[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] d38d74: target/arm: Fix SME FMOPA (16-bit), B
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] d38d74: target/arm: Fix SME FMOPA (16-bit), BFMOPA |
|
Date: |
Fri, 22 Dec 2023 11:07:37 -0800 |
Branch: refs/heads/stable-7.2
Home: https://github.com/qemu/qemu
Commit: d38d749a9935092e7f71107f6944b3a30a420fda
https://github.com/qemu/qemu/commit/d38d749a9935092e7f71107f6944b3a30a420fda
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-11-22 (Wed, 22 Nov 2023)
Changed paths:
M target/arm/sme_helper.c
Log Message:
-----------
target/arm: Fix SME FMOPA (16-bit), BFMOPA
Perform the loop increment unconditionally, not nested
within the predication.
Cc: qemu-stable@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1985
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231117193135.1180657-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 3efd8495735c69b863476e9003e624877382a72d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b9fd6d95211fb5190c3aa862b2f26b6735916791
https://github.com/qemu/qemu/commit/b9fd6d95211fb5190c3aa862b2f26b6735916791
Author: Niklas Cassel <niklas.cassel@wdc.com>
Date: 2023-11-22 (Wed, 22 Nov 2023)
Changed paths:
M hw/ide/ahci.c
Log Message:
-----------
hw/ide/ahci: fix legacy software reset
Legacy software contains a standard mechanism for generating a reset to a
Serial ATA device - setting the SRST (software reset) bit in the Device
Control register.
Serial ATA has a more robust mechanism called COMRESET, also referred to
as port reset. A port reset is the preferred mechanism for error
recovery and should be used in place of software reset.
Commit e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
(mjt: 1e5ad6b06b1e in stable-7.2 series, v7.2.6)
improved the handling of PxCI, such that PxCI gets cleared after handling
a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
receiving anything - even a FIS that failed to parse, which should NOT
clear PxCI, so that you can see which command slot that caused an error).
However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
enough, we also need to clear PxCI when receiving a SRST in the Device
Control register.
A legacy software reset is performed by the host sending two H2D FISes,
the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
The first H2D FIS will not get a D2H reply, and requires the FIS to have
the C bit set to one, such that the HBA itself will clear the bit in PxCI.
The second H2D FIS will get a D2H reply once the diagnostic is completed.
The clearing of the bit in PxCI for this command should ideally be done
in ahci_init_d2h() (if it was a legacy software reset that caused the
reset (a COMRESET does not use a command slot)). However, since the reset
value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
that way we can avoid complex logic in ahci_init_d2h().
This fixes an issue for FreeBSD where the device would fail to reset.
The problem was not noticed in Linux, because Linux uses a COMRESET
instead of a legacy software reset by default.
Fixes: e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-ID: <20231108222657.117984-1-nks@flawful.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit eabb921250666501ae78714b60090200b639fcfe)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: mention 1e5ad6b06b1e for stable-7.2)
Commit: fdebed6dcd788e408deaa0e9bf1abe85af139623
https://github.com/qemu/qemu/commit/fdebed6dcd788e408deaa0e9bf1abe85af139623
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M hw/net/allwinner-sun8i-emac.c
M hw/net/allwinner_emac.c
M hw/net/cadence_gem.c
M hw/net/dp8393x.c
M hw/net/e1000.c
M hw/net/e1000e.c
M hw/net/eepro100.c
M hw/net/etraxfs_eth.c
M hw/net/fsl_etsec/etsec.c
M hw/net/ftgmac100.c
M hw/net/i82596.c
M hw/net/imx_fec.c
M hw/net/lan9118.c
M hw/net/mcf_fec.c
M hw/net/mipsnet.c
M hw/net/msf2-emac.c
M hw/net/mv88w8618_eth.c
M hw/net/ne2000-isa.c
M hw/net/ne2000-pci.c
M hw/net/npcm7xx_emc.c
M hw/net/opencores_eth.c
M hw/net/pcnet.c
M hw/net/rocker/rocker_fp.c
M hw/net/rtl8139.c
M hw/net/smc91c111.c
M hw/net/spapr_llan.c
M hw/net/stellaris_enet.c
M hw/net/sungem.c
M hw/net/sunhme.c
M hw/net/tulip.c
M hw/net/virtio-net.c
M hw/net/vmxnet3.c
M hw/net/xen_nic.c
M hw/net/xgmac.c
M hw/net/xilinx_axienet.c
M hw/net/xilinx_ethlite.c
M hw/usb/dev-network.c
M include/net/net.h
M net/net.c
Log Message:
-----------
net: Provide MemReentrancyGuard * to qemu_new_nic()
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 7d0fefdf81f5973334c344f6b8e1896c309dff66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup in hw/net/xen_nic.c due to lack of v8.1.0-2771-g25967ff69f
"hw/xen: update Xen PV NIC to XenDevice model"
and removed hw/net/igb.c bits)
Commit: 3c0463a650008aec7de29cf84540652730510921
https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M include/net/net.h
M net/net.c
Log Message:
-----------
net: Update MemReentrancyGuard for NIC
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
This implementation follows what bottom half does, but it does not add
a tracepoint for the case that the network device backend started
delivering a packet to a device which is already engaging in I/O. This
is because such reentrancy frequently happens for
qemu_flush_queued_packets() and is insignificant.
