Branch: refs/heads/staging-8.1
Home: https://github.com/qemu/qemu
Commit: 3a2d501916dd392af400a6748fc5efb8baef05f2
https://github.com/qemu/qemu/commit/3a2d501916dd392af400a6748fc5efb8baef05f2
Author: Kevin Wolf <[email protected]>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M block/qapi-sysemu.c
Log Message:
-----------
block: Fix locking in media change monitor commands
blk_insert_bs() requires that the caller holds the AioContext lock for
the node to be inserted. Since commit c066e808e11, neglecting to do so
causes a crash when the child has to be moved to a different AioContext
to attach it to the BlockBackend.
This fixes qmp_blockdev_insert_anon_medium(), which is called for the
QMP commands 'blockdev-insert-medium' and 'blockdev-change-medium', to
correctly take the lock.
Cc: [email protected]
Fixes: https://issues.redhat.com/browse/RHEL-3922
Fixes: c066e808e11a5c181b625537b6c78e0de27a4801
Signed-off-by: Kevin Wolf <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit fed824501501518b1ad3dc08a39f8f855508190d)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: de18cbdaf21ae64c6b776e16bcc62f63b46a9661
https://github.com/qemu/qemu/commit/de18cbdaf21ae64c6b776e16bcc62f63b46a9661
Author: Akihiko Odaki <[email protected]>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M tests/tcg/Makefile.target
M tests/tcg/aarch64/Makefile.target
M tests/tcg/arm/Makefile.target
M tests/tcg/cris/Makefile.target
M tests/tcg/hexagon/Makefile.target
M tests/tcg/i386/Makefile.target
M tests/tcg/minilib/Makefile.target
M tests/tcg/mips/Makefile.target
M tests/tcg/mips/hello-mips.c
Log Message:
-----------
tests/tcg: Add -fno-stack-protector
A build of GCC 13.2 will have stack protector enabled by default if it
was configured with --enable-default-ssp option. For such a compiler,
it is necessary to explicitly disable stack protector when linking
without standard libraries.
Signed-off-by: Akihiko Odaki <[email protected]>
Message-Id: <[email protected]>
[AJB: fix comment string typo]
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Alex Bennée <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 580731dcc87eb27a2b0dc20ec331f1ce51864c97)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: bd8d9c618a1921355c94adb6ab07de8540f02f6e
https://github.com/qemu/qemu/commit/bd8d9c618a1921355c94adb6ab07de8540f02f6e
Author: Andrey Drobyshev <[email protected]>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: rebase: stop when reaching EOF of old backing file
In case when we're rebasing within one backing chain, and when target image
is larger than old backing file, bdrv_is_allocated_above() ends up setting
*pnum = 0. As a result, target offset isn't getting incremented, and we
get stuck in an infinite for loop. Let's detect this case and proceed
further down the loop body, as the offsets beyond the old backing size need
to be explicitly zeroed.
Signed-off-by: Andrey Drobyshev <[email protected]>
Reviewed-by: Denis V. Lunev <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Kevin Wolf <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit 8b097fd6b06ec295faefd4f30f96f8709abc9605)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b7867c82624547763a187d284ed7ab3a5516a57f
https://github.com/qemu/qemu/commit/b7867c82624547763a187d284ed7ab3a5516a57f
Author: Andrey Drobyshev <[email protected]>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M tests/qemu-iotests/024
M tests/qemu-iotests/024.out
Log Message:
-----------
qemu-iotests: 024: add rebasing test case for overlay_size > backing_size
Before previous commit, rebase was getting infitely stuck in case of
rebasing within the same backing chain and when overlay_size > backing_size.
Let's add this case to the rebasing test 024 to make sure it doesn't
break again.
