From a8263c06938cbc2fef57319489a20a086842ca461d9717389cd99127c6d6ec51 Mon Sep 17 00:00:00 2001 From: Bruce Rogers Date: Fri, 5 Feb 2021 19:59:39 +0000 Subject: [PATCH] Accepting request 869843 from home:bfrogers:branches:Virtualization - Include upstream patches designated as stable material and reviewed for applicability to include here block-Separate-blk_is_writable-and-blk_s.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch net-Fix-handling-of-id-in-netdev_add-and.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch tcg-Use-memset-for-large-vector-byte-rep.patch ui-vnc-Add-missing-lock-for-send_color_m.patch virtio-move-use-disabled-flag-property-t.patch - binutils v2.36 has changed the handling of the assembler's -mx86-used-note, resulting in a build failure. To compensate, we now explicitly specify -mx86-used-note=no in the seabios Makefile (boo#1181775) build-be-explicit-about-mx86-used-note-n.patch OBS-URL: https://build.opensuse.org/request/show/869843 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=614 --- ...k-Separate-blk_is_writable-and-blk_s.patch | 481 ++++++++++++++++++ ...d-be-explicit-about-mx86-used-note-n.patch | 28 + bundles.tar.xz | 4 +- ...ntc-arm_gic-Fix-interrupt-ID-in-GICD.patch | 64 +++ ...et-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch | 36 ++ ...imer-slavio_timer-Allow-64-bit-acces.patch | 88 ++++ ...sts-Fix-_send_qemu_cmd-with-bash-5.1.patch | 10 +- ...Fix-handling-of-id-in-netdev_add-and.patch | 119 +++++ qemu.changes | 29 ++ qemu.spec | 148 +++--- ...et-arm-Don-t-decode-insns-in-the-XSc.patch | 48 ++ target-arm-Fix-MTE0_ACTIVE.patch | 35 ++ ...et-arm-Introduce-PREDDESC-field-defi.patch | 45 ++ ...et-arm-Update-PFIRST-PNEXT-for-pred_.patch | 65 +++ ...et-arm-Update-REV-PUNPK-for-pred_des.patch | 75 +++ ...et-arm-Update-ZIP-UZP-TRN-for-pred_d.patch | 91 ++++ ...Use-memset-for-large-vector-byte-rep.patch | 123 +++++ ...s-Fix-block-tests-to-be-compatible-w.patch | 8 +- ...s-qemu-iotests-Triple-timeout-of-i-o.patch | 2 +- ...nc-Add-missing-lock-for-send_color_m.patch | 38 ++ update_git.sh | 41 +- ...io-move-use-disabled-flag-property-t.patch | 63 +++ ...add-block-resize-support-for-xen-dis.patch | 2 +- ...disk-Add-suse-specific-flush-disable.patch | 2 +- 24 files changed, 1556 insertions(+), 89 deletions(-) create mode 100644 block-Separate-blk_is_writable-and-blk_s.patch create mode 100644 build-be-explicit-about-mx86-used-note-n.patch create mode 100644 hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch create mode 100644 hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch create mode 100644 hw-timer-slavio_timer-Allow-64-bit-acces.patch create mode 100644 net-Fix-handling-of-id-in-netdev_add-and.patch create mode 100644 target-arm-Don-t-decode-insns-in-the-XSc.patch create mode 100644 target-arm-Fix-MTE0_ACTIVE.patch create mode 100644 target-arm-Introduce-PREDDESC-field-defi.patch create mode 100644 target-arm-Update-PFIRST-PNEXT-for-pred_.patch create mode 100644 target-arm-Update-REV-PUNPK-for-pred_des.patch create mode 100644 target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch create mode 100644 tcg-Use-memset-for-large-vector-byte-rep.patch create mode 100644 ui-vnc-Add-missing-lock-for-send_color_m.patch create mode 100644 virtio-move-use-disabled-flag-property-t.patch diff --git a/block-Separate-blk_is_writable-and-blk_s.patch b/block-Separate-blk_is_writable-and-blk_s.patch new file mode 100644 index 0000000..93e6dc1 --- /dev/null +++ b/block-Separate-blk_is_writable-and-blk_s.patch @@ -0,0 +1,481 @@ +From: Kevin Wolf +Date: Mon, 18 Jan 2021 13:34:47 +0100 +Subject: block: Separate blk_is_writable() and blk_supports_write_perm() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 86b1cf322789b79c8ace977430ac6a443d491cc0 + +Currently, blk_is_read_only() tells whether a given BlockBackend can +only be used in read-only mode because its root node is read-only. Some +callers actually try to answer a slightly different question: Is the +BlockBackend configured to be writable, by taking write permissions on +the root node? + +This can differ, for example, for CD-ROM devices which don't take write +permissions, but may be backed by a writable image file. scsi-cd allows +write requests to the drive if blk_is_read_only() returns false. +However, the write request will immediately run into an assertion +failure because the write permission is missing. + +This patch introduces separate functions for both questions. +blk_supports_write_perm() answers the question whether the block +node/image file can support writable devices, whereas blk_is_writable() +tells whether the BlockBackend is currently configured to be writable. + +All calls of blk_is_read_only() are converted to one of the two new +functions. + +Fixes: https://bugs.launchpad.net/bugs/1906693 +Cc: qemu-stable@nongnu.org +Signed-off-by: Kevin Wolf +Message-Id: <20210118123448.307825-2-kwolf@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Max Reitz +Signed-off-by: Kevin Wolf +Signed-off-by: Bruce Rogers +--- + block/block-backend.c | 19 ++++++++++++++++--- + hw/block/dataplane/xen-block.c | 2 +- + hw/block/fdc.c | 9 +++++---- + hw/block/m25p80.c | 6 +++--- + hw/block/nand.c | 2 +- + hw/block/nvme-ns.c | 7 ++++--- + hw/block/onenand.c | 2 +- + hw/block/pflash_cfi01.c | 2 +- + hw/block/pflash_cfi02.c | 2 +- + hw/block/swim.c | 6 +++--- + hw/block/virtio-blk.c | 6 +++--- + hw/block/xen-block.c | 2 +- + hw/ide/core.c | 2 +- + hw/misc/sifive_u_otp.c | 2 +- + hw/ppc/pnv_pnor.c | 2 +- + hw/scsi/scsi-disk.c | 10 +++++----- + hw/scsi/scsi-generic.c | 4 ++-- + hw/sd/sd.c | 6 +++--- + hw/usb/dev-storage.c | 4 ++-- + include/sysemu/block-backend.h | 3 ++- + 20 files changed, 57 insertions(+), 41 deletions(-) + +diff --git a/block/block-backend.c b/block/block-backend.c +index ce78d30794ade042fa9f1b8d2b68..e493f17515d88465796d298b5566 100644 +--- a/block/block-backend.c ++++ b/block/block-backend.c +@@ -1826,17 +1826,30 @@ void blk_error_action(BlockBackend *blk, BlockErrorAction action, + } + } + +-bool blk_is_read_only(BlockBackend *blk) ++/* ++ * Returns true if the BlockBackend can support taking write permissions ++ * (because its root node is not read-only). ++ */ ++bool blk_supports_write_perm(BlockBackend *blk) + { + BlockDriverState *bs = blk_bs(blk); + + if (bs) { +- return bdrv_is_read_only(bs); ++ return !bdrv_is_read_only(bs); + } else { +- return blk->root_state.read_only; ++ return !blk->root_state.read_only; + } + } + ++/* ++ * Returns true if the BlockBackend can be written to in its current ++ * configuration (i.e. if write permission have been requested) ++ */ ++bool blk_is_writable(BlockBackend *blk) ++{ ++ return blk->perm & BLK_PERM_WRITE; ++} ++ + bool blk_is_sg(BlockBackend *blk) + { + BlockDriverState *bs = blk_bs(blk); +diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c +index 71c337c7b7e74085532754bb28b2..f5b4f4c0790c26887e21649010f1 100644 +--- a/hw/block/dataplane/xen-block.c ++++ b/hw/block/dataplane/xen-block.c +@@ -168,7 +168,7 @@ static int xen_block_parse_request(XenBlockRequest *request) + }; + + if (request->req.operation != BLKIF_OP_READ && +- blk_is_read_only(dataplane->blk)) { ++ !blk_is_writable(dataplane->blk)) { + error_report("error: write req for ro device"); + goto err; + } +diff --git a/hw/block/fdc.c b/hw/block/fdc.c +index 4c2c35e223aa5fccb6b855b1aa9e..d6ba6c8f730092632770cf66908b 100644 +--- a/hw/block/fdc.c ++++ b/hw/block/fdc.c +@@ -443,7 +443,7 @@ static void fd_revalidate(FDrive *drv) + + FLOPPY_DPRINTF("revalidate\n"); + if (drv->blk != NULL) { +- drv->ro = blk_is_read_only(drv->blk); ++ drv->ro = !blk_is_writable(drv->blk); + if (!blk_is_inserted(drv->blk)) { + FLOPPY_DPRINTF("No disk in drive\n"); + drv->disk = FLOPPY_DRIVE_TYPE_NONE; +@@ -478,8 +478,8 @@ static void fd_change_cb(void *opaque, bool load, Error **errp) + blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort); + } else { + if (!blkconf_apply_backend_options(drive->conf, +- blk_is_read_only(drive->blk), false, +- errp)) { ++ !blk_supports_write_perm(drive->blk), ++ false, errp)) { + return; + } + } +@@ -552,7 +552,8 @@ static void floppy_drive_realize(DeviceState *qdev, Error **errp) + * read-only node later */ + read_only = true; + } else { +- read_only = !blk_bs(dev->conf.blk) || blk_is_read_only(dev->conf.blk); ++ read_only = !blk_bs(dev->conf.blk) || ++ !blk_supports_write_perm(dev->conf.blk); + } + + if (!blkconf_blocksizes(&dev->conf, errp)) { +diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c +index 483925f57a9023f349bd70e8db9a..efe490a52fe4ff5dfeaec609b3e3 100644 +--- a/hw/block/m25p80.c ++++ b/hw/block/m25p80.c +@@ -499,7 +499,7 @@ static void flash_sync_page(Flash *s, int page) + { + QEMUIOVector *iov; + +- if (!s->blk || blk_is_read_only(s->blk)) { ++ if (!s->blk || !blk_is_writable(s->blk)) { + return; + } + +@@ -515,7 +515,7 @@ static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) + { + QEMUIOVector *iov; + +- if (!s->blk || blk_is_read_only(s->blk)) { ++ if (!s->blk || !blk_is_writable(s->blk)) { + return; + } + +@@ -1278,7 +1278,7 @@ static void m25p80_realize(SSISlave *ss, Error **errp) + + if (s->blk) { + uint64_t perm = BLK_PERM_CONSISTENT_READ | +- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); ++ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); + ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); + if (ret < 0) { + return; +diff --git a/hw/block/nand.c b/hw/block/nand.c +index 1d7a48a2ec2ad7ac77dc4b28f677..8c5087f96a960420fc3f7aea03a5 100644 +--- a/hw/block/nand.c ++++ b/hw/block/nand.c +@@ -409,7 +409,7 @@ static void nand_realize(DeviceState *dev, Error **errp) + pagesize = 1 << s->oob_shift; + s->mem_oob = 1; + if (s->blk) { +- if (blk_is_read_only(s->blk)) { ++ if (!blk_supports_write_perm(s->blk)) { + error_setg(errp, "Can't use a read-only drive"); + return; + } +diff --git a/hw/block/nvme-ns.c b/hw/block/nvme-ns.c +index 31c80cdf5b5ff302052383cbada1..2670787d2630f8a3d1b1c7f138b8 100644 +--- a/hw/block/nvme-ns.c ++++ b/hw/block/nvme-ns.c +@@ -48,13 +48,14 @@ static void nvme_ns_init(NvmeNamespace *ns) + + static int nvme_ns_init_blk(NvmeCtrl *n, NvmeNamespace *ns, Error **errp) + { ++ bool read_only; ++ + if (!blkconf_blocksizes(&ns->blkconf, errp)) { + return -1; + } + +- if (!blkconf_apply_backend_options(&ns->blkconf, +- blk_is_read_only(ns->blkconf.blk), +- false, errp)) { ++ read_only = !blk_supports_write_perm(ns->blkconf.blk); ++ if (!blkconf_apply_backend_options(&ns->blkconf, read_only, false, errp)) { + return -1; + } + +diff --git a/hw/block/onenand.c b/hw/block/onenand.c +index 5ff7be86bb798190b976779d7603..08994ca7da1aff06ff12615d4777 100644 +--- a/hw/block/onenand.c ++++ b/hw/block/onenand.c +@@ -796,7 +796,7 @@ static void onenand_realize(DeviceState *dev, Error **errp) + s->image = memset(g_malloc(size + (size >> 5)), + 0xff, size + (size >> 5)); + } else { +- if (blk_is_read_only(s->blk)) { ++ if (!blk_supports_write_perm(s->blk)) { + error_setg(errp, "Can't use a read-only drive"); + return; + } +diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c +index daae9658605f4a348d6e91c84b31..af0bb6c26342405dc558df1be36c 100644 +--- a/hw/block/pflash_cfi01.c ++++ b/hw/block/pflash_cfi01.c +@@ -744,7 +744,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp) + + if (pfl->blk) { + uint64_t perm; +- pfl->ro = blk_is_read_only(pfl->blk); ++ pfl->ro = !blk_supports_write_perm(pfl->blk); + perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); + ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); + if (ret < 0) { +diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c +index 1b3d94e0473bd4490b7c97d7c7e7..1a855c5d3865c0d64b46c90a4cda 100644 +--- a/hw/block/pflash_cfi02.c ++++ b/hw/block/pflash_cfi02.c +@@ -801,7 +801,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp) + + if (pfl->blk) { + uint64_t perm; +- pfl->ro = blk_is_read_only(pfl->blk); ++ pfl->ro = !blk_supports_write_perm(pfl->blk); + perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); + ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); + if (ret < 0) { +diff --git a/hw/block/swim.c b/hw/block/swim.c +index 20133a814c44095028ea0efe7d53..509c2f4900353c3b1e7fad9117f1 100644 +--- a/hw/block/swim.c ++++ b/hw/block/swim.c +@@ -137,8 +137,8 @@ static void swim_change_cb(void *opaque, bool load, Error **errp) + blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort); + } else { + if (!blkconf_apply_backend_options(drive->conf, +- blk_is_read_only(drive->blk), false, +- errp)) { ++ !blk_supports_write_perm(drive->blk), ++ false, errp)) { + return; + } + } +@@ -210,7 +210,7 @@ static void swim_drive_realize(DeviceState *qdev, Error **errp) + dev->conf.werror = BLOCKDEV_ON_ERROR_AUTO; + + if (!blkconf_apply_backend_options(&dev->conf, +- blk_is_read_only(dev->conf.blk), ++ !blk_supports_write_perm(dev->conf.blk), + false, errp)) { + return; + } +diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c +index bac2d6fa2b283854b21f225bea1c..e8600b069da36372f68c6b59baf9 100644 +--- a/hw/block/virtio-blk.c ++++ b/hw/block/virtio-blk.c +@@ -1021,7 +1021,7 @@ static uint64_t virtio_blk_get_features(VirtIODevice *vdev, uint64_t features, + virtio_has_feature(features, VIRTIO_BLK_F_CONFIG_WCE))) { + virtio_add_feature(&features, VIRTIO_BLK_F_WCE); + } +- if (blk_is_read_only(s->blk)) { ++ if (!blk_is_writable(s->blk)) { + virtio_add_feature(&features, VIRTIO_BLK_F_RO); + } + if (s->conf.num_queues > 1) { +@@ -1175,8 +1175,8 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp) + } + + if (!blkconf_apply_backend_options(&conf->conf, +- blk_is_read_only(conf->conf.blk), true, +- errp)) { ++ !blk_supports_write_perm(conf->conf.blk), ++ true, errp)) { + return; + } + s->original_wce = blk_enable_write_cache(conf->conf.blk); +diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c +index 8a7a3f54523ed050587c3e2047de..20b23c699bc1cb4cd796bf352c45 100644 +--- a/hw/block/xen-block.c ++++ b/hw/block/xen-block.c +@@ -574,7 +574,7 @@ static void xen_disk_realize(XenBlockDevice *blockdev, Error **errp) + return; + } + +- blockdev->info = blk_is_read_only(conf->blk) ? VDISK_READONLY : 0; ++ blockdev->info = blk_supports_write_perm(conf->blk) ? 0 : VDISK_READONLY; + } + + static void xen_disk_class_init(ObjectClass *class, void *data) +diff --git a/hw/ide/core.c b/hw/ide/core.c +index e85821637c961121ad7a2ccfbaf9..50758a944172ba6ed12c3ca2bc4c 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -2537,7 +2537,7 @@ int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, + error_setg(errp, "Device needs media, but drive is empty"); + return -1; + } +- if (blk_is_read_only(blk)) { ++ if (!blk_is_writable(blk)) { + error_setg(errp, "Can't use a read-only drive"); + return -1; + } +diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c +index 60066375abddfa4e74e424b7d693..84547ebf1ba4aae4c99be01342e5 100644 +--- a/hw/misc/sifive_u_otp.c ++++ b/hw/misc/sifive_u_otp.c +@@ -218,7 +218,7 @@ static void sifive_u_otp_realize(DeviceState *dev, Error **errp) + + if (s->blk) { + perm = BLK_PERM_CONSISTENT_READ | +- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); ++ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); + ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); + if (ret < 0) { + return; +diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c +index c365ee58b884c02c77851a35f566..cc2a6a3db7eac7cab6750fe7f011 100644 +--- a/hw/ppc/pnv_pnor.c ++++ b/hw/ppc/pnv_pnor.c +@@ -85,7 +85,7 @@ static void pnv_pnor_realize(DeviceState *dev, Error **errp) + + if (s->blk) { + uint64_t perm = BLK_PERM_CONSISTENT_READ | +- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); ++ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); + ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); + if (ret < 0) { + return; +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index 90841ad79123a3a86547a70d6dd4..7ab2be05b3ce3f4fad2212037b34 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -1269,7 +1269,7 @@ static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) + + if (s->qdev.type == TYPE_DISK) { + dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; +- if (blk_is_read_only(s->qdev.conf.blk)) { ++ if (!blk_is_writable(s->qdev.conf.blk)) { + dev_specific_param |= 0x80; /* Readonly. */ + } + } else { +@@ -1703,7 +1703,7 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) + goto invalid_param_len; + } + +- if (blk_is_read_only(s->qdev.conf.blk)) { ++ if (!blk_is_writable(s->qdev.conf.blk)) { + block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); + scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); + return; +@@ -1794,7 +1794,7 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) + return; + } + +- if (blk_is_read_only(s->qdev.conf.blk)) { ++ if (!blk_is_writable(s->qdev.conf.blk)) { + scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); + return; + } +@@ -2206,7 +2206,7 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) + case WRITE_VERIFY_10: + case WRITE_VERIFY_12: + case WRITE_VERIFY_16: +- if (blk_is_read_only(s->qdev.conf.blk)) { ++ if (!blk_is_writable(s->qdev.conf.blk)) { + scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); + return 0; + } +@@ -2379,7 +2379,7 @@ static void scsi_realize(SCSIDevice *dev, Error **errp) + } + } + +- read_only = blk_is_read_only(s->qdev.conf.blk); ++ read_only = !blk_supports_write_perm(s->qdev.conf.blk); + if (dev->type == TYPE_ROM) { + read_only = true; + } +diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c +index 2cb23ca8913c91fc06f497af21be..836479ab017326fa058381efbb87 100644 +--- a/hw/scsi/scsi-generic.c ++++ b/hw/scsi/scsi-generic.c +@@ -305,7 +305,7 @@ static void scsi_read_complete(void * opaque, int ret) + * readonly. + */ + if ((s->type == TYPE_DISK || s->type == TYPE_TAPE || s->type == TYPE_ZBC) && +- blk_is_read_only(s->conf.blk) && ++ !blk_is_writable(s->conf.blk) && + (r->req.cmd.buf[0] == MODE_SENSE || + r->req.cmd.buf[0] == MODE_SENSE_10) && + (r->req.cmd.buf[1] & 0x8) == 0) { +@@ -693,7 +693,7 @@ static void scsi_generic_realize(SCSIDevice *s, Error **errp) + return; + } + if (!blkconf_apply_backend_options(&s->conf, +- blk_is_read_only(s->conf.blk), ++ !blk_supports_write_perm(s->conf.blk), + true, errp)) { + return; + } +diff --git a/hw/sd/sd.c b/hw/sd/sd.c +index 1842c037978c6b17c74d6b81a169..5cdcd54cfcbf467342b2e485ac3e 100644 +--- a/hw/sd/sd.c ++++ b/hw/sd/sd.c +@@ -583,7 +583,7 @@ static void sd_reset(DeviceState *dev) + sd_set_sdstatus(sd); + + g_free(sd->wp_groups); +- sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false; ++ sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; + sd->wpgrps_size = sect; + sd->wp_groups = bitmap_new(sd->wpgrps_size); + memset(sd->function_group, 0, sizeof(sd->function_group)); +@@ -751,7 +751,7 @@ void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) + { + sd->readonly_cb = readonly; + sd->inserted_cb = insert; +- qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0); ++ qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0); + qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); + } + +@@ -2155,7 +2155,7 @@ static void sd_realize(DeviceState *dev, Error **errp) + if (sd->blk) { + int64_t blk_size; + +- if (blk_is_read_only(sd->blk)) { ++ if (!blk_supports_write_perm(sd->blk)) { + error_setg(errp, "Cannot use read-only drive as SD card"); + return; + } +diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c +index f0f005869d25976cc4d5d2394237..c49e8b819e97df5f3f1814f2f63f 100644 +--- a/hw/usb/dev-storage.c ++++ b/hw/usb/dev-storage.c +@@ -613,8 +613,8 @@ static void usb_msd_storage_realize(USBDevice *dev, Error **errp) + return; + } + +- if (!blkconf_apply_backend_options(&s->conf, blk_is_read_only(blk), true, +- errp)) { ++ if (!blkconf_apply_backend_options(&s->conf, !blk_supports_write_perm(blk), ++ true, errp)) { + return; + } + +diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h +index 8203d7f6f90c792ca3f70e516909..880e9032930b0207e2e3e6fe1bd7 100644 +--- a/include/sysemu/block-backend.h ++++ b/include/sysemu/block-backend.h +@@ -191,7 +191,8 @@ BlockErrorAction blk_get_error_action(BlockBackend *blk, bool is_read, + int error); + void blk_error_action(BlockBackend *blk, BlockErrorAction action, + bool is_read, int error); +-bool blk_is_read_only(BlockBackend *blk); ++bool blk_supports_write_perm(BlockBackend *blk); ++bool blk_is_writable(BlockBackend *blk); + bool blk_is_sg(BlockBackend *blk); + bool blk_enable_write_cache(BlockBackend *blk); + void blk_set_enable_write_cache(BlockBackend *blk, bool wce); diff --git a/build-be-explicit-about-mx86-used-note-n.patch b/build-be-explicit-about-mx86-used-note-n.patch new file mode 100644 index 0000000..e0862b9 --- /dev/null +++ b/build-be-explicit-about-mx86-used-note-n.patch @@ -0,0 +1,28 @@ +From: Bruce Rogers +Date: Thu, 4 Feb 2021 11:06:47 -0700 +Subject: build: be explicit about -mx86-used-note=no + +binutils v2.36 switched the default for the assembler's -mx86-used-note, +which caused breakage building seavgabios as follows: +ld: section .note.gnu.property LMA [0000000000000000,0000000000000027] +overlaps section .text LMA [0000000000000000,0000000000006e87] +Fix by explicitly specifying -mx86-used-note=no to assembler in seabios' +Makefile (boo#1181775) + +Signed-off-by: Bruce Rogers +--- + Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/roms/seabios/Makefile b/roms/seabios/Makefile +index 74a01853f26458d94d4a4e056b7b..16627562900bbca4b68c6f1df220 100644 +--- a/roms/seabios/Makefile ++++ b/roms/seabios/Makefile +@@ -73,6 +73,7 @@ COMMONCFLAGS += $(call cc-option,$(CC),-fstack-check=no,) + COMMONCFLAGS += $(call cc-option,$(CC),-Wno-address-of-packed-member,) + COMMONCFLAGS += $(call cc-option,$(CC),-fcf-protection=none,) + COMMA := , ++COMMONCFLAGS += $(call cc-option,$(CC),-Wa$(COMMA)-mx86-used-note=no,) + + CFLAGS32FLAT := $(COMMONCFLAGS) -DMODE16=0 -DMODESEGMENT=0 + CFLAGSSEG := $(COMMONCFLAGS) -DMODESEGMENT=1 -fno-defer-pop \ diff --git a/bundles.tar.xz b/bundles.tar.xz index c2229c0..e539cf5 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f1253b975d29c6b84bbf3f611dbd98fcc2c4193fe76fed6db85dbcaf8b2bc696 -size 43464 +oid sha256:a745a8269f4f06d76fa4e4be2b77fd74108cd04261674d3fb15d9ab4b177f3f6 +size 56068 diff --git a/hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch b/hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch new file mode 100644 index 0000000..1948d7d --- /dev/null +++ b/hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch @@ -0,0 +1,64 @@ +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Sun, 31 Jan 2021 11:34:01 +0100 +Subject: hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: edfe2eb4360cde4ed5d95bda7777edcb3510f76a + +Per the ARM Generic Interrupt Controller Architecture specification +(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, +not 10: + + - 4.3 Distributor register descriptions + - 4.3.15 Software Generated Interrupt Register, GICD_SG + + - Table 4-21 GICD_SGIR bit assignments + + The Interrupt ID of the SGI to forward to the specified CPU + interfaces. The value of this field is the Interrupt ID, in + the range 0-15, for example a value of 0b0011 specifies + Interrupt ID 3. + +Correct the irq mask to fix an undefined behavior (which eventually +lead to a heap-buffer-overflow, see [Buglink]): + + $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio + [I 1612088147.116987] OPENED + [R +0.278293] writel 0x8000f00 0xff4affb0 + ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' + SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 + +This fixes a security issue when running with KVM on Arm with +kernel-irqchip=off. (The default is kernel-irqchip=on, which is +unaffected, and which is also the correct choice for performance.) + +Cc: qemu-stable@nongnu.org +Fixes: CVE-2021-20221 +Fixes: 9ee6e8bb853 ("ARMv7 support.") +Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 +Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 +Reported-by: Alexander Bulekov +Signed-off-by: Philippe Mathieu-Daudé +Message-id: 20210131103401.217160-1-f4bug@amsat.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + hw/intc/arm_gic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c +index c60dc6b5e6e519e61b20dda66c7b..fbde60de05a20a607a64a5a91bad 100644 +--- a/hw/intc/arm_gic.c ++++ b/hw/intc/arm_gic.c +@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset, + int target_cpu; + + cpu = gic_get_current_cpu(s); +- irq = value & 0x3ff; ++ irq = value & 0xf; + switch ((value >> 24) & 3) { + case 0: + mask = (value >> 16) & ALL_CPU_MASK; diff --git a/hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch b/hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch new file mode 100644 index 0000000..99a41b1 --- /dev/null +++ b/hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch @@ -0,0 +1,36 @@ +From: Peter Maydell +Date: Fri, 8 Jan 2021 18:04:00 +0000 +Subject: hw/net/lan9118: Fix RX Status FIFO PEEK value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: e7e29fdbbe07fb762d85af9c4d8eeff9b0f52a8e + +A copy-and-paste error meant that the return value for register offset 0x44 +(the RX Status FIFO PEEK register) returned a byte from a bogus offset in +the rx status FIFO. Fix the typo. + +Cc: qemu-stable@nongnu.org +Fixes: https://bugs.launchpad.net/qemu/+bug/1904954 +Signed-off-by: Peter Maydell +Reviewed-by: Philippe Mathieu-Daudé +Message-id: 20210108180401.2263-2-peter.maydell@linaro.org +Signed-off-by: Bruce Rogers +--- + hw/net/lan9118.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c +index ab57c02c8e10d3ea1feb258fa4c5..13d469fe24fd8dd3a03eb2b60a58 100644 +--- a/hw/net/lan9118.c ++++ b/hw/net/lan9118.c +@@ -1206,7 +1206,7 @@ static uint64_t lan9118_readl(void *opaque, hwaddr offset, + case 0x40: + return rx_status_fifo_pop(s); + case 0x44: +- return s->rx_status_fifo[s->tx_status_fifo_head]; ++ return s->rx_status_fifo[s->rx_status_fifo_head]; + case 0x48: + return tx_status_fifo_pop(s); + case 0x4c: diff --git a/hw-timer-slavio_timer-Allow-64-bit-acces.patch b/hw-timer-slavio_timer-Allow-64-bit-acces.patch new file mode 100644 index 0000000..4cc36f3 --- /dev/null +++ b/hw-timer-slavio_timer-Allow-64-bit-acces.patch @@ -0,0 +1,88 @@ +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Sat, 5 Dec 2020 16:09:03 +0100 +Subject: hw/timer/slavio_timer: Allow 64-bit accesses +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9 + +Per the "NCR89C105 Chip Specification" referenced in the header: + + Chip-level Address Map + + ------------------------------------------------------------------ + | 1D0 0000 -> | Counter/Timers | W,D | + | 1DF FFFF | | | + ... + + The address map indicated the allowed accesses at each address. + [...] W indicates a word access, and D indicates a double-word + access. + +The SLAVIO timer controller is implemented expecting 32-bit accesses. +Commit a3d12d073e1 restricted the memory accesses to 32-bit, while +the device allows 64-bit accesses. + +This was not an issue until commit 5d971f9e67 which reverted +("memory: accept mismatching sizes in memory_region_access_valid"). + +Fix by renaming .valid MemoryRegionOps as .impl, and add the valid +access range (W -> 4, D -> 8). + +Since commit 21786c7e598 ("memory: Log invalid memory accesses") +this class of bug can be quickly debugged displaying 'guest_errors' +accesses, as: + + $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d guest_errors + + Power-ON Reset + Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size (min:4 max:4) + + $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S + (qemu) info mtree + address-space: memory + 0000000000000000-ffffffffffffffff (prio 0, i/o): system + ... + 0000000ff1300000-0000000ff130000f (prio 0, i/o): timer-1 + ^^^^^^^^^ ^^^^^^^ + \ memory region base address and name / + + (qemu) info qtree + bus: main-system-bus + dev: slavio_timer, id "" <-- device type name + gpio-out "sysbus-irq" 17 + num_cpus = 1 (0x1) + mmio 0000000ff1310000/0000000000000014 + mmio 0000000ff1300000/0000000000000010 <--- base address + mmio 0000000ff1301000/0000000000000010 + mmio 0000000ff1302000/0000000000000010 + ... + +Reported-by: Yap KV +Buglink: https://bugs.launchpad.net/bugs/1906905 +Fixes: a3d12d073e1 ("slavio_timer: convert to memory API") +CC: qemu-stable@nongnu.org +Signed-off-by: Philippe Mathieu-Daudé +Message-Id: <20201205150903.3062711-1-f4bug@amsat.org> +Signed-off-by: Mark Cave-Ayland +Signed-off-by: Bruce Rogers +--- + hw/timer/slavio_timer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/timer/slavio_timer.c b/hw/timer/slavio_timer.c +index 5b2d20cb6a5a65a762e8021243cb..03e33fc592665360a72e87e1ac64 100644 +--- a/hw/timer/slavio_timer.c ++++ b/hw/timer/slavio_timer.c +@@ -331,6 +331,10 @@ static const MemoryRegionOps slavio_timer_mem_ops = { + .write = slavio_timer_mem_writel, + .endianness = DEVICE_NATIVE_ENDIAN, + .valid = { ++ .min_access_size = 4, ++ .max_access_size = 8, ++ }, ++ .