From 99e6e7bdad293f1cc6ef95ac41bf2281f82fd18e Mon Sep 17 00:00:00 2001 From: zhangpengrui Date: Sat, 30 Aug 2025 14:53:06 +0800 Subject: [PATCH] QEMU update to version 8.2.0-45 Signed-off-by: zhangpengrui (cherry picked from commit fa748e3893f66f8f5d0ab4728b3aa94c6a535f5f) --- ...ix-abstract-device-type-error-messag.patch | 37 +++++++++ ...native-non-cross-compiler-for-linux-.patch | 39 ++++++++++ ...or-NULL-result-from-scsi_device_find.patch | 44 +++++++++++ ...ve-final-vestiges-of-dynamic-state-t.patch | 37 +++++++++ ...t-cadence_gem-Fix-MDIO_OP_xxx-values.patch | 47 ++++++++++++ ...on-fix-coverity-migrate_mode-finding.patch | 48 ++++++++++++ ...ons-Unify-the-help-entries-for-cocoa.patch | 45 +++++++++++ qemu.spec | 28 ++++++- ...x-mcycle-minstret-increment-behavior.patch | 58 ++++++++++++++ ...-do-not-use-non-portable-strerrornam.patch | 75 +++++++++++++++++++ ...est-qmp-event-Drop-superfluous-mutex.patch | 54 +++++++++++++ ...-scsi-fix-usage-of-error_reportf_err.patch | 68 +++++++++++++++++ ...-notifier-helpers-for-VIRTIO_CONFIG_.patch | 63 ++++++++++++++++ 13 files changed, 642 insertions(+), 1 deletion(-) create mode 100644 chardev-char.c-fix-abstract-device-type-error-messag.patch create mode 100644 configure-use-a-native-non-cross-compiler-for-linux-.patch create mode 100644 esp-check-for-NULL-result-from-scsi_device_find.patch create mode 100644 hw-core-cpu-Remove-final-vestiges-of-dynamic-state-t.patch create mode 100644 hw-net-cadence_gem-Fix-MDIO_OP_xxx-values.patch create mode 100644 migration-fix-coverity-migrate_mode-finding.patch create mode 100644 qemu-options-Unify-the-help-entries-for-cocoa.patch create mode 100644 target-riscv-Fix-mcycle-minstret-increment-behavior.patch create mode 100644 target-riscv-kvm-do-not-use-non-portable-strerrornam.patch create mode 100644 tests-unit-test-qmp-event-Drop-superfluous-mutex.patch create mode 100644 vhost-scsi-fix-usage-of-error_reportf_err.patch create mode 100644 virtio-rng-Check-notifier-helpers-for-VIRTIO_CONFIG_.patch diff --git a/chardev-char.c-fix-abstract-device-type-error-messag.patch b/chardev-char.c-fix-abstract-device-type-error-messag.patch new file mode 100644 index 0000000..6c7df85 --- /dev/null +++ b/chardev-char.c-fix-abstract-device-type-error-messag.patch @@ -0,0 +1,37 @@ +From 1bfac15dc5a3e4ef2ef0a6df96ad5775de5cb9c1 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Wed, 3 Jan 2024 14:37:39 +0300 +Subject: [PATCH] chardev/char.c: fix "abstract device type" error message + +Current error message: + + qemu-system-x86_64: -chardev spice,id=foo: Parameter 'driver' expects an abstract device type + +while in fact the meaning is in reverse, -chardev expects +a non-abstract device type. + +Backport from QEMU official community: 4ad87cd4b225 + +Fixes: 777357d758d9 ("chardev: qom-ify" 2016-12-07) +Signed-off-by: Michael Tokarev +Reviewed-by: Zhao Liu +--- + chardev/char.