Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: b27078c2a97bb214534c70643e516079709d81b9
https://github.com/qemu/qemu/commit/b27078c2a97bb214534c70643e516079709d81b9
Author: Alexander Bulekov <[email protected]>
Date: 2024-10-02 (Wed, 02 Oct 2024)
Changed paths:
M scripts/oss-fuzz/build.sh
Log Message:
-----------
fuzz: disable leak-detection for oss-fuzz builds
When we are building for OSS-Fuzz, we want to ensure that the fuzzer
targets are actually created, regardless of leaks. Leaks will be
detected by the subsequent tests of the individual fuzz-targets.
Signed-off-by: Alexander Bulekov <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
(cherry picked from commit 3e964275d65b92075249201c49b39dfb06d08ad4)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3d08ffe0baff393ad04438684479707c721b5361
https://github.com/qemu/qemu/commit/3d08ffe0baff393ad04438684479707c721b5361
Author: Paolo Bonzini <[email protected]>
Date: 2024-10-03 (Thu, 03 Oct 2024)
Changed paths:
M scripts/tracetool/__init__.py
M scripts/tracetool/format/log_stap.py
Log Message:
-----------
tracetool: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit e6d8e5e6e366ab4c9ed7d8ed1572f98c6ad6a38e)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 49d42ed3bd39dd495b5e4b2e976b4723d2d9e62f
https://github.com/qemu/qemu/commit/49d42ed3bd39dd495b5e4b2e976b4723d2d9e62f
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M linux-user/flatload.c
Log Message:
-----------
linux-user/flatload: Take mmap_lock in load_flt_binary()
load_flt_binary() calls load_flat_file() -> page_set_flags().
page_set_flags() must be called with the mmap_lock held,
otherwise it aborts:
$ qemu-arm -L stm32/lib/ stm32/bin/busybox
qemu-arm: ../accel/tcg/user-exec.c:505: page_set_flags: Assertion
`have_mmap_lock()' failed.
Aborted (core dumped)
Fix by taking the lock in load_flt_binary().
Fixes: fbd3c4cff6 ("linux-user/arm: Mark the commpage executable")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2525
Suggested-by: Richard Henderson <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit a9ee641bd46f5462eeed183ac3c3760bddfc2600)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 709e6ab5ab2263725b8d3a315aae9bf08c1c39ec
https://github.com/qemu/qemu/commit/709e6ab5ab2263725b8d3a315aae9bf08c1c39ec
Author: Richard Henderson <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Fix parse_elf_properties GNU0_MAGIC check
Comparing a string of 4 bytes only works in little-endian.
Adjust bulk bswap to only apply to the note payload.
Perform swapping of the note header manually; the magic
is defined so that it does not need a runtime swap.
Fixes: 83f990eb5adb ("linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2596
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Michael Tokarev <[email protected]>
(cherry picked from commit 2884596f5f385b5712c356310dd4125a089888a8)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: f1112c67761b89822c8629f54801dab8b5073b5a
https://github.com/qemu/qemu/commit/f1112c67761b89822c8629f54801dab8b5073b5a
Author: Stefano Garzarella <[email protected]>
Date: 2024-10-11 (Fri, 11 Oct 2024)
Changed paths:
M hw/scsi/scsi-bus.c
M include/hw/scsi/scsi.h
Log Message:
-----------
scsi: fetch unit attention when creating the request
Commit 1880ad4f4e ("virtio-scsi: Batched prepare for cmd reqs") split
calls to scsi_req_new() and scsi_req_enqueue() in the virtio-scsi device.
No ill effects were observed until commit 8cc5583abe ("virtio-scsi: Send
"REPORTED LUNS CHANGED" sense data upon disk hotplug events") added a
unit attention that was easy to trigger with device hotplug and
hot-unplug.
Because the two calls were separated, all requests in the batch were
prepared calling scsi_req_new() to report a sense. The first one
submitted would report the right sense and reset it to NO_SENSE, while
the others reported CHECK_CONDITION with no sense data. This caused
SCSI errors in Linux.
To solve this issue, let's fetch the unit attention as early as possible
when we prepare the request, so that only the first request in the batch
will use the unit attention SCSIReqOps and the others will not report
CHECK CONDITION.