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, diff --git a/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch b/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch index 23fcced..2737de8 100644 --- a/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch +++ b/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch @@ -954,11 +954,11 @@ index 13e0c4f5a7dce51094fcbb77d069..b3b48120150b89d83c560ef2c9da 100644 {"return": {}} *** done diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out -index 8fbc7413e716462a4f196c39db5e..4e9c4607bdb3d46c24bad9e80f64 100644 +index fcaa71aeeebd855d684d8056410f..ff8e55864a53501197bb4a66bf99 100644 --- a/tests/qemu-iotests/153.out +++ b/tests/qemu-iotests/153.out -@@ -427,7 +427,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}} +@@ -425,7 +425,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c + { 'execute': 'qmp_capabilities' } {"return": {}} Adding drive -{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } @@ -967,7 +967,7 @@ index 8fbc7413e716462a4f196c39db5e..4e9c4607bdb3d46c24bad9e80f64 100644 {"return": "OKrn"} _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 -@@ -437,25 +438,30 @@ Creating overlay with qemu-img when the guest is running should be allowed +@@ -435,25 +436,30 @@ Creating overlay with qemu-img when the guest is running should be allowed _qemu_img_wrapper create -f qcow2 -b TEST_DIR/t.qcow2 -F qcow2 TEST_DIR/t.qcow2.overlay == Closing an image should unlock it == @@ -1629,7 +1629,7 @@ index 85acda4635b37c14c40c485ca288..92ec81db034fd8af8520d160033c 100644 {"return": "Block node is read-onlyrn"} *** done diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu -index 4f2557cc568beed038223af7660b..3ecff3edfa7569d49ec7d81c2195 100644 +index de680cf1c7c92e50b82aa2bc0262..ef105dfc393e96c6ef2f34c1466d 100644 --- a/tests/qemu-iotests/common.qemu +++ b/tests/qemu-iotests/common.qemu @@ -146,14 +146,9 @@ _send_qemu_cmd() diff --git a/net-Fix-handling-of-id-in-netdev_add-and.patch b/net-Fix-handling-of-id-in-netdev_add-and.patch new file mode 100644 index 0000000..7d18c4a --- /dev/null +++ b/net-Fix-handling-of-id-in-netdev_add-and.patch @@ -0,0 +1,119 @@ +From: Markus Armbruster +Date: Wed, 25 Nov 2020 11:02:20 +0100 +Subject: net: Fix handling of id in netdev_add and netdev_del + +Git-commit: 831734cce6494032e9233caff4d8442b3a1e7fef + +CLI -netdev accumulates in option group "netdev". + +Before commit 08712fcb85 "net: Track netdevs in NetClientState rather +than QemuOpt", netdev_add added to the option group, and netdev_del +removed from it, both HMP and QMP. Thus, every netdev had a +corresponding QemuOpts in this option group. + +Commit 08712fcb85 dropped this for QMP netdev_add and both netdev_del. +Now a netdev has a corresponding QemuOpts only when it was created +with CLI or HMP. Two issues: + +* QMP and HMP netdev_del can leave QemuOpts behind, breaking HMP + netdev_add. Reproducer: + + $ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio + QEMU 5.1.92 monitor - type 'help' for more information + (qemu) netdev_add user,id=net0 + (qemu) info network + net0: index=0,type=user,net=10.0.2.0,restrict=off + (qemu) netdev_del net0 + (qemu) info network + (qemu) netdev_add user,id=net0 + upstream-qemu: Duplicate ID 'net0' for netdev + Try "help netdev_add" for more information + + Fix by restoring the QemuOpts deletion in qmp_netdev_del(), but with + a guard, because the QemuOpts need not exist. + +* QMP netdev_add loses its "no duplicate ID" check. Reproducer: + + $ qemu-system-x86_64 -S -display none -qmp stdio + {"QMP": {"version": {"qemu": {"micro": 92, "minor": 1, "major": 5}, "package": "v5.2.0-rc2-1-g02c1f0142c"}, "capabilities": ["oob"]}} + {"execute": "qmp_capabilities"} + {"return": {}} + {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}} + {"return": {}} + {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}} + {"return": {}} + + Fix by adding a duplicate ID check to net_client_init1() to replace + the lost one. The check is redundant for callers where QemuOpts + still checks, i.e. for CLI and HMP. + +Reported-by: Andrew Melnichenko +Fixes: 08712fcb851034228b61f75bd922863a984a4f60 +Cc: qemu-stable@nongnu.org +Signed-off-by: Markus Armbruster +Reviewed-by: Eric Blake +Signed-off-by: Jason Wang +Signed-off-by: Bruce Rogers +--- + net/net.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/net/net.c b/net/net.c +index 6a2c3d95670ed5fec78078276301..af35fb2db7cd99933d20f8613ab3 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -983,6 +983,7 @@ static int (* const net_client_init_fun[NET_CLIENT_DRIVER__MAX])( + static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) + { + NetClientState *peer = NULL; ++ NetClientState *nc; + + if (is_netdev) { + if (netdev->type == NET_CLIENT_DRIVER_NIC || +@@ -1010,6 +1011,12 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) + } + } + ++ nc = qemu_find_netdev(netdev->id); ++ if (nc) { ++ error_setg(errp, "Duplicate ID '%s'", netdev->id); ++ return -1; ++ } ++ + if (net_client_init_fun[netdev->type](netdev, netdev->id, peer, errp) < 0) { + /* FIXME drop when all init functions store an Error */ + if (errp && !*errp) { +@@ -1020,8 +1027,6 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) + } + + if (is_netdev) { +- NetClientState *nc; +- + nc = qemu_find_netdev(netdev->id); + assert(nc); + nc->is_netdev = true; +@@ -1135,6 +1140,7 @@ void qmp_netdev_add(Netdev *netdev, Error **errp) + void qmp_netdev_del(const char *id, Error **errp) + { + NetClientState *nc; ++ QemuOpts *opts; + + nc = qemu_find_netdev(id); + if (!nc) { +@@ -1149,6 +1155,16 @@ void qmp_netdev_del(const char *id, Error **errp) + } + + qemu_del_net_client(nc); ++ ++ /* ++ * Wart: we need to delete the QemuOpts associated with netdevs ++ * created via CLI or HMP, to avoid bogus "Duplicate ID" errors in ++ * HMP netdev_add. ++ */ ++ opts = qemu_opts_find(qemu_find_opts("netdev"), id); ++ if (opts) { ++ qemu_opts_del(opts); ++ } + } + + static void netfilter_print_info(Monitor *mon, NetFilterState *nf) diff --git a/qemu.changes b/qemu.changes index b7377c8..73a3ae4 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Fri Feb 5 18:54:34 UTC 2021 - Bruce Rogers + +- Include upstream patches designated as stable material and + reviewed for applicability to include here + block-Separate-blk_is_writable-and-blk_s.patch + hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch + hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch + hw-timer-slavio_timer-Allow-64-bit-acces.patch + net-Fix-handling-of-id-in-netdev_add-and.patch + target-arm-Don-t-decode-insns-in-the-XSc.patch + target-arm-Fix-MTE0_ACTIVE.patch + target-arm-Introduce-PREDDESC-field-defi.patch + target-arm-Update-PFIRST-PNEXT-for-pred_.patch + target-arm-Update-REV-PUNPK-for-pred_des.patch + target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch + tcg-Use-memset-for-large-vector-byte-rep.patch + ui-vnc-Add-missing-lock-for-send_color_m.patch + virtio-move-use-disabled-flag-property-t.patch + +------------------------------------------------------------------- +Thu Feb 4 18:21:28 UTC 2021 - Bruce Rogers + +- binutils v2.36 has changed the handling of the assembler's + -mx86-used-note, resulting in a build failure. To compensate, we + now explicitly specify -mx86-used-note=no in the seabios Makefile + (boo#1181775) + build-be-explicit-about-mx86-used-note-n.patch + ------------------------------------------------------------------- Fri Jan 29 14:41:19 UTC 2021 - Bruce Rogers diff --git a/qemu.spec b/qemu.spec index d148c3d..33ece51 100644 --- a/qemu.spec +++ b/qemu.spec @@ -131,63 +131,78 @@ Source303: README.PACKAGING # This patch queue is auto-generated - see README.PACKAGING for process # Patches applied in base project: -Patch00000: block-Simplify-qmp_block_resize-error-pa.patch -Patch00001: block-Fix-locking-in-qmp_block_resize.patch -Patch00002: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch -Patch00003: audio-add-sanity-check.patch -Patch00004: build-no-pie-is-no-functional-linker-fla.patch -Patch00005: block-nfs-fix-int-overflow-in-nfs_client.patch -Patch00006: XXX-dont-dump-core-on-sigabort.patch -Patch00007: qemu-binfmt-conf-Modify-default-path.patch -Patch00008: qemu-cvs-gettimeofday.patch -Patch00009: qemu-cvs-ioctl_debug.patch -Patch00010: qemu-cvs-ioctl_nodirection.patch -Patch00011: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00012: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00013: linux-user-binfmt-support-host-binaries.patch -Patch00014: linux-user-Fake-proc-cpuinfo.patch -Patch00015: linux-user-use-target_ulong.patch -Patch00016: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00017: linux-user-lseek-explicitly-cast-non-set.patch -Patch00018: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00019: xen_disk-Add-suse-specific-flush-disable.patch -Patch00020: qemu-bridge-helper-reduce-security-profi.patch -Patch00021: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00022: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00023: Raise-soft-address-space-limit-to-hard-l.patch -Patch00024: increase-x86_64-physical-bits-to-42.patch -Patch00025: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00026: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00027: Make-installed-scripts-explicitly-python.patch -Patch00028: hw-smbios-handle-both-file-formats-regar.patch -Patch00029: xen-add-block-resize-support-for-xen-dis.patch -Patch00030: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00031: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00032: xen-ignore-live-parameter-from-xen-save-.patch -Patch00033: tests-change-error-message-in-test-162.patch -Patch00034: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00035: configure-only-populate-roms-if-softmmu.patch -Patch00036: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00037: roms-change-cross-compiler-naming-to-be-.patch -Patch00038: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00039: configure-remove-pkgversion-from-CONFIG_.patch -Patch00040: docs-add-SUSE-support-statements-to-html.patch -Patch00041: s390x-Fix-stringop-truncation-issue-repo.patch -Patch00042: Revert-qht-constify-qht_statistics_init.patch -Patch00043: qht-Revert-some-constification-in-qht.c.patch -Patch00044: meson-install-ivshmem-client-and-ivshmem.patch -Patch00045: Revert-roms-efirom-tests-uefi-test-tools.patch -Patch00046: Makefile-Don-t-check-pc-bios-as-pre-requ.patch -Patch00047: roms-Makefile-add-cross-file-to-qboot-me.patch -Patch00048: usb-Help-compiler-out-to-avoid-a-warning.patch -Patch00049: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch -Patch00050: module-for-virtio-gpu-pre-load-module-to.patch -Patch00051: spice-app-avoid-crash-when-core-spice-mo.patch -Patch00052: qom-handle-case-of-chardev-spice-module-.patch +Patch00000: ui-vnc-Add-missing-lock-for-send_color_m.patch +Patch00001: block-Simplify-qmp_block_resize-error-pa.patch +Patch00002: block-Fix-locking-in-qmp_block_resize.patch +Patch00003: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch +Patch00004: audio-add-sanity-check.patch +Patch00005: build-no-pie-is-no-functional-linker-fla.patch +Patch00006: block-nfs-fix-int-overflow-in-nfs_client.patch +Patch00007: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch +Patch00008: tcg-Use-memset-for-large-vector-byte-rep.patch +Patch00009: hw-timer-slavio_timer-Allow-64-bit-acces.patch +Patch00010: target-arm-Fix-MTE0_ACTIVE.patch +Patch00011: target-arm-Don-t-decode-insns-in-the-XSc.patch +Patch00012: hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch +Patch00013: target-arm-Introduce-PREDDESC-field-defi.patch +Patch00014: target-arm-Update-PFIRST-PNEXT-for-pred_.patch +Patch00015: target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch +Patch00016: target-arm-Update-REV-PUNPK-for-pred_des.patch +Patch00017: net-Fix-handling-of-id-in-netdev_add-and.patch +Patch00018: block-Separate-blk_is_writable-and-blk_s.patch +Patch00019: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch +Patch00020: virtio-move-use-disabled-flag-property-t.patch +Patch00021: XXX-dont-dump-core-on-sigabort.patch +Patch00022: qemu-binfmt-conf-Modify-default-path.patch +Patch00023: qemu-cvs-gettimeofday.patch +Patch00024: qemu-cvs-ioctl_debug.patch +Patch00025: qemu-cvs-ioctl_nodirection.patch +Patch00026: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00027: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00028: linux-user-binfmt-support-host-binaries.patch +Patch00029: linux-user-Fake-proc-cpuinfo.patch +Patch00030: linux-user-use-target_ulong.patch +Patch00031: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00032: linux-user-lseek-explicitly-cast-non-set.patch +Patch00033: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00034: xen_disk-Add-suse-specific-flush-disable.patch +Patch00035: qemu-bridge-helper-reduce-security-profi.patch +Patch00036: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00037: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00038: Raise-soft-address-space-limit-to-hard-l.patch +Patch00039: increase-x86_64-physical-bits-to-42.patch +Patch00040: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00041: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00042: Make-installed-scripts-explicitly-python.patch +Patch00043: hw-smbios-handle-both-file-formats-regar.patch +Patch00044: xen-add-block-resize-support-for-xen-dis.patch +Patch00045: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00046: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00047: xen-ignore-live-parameter-from-xen-save-.patch +Patch00048: tests-change-error-message-in-test-162.patch +Patch00049: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00050: configure-only-populate-roms-if-softmmu.patch +Patch00051: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00052: roms-change-cross-compiler-naming-to-be-.patch +Patch00053: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00054: configure-remove-pkgversion-from-CONFIG_.patch +Patch00055: docs-add-SUSE-support-statements-to-html.patch +Patch00056: s390x-Fix-stringop-truncation-issue-repo.patch +Patch00057: Revert-qht-constify-qht_statistics_init.patch +Patch00058: qht-Revert-some-constification-in-qht.c.patch +Patch00059: meson-install-ivshmem-client-and-ivshmem.patch +Patch00060: Revert-roms-efirom-tests-uefi-test-tools.patch +Patch00061: Makefile-Don-t-check-pc-bios-as-pre-requ.patch +Patch00062: roms-Makefile-add-cross-file-to-qboot-me.patch +Patch00063: usb-Help-compiler-out-to-avoid-a-warning.patch +Patch00064: module-for-virtio-gpu-pre-load-module-to.patch +Patch00065: spice-app-avoid-crash-when-core-spice-mo.patch +Patch00066: qom-handle-case-of-chardev-spice-module-.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch Patch01002: enable-cross-compilation-on-ARM.patch +Patch01003: build-be-explicit-about-mx86-used-note-n.patch # Patches applied in roms/ipxe/: Patch02000: stub-out-the-SAN-req-s-in-int13.patch Patch02001: ipxe-Makefile-fix-issues-of-build-reprod.patch @@ -1037,28 +1052,43 @@ This package records qemu testsuite results and represents successful testing. %patch00037 -p1 %patch00038 -p1 %patch00039 -p1 -%if %{legacy_qemu_kvm} %patch00040 -p1 -%endif %patch00041 -p1 %patch00042 -p1 %patch00043 -p1 %patch00044 -p1 %patch00045 -p1 %patch00046 -p1 -%ifarch aarch64 %patch00047 -p1 -%endif -%ifarch %arm %ix86 %patch00048 -p1 -%endif %patch00049 -p1 %patch00050 -p1 %patch00051 -p1 %patch00052 -p1 +%patch00053 -p1 +%patch00054 -p1 +%if %{legacy_qemu_kvm} +%patch00055 -p1 +%endif +%patch00056 -p1 +%patch00057 -p1 +%patch00058 -p1 +%patch00059 -p1 +%patch00060 -p1 +%patch00061 -p1 +%ifarch aarch64 +%patch00062 -p1 +%endif +%ifarch %arm %ix86 +%patch00063 -p1 +%endif +%patch00064 -p1 +%patch00065 -p1 +%patch00066 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 +%patch01003 -p1 %if 0%{?patch-possibly-applied-elsewhere} %patch02000 -p1 %endif diff --git a/target-arm-Don-t-decode-insns-in-the-XSc.patch b/target-arm-Don-t-decode-insns-in-the-XSc.patch new file mode 100644 index 0000000..5be7401 --- /dev/null +++ b/target-arm-Don-t-decode-insns-in-the-XSc.patch @@ -0,0 +1,48 @@ +From: Peter Maydell +Date: Fri, 8 Jan 2021 19:51:57 +0000 +Subject: target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns + +Git-commit: e4d51ac6921dc861bfb3d20e4c7dcf345840a9da + +In commit cd8be50e58f63413c0 we converted the A32 coprocessor +insns to decodetree. This accidentally broke XScale/iWMMXt insns, +because it moved the handling of "cp insns which are handled +by looking up the cp register in the hashtable" from after the +call to the legacy disas_xscale_insn() decode to before it, +with the result that all XScale/iWMMXt insns now UNDEF. + +Update valid_cp() so that it knows that on XScale cp 0 and 1 +are not standard coprocessor instructions; this will cause +the decodetree trans_ functions to ignore them, so that +execution will correctly get through to the legacy decode again. + +Cc: qemu-stable@nongnu.org +Reported-by: Guenter Roeck +Signed-off-by: Peter Maydell +Reviewed-by: Richard Henderson +Tested-by: Guenter Roeck +Message-id: 20210108195157.32067-1-peter.maydell@linaro.org +Signed-off-by: Bruce Rogers +--- + target/arm/translate.