[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] fc1c83: fuzz: ignore address_space_map is_wri
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] fc1c83: fuzz: ignore address_space_map is_write flag |
|
Date: |
Tue, 09 Feb 2021 05:24:50 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: fc1c8344e65807843ae8eaa25284e5277bdcd1eb
https://github.com/qemu/qemu/commit/fc1c8344e65807843ae8eaa25284e5277bdcd1eb
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M include/exec/memory.h
M include/exec/memory_ldst_cached.h.inc
M memory_ldst.c.inc
M softmmu/memory.c
M softmmu/physmem.c
M tests/qtest/fuzz/generic_fuzz.c
Log Message:
-----------
fuzz: ignore address_space_map is_write flag
We passed an is_write flag to the fuzz_dma_read_cb function to
differentiate between the mapped DMA regions that need to be populated
with fuzzed data, and those that don't. We simply passed through the
address_space_map is_write parameter. The goal was to cut down on
unnecessarily populating mapped DMA regions, when they are not read
from.
Unfortunately, nothing precludes code from reading from regions mapped
with is_write=true. For example, see:
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04729.html
This patch removes the is_write parameter to fuzz_dma_read_cb. As a
result, we will fill all mapped DMA regions with fuzzed data, ignoring
the specified transfer direction.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20210120060255.558535-1-alxndr@bu.edu>
Commit: d54d9b1d124bcea44293e25f3a45c593d798d2a8
https://github.com/qemu/qemu/commit/d54d9b1d124bcea44293e25f3a45c593d798d2a8
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M tests/qtest/fuzz/generic_fuzz_configs.h
Log Message:
-----------
fuzz: refine the ide/ahci fuzzer configs
Disks work differently depending on the x86 machine type (SATA vs PATA).
Additionally, we should fuzz the atapi code paths, which might contain
vulnerabilities such as CVE-2020-29443. This patch adds hard-disk and
cdrom generic-fuzzer configs for both the pc (PATA) and q35 (SATA)
machine types.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20210120152211.109782-1-alxndr@bu.edu>
Commit: 92381157dd74c27b028d4a8e9349488e55b4c22d
https://github.com/qemu/qemu/commit/92381157dd74c27b028d4a8e9349488e55b4c22d
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M docs/devel/fuzzing.rst
Log Message:
-----------
docs/fuzz: fix pre-meson path
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210117201014.271610-2-alxndr@bu.edu>
Commit: 61f90e0461984438ddd5064d1c03133f561dc848
https://github.com/qemu/qemu/commit/61f90e0461984438ddd5064d1c03133f561dc848
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M tests/qtest/fuzz/fuzz.c
Log Message:
-----------
fuzz: log the arguments used to initialize QEMU
This is useful for building reproducers. Instead checking the code or
the QEMU_FUZZ_ARGS, the arguments are at the top of the crash log.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210117201014.271610-3-alxndr@bu.edu>
Commit: 8630b43f115d9736cbe9782f453a300ac3ba5af5
https://github.com/qemu/qemu/commit/8630b43f115d9736cbe9782f453a300ac3ba5af5
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M tests/qtest/fuzz/generic_fuzz.c
M tests/qtest/fuzz/generic_fuzz_configs.h
Log Message:
-----------
fuzz: enable dynamic args for generic-fuzz configs
For some device configurations, it is useful to configure some
resources, and adjust QEMU arguments at runtime, prior to fuzzing. This
patch adds an "argfunc" to generic the generic_fuzz_config. When
specified, it is responsible for configuring the resources and returning
a string containing the corresponding QEMU arguments. This can be useful
for targets that rely on e.g.:
* a temporary qcow2 image
* a temporary directory
* an unused TCP port used to bind the VNC server
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210117230924.449676-2-alxndr@bu.edu>
Commit: 3ca45fb4d26ba92e55f1dda651829fe46ab8f863
https://github.com/qemu/qemu/commit/3ca45fb4d26ba92e55f1dda651829fe46ab8f863
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M docs/devel/fuzzing.rst
Log Message:
-----------
docs/fuzz: add some information about OSS-Fuzz
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20210117230924.449676-3-alxndr@bu.edu>
Commit: fff7111fb90e93b148b2196175fd656b2bfea4cd
https://github.com/qemu/qemu/commit/fff7111fb90e93b148b2196175fd656b2bfea4cd
Author: Alexander Bulekov <alxndr@bu.edu>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M tests/qtest/fuzz/generic_fuzz_configs.h
Log Message:
-----------
fuzz: add virtio-9p configurations for fuzzing
virtio-9p devices are often used to expose a virtual-filesystem to the
guest. There have been some bugs reported in this device, such as
CVE-2018-19364, and CVE-2021-20181. We should fuzz this device
This patch adds two virtio-9p configurations:
* One with the widely used -fsdev local driver. This driver leaks some
state in the form of files/directories created in the shared dir.
