From 2430c96ac522f910c11eb98c2d9f74c2c3336a00 Mon Sep 17 00:00:00 2001 From: Jiabo Feng Date: Mon, 21 Oct 2024 10:21:47 +0800 Subject: [PATCH] QEMU update to version 6.2.0-101: - python/aqmp: use absolute import statement - sysemu: Cleanup qemu_run_machine_init_done_notifiers() - vhost-backend: avoid overflow on memslots_limit - hw/i386/vmmouse: Require 'i8042' property to be set - hw/scsi/megasas: Fails command if SGL buffer overflows - target/i386/kvm: Replace use of __u32 type - hw/avr: Realize AVRCPU qdev object using qdev_realize() - qemu-keymap: Add license in generated files - configure: Symlink binaries using .exe suffix with MinGW - ui: remove break after g_assert_not_reached() - io/channel-websock: Replace strlen(const_str) by sizeof(const_str) - 1 - target/ppc: Add HASHKEYR and HASHPKEYR SPRs - tests: Fix error strings - Hexagon (target/hexagon) remove unused encodings - target/i386: introduce insn_get_addr - target/i386: REPZ and REPNZ are mutually exclusive - target/i386: correctly mask SSE4a bit indices in register operands - bios-tables-test: Make oem-fields tests be consistent - tests/vm: update NetBSD to 9.3 - monitor/hmp-cmds: Avoid displaying bogus size in 'info pci' When BAR aren't mapped, we get: - virtio-mem: don't warn about THP sizes on a kernel without THP Support - Subject: [PATCH] kvm: Use 'unsigned long' for request argument in functions wrapping ioctl() Signed-off-by: Jiabo Feng --- ...rget-hexagon-remove-unused-encodings.patch | 70 +++++++ ...m-Use-unsigned-long-for-request-argu.patch | 189 ++++++++++++++++++ ...-Make-oem-fields-tests-be-consistent.patch | 102 ++++++++++ ...k-binaries-using-.exe-suffix-with-Mi.patch | 40 ++++ ...VRCPU-qdev-object-using-qdev_realize.patch | 39 ++++ ...use-Require-i8042-property-to-be-set.patch | 48 +++++ ...Fails-command-if-SGL-buffer-overflow.patch | 40 ++++ ...ck-Replace-strlen-const_str-by-sizeo.patch | 46 +++++ ...-Avoid-displaying-bogus-size-in-info.patch | 97 +++++++++ ...n-aqmp-use-absolute-import-statement.patch | 41 ++++ ...eymap-Add-license-in-generated-files.patch | 34 ++++ qemu.spec | 49 ++++- ...qemu_run_machine_init_done_notifiers.patch | 38 ++++ ...EPZ-and-REPNZ-are-mutually-exclusive.patch | 33 +++ ...ectly-mask-SSE4a-bit-indices-in-regi.patch | 43 ++++ target-i386-introduce-insn_get_addr.patch | 73 +++++++ ...t-i386-kvm-Replace-use-of-__u32-type.patch | 38 ++++ ...-ppc-Add-HASHKEYR-and-HASHPKEYR-SPRs.patch | 89 +++++++++ tests-Fix-error-strings.patch | 49 +++++ tests-vm-update-NetBSD-to-9.3.patch | 33 +++ ...ove-break-after-g_assert_not_reached.patch | 47 +++++ ...end-avoid-overflow-on-memslots_limit.patch | 36 ++++ ...-warn-about-THP-sizes-on-a-kernel-wi.patch | 50 +++++ 23 files changed, 1322 insertions(+), 2 deletions(-) create mode 100644 Hexagon-target-hexagon-remove-unused-encodings.patch create mode 100644 Subject-PATCH-kvm-Use-unsigned-long-for-request-argu.patch create mode 100644 bios-tables-test-Make-oem-fields-tests-be-consistent.patch create mode 100644 configure-Symlink-binaries-using-.exe-suffix-with-Mi.patch create mode 100644 hw-avr-Realize-AVRCPU-qdev-object-using-qdev_realize.patch create mode 100644 hw-i386-vmmouse-Require-i8042-property-to-be-set.patch create mode 100644 hw-scsi-megasas-Fails-command-if-SGL-buffer-overflow.patch create mode 100644 io-channel-websock-Replace-strlen-const_str-by-sizeo.patch create mode 100644 monitor-hmp-cmds-Avoid-displaying-bogus-size-in-info.patch create mode 100644 python-aqmp-use-absolute-import-statement.patch create mode 100644 qemu-keymap-Add-license-in-generated-files.patch create mode 100644 sysemu-Cleanup-qemu_run_machine_init_done_notifiers.patch create mode 100644 target-i386-REPZ-and-REPNZ-are-mutually-exclusive.patch create mode 100644 target-i386-correctly-mask-SSE4a-bit-indices-in-regi.patch create mode 100644 target-i386-introduce-insn_get_addr.patch create mode 100644 target-i386-kvm-Replace-use-of-__u32-type.patch create mode 100644 target-ppc-Add-HASHKEYR-and-HASHPKEYR-SPRs.patch create mode 100644 tests-Fix-error-strings.patch create mode 100644 tests-vm-update-NetBSD-to-9.3.patch create mode 100644 ui-remove-break-after-g_assert_not_reached.patch create mode 100644 vhost-backend-avoid-overflow-on-memslots_limit.patch create mode 100644 virtio-mem-don-t-warn-about-THP-sizes-on-a-kernel-wi.patch diff --git a/Hexagon-target-hexagon-remove-unused-encodings.patch b/Hexagon-target-hexagon-remove-unused-encodings.patch new file mode 100644 index 00000000..2857cc36 --- /dev/null +++ b/Hexagon-target-hexagon-remove-unused-encodings.patch @@ -0,0 +1,70 @@ +From 3be03a8e76551f8065fbe75633f9f0ce5200d8e0 Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 19:02:59 +0800 +Subject: [PATCH] Hexagon (target/hexagon) remove unused encodings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Remove encodings guarded by ifdef that is not defined + +Signed-off-by: Taylor Simpson +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Liu Jing +--- + target/hexagon/imported/encode_pp.def | 23 ----------------------- + 1 file changed, 23 deletions(-) + +diff --git a/target/hexagon/imported/encode_pp.def b/target/hexagon/imported/encode_pp.def +index 939c6fc55f..d71c04cd30 100644 +--- a/target/hexagon/imported/encode_pp.def ++++ b/target/hexagon/imported/encode_pp.def +@@ -944,13 +944,6 @@ MPY_ENC(F2_dfmpyfix, "1000","ddddd","0","0","1","0","11") + MPY_ENC(F2_dfmin, "1000","ddddd","0","0","1","1","11") + MPY_ENC(F2_dfmax, "1000","ddddd","0","1","0","0","11") + MPY_ENC(F2_dfmpyll, "1000","ddddd","0","1","0","1","11") +-#ifdef ADD_DP_OPS +-MPY_ENC(F2_dfdivcheat, "1000","ddddd","0","0","0","1","00") +- +-MPY_ENC(F2_dffixupn, "1000","ddddd","0","1","0","1","11") +-MPY_ENC(F2_dffixupd, "1000","ddddd","0","1","1","0","11") +-MPY_ENC(F2_dfrecipa, "1000","ddddd","0","1","1","1","ee") +-#endif + + MPY_ENC(M7_dcmpyrw, "1000","ddddd","0","0","0","1","10") + MPY_ENC(M7_dcmpyrwc, "1000","ddddd","0","0","1","1","10") +@@ -1024,15 +1017,6 @@ MPY_ENC(M5_vdmacbsu, "1010","xxxxx","0","1","0","0","01") + + MPY_ENC(F2_dfmpylh, "1010","xxxxx","0","0","0","0","11") + MPY_ENC(F2_dfmpyhh, "1010","xxxxx","0","0","0","1","11") +-#ifdef ADD_DP_OPS +-MPY_ENC(F2_dfmpyhh, "1010","xxxxx","0","0","1","0","11") +-MPY_ENC(F2_dffma, "1010","xxxxx","0","0","0","0","11") +-MPY_ENC(F2_dffms, "1010","xxxxx","0","0","0","1","11") +- +-MPY_ENC(F2_dffma_lib, "1010","xxxxx","0","0","1","0","11") +-MPY_ENC(F2_dffms_lib, "1010","xxxxx","0","0","1","1","11") +-MPY_ENC(F2_dffma_sc, "1010","xxxxx","0","1","1","1","uu") +-#endif + + + MPY_ENC(M7_dcmpyrw_acc, "1010","xxxxx","0","0","0","1","10") +@@ -1547,15 +1531,8 @@ SH2_RR_ENC(F2_conv_df2d, "0000","111","0","0 00","ddddd") + SH2_RR_ENC(F2_conv_df2ud, "0000","111","0","0 01","ddddd") + SH2_RR_ENC(F2_conv_ud2df, "0000","111","0","0 10","ddddd") + SH2_RR_ENC(F2_conv_d2df, "0000","111","0","0 