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/target/arm/translate.c b/target/arm/translate.c +index 6d04ca3a8a09818cfbfba706a4c3..8089a4ff7e542204a6a1bf6f5637 100644 +--- a/target/arm/translate.c ++++ b/target/arm/translate.c +@@ -5275,7 +5275,14 @@ static bool valid_cp(DisasContext *s, int cp) + * only cp14 and cp15 are valid, and other values aren't considered + * to be in the coprocessor-instruction space at all. v8M still + * permits coprocessors 0..7. ++ * For XScale, we must not decode the XScale cp0, cp1 space as ++ * a standard coprocessor insn, because we want to fall through to ++ * the legacy disas_xscale_insn() decoder after decodetree is done. + */ ++ if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) { ++ return false; ++ } ++ + if (arm_dc_feature(s, ARM_FEATURE_V8) && + !arm_dc_feature(s, ARM_FEATURE_M)) { + return cp >= 14; diff --git a/target-arm-Fix-MTE0_ACTIVE.patch b/target-arm-Fix-MTE0_ACTIVE.patch new file mode 100644 index 0000000..b65cdce --- /dev/null +++ b/target-arm-Fix-MTE0_ACTIVE.patch @@ -0,0 +1,35 @@ +From: Richard Henderson +Date: Mon, 21 Dec 2020 12:44:26 -0800 +Subject: target/arm: Fix MTE0_ACTIVE + +Git-commit: cc97b0019bb590b9b3c2a623e9ebee48831e0ce3 + +In 50244cc76abc we updated mte_check_fail to match the ARM +pseudocode, using the correct EL to select the TCF field. +But we failed to update MTE0_ACTIVE the same way, which led +to g_assert_not_reached(). + +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/bugs/1907137 +Signed-off-by: Richard Henderson +Message-id: 20201221204426.88514-1-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/helper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/arm/helper.c b/target/arm/helper.c +index 38cd35c049292d40df5a35854f4b..194d752763b2a74af2e4e45e0a96 100644 +--- a/target/arm/helper.c ++++ b/target/arm/helper.c +@@ -12927,7 +12927,7 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, + if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV) + && tbid + && !(env->pstate & PSTATE_TCO) +- && (sctlr & SCTLR_TCF0) ++ && (sctlr & SCTLR_TCF) + && allocation_tag_access_enabled(env, 0, sctlr)) { + flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1); + } diff --git a/target-arm-Introduce-PREDDESC-field-defi.patch b/target-arm-Introduce-PREDDESC-field-defi.patch new file mode 100644 index 0000000..43c0a2d --- /dev/null +++ b/target-arm-Introduce-PREDDESC-field-defi.patch @@ -0,0 +1,45 @@ +From: Richard Henderson +Date: Tue, 12 Jan 2021 20:26:47 -1000 +Subject: target/arm: Introduce PREDDESC field definitions + +Git-commit: b64ee454a4a086ed459bcda4c0bbb54e197841e4 + +SVE predicate operations cannot use the "usual" simd_desc +encoding, because the lengths are not a multiple of 8. +But we were abusing the SIMD_* fields to store values anyway. +This abuse broke when SIMD_OPRSZ_BITS was modified in e2e7168a214. + +Introduce a new set of field definitions for exclusive use +of predicates, so that it is obvious what kind of predicate +we are manipulating. To be used in future patches. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Richard Henderson +Message-id: 20210113062650.593824-2-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/internals.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/target/arm/internals.h b/target/arm/internals.h +index 5460678756d3c4e5f34abe5f6411..73698587d6b8eeffd6ccd1515e7a 100644 +--- a/target/arm/internals.h ++++ b/target/arm/internals.h +@@ -1312,6 +1312,15 @@ void arm_log_exception(int idx); + #define LOG2_TAG_GRANULE 4 + #define TAG_GRANULE (1 << LOG2_TAG_GRANULE) + ++/* ++ * SVE predicates are 1/8 the size of SVE vectors, and cannot use ++ * the same simd_desc() encoding due to restrictions on size. ++ * Use these instead. ++ */ ++FIELD(PREDDESC, OPRSZ, 0, 6) ++FIELD(PREDDESC, ESZ, 6, 2) ++FIELD(PREDDESC, DATA, 8, 24) ++ + /* + * The SVE simd_data field, for memory ops, contains either + * rd (5 bits) or a shift count (2 bits). diff --git a/target-arm-Update-PFIRST-PNEXT-for-pred_.patch b/target-arm-Update-PFIRST-PNEXT-for-pred_.patch new file mode 100644 index 0000000..fe2ede9 --- /dev/null +++ b/target-arm-Update-PFIRST-PNEXT-for-pred_.patch @@ -0,0 +1,65 @@ +From: Richard Henderson +Date: Tue, 12 Jan 2021 20:26:48 -1000 +Subject: target/arm: Update PFIRST, PNEXT for pred_desc + +Git-commit: 86300b5d044064046395ae8ed605cc19e63f2a7c + +These two were odd, in that do_pfirst_pnext passed the +count of 64-bit words rather than bytes. Change to pass +the standard pred_full_reg_size to avoid confusion. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Richard Henderson +Message-id: 20210113062650.593824-3-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/sve_helper.c | 7 ++++--- + target/arm/translate-sve.c | 6 +++--- + 2 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c +index 5f037c3a8f8cbc6c093433703153..ff01851bf288009ec3e7585b8e03 100644 +--- a/target/arm/sve_helper.c ++++ b/target/arm/sve_helper.c +@@ -889,8 +889,9 @@ static intptr_t last_active_element(uint64_t *g, intptr_t words, intptr_t esz) + return (intptr_t)-1 << esz; + } + +-uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words) ++uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t pred_desc) + { ++ intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8); + uint32_t flags = PREDTEST_INIT; + uint64_t *d = vd, *g = vg; + intptr_t i = 0; +@@ -914,8 +915,8 @@ uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words) + + uint32_t HELPER(sve_pnext)(void *vd, void *vg, uint32_t pred_desc) + { +- intptr_t words = extract32(pred_desc, 0, SIMD_OPRSZ_BITS); +- intptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); ++ intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8); ++ intptr_t esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); + uint32_t flags = PREDTEST_INIT; + uint64_t *d = vd, *g = vg, esz_mask; + intptr_t i, next; +diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c +index 0c3a6d21210404a1340e58c9a021..efcb646f729b1dbe4f7989e2fb9d 100644 +--- a/target/arm/translate-sve.c ++++ b/target/arm/translate-sve.c +@@ -1494,10 +1494,10 @@ static bool do_pfirst_pnext(DisasContext *s, arg_rr_esz *a, + TCGv_ptr t_pd = tcg_temp_new_ptr(); + TCGv_ptr t_pg = tcg_temp_new_ptr(); + TCGv_i32 t; +- unsigned desc; ++ unsigned desc = 0; + +- desc = DIV_ROUND_UP(pred_full_reg_size(s), 8); +- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); ++ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, pred_full_reg_size(s)); ++ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); + + tcg_gen_addi_ptr(t_pd, cpu_env, pred_full_reg_offset(s, a->rd)); + tcg_gen_addi_ptr(t_pg, cpu_env, pred_full_reg_offset(s, a->rn)); diff --git a/target-arm-Update-REV-PUNPK-for-pred_des.patch b/target-arm-Update-REV-PUNPK-for-pred_des.patch new file mode 100644 index 0000000..eceb6c3 --- /dev/null +++ b/target-arm-Update-REV-PUNPK-for-pred_des.patch @@ -0,0 +1,75 @@ +From: Richard Henderson +Date: Tue, 12 Jan 2021 20:26:50 -1000 +Subject: target/arm: Update REV, PUNPK for pred_desc + +Git-commit: 70acaafef2e053a312d54c09b6721c730690e72c + +Update all users of do_perm_pred2 for the new +predicate descriptor field definitions. + +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/bugs/1908551 +Signed-off-by: Richard Henderson +Message-id: 20210113062650.593824-5-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/sve_helper.c | 8 ++++---- + target/arm/translate-sve.c | 13 ++++--------- + 2 files changed, 8 insertions(+), 13 deletions(-) + +diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c +index 7eec4b6b73a273ecaf2fc218d8d4..844db08bd577016081329d6c4002 100644 +--- a/target/arm/sve_helper.c ++++ b/target/arm/sve_helper.c +@@ -2036,8 +2036,8 @@ static uint8_t reverse_bits_8(uint8_t x, int n) + + void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc) + { +- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; +- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); ++ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); ++ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); + intptr_t i, oprsz_2 = oprsz / 2; + + if (oprsz <= 8) { +@@ -2066,8 +2066,8 @@ void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc) + + void HELPER(sve_punpk_p)(void *vd, void *vn, uint32_t pred_desc) + { +- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; +- intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); ++ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); ++ intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA); + uint64_t *d = vd; + intptr_t i; + +diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c +index 0baca176a090001de915a7866af4..27402af23c0b58fa94b4ac185951 100644 +--- a/target/arm/translate-sve.c ++++ b/target/arm/translate-sve.c +@@ -2145,19 +2145,14 @@ static bool do_perm_pred2(DisasContext *s, arg_rr_esz *a, bool high_odd, + TCGv_ptr t_d = tcg_temp_new_ptr(); + TCGv_ptr t_n = tcg_temp_new_ptr(); + TCGv_i32 t_desc; +- int desc; ++ uint32_t desc = 0; + + tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd)); + tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn)); + +- /* Predicate sizes may be smaller and cannot use simd_desc. +- We cannot round up, as we do elsewhere, because we need +- the exact size for ZIP2 and REV. We retain the style for +- the other helpers for consistency. */ +- +- desc = vsz - 2; +- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); +- desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd); ++ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz); ++ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); ++ desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd); + t_desc = tcg_const_i32(desc); + + fn(t_d, t_n, t_desc); diff --git a/target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch b/target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch new file mode 100644 index 0000000..e398ff8 --- /dev/null +++ b/target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch @@ -0,0 +1,91 @@ +From: Richard Henderson +Date: Tue, 12 Jan 2021 20:26:49 -1000 +Subject: target/arm: Update ZIP, UZP, TRN for pred_desc + +Git-commit: f9b0fcceccfc05cde62ff7577fbf2bc13b842414 + +Update all users of do_perm_pred3 for the new +predicate descriptor field definitions. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Richard Henderson +Message-id: 20210113062650.593824-4-richard.henderson@linaro.org +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Bruce Rogers +--- + target/arm/sve_helper.c | 18 +++++++++--------- + target/arm/translate-sve.c | 12 ++++-------- + 2 files changed, 13 insertions(+), 17 deletions(-) + +diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c +index ff01851bf288009ec3e7585b8e03..7eec4b6b73a273ecaf2fc218d8d4 100644 +--- a/target/arm/sve_helper.c ++++ b/target/arm/sve_helper.c +@@ -1868,9 +1868,9 @@ static uint64_t compress_bits(uint64_t x, int n) + + void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) + { +- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; +- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); +- intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); ++ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); ++ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); ++ intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA); + uint64_t *d = vd; + intptr_t i; + +@@ -1929,9 +1929,9 @@ void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) + + void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) + { +- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; +- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); +- int odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1) << esz; ++ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); ++ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); ++ int odd = FIELD_EX32(pred_desc, PREDDESC, DATA) << esz; + uint64_t *d = vd, *n = vn, *m = vm; + uint64_t l, h; + intptr_t i; +@@ -1986,9 +1986,9 @@ void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) + + void HELPER(sve_trn_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) + { +- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; +- uintptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); +- bool odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); ++ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); ++ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); ++ int odd = FIELD_EX32(pred_desc, PREDDESC, DATA); + uint64_t *d = vd, *n = vn, *m = vm; + uint64_t mask; + int shr, shl; +diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c +index efcb646f729b1dbe4f7989e2fb9d..0baca176a090001de915a7866af4 100644 +--- a/target/arm/translate-sve.c ++++ b/target/arm/translate-sve.c +@@ -2110,19 +2110,15 @@ static bool do_perm_pred3(DisasContext *s, arg_rrr_esz *a, bool high_odd, + + unsigned vsz = pred_full_reg_size(s); + +- /* Predicate sizes may be smaller and cannot use simd_desc. +- We cannot round up, as we do elsewhere, because we need +- the exact size for ZIP2 and REV. We retain the style for +- the other helpers for consistency. */ + TCGv_ptr t_d = tcg_temp_new_ptr(); + TCGv_ptr t_n = tcg_temp_new_ptr(); + TCGv_ptr t_m = tcg_temp_new_ptr(); + TCGv_i32 t_desc; +- int desc; ++ uint32_t desc = 0; + +- desc = vsz - 2; +- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); +- desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd); ++ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz); ++ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); ++ desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd); + + tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd)); + tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn)); diff --git a/tcg-Use-memset-for-large-vector-byte-rep.patch b/tcg-Use-memset-for-large-vector-byte-rep.patch new file mode 100644 index 0000000..e5f35a1 --- /dev/null +++ b/tcg-Use-memset-for-large-vector-byte-rep.patch @@ -0,0 +1,123 @@ +From: Richard Henderson +Date: Tue, 15 Dec 2020 11:47:59 -0600 +Subject: tcg: Use memset for large vector byte replication +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 6d3ef04893bdea3e7aa08be3cce5141902836a31 + +In f47db80cc07, we handled odd-sized tail clearing for +the case of hosts that have vector operations, but did +not handle the case of hosts that do not have vector ops. + +This was ok until e2e7168a214b, which changed the encoding +of simd_desc such that the odd sizes are impossible. + +Add memset as a tcg helper, and use that for all out-of-line +byte stores to vectors. This includes, but is not limited to, +the tail clearing operation in question. + +Cc: qemu-stable@nongnu.org +Buglink: https://bugs.launchpad.net/bugs/1907817 +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Richard Henderson +Signed-off-by: Bruce Rogers +--- + accel/tcg/tcg-runtime.h | 11 +++++++++++ + include/exec/helper-proto.h | 4 ++++ + tcg/tcg-op-gvec.c | 32 ++++++++++++++++++++++++++++++++ + 3 files changed, 47 insertions(+) + +diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h +index 4eda24e63af46de4873822cdabf5..2e36d6eb0c66393ffa3656e88401 100644 +--- a/accel/tcg/tcg-runtime.h ++++ b/accel/tcg/tcg-runtime.h +@@ -28,6 +28,17 @@ DEF_HELPER_FLAGS_1(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env) + + DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env) + ++#ifndef IN_HELPER_PROTO ++/* ++ * Pass calls to memset directly to libc, without a thunk in qemu. ++ * Do not re-declare memset, especially since we fudge the type here; ++ * we assume sizeof(void *) == sizeof(size_t), which is true for ++ * all supported hosts. ++ */ ++#define helper_memset memset ++DEF_HELPER_FLAGS_3(memset, TCG_CALL_NO_RWG, ptr, ptr, int, ptr) ++#endif /* IN_HELPER_PROTO */ ++ + #ifdef CONFIG_SOFTMMU + + DEF_HELPER_FLAGS_5(atomic_cmpxchgb, TCG_CALL_NO_WG, +diff --git a/include/exec/helper-proto.h b/include/exec/helper-proto.h +index a0a8d9aa46f02eaeec1ffdd6a547..659f9298e8fe2935cd3ea9931d44 100644 +--- a/include/exec/helper-proto.h ++++ b/include/exec/helper-proto.h +@@ -35,11 +35,15 @@ dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2), dh_ctype(t3), \ + dh_ctype(t4), dh_ctype(t5), dh_ctype(t6), \ + dh_ctype(t7)); + ++#define IN_HELPER_PROTO ++ + #include "helper.h" + #include "trace/generated-helpers.h" + #include "tcg-runtime.h" + #include "plugin-helpers.h" + ++#undef IN_HELPER_PROTO ++ + #undef DEF_HELPER_FLAGS_0 + #undef DEF_HELPER_FLAGS_1 + #undef DEF_HELPER_FLAGS_2 +diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c +index ddbe06b71a81fad997c6348b68d9..1a41dfa90871740669799867f34d 100644 +--- a/tcg/tcg-op-gvec.c ++++ b/tcg/tcg-op-gvec.c +@@ -547,6 +547,9 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz, + in_c = dup_const(vece, in_c); + if (in_c == 0) { + oprsz = maxsz; ++ vece = MO_8; ++ } else if (in_c == dup_const(MO_8, in_c)) { ++ vece = MO_8; + } + } + +@@ -628,6 +631,35 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz, + /* Otherwise implement out of line. */ + t_ptr = tcg_temp_new_ptr(); + tcg_gen_addi_ptr(t_ptr, cpu_env, dofs); ++ ++ /* ++ * This may be expand_clr for the tail of an operation, e.g. ++ * oprsz == 8 && maxsz == 64. The size of the clear is misaligned ++ * wrt simd_desc and will assert. Simply pass all replicated byte ++ * stores through to memset. ++ */ ++ if (oprsz == maxsz && vece == MO_8) { ++ TCGv_ptr t_size = tcg_const_ptr(oprsz); ++ TCGv_i32 t_val; ++ ++ if (in_32) { ++ t_val = in_32; ++ } else if (in_64) { ++ t_val = tcg_temp_new_i32(); ++ tcg_gen_extrl_i64_i32(t_val, in_64); ++ } else { ++ t_val = tcg_const_i32(in_c); ++ } ++ gen_helper_memset(t_ptr, t_ptr, t_val, t_size); ++ ++ if (!in_32) { ++ tcg_temp_free_i32(t_val); ++ } ++ tcg_temp_free_ptr(t_size); ++ tcg_temp_free_ptr(t_ptr); ++ return; ++ } ++ + t_desc = tcg_const_i32(simd_desc(oprsz, maxsz, 0)); + + if (vece == MO_64) { diff --git a/tests-Fix-block-tests-to-be-compatible-w.patch b/tests-Fix-block-tests-to-be-compatible-w.patch index 106d1d8..7f62ba0 100644 --- a/tests-Fix-block-tests-to-be-compatible-w.patch +++ b/tests-Fix-block-tests-to-be-compatible-w.patch @@ -84,7 +84,7 @@ index 34045ea3cfeb5e30acac17ae8a10..b5cec71dd9a718055d9264e51946 100755 echo echo "== Detecting -U and force-share conflicts ==" diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out -index fcaa71aeeebd855d684d8056410f..8fbc7413e716462a4f196c39db5e 100644 +index ff8e55864a53501197bb4a66bf99..4e9c4607bdb3d46c24bad9e80f64 100644 --- a/tests/qemu-iotests/153.out +++ b/tests/qemu-iotests/153.out @@ -424,6 +424,8 @@ Is another process using the image [TEST_DIR/t.qcow2]? @@ -94,9 +94,9 @@ index fcaa71aeeebd855d684d8056410f..8fbc7413e716462a4f196c39db5e 100644 +{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}} +{"return": {}} Adding drive - { 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } - {"return": "OKrn"} -@@ -457,6 +459,8 @@ Closing the other + { 'execute': 'human-monitor-command', + 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } +@@ -463,6 +465,8 @@ Closing the other {"return": ""} _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 diff --git a/tests-qemu-iotests-Triple-timeout-of-i-o.patch b/tests-qemu-iotests-Triple-timeout-of-i-o.patch index d4ed236..241968a 100644 --- a/tests-qemu-iotests-Triple-timeout-of-i-o.patch +++ b/tests-qemu-iotests-Triple-timeout-of-i-o.patch @@ -13,7 +13,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu -index de680cf1c7c92e50b82aa2bc0262..4f2557cc568beed038223af7660b 100644 +index ef105dfc393e96c6ef2f34c1466d..3ecff3edfa7569d49ec7d81c2195 100644 --- a/tests/qemu-iotests/common.qemu +++ b/tests/qemu-iotests/common.qemu @@ -76,7 +76,7 @@ _timed_wait_for() diff --git a/ui-vnc-Add-missing-lock-for-send_color_m.patch b/ui-vnc-Add-missing-lock-for-send_color_m.patch new file mode 100644 index 0000000..bb3f682 --- /dev/null +++ b/ui-vnc-Add-missing-lock-for-send_color_m.patch @@ -0,0 +1,38 @@ +From: Peng Liang +Date: Mon, 16 Nov 2020 22:13:38 +0800 +Subject: ui/vnc: Add missing lock for send_color_map + +Git-commit: 947191b4312a547621566d77d7b922d9e13bb63d +vnc_write() should be locked after the RFB protocol is initialized. + +Fixes: 0c426e4534b4 ("vnc: Add support for color map") +Cc: qemu-stable@nongnu.org +Reported-by: Euler Robot +Signed-off-by: Peng Liang +Message-id: 20201116141338.148911-1-liangpeng10@huawei.com +Signed-off-by: Gerd Hoffmann +Signed-off-by: Bruce Rogers +--- + ui/vnc.