diff options
34 files changed, 312 insertions, 148 deletions
diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml index ef173a34e6..2dd8a9b57c 100644 --- a/.gitlab-ci.d/base.yml +++ b/.gitlab-ci.d/base.yml @@ -41,6 +41,10 @@ variables: - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_COMMIT_TAG' when: never + # Scheduled runs on mainline don't get pipelines except for the special Coverity job + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_PIPELINE_SOURCE == "schedule"' + when: never + # Cirrus jobs can't run unless the creds / target repo are set - if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == null || $CIRRUS_API_TOKEN == null)' when: never diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml index a1c030337b..c7d92fc301 100644 --- a/.gitlab-ci.d/buildtest.yml +++ b/.gitlab-ci.d/buildtest.yml @@ -659,7 +659,7 @@ build-without-defaults: --disable-pie --disable-qom-cast-debug --disable-strip - TARGETS: avr-softmmu mips64-softmmu s390x-softmmu sh4-softmmu + TARGETS: avr-softmmu s390x-softmmu sh4-softmmu sparc64-softmmu hexagon-linux-user i386-linux-user s390x-linux-user MAKE_CHECK_ARGS: check @@ -729,3 +729,40 @@ pages: - public variables: QEMU_JOB_PUBLISH: 1 + +coverity: + image: $CI_REGISTRY_IMAGE/qemu/fedora:$QEMU_CI_CONTAINER_TAG + stage: build + allow_failure: true + timeout: 3h + needs: + - job: amd64-fedora-container + optional: true + before_script: + - dnf install -y curl wget + script: + # would be nice to cancel the job if over quota (https://gitlab.com/gitlab-org/gitlab/-/issues/256089) + # for example: + # curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}/cancel + - 'scripts/coverity-scan/run-coverity-scan --check-upload-only || { exitcode=$?; if test $exitcode = 1; then + exit 0; + else + exit $exitcode; + fi; }; + scripts/coverity-scan/run-coverity-scan --update-tools-only > update-tools.log 2>&1 || { cat update-tools.log; exit 1; }; + scripts/coverity-scan/run-coverity-scan --no-update-tools' + rules: + - if: '$COVERITY_TOKEN == null' + when: never + - if: '$COVERITY_EMAIL == null' + when: never + # Never included on upstream pipelines, except for schedules + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_PIPELINE_SOURCE == "schedule"' + when: on_success + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM' + when: never + # Forks don't get any pipeline unless QEMU_CI=1 or QEMU_CI=2 is set + - if: '$QEMU_CI != "1" && $QEMU_CI != "2"' + when: never + # Always manual on forks even if $QEMU_CI == "2" + - when: manual diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml index fd293e6c31..42f137d624 100644 --- a/.gitlab-ci.d/opensbi.yml +++ b/.gitlab-ci.d/opensbi.yml @@ -24,6 +24,10 @@ - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project" && $CI_COMMIT_MESSAGE =~ /opensbi/i' when: manual + # Scheduled runs on mainline don't get pipelines except for the special Coverity job + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_PIPELINE_SOURCE == "schedule"' + when: never + # Run if any files affecting the build output are touched - changes: - .gitlab-ci.d/opensbi.yml diff --git a/blockdev.c b/blockdev.c index f8bb0932f8..d8fb3399f5 100644 --- a/blockdev.c +++ b/blockdev.c @@ -2252,8 +2252,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name, } bdrv_graph_co_rdlock(); - if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_RESIZE, NULL)) { - error_setg(errp, QERR_DEVICE_IN_USE, device); + if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_RESIZE, errp)) { bdrv_graph_co_rdunlock(); return; } diff --git a/chardev/char-fe.c b/chardev/char-fe.c index 20222a4cad..66cee8475a 100644 --- a/chardev/char-fe.c +++ b/chardev/char-fe.c @@ -199,13 +199,18 @@ bool qemu_chr_fe_init(CharBackend *b, Chardev *s, Error **errp) MuxChardev *d = MUX_CHARDEV(s); if (d->mux_cnt >= MAX_MUX) { - goto unavailable; + error_setg(errp, + "too many uses of multiplexed chardev '%s'" + " (maximum