tcg: Fix prototypes for tcg_out_vec_op and tcg_out_op
There are two different versions of prototype for tcg_out_op and
tcg_out_vec_op functions:
1) using const TCGArg *args and const int *const_args arguments
2) using const TCGArg args[TCG_MAX_OP_ARGS] and const int
const_args[TCG_MAX_OP_ARGS] aguments.
This duality causes warnings on GCC 11 and prevents build using
--enable-werror. As second version provides more information,
unify functions prototypes to this variant.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <20210312121418.139093-1-mrezanin@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Actually print arguments as opposed to simply the opcodes
and, uselessly, the argument counts. Reuse all of the helpers
developed as part of the interpreter.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This performs the size check while reading the arguments,
which means that we don't have to arrange for it to be
done after the operation. Which tidies all of the branches.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg/tci: Reduce qemu_ld/st TCGMemOpIdx operand to 32-bits
We are currently using the "natural" size routine, which
uses 64-bits on a 64-bit host. The TCGMemOpIdx operand
has 11 bits, so we can safely reduce to 32-bits.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Use the correct set of asserts during code generation.
We do not require the first input to overlap the output;
the existing interpreter already supported that.
Split out tci_args_rrrbb in the translator.
Use the deposit32/64 functions rather than inline expansion.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Do not emit a uint64_t, but a tcg_target_ulong, aka uintptr_t.
This reduces the size of the constant on 32-bit hosts.
The assert for label != NULL has to be removed because that
is a valid value for exit_tb.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Begin splitting out functions that do pure argument decode,
without actually loading values from the register set.
This means that decoding need not concern itself between
input and output registers. We can assert that the register
number is in range during decode, so that it is safe to
simply dereference from regs[] later.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
In the next patches, we want to use tci_read_r to return
the raw register number. So rename the existing function,
which returns the register value, to tci_read_rval.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 09:07:28 +0000 (09:07 +0000)]
Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20210315' into staging
virtiofs and migration pull 2021-03-15
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Mon 15 Mar 2021 20:03:03 GMT
# gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-virtiofs-20210315:
migration: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
monitor: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
migration/tls: add error handling in multifd_tls_handshake_thread
migration/tls: fix inverted semantics in multifd_channel_connect
virtiofsd: Convert some functions to return bool
virtiofsd: Don't allow empty paths in lookup_name()
virtiofsd: Don't allow empty filenames
virtiofsd: Add qemu version and copyright info
virtiofsd: Release vu_dispatch_lock when stopping queue
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kraxel/tags/usb-20210315-pull-request:
usb/storage: clear csw on reset
usb/storage: add kconfig symbols
usb/storage move usb-storage device to separate source file
usb/storage: move usb-bot device to separate source file
usb/storage: move declarations to usb/msd.h header
hw/usb: Extract VT82C686 UHCI PCI function into a new unit
hw/usb/hcd-uhci: Expose generic prototypes to local header
hw/southbridge: Add missing Kconfig dependency VT82C686 on USB_UHCI
usb: Document the missing -usbdevice options
usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed)
usb: remove '-usbdevice u2f-key'
usb: remove support for -usbdevice parameters
hw/usb/bus: Remove the "full-path" property
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 16 Mar 2021 10:53:47 +0000 (10:53 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 15 Mar 2021 08:42:25 GMT
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net: Do not fill legacy info_str for backends
hmp: Use QAPI NetdevInfo in hmp_info_network
net: Move NetClientState.info_str to dynamic allocations
tests: Add tests for query-netdev command
qapi: net: Add query-netdev command
pvrdma: wean code off pvrdma_ring.h kernel header
lan9118: switch to use qemu_receive_packet() for loopback
cadence_gem: switch to use qemu_receive_packet() for loopback
pcnet: switch to use qemu_receive_packet() for loopback
rtl8139: switch to use qemu_receive_packet() for loopback
tx_pkt: switch to use qemu_receive_packet_iov() for loopback
sungem: switch to use qemu_receive_packet() for loopback
msf2-mac: switch to use qemu_receive_packet() for loopback
dp8393x: switch to use qemu_receive_packet() for loopback packet
e1000: switch to use qemu_receive_packet() for loopback
net: introduce qemu_receive_packet()
e1000: fail early for evil descriptor
net: validate that ids are well formed
net: Fix build error when DEBUG_NET is on
virtio-net: calculating proper msix vectors on init
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# Conflicts:
# hw/core/machine.c
Mahmoud Mandour [Thu, 11 Mar 2021 03:15:35 +0000 (05:15 +0200)]
migration: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
Replaced various qemu_mutex_lock calls and their respective
qemu_mutex_unlock calls with QEMU_LOCK_GUARD macro. This simplifies
the code by eliminating the respective qemu_mutex_unlock calls.
Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Message-Id: <20210311031538.5325-7-ma.mandourr@gmail.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Mahmoud Mandour [Thu, 11 Mar 2021 03:15:34 +0000 (05:15 +0200)]
monitor: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
Removed various qemu_mutex_lock and their respective qemu_mutex_unlock
calls and used lock guard macros (QEMU_LOCK_GUARD and
WITH_QEMU_LOCK_GUARD). This simplifies the code by
eliminating qemu_mutex_unlock calls.
Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Message-Id: <20210311031538.5325-6-ma.mandourr@gmail.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Hao Wang [Tue, 9 Feb 2021 10:42:37 +0000 (18:42 +0800)]
migration/tls: add error handling in multifd_tls_handshake_thread
If any error happens during multifd send thread creating (e.g. channel broke
because new domain is destroyed by the dst), multifd_tls_handshake_thread
may exit silently, leaving main migration thread hanging (ram_save_setup ->
multifd_send_sync_main -> qemu_sem_wait(&p->sem_sync)).
Fix that by adding error handling in multifd_tls_handshake_thread.
Signed-off-by: Hao Wang <wanghao232@huawei.com>
Message-Id: <20210209104237.2250941-3-wanghao232@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Chuan Zheng <zhengchuan@huawei.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Hao Wang [Tue, 9 Feb 2021 10:42:36 +0000 (18:42 +0800)]
migration/tls: fix inverted semantics in multifd_channel_connect
Function multifd_channel_connect() return "true" to indicate failure,
which is rather confusing. Fix that.
Signed-off-by: Hao Wang <wanghao232@huawei.com>
Message-Id: <20210209104237.2250941-2-wanghao232@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Chuan Zheng <zhengchuan@huawei.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 14:10:02 +0000 (15:10 +0100)]
virtiofsd: Convert some functions to return bool
Both currently only return 0 or 1.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210312141003.819108-3-groug@kaod.org> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 14:10:01 +0000 (15:10 +0100)]
virtiofsd: Don't allow empty paths in lookup_name()
When passed an empty filename, lookup_name() returns the inode of
the parent directory, unless the parent is the root in which case
the st_dev doesn't match and lo_find() returns NULL. This is
because lookup_name() passes AT_EMPTY_PATH down to fstatat() or
statx().
This behavior doesn't quite make sense because users of lookup_name()
then pass the name to unlinkat(), renameat() or renameat2(), all of
which will always fail on empty names.
Drop AT_EMPTY_PATH from the flags in lookup_name() so that it has
the consistent behavior of "returning an existing child inode or
NULL" for all directories.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210312141003.819108-2-groug@kaod.org> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 14:10:03 +0000 (15:10 +0100)]
virtiofsd: Don't allow empty filenames
POSIX.1-2017 clearly stipulates that empty filenames aren't
allowed ([1] and [2]). Since virtiofsd is supposed to mirror
the host file system hierarchy and the host can be assumed to
be linux, we don't really expect clients to pass requests with
an empty path in it. If they do so anyway, this would eventually
cause an error when trying to create/lookup the actual inode
on the underlying POSIX filesystem. But this could still confuse
some code that wouldn't be ready to cope with this.
Filter out empty names coming from the client at the top level,
so that the rest doesn't have to care about it. This is done
everywhere we already call is_safe_path_component(), but
in a separate helper since the usual error for empty path
names is ENOENT instead of EINVAL.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210312141003.819108-4-groug@kaod.org> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Vivek Goyal [Wed, 3 Mar 2021 19:53:39 +0000 (14:53 -0500)]
virtiofsd: Add qemu version and copyright info
Option "-V" currently displays the fuse protocol version virtiofsd is
using. For example, I see this.