Fixes: 1880ad4f4e ("virtio-scsi: Batched prepare for cmd reqs")
Fixes: 8cc5583abe ("virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon
disk hotplug events")
Reported-by: Thomas Huth <[email protected]>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2176702
Co-developed-by: Paolo Bonzini <[email protected]>
Signed-off-by: Stefano Garzarella <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 9472083e642bfb9bc836b38662baddd9bc964ebc)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: cb5239e60775cddf2fd32032566ccf2e58ba3b1a
https://github.com/qemu/qemu/commit/cb5239e60775cddf2fd32032566ccf2e58ba3b1a
Author: Alexandra Diupina <[email protected]>
Date: 2024-10-15 (Tue, 15 Oct 2024)
Changed paths:
M hw/intc/arm_gicv3_cpuif.c
Log Message:
-----------
hw/intc/arm_gicv3_cpuif: Add cast to match the documentation
The result of 1 << regbit with regbit==31 has a 1 in the 32nd bit.
When cast to uint64_t (for further bitwise OR), the 32 most
significant bits will be filled with 1s. However, the documentation
states that the upper 32 bits of ICH_AP[0/1]R<n>_EL2 are reserved.
Add an explicit cast to match the documentation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Cc: [email protected]
Fixes: c3f21b065a ("hw/intc/arm_gicv3_cpuif: Support vLPIs")
Signed-off-by: Alexandra Diupina <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 3db74afec3ca87f81fbdf5918ed1e21d837fbfab)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: efb48ffdfa7fac56083914c60122fb1f6b01363e
https://github.com/qemu/qemu/commit/efb48ffdfa7fac56083914c60122fb1f6b01363e
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M hw/audio/hda-codec.c
Log Message:
-----------
hw/audio/hda: free timer on exit
Fixes: 280c1e1cd ("audio/hda: create millisecond timers that handle IO")
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit f27206ceedbe2efae37c8d143c5eb2db05251508)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1950d5128d6c47b24819b03f76290de254ddbc58
https://github.com/qemu/qemu/commit/1950d5128d6c47b24819b03f76290de254ddbc58
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M hw/audio/hda-codec.c
Log Message:
-----------
hw/audio/hda: fix memory leak on audio setup
When SET_STREAM_FORMAT is called, we should clear the existing setup.
Factor out common function to close a stream.
Direct leak of 144 byte(s) in 3 object(s) allocated from:
#0 0x7f91d38f7350 in calloc (/lib64/libasan.so.8+0xf7350) (BuildId:
a4ad7eb954b390cf00f07fa10952988a41d9fc7a)
#1 0x7f91d2ab7871 in g_malloc0 (/lib64/libglib-2.0.so.0+0x64871) (BuildId:
36b60dbd02e796145a982d0151ce37202ec05649)
#2 0x562fa2f447ee in timer_new_full
/home/elmarco/src/qemu/include/qemu/timer.h:538
#3 0x562fa2f4486f in timer_new
/home/elmarco/src/qemu/include/qemu/timer.h:559
#4 0x562fa2f448a9 in timer_new_ns
/home/elmarco/src/qemu/include/qemu/timer.h:577
#5 0x562fa2f47955 in hda_audio_setup ../hw/audio/hda-codec.c:490
#6 0x562fa2f4897e in hda_audio_command ../hw/audio/hda-codec.c:605
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 6d6e23361fc732e4fe36a8bc5873b85f264ed53a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 0aaa017d138e07b9c271ec361e55cbe9639f0e85
https://github.com/qemu/qemu/commit/0aaa017d138e07b9c271ec361e55cbe9639f0e85
Author: Peter Xu <[email protected]>
Date: 2024-10-18 (Fri, 18 Oct 2024)
Changed paths:
M accel/kvm/kvm-all.c
M accel/kvm/trace-events
M include/sysemu/kvm_int.h
Log Message:
-----------
KVM: Dynamic sized kvm memslots array
Zhiyi reported an infinite loop issue in VFIO use case. The cause of that
was a separate discussion, however during that I found a regression of
dirty sync slowness when profiling.