is " stringify(MAX_MUX) ")", + s->label); + return false; } d->backends[d->mux_cnt] = b; tag = d->mux_cnt++; } else if (s->be) { - goto unavailable; + error_setg(errp, "chardev '%s' is already in use", s->label); + return false; } else { s->be = b; } @@ -215,10 +220,6 @@ bool qemu_chr_fe_init(CharBackend *b, Chardev *s, Error **errp) b->tag = tag; b->chr = s; return true; - -unavailable: - error_setg(errp, QERR_DEVICE_IN_USE, s->label); - return false; } void qemu_chr_fe_deinit(CharBackend *b, bool del) diff --git a/configs/devices/mips-softmmu/common.mak b/configs/devices/mips-softmmu/common.mak index 1a853841b2..416a5d353e 100644 --- a/configs/devices/mips-softmmu/common.mak +++ b/configs/devices/mips-softmmu/common.mak @@ -1,28 +1,8 @@ # Common mips*-softmmu CONFIG defines -CONFIG_ISA_BUS=y -CONFIG_PCI=y -CONFIG_PCI_DEVICES=y -CONFIG_VGA_ISA=y -CONFIG_VGA_MMIO=y -CONFIG_VGA_CIRRUS=y -CONFIG_VMWARE_VGA=y -CONFIG_SERIAL=y -CONFIG_SERIAL_ISA=y -CONFIG_PARALLEL=y -CONFIG_I8254=y -CONFIG_PCSPK=y -CONFIG_PCKBD=y -CONFIG_FDC=y -CONFIG_I8257=y -CONFIG_IDE_ISA=y -CONFIG_PFLASH_CFI01=y -CONFIG_I8259=y -CONFIG_MC146818RTC=y -CONFIG_MIPS_CPS=y -CONFIG_MIPS_ITU=y +# Uncomment the following lines to disable these optional devices: +# CONFIG_PCI_DEVICES=n +# CONFIG_TEST_DEVICES=n + CONFIG_MALTA=y -CONFIG_PCNET_PCI=y CONFIG_MIPSSIM=y -CONFIG_SMBUS_EEPROM=y -CONFIG_TEST_DEVICES=y diff --git a/configs/devices/mips64el-softmmu/default.mak b/configs/devices/mips64el-softmmu/default.mak index d5188f7ea5..88a37cf27f 100644 --- a/configs/devices/mips64el-softmmu/default.mak +++ b/configs/devices/mips64el-softmmu/default.mak @@ -3,8 +3,5 @@ include ../mips-softmmu/common.mak CONFIG_FULOONG=y CONFIG_LOONGSON3V=y -CONFIG_ATI_VGA=y -CONFIG_RTL8139_PCI=y CONFIG_JAZZ=y -CONFIG_VT82C686=y CONFIG_MIPS_BOSTON=y diff --git a/docs/devel/acpi-bits.rst b/docs/devel/acpi-bits.rst index 9677b0098f..1ec394f5fb 100644 --- a/docs/devel/acpi-bits.rst +++ b/docs/devel/acpi-bits.rst @@ -1,26 +1,48 @@ ============================================================================= ACPI/SMBIOS avocado tests using biosbits ============================================================================= - +************ +Introduction +************ Biosbits is a software written by Josh Triplett that can be downloaded from https://biosbits.org/. The github codebase can be found -`here <https://github.com/biosbits/bits/tree/master>`__. It is a software that executes -the bios components such as acpi and smbios tables directly through acpica -bios interpreter (a freely available C based library written by Intel, +`here <https://github.com/biosbits/bits/tree/master>`__. It is a software that +executes the bios components such as acpi and smbios tables directly through +acpica bios interpreter (a freely available C based library written by Intel, downloadable from https://acpica.org/ and is included with biosbits) without an -operating system getting involved in between. +operating system getting involved in between. Bios-bits has python integration +with grub so actual routines that executes bios components can be written in +python instead of bash-ish (grub's native scripting language). There are several advantages to directly testing the bios in a real physical -machine or VM as opposed to indirectly discovering bios issues through the -operating system. For one thing, the OSes tend to hide bios problems from the -end user. The other is that we have more control of what we wanted to test -and how by directly using acpica interpreter on top of the bios on a running -system. More details on the inspiration for developing biosbits and its real -life uses can be found in [#a]_ and [#b]_. +machine or in a VM as opposed to indirectly discovering bios issues through the +operating system (the OS). Operating systems tend to bypass bios problems and +hide them from the end user. We have more control of