Skip to content
Snippets Groups Projects
Select Git revision
  • feature/libtcg-rebase default protected
1 result
Search by author
  • Any Author
  • Anton Anton anjo
1 author
  1. Aug 08, 2023
  3. Aug 07, 2023
    • Richard Henderson's avatar
      Merge tag 'fixes-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging · 0450cf08
      Richard Henderson authored 
      Fixes for 8.1

Hi,

Here is a collection of ui, dump and chardev fixes that are worth for 8.1.

thanks

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmTRWDscHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5eUrD/9BvqJ87XSKchV01jji
# PmA+yFyI0JSG68oYbNPYJXxkLWdRCKp6GGcT8h1yiVtGH/SVey9spxDqbV+sK0uW
# FmqIcmSBbjI4A6+Mne07Iyd0QtgL9H6YNenRXDFLIXLh84HP47Dg9vfgx4AsRY7O
# efcCdi43/PoJOelVfn9wIkP/8DU4pZV6IsdtdUxZ3rtu/zwjW61rLzuxtLcAoCIE
# rAYiTp699NH5fKBbMzm3puK4hpaPLj4GuGPrSaWVSCcgARqi7LWpgZC5i+a6FUfS
# eWzK8WkdvHIPaUPRNl70LTWPKVxJ4PdSxFlIKgiH0bnpXHBvJnO2y1v4jaiGI0y2
# WSHKJWY513zTF4B+pMdQLjNiLotkiqtAXHw5rrjPTuVHxi1N5w6Z/BvWOSAvs8V6
# ijYmjksNoqwfpbPRTyu8psLcmj3fo2UIjQ739PgLN2lfC8d+nzdx4PIIq/ybQdZZ
# 7QBJGhxP33Ou8c3ok43Jz3go6w0WOKM0ucG1K1iTVxQ27leMKTO5Zsm2TShG2pMG
# CY6d/dumID8+G7sho8TmtTDjC5ZBkY5e27etkS+P4p+Buc60lqDrL+u6UadxWNZ1
# 3ifsQ1PhVTRuhZUJNMcX1Qo3PuEfAOH1ZuCbvXpubHwcUr4o/ZqlVrMaJtYB3ueo
# 7SX8YistmktaEeN+Y50qoiEVgg==
# =ANQg
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 07 Aug 2023 01:46:51 PM PDT
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]

* tag 'fixes-pull-request' of https://gitlab.com/marcandre.lureau/qemu

:
  ui/gtk: set scanout mode in gd_egl/gd_gl_area_scanout_texture
  hw/i386/vmmouse:add relative packet flag for button status
  dump: kdump-zlib data pages not dumped with pvtime/aarch64
  virtio-gpu: reset gfx resources in main thread
  virtio-gpu: free BHs, by implementing unrealize
  chardev: report the handshake error

Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
      0450cf08
    • Richard Henderson's avatar
      Merge tag 'trivial-patches-pull' of https://gitlab.com/mjt0k/qemu into staging · 474892a9
      Richard Henderson authored 
      trivial-patches for 2023-08-07

there are 3 trivial bugfixes in there, for 8.1

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTQzUsPHG1qdEB0bHMu
# bXNrLnJ1AAoJEHAbT2saaT5Z438H/3MEc7pR3UllQ/9OFHR9JU8V14sCANgkEWMo
# fYNoVPDli24Y5oxFnmC249YdbaO2PtLwxnarxRAXESi9r2PYjVfTMyJvkMYv0fMm
# VNK2LE6Cs4pGivBhAFHvdceWlpLXVaea6jTGfoctSqXa0lMKy6ae44SbsJ8vOnPs
# 9XXn+rrAtxRoaN10AKE8hRFDHaS4LIxVNhU3Y2aRijlzFRIf9kr8PGRtes56aZS1
# IOZ5YlmibgCh3ZLofj+/4NcT/l4ViKIKmUXv0mSY55VsfmVaANM98biQ55f+4lt7
# BlgI749QMuB7q+5eELOaZsDt7YTXp3Y0LLvGi7kBZIGIzUkSnXI=
# =7luP
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 07 Aug 2023 03:54:03 AM PDT
# gpg:                using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg:                issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [undefined]
# gpg:                 aka "Michael Tokarev <mjt@debian.org>" [undefined]
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* tag 'trivial-patches-pull' of https://gitlab.com/mjt0k/qemu

:
  Fixed incorrect LLONG alignment for openrisc and cris
  stubs/colo.c: spelling
  hw/i2c: Fix bitbang_i2c_data trace event

Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
      474892a9
    • Richard Henderson's avatar
      Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into staging · e0e5dca5
      Richard Henderson authored 
      hw/nvme fixes

- two fixes for hw/nvme

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTQ2y4ACgkQTeGvMW1P
# DenpWQf/WFgEljzgTcgxlfZhCyzWGwVNgKqRxlTuF6ELqm8BajCuCeA5ias6AXOr
# x/gZ0VqrL91L5tRIH5Q0sdC+HBFC1yMs66jopdzc1oL1eYu1HTrLIqMDtkXp/K/P
# PyGah2t4qEMtacSkad+hmB68ViUkkmhkxrWYIeufUQTfLNF5pBqNvB1kQON3jmXE
# a1jI/PabYxi8Km0rfFJD6SUGmL9+m7MY/SyZAy+4EZZ1OEnp5jb3o9lbdwbhIU5e
# dRX4NW4BEDiOJeIcNVDiQkXv2/Lna1B51RVMvM4owpk0eRvRXMSqs2DQ5/jp/nGb
# 8uChUJ0QW68I4e9ptTfxmBsr4pSktg==
# =0nwp
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 07 Aug 2023 04:53:18 AM PDT
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu

:
  hw/nvme: fix compliance issue wrt. iosqes/iocqes
  hw/nvme: fix oob memory read in fdp events log

Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
      e0e5dca5
    • Dongwon Kim's avatar
      ui/gtk: set scanout mode in gd_egl/gd_gl_area_scanout_texture · 58ea90f8
      Dongwon Kim authored 
      
Fixing a regression (black screen) caused by a commit 92b58156
("ui/gtk: set scanout-mode right before scheduling draw").

The commit 92b58156 was made with an assumption that the scanout
mode needs to be set only if the guest scanout is a dmabuf but there
are cases (e.g. virtio-gpu-virgl) where the scanout is still processed
in a form of a texture but is not backed by dmabuf. So it is needed
to put back the line that sets scanout mode in gd_egl_scanout_texture
and gd_gl_area_scanout_texture.

Fixes: 92b58156 ("ui/gtk: set scanout-mode right before scheduling draw)
Reported-by: default avatarVolker Rümelin <vr_qemu@t-online.de>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: default avatarDongwon Kim <dongwon.kim@intel.com>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230725001131.24017-1-dongwon.kim@intel.com>
      58ea90f8
    • Zongmin Zhou's avatar
      hw/i386/vmmouse:add relative packet flag for button status · fdd64953
      Zongmin Zhou authored 
      
The buttons value use macros instead of direct numbers.

If request relative mode, have to add this for
guest vmmouse driver to judge this is a relative packet.
otherwise,vmmouse driver will not match
the condition 'status & VMMOUSE_RELATIVE_PACKET',
and can't report events on the correct(relative) input device,
result to relative mode unuseful.

Signed-off-by: default avatarZongmin <Zhou&lt;zhouzongmin@kylinos.cn>
Message-ID: <20230413081526.2229916-1-zhouzongmin@kylinos.cn>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
      fdd64953
    • Dongli Zhang's avatar
      dump: kdump-zlib data pages not dumped with pvtime/aarch64 · 8a64609e
      Dongli Zhang authored 
      
The kdump-zlib data pages are not dumped from aarch64 host when the
'pvtime' is involved, that is, when the block->target_end is not aligned to
page_size. In the below example, it is expected to dump two blocks.

(qemu) info mtree -f
... ...
  00000000090a0000-00000000090a0fff (prio 0, ram): pvtime KVM
... ...
  0000000040000000-00000001bfffffff (prio 0, ram): mach-virt.ram KVM
... ...

However, there is an issue with get_next_page() so that the pages for
"mach-virt.ram" will not be dumped.

At line 1296, although we have reached at the end of the 'pvtime' block,
since it is not aligned to the page_size (e.g., 0x10000), it will not break
at line 1298.

1255 static bool get_next_page(GuestPhysBlock **blockptr, uint64_t *pfnptr,
1256                           uint8_t **bufptr, DumpState *s)
... ...
1294             memcpy(buf + addr % page_size, hbuf, n);
1295             addr += n;
1296             if (addr % page_size == 0) {
1297                 /* we filled up the page */
1298                 break;
1299             }

As a result, get_next_page() will continue to the next
block ("mach-virt.ram"). Finally, when get_next_page() returns to the
caller:

- 'pfnptr' is referring to the 'pvtime'
- but 'blockptr' is referring to the "mach-virt.ram"

When get_next_page() is called the next time, "*pfnptr += 1" still refers
to the prior 'pvtime'. It will exit immediately because it is out of the
range of the current "mach-virt.ram".