11","ddddd") +-#ifdef ADD_DP_OPS +-SH2_RR_ENC(F2_dffixupr, "0000","111","0","1 00","ddddd") +-SH2_RR_ENC(F2_dfsqrtcheat, "0000","111","0","1 01","ddddd") +-#endif + SH2_RR_ENC(F2_conv_df2d_chop, "0000","111","0","1 10","ddddd") + SH2_RR_ENC(F2_conv_df2ud_chop,"0000","111","0","1 11","ddddd") +-#ifdef ADD_DP_OPS +-SH2_RR_ENC(F2_dfinvsqrta, "0000","111","1","0 ee","ddddd") +-#endif + + + +-- +2.41.0.windows.1 + diff --git a/Subject-PATCH-kvm-Use-unsigned-long-for-request-argu.patch b/Subject-PATCH-kvm-Use-unsigned-long-for-request-argu.patch new file mode 100644 index 00000000..325922c4 --- /dev/null +++ b/Subject-PATCH-kvm-Use-unsigned-long-for-request-argu.patch @@ -0,0 +1,189 @@ +From d3dcd2635b1830648a1aa95d5653aba6fd20bde6 Mon Sep 17 00:00:00 2001 +From: dinglimin +Date: Mon, 16 Sep 2024 16:36:27 +0800 +Subject: [PATCH] Subject: [PATCH] kvm: Use 'unsigned long' for request + argument in functions wrapping ioctl() + +Change the data type of the ioctl _request_ argument from 'int' to +'unsigned long' for the various accel/kvm functions which are +essentially wrappers around the ioctl() syscall. + +The correct type for ioctl()'s 'request' argument is confused: + * POSIX defines the request argument as 'int' + * glibc uses 'unsigned long' in the prototype in sys/ioctl.h + * the glibc info documentation uses 'int' + * the Linux manpage uses 'unsigned long' + * the Linux implementation of the syscall uses 'unsigned int' + +If we wrap ioctl() with another function which uses 'int' as the +type for the request argument, then requests with the 0x8000_0000 +bit set will be sign-extended when the 'int' is cast to +'unsigned long' for the call to ioctl(). + +On x86_64 one such example is the KVM_IRQ_LINE_STATUS request. +Bit requests with the _IOC_READ direction bit set, will have the high +bit set. + +Fortunately the Linux Kernel truncates the upper 32bit of the request +on 64bit machines (because it uses 'unsigned int', and see also Linus +Torvalds' comments in + https://sourceware.org/bugzilla/show_bug.cgi?id=14362 ) +so this doesn't cause active problems for us. However it is more +consistent to follow the glibc ioctl() prototype when we define +functions that are essentially wrappers around ioctl(). + +This resolves a Coverity issue where it points out that in +kvm_get_xsave() we assign a value (KVM_GET_XSAVE or KVM_GET_XSAVE2) +to an 'int' variable which can't hold it without overflow. + +Resolves: Coverity CID 1547759 +Signed-off-by: Johannes Stoelp +Signed-off-by: Peter Maydell +Reviewed-by: Eric Blake +Message-id: 20240815122747.3053871-1-peter.maydell@linaro.org +[PMM: Rebased patch, adjusted commit message, included note about + Coverity fix, updated the type of the local var in kvm_get_xsave, + updated the comment in the KVMState struct definition] +Signed-off-by: Peter Maydell +Signed-off-by: dinglimin +--- + accel/kvm/kvm-all.c | 8 ++++---- + accel/kvm/trace-events | 8 ++++---- + include/sysemu/kvm.h | 8 ++++---- + include/sysemu/kvm_int.h | 17 +++++++++++++---- + target/i386/kvm/kvm.c | 3 ++- + 5 files changed, 27 insertions(+), 17 deletions(-) + +diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c +index 3a09307a26..2eb0666bd7 100644 +--- a/accel/kvm/kvm-all.c ++++ b/accel/kvm/kvm-all.c +@@ -2985,7 +2985,7 @@ int kvm_cpu_exec(CPUState *cpu) + return ret; + } + +-int kvm_ioctl(KVMState *s, int type, ...) ++int kvm_ioctl(KVMState *s, unsigned long type, ...) + { + int ret; + void *arg; +@@ -3003,7 +3003,7 @@ int kvm_ioctl(KVMState *s, int type, ...) + return ret; + } + +-int kvm_vm_ioctl(KVMState *s, int type, ...) ++int kvm_vm_ioctl(KVMState *s, unsigned long type, ...) + { + int ret; + void *arg; +@@ -3021,7 +3021,7 @@ int kvm_vm_ioctl(KVMState *s, int type, ...) + return ret; + } + +-int kvm_vcpu_ioctl(CPUState *cpu, int type, ...) ++int kvm_vcpu_ioctl(CPUState *cpu, unsigned long type, ...) + { + int ret; + void *arg; +@@ -3039,7 +3039,7 @@ int kvm_vcpu_ioctl(CPUState *cpu, int type, ...) + return ret; + } + +-int kvm_device_ioctl(int fd, int type, ...) ++int kvm_device_ioctl(int fd, unsigned long type, ...) + { + int ret; + void *arg; +diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events +index 399aaeb0ec..a1905fe985 100644 +--- a/accel/kvm/trace-events ++++ b/accel/kvm/trace-events +@@ -1,11 +1,11 @@ + # See docs/devel/tracing.rst for syntax documentation. + + # kvm-all.c +-kvm_ioctl(int type, void *arg) "type 0x%x, arg %p" +-kvm_vm_ioctl(int type, void *arg) "type 0x%x, arg %p" +-kvm_vcpu_ioctl(int cpu_index, int type, void *arg) "cpu_index %d, type 0x%x, arg %p" ++kvm_ioctl(unsigned long type, void *arg) "type 0x%lx, arg %p" ++kvm_vm_ioctl(unsigned long type, void *arg) "type 0x%lx, arg %p" ++kvm_vcpu_ioctl(int cpu_index, unsigned long type, void *arg) "cpu_index %d, type 0x%lx, arg %p" + kvm_run_exit(int cpu_index, uint32_t reason) "cpu_index %d, reason %d" +-kvm_device_ioctl(int fd, int type, void *arg) "dev fd %d, type 0x%x, arg %p" ++kvm_device_ioctl(int fd, unsigned long type, void *arg) "dev fd %d, type 0x%lx, arg %p" + kvm_failed_reg_get(uint64_t id, const char *msg) "Warning: Unable to retrieve ONEREG %" PRIu64 " from KVM: %s" + kvm_failed_reg_set(uint64_t id, const char *msg) "Warning: Unable to set ONEREG %" PRIu64 " to KVM: %s" + kvm_init_vcpu(int cpu_index, unsigned long arch_cpu_id) "index: %d id: %lu" +diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h +index 5860228034..5c06cd3d91 100644 +--- a/include/sysemu/kvm.h ++++ b/include/sysemu/kvm.h +@@ -258,11 +258,11 @@ int kvm_on_sigbus(int code, void *addr); + + /* internal API */ + +-int kvm_ioctl(KVMState *s, int type, ...); ++int kvm_ioctl(KVMState *s, unsigned long type, ...); + +-int kvm_vm_ioctl(KVMState *s, int type, ...); ++int kvm_vm_ioctl(KVMState *s, unsigned long type, ...); + +-int kvm_vcpu_ioctl(CPUState *cpu, int type, ...); ++int kvm_vcpu_ioctl(CPUState *cpu, unsigned long type, ...); + + /** + * kvm_device_ioctl - call an ioctl on a kvm device +@@ -271,7 +271,7 @@ int kvm_vcpu_ioctl(CPUState *cpu, int type, ...); + * + * Returns: -errno on error, nonnegative on success + */ +-int kvm_device_ioctl(int fd, int type, ...); ++int kvm_device_ioctl(int fd, unsigned long type, ...); + + /** + * kvm_vm_check_attr - check for existence of a specific vm attribute +diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h +index 3b4adcdc10..b332d79ce5 100644 +--- a/include/sysemu/kvm_int.h ++++ b/include/sysemu/kvm_int.h +@@ -83,10 +83,19 @@ struct KVMState + OnOffAuto kernel_irqchip_split; + bool sync_mmu; + uint64_t manual_dirty_log_protect; +- /* The man page (and posix) say ioctl numbers are signed int, but +- * they're not. Linux, glibc and *BSD all treat ioctl numbers as +- * unsigned, and treating them as signed here can break things */ +- unsigned irq_set_ioctl; ++ /* ++ * Older POSIX says