Each KVMMemoryListerner maintains an array of kvm memslots. Currently it's
statically allocated to be the max supported by the kernel. However after
Linux commit 4fc096a99e ("KVM: Raise the maximum number of user memslots"),
the max supported memslots reported now grows to some number large enough
so that it may not be wise to always statically allocate with the max
reported.
What's worse, QEMU kvm code still walks all the allocated memslots entries
to do any form of lookups. It can drastically slow down all memslot
operations because each of such loop can run over 32K times on the new
kernels.
Fix this issue by making the memslots to be allocated dynamically.
Here the initial size was set to 16 because it should cover the basic VM
usages, so that the hope is the majority VM use case may not even need to
grow at all (e.g. if one starts a VM with ./qemu-system-x86_64 by default
it'll consume 9 memslots), however not too large to waste memory.
There can also be even better way to address this, but so far this is the
simplest and should be already better even than before we grow the max
supported memslots. For example, in the case of above issue when VFIO was
attached on a 32GB system, there are only ~10 memslots used. So it could
be good enough as of now.
In the above VFIO context, measurement shows that the precopy dirty sync
shrinked from ~86ms to ~3ms after this patch applied. It should also apply
to any KVM enabled VM even without VFIO.
NOTE: we don't have a FIXES tag for this patch because there's no real
commit that regressed this in QEMU. Such behavior existed for a long time,
but only start to be a problem when the kernel reports very large
nr_slots_max value. However that's pretty common now (the kernel change
was merged in 2021) so we attached cc:stable because we'll want this change
to be backported to stable branches.
Cc: qemu-stable <[email protected]>
Reported-by: Zhiyi Guo <[email protected]>
Tested-by: Zhiyi Guo <[email protected]>
Signed-off-by: Peter Xu <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 5504a8126115d173687b37e657312a8ffe29fc0c)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: context fixup in accel/kvm/kvm-all.c and accel/kvm/trace-events;
also remove now-unused local variable `KVMState *s` in
kvm-all.c:kvm_log_sync_global() )
Commit: 5694bfda88ca66d58521c66443f8c35913e2f378
https://github.com/qemu/qemu/commit/5694bfda88ca66d58521c66443f8c35913e2f378
Author: Tom Dohrmann <[email protected]>
Date: 2024-10-18 (Fri, 18 Oct 2024)
Changed paths:
M accel/kvm/kvm-all.c
Log Message:
-----------
accel/kvm: check for KVM_CAP_READONLY_MEM on VM
KVM_CAP_READONLY_MEM used to be a global capability, but with the
introduction of AMD SEV-SNP confidential VMs, this extension is not
always available on all VM types [1,2].
Query the extension on the VM level instead of on the KVM level.
[1]
https://patchwork.kernel.org/project/kvm/patch/[email protected]/
[2]
https://patchwork.kernel.org/project/kvm/patch/[email protected]/
Cc: Paolo Bonzini <[email protected]>
Signed-off-by: Tom Dohrmann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 64e0e63ea16aa0122dc0c41a0679da0ae4616208)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 2725914aa7fde59f714915e77f6ca9ed9758c67a
https://github.com/qemu/qemu/commit/2725914aa7fde59f714915e77f6ca9ed9758c67a
Author: Stefan Berger <[email protected]>
Date: 2024-10-21 (Mon, 21 Oct 2024)
Changed paths:
M tests/qtest/tpm-tests.c
Log Message:
-----------
tests: Wait for migration completion on destination QEMU to avoid failures
Rather than waiting for the completion of migration on the source side,
wait for it on the destination QEMU side to avoid accessing the TPM TIS
memory mapped registers before QEMU could restore their state. This
error condition could be triggered on busy systems where the destination
QEMU did not have enough time to restore the TIS state while the test case
was already reading its registers. The test case was for example reading
the STS register and received an unexpected value (0xffffffff), which
lead to a segmentation fault later on due to trying to read 0xffff bytes
from the TIS into a buffer.
Cc: <[email protected]>
Reported-by: Fabiano Rosas <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Stefan Berger <[email protected]>
(cherry picked from commit d9280ea3174700170d39c4cdd3f587f260757711)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 06e858ac913ff507661e7265f3643f573d079325
https://github.com/qemu/qemu/commit/06e858ac913ff507661e7265f3643f573d079325
Author: Kevin Wolf <[email protected]>
Date: 2024-10-24 (Thu, 24 Oct 2024)
Changed paths:
M block/raw-format.c
Log Message:
-----------
raw-format: Fix error message for invalid offset/size
s->offset and s->size are only set at the end of the function and still
contain the old values when formatting the error message. Print the
parameters with the new values that we actually checked instead.