Fixes: CVE-2023-3019
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e79947a57fe0150b42eeb666557c5e894543dcce
https://github.com/qemu/qemu/commit/e79947a57fe0150b42eeb666557c5e894543dcce
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Fix loaddr computation for some elf files
The file offset of the load segment is not relevant to the
low address, only the beginning of the virtual address page.
Cc: qemu-stable@nongnu.org
Fixes: a93934fecd4 ("elf: take phdr offset into account when calculating the
program load address")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1952
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 82d70a84c8ee42ef969a9cfddc0f5b30b16165f5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: dff579171c529f0330325f00370f131a2eab3a1b
https://github.com/qemu/qemu/commit/dff579171c529f0330325f00370f131a2eab3a1b
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M docs/devel/testing.rst
M tests/avocado/cpu_queries.py
M tests/avocado/empty_cpu_model.py
M tests/avocado/pc_cpu_hotplug_props.py
M tests/avocado/x86_cpu_model_versions.py
Log Message:
-----------
tests/avocado: Replace assertEquals() for Python 3.12 compatibility
assertEquals() has been removed in Python 3.12 and should be replaced by
assertEqual(). See: https://docs.python.org/3.12/whatsnew/3.12.html#id3
Message-ID: <20231114134326.287242-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 861f724d03e1748cda1c5b9ec8457a368590cbd5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context in pc_cpu_hotplug_props.py & cpu_queries.py for before
v8.1.0-1582-g684750ab4f "python/qemu: rename command() to cmd()")
Commit: d9a0224b2a2e5c4310de51f4b70af9b04e561727
https://github.com/qemu/qemu/commit/d9a0224b2a2e5c4310de51f4b70af9b04e561727
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M docs/devel/testing.rst
M tests/avocado/version.py
Log Message:
-----------
tests/avocado: Replace assertRegexpMatches() for Python 3.12 compatibility
assertRegexpMatches() has been removed in Python 3.12 and should be replaced by
assertRegex(). See: https://docs.python.org/3.12/whatsnew/3.12.html#id3
Inspired-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20231114144832.71612-1-philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit f0a663b4ced2bf315936c774c2b6ff398fce8905)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context for before v8.1.0-1582-g684750ab4f
"python/qemu: rename command() to cmd()")
Commit: ac179ffe7e1c611b731a8705ae28fbfa04e89539
https://github.com/qemu/qemu/commit/ac179ffe7e1c611b731a8705ae28fbfa04e89539
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-12-05 (Tue, 05 Dec 2023)
Changed paths:
M target/arm/syndrome.h
Log Message:
-----------
target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes
The syndrome register value always has an IL field at bit 25, which
is 0 for a trap on a 16 bit instruction, and 1 for a trap on a 32
bit instruction (or for exceptions which aren't traps on a known
instruction, like PC alignment faults). This means that our
syn_*() functions should always either take an is_16bit argument to
determine whether to set the IL bit, or else unconditionally set it.