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/chardev/char.c b/chardev/char.c +index 996a024c7a..119b548784 100644 +--- a/chardev/char.c ++++ b/chardev/char.c +@@ -518,7 +518,7 @@ static const ChardevClass *char_get_class(const char *driver, Error **errp) + + if (object_class_is_abstract(oc)) { + error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "driver", +- "an abstract device type"); ++ "a non-abstract device type"); + return NULL; + } + +-- +2.33.0 + diff --git a/configure-use-a-native-non-cross-compiler-for-linux-.patch b/configure-use-a-native-non-cross-compiler-for-linux-.patch new file mode 100644 index 0000000..44f4e55 --- /dev/null +++ b/configure-use-a-native-non-cross-compiler-for-linux-.patch @@ -0,0 +1,39 @@ +From 7d0a5a5345e2acf77770033cff2b746a20942aff Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Fri, 22 Dec 2023 10:55:43 +0100 +Subject: [PATCH] configure: use a native non-cross compiler for linux-user + +Commit c2118e9e1ab ("configure: don't try a "native" cross for linux-user", +2023-11-23) sought to avoid issues with using the native compiler with a +cross-endian or cross-bitness setup. However, in doing so it ended up +requiring a cross compiler setup (and most likely a slow compiler setup) +even when building TCG tests that are native to the host architecture. +Always allow the host compiler in that case. + +Backport from QEMU official community: 007531586aa8 + +Cc: qemu-stable@nongnu.org +Fixes: c2118e9e1ab ("configure: don't try a "native" cross for linux-user", 2023-11-23) +Signed-off-by: Paolo Bonzini +--- + configure | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure b/configure +index 6036de83a4..67468e9918 100755 +--- a/configure ++++ b/configure +@@ -1388,8 +1388,8 @@ probe_target_compiler() { + done + + try=cross +- # For softmmu/roms we might be able to use the host compiler +- if [ "${1%softmmu}" != "$1" ]; then ++ # For softmmu/roms also look for a bi-endian or multilib-enabled host compiler ++ if [ "${1%softmmu}" != "$1" ] || test "$target_arch" = "$cpu"; then + case "$target_arch:$cpu" in + aarch64_be:aarch64 | \ + armeb:arm | \ +-- +2.33.0 + diff --git a/esp-check-for-NULL-result-from-scsi_device_find.patch b/esp-check-for-NULL-result-from-scsi_device_find.patch new file mode 100644 index 0000000..6b19953 --- /dev/null +++ b/esp-check-for-NULL-result-from-scsi_device_find.patch @@ -0,0 +1,44 @@ +From a9a1ea20a5a9b6f4e5bad70d876155704cecefac Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Fri, 29 Dec 2023 18:26:47 +0300 +Subject: [PATCH] esp: check for NULL result from scsi_device_find() + +Add a 'current_lun' check for a null value +to avoid null pointer dereferencing and +recover host if NULL return + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Backport from QEMU official community: b22f83d8df48 + +Fixes: 4eb8606560 (esp: store lun coming from the MESSAGE OUT phase) +Signed-off-by: Alexandra Diupina +Message-ID: <20231229152647.19699-1-adiupina@astralinux.ru> +Signed-off-by: Paolo Bonzini +--- + hw/scsi/esp.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c +index 9b11d8c573..d2cae79194 100644 +--- a/hw/scsi/esp.c ++++ b/hw/scsi/esp.c +@@ -292,6 +292,15 @@ static void do_command_phase(ESPState *s) + esp_fifo_pop_buf(&s->cmdfifo, buf, cmdlen); + + current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, s->lun); ++ if (!current_lun) { ++ /* No such drive */ ++ s->rregs[ESP_RSTAT] = 0; ++ s->rregs[ESP_RINTR] = INTR_DC; ++ s->rregs[ESP_RSEQ] = SEQ_0; ++ esp_raise_irq(s); ++ return; ++ } ++ + s->current_req = scsi_req_new(current_lun, 0, s->lun, buf, cmdlen, s); + datalen = scsi_req_enqueue(s->current_req); + s->ti_size = datalen; +-- +2.33.0 + diff --git a/hw-core-cpu-Remove-final-vestiges-of-dynamic-state-t.patch b/hw-core-cpu-Remove-final-vestiges-of-dynamic-state-t.patch new file mode 100644 index 0000000..4d8e9c1 --- /dev/null +++ b/hw-core-cpu-Remove-final-vestiges-of-dynamic-state-t.patch @@ -0,0 +1,37 @@ +From e40b2c3f39dc3a4dd62bb347820f0df285876b47 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Wed, 29 Nov 2023 17:07:38 +0100 +Subject: [PATCH] hw/core/cpu: Remove final vestiges of dynamic state tracing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The dynamic state tracing was removed in commit d0aaf08bb9. + +Backport from QEMU official community: e9f760f27a45 + +Fixes: d0aaf08bb9 ("tcg: remove the final vestiges of dstate") +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Message-Id: <20231129182734.15565-1-philmd@linaro.org> +--- + include/hw/core/cpu.h | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h +index 37f3a469c8..ee7eb2a0ca 100644 +--- a/include/hw/core/cpu.h ++++ b/include/hw/core/cpu.h +@@ -437,9 +437,6 @@ struct qemu_work_item; + * @kvm_fd: vCPU file descriptor for KVM. + * @work_mutex: Lock to prevent multiple access to @work_list. + * @work_list: List of pending asynchronous work. +- * @trace_dstate_delayed: Delayed changes to trace_dstate (includes all changes +- * to @trace_dstate). +- * @trace_dstate: Dynamic tracing state of events for this vCPU (bitmask). + * @plugin_mask: Plugin event bitmap. Modified only via async work. + * @ignore_memory_transaction_failures: Cached copy of the MachineState + * flag of the same name: allows the board to suppress calling of the +-- +2.33.0 + diff --git a/hw-net-cadence_gem-Fix-MDIO_OP_xxx-values.patch b/hw-net-cadence_gem-Fix-MDIO_OP_xxx-values.patch new file mode 100644 index 0000000..1c7ed03 --- /dev/null +++ b/hw-net-cadence_gem-Fix-MDIO_OP_xxx-values.patch @@ -0,0 +1,47 @@ +From 5cff939cf515350936219d01d22f72a40930f69e Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Tue, 2 Jan 2024 22:18:03 +0800 +Subject: [PATCH] hw/net: cadence_gem: Fix MDIO_OP_xxx values +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Testing upstream U-Boot with 'sifive_u' machine we see: + + => dhcp + ethernet@10090000: PHY present at 0 + Could not get PHY for ethernet@10090000: addr 0 + phy_connect failed + +This has been working till QEMU 8.1 but broken since QEMU 8.2. + +Backport from QEMU official community: 0c7ffc977195c + +Fixes: 1b09eeb122aa ("hw/net/cadence_gem: use FIELD to describe PHYMNTNC register fields") +Reported-by: Heinrich Schuchardt +Signed-off-by: Bin Meng +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Heinrich Schuchardt +Signed-off-by: Michael Tokarev +--- + hw/net/cadence_gem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c +index c7f793c560..5330608c6c 100644 +--- a/hw/net/cadence_gem.c ++++ b/hw/net/cadence_gem.c +@@ -199,8 +199,8 @@ REG32(PHYMNTNC, 0x34) /* Phy Maintenance reg */ + FIELD(PHYMNTNC, PHY_ADDR, 23, 5) + FIELD(PHYMNTNC, OP, 28, 2) + FIELD(PHYMNTNC, ST, 30, 2) +-#define MDIO_OP_READ 0x3 +-#define MDIO_OP_WRITE 0x2 ++#define MDIO_OP_READ 0x2 ++#define MDIO_OP_WRITE 0x1 + + REG32(RXPAUSE, 0x38) /* RX Pause Time reg */ + REG32(TXPAUSE, 0x3c) /* TX Pause Time reg */ +-- +2.33.0 + diff --git a/migration-fix-coverity-migrate_mode-finding.patch b/migration-fix-coverity-migrate_mode-finding.patch new file mode 100644 index 0000000..c678cdc --- /dev/null +++ b/migration-fix-coverity-migrate_mode-finding.patch @@ -0,0 +1,48 @@ +From d8d68637d6528e200b6af1efe3939891b8abd3a3 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Mon, 13 Nov 2023 12:23:45 -0800 +Subject: [PATCH] migration: fix coverity migrate_mode finding + +Coverity diagnoses a possible out-of-range array index here ... + + static GSList *migration_blockers[MIG_MODE__MAX]; + + fill_source_migration_info() { + GSList *cur_blocker = migration_blockers[migrate_mode()]; + +... because it does not know that MIG_MODE__MAX will never be returned as +a migration mode. To fix, assert so in migrate_mode(). + +Fixes: fa3673e497a1 ("migration: per-mode blockers") + +Backport from QEMU official community: b12635ff08ab + +Reported-by: Peter Maydell +Suggested-by: Peter Maydell +Signed-off-by: Steve Sistare +Reviewed-by: Fabiano Rosas +Link: https://lore.kernel.org/r/1699907025-215450-1-git-send-email-steven.sistare@oracle.com +Signed-off-by: Peter Xu +--- + migration/options.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/migration/options.c b/migration/options.c +index 6ba7ff65a3..136a8575df 100644 +--- a/migration/options.c ++++ b/migration/options.c +@@ -865,8 +865,10 @@ uint64_t migrate_max_postcopy_bandwidth(void) + MigMode migrate_mode(void) + { + MigrationState *s = migrate_get_current(); ++ MigMode mode = s->parameters.mode; + +- return s->parameters.mode; ++ assert(mode >= 0 && mode < MIG_MODE__MAX); ++ return mode; + } + + int migrate_hdbss_buffer_size(void) +-- +2.33.0 + diff --git a/qemu-options-Unify-the-help-entries-for-cocoa.patch b/qemu-options-Unify-the-help-entries-for-cocoa.patch new file mode 100644 index 0000000..d1ef963 --- /dev/null +++ b/qemu-options-Unify-the-help-entries-for-cocoa.patch @@ -0,0 +1,45 @@ +From 26c6433e031af96ee0740d22ca225c3b355758a6 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Thu, 14 Dec 2023 15:31:35 +0900 +Subject: [PATCH] qemu-options: Unify the help entries for cocoa +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Apparently the help entries were not merged when the patches got in. + +Backport from QEMU official community: 9ab8715d86bf + +Fixes: f844cdb99714 ("ui/cocoa: capture all keys and combos when mouse is grabbed") +Signed-off-by: Akihiko Odaki +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Michael Tokarev +--- + qemu-options.hx | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/qemu-options.hx b/qemu-options.hx +index b09d692d5b..9fb0348747 100644 +--- a/qemu-options.hx ++++ b/qemu-options.hx +@@ -2087,6 +2087,7 @@ DEF("display", HAS_ARG, QEMU_OPTION_display, + #endif + #if defined(CONFIG_COCOA) + "-display cocoa[,full-grab=on|off][,swap-opt-cmd=on|off]\n" ++ " [,show-cursor=on|off][,left-command-key=on|off]\n" + #endif + #if defined(CONFIG_OPENGL) + "-display egl-headless[,rendernode=]\n" +@@ -2094,9 +2095,6 @@ DEF("display", HAS_ARG, QEMU_OPTION_display, + #if defined(CONFIG_DBUS_DISPLAY) + "-display dbus[,addr=]\n" + " [,gl=on|core|es|off][,rendernode=]\n" +-#endif +-#if defined(CONFIG_COCOA) +- "-display cocoa[,show-cursor=on|off][,left-command-key=on|off]\n" + #endif + "-display none\n" + " select display backend type\n" +-- +2.33.0 + diff --git a/qemu.spec b/qemu.spec index 8c9de58..6af78a3 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 8.2.0 -Release: 44 +Release: 45 Epoch: 11 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -1055,6 +1055,18 @@ Patch1038: accel-kvm-Make-kvm_has_guest_debug-static.patch Patch1039: target-arm-tcg-Including-missing-exec-exec-all.h-hea.patch Patch1040: system-qtest-Include-missing-hw-core-cpu.h-header.patch Patch1041: qemu-options-Clarify-handling-of-commas-in-options-p.patch +Patch1042: tests-unit-test-qmp-event-Drop-superfluous-mutex.patch +Patch1043: configure-use-a-native-non-cross-compiler-for-linux-.patch +Patch1044: target-riscv-kvm-do-not-use-non-portable-strerrornam.patch +Patch1045: qemu-options-Unify-the-help-entries-for-cocoa.patch +Patch1046: virtio-rng-Check-notifier-helpers-for-VIRTIO_CONFIG_.patch +Patch1047: vhost-scsi-fix-usage-of-error_reportf_err.patch +Patch1048: esp-check-for-NULL-result-from-scsi_device_find.patch +Patch1049: migration-fix-coverity-migrate_mode-finding.patch +Patch1050: hw-core-cpu-Remove-final-vestiges-of-dynamic-state-t.patch +Patch1051: target-riscv-Fix-mcycle-minstret-increment-behavior.patch +Patch1052: chardev-char.c-fix-abstract-device-type-error-messag.patch +Patch1053: hw-net-cadence_gem-Fix-MDIO_OP_xxx-values.patch BuildRequires: flex BuildRequires: gcc @@ -1657,6 +1669,20 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Sat Aug 30 2025 Pengrui Zhang - 11:8.2.0-45 +- tests/unit/test-qmp-event: Drop superfluous mutex +- configure: use a native non-cross compiler for linux-user +- target/riscv/kvm: do not use non-portable strerrorname_np() +- qemu-options: Unify the help entries for cocoa +- virtio: rng: Check notifier helpers for VIRTIO_CONFIG_IRQ_IDX +- vhost-scsi: fix usage of error_reportf_err() +- esp: check for NULL result from scsi_device_find() +- migration: fix coverity migrate_mode finding +- hw/core/cpu: Remove final vestiges of dynamic state tracing +- target/riscv: Fix mcycle/minstret increment behavior +- chardev/char.c: fix "abstract device type" error message +- hw/net: cadence_gem: Fix MDIO_OP_xxx values + * Sat Aug 30 2025 Pengrui Zhang - 11:8.2.0-44 - qemu-img: fix division by zero in bench_cb() for zero-sized images - target/i386: cpu: set correct supported XCR0 features for TCG diff --git a/target-riscv-Fix-mcycle-minstret-increment-behavior.patch b/target-riscv-Fix-mcycle-minstret-increment-behavior.patch new file mode 100644 index 0000000..3892b54 --- /dev/null +++ b/target-riscv-Fix-mcycle-minstret-increment-behavior.patch @@ -0,0 +1,58 @@ +From 57ac816f1896427cfc4843961a6db3a08bb04d78 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Tue, 26 Dec 2023 12:05:00 +0800 +Subject: [PATCH] target/riscv: Fix mcycle/minstret increment behavior + +The mcycle/minstret counter's stop flag is mistakenly updated on a copy +on stack. Thus the counter increments even when the CY/IR bit in the +mcountinhibit register is set. This commit corrects its behavior. + +Backport from QEMU official community: 5cb0e7abe163 + +Fixes: 3780e33732f88 (target/riscv: Support mcycle/minstret write operation) +Signed-off-by: Xu Lu +Reviewed-by: Daniel Henrique Barboza +Signed-off-by: Michael Tokarev +--- + target/riscv/csr.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/target/riscv/csr.c b/target/riscv/csr.c +index d1bb7bc0d3..3d9ea0c316 100644 +--- a/target/riscv/csr.c ++++ b/target/riscv/csr.c +@@ -907,11 +907,11 @@ static int write_mhpmcounterh(CPURISCVState *env, int csrno, target_ulong val) + static RISCVException riscv_pmu_read_ctr(CPURISCVState *env, target_ulong *val, + bool upper_half, uint32_t ctr_idx) + { +- PMUCTRState counter = env->pmu_ctrs[ctr_idx]; +- target_ulong ctr_prev = upper_half ? counter.mhpmcounterh_prev : +- counter.mhpmcounter_prev; +- target_ulong ctr_val = upper_half ? counter.mhpmcounterh_val : +- counter.mhpmcounter_val; ++ PMUCTRState *counter = &env->pmu_ctrs[ctr_idx]; ++ target_ulong ctr_prev = upper_half ? counter->mhpmcounterh_prev : ++ counter->mhpmcounter_prev; ++ target_ulong ctr_val = upper_half ? counter->mhpmcounterh_val : ++ counter->mhpmcounter_val; + + if (get_field(env->mcountinhibit, BIT(ctr_idx))) { + /* +@@ -919,12 +919,12 @@ static RISCVException riscv_pmu_read_ctr(CPURISCVState *env, target_ulong *val, + * stop the icount counting. Just return the counter value written by + * the supervisor to indicate that counter was not incremented. + */ +- if (!counter.started) { ++ if (!counter->started) { + *val = ctr_val; + return RISCV_EXCP_NONE; + } else { + /* Mark that the counter has been stopped */ +- counter.started = false; ++ counter->started = false; + } + } + +-- +2.33.0 + diff --git a/target-riscv-kvm-do-not-use-non-portable-strerrornam.patch b/target-riscv-kvm-do-not-use-non-portable-strerrornam.patch new file mode 100644 index 0000000..9f10900 --- /dev/null +++ b/target-riscv-kvm-do-not-use-non-portable-strerrornam.patch @@ -0,0 +1,75 @@ +From b33e6b4d345b44bf8e92ae163446bbd125fbd18c Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Mon, 18 Dec 2023 17:22:44 +0100 +Subject: [PATCH] target/riscv/kvm: do not use non-portable strerrorname_np() + +strerrorname_np is non-portable and breaks building with musl libc. + +Use strerror(errno) instead, like we do other places. + +Backport from QEMU official community: d424db235434 + +Cc: qemu-stable@nongnu.org +Fixes: commit 082e9e4a58ba (target/riscv/kvm: improve 'init_multiext_cfg' error msg) +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2041 +Buglink: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15541 +Signed-off-by: Natanael Copa +Reviewed-by: Daniel Henrique Barboza +Signed-off-by: Michael Tokarev +--- + target/riscv/kvm/kvm-cpu.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c +index b3dc2070f9..9615e68ce4 100644 +--- a/target/riscv/kvm/kvm-cpu.c ++++ b/target/riscv/kvm/kvm-cpu.c +@@ -836,9 +836,8 @@ static void kvm_riscv_read_multiext_legacy(RISCVCPU *cpu, + multi_ext_cfg->supported = false; + val = false; + } else { +- error_report("Unable to read ISA_EXT KVM register %s, " +- "error code: %s", multi_ext_cfg->name, +- strerrorname_np(errno)); ++ error_report("Unable to read ISA_EXT KVM register %s: %s", ++ multi_ext_cfg->name, strerror(errno)); + exit(EXIT_FAILURE); + } + } else { +@@ -899,8 +898,8 @@ static void kvm_riscv_init_multiext_cfg(RISCVCPU *cpu, KVMScratchCPU *kvmcpu) + * + * Error out if we get any other errno. + */ +- error_report("Error when accessing get-reg-list, code: %s", +- strerrorname_np(errno)); ++ error_report("Error when accessing get-reg-list: %s", ++ strerror(errno)); + exit(EXIT_FAILURE); + } + +@@ -909,8 +908,8 @@ static void kvm_riscv_init_multiext_cfg(RISCVCPU *cpu, KVMScratchCPU *kvmcpu) + reglist->n = rl_struct.n; + ret = ioctl(kvmcpu->cpufd, KVM_GET_REG_LIST, reglist); + if (ret) { +- error_report("Error when reading KVM_GET_REG_LIST, code %s ", +- strerrorname_np(errno)); ++ error_report("Error when reading KVM_GET_REG_LIST: %s", ++ strerror(errno)); + exit(EXIT_FAILURE); + } + +@@ -931,9 +930,8 @@ static void kvm_riscv_init_multiext_cfg(RISCVCPU *cpu, KVMScratchCPU *kvmcpu) + reg.addr = (uint64_t)&val; + ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, ®); + if (ret != 