that ioctl numbers are signed int, but in ++ * practice they are not. (Newer POSIX doesn't specify ioctl ++ * at all.) Linux, glibc and *BSD all treat ioctl numbers as ++ * unsigned, and real-world ioctl values like KVM_GET_XSAVE have ++ * bit 31 set, which means that passing them via an 'int' will ++ * result in sign-extension when they get converted back to the ++ * 'unsigned long' which the ioctl() prototype uses. Luckily Linux ++ * always treats the argument as an unsigned 32-bit int, so any ++ * possible sign-extension is deliberately ignored, but for ++ * consistency we keep to the same type that glibc is using. ++ */ ++ unsigned long irq_set_ioctl; + unsigned int sigmask_len; + GHashTable *gsimap; + #ifdef KVM_CAP_IRQ_ROUTING +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 9f3ddd5da2..15755197f4 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -3360,7 +3360,8 @@ static int kvm_get_xsave(X86CPU *cpu) + { + CPUX86State *env = &cpu->env; + void *xsave = env->xsave_buf; +- int type, ret; ++ unsigned long type; ++ int ret; + + if (!has_xsave) { + return kvm_get_fpu(cpu); +-- +2.41.0.windows.1 + diff --git a/bios-tables-test-Make-oem-fields-tests-be-consistent.patch b/bios-tables-test-Make-oem-fields-tests-be-consistent.patch new file mode 100644 index 00000000..5077108f --- /dev/null +++ b/bios-tables-test-Make-oem-fields-tests-be-consistent.patch @@ -0,0 +1,102 @@ +From 2a9e30e5cd8d838a367175a0c1bad0e79764063f Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 15:09:30 +0800 +Subject: [PATCH] bios-tables-test: Make oem-fields tests be consistent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Every other test function is named: + + test_acpi__() + +Just make this test the same. Once there, rename "acpi/oem-fields" to +"acpi/piix4/oem-fields" so it is consistent with everything else. + +Signed-off-by: Juan Quintela +Message-Id: <20220902173452.1904-2-quintela@redhat.com> +Reviewed-by: Ani Sinha +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Thomas Huth +Signed-off-by: Liu Jing +--- + tests/qtest/bios-tables-test.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c +index ff8f13199d..0b89cae577 100644 +--- a/tests/qtest/bios-tables-test.c ++++ b/tests/qtest/bios-tables-test.c +@@ -1501,7 +1501,7 @@ static void test_oem_fields(test_data *data) + } + } + +-static void test_acpi_oem_fields_pc(void) ++static void test_acpi_piix4_oem_fields(void) + { + test_data data; + char *args; +@@ -1521,7 +1521,7 @@ static void test_acpi_oem_fields_pc(void) + g_free(args); + } + +-static void test_acpi_oem_fields_q35(void) ++static void test_acpi_q35_oem_fields(void) + { + test_data data; + char *args; +@@ -1541,7 +1541,7 @@ static void test_acpi_oem_fields_q35(void) + g_free(args); + } + +-static void test_acpi_oem_fields_microvm(void) ++static void test_acpi_microvm_oem_fields(void) + { + test_data data; + char *args; +@@ -1558,7 +1558,7 @@ static void test_acpi_oem_fields_microvm(void) + g_free(args); + } + +-static void test_acpi_oem_fields_virt(void) ++static void test_acpi_virt_oem_fields(void) + { + test_data data = { + .machine = "virt", +@@ -1596,13 +1596,13 @@ int main(int argc, char *argv[]) + if (ret) { + return ret; + } +- qtest_add_func("acpi/q35/oem-fields", test_acpi_oem_fields_q35); ++ qtest_add_func("acpi/q35/oem-fields", test_acpi_q35_oem_fields); + if (tpm_model_is_available("-machine q35", "tpm-tis")) { + qtest_add_func("acpi/q35/tpm2-tis", test_acpi_q35_tcg_tpm2_tis); + qtest_add_func("acpi/q35/tpm12-tis", test_acpi_q35_tcg_tpm12_tis); + } + qtest_add_func("acpi/piix4", test_acpi_piix4_tcg); +- qtest_add_func("acpi/oem-fields", test_acpi_oem_fields_pc); ++ qtest_add_func("acpi/piix4/oem-fields", test_acpi_piix4_oem_fields); + qtest_add_func("acpi/piix4/bridge", test_acpi_piix4_tcg_bridge); + qtest_add_func("acpi/piix4/pci-hotplug/no_root_hotplug", + test_acpi_piix4_no_root_hotplug); +@@ -1642,7 +1642,7 @@ int main(int argc, char *argv[]) + qtest_add_func("acpi/microvm/usb", test_acpi_microvm_usb_tcg); + qtest_add_func("acpi/microvm/rtc", test_acpi_microvm_rtc_tcg); + qtest_add_func("acpi/microvm/ioapic2", test_acpi_microvm_ioapic2_tcg); +- qtest_add_func("acpi/microvm/oem-fields", test_acpi_oem_fields_microvm); ++ qtest_add_func("acpi/microvm/oem-fields", test_acpi_microvm_oem_fields); + if (has_tcg) { + qtest_add_func("acpi/q35/ivrs", test_acpi_q35_tcg_ivrs); + if (strcmp(arch, "x86_64") == 0) { +@@ -1660,7 +1660,7 @@ int main(int argc, char *argv[]) + qtest_add_func("acpi/virt/numamem", test_acpi_virt_tcg_numamem); + qtest_add_func("acpi/virt/memhp", test_acpi_virt_tcg_memhp); + qtest_add_func("acpi/virt/pxb", test_acpi_virt_tcg_pxb); +- qtest_add_func("acpi/virt/oem-fields", test_acpi_oem_fields_virt); ++ qtest_add_func("acpi/virt/oem-fields", test_acpi_virt_oem_fields); + } + } + ret = g_test_run(); +-- +2.41.0.windows.1 + diff --git a/configure-Symlink-binaries-using-.exe-suffix-with-Mi.patch b/configure-Symlink-binaries-using-.exe-suffix-with-Mi.patch new file mode 100644 index 00000000..ec1fc52b --- /dev/null +++ b/configure-Symlink-binaries-using-.exe-suffix-with-Mi.patch @@ -0,0 +1,40 @@ +From c66c944a2caf4a457d542c843e5215bd7d673887 Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 10:28:30 +0800 +Subject: [PATCH] configure: Symlink binaries using .exe suffix with MinGW +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit 57a93f16e8dad554720edcc5ed1fe613d68bf230 + +When using the MinGW toolchain, we use the .exe suffix for the +executable name. We also need to use it for the symlinks in the +build directory. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Stefan Weil +Acked-by: Paolo Bonzini +Message-Id: <20211109144504.1541206-1-philmd@redhat.com> +Signed-off-by: Laurent Vivier +Signed-off-by: Luo Yifan +--- + configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure b/configure +index 991fe67886..7d508b2e72 100755 +--- a/configure ++++ b/configure +@@ -3685,7 +3685,7 @@ fi + + for target in $target_list; do + target_dir="$target" +- target_name=$(echo $target | cut -d '-' -f 1) ++ target_name=$(echo $target | cut -d '-' -f 1)$EXESUF + mkdir -p "$target_dir" + case $target in + *-user) symlink "../qemu-$target_name" "$target_dir/qemu-$target_name" ;; +-- +2.41.0.windows.1 + diff --git a/hw-avr-Realize-AVRCPU-qdev-object-using-qdev_realize.patch b/hw-avr-Realize-AVRCPU-qdev-object-using-qdev_realize.patch new file mode 100644 index 00000000..65641d37 --- /dev/null +++ b/hw-avr-Realize-AVRCPU-qdev-object-using-qdev_realize.patch @@ -0,0 +1,39 @@ +From 21d4f71e7ad312a86b83cfa7dc9eb5bf6ef240ee Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 10:48:54 +0800 +Subject: [PATCH] hw/avr: Realize AVRCPU qdev object using qdev_realize() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit 74fb2f4f4c47c966ab54687392e6561b4de4bb8a + +TYPE_AVR_CPU inherits TYPE_CPU, which itself inherits TYPE_DEVICE. +TYPE_DEVICE instances are realized using qdev_realize(), we don't +need to access QOM internal values. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Michael Rolnik +Message-Id: <20211205224109.322152-1-f4bug@amsat.org> +Signed-off-by: Laurent Vivier +Signed-off-by: Luo Yifan +--- + hw/avr/atmega.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/avr/atmega.c b/hw/avr/atmega.c +index 0608e2d475..a34803e642 100644 +--- a/hw/avr/atmega.c ++++ b/hw/avr/atmega.c +@@ -233,7 +233,7 @@ static void atmega_realize(DeviceState *dev, Error **errp) + + /* CPU */ + object_initialize_child(OBJECT(dev), "cpu", &s->cpu, mc->cpu_type); +- object_property_set_bool(OBJECT(&s->cpu), "realized", true, &error_abort); ++ qdev_realize(DEVICE(&s->cpu), NULL, &error_abort); + cpudev = DEVICE(&s->cpu); + + /* SRAM */ +-- +2.41.0.windows.1 + diff --git a/hw-i386-vmmouse-Require-i8042-property-to-be-set.patch b/hw-i386-vmmouse-Require-i8042-property-to-be-set.patch new file mode 100644 index 00000000..3e779ae8 --- /dev/null +++ b/hw-i386-vmmouse-Require-i8042-property-to-be-set.patch @@ -0,0 +1,48 @@ +From 12756f09bddf7e31b9bf846bd5301ddbdcadfedf Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 11:15:58 +0800 +Subject: [PATCH] hw/i386/vmmouse: Require 'i8042' property to be set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit 5a3a2eb3b1096a52580c1b8c3eb0739714e7d941 + +If the 'i8042' property is not set, mouse events handled by +vmmouse_mouse_event() end calling i8042_isa_mouse_fake_event() +with a NULL argument, resulting in ps2_mouse_fake_event() being +called with invalid PS2MouseState pointer. Fix by requiring +the 'i8042' property to be always set: + + $ qemu-system-x86_64 -device vmmouse + qemu-system-x86_64: -device vmmouse: 'i8042' link is not set + +Fixes: 91c9e09147b ("vmmouse: convert to qdev") +Reported-by: Calvin Buckley +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/752 +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20211201223253.36080-1-f4bug@amsat.org> +Signed-off-by: Paolo Bonzini +Signed-off-by: Luo Yifan +--- + hw/i386/vmmouse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/i386/vmmouse.c b/hw/i386/vmmouse.c +index 3d66368286..a56c185f15 100644 +--- a/hw/i386/vmmouse.c ++++ b/hw/i386/vmmouse.c +@@ -286,6 +286,10 @@ static void vmmouse_realizefn(DeviceState *dev, Error **errp) + + DPRINTF("vmmouse_init\n"); + ++ if (!s->i8042) { ++ error_setg(errp, "'i8042' link is not set"); ++ return; ++ } + if (!object_resolve_path_type("", TYPE_VMPORT, NULL)) { + error_setg(errp, "vmmouse needs a machine with vmport"); + return; +-- +2.41.0.windows.1 + diff --git a/hw-scsi-megasas-Fails-command-if-SGL-buffer-overflow.patch b/hw-scsi-megasas-Fails-command-if-SGL-buffer-overflow.patch new file mode 100644 index 00000000..2d0bd85f --- /dev/null +++ b/hw-scsi-megasas-Fails-command-if-SGL-buffer-overflow.patch @@ -0,0 +1,40 @@ +From 4524c893498ef2c8d2fa5da69ccefe167011ed3d Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 10:52:25 +0800 +Subject: [PATCH] hw/scsi/megasas: Fails command if SGL buffer overflows +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit 97a2b074d150918a7a3a4065b946a52d4d0be8a3 + +If we detect an overflow on the SGL buffer, do not +keep processing the command: discard it. TARGET_FAILURE +sense code will be returned (MFI_STAT_SCSI_DONE_WITH_ERROR). + +Reported-by: Alexander Bulekov +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/521 +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Darren Kenny +Message-Id: <20211119201141.532377-2-philmd@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Luo Yifan +--- + hw/scsi/megasas.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 946050bf83..dc9bbdb740 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -310,6 +310,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl) + } + if (cmd->iov_size > iov_size) { + trace_megasas_iovec_overflow(cmd->index, iov_size, cmd->iov_size); ++ goto unmap; + } else if (cmd->iov_size < iov_size) { + trace_megasas_iovec_underflow(cmd->index, iov_size, cmd->iov_size); + } +-- +2.41.0.windows.1 + diff --git a/io-channel-websock-Replace-strlen-const_str-by-sizeo.patch b/io-channel-websock-Replace-strlen-const_str-by-sizeo.patch new file mode 100644 index 00000000..3fb964fe --- /dev/null +++ b/io-channel-websock-Replace-strlen-const_str-by-sizeo.patch @@ -0,0 +1,46 @@ +From f9d4fad347970ddff4252312a71565a3f0be5305 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Thu, 19 Sep 2024 10:00:08 +0000 +Subject: [PATCH] io/channel-websock: Replace strlen(const_str) by + sizeof(const_str) - 1 mainline inclusion commit + 5e689840a10e01dc2ab87defc5347337db8103da category: bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +he combined_key[... QIO_CHANNEL_WEBSOCK_GUID_LEN ...] array in +qio_channel_websock_handshake_send_res_ok() expands to a call +to strlen(QIO_CHANNEL_WEBSOCK_GUID), and the compiler doesn't +realize the string is const, so consider combined_key[] being +a variable-length array. + +To remove the variable-length array, we provide it a hint to +the compiler by using sizeof() - 1 instead of strlen(). + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Daniel P. Berrangé +Signed-off-by: Peter Maydell + +Signed-off-by: tangbinzy +--- + io/channel-websock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/io/channel-websock.c b/io/channel-websock.c +index 70889bb54d..d9fc27a003 100644 +--- a/io/channel-websock.c ++++ b/io/channel-websock.c +@@ -32,7 +32,7 @@ + + #define QIO_CHANNEL_WEBSOCK_CLIENT_KEY_LEN 24 + #define QIO_CHANNEL_WEBSOCK_GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11" +-#define QIO_CHANNEL_WEBSOCK_GUID_LEN strlen(QIO_CHANNEL_WEBSOCK_GUID) ++#define QIO_CHANNEL_WEBSOCK_GUID_LEN (sizeof(QIO_CHANNEL_WEBSOCK_GUID) - 1) + + #define QIO_CHANNEL_WEBSOCK_HEADER_PROTOCOL "sec-websocket-protocol" + #define QIO_CHANNEL_WEBSOCK_HEADER_VERSION "sec-websocket-version" +-- +2.41.0.windows.1 + diff --git a/monitor-hmp-cmds-Avoid-displaying-bogus-size-in-info.patch b/monitor-hmp-cmds-Avoid-displaying-bogus-size-in-info.patch new file mode 100644 index 00000000..d15370bb --- /dev/null +++ b/monitor-hmp-cmds-Avoid-displaying-bogus-size-in-info.patch @@ -0,0 +1,97 @@ +From 0ccf41541a2c2a65196327fc5466af611aa9f929 Mon Sep 17 00:00:00 2001 +From: dinglimin +Date: Mon, 16 Sep 2024 17:07:55 +0800 +Subject: [PATCH] monitor/hmp-cmds: Avoid displaying bogus size in 'info pci' + When BAR aren't mapped, we get: +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + (qemu) info pci + Bus 0, device 0, function 0: + Host bridge: PCI device dead:beef + ... + BAR4: 32 bit memory at 0xffffffffffffffff [0x00000ffe]. + BAR5: I/O at 0xffffffffffffffff [0x0ffe]. + +Check the BAR is mapped comparing its address to PCI_BAR_UNMAPPED +which is what