We missed setting the IL bit for the syndrome for three kinds of trap:
* an SVE access exception
* a pointer authentication check failure
* a BTI (branch target identification) check failure
All of these traps are AArch64 only, and so the instruction causing
the trap is always 64 bit. This means we can unconditionally set
the IL bit in the syn_*() function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120150121.3458408-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 11a3c4a286d5dc603582ea0a1fca62c2ec0a1aee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ac1749e4446b34a4f22e5661c2558f134cc95118
https://github.com/qemu/qemu/commit/ac1749e4446b34a4f22e5661c2558f134cc95118
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/virtio/virtio-iommu-pci.c
Log Message:
-----------
hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize()
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 8077b8e549 added:
DEFINE_PROP_ARRAY("reserved-regions", VirtIOIOMMUPCI,
vdev.nb_reserved_regions, vdev.reserved_regions,
qdev_prop_reserved_region, ReservedRegion),
but forgot to free the 'vdev.reserved_regions' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 8077b8e549 ("virtio-iommu-pci: Add array of Interval properties") #
v5.1.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20231121174051.63038-3-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit c9a4aa06dfce0fde1e279e1ea0c1945582ec0d16)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup hw/virtio/virtio-iommu-pci.c for before v8.1.0-2552-g41cc70cdf5,
"virtio-iommu: Rename reserved_regions into prop_resv_regions" -- so now
patch subject matches actual change again)
Commit: 10e169de739afb36d7870210d9311a8ef420c2f2
https://github.com/qemu/qemu/commit/10e169de739afb36d7870210d9311a8ef420c2f2
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/misc/mps2-scc.c
Log Message:
-----------
hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 4fb013afcc added:
DEFINE_PROP_ARRAY("oscclk", MPS2SCC, num_oscclk, oscclk_reset,
qdev_prop_uint32, uint32_t),
but forgot to free the 'oscclk_reset' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 4fb013afcc ("hw/misc/mps2-scc: Support configurable number of OSCCLK
values") # v6.0.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-4-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 896dd6ff7b9f2575f1a908a07f26a70b58d8b675)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b1c78530ae7c00cd39cdf115516a9ba737046cf2
https://github.com/qemu/qemu/commit/b1c78530ae7c00cd39cdf115516a9ba737046cf2
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/nvram/xlnx-efuse.c
Log Message:
-----------
hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] array on finalize()
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 68fbcc344e added:
DEFINE_PROP_ARRAY("read-only", XlnxEFuse, ro_bits_cnt, ro_bits,
qdev_prop_uint32, uint32_t),
but forgot to free the 'ro_bits' array. Do it in the instance_finalize
handler.
Cc: qemu-stable@nongnu.org
Fixes: 68fbcc344e ("hw/nvram: Introduce Xilinx eFuse QOM") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-5-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 49b3e28b7bdfe771150d05c4b5860aa7854a4232)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 06239e69e8f9d11743fc1332691dc5fa10f48a78
https://github.com/qemu/qemu/commit/06239e69e8f9d11743fc1332691dc5fa10f48a78
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/nvram/xlnx-versal-efuse-ctrl.c
Log Message:
-----------
hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 9e4aa1fafe added:
DEFINE_PROP_ARRAY("pg0-lock",
XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),
but forgot to free the 'extra_pg0_lock_spec' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 9e4aa1fafe ("hw/nvram: Xilinx Versal eFuse device") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-6-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4f10c66077e39969940d928077560665e155cac8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 313f191150f23784d0464e54672fd7dfd2e3fc56
https://github.com/qemu/qemu/commit/313f191150f23784d0464e54672fd7dfd2e3fc56
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/virtio/virtio-pci.c
M include/hw/virtio/virtio-pci.h
Log Message:
-----------
hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
The VirtioPCIDeviceTypeInfo structure, added in commit a4ee4c8baa
("virtio: Helper for registering virtio device types") got extended
in commit 8ea90ee690 ("virtio: add class_size") with the @class_size
field. Do similarly with the @instance_finalize field.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-2-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 837053a7f491b445088eac647abe7f462c50f59a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: adfe37a19a8896e1736850f027312fb04559ec18
https://github.com/qemu/qemu/commit/adfe37a19a8896e1736850f027312fb04559ec18
Author: Fam Zheng <fam@euphon.net>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M block/vmdk.c
M tests/qemu-iotests/059
M tests/qemu-iotests/059.out
Log Message:
-----------
vmdk: Don't corrupt desc file in vmdk_write_cid
If the text description file is larger than DESC_SIZE, we force the last
byte in the buffer to be 0 and write it out.