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 49235056f7a893f5f7c86500afbc..ca3fc376aeb547681e5a26a480b6 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -2156,6 +2156,7 @@ static void send_color_map(VncState *vs) + { + int i; + ++ vnc_lock_output(vs); + vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); + vnc_write_u8(vs, 0); /* padding */ + vnc_write_u16(vs, 0); /* first color */ +@@ -2168,6 +2169,7 @@ static void send_color_map(VncState *vs) + vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); + vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); + } ++ vnc_unlock_output(vs); + } + + static void set_pixel_format(VncState *vs, int bits_per_pixel, diff --git a/update_git.sh b/update_git.sh index 00d83b0..6d12b52 100644 --- a/update_git.sh +++ b/update_git.sh @@ -159,10 +159,10 @@ bundle2local() { rm -rf $BUNDLE_DIR mkdir -p $BUNDLE_DIR tar xJf bundles.tar.xz -C $BUNDLE_DIR -BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$") +ID_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "id$") -for entry in ${BUNDLE_FILES[@]}; do - if [[ $entry =~ ^(.*)[/]*([a-f0-9]{40})[.]bundle$ ]]; then +for entry in ${ID_FILES[@]}; do + if [[ $entry =~ ^(.*)[/]*([a-f0-9]{40})[.]id$ ]]; then SUBDIR=${BASH_REMATCH[1]} GITREPO_COMMIT_ISH=${BASH_REMATCH[2]} else @@ -175,20 +175,29 @@ for entry in ${BUNDLE_FILES[@]}; do break fi done + if [[ "$i" = "REPO_COUNT" ]]; then + echo "ERROR! BUNDLE SUBPROJECT NOT MENTIONED IN config.sh! Fix!" + exit + fi LOCAL_REPO=$(readlink -f ${LOCAL_REPO_MAP[$PATCH_RANGE_INDEX]}) if [ -e $LOCAL_REPO ]; then git -C $LOCAL_REPO remote remove bundlerepo || true - # git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?) + # git won't let you delete a branch we're on - so get onto master temporarily (TODO: is there a better approach?) git -C $LOCAL_REPO checkout master -f git -C $LOCAL_REPO branch -D frombundle || true - git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$entry - git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD - git -C $LOCAL_REPO branch frombundle FETCH_HEAD - git -C $LOCAL_REPO remote remove bundlerepo + if [ -e $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle ]; then + git -C $LOCAL_REPO remote add bundlerepo $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle + git -C $LOCAL_REPO fetch bundlerepo FETCH_HEAD + git -C $LOCAL_REPO branch frombundle FETCH_HEAD + git -C $LOCAL_REPO remote remove bundlerepo + fi else - echo "No local repo $LOCAL_REPO corresponding to archived git bundle!" - exit + if [ -e $BUNDLE_DIR/$SUBDIR/$GITREPO_COMMIT_ISH.bundle ]; then + # TODO: We should be able to handle this case with some more coding, but for now... + echo "No local repo $LOCAL_REPO available to process git bundle! Please create one" + exit + fi fi done rm -rf $BUNDLE_DIR @@ -265,7 +274,7 @@ COMMIT_IDS_BY_SUBMODULE_PATH[SUPERPROJECT]=$NEW_COMMIT_ISH_FULL # MOVE BUNDLE COMMITS OVER TO LOCAL frombundle BRANCH #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -bundle2local +bundle2local #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # REBASE frombundle patches USING COMMIT_IDS_BY_SUBMODULE, ALSO USING OLD ID'S STORED IN OLD BUNDLE @@ -282,7 +291,7 @@ for (( i=0; i <$REPO_COUNT; i++ )); do if [[ $GITREPO_COMMIT_ISH =~ .*(.{40})[.]id ]]; then GITREPO_COMMIT_ISH=${BASH_REMATCH[1]} fi - git -C ${LOCAL_REPO_MAP[$i]} checkout frombundle -f + git -C ${LOCAL_REPO_MAP[$i]} checkout -f frombundle git -C ${LOCAL_REPO_MAP[$i]} branch -D $GIT_BRANCH git -C ${LOCAL_REPO_MAP[$i]} checkout -b $GIT_BRANCH if [[ "$SUBDIR" = "" ]]; then @@ -309,9 +318,9 @@ rm -rf $CMP_DIR rm -rf $BUNDLE_DIR mkdir -p $BUNDLE_DIR -#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# NOW PROCESS BUNDLES INTO COMMITS AND FILL SPEC FILE -#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# CONVERT BUNDLES INTO COMMITS AND FILL SPEC FILE +#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! tar xJf bundles.tar.xz -C $BUNDLE_DIR BUNDLE_FILES=$(find $BUNDLE_DIR -printf "%P\n"|grep "bundle$") @@ -739,7 +748,7 @@ if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then echo "be lost. Then run script again without the continue option" exit fi - redo_tarball_and_rebase_patches &> /tmp/latest.log + redo_tarball_and_rebase_patches &> /tmp/latest.log # This includes a bundle2local if [[ "$REBASE_FAILS" ]]; then echo "ERROR! Rebase of the $GIT_BRANCH branch failed in the following local git repos:" echo $REBASE_FAILS diff --git a/virtio-move-use-disabled-flag-property-t.patch b/virtio-move-use-disabled-flag-property-t.patch new file mode 100644 index 0000000..d85e468 --- /dev/null +++ b/virtio-move-use-disabled-flag-property-t.patch @@ -0,0 +1,63 @@ +From: Stefano Garzarella +Date: Fri, 8 Jan 2021 18:12:52 +0100 +Subject: virtio: move 'use-disabled-flag' property to hw_compat_4_2 + +Git-commit: c126b4c57e0164549de606ca35d1512762051083 + +Commit 9d7bd0826f introduced a new 'use-disabled-flag' property +set to true by default. +To allow the migration, we set this property to false in the hw_compat, +but in the wrong place (hw_compat_4_1). + +Since commit 9d7bd0826f was released with QEMU 5.0, we move +'use-disabled-flag' property to hw_compat_4_2, so 4.2 machine types +will have the pre-patch behavior and the migration can work. + +The issue was discovered with vhost-vsock device and 4.2 machine +type without running any kernel in the VM: + $ qemu-4.2 -M pc-q35-4.2,accel=kvm \ + -device vhost-vsock-pci,guest-cid=4 \ + -monitor stdio -incoming tcp:0:3333 + + $ qemu-5.2 -M pc-q35-4.2,accel=kvm \ + -device vhost-vsock-pci,guest-cid=3 \ + -monitor stdio + (qemu) migrate -d tcp:0:3333 + + # qemu-4.2 output + qemu-system-x86_64: Failed to load virtio-vhost_vsock:virtio + qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-vhost_vsock' + qemu-system-x86_64: load of migration failed: No such file or directory + +Reported-by: Jing Zhao +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1907255 +Fixes: 9d7bd0826f ("virtio-pci: disable vring processing when bus-mastering is disabled") +Cc: mdroth@linux.vnet.ibm.com +CC: qemu-stable@nongnu.org +Signed-off-by: Stefano Garzarella +Message-Id: <20210108171252.209502-1-sgarzare@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Bruce Rogers +--- + hw/core/machine.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index d0408049b53c795d095ca7ec8c28..9e83400ecbfdd1c8ab20a54ff39c 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -62,12 +62,12 @@ GlobalProperty hw_compat_4_2[] = { + { "qxl", "revision", "4" }, + { "qxl-vga", "revision", "4" }, + { "fw_cfg", "acpi-mr-restore", "false" }, ++ { "virtio-device", "use-disabled-flag", "false" }, + }; + const size_t hw_compat_4_2_len = G_N_ELEMENTS(hw_compat_4_2); + + GlobalProperty hw_compat_4_1[] = { + { "virtio-pci", "x-pcie-flr-init", "off" }, +- { "virtio-device", "use-disabled-flag", "false" }, + }; + const size_t hw_compat_4_1_len = G_N_ELEMENTS(hw_compat_4_1); + diff --git a/xen-add-block-resize-support-for-xen-dis.patch b/xen-add-block-resize-support-for-xen-dis.patch index beb31df..63e924d 100644 --- a/xen-add-block-resize-support-for-xen-dis.patch +++ b/xen-add-block-resize-support-for-xen-dis.patch @@ -15,7 +15,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 3 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 1a379e8771faee970808dd2efd89..310b9639e06b0d543f22652fadd9 100644 +index 5f96036c98cc2eada06186ff181c..903633e028266d6c7e73239672b0 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -270,6 +270,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp) diff --git a/xen_disk-Add-suse-specific-flush-disable.patch b/xen_disk-Add-suse-specific-flush-disable.patch index 8b519fd..186e0e8 100644 --- a/xen_disk-Add-suse-specific-flush-disable.patch +++ b/xen_disk-Add-suse-specific-flush-disable.patch @@ -18,7 +18,7 @@ Signed-off-by: Olaf Hering 1 file changed, 12 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 8a7a3f54523ed050587c3e2047de..1a379e8771faee970808dd2efd89 100644 +index 20b23c699bc1cb4cd796bf352c45..5f96036c98cc2eada06186ff181c 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -729,6 +729,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,