Signed-off-by: Andrey Drobyshev <[email protected]>
Reviewed-by: Denis V. Lunev <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Kevin Wolf <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit 827171c3180533f4ad0bc338ea166f401bb5d348)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: baf28675da28b6713d99b2a4d8ab6ffde1a70cb1
https://github.com/qemu/qemu/commit/baf28675da28b6713d99b2a4d8ab6ffde1a70cb1
Author: Richard Henderson <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/arm/tcg/translate-sve.c
M tests/tcg/aarch64/Makefile.target
A tests/tcg/aarch64/sve-str.c
Log Message:
-----------
target/arm: Fix SVE STR increment
The previous change missed updating one of the increments and
one of the MemOps. Add a test case for all vector lengths.
Cc: [email protected]
Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld,
st}r")
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
[PMM: fixed checkpatch nit]
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit b11293c212c2927fcea1befc50dabec9baba4fcc)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: context fix in tests/tcg/aarch64/Makefile.target)
Tested-by: Alex Bennée <[email protected]>
Commit: 155856d890296f2ce3de0af67d1631ebfc9c060c
https://github.com/qemu/qemu/commit/155856d890296f2ce3de0af67d1631ebfc9c060c
Author: Peter Maydell <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/arm/internals.h
M target/arm/ptw.c
Log Message:
-----------
target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk
In a two-stage translation, the result of the BTI guarded bit should
be the guarded bit from the first stage of translation, as there is
no BTI guard information in stage two. Our code tried to do this,
but got it wrong, because we currently have two fields where the GP
bit information might live (ARMCacheAttrs::guarded and
CPUTLBEntryFull::extra::arm::guarded), and we were storing the GP bit
in the latter during the stage 1 walk but trying to copy the former
in combine_cacheattrs().
Remove the duplicated storage, and always use the field in
CPUTLBEntryFull; correctly propagate the stage 1 value to the output
in get_phys_addr_twostage().
Note for stable backports: in v8.0 and earlier the field is named
result->f.guarded, not result->f.extra.arm.guarded.
Cc: [email protected]
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1950
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
(cherry picked from commit 4c09abeae8704970ff03bf2196973f6bf08ab6f9)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: replace f.extra.arm.guarded -> f.guarded due to v8.1.0-1179-ga81fef4b64)
Commit: 6ede082daf431c4a7bc03f07f7f4436fe6097b42
https://github.com/qemu/qemu/commit/6ede082daf431c4a7bc03f07f7f4436fe6097b42
Author: Cédric Le Goater <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/parallels-ext.c
M block/vdi.c
M hw/core/qdev-properties-system.c
M hw/hyperv/vmbus.c
M include/qemu/uuid.h
M migration/savevm.c
M tests/unit/test-uuid.c
M util/uuid.c
Log Message:
-----------
util/uuid: Add UUID_STR_LEN definition
qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Add a
define for this size and use it where required.
Cc: Fam Zheng <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Juan Quintela <[email protected]>
Reviewed-by: "Denis V. Lunev" <[email protected]>
Signed-off-by: Cédric Le Goater <[email protected]>
(cherry picked from commit 721da0396cfa0a4859cefb57e32cc79d19d80f54)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 47c408b80e2eb6b970df27970778a626229a6afb
https://github.com/qemu/qemu/commit/47c408b80e2eb6b970df27970778a626229a6afb
Author: Cédric Le Goater <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Fix buffer overrun when writing the VF token
qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the
recently added UUID_STR_LEN which defines the correct size.
Fixes: CID 1522913
Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
Cc: Alex Williamson <[email protected]>
Reviewed-by: Alex Williamson <[email protected]>
Reviewed-by: Juan Quintela <[email protected]>
Reviewed-by: "Denis V. Lunev" <[email protected]>
Signed-off-by: Cédric Le Goater <[email protected]>
(cherry picked from commit f8d6f3b16c37bd516a026e92a31dade5d761d3a6)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 5f0083a95d86e97f98e68c92e6e3aa06ce7e6c7f
https://github.com/qemu/qemu/commit/5f0083a95d86e97f98e68c92e6e3aa06ce7e6c7f
Author: Cédric Le Goater <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M include/qemu/uuid.h
Log Message:
-----------
util/uuid: Remove UUID_FMT_LEN
Dangerous and now unused.
