Branch: refs/heads/stable-8.2
Home: https://github.com/qemu/qemu
Commit: bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9
https://github.com/qemu/qemu/commit/bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2024-04-27 (Sat, 27 Apr 2024)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using
kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when
running with TARGET_RISCV64. The most likely reason why no one noticed
this is because we're not implementing kvm_cpu_synchronize_state() in
RISC-V yet.
Create a new helper that returns a KVM ID with u32 size and use it in
RISCV_FP_F_REG().
Reported-by: Andrew Jones <ajo...@ventanamicro.com>
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Message-ID: <20231208183835.2411523-2-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 125b95d79e746cbab6b72683b3382dd372e38c61
https://github.com/qemu/qemu/commit/125b95d79e746cbab6b72683b3382dd372e38c61
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2024-04-27 (Sat, 27 Apr 2024)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in
RISCV_FP_D_REG() ends up encoding the wrong size if we're running with
TARGET_RISCV32.
Create a new helper that returns a KVM ID with u64 size and use it with
RISCV_FP_D_REG().
Reported-by: Andrew Jones <ajo...@ventanamicro.com>
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Message-ID: <20231208183835.2411523-3-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: cbae1080988e0f1af0fb4c816205f7647f6de16f
https://github.com/qemu/qemu/commit/cbae1080988e0f1af0fb4c816205f7647f6de16f
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2024-04-27 (Sat, 27 Apr 2024)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: change timer regs size to u64
KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at
this moment we'll return u32 regs if we're running a RISCV32 target.
Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it.
Reported-by: Andrew Jones <ajo...@ventanamicro.com>
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Message-ID: <20231208183835.2411523-4-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 55b88e61edcd472ad8e1222acacaf7ded0f18c20
https://github.com/qemu/qemu/commit/55b88e61edcd472ad8e1222acacaf7ded0f18c20
Author: Li Zhijian <lizhij...@fujitsu.com>
Date: 2024-04-28 (Sun, 28 Apr 2024)
Changed paths:
M migration/colo.c
Log Message:
-----------
migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion
`!qemu_in_coroutine()' failed.
bdrv_activate_all() should not be called from the coroutine context, move
it to the QEMU thread colo_process_incoming_thread() with the bql_lock
protected.
The backtrace is as follows:
#4 0x0000561af7948362 in bdrv_graph_rdlock_main_loop () at
../block/graph-lock.c:260
#5 0x0000561af7907a68 in graph_lockable_auto_lock_mainloop (x=0x7fd29810be7b)
at /patch/to/qemu/include/block/graph-lock.h:259
#6 0x0000561af79167d1 in bdrv_activate_all (errp=0x7fd29810bed0) at
../block.c:6906
#7 0x0000561af762b4af in colo_incoming_co () at ../migration/colo.c:935
#8 0x0000561af7607e57 in process_incoming_migration_co (opaque=0x0) at
../migration/migration.c:793
#9 0x0000561af7adbeeb in coroutine_trampoline (i0=-106876144, i1=22042) at
../util/coroutine-ucontext.c:175
#10 0x00007fd2a5cf21c0 in () at /lib64/libc.so.6
Cc: qemu-sta...@nongnu.org
Cc: Fabiano Rosas <faro...@suse.de>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2277
Fixes: 2b3912f135 ("block: Mark bdrv_first_blk() and bdrv_is_root_node()
GRAPH_RDLOCK")
Signed-off-by: Li Zhijian <lizhij...@fujitsu.com>
Reviewed-by: Zhang Chen <chen.zh...@intel.com>
Tested-by: Zhang Chen <chen.zh...@intel.com>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Link: https://lore.kernel.org/r/20240417025634.1014582-1-lizhij...@fujitsu.com
Signed-off-by: Peter Xu <pet...@redhat.com>
(cherry picked from commit 2cc637f1ea08d2a1b19fc5b1a30bc609f948de93)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: fixup bql_lock() => qemu_mutex_lock_iothread() for
v8.2.0-444-g195801d700c0
"system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()")
Commit: 6fee9efc2e9e3e32c080462b02e9f69f7060316d
https://github.com/qemu/qemu/commit/6fee9efc2e9e3e32c080462b02e9f69f7060316d
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2024-04-28 (Sun, 28 Apr 2024)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
This setsockopt accepts zero-lengh optlen (current qemu implementation
does not allow this). Also, there's no need to make a copy of the key,
it is enough to use lock_user() (which accepts zero length already).
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2197
Fixes: f31dddd2fc "linux-user: Add support for setsockopt() option SOL_ALG"
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Message-Id: <20240331100737.2724186-2-...@tls.msk.ru>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 04f6fb897a5aeb3e356a7b889869c9962f9c16c7)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: cb4c222add20b00ec0b41ba8ea106a592ee9b899
https://github.com/qemu/qemu/commit/cb4c222add20b00ec0b41ba8ea106a592ee9b899
Author: Zhu Yangyang <zhuyangyan...@huawei.com>
Date: 2024-04-28 (Sun, 28 Apr 2024)
Changed paths:
M nbd/client.c
M nbd/common.c
M nbd/nbd-internal.h
M nbd/server.c
Log Message:
-----------
nbd/server: do not poll within a coroutine context
Coroutines are not supposed to block. Instead, they should yield.