This results in a corruption.
Try to allocate a big buffer in this case.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1923
Signed-off-by: Fam Zheng <fam@euphon.net>
Message-ID: <20231124115654.3239137-1-fam@euphon.net>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9fb7b350ba9816ebca8a7614fec486fd4269ab2d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixups in block/vmdk.c due to missing-in-7.2 v8.0.0-2084-g28944f99c4
"vmdk: mark more functions as coroutine_fns and GRAPH_RDLOCK")
Commit: a386866a8dd3c0e79deffbfe269cb40e2e34c665
https://github.com/qemu/qemu/commit/a386866a8dd3c0e79deffbfe269cb40e2e34c665
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/mips/malta.c
Log Message:
-----------
hw/mips/malta: Fix the malta machine on big endian hosts
Booting a Linux kernel with the malta machine is currently broken
on big endian hosts. The cpu_to_gt32 macro wants to byteswap a value
for little endian targets only, but uses the wrong way to do this:
cpu_to_[lb]e32 works the other way round on big endian hosts! Fix
it by using the same ways on both, big and little endian hosts.
Fixes: 0c8427baf0 ("hw/mips/malta: Use bootloader helper to set BAR registers")
Cc: qemu-stable@nongnu.org
Message-Id: <20230330152613.232082-1-thuth@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit dc96009afd8cf2372fa1bbced0bcbcbb2c5d6f1b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context for before v7.2.0-677-g0e45355c5c)
Commit: a7a2570f22beefcd10e0c58bf65917243cb4ef61
https://github.com/qemu/qemu/commit/a7a2570f22beefcd10e0c58bf65917243cb4ef61
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/audio/hda-codec.c
Log Message:
-----------
hw/audio/hda-codec: fix multiplication overflow
After a relatively short time, there is an multiplication overflow
when multiplying (now - buft_start) with hda_bytes_per_second().
While the uptime now - buft_start only overflows after 2**63 ns
= 292.27 years, this happens hda_bytes_per_second() times faster
with the multiplication. At 44100 samples/s * 2 channels
* 2 bytes/channel = 176400 bytes/s that is 14.52 hours. After the
multiplication overflow the affected audio stream stalls.
Replace the multiplication and following division with muldiv64()
to prevent a multiplication overflow.
Fixes: 280c1e1cdb ("audio/hda: create millisecond timers that handle IO")
Reported-by: M_O_Bz <m_o_bz@163.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20231105172552.8405-1-vr_qemu@t-online.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 74e8593e7e51d6b11ae9c56a3f4e7bb714bac4ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ab0c94f1d73801d0c2825047bc9d7083f5e045d0
https://github.com/qemu/qemu/commit/ab0c94f1d73801d0c2825047bc9d7083f5e045d0
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/pci/pcie_sriov.c
Log Message:
-----------
pcie_sriov: Remove g_new assertion
g_new() aborts if the allocation fails so it returns NULL only if the
requested allocation size is zero. register_vfs() makes such an
allocation if NumVFs is zero so it should not assert that g_new()
returns a non-NULL value.
Fixes: 7c0fa8dff8 ("pcie: Add support for Single Root I/O Virtualization
(SR/IOV)")
Buglink: https://issues.redhat.com/browse/RHEL-17209
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20231123075630.12057-1-akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Yanghang Liu<yanghliu@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 714a1415d7a69174e1640fcdd6eaae180fe438aa)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 95743c7a39c6804d5df78a7e247c3cb6fdb5f4d4
https://github.com/qemu/qemu/commit/95743c7a39c6804d5df78a7e247c3cb6fdb5f4d4
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/acpi/erst.c
Log Message:
-----------
hw/acpi/erst: Do not ignore Error* in realize handler
erst_realizefn() passes @errp to functions without checking for
failure. If it runs into another failure, it trips error_setv()'s
assertion.
