[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f16d15: virtiofsd: use g_date_time_get_micros
|
From: |
Paolo Bonzini |
|
Subject: |
[Qemu-commits] [qemu/qemu] f16d15: virtiofsd: use g_date_time_get_microsecond to get ... |
|
Date: |
Tue, 27 Sep 2022 08:04:07 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: f16d15c9276bd8f501f861c39cbd4adc812d0c1d
https://github.com/qemu/qemu/commit/f16d15c9276bd8f501f861c39cbd4adc812d0c1d
Author: Yusuke Okada <okada.yusuke@jp.fujitsu.com>
Date: 2022-09-22 (Thu, 22 Sep 2022)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: use g_date_time_get_microsecond to get subsecond
The "%f" specifier in g_date_time_format() is only available in glib
2.65.2 or later. If combined with older glib, the function returns null
and the timestamp displayed as "(null)".
For backward compatibility, g_date_time_get_microsecond should be used
to retrieve subsecond.
In this patch the g_date_time_format() leaves subsecond field as "%06d"
and let next snprintf to format with g_date_time_get_microsecond.
Signed-off-by: Yusuke Okada <okada.yusuke@jp.fujitsu.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20220818184618.2205172-1-yokada.996@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit: df6322a8973b5e69bdc8931ff79d3bfe3901cab5
https://github.com/qemu/qemu/commit/df6322a8973b5e69bdc8931ff79d3bfe3901cab5
Author: Cal Peake <cp@absolutedigital.net>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M include/ui/console.h
M ui/console.c
Log Message:
-----------
ui/console: Get tab completion working again in the SDL monitor vc
Define a QEMU special key constant for the tab key and add an entry for
it in the qcode_to_keysym table. This allows tab completion to work again
in the SDL monitor virtual console, which has been broken ever since the
migration from SDL1 to SDL2.
Signed-off-by: Cal Peake <cp@absolutedigital.net>
Message-Id: <7054816e-99c-7e2-6737-7cf98cc56e2@absolutedigital.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: bab6a301c58286229ca8fbc36728d1469f243260
https://github.com/qemu/qemu/commit/bab6a301c58286229ca8fbc36728d1469f243260
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M docs/devel/fuzzing.rst
M include/qemu-main.h
M include/sysemu/sysemu.h
M softmmu/main.c
M softmmu/vl.c
M tests/qtest/fuzz/fuzz.c
M ui/cocoa.m
Log Message:
-----------
ui/cocoa: Run qemu_init in the main thread
This work is based on:
https://patchew.org/QEMU/20220317125534.38706-1-philippe.mathieu.daude@gmail.com/
Simplify the initialization dance by running qemu_init() in the main
thread before the Cocoa event loop starts. The secondary thread only
runs only qemu_main_loop() and qemu_cleanup().
This fixes a case where addRemovableDevicesMenuItems() calls
qmp_query_block() while expecting the main thread to still hold
the BQL.
Overriding the code after calling qemu_init() is done by dynamically
replacing a function pointer variable, qemu_main when initializing
ui/cocoa, which unifies the static implementation of main() for
builds with ui/cocoa and ones without ui/cocoa.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220819132756.74641-2-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 2dc7f90a835a4cd2362ace5e2388687afd296b85
https://github.com/qemu/qemu/commit/2dc7f90a835a4cd2362ace5e2388687afd296b85
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M include/qemu/main-loop.h
Log Message:
-----------
Revert "main-loop: Disable block backend global state assertion on Cocoa"
This reverts commit 47281859f66bdab1974fb122cab2cbb4a1c9af7f.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220819132756.74641-3-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 64d3fec76c913bf94f9b87f7482669302af9bbf9
https://github.com/qemu/qemu/commit/64d3fec76c913bf94f9b87f7482669302af9bbf9
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M meson.build
Log Message:
-----------
meson: Allow to enable gtk and sdl while cocoa is enabled
As ui/cocoa does no longer override main(), ui/gtk and ui/sdl
can be enabled even ui/cocoa is enabled.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220819132756.74641-4-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 410840cdb1342751f58a3521f48d5a9faf694c3b
https://github.com/qemu/qemu/commit/410840cdb1342751f58a3521f48d5a9faf694c3b
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M ui/clipboard.c
M ui/trace-events
M ui/vdagent.c
Log Message:
-----------
ui: add some vdagent related traces
This helps debugging clipboard serial sync issues.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-2-marcandre.lureau@redhat.com>
[ kraxel: code style fix ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 0e23ae9c657d65049e5ef3a06451b22830964f35
https://github.com/qemu/qemu/commit/0e23ae9c657d65049e5ef3a06451b22830964f35
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M ui/clipboard.c
Log Message:
-----------
ui/clipboard: fix serial priority
The incoming grab event should have a higher serial.
See also "vdagent: introduce VD_AGENT_CAP_CLIPBOARD_GRAB_SERIAL":
https://gitlab.freedesktop.org/spice/spice-protocol/-/commit/045a6978d6dbbf7046affc5c321fa8177c8cce56
This is only a relevant fix for the -display dbus, only user of that
function.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-3-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: e46d4d684224872b8b5999a51c688ee8fffb4a1b
https://github.com/qemu/qemu/commit/e46d4d684224872b8b5999a51c688ee8fffb4a1b
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M ui/vdagent.c
Log Message:
-----------
ui/vdagent: always reset the clipboard serial on caps
The guest agent doesn't know what is the current serial state. Reset the
serial value whenever a new agent connection is established.
