- Mar 23, 2022
-
-
luofei authoredIn the physical machine environment, when a SRAR error occurs, the IA32_MCG_STATUS RIPV bit is set, but qemu does not set this bit. When qemu injects an SRAR error into virtual machine, the virtual machine kernel just call do_machine_check() to kill the current task, but not call memory_failure() to isolate the faulty page, which will cause the faulty page to be allocated and used repeatedly. If used by the virtual machine kernel, it will cause the virtual machine to crash Signed-off-by:
luofei <luofei@unicloud.com>
Message-Id: <20220120084634.131450-1-luofei@unicloud.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> -
Philippe Mathieu-Daudé authored
Fix vCPU hot-unplug related leak reported by Valgrind: ==132362== 4,096 bytes in 1 blocks are definitely lost in loss record 8,440 of 8,549 ==132362== at 0x4C3B15F: memalign (vg_replace_malloc.c:1265) ==132362== by 0x4C3B288: posix_memalign (vg_replace_malloc.c:1429) ==132362== by 0xB41195: qemu_try_memalign (memalign.c:53) ==132362== by 0xB41204: qemu_memalign (memalign.c:73) ==132362== by 0x7131CB: kvm_init_xsave (kvm.c:1601) ==132362== by 0x7148ED: kvm_arch_init_vcpu (kvm.c:2031) ==132362== by 0x91D224: kvm_init_vcpu (kvm-all.c:516) ==132362== by 0x9242C9: kvm_vcpu_thread_fn (kvm-accel-ops.c:40) ==132362== by 0xB2EB26: qemu_thread_start (qemu-thread-posix.c:556) ==132362== by 0x7EB2159: start_thread (in /usr/lib64/libpthread-2.28.so) ==132362== by 0x9D45DD2: clone (in /usr/lib64/libc-2.28.so) Reported-by:
Mark Kanda <mark.kanda@oracle.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Mark Kanda <mark.kanda@oracle.com>
Message-Id: <20220322120522.26200-1-philippe.mathieu.daude@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
- Mar 22, 2022
-
-
Peter Maydell authored
Signed-off-by:Peter Maydell <peter.maydell@linaro.org> -
https://gitlab.com/thuth/qemuPeter Maydell authored
* Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611) * Fix heap overflow due to recursive DMA in sdhci code # gpg: Signature made Mon 21 Mar 2022 16:14:36 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2022-03-21' of https://gitlab.com/thuth/qemu : tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225) hw/sd/sdhci: Prohibit DMA accesses to devices hw/sd/sdhci: Honor failed DMA transactions tests/qtest/intel-hda-test: Add reproducer for issue #542 hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices) hw/audio/intel-hda: Do not ignore DMA overrun errors softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR softmmu/physmem: Simplify flatview_write and address_space_access_valid Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> -
Peter Maydell authored
Fixes and cleanups for 7.0 Hi, A collection of fixes & cleanup patches that should be safe for 7.0 inclusion. # gpg: Signature made Tue 22 Mar 2022 12:11:30 GMT # gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5 # gpg: issuer "marcandre.lureau@redhat.com" # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full] # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full] # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * tag 'fixes-pull-request' of gitlab.com:marcandre.lureau/qemu: (21 commits) qapi: remove needless include Remove trailing ; after G_DEFINE_AUTO macro tests: remove needless include error: use GLib to remember the program name qga: remove bswap.h include qapi: remove needless include meson: fix CONFIG_ATOMIC128 check meson: move int128 checks from configure qapi: remove needless include util: remove the net/net.h dependency util: remove needless includes scripts/modinfo-collect: remove unused/dead code Move HOST_LONG_BITS to compiler.h Simplify HOST_LONG_BITS compiler.h: replace QEMU_SENTINEL with G_GNUC_NULL_TERMINATED compiler.h: replace QEMU_WARN_UNUSED_RESULT with G_GNUC_WARN_UNUSED_RESULT Replace GCC_FMT_ATTR with G_GNUC_PRINTF Drop qemu_foo() socket API wrapper m68k/nios2-semi: fix gettimeofday() result check vl: typo fix in a comment ... Signed-off-by:Peter Maydell <peter.maydell@linaro.org> -
Alex Bennée authored
There appears to be a bug in the s390 hardware-accelerated version of zlib distributed with Ubuntu 20.04, which makes our test /i386/migration/multifd/tcp/zlib hit an assertion perhaps one time in 10. Fortunately zlib provides an escape hatch where we can disable the hardware-acceleration entirely by setting the environment variable DFLTCC to 0. Do this on all our CI which runs on s390 hosts, both our custom gitlab runner and also the Travis hosts. Signed-off-by:
Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20220321161151.3654386-1-alex.bennee@linaro.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> -
https://gitlab.com/hreitz/qemuPeter Maydell authored
Block patches for 7.0-rc1: - iotest fixes: - Fix some iotests for riscv targets - Use GNU sed in more places where required - Meson-related fixes (i.e. to print errors when they occur) - Have qemu-img calls (from Python tests) generally raise nicely formattable exceptions on errors - Fix iotest 207 - Allow RBD images to be growable by writing zeroes past the end of file, fixing qcow2 on rbd # gpg: Signature made Tue 22 Mar 2022 11:51:10 GMT # gpg: using RSA key CB62D7A0EE3829E45F004D34A1FA40D098019CDF # gpg: issuer "hreitz@redhat.com" # gpg: Good signature from "Hanna Reitz <hreitz@redhat.