$ ./virtiofsd -V
"using FUSE kernel interface version 7.33"
People also want to know software version of virtiofsd so that they can
figure out if a certain fix is part of currently running virtiofsd or
not. Eric Ernst ran into this issue.
David Gilbert thinks that it probably is best that we simply carry the
qemu version and display that information given we are part of qemu
tree.
So this patch enhances version information and also adds qemu version
and copyright info. Not sure if copyright information is supposed
to be displayed along with version info. Given qemu-storage-daemon
and other utilities are doing it, so I continued with same pattern.
This is how now output looks like.
$ ./virtiofsd -V
virtiofsd version 5.2.50 (v5.2.0-2357-gcbcf09872a-dirty)
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
using FUSE kernel interface version 7.33
Reported-by: Eric Ernst <eric.g.ernst@gmail.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210303195339.GB3793@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 09:22:12 +0000 (10:22 +0100)]
virtiofsd: Release vu_dispatch_lock when stopping queue
QEMU can stop a virtqueue by sending a VHOST_USER_GET_VRING_BASE request
to virtiofsd. As with all other vhost-user protocol messages, the thread
that runs the main event loop in virtiofsd takes the vu_dispatch lock in
write mode. This ensures that no other thread can access virtqueues or
memory tables at the same time.
In the case of VHOST_USER_GET_VRING_BASE, the main thread basically
notifies the queue thread that it should terminate and waits for its
termination:
Simply have the main thread to release the lock before going to
sleep and take it back afterwards. A very similar patch was already
sent by Vivek Goyal sometime back:
The only difference here is that this done in fv_queue_set_started()
because fv_queue_cleanup_thread() can also be called from virtio_loop()
without the lock being held.
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210312092212.782255-8-groug@kaod.org> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Once we've parsed the fractional value, extract it into an integral
64-bit fraction. Perform the scaling with integer arithmetic, and
simplify the overflow detection.
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210315155835.1970210-2-richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Gerd Hoffmann [Fri, 12 Mar 2021 09:49:54 +0000 (10:49 +0100)]
usb/storage: clear csw on reset
Stale data in csw (specifically residue) can confuse the state machine
and allows the guest trigger an assert(). So clear csw on reset to
avoid this happening in case the guest resets the device in the middle
of a request.
Thomas Huth [Wed, 10 Mar 2021 17:33:23 +0000 (18:33 +0100)]
usb: Document the missing -usbdevice options
There are some more -usbdevice options that have never been mentioned
in the documentation. Now that we removed -usbdevice from the list
of deprecated features again, we should document them properly.
While we're at it, also sort them alphabetically.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210310173323.1422754-5-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Wed, 10 Mar 2021 17:33:22 +0000 (18:33 +0100)]
usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed)
When trying to remove the -usbdevice option, there were complaints that
"-usbdevice braille" is still a very useful shortcut for some people.
Thus we never remove this option. Since it's not such a big burden to
keep it around, and it's also convenient in the sense that you don't
have to worry to enable a host controller explicitly with this option,
we should remove it from he deprecation list again.
However, there is one exception: "-usbdevice audio" should go away, since
audio devices without "audiodev=..." parameter are also on the deprecation
list and you cannot use "-usbdevice audio" with "audiodev".
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210310173323.1422754-4-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Paolo Bonzini [Wed, 10 Mar 2021 17:33:20 +0000 (18:33 +0100)]
usb: remove support for -usbdevice parameters
No device needs them anymore and in fact they're undocumented.
Remove the code. The only change in behavior is that "-usbdevice
braille:hello" now reports an error, which is a bugfix.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210310173323.1422754-2-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Akihiko Odaki [Thu, 25 Feb 2021 00:12:39 +0000 (09:12 +0900)]
virtio-blk: Respect discard granularity
Report the configured granularity for discard operation to the
guest. If this is not set use the block size.
Since until now we have ignored the configured discard granularity
and always reported the block size, let's add
'report-discard-granularity' property and disable it for older
machine types to avoid migration issues.
Alexey Kirillov [Wed, 3 Mar 2021 09:59:10 +0000 (12:59 +0300)]
net: Do not fill legacy info_str for backends
As we use QAPI NetClientState->stored_config to store and get information
about backend network devices, we can drop fill of legacy field info_str
for them.