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=2124446
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-4-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 72ce36f77ca6fe8cf9aae5ed28d7c3c865ef887d
https://github.com/qemu/qemu/commit/72ce36f77ca6fe8cf9aae5ed28d7c3c865ef887d
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M ui/clipboard.c
Log Message:
-----------
ui/clipboard: reset the serial state on reset
Not only we have to reset the vdagent clipboards serial state, but also
the current QEMU clipboards info serial (the value is currently used by
qemu_clipboard_check_serial, only used by -display dbus).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-5-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: d18431547f388db1e43c0cbc8a423ea9cc0df3d6
https://github.com/qemu/qemu/commit/d18431547f388db1e43c0cbc8a423ea9cc0df3d6
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M ui/vdagent.c
Log Message:
-----------
ui/vdagent: fix serial reset of guest agent
In order to reset the guest agent, we send CLOSED & OPENED events.
They are correctly received by the guest kernel. However, they might not
be noticed by the guest agent process, as the IO task (poll() for
example) might be wake up after both CLOSED & OPENED have been
processed.
Wait until the guest agent is disconnected to re-open our side.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-6-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 17b55372b509a253abed9d7d4a81772f6067220f
https://github.com/qemu/qemu/commit/17b55372b509a253abed9d7d4a81772f6067220f
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M ui/console.c
Log Message:
-----------
ui/console: fix three double frees in png_save()
The png_destroy_write_struct() function frees all memory used by
libpng. Don't use the glib auto cleanup mechanism to free the
memory allocated by libpng again. For the pixman image, use only the
auto cleanup mechanism and remove the qemu_pixman_image_unref()
function call to prevent another double free.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210
Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG")
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 0b33bb394d0d02918679064caa11ef59e5ff3924
https://github.com/qemu/qemu/commit/0b33bb394d0d02918679064caa11ef59e5ff3924
Author: Thomas Huth <thuth@redhat.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
hw/usb/hcd-xhci: Check whether DMA accesses fail
If a guest sets up bad descriptors, it could force QEMU to access
non-existing memory regions. Thus we should check the return value
of dma_memory_read/write() to make sure that these errors don't go
unnoticed.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220817160016.49752-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: d8c2e6f2f6d29ccb766197181eb1c65c1d46b3a4
https://github.com/qemu/qemu/commit/d8c2e6f2f6d29ccb766197181eb1c65c1d46b3a4
Author: Qiang Liu <cyruscyliu@gmail.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M hw/usb/hcd-ohci.c
Log Message:
-----------
hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
An abort happens in ohci_frame_boundary() when ohci->done is 0 [1].
``` c
static void ohci_frame_boundary(void *opaque)
{
// ...
if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
if (!ohci->done)
abort(); <----------------------------------------- [1]
```
This was reported in https://bugs.launchpad.net/qemu/+bug/1911216/,
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html, and
https://gitlab.com/qemu-project/qemu/-/issues/545. I can still reproduce it with
the latest QEMU.
This happends due to crafted ED with putting ISO_TD at physical address 0.
Suppose ed->head & OHCI_DPTR_MASK is 0 [2], and we memset 0 to the phyiscal
memory from 0 to sizeof(ohci_iso_td). Then, starting_frame [3] and frame_count
[4] are both 0. As we can control the value of ohci->frame_number (0 to 0x1f,
suppose 1), we then control the value of relative_frame_number to be 1 [6]. The
control flow goes to [7] where ohci->done is 0. Have returned from
ohci_service_iso_td(), ohci_frame_boundary() will abort() [1].
``` c
static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
{
// ...
addr = ed->head & OHCI_DPTR_MASK; // <--------------------- [2]
if (ohci_read_iso_td(ohci, addr, &iso_td)) { // <-------- [3]
// ...
starting_frame = OHCI_BM(iso_td.flags, TD_SF); // <-------- [4]
frame_count = OHCI_BM(iso_td.flags, TD_FC); // <-------- [5]
relative_frame_number = USUB(ohci->frame_number, starting_frame);
// <-------- [6]
if (relative_frame_number < 0) {
return 1;
} else if (relative_frame_number > frame_count) {
// ...
ohci->done = addr; // <-------- [7]
// ...
}
```
As only (afaik) a guest root user can manipulate ED, TD and the physical memory,
this assertion failure is not a security bug.
The idea to fix this issue is to drop ohci_service_iso_td() if ed->head &
OHCI_DPTR_MASK is 0, which is similar to the drop operation for
ohci_service_ed_list() when head is 0. Probably, a similar issue is in
ohci_service_td(). I drop ohci_service_td() if ed->head & OHCI_DPTR_MASK is 0.
Fixes: 7bfe577702 ("OHCI USB isochronous transfers support (Arnon Gilboa)")
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/545
Buglink: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html
Buglink: https://bugs.launchpad.net/qemu/+bug/1911216
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220826051557.119570-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 15aa08a405e449c5ab88b479dd2728920d829c61
https://github.com/qemu/qemu/commit/15aa08a405e449c5ab88b479dd2728920d829c61
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2022-09-26 (Mon, 26 Sep 2022)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into
staging
Pull request
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmMsmAMACgkQnKSrs4Gr
# c8gRYgf9F7B/Ncv+FrucAh8y17PxiMLt2ZNcAjsrghhp7GbYcJuqx6u4gvbkm7Na
# 42DbYBnM98dhx5tQaACi4GjvJ+E+SyNZvxQxerzRoCgUvYY/fCsIN/6jEzQw4EVs
# w9H3zh9fuagIeip7YuIAg9KUgAz1ApWxjJJm9q6aY85xkpvZjiVaHjDRVuOR4zX3
# 6srHj41218QHI9ksV1ZKA0LenqL6QtqfUrk+4/BT91TNKVBpHygD11idrhPObZIR
# psGoQutgKRuiyZSt+8+5TI6uRiTAt7VMOi3v7COozY/zY0s7D3kdVRrpuq7CJJt9
# MV2T/j/ZWk+WLqDW3EnFvRPXBv4JNg==
# =WUSL
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Sep 2022 13:14:43 EDT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [ultimate]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [ultimate]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
virtiofsd: use g_date_time_get_microsecond to get subsecond
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit: a44558636aed935579701e7805684d1138383c7d
https://github.com/qemu/qemu/commit/a44558636aed935579701e7805684d1138383c7d
Author: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/ssi/ibex_spi_host.c
Log Message:
-----------
hw/ssi: ibex_spi: fixup typos in ibex_spi_host
This patch fixes up minor typos in ibex_spi_host
Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220823061201.132342-2-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 7a426f83c3192db8006ce29abc702dfa2eb00fc8
https://github.com/qemu/qemu/commit/7a426f83c3192db8006ce29abc702dfa2eb00fc8
Author: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/ssi/ibex_spi_host.c
Log Message:
-----------
hw/ssi: ibex_spi: update reg addr
Updates the `EVENT_ENABLE` register to offset `0x34` as per
OpenTitan spec [1].