Use the ERRP_GUARD() macro and check *errp, as suggested in commit
ae7c80a7bd ("error: New macro ERRP_GUARD()").
Cc: qemu-stable@nongnu.org
Fixes: f7e26ffa59 ("ACPI ERST: support for ACPI ERST feature")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20231120130017.81286-1-philmd@linaro.org>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 20bc50137f3add52eb4788b420d717de27fed14b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 62b7c9015234bf472442031d38c1bf0e2f22a1e4
https://github.com/qemu/qemu/commit/62b7c9015234bf472442031d38c1bf0e2f22a1e4
Author: Robert Hoo <robert.hoo.linux@gmail.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M hw/pci/msix.c
Log Message:
-----------
msix: unset PCIDevice::msix_vector_poll_notifier in rollback
In the rollback in msix_set_vector_notifiers(), original patch forgot to
undo msix_vector_poll_notifier pointer.
Fixes: bbef882cc193 ("msi: add API to get notified about pending bit poll")
Signed-off-by: Robert Hoo <robert.hoo.linux@gmail.com>
Message-Id: <20231113081349.1307-1-robert.hoo.linux@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 2d37fe9e5e61b04bddbed00dbb7436e61a01c115)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7b15f81d637103ace40c0ff4dcbbf485d1ca7bd2
https://github.com/qemu/qemu/commit/7b15f81d637103ace40c0ff4dcbbf485d1ca7bd2
Author: Antonio Caggiano <quic_acaggian@quicinc.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: Check EGLSurface before doing scanout
The first time gd_egl_scanout_texture() is called, there's a possibility
that the GTK drawing area might not be realized yet, in which case its
associated GdkWindow is NULL. This means gd_egl_init() was also skipped
and the EGLContext and EGLSurface stored in the VirtualGfxConsole are
not valid yet.
Continuing with the scanout in this conditions would result in hitting
an assert in libepoxy: "Couldn't find current GLX or EGL context".
A possible workaround is to just ignore the scanout request, giving the
the GTK drawing area some time to finish its realization. At that point,
the gd_egl_init() will succeed and the EGLContext and EGLSurface stored
in the VirtualGfxConsole will be valid.
Signed-off-by: Antonio Caggiano <quic_acaggian@quicinc.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231016123215.2699269-1-quic_acaggian@quicinc.com>
(cherry picked from commit 6f189a08c1b0085808af1bfbf4567f0da193ecc1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 591618f27be402c80a241569565c2ecc344c0746
https://github.com/qemu/qemu/commit/591618f27be402c80a241569565c2ecc344c0746
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: move function calls back to regular code path
Commit 6f189a08c1 ("ui/gtk-egl: Check EGLSurface before doing
scanout") introduced a regression when QEMU is running with a
virtio-gpu-gl-device on a host under X11. After the guest has
initialized the virtio-gpu-gl-device, the guest screen only
shows "Display output is not active.".
Commit 6f189a08c1 moved all function calls in
gd_egl_scanout_texture() to a code path which is only called
once after gd_egl_init() succeeds in gd_egl_scanout_texture().
Move all function calls in gd_egl_scanout_texture() back to
the regular code path so they get always called if one of the
gd_egl_init() calls was successful.
Fixes: 6f189a08c1 ("ui/gtk-egl: Check EGLSurface before doing scanout")
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231111104020.26183-1-vr_qemu@t-online.de>
(cherry picked from commit 53a939f1bf8e4a3e38f9449fac44f572676966ad)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: aada709c26f601a1973d2c1f9880f91dfe75f195
https://github.com/qemu/qemu/commit/aada709c26f601a1973d2c1f9880f91dfe75f195
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M ui/vnc-clipboard.c
Log Message:
-----------
ui/vnc-clipboard: fix inflate_buffer
Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
required, because it can happen that stream.avail_in becomes zero
before coming across a return value of Z_STREAM_END in the loop.