the PCI layer uses for unmapped BARs. +See pci_bar_address and pci_update_mappings implementations and +in "hw/pci/pci.h": + + typedef struct PCIIORegion { + pcibus_t addr; /* current PCI mapping address. -1 means not mapped */ + #define PCI_BAR_UNMAPPED (~(pcibus_t)0) + ... + +This improves the logging, not displaying bogus sizes: + + (qemu) info pci + Bus 0, device 0, function 0: + Host bridge: PCI device dead:beef + ... + BAR4: 32 bit memory (not mapped) + BAR5: I/O (not mapped) + +Remove trailing dot which is not used in other commands format. + +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20240801131449.51328-1-philmd@linaro.org> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: dinglimin +--- + monitor/hmp-cmds.c | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c +index c139e8087e..4abd4a8aa0 100644 +--- a/monitor/hmp-cmds.c ++++ b/monitor/hmp-cmds.c +@@ -60,6 +60,8 @@ + #include + #endif + ++#include "hw/pci/pci.h" ++ + bool hmp_handle_error(Monitor *mon, Error *err) + { + if (err) { +@@ -781,15 +783,25 @@ static void hmp_info_pci_device(Monitor *mon, const PciDeviceInfo *dev) + monitor_printf(mon, " BAR%" PRId64 ": ", region->value->bar); + + if (!strcmp(region->value->type, "io")) { +- monitor_printf(mon, "I/O at 0x%04" PRIx64 +- " [0x%04" PRIx64 "].\n", +- addr, addr + size - 1); +- } else { +- monitor_printf(mon, "%d bit%s memory at 0x%08" PRIx64 +- " [0x%08" PRIx64 "].\n", +- region->value->mem_type_64 ? 64 : 32, +- region->value->prefetch ? " prefetchable" : "", +- addr, addr + size - 1); ++ if (addr != PCI_BAR_UNMAPPED) { ++ monitor_printf(mon, "I/O at 0x%04" PRIx64 ++ " [0x%04" PRIx64 "]\n", ++ addr, addr + size - 1); ++ } else { ++ monitor_printf(mon, "I/O (not mapped)\n"); ++ } ++ } else { ++ if (addr != PCI_BAR_UNMAPPED) { ++ monitor_printf(mon, "%d bit%s memory at 0x%08" PRIx64 ++ " [0x%08" PRIx64 "]\n", ++ region->value->mem_type_64 ? 64 : 32, ++ region->value->prefetch ? " prefetchable" : "", ++ addr, addr + size - 1); ++ } else { ++ monitor_printf(mon, "%d bit%s memory (not mapped)\n", ++ region->value->mem_type_64 ? 64 : 32, ++ region->value->prefetch ? " prefetchable" : ""); ++ } + } + } + +-- +2.41.0.windows.1 + diff --git a/python-aqmp-use-absolute-import-statement.patch b/python-aqmp-use-absolute-import-statement.patch new file mode 100644 index 00000000..cfff60ac --- /dev/null +++ b/python-aqmp-use-absolute-import-statement.patch @@ -0,0 +1,41 @@ +From 81ab64fe4c328b3981290afe4860f9bcd8f8750c Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 16:07:19 +0800 +Subject: [PATCH] python/aqmp: use absolute import statement + +cherry picked from commit f75b20e4f16663af4c65657821c5727b1d1c2493 + +pylint's dependency astroid appears to have bugs in 2.9.1 and 2.9.2 (Dec +31 and Jan 3) that appear to erroneously expect the qemu namespace to +have an __init__.py file. astroid 2.9.3 (Jan 9) avoids that problem, but +appears to not understand a relative import within a namespace package. + +Update the relative import - it was worth changing anyway, because these +packages will eventually be packaged and distributed separately. + +Signed-off-by: John Snow +Reviewed-by: Beraldo Leal +Message-id: 20220110191349.1841027-2-jsnow@redhat.com +Signed-off-by: John Snow +Signed-off-by: Luo Yifan +--- + python/qemu/aqmp/aqmp_tui.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/python/qemu/aqmp/aqmp_tui.py b/python/qemu/aqmp/aqmp_tui.py +index a2929f771c..f1e926dd75 100644 +--- a/python/qemu/aqmp/aqmp_tui.py ++++ b/python/qemu/aqmp/aqmp_tui.py +@@ -35,7 +35,8 @@ + import urwid + import urwid_readline + +-from ..qmp import QEMUMonitorProtocol, QMPBadPortError ++from qemu.qmp import QEMUMonitorProtocol, QMPBadPortError ++ + from .error import ProtocolError + from .message import DeserializationError, Message, UnexpectedTypeError + from .protocol import ConnectError, Runstate +-- +2.41.0.windows.1 + diff --git a/qemu-keymap-Add-license-in-generated-files.patch b/qemu-keymap-Add-license-in-generated-files.patch new file mode 100644 index 00000000..bdbd34c2 --- /dev/null +++ b/qemu-keymap-Add-license-in-generated-files.patch @@ -0,0 +1,34 @@ +From db089183c5aff11b3dae7d3893477c8abbb8d863 Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 10:44:55 +0800 +Subject: [PATCH] qemu-keymap: Add license in generated files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit 4455922f7bb8fef2f5aa0a4d3901041bcc4b659d + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Warner Losh +Message-Id: <20211117174533.1900570-1-philmd@redhat.com> +Signed-off-by: Laurent Vivier +Signed-off-by: Luo Yifan +--- + qemu-keymap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/qemu-keymap.c b/qemu-keymap.c +index 536e8f2385..4095b654a6 100644 +--- a/qemu-keymap.c ++++ b/qemu-keymap.c +@@ -187,6 +187,7 @@ int main(int argc, char *argv[]) + } + + fprintf(outfile, ++ "# SPDX-License-Identifier: GPL-2.0-or-later\n" + "#\n" + "# generated by qemu-keymap\n" + "# model : %s\n" +-- +2.41.0.windows.1 + diff --git a/qemu.spec b/qemu.spec index 417538f3..07c8cda9 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 6.2.0 -Release: 100 +Release: 101 Epoch: 10 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -1048,7 +1048,28 @@ Patch1033: system-physmem-Propagate-AddressSpace-to-MapClient-h.patch Patch1034: system-physmem-Per-AddressSpace-bounce-buffering.patch Patch1035: softmmu-Support-concurrent-bounce-buffers-CVE-2024-8.patch Patch1036: mac_dbdma-Remove-leftover-dma_memory_unmap-calls-CVE.patch - +Patch1037: Subject-PATCH-kvm-Use-unsigned-long-for-request-argu.patch +Patch1038: virtio-mem-don-t-warn-about-THP-sizes-on-a-kernel-wi.patch +Patch1039: monitor-hmp-cmds-Avoid-displaying-bogus-size-in-info.patch +Patch1040: tests-vm-update-NetBSD-to-9.3.patch +Patch1041: bios-tables-test-Make-oem-fields-tests-be-consistent.patch +Patch1042: target-i386-correctly-mask-SSE4a-bit-indices-in-regi.patch +Patch1043: target-i386-REPZ-and-REPNZ-are-mutually-exclusive.patch +Patch1044: target-i386-introduce-insn_get_addr.patch +Patch1045: Hexagon-target-hexagon-remove-unused-encodings.patch +Patch1046: tests-Fix-error-strings.patch +Patch1047: target-ppc-Add-HASHKEYR-and-HASHPKEYR-SPRs.patch +Patch1048: io-channel-websock-Replace-strlen-const_str-by-sizeo.patch +Patch1049: ui-remove-break-after-g_assert_not_reached.patch +Patch1050: configure-Symlink-binaries-using-.exe-suffix-with-Mi.patch +Patch1051: qemu-keymap-Add-license-in-generated-files.patch +Patch1052: hw-avr-Realize-AVRCPU-qdev-object-using-qdev_realize.patch +Patch1053: target-i386-kvm-Replace-use-of-__u32-type.patch +Patch1054: hw-scsi-megasas-Fails-command-if-SGL-buffer-overflow.patch +Patch1055: hw-i386-vmmouse-Require-i8042-property-to-be-set.patch +Patch1056: vhost-backend-avoid-overflow-on-memslots_limit.patch +Patch1057: sysemu-Cleanup-qemu_run_machine_init_done_notifiers.patch +Patch1058: python-aqmp-use-absolute-import-statement.patch BuildRequires: flex BuildRequires: gcc @@ -1647,6 +1668,30 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Mon Oct 21 2024 - 10:6.2.0-101 +- python/aqmp: use absolute import statement +- sysemu: Cleanup qemu_run_machine_init_done_notifiers() +- vhost-backend: avoid overflow on memslots_limit +- hw/i386/vmmouse: Require 'i8042' property to be set +- hw/scsi/megasas: Fails command if SGL buffer overflows +- target/i386/kvm: Replace use of __u32 type +- hw/avr: Realize AVRCPU qdev object using qdev_realize() +- qemu-keymap: Add license in generated files +- configure: Symlink binaries using .exe suffix with MinGW +- ui: remove break after g_assert_not_reached() +- io/channel-websock: Replace strlen(const_str) by sizeof(const_str) - 1 +- target/ppc: Add HASHKEYR and HASHPKEYR SPRs +- tests: Fix error strings +- Hexagon (target/hexagon) remove unused encodings +- target/i386: introduce insn_get_addr +- target/i386: REPZ and REPNZ are mutually exclusive +- target/i386: correctly mask SSE4a bit indices in register operands +- bios-tables-test: Make oem-fields tests be consistent +- tests/vm: update NetBSD to 9.3 +- monitor/hmp-cmds: Avoid displaying bogus size in 'info pci' When BAR aren't mapped, we get: +- virtio-mem: don't warn about THP sizes on a kernel without THP Support +- Subject: [PATCH] kvm: Use 'unsigned long' for request argument in functions wrapping ioctl() + * Mon Oct 14 2024 - 10:6.2.0-100 - mac_dbdma: Remove leftover `dma_memory_unmap` calls(CVE-2024-8612) - softmmu: Support concurrent bounce buffers(CVE-2024-8612) diff --git a/sysemu-Cleanup-qemu_run_machine_init_done_notifiers.patch b/sysemu-Cleanup-qemu_run_machine_init_done_notifiers.patch new file mode 100644 index 00000000..c949936d --- /dev/null +++ b/sysemu-Cleanup-qemu_run_machine_init_done_notifiers.patch @@ -0,0 +1,38 @@ +From f9cd46b75aa937498b956cb32aef9232bef86cc9 Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 14:12:57 +0800 +Subject: [PATCH] sysemu: Cleanup qemu_run_machine_init_done_notifiers() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit 9de225a1c27500c2d80a916d1c2a41d8e2a5f6e8 + +Remove qemu_run_machine_init_done_notifiers() since no implementation +and user. + +Fixes: f66dc8737c9 ("vl: move all generic initialization out of vl.c") +Signed-off-by: Xiaoyao Li +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20220104024136.1433545-1-xiaoyao.li@intel.com> +Signed-off-by: Richard Henderson +Signed-off-by: Luo Yifan +--- + include/sysemu/sysemu.h | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h +index 8fae667172..b9421e03ff 100644 +--- a/include/sysemu/sysemu.h ++++ b/include/sysemu/sysemu.h +@@ -16,7 +16,6 @@ extern bool qemu_uuid_set; + void qemu_add_exit_notifier(Notifier *notify); + void qemu_remove_exit_notifier(Notifier *notify); + +-void qemu_run_machine_init_done_notifiers(void); + void qemu_add_machine_init_done_notifier(Notifier *notify); + void qemu_remove_machine_init_done_notifier(Notifier *notify); + +-- +2.41.0.windows.1 + diff --git a/target-i386-REPZ-and-REPNZ-are-mutually-exclusive.patch b/target-i386-REPZ-and-REPNZ-are-mutually-exclusive.patch new file mode 100644 index 00000000..28598516 --- /dev/null +++ b/target-i386-REPZ-and-REPNZ-are-mutually-exclusive.patch @@ -0,0 +1,33 @@ +From 216483f975d268d1bba93e5a44c06b080f515a97 Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 16:58:59 +0800 +Subject: [PATCH] target/i386: REPZ and REPNZ are mutually exclusive + +The later prefix wins if both are present, make it show in s->prefix too. + +Reviewed-by: Richard Henderson +Signed-off-by: Paolo Bonzini +Signed-off-by: Liu Jing +--- + target/i386/tcg/translate.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c +index 82f77b52fb..0b035df68e 100644 +--- a/target/i386/tcg/translate.c ++++ b/target/i386/tcg/translate.c +@@ -4587,9 +4587,11 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) + switch (b) { + case 0xf3: + prefixes |= PREFIX_REPZ; ++ prefixes &= ~PREFIX_REPNZ; + goto next_byte; + case 0xf2: + prefixes |= PREFIX_REPNZ; ++ prefixes &= ~PREFIX_REPZ; + goto next_byte; + case 0xf0: + prefixes |= PREFIX_LOCK; +-- +2.41.0.windows.1 + diff --git a/target-i386-correctly-mask-SSE4a-bit-indices-in-regi.patch b/target-i386-correctly-mask-SSE4a-bit-indices-in-regi.patch new file mode 100644 index 00000000..b85eb7c6 --- /dev/null +++ b/target-i386-correctly-mask-SSE4a-bit-indices-in-regi.patch @@ -0,0 +1,43 @@ +From 4d18374e62d3206d564d9a6a7154e7eb4b48ecb2 Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 16:44:18 +0800 +Subject: [PATCH] target/i386: correctly mask SSE4a bit indices in register + operands + +SSE4a instructions EXTRQ and INSERTQ have two bit index operands, that can be +immediates or taken from an XMM register. In both cases, the fields are +6-bit wide and the top two bits in the byte are ignored. translate.c is +doing that correctly for the immediate case, but not for the XMM case, so +fix it. + +Signed-off-by: Paolo Bonzini +Signed-off-by: Liu Jing +--- + target/i386/ops_sse.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h +index 6f1fc174b3..898b7e4292 100644 +--- a/target/i386/ops_sse.h ++++ b/target/i386/ops_sse.h +@@ -899,7 +899,7 @@ static inline uint64_t helper_extrq(uint64_t src, int shift, int len) + + void helper_extrq_r(CPUX86State *env, ZMMReg *d, ZMMReg *s) + { +- d->ZMM_Q(0) = helper_extrq(d->ZMM_Q(0), s->ZMM_B(1), s->ZMM_B(0)); ++ d->ZMM_Q(0) = helper_extrq(d->ZMM_Q(0), s->ZMM_B(1) & 63, s->ZMM_B(0) & 63); + } + + void helper_extrq_i(CPUX86State *env, ZMMReg *d, int index, int length) +@@ -921,7 +921,7 @@ static inline uint64_t helper_insertq(uint64_t src, int shift, int len) + + void helper_insertq_r(CPUX86State *env, ZMMReg *d, ZMMReg *s) + { +- d->ZMM_Q(0) = helper_insertq(s->ZMM_Q(0), s->ZMM_B(9), s->ZMM_B(8)); ++ d->ZMM_Q(0) = helper_insertq(s->ZMM_Q(0), s->ZMM_B(9) & 63, s->ZMM_B(8) & 63); + } + + void helper_insertq_i(CPUX86State *env, ZMMReg *d, int index, int length) +-- +2.41.0.windows.1 + diff --git a/target-i386-introduce-insn_get_addr.patch b/target-i386-introduce-insn_get_addr.patch new file mode 100644 index 00000000..5d1aec7b --- /dev/null +++ b/target-i386-introduce-insn_get_addr.patch @@ -0,0 +1,73 @@ +From 45e03e38593db8583788a53f08735199f203a370 Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 17:54:50 +0800 +Subject: [PATCH] target/i386: introduce insn_get_addr + +The "O" operand type in the Intel SDM needs to load an 8- to 64-bit +unsigned value, while insn_get is limited to 32 bits. Extract the code +out of disas_insn and into a separate function. + +Reviewed-by: Richard Henderson +Signed-off-by: Paolo Bonzini +Signed-off-by: Liu Jing +--- + target/i386/tcg/translate.c | 36 ++++++++++++++++++++++++++---------- + 1 file changed, 26 