Cc: Fam Zheng <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: "Denis V. Lunev" <[email protected]>
Reviewed-by: Juan Quintela <[email protected]>
Signed-off-by: Cédric Le Goater <[email protected]>
(cherry picked from commit 4ef9d97b1a37b8cfd152cc3ac5f9576e406868b1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3321ec125f06b116c4baf9da7568b7c69fa34813
https://github.com/qemu/qemu/commit/3321ec125f06b116c4baf9da7568b7c69fa34813
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/i386/kvm/xen-emu.c
Log Message:
-----------
i386/xen: Don't advertise XENFEAT_supervisor_mode_kernel
This confuses lscpu into thinking it's running in PVH mode.
Cc: [email protected]
Fixes: bedcc139248 ("i386/xen: implement HYPERVISOR_xen_version")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit e969f992c6562222e245dd8557f5b132a11ec29c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 91d789a891a45ea92f5d385f64db2d8d644a077b
https://github.com/qemu/qemu/commit/91d789a891a45ea92f5d385f64db2d8d644a077b
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/i386/kvm/xen-emu.c
Log Message:
-----------
i386/xen: fix per-vCPU upcall vector for Xen emulation
The per-vCPU upcall vector support had three problems. Firstly it was
using the wrong hypercall argument and would always return -EFAULT when
the guest tried to set it up. Secondly it was using the wrong ioctl() to
pass the vector to the kernel and thus the *kernel* would always return
-EINVAL. Finally, even when delivering the event directly from userspace
with an MSI, it put the destination CPU ID into the wrong bits of the
MSI address.
Linux doesn't (yet) use this mode so it went without decent testing
for a while.
Cc: [email protected]
Fixes: 105b47fdf2d0 ("i386/xen: implement HVMOP_set_evtchn_upcall_vector")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit e7dbb62ff19ce55548c785d76e814e7b144e6217)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 5450203719f64907e0498eddabae15eadd4aee07
https://github.com/qemu/qemu/commit/5450203719f64907e0498eddabae15eadd4aee07
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_evtchn.c
M include/sysemu/kvm_xen.h
M target/i386/kvm/xen-emu.c
Log Message:
-----------
hw/xen: select kernel mode for per-vCPU event channel upcall vector
A guest which has configured the per-vCPU upcall vector may set the
HVM_PARAM_CALLBACK_IRQ param to fairly much anything other than zero.
For example, Linux v6.0+ after commit b1c3497e604 ("x86/xen: Add support
for HVMOP_set_evtchn_upcall_vector") will just do this after setting the
vector:
/* Trick toolstack to think we are enlightened. */
if (!cpu)
rc = xen_set_callback_via(1);
That's explicitly setting the delivery to GSI#1, but it's supposed to be
overridden by the per-vCPU vector setting. This mostly works in Qemu
*except* for the logic to enable the in-kernel handling of event channels,
which falsely determines that the kernel cannot accelerate GSI delivery
in this case.
Add a kvm_xen_has_vcpu_callback_vector() to report whether vCPU#0 has
the vector set, and use that in xen_evtchn_set_callback_param() to
enable the kernel acceleration features even when the param *appears*
to be set to target a GSI.
Preserve the Xen behaviour that when HVM_PARAM_CALLBACK_IRQ is set to
*zero* the event channel delivery is disabled completely. (Which is
what that bizarre guest behaviour is working round in the first place.)
Cc: [email protected]
Fixes: 91cce756179 ("hw/xen: Add xen_evtchn device for event channel emulation")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit 18e83f28bf39ffd2784aeb2e4e229096a86d349b)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 0f2dd05b9f9ae554312832e7c3b1eb9b88738fca
https://github.com/qemu/qemu/commit/0f2dd05b9f9ae554312832e7c3b1eb9b88738fca
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_gnttab.c
Log Message:
-----------
hw/xen: don't clear map_track[] in xen_gnttab_reset()
The refcounts actually correspond to 'active_ref' structures stored in a
GHashTable per "user" on the backend side (mostly, per XenDevice).