[1] https://docs.opentitan.org/hw/ip/spi_host/doc/#Reg_event_enable
Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220823061201.132342-5-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 0c2d4671916333e5b66fd923279fb6fb62315bed
https://github.com/qemu/qemu/commit/0c2d4671916333e5b66fd923279fb6fb62315bed
Author: Alex Bennée <alex.bennee@linaro.org>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M docs/system/riscv/virt.rst
Log Message:
-----------
docs/system: clean up code escape for riscv virt platform
The example code is rendered slightly mangled due to missing code
block. Properly escape the code block and add shell prompt and qemu to
fit in with the other examples on the page.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220905163939.1599368-1-alex.bennee@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 513eb437aef7687ad1963d935ffb884fff3c4775
https://github.com/qemu/qemu/commit/513eb437aef7687ad1963d935ffb884fff3c4775
Author: Rahul Pathak <rpathak@ventanamicro.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M disas/riscv.c
M target/riscv/cpu_bits.h
Log Message:
-----------
target/riscv: Remove sideleg and sedeleg
sideleg and sedeleg csrs are not part of riscv isa spec
anymore, these csrs were part of N extension which
is removed from the riscv isa specification.
These commits removed all traces of these csrs from
riscv spec (https://github.com/riscv/riscv-isa-manual) -
commit f8d27f805b65 ("Remove or downgrade more references to N extension
(#674)")
commit b6cade07034d ("Remove N extension chapter for now")
Signed-off-by: Rahul Pathak <rpathak@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220824145255.400040-1-rpathak@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: a412829406905a7edf7a33ded754f89f50a33af1
https://github.com/qemu/qemu/commit/a412829406905a7edf7a33ded754f89f50a33af1
Author: Weiwei Li <liweiwei@iscas.ac.cn>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/csr.c
Log Message:
-----------
target/riscv: fix csr check for cycle{h}, instret{h}, time{h},
hpmcounter3-31{h}
- modify check for mcounteren to work in all less-privilege mode
- modify check for scounteren to work only when S mode is enabled
- distinguish the exception type raised by check for scounteren between U
and VU mode
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220817083756.12471-1-liweiwei@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 94452ac4cf263e8996613db8d981e4ea85bd019a
https://github.com/qemu/qemu/commit/94452ac4cf263e8996613db8d981e4ea85bd019a
Author: Andrew Burgess <aburgess@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M gdb-xml/riscv-32bit-fpu.xml
M gdb-xml/riscv-64bit-fpu.xml
M target/riscv/gdbstub.c
Log Message:
-----------
target/riscv: remove fflags, frm, and fcsr from riscv-*-fpu.xml
While testing some changes to GDB's handling for the RISC-V registers
fcsr, fflags, and frm, I spotted that QEMU includes these registers
twice in the target description it sends to GDB, once in the fpu
feature, and once in the csr feature.
Right now things basically work OK, QEMU maps these registers onto two
different register numbers, e.g. fcsr maps to both 68 and 73, and GDB
can use either of these to access the register.
However, GDB's target descriptions don't really work this way, each
register should appear just once in a target description, mapping the
register name onto the number GDB should use when accessing the
register on the target. Duplicate register names actually result in
duplicate registers on the GDB side, however, as the registers have
the same name, the user can only access one of these registers.
Currently GDB has a hack in place, specifically for RISC-V, to spot
the duplicate copies of these three registers, and hide them from the
user, ensuring the user only ever sees a single copy of each.
In this commit I propose fixing this issue on the QEMU side, and in
the process, simplify the fpu register handling a little.
I think we should, remove fflags, frm, and fcsr from the two (32-bit
and 64-bit) fpu feature xml files. These files will only contain the
32 core floating point register f0 to f31. The fflags, frm, and fcsr
registers will continue to be advertised in the csr feature as they
currently are.
With that change made, I will simplify riscv_gdb_get_fpu and
riscv_gdb_set_fpu, removing the extra handling for the 3 status
registers.
Signed-off-by: Andrew Burgess <aburgess@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id:
<0fbf2a5b12e3210ff3867d5cf7022b3f3462c9c8.1661934573.git.aburgess@redhat.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 4c0f0b6619126637e802f07c9fe8e9fffbc1c4bb
https://github.com/qemu/qemu/commit/4c0f0b6619126637e802f07c9fe8e9fffbc1c4bb
Author: Andrew Burgess <aburgess@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M gdb-xml/riscv-32bit-cpu.xml
M gdb-xml/riscv-32bit-fpu.xml
M gdb-xml/riscv-64bit-cpu.xml
M gdb-xml/riscv-64bit-fpu.xml
Log Message:
-----------
target/riscv: remove fixed numbering from GDB xml feature files
The fixed register numbering in the various GDB feature files for
RISC-V only exists because these files were originally copied from the
GDB source tree.