Fixes: 500e2434207d ('raw-format: Split raw_read_options()')
Signed-off-by: Kevin Wolf <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit 04bbc3ee52b32ac465547bb40c1f090a1b8f315a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 40d0edf280f88fbc771fe1cd1cd6476dbca64450
https://github.com/qemu/qemu/commit/40d0edf280f88fbc771fe1cd1cd6476dbca64450
Author: Richard Henderson <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M tcg/tcg.c
Log Message:
-----------
tcg: Reset data_gen_ptr correctly
This pointer needs to be reset after overflow just like
code_buf and code_ptr.
Cc: [email protected]
Fixes: 57a269469db ("tcg: Infrastructure for managing constant pools")
Acked-by: Alistair Francis <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Reviewed-by: LIU Zhiwei <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit a7cfd751fb269de4a93bf1658cb13911c7ac77cc)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: d9e8ed44b154f1594046c49cce572a110cb93e6d
https://github.com/qemu/qemu/commit/d9e8ed44b154f1594046c49cce572a110cb93e6d
Author: Peter Maydell <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: Avoid unreachable variable declaration in mmu_translate()
Coverity complains (CID 1507880) that the declaration "int error_code;"
in mmu_translate() is unreachable code. Since this is only a declaration,
this isn't actually a bug, but:
* it's a bear-trap for future changes, because if it was changed to
include an initialization 'int error_code = foo;' then the
initialization wouldn't actually happen (being dead code)
* it's against our coding style, which wants declarations to be
at the start of blocks
* it means that anybody reading the code has to go and look up
exactly what the C rules are for skipping over variable declarations
using a goto
Move the declaration to the top of the function.
Signed-off-by: Peter Maydell <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 987b63f24afe027a09b1c549c05a032a477f7e96)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: cherry-pick this for stable-7.2 so that the next patch applies cleanly)
Commit: 21144d73cf7c06521338d3a2938804fbb7a67d63
https://github.com/qemu/qemu/commit/21144d73cf7c06521338d3a2938804fbb7a67d63
Author: Alexander Graf <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: Walk NPT in guest real mode
When translating virtual to physical address with a guest CPU that
supports nested paging (NPT), we need to perform every page table walk
access indirectly through the NPT, which we correctly do.
However, we treat real mode (no page table walk) special: In that case,
we currently just skip any walks and translate VA -> PA. With NPT
enabled, we also need to then perform NPT walk to do GVA -> GPA -> HPA
which we fail to do so far.
The net result of that is that TCG VMs with NPT enabled that execute
real mode code (like SeaBIOS) end up with GPA==HPA mappings which means
the guest accesses host code and data. This typically shows as failure
to boot guests.
This patch changes the page walk logic for NPT enabled guests so that we
always perform a GVA -> GPA translation and then skip any logic that
requires an actual PTE.
That way, all remaining logic to walk the NPT stays and we successfully
walk the NPT in real mode.
Cc: [email protected]
Fixes: fe441054bb3f0 ("target-i386: Add NPT support")
Signed-off-by: Alexander Graf <[email protected]>
Reported-by: Eduard Vlad <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit b56617bbcb473c25815d1bf475e326f84563b1de)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 51c136eb0bb29aa6653d1fe1507a4803670fd8d2
https://github.com/qemu/qemu/commit/51c136eb0bb29aa6653d1fe1507a4803670fd8d2
Author: Ilya Leoshkevich <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M linux-user/ppc/signal.c
Log Message:
-----------
linux-user/ppc: Fix sigmask endianness issue in sigreturn
do_setcontext() copies the target sigmask without endianness handling
and then uses target_to_host_sigset_internal(), which expects a
byte-swapped one. Use target_to_host_sigset() instead.
Fixes: bcd4933a23f1 ("linux-user: ppc signal handling")
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit 8704132805cf7a3259d1c5a073b3c2b92afa2616)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/4f617140a46d...51c136eb0bb2
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