* One with the synth driver. While it is not used in the real world, this
driver won't leak leak state between fuzz inputs.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20210117230924.449676-4-alxndr@bu.edu>
Commit: 5ea9e9e239db83391a39c09f1de63c4099c20df5
https://github.com/qemu/qemu/commit/5ea9e9e239db83391a39c09f1de63c4099c20df5
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
target/i386: do not set LM for 32-bit emulation "-cpu host/max"
32-bit targets by definition do not support long mode; therefore, the
bit must be masked in the features supported by the accelerator.
As a side effect, this avoids setting up the 0x80000008 CPUID leaf
for
qemu-system-i386 -cpu host
which since commit 5a140b255d ("x86/cpu: Use max host physical address
if -cpu max option is applied") would have printed this error:
qemu-system-i386: phys-bits should be between 32 and 36 (but is 48)
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 8db0b20415c129cf5e577a593a4a0372d90b7cc9
https://github.com/qemu/qemu/commit/8db0b20415c129cf5e577a593a4a0372d90b7cc9
Author: Igor Mammedov <imammedo@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M backends/hostmem.c
M qemu-options.hx
Log Message:
-----------
machine: add missing doc for memory-backend option
Add documentation for '-machine memory-backend' CLI option and
how to use it.
And document that x-use-canonical-path-for-ramblock-id,
is considered to be stable to make sure it won't go away by accident.
x- was intended for unstable/iternal properties, and not supposed to
be stable option. However it's too late to rename (drop x-)
it as it would mean that users will have to mantain both
x-use-canonical-path-for-ramblock-id (for QEMU 5.0-5.2) versions
and prefix-less for later versions.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210121161504.1007247-1-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: d7dedf428fefccc662f367745c21c0041f30a1d6
https://github.com/qemu/qemu/commit/d7dedf428fefccc662f367745c21c0041f30a1d6
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M docs/devel/build-system.rst
M meson.build
Log Message:
-----------
meson: accept either shared or static libraries if --disable-static
Meson's "static" argument to cc.find_library is a tri-state. By default
Meson *prefers* a shared library, which basically means using -l to
look for it; instead, "static: false" *requires* a shared library. Of
course, "static: true" requires a static library, which is all good
for --enable-static builds.
For --disable-static, "static: false" is rarely desirable; it does not
match what the configure script used to do and the test is more complex
(and harder to debug if it fails, which was reported by Peter Lieven
for librbd).
Reported-by: Peter Lieven <pl@kamp.de>
Tested-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: c518d6c2bffdef9d98177dba7f25d5cb4193822e
https://github.com/qemu/qemu/commit/c518d6c2bffdef9d98177dba7f25d5cb4193822e
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: honor --enable-rbd if cc.links test fails
If the link test failed, compilation proceeded with RBD disabled,
even if --enable-rbd was used on the configure command line.
Fix that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 5447089c2b3b084b51670af36fc86ee3979e04be
https://github.com/qemu/qemu/commit/5447089c2b3b084b51670af36fc86ee3979e04be
Author: Wei Huang <wei.huang2@amd.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
x86/cpu: Populate SVM CPUID feature bits
Newer AMD CPUs will add CPUID_0x8000000A_EDX[28] bit, which indicates
that SVM instructions (VMRUN/VMSAVE/VMLOAD) will trigger #VMEXIT before
CPU checking their EAX against reserved memory regions. This change will
allow the hypervisor to avoid intercepting #GP and emulating SVM
instructions. KVM turns on this CPUID bit for nested VMs. In order to
support it, let us populate this bit, along with other SVM feature bits,
in FEAT_SVM.