However, the fixed numbering only exists in the GDB source tree so
that GDB, when it connects to a target that doesn't provide a target
description, will use a specific numbering scheme.
That numbering scheme is designed to be compatible with the first
versions of QEMU (for RISC-V), that didn't send a target description,
and relied on a fixed numbering scheme.
Because of the way that QEMU manages its target descriptions,
recording the number of registers in each feature, and just relying on
GDB's numbering starting from 0, then I propose that we remove all the
fixed numbering from the RISC-V feature xml files, and just rely on
the standard numbering scheme. Plenty of other targets manage their
xml files this way, e.g. ARM, AArch64, Loongarch, m68k, rx, and s390.
Signed-off-by: Andrew Burgess <aburgess@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Message-Id:
<6069395f90e6fc24dac92197be815fedf42f5974.1661934573.git.aburgess@redhat.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 277b210dd86636cc910bf6cd9a5477d01a10603f
https://github.com/qemu/qemu/commit/277b210dd86636cc910bf6cd9a5477d01a10603f
Author: Alistair Francis <alistair.francis@wdc.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/cpu.c
M target/riscv/cpu.h
M target/riscv/machine.c
Log Message:
-----------
target/riscv: Set the CPU resetvec directly
Instead of using our properties to set a config value which then might
be used to set the resetvec (depending on your timing), let's instead
just set the resetvec directly in the env struct.
This allows us to set the reset vec from the command line with:
-global driver=riscv.hart_array,property=resetvec,value=0x20000400
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-2-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: d057aaece7665d49e81ef8d8204b095351253f21
https://github.com/qemu/qemu/commit/d057aaece7665d49e81ef8d8204b095351253f21
Author: Alistair Francis <alistair.francis@wdc.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/riscv/opentitan.c
Log Message:
-----------
hw/riscv: opentitan: Fixup resetvec
The resetvec for the OpenTitan machine ended up being set to an out of
date value, so let's fix that and bump it to the correct start address
(after the boot ROM)
Fixes: bf8803c64d75 "hw/riscv: opentitan: bump opentitan version"
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220914101108.82571-3-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: a06fded82e9edc471dbbe4321f856040b996b54c
https://github.com/qemu/qemu/commit/a06fded82e9edc471dbbe4321f856040b996b54c
Author: Alistair Francis <alistair.francis@wdc.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/riscv/opentitan.c
M include/hw/riscv/opentitan.h
Log Message:
-----------
hw/riscv: opentitan: Expose the resetvec as a SoC property
On the OpenTitan hardware the resetvec is fixed at the start of ROM. In
QEMU we don't run the ROM code and instead just jump to the next stage.
This means we need to be a little more flexible about what the resetvec
is.
This patch allows us to set the resetvec from the command line with
something like this:
-global driver=riscv.lowrisc.ibex.soc,property=resetvec,value=0x20000400
This way as the next stage changes we can update the resetvec.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-4-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 9e37653b5c73d8e43013ed78ee9d7644f23d146c
https://github.com/qemu/qemu/commit/9e37653b5c73d8e43013ed78ee9d7644f23d146c
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/gdbstub.c
Log Message:
-----------
target/riscv: Check the correct exception cause in vector GDB stub
After RISCVException enum is introduced, riscv_csrrw_debug() returns
RISCV_EXCP_NONE to indicate there's no error. RISC-V vector GDB stub
should check the result against RISCV_EXCP_NONE instead of value 0.
Otherwise, 'E14' packet would be incorrectly reported for vector CSRs
when using "info reg vector" GDB command.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220918083245.13028-1-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 9dfa6c2aec299fda9946c327e889087365a715b5
https://github.com/qemu/qemu/commit/9dfa6c2aec299fda9946c327e889087365a715b5
Author: Bernhard Beschow <shentey@gmail.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M include/hw/riscv/sifive_e.h
Log Message:
-----------
hw/riscv/sifive_e: Fix inheritance of SiFiveEState
SiFiveEState inherits from SysBusDevice while it's TypeInfo claims it to
inherit from TYPE_MACHINE. This is an inconsistency which can cause
undefined behavior such as memory corruption.
Change SiFiveEState to inherit from MachineState since it is registered
as a machine.
Fixes: 0869490b1c ("riscv: sifive_e: Manually define the machine")
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220922075232.33653-1-shentey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: a42bd0016654cafd6ca8ca4dbb82fc921ca19ae4
https://github.com/qemu/qemu/commit/a42bd0016654cafd6ca8ca4dbb82fc921ca19ae4
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/cpu.h
M target/riscv/csr.c
M target/riscv/debug.c
M target/riscv/debug.h
M target/riscv/machine.c
Log Message:
-----------
target/riscv: debug: Determine the trigger type from tdata1.type
Current RISC-V debug assumes that only type 2 trigger is supported.
To allow more types of triggers to be supported in the future
(e.g. type 6 trigger, which is similar to type 2 trigger with additional
functionality), we should determine the trigger type from tdata1.type.