If we zero map_track[] on reset, then when the backend drivers get torn
down and release their mapping we hit the assert(s->map_track[ref] != 0)
in gnt_unref().
So leave them in place. Each backend driver will disconnect and reconnect
as the guest comes back up again and reconnects, and it all works out OK
in the end as the old refs get dropped.
Cc: [email protected]
Fixes: de26b2619789 ("hw/xen: Implement soft reset for emulated gnttab")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit 3de75ed352411899dbc9222e82fe164890c77e78)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b644416ec6d171a5befda4faf7c7ac90cf413a0c
https://github.com/qemu/qemu/commit/b644416ec6d171a5befda4faf7c7ac90cf413a0c
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_xenstore.c
Log Message:
-----------
hw/xen: fix XenStore watch delivery to guest
When fire_watch_cb() found the response buffer empty, it would call
deliver_watch() to generate the XS_WATCH_EVENT message in the response
buffer and send an event channel notification to the guest… without
actually *copying* the response buffer into the ring. So there was
nothing for the guest to see. The pending response didn't actually get
processed into the ring until the guest next triggered some activity
from its side.
Add the missing call to put_rsp().
It might have been slightly nicer to call xen_xenstore_event() here,
which would *almost* have worked. Except for the fact that it calls
xen_be_evtchn_pending() to check that it really does have an event
pending (and clear the eventfd for next time). And under Xen it's
defined that setting that fd to O_NONBLOCK isn't guaranteed to work,
so the emu implementation follows suit.
This fixes Xen device hot-unplug.
Cc: [email protected]
Fixes: 0254c4d19df ("hw/xen: Add xenstore wire implementation and
implementation stubs")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit 4a5780f52095f1daf23618dc6198a2a1665ea505)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 30a4cc2723c67f4c99633e9695835ddb6fcdbfe0
https://github.com/qemu/qemu/commit/30a4cc2723c67f4c99633e9695835ddb6fcdbfe0
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_evtchn.c
Log Message:
-----------
hw/xen: take iothread mutex in xen_evtchn_reset_op()
The xen_evtchn_soft_reset() function requires the iothread mutex, but is
also called for the EVTCHNOP_reset hypercall. Ensure the mutex is taken
in that case.
Cc: [email protected]
Fixes: a15b10978fe6 ("hw/xen: Implement EVTCHNOP_reset")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit debc995e883b05c2fd02fb797a61ab1328e5bae2)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 287303495cbf7b554d193da7d76b226f2de86b59
https://github.com/qemu/qemu/commit/287303495cbf7b554d193da7d76b226f2de86b59
Author: David Woodhouse <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/block/xen-block.c
Log Message:
-----------
hw/xen: use correct default protocol for xen-block on x86
Even on x86_64 the default protocol is the x86-32 one if the guest doesn't
specifically ask for x86-64.
Cc: [email protected]
Fixes: b6af8926fb85 ("xen: add implementations of xen-block connect and
disconnect functions...")
Signed-off-by: David Woodhouse <[email protected]>
Reviewed-by: Paul Durrant <[email protected]>
(cherry picked from commit a1c1082908dde4867b1ac55f546bea0c17d52318)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: a89c8b96a8f6116e6b4325cca74f563868f25c58
https://github.com/qemu/qemu/commit/a89c8b96a8f6116e6b4325cca74f563868f25c58
Author: Marc-André Lureau <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: block migration of VMs with blob=true
"blob" resources don't have an associated pixman image:
#0 pixman_image_get_stride (image=0x0) at ../pixman/pixman-image.c:921
#1 0x0000562327c25236 in virtio_gpu_save (f=0x56232bb13b00,
opaque=0x56232b555a60, size=0, field=0x5623289ab6c8 <__compound_literal.3+104>,
vmdesc=0x56232ab59fe0) at ../hw/display/virtio-gpu.c:1225
Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=2236353
Signed-off-by: Marc-André Lureau <[email protected]>
Acked-by: Peter Xu <[email protected]>
(cherry picked from commit 9c549ab6895a43ad0cb33e684e11cdb0b5400897)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1f560fa2761e023ae19f5c178e2ecfc0df74e54d
https://github.com/qemu/qemu/commit/1f560fa2761e023ae19f5c178e2ecfc0df74e54d
Author: Vladimir Sementsov-Ogievskiy <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/nvme.c
Log Message:
-----------
block/nvme: nvme_process_completion() fix bound for cid
NVMeQueuePair::reqs has length NVME_NUM_REQS, which less than
NVME_QUEUE_SIZE by 1.