We still use info_str field for NIC and hubports, so we can not completely
remove it.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:09 +0000 (12:59 +0300)]
hmp: Use QAPI NetdevInfo in hmp_info_network
Replace usage of legacy field info_str of NetClientState for backend
network devices with QAPI NetdevInfo stored_config that already used
in QMP query-netdev.
This change increases the detail of the "info network" output and takes
a more general approach to composing the output.
NIC and hubports still use legacy info_str field.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:08 +0000 (12:59 +0300)]
net: Move NetClientState.info_str to dynamic allocations
The info_str field of the NetClientState structure is static and has a size
of 256 bytes. This amount is often unclaimed, and the field itself is used
exclusively for HMP "info network".
The patch translates info_str to dynamic memory allocation.
This action is also allows us to painlessly discard usage of this field
for backend devices.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:06 +0000 (12:59 +0300)]
qapi: net: Add query-netdev command
The query-netdev command is used to get the configuration of the current
network device backends (netdevs).
This is the QMP analog of the HMP command "info network" but only for
netdevs (i.e. excluding NIC and hubports).
The query-netdev command returns an array of objects of the NetdevInfo
type, which are an extension of Netdev type. It means that response can
be used for netdev-add after small modification. This can be useful for
recreate the same netdev configuration.
Information about the network device is filled in when it is created or
modified and is available through the NetClientState->stored_config.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru> Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Cornelia Huck [Fri, 22 Jan 2021 18:00:29 +0000 (19:00 +0100)]
pvrdma: wean code off pvrdma_ring.h kernel header
The pvrdma code relies on the pvrdma_ring.h kernel header for some
basic ring buffer handling. The content of that header isn't very
exciting, but contains some (q)atomic_*() invocations that (a)
cause manual massaging when doing a headers update, and (b) are
an indication that we probably should not be importing that header
at all.
Let's reimplement the ring buffer handling directly in the pvrdma
code instead. This arguably also improves readability of the code.
Importing the header can now be dropped.
Signed-off-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
lan9118: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com>
cadence_gem: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:27:52 +0000 (13:27 +0800)]
tx_pkt: switch to use qemu_receive_packet_iov() for loopback
This patch switches to use qemu_receive_receive_iov() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:14:35 +0000 (13:14 +0800)]
sungem: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:00:01 +0000 (13:00 +0800)]
msf2-mac: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 04:57:40 +0000 (12:57 +0800)]
dp8393x: switch to use qemu_receive_packet() for loopback packet
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 04:13:22 +0000 (12:13 +0800)]
e1000: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 03:44:36 +0000 (11:44 +0800)]
net: introduce qemu_receive_packet()
Some NIC supports loopback mode and this is done by calling
nc->info->receive() directly which in fact suppresses the effort of
reentrancy check that is done in qemu_net_queue_send().
Unfortunately we can't use qemu_net_queue_send() here since for
loopback there's no sender as peer, so this patch introduce a
qemu_receive_packet() which is used for implementing loopback mode
for a NIC with this check.
NIC that supports loopback mode will be converted to this helper.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:45:28 +0000 (13:45 +0800)]
e1000: fail early for evil descriptor
During procss_tx_desc(), driver can try to chain data descriptor with
legacy descriptor, when will lead underflow for the following
calculation in process_tx_desc() for bytes:
Paolo Bonzini [Fri, 12 Mar 2021 14:51:38 +0000 (09:51 -0500)]
net: validate that ids are well formed
When a network or network device is created from the command line or HMP,
QemuOpts ensures that the id passes the id_wellformed check. However,
QMP skips this:
$ qemu-system-x86_64 -qmp stdio -S -nic user,id=123/456
qemu-system-x86_64: -nic user,id=123/456: Parameter id expects an identifier
Identifiers consist of letters, digits, -, ., _, starting with a letter.
Validity checks should be performed always at the bottom of the call chain,
because QMP skips all the steps above. At the same time we know that every
call chain should go through either QMP or (for legacy) through QemuOpts.
Because the id for -net and -nic is automatically generated and not
well-formed by design, just add the check to QMP.
Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Bin Meng [Sun, 28 Feb 2021 05:02:18 +0000 (13:02 +0800)]
net: Fix build error when DEBUG_NET is on
"qemu-common.h" should be included to provide the forward declaration
of qemu_hexdump() when DEBUG_NET is on.
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Mon, 8 Mar 2021 04:49:19 +0000 (12:49 +0800)]
virtio-net: calculating proper msix vectors on init
Currently, the default msix vectors for virtio-net-pci is 3 which is
obvious not suitable for multiqueue guest, so we depends on the user
or management tools to pass a correct vectors parameter. In fact, we
can simplifying this by calculating the number of vectors on realize.
Consider we have N queues, the number of vectors needed is 2*N + 2
(#queue pairs + plus one config interrupt and control vq). We didn't
check whether or not host support control vq because it was added
unconditionally by qemu to avoid breaking legacy guests such as Minix.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Lichang Zhao [Fri, 9 Oct 2020 06:44:46 +0000 (14:44 +0800)]
target/avr: Fix some comment spelling errors
I found that there are many spelling errors in the comments of qemu/target/avr.
I used spellcheck to check the spelling errors and found some errors in the folder.
Signed-off-by: Lichang Zhao <zhaolichang@huawei.com> Reviewed-by: David Edmondson <david.edmondson@oracle.com> Reviewed-by: Philippe Mathieu-Daude<f4bug@amsat.org>
Message-Id: <20201009064449.2336-12-zhaolichang@huawei.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Message-Id: <20210313165445.2113938-3-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Message-Id: <20210313165445.2113938-2-f4bug@amsat.org>
- fix elfload
- fix executable page of /proc/self/maps
- add preserve-arg[0] support for binfmt_misc
# gpg: Signature made Sat 13 Mar 2021 09:47:23 GMT
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
linux-user/elfload: fix address calculation in fallback scenario
linux-user/elfload: do not assume MAP_FIXED_NOREPLACE kernel support
linux-user/elfload: munmap proper address in pgd_find_hole_fallback
linux-user: manage binfmt-misc preserve-arg[0] flag
linux-user: Fix executable page of /proc/self/maps
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sun, 14 Mar 2021 15:13:53 +0000 (15:13 +0000)]
Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-03-12' into staging
* Move unit and bench tests into separate directories
* Clean-up and improve gitlab-ci jobs
* Drop the non-working "check-speed" makefile target
* Minor documentation updates
* remotes/thuth-gitlab/tags/pull-request-2021-03-12:
README: Add Documentation blurb
MAINTAINERS: Merge the Gitlab-CI section into the generic CI section
tests: remove "make check-speed" in favor of "make bench"
gitlab-ci.yml: Merge check-crypto-old jobs into the build-crypto-old jobs
gitlab-ci.yml: Merge one of the coroutine jobs with the tcg-disabled job
gitlab-ci.yml: Add some missing dependencies to the jobs
gitlab-ci.yml: Move build-tools-and-docs-debian to a better place
tests: Move benchmarks into a separate folder
tests: Move unit tests into a separate directory
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The instruction manual specifies undefined behaviour for this case. So
we bring this in line with the golden Infineon simlator 'tsim', which
simply writes 0 to the result in case of width=0.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
target/tricore: Fix imask OPC2_32_RRPW_IMASK for r3+1 == r2
if r3+1 and r2 are the same then we would overwrite r2 with our first
move and use the wrong result for the shift. Thus we store the result
from the mov in a temp.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Andreas Konopik [Thu, 11 Feb 2021 11:53:29 +0000 (12:53 +0100)]
tricore: fixed faulty conditions for extr and imask
According to the TC 1.3.1. Architecture Manual [1; page 174], results are
undefined, if pos + width > 32 and not 31 or if width = 0.
We found this error because of a different behavior between qemu-tricore
and the real tricore processor. For pos + width = 32, qemu-tricore did not
generate any intermediate code and ran into a different state compared to
the real hardware.
[BK: Add the why to the commit message] Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Andreas Konopik <andreas.konopik@efs-auto.de> Signed-off-by: Georg Hofstetter <georg.hofstetter@efs-auto.de> Signed-off-by: David Brenken <david.brenken@efs-auto.de>
Message-Id: <20210211115329.8984-2-david.brenken@efs-auto.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
projects / mirror_qemu.git / log