RV_MAX_TRIGGERS is also introduced in replacement of TRIGGER_TYPE2_NUM.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: fixed MXL_RV128 case, and moved macros to the following patch]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-2-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 9d5a84db91f12bd843206a57e0cde01e6a9d488d
https://github.com/qemu/qemu/commit/9d5a84db91f12bd843206a57e0cde01e6a9d488d
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/debug.c
M target/riscv/debug.h
Log Message:
-----------
target/riscv: debug: Introduce build_tdata1() to build tdata1 register content
Introduce build_tdata1() to build tdata1 register content, which can be
shared among all types of triggers.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: moved RV{32,64}_DATA_MASK definition to this patch]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-3-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 9495c4888a80809ab9dba6d6e536b21c018c77a4
https://github.com/qemu/qemu/commit/9495c4888a80809ab9dba6d6e536b21c018c77a4
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/cpu.h
M target/riscv/debug.c
M target/riscv/debug.h
M target/riscv/machine.c
Log Message:
-----------
target/riscv: debug: Introduce tdata1, tdata2, and tdata3 CSRs
Replace type2_trigger_t with the real tdata1, tdata2, and tdata3 CSRs,
which allows us to support more types of triggers in the future.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-4-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 6ea8d3fc40a8db8d22d00255cea9f9f8c927d643
https://github.com/qemu/qemu/commit/6ea8d3fc40a8db8d22d00255cea9f9f8c927d643
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/debug.c
Log Message:
-----------
target/riscv: debug: Restrict the range of tselect value can be written
The value of tselect CSR can be written should be limited within the
range of supported triggers number.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-5-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 31b9798d824512b7daf868cc8581f9a97a9d13a8
https://github.com/qemu/qemu/commit/31b9798d824512b7daf868cc8581f9a97a9d13a8
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/cpu_bits.h
M target/riscv/csr.c
M target/riscv/debug.c
M target/riscv/debug.h
Log Message:
-----------
target/riscv: debug: Introduce tinfo CSR
tinfo.info:
One bit for each possible type enumerated in tdata1.
If the bit is set, then that type is supported by the currently
selected trigger.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-6-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: d1c111411e6240c01ee3d54801a7e3eeb6acc3b1
https://github.com/qemu/qemu/commit/d1c111411e6240c01ee3d54801a7e3eeb6acc3b1
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/debug.c
M target/riscv/debug.h
Log Message:
-----------
target/riscv: debug: Create common trigger actions function
Trigger actions are shared among all triggers. Extract to a common
function.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: handle the DBG_ACTION_NONE case]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-7-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: c32461d8eeb17490b1b1e969e2ce8f1ecd83bfbb
https://github.com/qemu/qemu/commit/c32461d8eeb17490b1b1e969e2ce8f1ecd83bfbb
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/debug.c
Log Message:
-----------
target/riscv: debug: Check VU/VS modes for type 2 trigger
Type 2 trigger cannot be fired in VU/VS modes.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-8-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: c472c142a7552f5b0e40378d5643a2810ef1b111
https://github.com/qemu/qemu/commit/c472c142a7552f5b0e40378d5643a2810ef1b111
Author: Frank Chang <frank.chang@sifive.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/debug.c
M target/riscv/debug.h
Log Message:
-----------
target/riscv: debug: Add initial support of type 6 trigger
Type 6 trigger is similar to a type 2 trigger, but provides additional
functionality and should be used instead of type 2 in newer
implementations.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-9-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: 5bda21c0ea02c1af160ddee6f0b62c569282294c
https://github.com/qemu/qemu/commit/5bda21c0ea02c1af160ddee6f0b62c569282294c
Author: Yang Liu <liuyang22@iscas.ac.cn>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/vector_helper.c
Log Message:
-----------
target/riscv: rvv-1.0: Simplify vfwredsum code
Remove duplicate code by wrapping vfwredsum_vs's OP function.
Signed-off-by: Yang Liu <liuyang22@iscas.ac.cn>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220817074802.20765-1-liuyang22@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: a3ab69f9f6c000481c439923d16416b8941d5b37
https://github.com/qemu/qemu/commit/a3ab69f9f6c000481c439923d16416b8941d5b37
Author: Yang Liu <liuyang22@iscas.ac.cn>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M target/riscv/helper.h
M target/riscv/insn32.decode
M target/riscv/insn_trans/trans_rvv.c.inc
M target/riscv/vector_helper.c
Log Message:
-----------
target/riscv: rvv-1.0: vf[w]redsum distinguish between ordered/unordered
Starting with RVV1.0, the original vf[w]redsum_vs instruction was renamed
to vf[w]redusum_vs. The distinction between ordered and unordered is also
more consistent with other instructions, although there is no difference
in implementation between the two for QEMU.
Signed-off-by: Yang Liu <liuyang22@iscas.ac.cn>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220817074802.20765-2-liuyang22@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Commit: cea5aa85691d7f26b7ea995417d41a32802691b7
https://github.com/qemu/qemu/commit/cea5aa85691d7f26b7ea995417d41a32802691b7
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/dev-storage.c
Log Message:
-----------
usb/msd: move usb_msd_packet_complete()
Change ordering to avoid adding forward declarations in
following patches. Fix comment code style while being
at it. No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220830063827.813053-2-kraxel@redhat.com>
Commit: 12b69878fc7b4b92b1bbd3959f2c3d4c717881fb
https://github.com/qemu/qemu/commit/12b69878fc7b4b92b1bbd3959f2c3d4c717881fb
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/dev-storage.c
M hw/usb/trace-events
M include/hw/usb/msd.h
Log Message:
-----------
usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
Add handler for fatal errors. Moves device into error state where it
stops responding until the guest resets it.
Guest can send illegal requests where scsi command and usb packet
transfer directions are inconsistent. Use the new usb_msd_fatal_error()
function instead of assert() in that case.
