MSI-X") Signed-off-by:
David Daney <david.daney@fungible.com> Fixes: 9ea02e8f ("virtio-rng-pci: Allow setting nvectors, so we can use MSI-X")<br> Signed-off-by:
Dr. David Alan Gilbert &lt;<a href="mailto:dgilbert@redhat.com" <target="_blank">dgilbert@redhat.com</a>&gt;<br> Reviewed-by:
-
Akihiko Odaki authored
vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free the memory pointed by the member. Fixes: 821d28b8 ("vhost-user-rng: Add vhost-user-rng implementation") Signed-off-by:
-
Akihiko Odaki authored
vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free the memory pointed by the member. Fixes: 7221d3b6 ("hw/virtio: add boilerplate for vhost-user-i2c device") Signed-off-by:
-
Akihiko Odaki authored
vhost_dev_cleanup(), called from vu_gpio_disconnect(), clears vhost_dev so vhost-user-gpio must set the members of vhost_dev each time connecting. do_vhost_user_cleanup() should also acquire the pointer to vqs directly from VHostUserGPIO instead of referring to vhost_dev as it can be called after vhost_dev_cleanup(). Fixes: 27ba7b02 ("hw/virtio: add boilerplate for vhost-user-gpio device") Signed-off-by:
Viresh Kumar <viresh.kumar@linaro.org> Reviewed-by:
-
Michael S. Tsirkin authored
This reverts commit 67f7e426. Additionally to the automatic revert, I went over the code and dropped all mentions of legacy_no_rng_seed manually, effectively reverting a combination of 2 additional commits: commit ffe2d238 Author: Jason A. Donenfeld <Jason@zx2c4.com> Date: Wed Sep 21 11:31:34 2022 +0200 x86: re-enable rng seeding via SetupData commit 3824e25d Author: Gerd Hoffmann <kraxel@redhat.com> Date: Wed Aug 17 10:39:40 2022 +0200 x86: disable rng seeding via setup_data Fixes: 67f7e426 ("hw/i386: pass RNG seed via setup_data entry") Signed-off-by:
Nathan Chancellor <nathan@kernel.org> Tested-by:
Dov Murik <dovmurik@linux.ibm.com> Reviewed-by:
Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 167f4873) Signed-off-by:
-
Michael S. Tsirkin authored
This reverts commit e935b735. Fixes: e935b735 ("x86: return modified setup_data only if read as memory, not as file") Signed-off-by:
-
Michael S. Tsirkin authored
This reverts commit eebb38a5. Fixes: eebb38a5 ("x86: use typedef for SetupData struct") Signed-off-by:
-
Michael S. Tsirkin authored
This reverts commit 763a2828. Fixes: 763a2828 ("x86: reinitialize RNG seed on system reboot") Signed-off-by:
-
Michael S. Tsirkin authored
This reverts commit cc63374a. Fixes: cc63374a ("x86: re-initialize RNG seed when selecting kernel") Signed-off-by:
-
Michael S. Tsirkin authored
This reverts commit 14b29fea. Signed-off-by:
-
Julia Suvorova authored
Since table type 4 of SMBIOS version 2.6 is shorter than 3.0, the strings which follow immediately after the struct fields have been overwritten by unconditional filling of later fields such as core_count2. Make these fields dependent on the SMBIOS version. Fixes: 05e27d74 ("hw/smbios: add core_count2 to smbios table type 4") Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2169904 Signed-off-by:
Julia Suvorova <jusual@redhat.com> Message-Id: <20230223125747.254914-1-jusual@redhat.com> Reviewed-by:
Igor Mammedov <imammedo@redhat.com> Reviewed-by:
Ani Sinha <ani@anisinha.ca> Reviewed-by:
-
Paolo Bonzini authored
Commit 8c460269 ("iscsi: base all handling of check condition on scsi_sense_to_errno", 2019-07-15) removed a "goto out" so that the same coroutine is re-entered twice; once from iscsi_co_generic_cb, once from the timer callback iscsi_retry_timer_expired. This can cause a crash. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1378 Reported-by: Grzegorz Zdanowski <https://gitlab.com/kiler129 > Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 5080152e) Signed-off-by:
-
Richard Henderson authored
We did not correctly handle N >= operand size. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1374 Signed-off-by:
Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230114233206.3118472-1-richard.henderson@linaro.org> Signed-off-by:
-
Paolo Bonzini authored
When ADCX is followed by ADOX or vice versa, the second instruction's carry comes from EFLAGS and the condition codes use the CC_OP_ADCOX operation. Retrieving the carry from EFLAGS is handled by this bit of gen_ADCOX: tcg_gen_extract_tl(carry_in, cpu_cc_src, ctz32(cc_op == CC_OP_ADCX ? CC_C : CC_O), 1); Unfortunately, in this case cc_op has been overwritten by the previous "if" statement to CC_OP_ADCOX. This works by chance when the first instruction is ADCX; however, if the first instruction is ADOX, ADCX will incorrectly take its carry from OF instead of CF. Fix by moving the computation of the new cc_op at the end of the function. The included exhaustive test case fails without this patch and passes afterwards. Because ADCX/ADOX need not be invoked through the VEX prefix, this regression bisects to commit 16fc5726 ("target/i386: reimplement 0x0f 0x38, add AVX", 2022-10-18). However, the mistake happened a little earlier, when BMI instructions were rewritten using the new decoder framework. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1471 Reported-by: Paul Jolly <https://gitlab.com/myitcv > Fixes: 1d0b9261 ("target/i386: move scalar 0F 38 and 0F 3A instruction to new decoder", 2022-10-18) Cc: qemu-stable@nongnu.org Signed-off-by: -
Richard Henderson authored
We forgot to set cc_src, which is used for computing C. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1370 Signed-off-by:
-
Richard Henderson authored