Signed-off-by: Wei Huang <wei.huang2@amd.com>
Message-Id: <20210126202456.589932-1-wei.huang2@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 487a1d13baf46dd72b95f8919d6d40e938fd25c3
https://github.com/qemu/qemu/commit/487a1d13baf46dd72b95f8919d6d40e938fd25c3
Author: Qiuhao Li <Qiuhao.Li@outlook.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M scripts/oss-fuzz/minimize_qtest_trace.py
Log Message:
-----------
fuzz: fix wrong index in clear_bits
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Message-Id:
<SYCPR01MB3502E9F6EB06DEDCD484F738FCBA9@SYCPR01MB3502.ausprd01.prod.outlook.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: e0f7fc588d735f23b36fdaf16b6c81f804348cb0
https://github.com/qemu/qemu/commit/e0f7fc588d735f23b36fdaf16b6c81f804348cb0
Author: Stefan Reiter <s.reiter@proxmox.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M docs/meson.build
Log Message:
-----------
docs: don't install corresponding man page if guest agent is disabled
No sense outputting the qemu-ga and qemu-ga-ref man pages when the guest
agent binary itself is disabled. This mirrors behaviour from before the
meson switch.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20210128145801.14384-1-s.reiter@proxmox.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: dec2bb14b8c4824c4d1da9df91b4dbe1bd89cf04
https://github.com/qemu/qemu/commit/dec2bb14b8c4824c4d1da9df91b4dbe1bd89cf04
Author: Maxim Levitsky <mlevitsk@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/scsi/virtio-scsi-dataplane.c
Log Message:
-----------
virtio-scsi: don't uninitialize queues that we didn't initialize
Count number of queues that we initialized and only deinitialize these that we
initialized successfully.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20201217150040.906961-3-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: e34e47eb28c0b8119be2e958450763701b38ac3a
https://github.com/qemu/qemu/commit/e34e47eb28c0b8119be2e958450763701b38ac3a
Author: Maxim Levitsky <mlevitsk@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M include/qemu/event_notifier.h
M util/event_notifier-posix.c
Log Message:
-----------
event_notifier: handle initialization failure better
Add 'initialized' field and use it to avoid touching event notifiers which are
either not initialized or if their initialization failed.
This is somewhat a hack, but it seems the less intrusive way to make
virtio code deal with event notifiers that failed initialization.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20201217150040.906961-4-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 51909241d26fe6fe18a08def93ccc8273f61a8b3
https://github.com/qemu/qemu/commit/51909241d26fe6fe18a08def93ccc8273f61a8b3
Author: David Greenaway <dgreenaway@google.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: Fix decoding of certain BMI instructions
This patch fixes a translation bug for a subset of x86 BMI instructions
such as the following:
c4 e2 f9 f7 c0 shlxq %rax, %rax, %rax
Currently, these incorrectly generate an undefined instruction exception
when SSE is disabled via CR4, while instructions like "shrxq" work fine.
The problem appears to be related to BMI instructions encoded using VEX
and with a mandatory prefix of "0x66" (data). Instructions with this
data prefix (such as shlxq) are currently rejected. Instructions with
other mandatory prefixes (such as shrxq) translate as expected.
This patch removes the incorrect check in "gen_sse" that causes the
exception to be generated. For the non-BMI cases, the check is
redundant: prefixes are already checked at line 3696.
Buglink: https://bugs.launchpad.net/qemu/+bug/1748296
Signed-off-by: David Greenaway <dgreenaway@google.com>
Message-Id: <20210114063958.1508050-1-dgreenaway@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: e7e7bdababeefff10736c6adf410c66d2f0d46fe
https://github.com/qemu/qemu/commit/e7e7bdababeefff10736c6adf410c66d2f0d46fe
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/helper.c
M target/i386/machine.c
M target/i386/tcg/excp_helper.c
M target/i386/tcg/misc_helper.c
Log Message:
-----------
target/i86: implement PKS
Protection Keys for Supervisor-mode pages is a simple extension of
the PKU feature that QEMU already implements. For supervisor-mode
pages, protection key restrictions come from a new MSR. The MSR
has no XSAVE state associated to it.