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220830063827.813053-3-kraxel@redhat.com>
Commit: 145cdaba0f7ea721080e1289dc7a31bb2066406f
https://github.com/qemu/qemu/commit/145cdaba0f7ea721080e1289dc7a31bb2066406f
Author: Qiang Liu <cyruscyliu@gmail.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
hcd-xhci: drop operation with secondary stream arrays enabled
The abort() in xhci_find_stream() can be triggered via enabling the secondary
stream arrays by setting linear stream array (LSA) bit (in endpoint context) to
0. We may show warnings and drop this operation.
Fixes: 024426acc0a2 ("usb-xhci: usb3 streams")
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1192
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220904125926.2141607-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: a89003780d0a96b79314da4a4cdb148ff1dcb397
https://github.com/qemu/qemu/commit/a89003780d0a96b79314da4a4cdb148ff1dcb397
Author: Michael Brown <mcb30@ipxe.org>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/dev-network.c
Log Message:
-----------
usbnet: Add missing usb_wakeup() call in usbnet_receive()
usbnet_receive() does not currently wake up the USB endpoint, leading
to a dead RX datapath when used with a host controller such as xHCI
that relies on being woken up.
Fix by adding a call to usb_wakeup() at the end of usbnet_receive().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-2-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 954cbf7bb53476e99091f9c99a8014af2491f6ef
https://github.com/qemu/qemu/commit/954cbf7bb53476e99091f9c99a8014af2491f6ef
Author: Michael Brown <mcb30@ipxe.org>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/dev-network.c
Log Message:
-----------
usbnet: Accept mandatory USB_CDC_SET_ETHERNET_PACKET_FILTER request
The USB_CDC_SET_ETHERNET_PACKET_FILTER request is mandatory for
CDC-ECM devices. Accept this request, ignoring the actual filter
value (to match the existing behaviour for RNDIS).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-3-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 2423ee233872d07c7607ce26f9225c64b30b0dc3
https://github.com/qemu/qemu/commit/2423ee233872d07c7607ce26f9225c64b30b0dc3
Author: Michael Brown <mcb30@ipxe.org>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/dev-network.c
Log Message:
-----------
usbnet: Detect short packets as sent by the xHCI controller
The xHCI controller will ignore the endpoint MTU and so may deliver
packets of any length. Detect short packets as being any packet that
has a length of zero or a length that is not a multiple of the MTU.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-4-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: f3def4dd42531cb542bb0e004f375b9d89fd5853
https://github.com/qemu/qemu/commit/f3def4dd42531cb542bb0e004f375b9d89fd5853
Author: Michael Brown <mcb30@ipxe.org>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/usb/dev-network.c
Log Message:
-----------
usbnet: Report link-up via interrupt endpoint in CDC-ECM mode
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-5-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 663df1cc68729adc0468d632fb19f6106ddcdca8
https://github.com/qemu/qemu/commit/663df1cc68729adc0468d632fb19f6106ddcdca8
Author: Alexandre Ratchov <alex@caoua.org>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M MAINTAINERS
M audio/audio.c
M audio/audio_template.h
M audio/meson.build
A audio/sndioaudio.c
M meson.build
M meson_options.txt
M qapi/audio.json
M qemu-options.hx
M scripts/meson-buildoptions.sh
Log Message:
-----------
audio: Add sndio backend
sndio is the native API used by OpenBSD, although it has been ported to
other *BSD's and Linux (packages for Ubuntu, Debian, Void, Arch, etc.).
Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Alexandre Ratchov <alex@caoua.org>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Tested-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <YxibXrWsrS3XYQM3@vm1.arverb.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 12f4abf6a245c43d8411577fd400373c85f08c6b
https://github.com/qemu/qemu/commit/12f4abf6a245c43d8411577fd400373c85f08c6b
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M audio/audio.c
M audio/audio_template.h
Log Message:
-----------
Revert "audio: Log context for audio bug"
This reverts commit 8e30d39bade3010387177ca23dbc2244352ed4a3.
Revert commit 8e30d39bad "audio: Log context for audio bug"
to make error propagation work again.
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220917131626.7521-1-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 0cbc8bd4694f32687bf47c6da48efa48fac35fd2
https://github.com/qemu/qemu/commit/0cbc8bd4694f32687bf47c6da48efa48fac35fd2
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M audio/audio.c
Log Message:
-----------
audio: remove abort() in audio_bug()
Commit ab32b78cd1 "audio: Simplify audio_bug() removing old code"
introduced abort() in audio_bug() for regular builds.
audio_bug() was never meant to abort QEMU for the following
reasons.
- There's code in audio_bug() that expects audio_bug() gets
called more than once with error condition true. The variable
'shown' is only 0 on first error.
- All call sites test the return code of audio_bug(), print
an error context message and handle the errror.
- The abort() in audio_bug() enables a class of guest-triggered
aborts similar to the Launchpad Bug #1910603 at
https://bugs.launchpad.net/bugs/1910603.
Fixes: ab32b78cd1 "audio: Simplify audio_bug() removing old code"
Buglink: https://bugs.launchpad.net/bugs/1910603
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220917131626.7521-2-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 205ccfd7a5ec86bd9a5678b8bd157562fc9a1643
https://github.com/qemu/qemu/commit/205ccfd7a5ec86bd9a5678b8bd157562fc9a1643
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/display/ati_2d.c
Log Message:
-----------
hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638)
When building QEMU with DEBUG_ATI defined then running with
'-device ati-vga,romfile="" -d unimp,guest_errors -trace ati\*'
we get:
ati_mm_write 4 0x16c0 DP_CNTL <- 0x1
ati_mm_write 4 0x146c DP_GUI_MASTER_CNTL <- 0x2
ati_mm_write 4 0x16c8 DP_MIX <- 0xff0000
ati_mm_write 4 0x16c4 DP_DATATYPE <- 0x2
ati_mm_write 4 0x224 CRTC_OFFSET <- 0x0
ati_mm_write 4 0x142c DST_PITCH_OFFSET <- 0xfe00000
ati_mm_write 4 0x1420 DST_Y <- 0x3fff
ati_mm_write 4 0x1410 DST_HEIGHT <- 0x3fff
ati_mm_write 4 0x1588 DST_WIDTH_X <- 0x3fff3fff
ati_2d_blt: vram:0x7fff5fa00000 addr:0 ds:0x7fff61273800 stride:2560 bpp:32
rop:0xff
ati_2d_blt: 0 0 0, 0 127 0, (0,0) -> (16383,16383) 16383x16383 > ^
ati_2d_blt: pixman_fill(dst:0x7fff5fa00000, stride:254, bpp:8, x:16383,
y:16383, w:16383, h:16383, xor:0xff000000)
Thread 3 "qemu-system-i38" received signal SIGSEGV, Segmentation fault.