The fix is to break when it is time to come to the next block, so that both
'pfnptr' and 'blockptr' refer to the same block.

Fixes: 94d78840 ("dump: fix kdump to work over non-aligned blocks")
Cc: Joe Jin <joe.jin@oracle.com>
Signed-off-by: default avatarDongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230713055819.30497-1-dongli.zhang@oracle.com>
      8a64609e
    • Marc-André Lureau's avatar
      virtio-gpu: reset gfx resources in main thread · a41e2d97
      Marc-André Lureau authored 
      
Calling OpenGL from different threads can have bad consequences if not
carefully reviewed. It's not generally supported. In my case, I was
debugging a crash in glDeleteTextures from OPENGL32.DLL, where I asked
qemu for gl=es, and thus ANGLE implementation was expected. libepoxy did
resolution of the global pointer for glGenTexture to the GLES version
from the main thread. But it resolved glDeleteTextures to the GL
version, because it was done from a different thread without correct
context. Oops.

Let's stick to the main thread for GL calls by using a BH.

Note: I didn't use atomics for reset_finished check, assuming the BQL
will provide enough of sync, but I might be wrong.

Acked-by: default avatarDongwon Kim <dongwon.kim@intel.com>
Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230726173929.690601-3-marcandre.lureau@redhat.com>
      a41e2d97
    • Marc-André Lureau's avatar
      virtio-gpu: free BHs, by implementing unrealize · 957d7786
      Marc-André Lureau authored 
      
Acked-by: default avatarDongwon Kim <dongwon.kim@intel.com>
Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230726173929.690601-2-marcandre.lureau@redhat.com>
      957d7786
    • Marc-André Lureau's avatar
      chardev: report the handshake error · 81cd34a3
      Marc-André Lureau authored 
      This can help to debug connection issues.

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=2196182



Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230510072531.3937189-1-marcandre.lureau@redhat.com>
      81cd34a3
    • Luca Bonissi's avatar
      Fixed incorrect LLONG alignment for openrisc and cris · 6ee96082
      Luca Bonissi authored 
      
OpenRISC (or1k) has long long alignment to 4 bytes, but currently not
defined in abitypes.h. This lead to incorrect packing of /epoll_event/
structure and eventually infinite loop while waiting for file
descriptor[s] event[s].

Fixed also CRIS alignments (1 byte for all types).

Signed-off-by: default avatarLuca Bonissi <qemu@bonslack.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1770


Reviewed-by: default avatarThomas Huth <thuth@redhat.com>
Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      6ee96082
    • Michael Tokarev's avatar
      stubs/colo.c: spelling · beb1a917
      Michael Tokarev authored 
      
Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      beb1a917
    • BALATON Zoltan's avatar
      hw/i2c: Fix bitbang_i2c_data trace event · 8ada214a
      BALATON Zoltan authored 
      
The clock and data values were logged swapped. Correct the trace event
text to match what is logged. Also fix a typo in a comment nearby.

Signed-off-by: default avatarBALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      8ada214a
    • Klaus Jensen's avatar
      hw/nvme: fix compliance issue wrt. iosqes/iocqes · 6a33f2e9
      Klaus Jensen authored 
      As of prior to this patch, the controller checks the value of CC.IOCQES
and CC.IOSQES prior to enabling the controller. As reported by Ben in
GitLab issue #1691, this is not spec compliant. The controller should
only check these values when queues are created.

This patch moves these checks to nvme_create_cq(). We do not need to
check it in nvme_create_sq() since that will error out if the completion
queue is not already created.

Also, since the controller exclusively supports SQEs of size 64 bytes
and CQEs of size 16 bytes, hard code that.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1691


Signed-off-by: default avatarKlaus Jensen <k.jensen@samsung.com>
      6a33f2e9
    • Klaus Jensen's avatar
      hw/nvme: fix oob memory read in fdp events log · ecb1b7b0
      Klaus Jensen authored 
      
As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.

Fix this.

This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.

Fixes: CVE-2023-4135
Fixes: 73064edf ("hw/nvme: flexible data placement emulation")
Reported-by: Trend Micro's Zero Day Initiative
Signed-off-by: default avatarKlaus Jensen <k.jensen@samsung.com>
      ecb1b7b0
  5. Aug 06, 2023