PKS is only respected in long mode. However, in principle it is
possible to set the MSR even outside long mode, and in fact
even the XSAVE state for PKRU could be set outside long mode
using XRSTOR. So do not limit the migration subsections for
PKRU and PKRS to long mode.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: e9a16e3846d7962a12a9af17163311bc17262ec6
https://github.com/qemu/qemu/commit/e9a16e3846d7962a12a9af17163311bc17262ec6
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M configure
M meson_options.txt
Log Message:
-----------
configure: Improve TCI feature description
Users might want to enable all features, without realizing some
features have negative effect. Mention the TCI feature is slow
and experimental, hoping it will be selected knowingly.
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210125144530.2837481-3-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 39687aca6a72e08ea09652bb45073d09a65d8023
https://github.com/qemu/qemu/commit/39687aca6a72e08ea09652bb45073d09a65d8023
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: Explicit TCG backend used
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210125144530.2837481-4-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: fa2f7b0b9b7d1087bd09f8e086c6403515bbdd3d
https://github.com/qemu/qemu/commit/fa2f7b0b9b7d1087bd09f8e086c6403515bbdd3d
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: Warn when TCI is selected but TCG backend is available
Some new users get confused with 'TCG' and 'TCI', and enable TCI
support expecting to enable TCG.
Emit a warning when native TCG backend is available on the
host architecture, mentioning this is a suboptimal configuration.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Suggested-by: Daniel Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210125144530.2837481-5-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: f77147cd4de8c726f89b2702f7a9d0c9711d8875
https://github.com/qemu/qemu/commit/f77147cd4de8c726f89b2702f7a9d0c9711d8875
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M tests/meson.build
Log Message:
-----------
tests/meson: Only build softfloat objects if TCG is selected
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210122204441.2145197-3-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 6d21d60a2a9261f5ac36b68398a2a8e23814a9b4
https://github.com/qemu/qemu/commit/6d21d60a2a9261f5ac36b68398a2a8e23814a9b4
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M pc-bios/meson.build
Log Message:
-----------
pc-bios/meson: Only install EDK2 blob firmwares with system emulation
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-4-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: f285bd3fdcbfaa73e8af0f60371a745e124da804
https://github.com/qemu/qemu/commit/f285bd3fdcbfaa73e8af0f60371a745e124da804
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: Restrict block subsystem processing
Avoid generating module_block.h and block-gen.c if we are
not going to use them.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-6-philmd@redhat.com>
[Extend to nearby files and directories. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 69ff4d0a45eb940c880d26527939a6da68d21193
https://github.com/qemu/qemu/commit/69ff4d0a45eb940c880d26527939a6da68d21193
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: Merge trace_events_subdirs array
The trace_events_subdirs array is split in two different
locations, merge it as one.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Message-Id: <20210122204441.2145197-7-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 8985db2659897391ad1be5e560a7f34c825fd97e
https://github.com/qemu/qemu/commit/8985db2659897391ad1be5e560a7f34c825fd97e
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: Restrict some trace event directories to user/system emulation
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-8-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 957b31f6c537c74efeb221953b803ee0dd1c379a
https://github.com/qemu/qemu/commit/957b31f6c537c74efeb221953b803ee0dd1c379a
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M meson.build
Log Message:
-----------
meson: Restrict emulation code
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-9-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 9b45a025edbb6ddeeee04e071ac9c4b17c507b50
https://github.com/qemu/qemu/commit/9b45a025edbb6ddeeee04e071ac9c4b17c507b50
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M MAINTAINERS
M qapi/meson.build
M stubs/meson.build
A stubs/qdev.c
Log Message:
-----------
qapi/meson: Restrict qdev code to system-mode emulation
Beside a CPU device, user-mode emulation doesn't access
anything else from qdev subsystem.
Tools don't need anything from qdev.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-10-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 1935e0e4e09bcff8059ab17d2ce36fb1fbb70628
https://github.com/qemu/qemu/commit/1935e0e4e09bcff8059ab17d2ce36fb1fbb70628
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M qapi/meson.build
M tests/meson.build
Log Message:
-----------
qapi/meson: Remove QMP from user-mode emulation
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-11-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 7fdb383d04deb13ace83419188327742daa1967e
https://github.com/qemu/qemu/commit/7fdb383d04deb13ace83419188327742daa1967e
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M qapi/meson.build
Log Message:
-----------
qapi/meson: Restrict system-mode specific modules
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-12-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: c2651c0eaa1920f6478b4d371ad13c5e1409cccd
https://github.com/qemu/qemu/commit/c2651c0eaa1920f6478b4d371ad13c5e1409cccd
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M qapi/meson.build
Log Message:
-----------
qapi/meson: Restrict UI module to system emulation and tools
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210122204441.2145197-13-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 38e0b7904eca7cd32f8953c33701e1f226ecc3fe
https://github.com/qemu/qemu/commit/38e0b7904eca7cd32f8953c33701e1f226ecc3fe
Author: Thomas Huth <thuth@redhat.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M accel/kvm/kvm-all.c
Log Message:
-----------
accel/kvm/kvm-all: Fix wrong return code handling in dirty log code
The kvm_vm_ioctl() wrapper already returns -errno if the ioctl itself
returned -1, so the callers of kvm_vm_ioctl() should not check for -1
but for a value < 0 instead.