This fixes the host->guest direction of the clipboard with noVNC and
TigerVNC as clients.
Fixes: d921fea338 ("ui/vnc-clipboard: fix infinite loop in inflate_buffer
(CVE-2023-3255)")
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231122125826.228189-1-f.ebner@proxmox.com>
(cherry picked from commit ebfbf394671163c14e2b24d98f3927a3151d1aff)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4131b1f176ff9a8bb567a822519fa32cc68c7c99
https://github.com/qemu/qemu/commit/4131b1f176ff9a8bb567a822519fa32cc68c7c99
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M target/arm/cpu.c
Log Message:
-----------
target/arm: Disable SME if SVE is disabled
There is no architectural requirement that SME implies SVE, but
our implementation currently assumes it. (FEAT_SME_FA64 does
imply SVE.) So if you try to run a CPU with eg "-cpu max,sve=off"
you quickly run into an assert when the guest tries to write to
SMCR_EL1:
#6 0x00007ffff4b38e96 in __GI___assert_fail
(assertion=0x5555566e69cb "sm", file=0x5555566e5b24
"../../target/arm/helper.c", line=6865, function=0x5555566e82f0
<__PRETTY_FUNCTION__.31> "sve_vqm1_for_el_sm") at ./assert/assert.c:101
#7 0x0000555555ee33aa in sve_vqm1_for_el_sm (env=0x555557d291f0, el=2,
sm=false) at ../../target/arm/helper.c:6865
#8 0x0000555555ee3407 in sve_vqm1_for_el (env=0x555557d291f0, el=2) at
../../target/arm/helper.c:6871
#9 0x0000555555ee3724 in smcr_write (env=0x555557d291f0, ri=0x555557da23b0,
value=2147483663) at ../../target/arm/helper.c:6995
#10 0x0000555555fd1dba in helper_set_cp_reg64 (env=0x555557d291f0,
rip=0x555557da23b0, value=2147483663) at ../../target/arm/tcg/op_helper.c:839
#11 0x00007fff60056781 in code_gen_buffer ()
Avoid this unsupported and slightly odd combination by
disabling SME when SVE is not present.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2005
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231127173318.674758-1-peter.maydell@linaro.org
(cherry picked from commit f7767ca301796334f74b9b642b395a4bd3e3dbac)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 775bb790b9ea40cd82fa5c828b8b52b494b88742
https://github.com/qemu/qemu/commit/775bb790b9ea40cd82fa5c828b8b52b494b88742
Author: Patrick Venture <venture@google.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M softmmu/memory.c
Log Message:
-----------
system/memory: use ldn_he_p/stn_he_p
Using direct pointer dereferencing can allow for unaligned accesses,
which was seen during execution with sanitizers enabled.
Cc: qemu-stable@nongnu.org
Reviewed-by: Chris Rauer <crauer@google.com>
Reviewed-by: Peter Foley <pefoley@google.com>
Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20231116163633.276671-1-venture@google.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 2b8fe81b3c2e76d241510a9a85496d544e42f5ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fe0c88919cf28ab6f30986da07e87f59e4590a88
https://github.com/qemu/qemu/commit/fe0c88919cf28ab6f30986da07e87f59e4590a88
Author: Jean-Philippe Brucker <jean-philippe@linaro.org>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm/helper: Propagate MDCR_EL2.HPMN into PMCR_EL0.N
MDCR_EL2.HPMN allows an hypervisor to limit the number of PMU counters
available to EL1 and EL0 (to keep the others to itself). QEMU already
implements this split correctly, except for PMCR_EL0.N reads: the number
of counters read by EL1 or EL0 should be the one configured in
MDCR_EL2.HPMN.
Cc: qemu-stable@nongnu.org
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Message-id: 20231215144652.4193815-2-jean-philippe@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 6980c31dec42b6daebf7fec13b2d39ed87bb4766)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 71090deb4c84e18ab6270d517cfcc43eea95fdc4
https://github.com/qemu/qemu/commit/71090deb4c84e18ab6270d517cfcc43eea95fdc4
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2023-12-22 (Fri, 22 Dec 2023)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 7.2.8 release
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/14f0c7e3be85...71090deb4c84