diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-07-27 21:00:01 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-07-27 21:00:01 +0100 |
| commit | 93ea484375ab473379dd9c836261ef484bd71ab1 (patch) | |
| tree | cd4e099b47d5623e658cab8de4354caa58ba33ab | |
| parent | 9303ecb658a0194560d1eecde165a1511223c2d8 (diff) | |
| parent | 0c9753ebda274b0e618d7b4032bb2d83d27483ed (diff) | |
| download | focaccia-qemu-93ea484375ab473379dd9c836261ef484bd71ab1.tar.gz focaccia-qemu-93ea484375ab473379dd9c836261ef484bd71ab1.zip | |
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,pci: bugfixes Minor bugfixes all over the places, including one CVE. Additionally, a fix for an ancient bug in migration - one has to wonder how come no one noticed. The fix is also non-trivial since we dare not break all existing machine types with pci - we have a work around in the works, for now we just skip the work-around for old machine types. Great job by Hogan Wang noticing, debugging and fixing it, and thanks to Dr. David Alan Gilbert for reviewing the patches. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 27 Jul 2020 16:34:58 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: virtio-pci: fix virtio_pci_queue_enabled() MAINTAINERS: Cover the firmware JSON schema vhost-vdpa :Fix Coverity CID 1430270 / CID 1420267 libvhost-user: Report descriptor index on panic Fix vhost-user buffer over-read on ram hot-unplug hw/pci-host: save/restore pci host config register virtio-mem-pci: force virtio version 1 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | MAINTAINERS | 8 | ||||
| -rw-r--r-- | contrib/libvhost-user/libvhost-user.c | 4 | ||||
| -rw-r--r-- | hw/core/machine.c | 1 | ||||
| -rw-r--r-- | hw/i386/pc.c | 3 | ||||
| -rw-r--r-- | hw/pci/pci_host.c | 33 | ||||
| -rw-r--r-- | hw/virtio/vhost-user.c | 2 | ||||
| -rw-r--r-- | hw/virtio/vhost-vdpa.c | 4 | ||||
| -rw-r--r-- | hw/virtio/virtio-mem-pci.c | 4 | ||||
| -rw-r--r-- | hw/virtio/virtio-pci.c | 2 | ||||
| -rw-r--r-- | hw/virtio/virtio.c | 7 | ||||
| -rw-r--r-- | include/hw/pci/pci_host.h | 1 | ||||
| -rw-r--r-- | include/hw/virtio/virtio.h | 1 |
12 files changed, 60 insertions, 10 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index 3395abd4e1..0886eb3d2b 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2667,6 +2667,14 @@ F: include/hw/i2c/smbus_master.h F: include/hw/i2c/smbus_slave.h F: include/hw/i2c/smbus_eeprom.h +Firmware schema specifications +M: Laszlo Ersek <lersek@redhat.com> +M: Philippe Mathieu-Daudé <philmd@redhat.com> +R: Daniel P. Berrange <berrange@redhat.com> +R: Kashyap Chamarthy <kchamart@redhat.com> +S: Maintained +F: docs/interop/firmware.json + EDK2 Firmware M: Laszlo Ersek <lersek@redhat.com> M: Philippe Mathieu-Daudé <philmd@redhat.com> diff --git a/contrib/libvhost-user/libvhost-user.c b/contrib/libvhost-user/libvhost-user.c index d315db1396..53f16bdf08 100644 --- a/contrib/libvhost-user/libvhost-user.c +++ b/contrib/libvhost-user/libvhost-user.c @@ -2074,7 +2074,7 @@ virtqueue_get_head(VuDev *dev, VuVirtq *vq, /* If their number is silly, that's a fatal mistake. */ if (*head >= vq->vring.num) { - vu_panic(dev, "Guest says index %u is available", head); + vu_panic(dev, "Guest says index %u is available", *head); return false; } @@ -2133,7 +2133,7 @@ virtqueue_read_next_desc(VuDev *dev, struct vring_desc *desc, smp_wmb(); if (*next >= max) { - vu_panic(dev, "Desc next is %u", next); + vu_panic(dev, "Desc next is %u", *next); return VIRTQUEUE_READ_DESC_ERROR; } diff --git a/hw/core/machine.c b/hw/core/machine.c index 2f881d6d75..8d1a90c6cf 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -29,6 +29,7 @@ #include "migration/vmstate.h" GlobalProperty hw_compat_5_0[] = { + { "pci-host-bridge", "x-config-reg-migration-enabled", "off" }, { "virtio-balloon-device", "page-poison", "false" }, { "vmport", "x-read-set-eax", "off" }, { "vmport", "x-signal-unsupported-cmd", "off" }, diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 3d419d5991..47c5ca3e34 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -97,7 +97,8 @@ #include "fw_cfg.h" #include "trace.h" -GlobalProperty pc_compat_5_0[] = {}; +GlobalProperty pc_compat_5_0[] = { +}; const size_t pc_compat_5_0_len = G_N_ELEMENTS(pc_compat_5_0); GlobalProperty pc_compat_4_2[] = { diff --git a/hw/pci/pci_host.c b/hw/pci/pci_host.c index ce7bcdb1d5..8ca5fadcbd 100644 --- a/hw/pci/pci_host.c +++ b/hw/pci/pci_host.c @@ -22,8 +22,10 @@ #include "hw/pci/pci.h" #include "hw/pci/pci_bridge.h" #include "hw/pci/pci_host.h" +#include "hw/qdev-properties.h" #include "qemu/module.h" #include "hw/pci/pci_bus.h" +#include "migration/vmstate.h" #include "trace.h" /* debug PCI */ @@ -200,12 +202,43 @@ const MemoryRegionOps pci_host_data_be_ops = { .endianness = DEVICE_BIG_ENDIAN, }; +static bool pci_host_needed(void *opaque) +{ + PCIHostState *s = opaque; + return s->mig_enabled; +} + +const VMStateDescription vmstate_pcihost = { + .name = "PCIHost", + .needed = pci_host_needed, + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT32(config_reg, PCIHostState), + VMSTATE_END_OF_LIST() + } +}; + +static Property pci_host_properties_common[] = { + DEFINE_PROP_BOOL("x-config-reg-migration-enabled", PCIHostState, + mig_enabled, true), + DEFINE_PROP_END_OF_LIST(), +}; + +static void pci_host_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + device_class_set_props(dc, pci_host_properties_common); + dc->vmsd = &vmstate_pcihost; +} + static const TypeInfo pci_host_type_info = { .name = TYPE_PCI_HOST_BRIDGE, .parent = TYPE_SYS_BUS_DEVICE, .abstract = true, .class_size = sizeof(PCIHostBridgeClass), .instance_size = sizeof(PCIHostState), + .class_init = pci_host_class_init, }; static void pci_host_register_types(void) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 31231218dc..d7e2423762 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -672,7 +672,7 @@ static int send_remove_regions(struct vhost_dev *dev, memmove(&u->shadow_regions[shadow_reg_idx], &u->shadow_regions[shadow_reg_idx + 1], sizeof(struct vhost_memory_region) * - (u->num_shadow_regions - shadow_reg_idx)); + (u->num_shadow_regions - shadow_reg_idx - 1)); u->num_shadow_regions--; } diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c index 65d5aaf08a..4580f3efd8 100644 --- a/hw/virtio/vhost-vdpa.c +++ b/hw/virtio/vhost-vdpa.c @@ -37,7 +37,7 @@ static bool vhost_vdpa_listener_skipped_section(MemoryRegionSection *section) static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, void *vaddr, bool readonly) { - struct vhost_msg_v2 msg; + struct vhost_msg_v2 msg = {}; int fd = v->device_fd; int ret = 0; @@ -60,7 +60,7 @@ static int vhost_vdpa_dma_map(struct vhost_vdpa *v, hwaddr iova, hwaddr size, static int vhost_vdpa_dma_unmap(struct vhost_vdpa *v, hwaddr iova, hwaddr size) { - struct vhost_msg_v2 msg; + struct vhost_msg_v2 msg = {}; int fd = v->device_fd; int ret = 0; diff --git a/hw/virtio/virtio-mem-pci.c b/hw/virtio/virtio-mem-pci.c index d375280ee1..590cec041b 100644 --- a/hw/virtio/virtio-mem-pci.c +++ b/hw/virtio/virtio-mem-pci.c @@ -21,8 +21,8 @@ static void virtio_mem_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp) VirtIOMEMPCI *mem_pci = VIRTIO_MEM_PCI(vpci_dev); DeviceState *vdev = DEVICE(&mem_pci->vdev); - qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus)); - object_property_set_bool(OBJECT(vdev), "realized", true, errp); + virtio_pci_force_virtio_1(vpci_dev); + qdev_realize(vdev, BUS(&vpci_dev->bus), errp); } static void virtio_mem_pci_set_addr(MemoryDeviceState *md, uint64_t addr, diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index ada1101d07..4ad3ad81a2 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1116,7 +1116,7 @@ static bool virtio_pci_queue_enabled(DeviceState *d, int n) return proxy->vqs[vdev->queue_sel].enabled; } - return virtio_queue_enabled(vdev, n); + return virtio_queue_enabled_legacy(vdev, n); } static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy, diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 546a198e79..e983025217 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -3309,6 +3309,11 @@ hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n) return vdev->vq[n].vring.desc; } +bool virtio_queue_enabled_legacy(VirtIODevice *vdev, int n) +{ + return virtio_queue_get_desc_addr(vdev, n) != 0; +} + bool virtio_queue_enabled(VirtIODevice *vdev, int n) { BusState *qbus = qdev_get_parent_bus(DEVICE(vdev)); @@ -3317,7 +3322,7 @@ bool virtio_queue_enabled(VirtIODevice *vdev, int n) if (k->queue_enabled) { return k->queue_enabled(qbus->parent, n); } - return virtio_queue_get_desc_addr(vdev, n) != 0; + return virtio_queue_enabled_legacy(vdev, n); } hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n) diff --git a/include/hw/pci/pci_host.h b/include/hw/pci/pci_host.h index 9ce088bd13..6210a7e14d 100644 --- a/include/hw/pci/pci_host.h +++ b/include/hw/pci/pci_host.h @@ -45,6 +45,7 @@ struct PCIHostState { MemoryRegion data_mem; MemoryRegion mmcfg; uint32_t config_reg; + bool mig_enabled; PCIBus *bus; QLIST_ENTRY(PCIHostState) next; diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index 198ffc7626..e424df12cf 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -295,6 +295,7 @@ typedef struct VirtIORNGConf VirtIORNGConf; VIRTIO_F_RING_PACKED, false) hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n); +bool virtio_queue_enabled_legacy(VirtIODevice *vdev, int n); bool virtio_queue_enabled(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n); |