This problem has been fixed once already in commit b533f658a98325d0e4
but that commit missed that the ENOENT error code is not fatal for
this ioctl, so the commit has been reverted in commit 50212d6346f33d6e
since the problem occurred close to a pending release at that point
in time. The plan was to fix it properly after the release, but it
seems like this has been forgotten. So let's do it now finally instead.
Resolves: https://bugs.launchpad.net/qemu/+bug/1294227
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210129084354.42928-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 189012fcd7babafd937c4cabd5c3231be6e85fdc
https://github.com/qemu/qemu/commit/189012fcd7babafd937c4cabd5c3231be6e85fdc
Author: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M accel/tcg/tcg-accel-ops-icount.c
Log Message:
-----------
replay: fix replay of the interrupts
Sometimes interrupt event comes at the same time with
the virtual timers. In this case replay tries to proceed
the timers, because deadline for them is zero.
This patch allows processing interrupts and exceptions
by entering the vCPU execution loop, when deadline is zero,
but checkpoint associated with virtual timers is not ready
to be replayed.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <161216312794.2030770.1709657858900983160.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 4b956a399969c0c497a48ba469b7c674b0eb51bd
https://github.com/qemu/qemu/commit/4b956a399969c0c497a48ba469b7c674b0eb51bd
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M pc-bios/descriptors/meson.build
Log Message:
-----------
pc-bios/descriptors: fix paths in json files
Before the change /usr/share/qemu/firmware/50-edk2-x86_64-secure.json
contained the relative path:
"filename": "share/qemu/edk2-x86_64-secure-code.fd",
"filename": "share/qemu/edk2-i386-vars.fd",
After then change the paths are absolute:
"filename": "/usr/share/qemu/edk2-x86_64-secure-code.fd",
"filename": "/usr/share/qemu/edk2-i386-vars.fd",
The regression appeared in qemu-5.2.0 (seems to be related
to meson port).
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: "Marc-André Lureau" <marcandre.lureau@redhat.com>
CC: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Bug: https://bugs.gentoo.org/766743
Bug: https://bugs.launchpad.net/qemu/+bug/1913012
Signed-off-by: Jannik Glückert <jannik.glueckert@gmail.com>
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Message-Id: <20210131143434.2513363-1-slyfox@gentoo.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 54550d886e5bb4148c0765c639fa04a44f3e5d8d
https://github.com/qemu/qemu/commit/54550d886e5bb4148c0765c639fa04a44f3e5d8d
Author: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M backends/rng-builtin.c
Log Message:
-----------
replay: rng-builtin support
This patch enables using rng-builtin with record/replay
by making the callbacks deterministic.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <161233201286.170686.7858208964037376305.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 33c38f8ca1e09b9f77cf263404d423e076c19177
https://github.com/qemu/qemu/commit/33c38f8ca1e09b9f77cf263404d423e076c19177
Author: Utkarsh Tripathi <utkarsh.tripathi@nutanix.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M softmmu/cpu-throttle.c
Log Message:
-----------
cpu-throttle: Remove timer_mod() from cpu_throttle_set()
During migrations, after each iteration, cpu_throttle_set() is called,
which irrespective of input, re-arms the timer according to value of
new_throttle_pct. This causes cpu_throttle_thread() to be delayed in
getting scheduled and consqeuntly lets guest run for more time than what
the throttle value should allow. This leads to spikes in guest throughput
at high cpu-throttle percentage whenever cpu_throttle_set() is called.