There were two problems here: not limiting the input to operand bits, and not correctly handling large extraction length. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1372 Signed-off-by:
-
Richard Henderson authored
Define reg_t based on the actual register width. Define the inlines using that type. This will allow input registers to 32-bit insns to be set to 64-bit values on x86-64, which allows testing various edge cases. Signed-off-by:
-
Stefan Hajnoczi authored
When a write request is converted into a write zeroes request by the detect-zeroes= feature, it is no longer associated with an I/O buffer. The BDRV_REQ_REGISTERED_BUF flag doesn't make sense without an I/O buffer and must be cleared because bdrv_co_do_pwrite_zeroes() fails with -EINVAL when it's set. Fiona Ebner <f.ebner@proxmox.com> bisected and diagnosed this QEMU 7.2 regression where writes containing zeroes to a blockdev with discard=unmap,detect-zeroes=unmap fail. Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1404 Fixes: e8b65355 ("block: add BDRV_REQ_REGISTERED_BUF request flag") Tested-by:
Fiona Ebner <f.ebner@proxmox.com> Cc: qemu-stable@nongnu.org Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Hanna Czenczek <hreitz@redhat.com> Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20230207203719.242926-2-stefanha@redhat.com> (cherry picked from commit 3c586715) Signed-off-by:
-
Kevin Wolf authored
In order to write the bitmap table to the image file, it is converted to big endian. If the write fails, it is passed to clear_bitmap_table() to free all of the clusters it had allocated before. However, if we don't convert it back to native endianness first, we'll free things at a wrong offset. In practical terms, the offsets will be so high that we won't actually free any allocated clusters, but just run into an error, but in theory this can cause image corruption. Cc: qemu-stable@nongnu.org Signed-off-by:
-
David Hildenbrand authored
Unfortunately, commit f7b9dcfb broke populate_read_range(): the loop end condition is very wrong, resulting in that function not populating the full range. Lets' fix that. Fixes: f7b9dcfb ("migration/ram: Factor out populating pages readable in ram_block_populate_pages()") Cc: qemu-stable@nongnu.org Reviewed-by:
Juan Quintela <quintela@redhat.com> Signed-off-by:
David Hildenbrand <david@redhat.com> Signed-off-by:
-
David Hildenbrand authored
If something goes wrong during uffd_change_protection(), we would miss to unregister uffd-wp and not release our reference. Fix it by performing the uffd_change_protection(true) last. Note that a uffd_change_protection(false) on the recovery path without a prior uffd_change_protection(false) is fine. Fixes: 278e2f55 ("migration: support UFFD write fault processing in ram_save_iterate()") Cc: qemu-stable@nongnu.org Reviewed-by:
-
Richard Henderson authored
Conversion to probe_access_full missed applying the page offset. Cc: qemu-stable@nongnu.org Reported-by:
Sid Manning <sidneym@quicinc.com> Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 9d2617ac) Signed-off-by:
-
Richard Henderson authored
During the conversion, the test against get_phys_addr_lpae got inverted, meaning that successful translations went to the 'failed' label. Cc: qemu-stable@nongnu.org Fixes: f3639a64 ("target/arm: Use softmmu tlbs for page table walking") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1417 Signed-off-by:
-
Evgeny Iakovlev authored
ARM trusted firmware, when built with FEAT_HCX support, sets SCR_EL3.HXEn bit to allow EL2 to modify HCRX_EL2 register without trapping it in EL3. Qemu uses a valid mask to clear unsupported SCR_EL3 bits when emulating SCR_EL3 write, and that mask doesn't include SCR_EL3.HXEn bit even if FEAT_HCX is enabled and exposed to the guest. As a result EL3 writes of that bit are ignored. Cc: qemu-stable@nongnu.org Signed-off-by:
Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Message-id: 20230105221251.17896-4-eiakovlev@linux.microsoft.com Reviewed-by:
-
Richard Henderson authored
Don't dereference CPUTLBEntryFull until we verify that the page is valid. Move the other user-only info field updates after the valid check to match. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1412 Signed-off-by:
-
Paolo Bonzini authored
configure uses "pkg-config" directly so that GLIB_VERSION is always based on host glib version. To correctly handle cross-compilation it should use "$pkg_config" and take GLIB_VERSION from the cross-compiled glib. Reported-by:
Валентин <val15032008@mail.ru> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1414 Cc: qemu-stable@nongnu.org Signed-off-by:
-
Klaus Jensen authored
Prior to reading the shadow doorbell cq head, we have to update the eventidx. Otherwise, we risk that the driver will skip an mmio doorbell write. This happens on riscv64, as reported by Guenter. Adding the missing update to the cq eventidx fixes the issue. Fixes: 3f7fe8de ("hw/nvme: Implement shadow doorbell buffer support") Cc: qemu-stable@nongnu.org Cc: qemu-riscv@nongnu.org Reported-by:
Guenter Roeck <linux@roeck-us.net> Reviewed-by:
Keith Busch <kbusch@kernel.org> Signed-off-by:
Klaus Jensen <k.jensen@samsung.com> (cherry picked from commit fa5db2aa) Signed-off-by:
-
Klaus Jensen authored
The eventidx and doorbell value are not handling endianness correctly. Fix this. Fixes: 3f7fe8de ("hw/nvme: Implement shadow doorbell buffer support") Cc: qemu-stable@nongnu.org Reported-by:
-