Fixes: 1086e95da17050 ("block/nvme: switch to a NVMeRequest freelist")
Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Maksim Davydov <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit cc8fb0c3ae3c950eb40e969607e17ff16a7519ac)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: fe8eb3187c35189a3bde8775696468c84a89e96f
https://github.com/qemu/qemu/commit/fe8eb3187c35189a3bde8775696468c84a89e96f
Author: Peter Maydell <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/arm/tcg/a64.decode
M target/arm/tcg/translate.h
Log Message:
-----------
target/arm: Fix A64 LDRA immediate decode
In commit be23a049 in the conversion to decodetree we broke the
decoding of the immediate value in the LDRA instruction. This should
be a 10 bit signed value that is scaled by 8, but in the conversion
we incorrectly ended up scaling it only by 2. Fix the scaling
factor.
Cc: [email protected]
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1970
Fixes: be23a049 ("target/arm: Convert load (pointer auth) insns to decodetree")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
(cherry picked from commit 5722fc471296d5f042df4b005a851cc8008df0c9)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: cc9f53b3ec140b07328e38167dc44f37f63b7781
https://github.com/qemu/qemu/commit/cc9f53b3ec140b07328e38167dc44f37f63b7781
Author: Jean-Louis Dupond <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/qcow2-cluster.c
M qapi/block-core.json
M qemu-options.hx
Log Message:
-----------
qcow2: keep reference on zeroize with discard-no-unref enabled
When the discard-no-unref flag is enabled, we keep the reference for
normal discard requests.
But when a discard is executed on a snapshot/qcow2 image with backing,
the discards are saved as zero clusters in the snapshot image.
When committing the snapshot to the backing file, not
discard_in_l2_slice is called but zero_in_l2_slice. Which did not had
any logic to keep the reference when discard-no-unref is enabled.
Therefor we add logic in the zero_in_l2_slice call to keep the reference
on commit.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1621
Signed-off-by: Jean-Louis Dupond <[email protected]>
Message-Id: <[email protected]>
[hreitz: Made the documentation change more verbose, as discussed
on-list]
Signed-off-by: Hanna Czenczek <[email protected]>
(cherry picked from commit b2b109041ecd1095384f5be5bb9badd13c1cf286)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: a753815aa8b2ce9d72a7494c940485b5d885ba98
https://github.com/qemu/qemu/commit/a753815aa8b2ce9d72a7494c940485b5d885ba98
Author: Sam Li <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/file-posix.c
Log Message:
-----------
block/file-posix: fix update_zones_wp() caller
When the zoned request fail, it needs to update only the wp of
the target zones for not disrupting the in-flight writes on
these other zones. The wp is updated successfully after the
request completes.
Fixed the callers with right offset and nr_zones.
Signed-off-by: Sam Li <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
[hreitz: Rebased and fixed comment spelling]
Signed-off-by: Hanna Czenczek <[email protected]>
(cherry picked from commit 10b9e0802a074c991e1ce485631d75641d0b0f9e)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: bcc9879c1c83c930c656f57e5444e1adc18c206f
https://github.com/qemu/qemu/commit/bcc9879c1c83c930c656f57e5444e1adc18c206f
Author: Naohiro Aota <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/file-posix.c
Log Message:
-----------
file-posix: fix over-writing of returning zone_append offset
raw_co_zone_append() sets "s->offset" where "BDRVRawState *s". This pointer
is used later at raw_co_prw() to save the block address where the data is
written.