A solution would be not to modify the timer immediately in
cpu_throttle_set(), instead, only modify throttle_percentage so that the
throttle would automatically adjust to the required percentage when
cpu_throttle_timer_tick() is invoked.
Manually tested the patch using following configuration:
Guest:
Centos7 (3.10.0-123.el7.x86_64)
Total Memory - 64GB , CPUs - 16
Tool used - stress (1.0.4)
Workload - stress --vm 32 --vm-bytes 1G --vm-keep
Migration Parameters:
Network Bandwidth - 500MBPS
cpu-throttle-initial - 99
Results:
With timer_mod(): fails to converge, continues indefinitely
Without timer_mod(): converges in 249 sec
Signed-off-by: Utkarsh Tripathi <utkarsh.tripathi@nutanix.com>
Message-Id: <1609420384-119407-1-git-send-email-utkarsh.tripathi@nutanix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 520f26fc6d17b71a43eaf620e834b3bdf316f3d3
https://github.com/qemu/qemu/commit/520f26fc6d17b71a43eaf620e834b3bdf316f3d3
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/pci-host/prep.c
Log Message:
-----------
hw/pci-host: add pci-intack write method
Add pci-intack mmio write method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200811114133.672647-2-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 4f2a5202a05fc1612954804a2482f07bff105ea2
https://github.com/qemu/qemu/commit/4f2a5202a05fc1612954804a2482f07bff105ea2
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/pci-host/designware.c
Log Message:
-----------
pci-host: designware: add pcie-msi read method
Add pcie-msi mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200811114133.672647-3-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 24202d2b561c3b4c48bd28383c8c34b4ac66c2bf
https://github.com/qemu/qemu/commit/24202d2b561c3b4c48bd28383c8c34b4ac66c2bf
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/vfio/pci-quirks.c
Log Message:
-----------
vfio: add quirk device write method
Add vfio quirk device mmio write method to avoid NULL pointer
dereference issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200811114133.672647-4-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: f867cebaedbc9c43189f102e4cdfdff05e88df7f
https://github.com/qemu/qemu/commit/f867cebaedbc9c43189f102e4cdfdff05e88df7f
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/ppc/prep_systemio.c
Log Message:
-----------
prep: add ppc-parity write method
Add ppc-parity mmio write method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20200811114133.672647-5-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: b5bf601f364e1a14ca4c3276f88dfec024acf613
https://github.com/qemu/qemu/commit/b5bf601f364e1a14ca4c3276f88dfec024acf613
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/nvram/nrf51_nvm.c
Log Message:
-----------
nvram: add nrf51_soc flash read method
Add nrf51_soc mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20200811114133.672647-6-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 921604e175b8ec06c39503310e7b3ec1e3eafe9e
https://github.com/qemu/qemu/commit/921604e175b8ec06c39503310e7b3ec1e3eafe9e
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/ppc/spapr_pci.c
Log Message:
-----------
spapr_pci: add spapr msi read method
Add spapr msi mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200811114133.672647-7-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 2c9fb3b784000c1df32231e1c2464bb2e3fc4620
https://github.com/qemu/qemu/commit/2c9fb3b784000c1df32231e1c2464bb2e3fc4620
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/misc/tz-ppc.c
Log Message:
-----------
tz-ppc: add dummy read/write methods
Add tz-ppc-dummy mmio read/write methods to avoid assert failure
during initialisation.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <20200811114133.672647-8-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 735754aaa15a6ed46db51fd731e88331c446ea54
https://github.com/qemu/qemu/commit/735754aaa15a6ed46db51fd731e88331c446ea54
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M hw/misc/imx7_ccm.c
Log Message:
-----------
imx7-ccm: add digprog mmio write method
Add digprog mmio write method to avoid assert failure during
initialisation.
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200811114133.672647-9-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 6aa4228bd68cb251ccb5f802c015b494c6a10f19
https://github.com/qemu/qemu/commit/6aa4228bd68cb251ccb5f802c015b494c6a10f19
Author: Chenyi Qiang <chenyi.qiang@intel.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
target/i386: Add support for save/load IA32_PKRS MSR
PKS introduces MSR IA32_PKRS(0x6e1) to manage the supervisor protection
key rights. Page access and writes can be managed via the MSR update
without TLB flushes when permissions change.