The client performs TLS upgrade outside of an AIOContext, during
synchronous handshake; this still requires g_main_loop. But the
server responds to TLS upgrade inside a coroutine, so a nested
g_main_loop is wrong. Since the two callbacks no longer share more
than the setting of data.complete and data.error, it's just as easy to
use static helpers instead of trying to share a common code path. It
is also possible to add assertions that no other code is interfering
with the eventual path to qio reaching the callback, whether or not it
required a yield or main loop.
Fixes: f95910f ("nbd: implement TLS support in the protocol negotiation")
Signed-off-by: Zhu Yangyang <zhuyangyan...@huawei.com>
[eblake: move callbacks to their use point, add assertions]
Signed-off-by: Eric Blake <ebl...@redhat.com>
Message-ID: <20240408160214.1200629-5-ebl...@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
(cherry picked from commit ae6d91a7e9b77abb029ed3fa9fad461422286942)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 37751067b175afc3ba3cc970a7c9d90f595c61c0
https://github.com/qemu/qemu/commit/37751067b175afc3ba3cc970a7c9d90f595c61c0
Author: Eric Blake <ebl...@redhat.com>
Date: 2024-04-28 (Sun, 28 Apr 2024)
Changed paths:
M nbd/server.c
Log Message:
-----------
nbd/server: Mark negotiation functions as coroutine_fn
nbd_negotiate() is already marked coroutine_fn. And given the fix in
the previous patch to have nbd_negotiate_handle_starttls not create
and wait on a g_main_loop (as that would violate coroutine
constraints), it is worth marking the rest of the related static
functions reachable only during option negotiation as also being
coroutine_fn.
Suggested-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
Signed-off-by: Eric Blake <ebl...@redhat.com>
Message-ID: <20240408160214.1200629-6-ebl...@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
[eblake: drop one spurious coroutine_fn marking]
Signed-off-by: Eric Blake <ebl...@redhat.com>
(cherry picked from commit 4fa333e08dd96395a99ea8dd9e4c73a29dd23344)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: f6abce29cc4afa0445cb3b29a265a114ac9fa744
https://github.com/qemu/qemu/commit/f6abce29cc4afa0445cb3b29a265a114ac9fa744
Author: Li Zhijian <lizhij...@fujitsu.com>
Date: 2024-04-30 (Tue, 30 Apr 2024)
Changed paths:
M backends/cryptodev-builtin.c
Log Message:
-----------
backends/cryptodev-builtin: Fix local_error leaks
It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Signed-off-by: Li Zhijian <lizhij...@fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: zhenwei pi <pizhen...@bytedance.com>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(cherry picked from commit 06479dbf3d7d245572c4b3016e5a1d923ff04d66)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7e5f59326ddfef04154a9f4ae1f97893ce8aa142
https://github.com/qemu/qemu/commit/7e5f59326ddfef04154a9f4ae1f97893ce8aa142
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2024-04-30 (Tue, 30 Apr 2024)
Changed paths:
M target/loongarch/cpu.c
Log Message:
-----------
target/loongarch/cpu.c: typo fix: expection
Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert
failed with the option '-d int'")
Fixes: ef9b43bb8e2d (in stable-8.2)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 0cbb322f70e8a87e4acbffecef5ea8f9448f3513)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5b5655fdb75f9b31dbfc65697349b3cc7d52330a
https://github.com/qemu/qemu/commit/5b5655fdb75f9b31dbfc65697349b3cc7d52330a
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M tests/avocado/boot_linux_console.py
M tests/avocado/replay_kernel.py
Log Message:
-----------
tests/avocado: update sunxi kernel from armbian to 6.6.16
The Linux kernel 5.10.16 binary for sunxi has been removed from
apt.armbian.com. This means that the avocado tests for these machines
will be skipped (status CANCEL) if the old binary isn't present in
the avocado cache.
Update to 6.6.16, in the same way we did in commit e384db41d8661
when we moved to 5.10.16 in 2021.
Cc: qemu-sta...@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2284
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Strahinja Jankovic <strahinja.p.janko...@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenb...@gmail.com>
Tested-by: Niek Linnenbank <nieklinnenb...@gmail.com>
Message-id: 20240415151845.1564201-1-peter.mayd...@linaro.org
(cherry picked from commit dcc5c018c7e6acddf81951bcbdf1019b9ab45f56)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5479d911bc8f769a914668f65bf04f30fb64627d
https://github.com/qemu/qemu/commit/5479d911bc8f769a914668f65bf04f30fb64627d
Author: Thomas Huth <th...@redhat.com>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M .gitlab-ci.d/cirrus.yml
Log Message:
-----------
.gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs
Cirrus-CI introduced limitations to the free CI minutes. To avoid that
we are consuming them too fast, let's drop the usual targets that are
not that important since they are either a subset of another target
(like i386 or ppc being a subset of x86_64 or ppc64 respectively), or
since there is still a similar target with the opposite endianness
(like xtensa/xtensael, microblaze/microblazeel etc.).