(gdb) bt
#0 0x00007ffff7f62ce0 in sse2_fill.lto_priv () at /lib64/libpixman-1.so.0
#1 0x00007ffff7f09278 in pixman_fill () at /lib64/libpixman-1.so.0
#2 0x0000555557b5a9af in ati_2d_blt (s=0x631000028800) at
hw/display/ati_2d.c:196
#3 0x0000555557b4b5a2 in ati_mm_write (opaque=0x631000028800, addr=5512,
data=1073692671, size=4) at hw/display/ati.c:843
#4 0x0000555558b90ec4 in memory_region_write_accessor (mr=0x631000039cc0,
addr=5512, ..., size=4, ...) at softmmu/memory.c:492
Commit 584acf34cb0 ("ati-vga: Fix reverse bit blts") introduced
the local dst_x and dst_y which adjust the (x, y) coordinates
depending on the direction in the SRCCOPY ROP3 operation, but
forgot to address the same issue for the PATCOPY, BLACKNESS and
WHITENESS operations, which also call pixman_fill().
Fix that now by using the adjusted coordinates in the pixman_fill
call, and update the related debug printf().
Reported-by: Qiang Liu <qiangliu@zju.edu.cn>
Fixes: 584acf34cb0 ("ati-vga: Fix reverse bit blts")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Mauro Matteo Cascella <mcascell@redhat.com>
Message-Id: <20210906153103.1661195-1-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 49a99ecb2290571b2e3f464c13e9c73b87ca91c4
https://github.com/qemu/qemu/commit/49a99ecb2290571b2e3f464c13e9c73b87ca91c4
Author: Dongwon Kim <dongwon.kim@intel.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: update scanout if there is any area covered by the rect
The scanout is currently updated only if the whole rect is inside the
scanout space. This is not a correct condition because the scanout should
be updated even a small area in the scanout space is covered by the rect.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220909014052.7297-1-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit: 8b077615b3fd3041c6e7105ec3a178a2a0ed3cad
https://github.com/qemu/qemu/commit/8b077615b3fd3041c6e7105ec3a178a2a0ed3cad
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M disas/riscv.c
M docs/system/riscv/virt.rst
M gdb-xml/riscv-32bit-cpu.xml
M gdb-xml/riscv-32bit-fpu.xml
M gdb-xml/riscv-64bit-cpu.xml
M gdb-xml/riscv-64bit-fpu.xml
M hw/riscv/opentitan.c
M hw/ssi/ibex_spi_host.c
M include/hw/riscv/opentitan.h
M include/hw/riscv/sifive_e.h
M target/riscv/cpu.c
M target/riscv/cpu.h
M target/riscv/cpu_bits.h
M target/riscv/csr.c
M target/riscv/debug.c
M target/riscv/debug.h
M target/riscv/gdbstub.c
M target/riscv/helper.h
M target/riscv/insn32.decode
M target/riscv/insn_trans/trans_rvv.c.inc
M target/riscv/machine.c
M target/riscv/vector_helper.c
Log Message:
-----------
Merge tag 'pull-riscv-to-apply-20220927' of
https://github.com/alistair23/qemu into staging
Second RISC-V PR for QEMU 7.2
* Fixup typos and register addresses for Ibex SPI
* Cleanup the RISC-V virt machine documentation
* Remove the sideleg and sedeleg CSR macros
* Fix the CSR check for cycle{h}, instret{h}, time{h}, hpmcounter3-31{h}
* Remove fixed numbering from GDB xml feature files
* Allow setting the resetvec for the OpenTitan machine
* Check the correct exception cause in vector GDB stub
* Fix inheritance of SiFiveEState
* Improvements to the RISC-V debugger spec
* Simplify some vector code
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmMymHIACgkQIeENKd+X
# cFQPxwf8DhYeJ+Ctsi9/fFTIHLAE3ciZ15Hf/BJGc5maeVGupYG64+9Cs0fGX4bY
# CBlmE5xqn8hanEQXTQxmbC3AoNyykRV+arUrdawlUrJR5hQy/PNVq4yTxFPHcEjJ
# bOsQxkMvMzZiWbJfG8SZObXfFZ+6HjWd2qjbCUwyVAa5mWDHsuPy22/RDcaR9KSV
# Sb217kNIY3a2WkDUrY84zqOfks3NDFA1GuCge7EcQGV9iPxH06KO3ANpGvCE/31i
# FnfA9qUu7ts+ls2lSj+2ARsZUzMciZuC3ggTRYIKbyf0QNTK6fILuzlMPPvf0ORZ
# vbq8rSTDPrWzmrLskba1jADbWPtiXA==
# =b3zl
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 02:30:10 EDT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* tag 'pull-riscv-to-apply-20220927' of https://github.com/alistair23/qemu: (22
commits)
target/riscv: rvv-1.0: vf[w]redsum distinguish between ordered/unordered
target/riscv: rvv-1.0: Simplify vfwredsum code
target/riscv: debug: Add initial support of type 6 trigger
target/riscv: debug: Check VU/VS modes for type 2 trigger
target/riscv: debug: Create common trigger actions function