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: CB62 D7A0 EE38 29E4 5F00 4D34 A1FA 40D0 9801 9CDF * tag 'pull-block-2022-03-22' of https://gitlab.com/hreitz/qemu : (25 commits) iotests/207: Filter host fingerprint iotests.py: Filters for VM.run_job() iotests: make qemu_img_log and img_info_log raise on error iotests: remove qemu_img_pipe_and_status() iotests: replace qemu_img_log('create', ...) calls iotests: use qemu_img() in has_working_luks() iotests: remove remaining calls to qemu_img_pipe() iotests/149: Remove qemu_img_pipe() call iotests: replace unchecked calls to qemu_img_pipe() iotests: change supports_quorum to use qemu_img iotests: add qemu_img_map() function iotests/remove-bitmap-from-backing: use qemu_img_info() iotests: add qemu_img_info() iotests: use qemu_img_json() when applicable iotests: add qemu_img_json() iotests: fortify compare_images() against crashes iotests: make qemu_img raise on non-zero rc by default iotests: Remove explicit checks for qemu_img() == 0 python/utils: add VerboseProcessError python/utils: add add_visual_margin() text decoration utility ... Signed-off-by:Peter Maydell <peter.maydell@linaro.org> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com> -
Marc-André Lureau authored
The macro doesn't need it. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com> -
Marc-André Lureau authored
Apparently not needed anymore. Signed-off-by:Marc-André Lureau <marcandre.lureau@redhat.com> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com> -
Marc-André Lureau authored
The current testing code isn't correct and matching QEMU usage: testfile.c: In function 'main': testfile.c:5:11: error: incorrect number of arguments to function '__atomic_load' 5 | y = __atomic_load(&x, 0); | ^~~~~~~~~~~~~ testfile.c:6:7: error: argument 2 of '__atomic_store' must be a pointer type 6 | __atomic_store(&x, y, 0); | ^~~~~~~~~~~~~~ testfile.c:7:7: error: argument 3 of '__atomic_compare_exchange' must be a pointer type 7 | __atomic_compare_exchange(&x, &y, x, 0, 0, 0); | ^~~~~~~~~~~~~~~~~~~~~~~~~ Replace the test with common atomics test for u64 and u128 that matches better QEMU needs. Signed-off-by:Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
(note: the test isn't working as intended, the next patches fixes it) Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -
Marc-André Lureau authored
Move qemu_ether_ntoa() which is only needed in net/. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: John Snow <jsnow@redhat.com> -
Marc-André Lureau authored
This will help to make common code independent. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
Simplify the macro, not depending on headers defines, but compiler predefined __SIZEOF__POINTER__ only. Available since gcc 4.3 and clang 2.8. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org> -
Marc-André Lureau authored
One less qemu-specific macro. It also helps to make some headers/units only depend on glib, and thus moved in standalone projects eventually. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
One less qemu-specific macro. It also helps to make some headers/units only depend on glib, and thus moved in standalone projects eventually. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
One less qemu-specific macro. It also helps to make some headers/units only depend on glib, and thus moved in standalone projects eventually. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com> -
Marc-André Lureau authored
The socket API wrappers were initially introduced in commit 00aa0040 ("Wrap recv to avoid warnings"), but made redundant with commit a2d96af4 ("osdep: add wrappers for socket functions") which fixes the win32 declarations and thus removed the earlier warnings. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -
Marc-André Lureau authored
gettimeofday() returns 0 for success. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> -
Marc-André Lureau authored
Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -
Marc-André Lureau authored
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982600 Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -
https://repo.or.cz/qemu/ericbPeter Maydell authored
nbd patches for 2022-03-21 - Rao Lei: fix nbd client hang on server death - Vladimir Sementsov-Ogievskiy: email address update - Eric Blake: qemu-nbd documentation tweak # gpg: Signature made Mon 21 Mar 2022 21:35:50 GMT # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * tag 'pull-nbd-2022-03-21' of https://repo.or.cz/qemu/ericb : block/nbd.c: Fixed IO request coroutine not being wakeup when kill NBD server docs: Consistent typography for options of qemu-nbd MAINTAINERS: change Vladimir's email address Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> -
Hanna Reitz authored
Commit e3296cc7 made the ssh block driver's error message for fingerprint mismatches more verbose, so it now prints the actual host key fingerprint and the key type. iotest 207 tests such errors, but was not amended to filter that fingerprint (which is host-specific), so do it now. Filter the key type, too, because I guess this too can differ depending on the host configuration. Fixes: e3296cc7 ("block: print the server key type and fingerprint on failure") Reported-by:
John Snow <jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220318125304.66131-3-hreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com> -
Hanna Reitz authored
Allow filters for VM.run_job(), and pass the filters given to VM.blockdev_create() to it. (Use this opportunity to annotate VM.run_job()'s parameter types; unfortunately, for the filter, I could not come up with anything better than Callable[[Any], Any] that would pass mypy's scrutiny.) At one point, a plain string is logged, so the filters passed to it must work fine with plain strings. The only filters passed to it at this point are the ones from VM.blockdev_create(), which are filter_qmp_test_files() (by default) and 207's filter_hash(). Both cannot handle plain strings yet, but we can make them by amending filter_qmp() to treat them as plain values with a None key. Signed-off-by:
Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220318125304.66131-2-hreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com> -
John Snow authored
Add a `check: bool = True` parameter to both functions and make their qemu_img() invocations raise on error by default. users of img_info_log: 206, 207, 210, 211, 212, 213, 237, 242, 266, 274, 302 users of qemu_img_log: 044, 209, 274, 302, 304 iotests 242 and 266 need to use check=False for their negative tests. iotests 206, 210, 211, 212, 213, 237, 274 and 302 continue working normally. As of this commit, all calls to QEMU_IMG made from iotests enforce a return code of zero by default unless explicitly disabled or suppressed by passing check=False or with an exception handler. Signed-off-by:
John Snow <jsnow@redhat.com>
Message-Id: <20220321201618.903471-19-jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
With the exceptional 'create' calls removed in the prior commit, change qemu_img_log() and img_info_log() to call qemu_img() directly instead. For now, allow these calls to qemu-img to return non-zero on the basis that any unusual output will be logged anyway. The very next commit begins to enforce a successful exit code by default even for the logged functions. Signed-off-by:
John Snow <jsnow@redhat.com>
Message-Id: <20220321201618.903471-18-jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
qemu_img_log() calls into qemu_img_pipe(), which always removes output for 'create' commands on success anyway. Replace all of these calls to the simpler qemu_img_create(...) which doesn't log, but raises a detailed exception object on failure instead. Blank lines are removed from output files where appropriate. Signed-off-by:
John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-17-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
Admittedly a mostly lateral move, but qemu_img() is essentially the replacement for qemu_img_pipe_and_status(). It will give slightly better diagnostics on crash. Signed-off-by:
John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-16-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
As part of moving all python iotest invocations of qemu-img onto a single qemu_img() implementation, remove a few lingering uses of qemu_img_pipe() from outside of iotests.py itself. Several cases here rely on the knowledge that qemu_img_pipe() suppresses *all* output on a successful case when the command being issued is 'create'. 065: This call's output is inspected, but it appears as if it's expected to succeed. Replace this call with the checked qemu_img() variant instead to get better diagnostics if/when qemu-img itself fails. 237: "create" call output isn't actually logged. Use qemu_img_create() instead, which checks the return code. Remove the empty lines from the test output. 296: Two calls; -create: Expected to succeed. Like other create calls, the output isn't actually logged. Switch to a checked variant (qemu_img_create) instead. The output for this test is a mixture of both test styles, so actually replace the blank line for readability. -amend: This is expected to fail. Log the output. After this patch, the only uses of qemu_img_pipe are internal to iotests.py and will be removed in subsequent patches. Signed-off-by:John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-15-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
qemu_img_pipe calls blank their output when the command being run is a 'create' call and the command succeeds. Thus, the normative output for this command in iotest 149 is to print a blank line. We can remove the logging from this invocation and use a checked invocation, but we still need to inspect the actual output to see if we want to retroactively skip the test due to missing cipher support. Signed-off-by:
John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-14-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
qemu_img_pipe() discards the return code from qemu-img in favor of returning just its output. Some tests using this function don't save, log, or check the output either, though, which is unsafe. Replace all of these calls with a checked version. Tests affected are 194, 202, 203, 234, 262, and 303. Signed-off-by:
John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-13-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
Similar to other recent changes: use the qemu_img() invocation that supports throwing loud, nasty exceptions when it fails for surprising reasons. (Why would "--help" ever fail? I don't know, but eliminating *all* calls to qemu-img that do not go through qemu_img() is my goal, so qemu_img_pipe() has to be removed.) Signed-off-by:
John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-12-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com> -
John Snow authored
Add a qemu_img_map() function by analogy with qemu_img_measure(), qemu_img_check(), and qemu_img_info() that all return JSON information. Replace calls to qemu_img_pipe('map', '--output=json', ...) with this new function, which provides better diagnostic information on failure. Note: The output for iotest 211 changes, because logging JSON after it was deserialized by Python behaves a little differently than logging the raw JSON document string itself. (iotests.log() sorts the keys for Python 3.6 support.) Signed-off-by:John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20220321201618.903471-11-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-