Message-ID: <20240429100113.53357-1-th...@redhat.com>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit a88a04906b966ffdcda23a5a456abe10aa8c826e)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d5cf8bed29870b6f9f2c26892acdc889033894d9
https://github.com/qemu/qemu/commit/d5cf8bed29870b6f9f2c26892acdc889033894d9
Author: Jeuk Kim <jeuk20....@samsung.com>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M hw/ufs/ufs.c
Log Message:
-----------
hw/ufs: Fix buffer overflow bug
It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.
You can reproduce it by:
cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000058 0x1 0xa7
write 0xa 0x1 0x50
EOF
Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma <zheyum...@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20....@samsung.com>
(cherry picked from commit f2c8aeb1afefcda92054c448b21fc59cdd99db30)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: dfcbb9ef240378e5a97566bdad0296a7b7fd7c60
https://github.com/qemu/qemu/commit/dfcbb9ef240378e5a97566bdad0296a7b7fd7c60
Author: Alexandra Diupina <adiup...@astralinux.ru>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M hw/dma/xlnx_dpdma.c
Log Message:
-----------
hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field
However, we misimplemented this address extension in several ways:
* we only extracted 12 bits of the extension fields, not 16
* we didn't shift the extension field up far enough
* we accidentally did the shift as 32-bit arithmetic, which
meant that we would have an overflow instead of setting
bits [47:32] of the resulting 64-bit address
Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Cc: qemu-sta...@nongnu.org
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiup...@astralinux.ru>
Message-id: 20240428181131.23801-1-adiup...@astralinux.ru
[PMM: adjusted commit message]
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 4b00855f0ee2e2eee8fd2500ffef27c108be6dc3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7b4804c965643d30ad0aed8cafe9b762381cfeb5
https://github.com/qemu/qemu/commit/7b4804c965643d30ad0aed8cafe9b762381cfeb5
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2024-05-02 (Thu, 02 May 2024)
Changed paths:
M hw/arm/npcm7xx.c
Log Message:
-----------
hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
Use little endian for derivative OTP fuse key.
Cc: qemu-sta...@nongnu.org
Fixes: c752bb079b ("hw/nvram: NPCM7xx OTP device model")
Suggested-by: Avi Fishman <avi.fish...@nuvoton.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20240422125813.1403-1-phi...@linaro.org
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit eb656a60fd93262b1e519b3162888bf261df7f68)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: dc5390a0ca23e3811f793fe15b40ba2a47c4729b
https://github.com/qemu/qemu/commit/dc5390a0ca23e3811f793fe15b40ba2a47c4729b
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2024-05-04 (Sat, 04 May 2024)
Changed paths:
M target/sh4/translate.c
M tests/tcg/sh4/Makefile.target
A tests/tcg/sh4/test-addv.c
Log Message:
-----------
target/sh4: Fix ADDV opcode
The documentation says:
ADDV Rm, Rn Rn + Rm -> Rn, overflow -> T
But QEMU implementation was:
ADDV Rm, Rn Rn + Rm -> Rm, overflow -> T
Fix by filling the correct Rm register.
Add tests provided by Paul Cercueil.
Cc: qemu-sta...@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <p...@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2317
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Yoshinori Sato <ys...@users.sourceforge.jp>
Message-Id: <20240430163125.77430-2-phi...@linaro.org>
(cherry picked from commit c365e6b0705788866a65e7b8206bd4c5332595cd)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 07d46408cb9837c54a449d56c9af1b6a2d69ec60
https://github.com/qemu/qemu/commit/07d46408cb9837c54a449d56c9af1b6a2d69ec60
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2024-05-04 (Sat, 04 May 2024)
Changed paths:
M target/sh4/translate.c
M tests/tcg/sh4/Makefile.target
A tests/tcg/sh4/test-subv.c
Log Message:
-----------
target/sh4: Fix SUBV opcode
The documentation says:
SUBV Rm, Rn Rn - Rm -> Rn, underflow -> T
The overflow / underflow can be calculated as:
T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31
However we were using the incorrect:
T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31
Fix by using the Rn register instead of Rm.
Add tests provided by Paul Cercueil.
Cc: qemu-sta...@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <p...@crapouillou.net>
Suggested-by: Paul Cercueil <p...@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Yoshinori Sato <ys...@users.sourceforge.jp>
Message-Id: <20240430163125.77430-3-phi...@linaro.org>
(cherry picked from commit e88a856efd1d3c3ffa8e53da4831eff8da290808)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 1332b8dd434674480f0feb2cdf3bbaebb85b4240
https://github.com/qemu/qemu/commit/1332b8dd434674480f0feb2cdf3bbaebb85b4240
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2024-05-13 (Mon, 13 May 2024)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 8.2.4 release
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/8216663a5c88...1332b8dd4346
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