target/riscv: debug: Introduce tinfo CSR
target/riscv: debug: Restrict the range of tselect value can be written
target/riscv: debug: Introduce tdata1, tdata2, and tdata3 CSRs
target/riscv: debug: Introduce build_tdata1() to build tdata1 register content
target/riscv: debug: Determine the trigger type from tdata1.type
hw/riscv/sifive_e: Fix inheritance of SiFiveEState
target/riscv: Check the correct exception cause in vector GDB stub
hw/riscv: opentitan: Expose the resetvec as a SoC property
hw/riscv: opentitan: Fixup resetvec
target/riscv: Set the CPU resetvec directly
target/riscv: remove fixed numbering from GDB xml feature files
target/riscv: remove fflags, frm, and fcsr from riscv-*-fpu.xml
target/riscv: fix csr check for cycle{h}, instret{h}, time{h},
hpmcounter3-31{h}
target/riscv: Remove sideleg and sedeleg
docs/system: clean up code escape for riscv virt platform
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit: c48c9c6b33d7bb2b4ffa14cd33934a37db0cd342
https://github.com/qemu/qemu/commit/c48c9c6b33d7bb2b4ffa14cd33934a37db0cd342
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2022-09-27 (Tue, 27 Sep 2022)
Changed paths:
M MAINTAINERS
M audio/audio.c
M audio/audio_template.h
M audio/meson.build
A audio/sndioaudio.c
M docs/devel/fuzzing.rst
M hw/display/ati_2d.c
M hw/display/virtio-gpu.c
M hw/usb/dev-network.c
M hw/usb/dev-storage.c
M hw/usb/hcd-ohci.c
M hw/usb/hcd-xhci.c
M hw/usb/trace-events
M include/hw/usb/msd.h
M include/qemu-main.h
M include/qemu/main-loop.h
M include/sysemu/sysemu.h
M include/ui/console.h
M meson.build
M meson_options.txt
M qapi/audio.json
M qemu-options.hx
M scripts/meson-buildoptions.sh
M softmmu/main.c
M softmmu/vl.c
M tests/qtest/fuzz/fuzz.c
M ui/clipboard.c
M ui/cocoa.m
M ui/console.c
M ui/trace-events
M ui/vdagent.c
Log Message:
-----------
Merge tag 'kraxel-20220927-pull-request' of https://gitlab.com/kraxel/qemu
into staging
usb: make usbnet work with xhci.
audio: add sndio backend.
misc bugfixes for console, xhci, audio, ati-vga and virtio-gpu.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmMyse8ACgkQTLbY7tPo
# cTiLrRAAltoyd++jsmhg2wXuJsfekfec3kOro7T+eSznDWfBRvm7VxJ+gswYBYga
# HbEkHjII0yPbOP9WDMhhHx33g2nYdbhDLPKXHdK8MjHTTPxtYP7XmsWkEVpuuzTx
# WqeYvGSmUri6QOUz7fd07IhiBT1aQvUQ/vWQ6OhyRVPy41bR8kIbGx3iV0JDxWvz
# n3xUZALGLz3QAM0lXRzXPYT9JB/RqdbpMM35HNTpN9/xaZmgFWsyuQXSSm61pTtb
# PS+lILDPjgZeYsfsZRyhZaSZrp2f6WOGm1ZdtSM0rvmRKezOzYnG8fm4fqZQLYSj
# nrAqUs38sKaM71a3QbpXhDjbv4cpj0K3iSNLmlUq4pgvPiMgwPlgSwwCGlkNDaRo
# IA1KON1pMH2A5vvtXEUt5RTkbXxHAAKPdpl5sS6kgbs7dgoKDqzaIPFQELam259Z
# 9nbMBqz/d6gm2CFT5ogrY0q511IC5hWtsmbQZkOZeBd5SvhvyJ59DIabFDcw05fG
# ixZVapewXYtzFUde2lb8X5qyneUVeGY5D2OJ2uUykHgR2Qz4d3CjXlhnRkLIkMcd
# Uu6N1LTkjyuuB86BoTSZxk0iz94OvmyDiXpqwmRaCGcdnTOTj0dKrbRrtHdC2vCo
# cBpUAIdyJvDJSm0X8ZWvvv1sMJCAJ7lofFf/P/jUKlacC2ipgXQ=
# =QBLK
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Sep 2022 04:18:55 EDT
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* tag 'kraxel-20220927-pull-request' of https://gitlab.com/kraxel/qemu: (24
commits)
virtio-gpu: update scanout if there is any area covered by the rect
hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638)
audio: remove abort() in audio_bug()
Revert "audio: Log context for audio bug"
audio: Add sndio backend
usbnet: Report link-up via interrupt endpoint in CDC-ECM mode
usbnet: Detect short packets as sent by the xHCI controller
usbnet: Accept mandatory USB_CDC_SET_ETHERNET_PACKET_FILTER request
usbnet: Add missing usb_wakeup() call in usbnet_receive()
hcd-xhci: drop operation with secondary stream arrays enabled
usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
usb/msd: move usb_msd_packet_complete()
hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
hw/usb/hcd-xhci: Check whether DMA accesses fail
ui/console: fix three double frees in png_save()
ui/vdagent: fix serial reset of guest agent
ui/clipboard: reset the serial state on reset
ui/vdagent: always reset the clipboard serial on caps
ui/clipboard: fix serial priority
ui: add some vdagent related traces
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Compare: https://github.com/qemu/qemu/compare/99d6b11b5b44...c48c9c6b33d7