When multiple IOs are on-going at the same time, a later IO's
raw_co_zone_append() call over-writes a former IO's offset address before
raw_co_prw() completes. As a result, the former zone append IO returns the
initial value (= the start address of the writing zone), instead of the
proper address.
Fix the issue by passing the offset pointer to raw_co_prw() instead of
passing it through s->offset. Also, remove "offset" from BDRVRawState as
there is no usage anymore.
Fixes: 4751d09adcc3 ("block: introduce zone append write for zoned devices")
Signed-off-by: Naohiro Aota <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Sam Li <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Signed-off-by: Hanna Czenczek <[email protected]>
(cherry picked from commit ad4feaca61d76fecad784e6d5e7bae40d0411c46)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e301a77abb4a51aac4ea58c148f7ec1f47fc1c35
https://github.com/qemu/qemu/commit/e301a77abb4a51aac4ea58c148f7ec1f47fc1c35
Author: BALATON Zoltan <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/display/ati.c
M hw/display/ati_2d.c
M hw/display/ati_int.h
Log Message:
-----------
ati-vga: Implement fallback for pixman routines
Pixman routines can fail if no implementation is available and it will
become optional soon so add fallbacks when pixman does not work.
Signed-off-by: BALATON Zoltan <[email protected]>
Acked-by: Marc-André Lureau <[email protected]>
Message-ID:
<ed0fba3f74e48143f02228b83bf8796ca49f3e7d.1698871239.git.bala...@eik.bme.hu>
(cherry picked from commit 08730ee0cc01c3fceb907a93436d15170a7556c4)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 30d90aebcd505cd0f0bcaa20e4ff488af778d11f
https://github.com/qemu/qemu/commit/30d90aebcd505cd0f0bcaa20e4ff488af778d11f
Author: Marc-André Lureau <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M ui/gtk.c
Log Message:
-----------
ui/gtk: force realization of drawing area
Fixes the GL context creation from a widget that isn't yet realized (in
a hidden tab for example).
Resolves:
https://gitlab.com/qemu-project/qemu/-/issues/1727
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Antonio Caggiano <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 565f85a9c293818a91a3d3414311303de7e00cec)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 801b7e43905b180d1012ce394e7af9eb2eb7b826
https://github.com/qemu/qemu/commit/801b7e43905b180d1012ce394e7af9eb2eb7b826
Author: Dongwon Kim <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: apply scale factor when calculating window's dimension
Scale factor needs to be applied when calculating width/height of the
GTK windows.
Cc: Marc-André Lureau <[email protected]>
Signed-off-by: Dongwon Kim <[email protected]>
Reviewed-by: Marc-André Lureau <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 47fd6ab1e334962890bc3e8d2e32857f6594e1c1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 0c8eec2b52c171141014da1c7dac284818fb953c
https://github.com/qemu/qemu/commit/0c8eec2b52c171141014da1c7dac284818fb953c
Author: Antonio Caggiano <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: Check EGLSurface before doing scanout
The first time gd_egl_scanout_texture() is called, there's a possibility
that the GTK drawing area might not be realized yet, in which case its
associated GdkWindow is NULL. This means gd_egl_init() was also skipped
and the EGLContext and EGLSurface stored in the VirtualGfxConsole are
not valid yet.
Continuing with the scanout in this conditions would result in hitting
an assert in libepoxy: "Couldn't find current GLX or EGL context".
A possible workaround is to just ignore the scanout request, giving the
the GTK drawing area some time to finish its realization. At that point,
the gd_egl_init() will succeed and the EGLContext and EGLSurface stored
in the VirtualGfxConsole will be valid.