0) { +- error_report("Unable to read ISA_EXT KVM register %s, " +- "error code: %s", multi_ext_cfg->name, +- strerrorname_np(errno)); ++ error_report("Unable to read ISA_EXT KVM register %s: %s", ++ multi_ext_cfg->name, strerror(errno)); + exit(EXIT_FAILURE); + } + +-- +2.33.0 + diff --git a/tests-unit-test-qmp-event-Drop-superfluous-mutex.patch b/tests-unit-test-qmp-event-Drop-superfluous-mutex.patch new file mode 100644 index 0000000..0f0da8e --- /dev/null +++ b/tests-unit-test-qmp-event-Drop-superfluous-mutex.patch @@ -0,0 +1,54 @@ +From 4274e3fc0f9eaf1f5b2bd754bc8d3026ca34b59d Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Wed, 22 Nov 2023 08:24:54 +0100 +Subject: [PATCH] tests/unit/test-qmp-event: Drop superfluous mutex + +Mutex @test_event_lock is held from fixture setup to teardown, +protecting global variable @test_event_data. But tests always run one +after the other, so this is superfluous. It also confuses Coverity. +Drop the mutex. + +Backport from QEMU official community: c363764a6048 + +Fixes: CID 1527425 +Signed-off-by: Markus Armbruster +Reviewed-by: Thomas Huth +Message-ID: <20231122072456.2518816-2-armbru@redhat.com> +Signed-off-by: Thomas Huth +--- + tests/unit/test-qmp-event.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/tests/unit/test-qmp-event.c b/tests/unit/test-qmp-event.c +index 3626d2372f..c2c44687d5 100644 +--- a/tests/unit/test-qmp-event.c ++++ b/tests/unit/test-qmp-event.c +@@ -30,7 +30,6 @@ typedef struct TestEventData { + } TestEventData; + + TestEventData *test_event_data; +-static GMutex test_event_lock; + + void test_qapi_event_emit(test_QAPIEvent event, QDict *d) + { +@@ -59,9 +58,6 @@ void test_qapi_event_emit(test_QAPIEvent event, QDict *d) + static void event_prepare(TestEventData *data, + const void *unused) + { +- /* Global variable test_event_data was used to pass the expectation, so +- test cases can't be executed at same time. */ +- g_mutex_lock(&test_event_lock); + test_event_data = data; + } + +@@ -69,7 +65,6 @@ static void event_teardown(TestEventData *data, + const void *unused) + { + test_event_data = NULL; +- g_mutex_unlock(&test_event_lock); + } + + static void event_test_add(const char *testpath, +-- +2.33.0 + diff --git a/vhost-scsi-fix-usage-of-error_reportf_err.patch b/vhost-scsi-fix-usage-of-error_reportf_err.patch new file mode 100644 index 0000000..e97ed0c --- /dev/null +++ b/vhost-scsi-fix-usage-of-error_reportf_err.patch @@ -0,0 +1,68 @@ +From 7be6e400d6986f37e70f3f8e2fe6c312409b6a0f Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Wed, 13 Dec 2023 16:31:17 -0800 +Subject: [PATCH] vhost-scsi: fix usage of error_reportf_err() + +It is required to use error_report() instead of error_reportf_err(), if the +prior function does not take local_err as the argument. As a result, the +local_err is always NULL and segment fault may happen. + +vhost_scsi_start() +-> vhost_scsi_set_endpoint(s) --> does not allocate local_err +-> error_reportf_err() + -> error_vprepend() + -> g_string_append(newmsg, (*errp)->msg) --> (*errp) is NULL + +In addition, add ": " at the end of other error_reportf_err() logs. + +Backport from QEMU official community: 551bf7b4c179 + +Fixes: 7962e432b4e4 ("vhost-user-scsi: support reconnect to backend") +Signed-off-by: Dongli Zhang +Message-Id: <20231214003117.43960-1-dongli.zhang@oracle.com> +Reviewed-by: Feng Li +Reviewed-by: Raphael Norwitz +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +--- + hw/scsi/vhost-scsi.c | 4 ++-- + hw/scsi/vhost-user-scsi.c | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c +index 3126df9e1d..9929c0d14b 100644 +--- a/hw/scsi/vhost-scsi.c ++++ b/hw/scsi/vhost-scsi.c +@@ -91,13 +91,13 @@ static int vhost_scsi_start(VHostSCSI *s) + + ret = vhost_scsi_common_start(vsc, &local_err); + if (ret < 0) { +- error_reportf_err(local_err, "Error starting vhost-scsi"); ++ error_reportf_err(local_err, "Error starting vhost-scsi: "); + return ret; + } + + ret = vhost_scsi_set_endpoint(s); + if (ret < 0) { +- error_reportf_err(local_err, "Error setting vhost-scsi endpoint"); ++ error_report("Error setting vhost-scsi endpoint"); + vhost_scsi_common_stop(vsc); + } + +diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c +index 780f10559d..af18c4f3d3 100644 +--- a/hw/scsi/vhost-user-scsi.c ++++ b/hw/scsi/vhost-user-scsi.c +@@ -83,7 +83,8 @@ static void vhost_user_scsi_set_status(VirtIODevice *vdev, uint8_t status) + if (should_start) { + ret = vhost_user_scsi_start(s, &local_err); + if (ret < 0) { +- error_reportf_err(local_err, "unable to start vhost-user-scsi: %s", ++ error_reportf_err(local_err, ++ "unable to start vhost-user-scsi: %s: ", + strerror(-ret)); + qemu_chr_fe_disconnect(&vs->conf.chardev); + } +-- +2.33.0 + diff --git a/virtio-rng-Check-notifier-helpers-for-VIRTIO_CONFIG_.patch b/virtio-rng-Check-notifier-helpers-for-VIRTIO_CONFIG_.patch new file mode 100644 index 0000000..2dfa4a7 --- /dev/null +++ b/virtio-rng-Check-notifier-helpers-for-VIRTIO_CONFIG_.patch @@ -0,0 +1,63 @@ +From 5999b0bb74b1b668c2398073ba8f767d051daac8 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Wed, 25 Oct 2023 11:18:41 -0600 +Subject: [PATCH] virtio: rng: Check notifier helpers for VIRTIO_CONFIG_IRQ_IDX +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since the driver doesn't support interrupts, we must return early when +index is set to VIRTIO_CONFIG_IRQ_IDX. Basically the same thing Viresh +did for "91208dd297f2 virtio: i2c: Check notifier helpers for +VIRTIO_CONFIG_IRQ_IDX". + +Backport from QEMU official community: df72f01104ae + +Fixes: 544f0278afca ("virtio: introduce macro VIRTIO_CONFIG_IRQ_IDX") +Signed-off-by: Mathieu Poirier +Message-Id: <20231025171841.3379663-1-mathieu.poirier@linaro.org> +Tested-by: Leo Yan +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +--- + hw/virtio/vhost-user-rng.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/hw/virtio/vhost-user-rng.c b/hw/virtio/vhost-user-rng.c +index efc54cd3fb..24ac1a22c8 100644 +--- a/hw/virtio/vhost-user-rng.c ++++ b/hw/virtio/vhost-user-rng.c +@@ -129,6 +129,14 @@ static void vu_rng_guest_notifier_mask(VirtIODevice *vdev, int idx, bool mask) + { + VHostUserRNG *rng = VHOST_USER_RNG(vdev); + ++ /* ++ * We don't support interrupts, return early if index is set to ++ * VIRTIO_CONFIG_IRQ_IDX. ++ */ ++ if (idx == VIRTIO_CONFIG_IRQ_IDX) { ++ return; ++ } ++ + vhost_virtqueue_mask(&rng->vhost_dev, vdev, idx, mask); + } + +@@ -136,6 +144,14 @@ static bool vu_rng_guest_notifier_pending(VirtIODevice *vdev, int idx) + { + VHostUserRNG *rng = VHOST_USER_RNG(vdev); + ++ /* ++ * We don't support interrupts, return early if index is set to ++ * VIRTIO_CONFIG_IRQ_IDX. ++ */ ++ if (idx == VIRTIO_CONFIG_IRQ_IDX) { ++ return false; ++ } ++ + return vhost_virtqueue_pending(&rng->vhost_dev, idx); + } + +-- +2.33.0 + -- Gitee