summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2024-03-20 15:05:51 +0000
committerPeter Maydell <peter.maydell@linaro.org>2024-03-20 15:05:51 +0000
commita1d86c4d707ecb94524844b69a0273aa307af04f (patch)
tree557abdeff381b12632659786991bd0fbe61c86e9
parent3d5befc97f8d3c2355c2271ba04c3618c4456033 (diff)
parent05007258f02da253af370387b69fe98e9f37b320 (diff)
downloadfocaccia-qemu-a1d86c4d707ecb94524844b69a0273aa307af04f.tar.gz
focaccia-qemu-a1d86c4d707ecb94524844b69a0273aa307af04f.zip
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* fix use-after-free issue
* fix i386 TLB issue
* fix crash with wrong -M confidential-guest-support argument
* fix NULL pointer dereference in x86 MCE injection

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmX6uvYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOBPgf/b9i2aQx42PeBbftlOpDlzV0q/Cqw
# PnONSOKeE4By0qzhehwYdL0e4E63u8f3yvPKBAoQrikBZS68fo4e3wCOc+CkeVfc
# lcIsoGLgIaEoKpMUdxN9+jkyjurpplG79b/LFYXVMCOENnomHV0oYeSxfOXL/L8c
# y4yvZ9C6VQSFnemqp+YyzrRad+oRD2hOuc+1RVp+3rxXprkgyfRJAtLvh73MZcvS
# CaAd2a8ajm2kmQLVv6FeqEr3fgMqbpr2Yeny3n/+T5TdTI2vEODI1JxH2VR/mzYN
# uiyWS8urQx5P99ICRSOX43WDU5SaUzVYEka8gELf3I5twDudFHtHjKieLA==
# =UFlw
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 20 Mar 2024 10:31:18 GMT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  meson: remove dead dictionary access
  tests/plugins: fix use-after-free bug
  target/i386: Revert monitor_puts() in do_inject_x86_mce()
  vl: do not assert if sev-guest is used together with TCG
  vl: convert qemu_machine_creation_done() to Error **
  target/i386: fix direction of "32-bit MMU" test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to '')
-rw-r--r--contrib/plugins/howvec.c2
-rw-r--r--meson.build2
-rw-r--r--system/vl.c19
-rw-r--r--target/i386/cpu.c2
-rw-r--r--target/i386/cpu.h2
-rw-r--r--target/i386/helper.c2
6 files changed, 16 insertions, 13 deletions
diff --git a/contrib/plugins/howvec.c b/contrib/plugins/howvec.c
index 2d10c87e0f..94bbc53820 100644
--- a/contrib/plugins/howvec.c
+++ b/contrib/plugins/howvec.c
@@ -167,9 +167,9 @@ static gint cmp_exec_count(gconstpointer a, gconstpointer b)
 static void free_record(gpointer data)
 {
     InsnExecCount *rec = (InsnExecCount *) data;
+    qemu_plugin_scoreboard_free(rec->count.score);
     g_free(rec->insn);
     g_free(rec);
-    qemu_plugin_scoreboard_free(rec->count.score);
 }
 
 static void plugin_exit(qemu_plugin_id_t id, void *p)
diff --git a/meson.build b/meson.build
index b375248a76..c9c3217ba4 100644
--- a/meson.build
+++ b/meson.build
@@ -3951,7 +3951,7 @@ foreach target : target_dirs
                c_args: c_args,
                dependencies: arch_deps + deps + exe['dependencies'],
                objects: lib.extract_all_objects(recursive: true),
-               link_depends: [block_syms, qemu_syms] + exe.get('link_depends', []),
+               link_depends: [block_syms, qemu_syms],
                link_args: link_args,
                win_subsystem: exe['win_subsystem'])
 
diff --git a/system/vl.c b/system/vl.c
index 70f4cece7f..c644222982 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -2653,7 +2653,7 @@ static void qemu_create_cli_devices(void)
     rom_reset_order_override();
 }
 
-static void qemu_machine_creation_done(void)
+static bool qemu_machine_creation_done(Error **errp)
 {
     MachineState *machine = MACHINE(qdev_get_machine());
 
@@ -2676,15 +2676,15 @@ static void qemu_machine_creation_done(void)
 
     qdev_machine_creation_done();
 
-    if (machine->cgs) {
-        /*
-         * Verify that Confidential Guest Support has actually been initialized
-         */
-        assert(machine->cgs->ready);
+    if (machine->cgs && !machine->cgs->ready) {
+        error_setg(errp, "accelerator does not support confidential guest %s",
+                   object_get_typename(OBJECT(machine->cgs)));
+        exit(1);
     }
 
     if (foreach_device_config(DEV_GDB, gdbserver_start) < 0) {
-        exit(1);
+        error_setg(errp, "could not start gdbserver");
+        return false;
     }
     if (!vga_interface_created && !default_vga &&
         vga_interface_type != VGA_NONE) {
@@ -2692,6 +2692,7 @@ static void qemu_machine_creation_done(void)
                     "type does not use that option; "
                     "No VGA device has been created");
     }
+    return true;
 }
 
 void qmp_x_exit_preconfig(Error **errp)
@@ -2703,7 +2704,9 @@ void qmp_x_exit_preconfig(Error **errp)
 
     qemu_init_board();
     qemu_create_cli_devices();
-    qemu_machine_creation_done();
+    if (!qemu_machine_creation_done(errp)) {
+        return;
+    }
 
     if (loadvm) {
         RunState state = autostart ? RUN_STATE_RUNNING : runstate_get();
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 9a210d8d92..33760a2ee1 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -7735,7 +7735,7 @@ static bool x86_cpu_has_work(CPUState *cs)
 static int x86_cpu_mmu_index(CPUState *cs, bool ifetch)
 {
     CPUX86State *env = cpu_env(cs);
-    int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 1 : 0;
+    int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 0 : 1;
     int mmu_index_base =
         (env->hflags & HF_CPL_MASK) == 3 ? MMU_USER64_IDX :
         !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP64_IDX :
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 952174bb6f..6b05738079 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2334,7 +2334,7 @@ static inline bool is_mmu_index_32(int mmu_index)
 
 static inline int cpu_mmu_index_kernel(CPUX86State *env)
 {
-    int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 1 : 0;
+    int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 0 : 1;
     int mmu_index_base =
         !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP64_IDX :
         ((env->hflags & HF_CPL_MASK) < 3 && (env->eflags & AC_MASK)) ? MMU_KNOSMAP64_IDX : MMU_KSMAP64_IDX;
diff --git a/target/i386/helper.c b/target/i386/helper.c
index 2070dd0dda..23ccb23a5b 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -430,7 +430,7 @@ static void do_inject_x86_mce(CPUState *cs, run_on_cpu_data data)
         if (need_reset) {
             emit_guest_memory_failure(MEMORY_FAILURE_ACTION_RESET, ar,
                                       recursive);
-            monitor_puts(params->mon, msg);
+            monitor_printf(params->mon, "%s", msg);
             qemu_log_mask(CPU_LOG_RESET, "%s\n", msg);
             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
             return;