insertions(+), 10 deletions(-) + +diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c +index 82f77b52fb..44cea102eb 100644 +--- a/target/i386/tcg/translate.c ++++ b/target/i386/tcg/translate.c +@@ -2282,6 +2282,31 @@ static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm, + } + } + ++static target_ulong insn_get_addr(CPUX86State *env, DisasContext *s, MemOp ot) ++{ ++ target_ulong ret; ++ ++ switch (ot) { ++ case MO_8: ++ ret = x86_ldub_code(env, s); ++ break; ++ case MO_16: ++ ret = x86_lduw_code(env, s); ++ break; ++ case MO_32: ++ ret = x86_ldl_code(env, s); ++ break; ++#ifdef TARGET_X86_64 ++ case MO_64: ++ ret = x86_ldq_code(env, s); ++ break; ++#endif ++ default: ++ g_assert_not_reached(); ++ } ++ return ret; ++} ++ + static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, MemOp ot) + { + uint32_t ret; +@@ -5703,16 +5728,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) + target_ulong offset_addr; + + ot = mo_b_d(b, dflag); +- switch (s->aflag) { +-#ifdef TARGET_X86_64 +- case MO_64: +- offset_addr = x86_ldq_code(env, s); +- break; +-#endif +- default: +- offset_addr = insn_get(env, s, s->aflag); +- break; +- } ++ offset_addr = insn_get_addr(env, s, s->aflag); + tcg_gen_movi_tl(s->A0, offset_addr); + gen_add_A0_ds_seg(s); + if ((b & 2) == 0) { +-- +2.41.0.windows.1 + diff --git a/target-i386-kvm-Replace-use-of-__u32-type.patch b/target-i386-kvm-Replace-use-of-__u32-type.patch new file mode 100644 index 00000000..2a964007 --- /dev/null +++ b/target-i386-kvm-Replace-use-of-__u32-type.patch @@ -0,0 +1,38 @@ +From 91ffc3ebae439ac3de19a5f494e9319101e6d532 Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 10:40:33 +0800 +Subject: [PATCH] target/i386/kvm: Replace use of __u32 type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry picked from commit dc7d6cafce8a7d36d2ebc03be3b6162e0eb98c22 + +QEMU coding style mandates to not use Linux kernel internal +types for scalars types. Replace __u32 by uint32_t. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Message-Id: <20211116193955.2793171-1-philmd@redhat.com> +Signed-off-by: Laurent Vivier +Signed-off-by: Luo Yifan +--- + target/i386/kvm/kvm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 15755197f4..1c019f2f98 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -1452,7 +1452,7 @@ static int hyperv_fill_cpuids(CPUState *cs, + c->edx = cpu->hyperv_limits[2]; + + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_EVMCS)) { +- __u32 function; ++ uint32_t function; + + /* Create zeroed 0x40000006..0x40000009 leaves */ + for (function = HV_CPUID_IMPLEMENT_LIMITS + 1; +-- +2.41.0.windows.1 + diff --git a/target-ppc-Add-HASHKEYR-and-HASHPKEYR-SPRs.patch b/target-ppc-Add-HASHKEYR-and-HASHPKEYR-SPRs.patch new file mode 100644 index 00000000..50910441 --- /dev/null +++ b/target-ppc-Add-HASHKEYR-and-HASHPKEYR-SPRs.patch @@ -0,0 +1,89 @@ +From c7a2780e7e3ff001d3651c20767011d1f5bfbfd5 Mon Sep 17 00:00:00 2001 +From: liujing +Date: Thu, 19 Sep 2024 10:14:22 +0800 +Subject: [PATCH] target/ppc: Add HASHKEYR and HASHPKEYR SPRs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add the Special Purpose Registers HASHKEYR and HASHPKEYR, which were +introduced by the Power ISA 3.1B. They are used by the new instructions +hashchk(p) and hashst(p). + +The ISA states that the Operating System should generate the value for +these registers when creating a process, so it's its responsability to +do so. We initialize it with 0 for qemu-softmmu, and set a random 64 +bits value for linux-user. + +Signed-off-by: Víctor Colombo +Reviewed-by: Lucas Mateus Castro +Message-Id: <20220715205439.161110-2-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/cpu.h | 2 ++ + target/ppc/cpu_init.c | 28 ++++++++++++++++++++++++++++ + 2 files changed, 30 insertions(+) + +diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h +index 8b214b2cc1..1281323c02 100644 +--- a/target/ppc/cpu.h ++++ b/target/ppc/cpu.h +@@ -1623,6 +1623,8 @@ typedef PowerPCCPU ArchCPU; + #define SPR_BOOKE_GIVOR14 (0x1BD) + #define SPR_TIR (0x1BE) + #define SPR_PTCR (0x1D0) ++#define SPR_HASHKEYR (0x1D4) ++#define SPR_HASHPKEYR (0x1D5) + #define SPR_BOOKE_SPEFSCR (0x200) + #define SPR_Exxx_BBEAR (0x201) + #define SPR_Exxx_BBTAR (0x202) +diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c +index a220d0dc51..211759508f 100644 +--- a/target/ppc/cpu_init.c ++++ b/target/ppc/cpu_init.c +@@ -2098,6 +2098,33 @@ static void register_8xx_sprs(CPUPPCState *env) + 0x00000000); + } + ++static void register_power10_hash_sprs(CPUPPCState *env) ++{ ++ /* ++ * it's the OS responsability to generate a random value for the registers ++ * in each process' context. So, initialize it with 0 here. ++ */ ++ uint64_t hashkeyr_initial_value = 0, hashpkeyr_initial_value = 0; ++#if defined(CONFIG_USER_ONLY) ++ /* in linux-user, setup the hash register with a random value */ ++ GRand *rand = g_rand_new(); ++ hashkeyr_initial_value = ++ ((uint64_t)g_rand_int(rand) << 32) | (uint64_t)g_rand_int(rand); ++ hashpkeyr_initial_value = ++ ((uint64_t)g_rand_int(rand) << 32) | (uint64_t)g_rand_int(rand); ++ g_rand_free(rand); ++#endif ++ spr_register(env, SPR_HASHKEYR, "HASHKEYR", ++ SPR_NOACCESS, SPR_NOACCESS, ++ &spr_read_generic, &spr_write_generic, ++ hashkeyr_initial_value); ++ spr_register_hv(env, SPR_HASHPKEYR, "HASHPKEYR", ++ SPR_NOACCESS, SPR_NOACCESS, ++ SPR_NOACCESS, SPR_NOACCESS, ++ &spr_read_generic, &spr_write_generic, ++ hashpkeyr_initial_value); ++} ++ + /* + * AMR => SPR 29 (Power 2.04) + * CTRL => SPR 136 (Power 2.04) +@@ -8107,6 +8134,7 @@ static void init_proc_POWER10(CPUPPCState *env) + register_power8_book4_sprs(env); + register_power8_rpr_sprs(env); + register_power9_mmu_sprs(env); ++ register_power10_hash_sprs(env); + + /* FIXME: Filter fields properly based on privilege level */ + spr_register_kvm_hv(env, SPR_PSSCR, "PSSCR", NULL, NULL, NULL, NULL, +-- +2.41.0.windows.1 + diff --git a/tests-Fix-error-strings.patch b/tests-Fix-error-strings.patch new file mode 100644 index 00000000..25c50d96 --- /dev/null +++ b/tests-Fix-error-strings.patch @@ -0,0 +1,49 @@ +From deb4c3c20a63d0b61ba291a8edb237c2d065a04e Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 19:24:00 +0800 +Subject: [PATCH] tests: Fix error strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +They were copy-pasted from e1000e and never changed. + +Signed-off-by: Juan Quintela +Message-Id: <20220902165126.1482-7-quintela@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Thomas Huth +Signed-off-by: Liu Jing +--- + tests/qtest/e1000-test.c | 2 +- + tests/qtest/es1370-test.