Signed-off-by: Antonio Caggiano <[email protected]>
Reviewed-by: Marc-André Lureau <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 6f189a08c1b0085808af1bfbf4567f0da193ecc1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: cb5785ab5c837855b609bd8665cec95d74247bf9
https://github.com/qemu/qemu/commit/cb5785ab5c837855b609bd8665cec95d74247bf9
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/mips/tcg/msa.decode
Log Message:
-----------
target/mips: Fix MSA BZ/BNZ opcodes displacement
The PC offset is *signed*.
Cc: [email protected]
Reported-by: Sergey Evlashev <[email protected]>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1624
Fixes: c7a9ef7517 ("target/mips: Introduce decode tree bindings for MSA ASE")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 04591b3ddd9a96b9298a1dd437a6464ab55e62ee)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1ac17ad42fe80fd4e8875c0780eefa2cbf7346d4
https://github.com/qemu/qemu/commit/1ac17ad42fe80fd4e8875c0780eefa2cbf7346d4
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/mips/tcg/tx79.decode
Log Message:
-----------
target/mips: Fix TX79 LQ/SQ opcodes
The base register address offset is *signed*.
Cc: [email protected]
Fixes: aaaa82a9f9 ("target/mips/tx79: Introduce LQ opcode (Load Quadword)")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 18f86aecd6a1bea0f78af14587a684ad966d8d3a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: c9a13ed94c206d75d7522d90c7608f6f0fd9339d
https://github.com/qemu/qemu/commit/c9a13ed94c206d75d7522d90c7608f6f0fd9339d
Author: Fiona Ebner <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/ide/core.c
Log Message:
-----------
hw/ide: reset: cancel async DMA operation before resetting state
If there is a pending DMA operation during ide_bus_reset(), the fact
that the IDEState is already reset before the operation is canceled
can be problematic. In particular, ide_dma_cb() might be called and
then use the reset IDEState which contains the signature after the
reset. When used to construct the IO operation this leads to
ide_get_sector() returning 0 and nsector being 1. This is particularly
bad, because a write command will thus destroy the first sector which
often contains a partition table or similar.
Traces showing the unsolicited write happening with IDEState
0x5595af6949d0 being used after reset:
> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c:
> 0x00000300
> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
> ide_reset IDEstate 0x5595af6949d0
> ide_reset IDEstate 0x5595af694da8
> ide_bus_reset_aio aio_cancel
> dma_aio_cancel dbs=0x7f64600089a0
> dma_blk_cb dbs=0x7f64600089a0 ret=0
> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
> ahci_populate_sglist ahci(0x5595af6923f0)[0]
> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512
> prepared=512
> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
> dma_blk_cb dbs=0x7f6420802010 ret=0
> (gdb) p *qiov
> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base =
> 0x0,
> iov_len = 512}}, {__pad =
> "\001\000\000\000\000\000\000\000\000\000\000",
> size = 512}}}
> (gdb) bt
> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070,
> flags=0,
> cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
> at ../block/block-backend.c:1682
> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized
> out>)
> at ../softmmu/dma-helpers.c:179
> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
> io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
> cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
> cb=cb@entry=0x5595acd40b30 <ide_dma_cb>,
> opaque=opaque@entry=0x5595af6949d0)
> at ../softmmu/dma-helpers.c:280
> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized
> out>)
> at ../hw/ide/core.c:953
> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
> at ../softmmu/dma-helpers.c:107
> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
> at ../block/block-backend.c:1527
> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at
> ../block/block-backend.c:1594
> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
> i1=<optimized out>) at ../util/coroutine-ucontext.c:177
Signed-off-by: Fiona Ebner <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Tested-by: [email protected]
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 7d7512019fc40c577e2bdd61f114f31a9eb84a8e)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 9debdddffae29618c217846500af817cac06620a
https://github.com/qemu/qemu/commit/9debdddffae29618c217846500af817cac06620a
Author: Fiona Ebner <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M tests/qtest/ahci-test.c
Log Message:
-----------
tests/qtest: ahci-test: add test exposing reset issue with pending callback
Before commit "hw/ide: reset: cancel async DMA operation before
resetting state", this test would fail, because a reset with a
pending write operation would lead to an unsolicited write to the
first sector of the disk.