Add the support to save/load IA32_PKRS MSR in guest.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20210205083325.13880-2-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 52a44ad2b92ba4cd81c2b271cd5e4a2d820e91fc
https://github.com/qemu/qemu/commit/52a44ad2b92ba4cd81c2b271cd5e4a2d820e91fc
Author: Chenyi Qiang <chenyi.qiang@intel.com>
Date: 2021-02-08 (Mon, 08 Feb 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
target/i386: Expose VMX entry/exit load pkrs control bits
Expose the VMX exit/entry load pkrs control bits in
VMX_TRUE_EXIT_CTLS/VMX_TRUE_ENTRY_CTLS MSRs to guest, which supports the
PKS in nested VM.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20210205083325.13880-3-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 41d306ec7d9885752fec434904df08b9c1aa3add
https://github.com/qemu/qemu/commit/41d306ec7d9885752fec434904df08b9c1aa3add
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-02-09 (Tue, 09 Feb 2021)
Changed paths:
M MAINTAINERS
M accel/kvm/kvm-all.c
M accel/tcg/tcg-accel-ops-icount.c
M backends/hostmem.c
M backends/rng-builtin.c
M configure
M docs/devel/build-system.rst
M docs/devel/fuzzing.rst
M docs/meson.build
M hw/misc/imx7_ccm.c
M hw/misc/tz-ppc.c
M hw/nvram/nrf51_nvm.c
M hw/pci-host/designware.c
M hw/pci-host/prep.c
M hw/ppc/prep_systemio.c
M hw/ppc/spapr_pci.c
M hw/scsi/virtio-scsi-dataplane.c
M hw/vfio/pci-quirks.c
M include/exec/memory.h
M include/exec/memory_ldst_cached.h.inc
M include/qemu/event_notifier.h
M memory_ldst.c.inc
M meson.build
M meson_options.txt
M pc-bios/descriptors/meson.build
M pc-bios/meson.build
M qapi/meson.build
M qemu-options.hx
M scripts/oss-fuzz/minimize_qtest_trace.py
M softmmu/cpu-throttle.c
M softmmu/memory.c
M softmmu/physmem.c
M stubs/meson.build
A stubs/qdev.c
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/helper.c
M target/i386/kvm/kvm.c
M target/i386/machine.c
M target/i386/tcg/excp_helper.c
M target/i386/tcg/misc_helper.c
M target/i386/tcg/translate.c
M tests/meson.build
M tests/qtest/fuzz/fuzz.c
M tests/qtest/fuzz/generic_fuzz.c
M tests/qtest/fuzz/generic_fuzz_configs.h
M util/event_notifier-posix.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into
staging
* Fuzzing improvements (Qiuhao, Alexander)
* i386: Fix BMI decoding for instructions with the 0x66 prefix (David)
* initial attempt at fixing event_notifier emulation (Maxim)
* i386: PKS emulation, fix for "qemu-system-i386 -cpu host" (myself)
* meson: RBD test fixes (myself)
* meson: TCI warnings (Philippe)
* Leaner build for --disable-guest-agent, --disable-system and
--disable-tools (Philippe, Stefan)
* --enable-tcg-interpreter fix (Richard)
* i386: SVM feature bits (Wei)
* KVM bugfix (Thomas H.)
* Add missing MemoryRegionOps callbacks (PJP)
# gpg: Signature made Mon 08 Feb 2021 14:15:35 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (46 commits)
target/i386: Expose VMX entry/exit load pkrs control bits
target/i386: Add support for save/load IA32_PKRS MSR
imx7-ccm: add digprog mmio write method
tz-ppc: add dummy read/write methods
spapr_pci: add spapr msi read method
nvram: add nrf51_soc flash read method
prep: add ppc-parity write method
vfio: add quirk device write method
pci-host: designware: add pcie-msi read method
hw/pci-host: add pci-intack write method
cpu-throttle: Remove timer_mod() from cpu_throttle_set()
replay: rng-builtin support
pc-bios/descriptors: fix paths in json files
replay: fix replay of the interrupts
accel/kvm/kvm-all: Fix wrong return code handling in dirty log code
qapi/meson: Restrict UI module to system emulation and tools
qapi/meson: Restrict system-mode specific modules
qapi/meson: Remove QMP from user-mode emulation
qapi/meson: Restrict qdev code to system-mode emulation
meson: Restrict emulation code
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/34b7d4193e45...41d306ec7d98