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/qtest/e1000-test.c b/tests/qtest/e1000-test.c +index ea286d1793..1bd25d584b 100644 +--- a/tests/qtest/e1000-test.c ++++ b/tests/qtest/e1000-test.c +@@ -35,7 +35,7 @@ static void *e1000_get_driver(void *obj, const char *interface) + return &e1000->dev; + } + +- fprintf(stderr, "%s not present in e1000e\n", interface); ++ fprintf(stderr, "%s not present in e1000\n", interface); + g_assert_not_reached(); + } + +diff --git a/tests/qtest/es1370-test.c b/tests/qtest/es1370-test.c +index 2fd7fd2d3d..861656d572 100644 +--- a/tests/qtest/es1370-test.c ++++ b/tests/qtest/es1370-test.c +@@ -28,7 +28,7 @@ static void *es1370_get_driver(void *obj, const char *interface) + return &es1370->dev; + } + +- fprintf(stderr, "%s not present in e1000e\n", interface); ++ fprintf(stderr, "%s not present in es1370\n", interface); + g_assert_not_reached(); + } + +-- +2.41.0.windows.1 + diff --git a/tests-vm-update-NetBSD-to-9.3.patch b/tests-vm-update-NetBSD-to-9.3.patch new file mode 100644 index 00000000..13750443 --- /dev/null +++ b/tests-vm-update-NetBSD-to-9.3.patch @@ -0,0 +1,33 @@ +From 20df6de2677d05cd6efafb94b97ddf6eb4671aa3 Mon Sep 17 00:00:00 2001 +From: liujing +Date: Wed, 18 Sep 2024 14:29:26 +0800 +Subject: [PATCH] tests/vm: update NetBSD to 9.3 + +Update NetBSD to 9.3 + +Signed-off-by: Brad Smith +Message-Id: +Signed-off-by: Thomas Huth +Signed-off-by: Liu Jing +--- + tests/vm/netbsd | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/vm/netbsd b/tests/vm/netbsd +index 4cc58df130..df4769c63d 100755 +--- a/tests/vm/netbsd ++++ b/tests/vm/netbsd +@@ -22,8 +22,8 @@ class NetBSDVM(basevm.BaseVM): + name = "netbsd" + arch = "x86_64" + +- link = "https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.2/images/NetBSD-9.2-amd64.iso" +- csum = "5ee0ea101f73386b9b424f5d1041e371db3c42fdd6f4e4518dc79c4a08f31d43091ebe93425c9f0dcaaed2b51131836fe6774f33f89030b58d64709b35fda72f" ++ link = "https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.3/images/NetBSD-9.3-amd64.iso" ++ csum = "2bfce544f762a579f61478e7106c436fc48731ff25cf6f79b392ba5752e6f5ec130364286f7471716290a5f033637cf56aacee7fedb91095face59adf36300c3" + size = "20G" + pkgs = [ + # tools +-- +2.41.0.windows.1 + diff --git a/ui-remove-break-after-g_assert_not_reached.patch b/ui-remove-break-after-g_assert_not_reached.patch new file mode 100644 index 00000000..81ec279b --- /dev/null +++ b/ui-remove-break-after-g_assert_not_reached.patch @@ -0,0 +1,47 @@ +From 9949490829e5f4d0a0f3700025501e8cb5afc4d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=BC=A0=E6=A5=9A=E5=90=9B?= + +Date: Tue, 24 Sep 2024 18:07:34 +0800 +Subject: [PATCH] ui: remove break after g_assert_not_reached() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use of assert(false) can trip spurious control flow warnings from +some versions of GCC (i.e. using -fsanitize=thread with gcc-12): + + error: control reaches end of non-void function [-Werror=return-type] + default: + g_assert_not_reached(); + break; + | ^^^^^ + +Solve that by removing the unreachable 'break' statement, unifying +the code base on g_assert_not_reached() instead. + +Signed-off-by: Pierrick Bouvier +Reviewed-by: Richard Henderson +Reviewed-by: Philippe Mathieu-Daudé +Message-ID: <20240910221606.1817478-37-pierrick.bouvier@linaro.org> +[PMD: Add description suggested by Eric Blake] +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: zhangchujun +--- + ui/qemu-pixman.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ui/qemu-pixman.c b/ui/qemu-pixman.c +index 3ab7e2e958..67a88bf8dd 100644 +--- a/ui/qemu-pixman.c ++++ b/ui/qemu-pixman.c +@@ -48,7 +48,6 @@ PixelFormat qemu_pixelformat_from_pixman(pixman_format_code_t format) + break; + default: + g_assert_not_reached(); +- break; + } + + pf.amax = (1 << pf.abits) - 1; +-- +2.41.0.windows.1 + diff --git a/vhost-backend-avoid-overflow-on-memslots_limit.patch b/vhost-backend-avoid-overflow-on-memslots_limit.patch new file mode 100644 index 00000000..4ae12a04 --- /dev/null +++ b/vhost-backend-avoid-overflow-on-memslots_limit.patch @@ -0,0 +1,36 @@ +From dae2e53c30574daff59c7ddf651b730a750a3623 Mon Sep 17 00:00:00 2001 +From: Luo Yifan +Date: Thu, 26 Sep 2024 11:23:32 +0800 +Subject: [PATCH] vhost-backend: avoid overflow on memslots_limit + +cherry picked from commit 6dcae534e82520aa2280009de4b78a19059e8bbb + +Fix the (hypothetical) potential problem when the value parsed out of +the vhost module parameter in sysfs overflows the return value from +vhost_kernel_memslots_limit. + +Signed-off-by: Roman Kagan +Message-Id: <20211111153354.18807-6-rvkagan@yandex-team.ru> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Luo Yifan +--- + hw/virtio/vhost-backend.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c +index 2acfb750fd..5787775c91 100644 +--- a/hw/virtio/vhost-backend.c ++++ b/hw/virtio/vhost-backend.c +@@ -60,7 +60,7 @@ static int vhost_kernel_memslots_limit(struct vhost_dev *dev) + if (g_file_get_contents("/sys/module/vhost/parameters/max_mem_regions", + &s, NULL, NULL)) { + uint64_t val = g_ascii_strtoull(s, NULL, 10); +- if (!((val == G_MAXUINT64 || !val) && errno)) { ++ if (val < INT_MAX && val > 0) { + g_free(s); + return val; + } +-- +2.41.0.windows.1 + diff --git a/virtio-mem-don-t-warn-about-THP-sizes-on-a-kernel-wi.patch b/virtio-mem-don-t-warn-about-THP-sizes-on-a-kernel-wi.patch new file mode 100644 index 00000000..b61550e6 --- /dev/null +++ b/virtio-mem-don-t-warn-about-THP-sizes-on-a-kernel-wi.patch @@ -0,0 +1,50 @@ +From 2fc1b97a5acd19c52d8af4bfd8bcf4824db48fb9 Mon Sep 17 00:00:00 2001 +From: dinglimin +Date: Mon, 16 Sep 2024 16:53:58 +0800 +Subject: [PATCH] virtio-mem: don't warn about THP sizes on a kernel without + THP support cheery-pick from 95b717a8154b955de2782305f305b63f357b0576 If the + config directory in sysfs does not exist at all, we are dealing with a system + that does not support THPs. Simply use 1 MiB block size then, instead of + warning "Could not detect THP size, falling back to ..." and falling back to + the default THP size. + +Cc: "Michael S. Tsirkin" +Cc: Gavin Shan +Cc: Juraj Marcin +Signed-off-by: David Hildenbrand +Message-Id: <20240910163433.2100295-1-david@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: dinglimin +--- + hw/virtio/virtio-mem.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c +index 49749349e0..452f60266a 100644 +--- a/hw/virtio/virtio-mem.c ++++ b/hw/virtio/virtio-mem.c +@@ -61,6 +61,7 @@ + static uint32_t thp_size; + + #define HPAGE_PMD_SIZE_PATH "/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" ++#define HPAGE_PATH "/sys/kernel/mm/transparent_hugepage/" + static uint32_t virtio_mem_thp_size(void) + { + gchar *content = NULL; +@@ -71,6 +72,12 @@ static uint32_t virtio_mem_thp_size(void) + return thp_size; + } + ++ /* No THP -> no restrictions. */ ++ if (!g_file_test(HPAGE_PATH, G_FILE_TEST_EXISTS)) { ++ thp_size = VIRTIO_MEM_MIN_BLOCK_SIZE; ++ return thp_size; ++ } ++ + /* + * Try to probe the actual THP size, fallback to (sane but eventually + * incorrect) default sizes. +-- +2.41.0.windows.1 + -- Gitee