The test writes a pattern to the beginning of the disk and verifies
that it is still intact after a reset with a pending operation. It
also checks that the pending operation actually completes correctly.
Signed-off-by: Fiona Ebner <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit cc610857bbd3551f4b86ae2299336b5d9aa0db2b)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 133e2c686ef6a8956558a2891ed54e0de52ec946
https://github.com/qemu/qemu/commit/133e2c686ef6a8956558a2891ed54e0de52ec946
Author: Ilya Leoshkevich <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix CLC corrupting cc_src
CLC updates cc_src before accessing the second operand; if the latter
is inaccessible, the former ends up containing a bogus value.
Fix by reading cc_src into a temporary first.
Fixes: 4f7403d52b1c ("target-s390: Convert CLC")
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1865
Cc: [email protected]
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: David Hildenbrand <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
(cherry picked from commit aba2ec341c6d20c8dc3e6ecf87fa7c1a71e30c1e)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 98de9d81a7f028c7823d575da37e2223eb59adb5
https://github.com/qemu/qemu/commit/98de9d81a7f028c7823d575da37e2223eb59adb5
Author: Ilya Leoshkevich <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/clc.c
Log Message:
-----------
tests/tcg/s390x: Test CLC with inaccessible second operand
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
(cherry picked from commit 43fecbe7a53fe8e5a6aff0d6471b1cc624e26b51)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 35902965b4f888832ad9a70c6b4ed85169c2a121
https://github.com/qemu/qemu/commit/35902965b4f888832ad9a70c6b4ed85169c2a121
Author: Ilya Leoshkevich <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix LAALG not updating cc_src
LAALG uses op_laa() and wout_addu64(). The latter expects cc_src to be
set, but the former does not do it. This can lead to assertion failures
if something sets cc_src to neither 0 nor 1 before.
Fix by introducing op_laa_addu64(), which sets cc_src, and using it for
LAALG.
Fixes: 4dba4d6fef61 ("target/s390x: Use atomic operations for LOAD AND OP")
Cc: [email protected]
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: David Hildenbrand <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
(cherry picked from commit bea402482a8c94389638cbd3d7fe3963fb317f4c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: f065475fe99d8bb90dd2c729157e1f15a07d6043
https://github.com/qemu/qemu/commit/f065475fe99d8bb90dd2c729157e1f15a07d6043
Author: Ilya Leoshkevich <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/laalg.c
Log Message:
-----------
tests/tcg/s390x: Test LAALG with negative cc_src
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
(cherry picked from commit ebc14107f1f3ac1db13132cd28cf94adcd38e5d7)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1c42c001089148befdb5481697efef9edf455541
https://github.com/qemu/qemu/commit/1c42c001089148befdb5481697efef9edf455541
Author: Niklas Cassel <[email protected]>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: trigger either error IRQ or regular IRQ, not both
According to AHCI 1.3.1, 5.3.8.1 RegFIS:Entry, if ERR_STAT is set,
we jump to state ERR:FatalTaskfile, which will raise a TFES IRQ
unconditionally, regardless if the I bit is set in the FIS or not.
Thus, we should never raise a normal IRQ after having sent an error
IRQ.
NOTE: for QEMU platforms that use SeaBIOS, this patch depends on QEMU
commit 784155cdcb02 ("seabios: update submodule to git snapshot"), and
QEMU commit 14f5a7bae4cb ("seabios: update binaries to git snapshot"),
which update SeaBIOS to a version that contains SeaBIOS commit 1281e340
("ahci: handle TFES irq correctly").
Signed-off-by: Niklas Cassel <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Kevin Wolf <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit b523a3d54f3d031a54cd0931cc5d855608e63140)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/b938418f0d75...1c42c0010891