what we wanted to test and +how by being as close to the bios on a running system as possible without a +complicated software component such as an operating system coming in between. +Another issue is that we cannot exercise bios components such as ACPI and +SMBIOS without being in the highest hardware privilege level, ring 0 for +example in case of x86. Since the OS executes from ring 0 whereas normal user +land software resides in unprivileged ring 3, operating system must be modified +in order to write our test routines that exercise and test the bios. This is +not possible in all cases. Lastly, test frameworks and routines are preferably +written using a high level scripting language such as python. OSes and +OS modules are generally written using low level languages such as C and +low level assembly machine language. Writing test routines in a low level +language makes things more cumbersome. These and other reasons makes using +bios-bits very attractive for testing bioses. More details on the inspiration +for developing biosbits and its real life uses can be found in [#a]_ and [#b]_. + For QEMU, we maintain a fork of bios bits in gitlab along with all the -dependent submodules here: https://gitlab.com/qemu-project/biosbits-bits +dependent submodules `here <https://gitlab.com/qemu-project/biosbits-bits>`__. This fork contains numerous fixes, a newer acpica and changes specific to running this avocado QEMU tests using bits. The author of this document -is the sole maintainer of the QEMU fork of bios bits repo. +is the sole maintainer of the QEMU fork of bios bits repository. For more +information, please see author's `FOSDEM talk on this bios-bits based test +framework <https://fosdem.org/2024/schedule/event/fosdem-2024-2262-exercising-qemu-generated-acpi-smbios-tables-using-biosbits-from-within-a-guest-vm-/>`__. + +********************************* +Description of the test framework +********************************* Under the directory ``tests/avocado/``, ``acpi-bits.py`` is a QEMU avocado test that drives all this. @@ -120,8 +142,9 @@ Under ``tests/avocado/`` as the root we have: (b) Add a SPDX license header. (c) Perform modifications to the test. - Commits (a), (b) and (c) should go under separate commits so that the original - test script and the changes we have made are separated and clear. + Commits (a), (b) and (c) preferably should go under separate commits so that + the original test script and the changes we have made are separated and + clear. (a) and (b) can sometimes be combined into a single step. The test framework will then use your modified test script to run the test. No further changes would be needed. Please check the logs to make sure that @@ -141,4 +164,4 @@ References: ----------- .. [#a] https://blog.linuxplumbersconf.org/2011/ocw/system/presentations/867/original/bits.pdf .. [#b] https://www.youtube.com/watch?v=36QIepyUuhg - +.. [#c] https://fosdem.org/2024/schedule/event/fosdem-2024-2262-exercising-qemu-generated-acpi-smbios-tables-using-biosbits-from-within-a-guest-vm-/ diff --git a/hw/cxl/cxl-cdat.c b/hw/cxl/cxl-cdat.c index 2fea975671..551545f782 100644 --- a/hw/cxl/cxl-cdat.c +++ b/hw/cxl/cxl-cdat.c @@ -114,7 +114,7 @@ static void ct3_build_cdat(CDATObject *cdat, Error **errp) static void ct3_load_cdat(CDATObject *cdat, Error **errp) { g_autofree CDATEntry *cdat_st = NULL; - g_autofree char *buf = NULL; + g_autofree uint8_t *buf = NULL; uint8_t sum = 0; int num_ent; int i = 0, ent = 1; @@ -171,7 +171,7 @@ static void ct3_load_cdat(CDATObject *cdat, Error **errp) cdat_st[ent].base = hdr; cdat_st[ent].length = hdr->length; - while (buf + i < (char *)cdat_st[ent].base + cdat_st[ent].length) { + while (buf + i < (uint8_t *)cdat_st[ent].base + cdat_st[ent].length) { assert(i < file_size); sum += buf[i++]; } diff --git a/hw/display/Kconfig b/hw/display/Kconfig index 07acb37dc6..234c7de027 100644 --- a/hw/display/Kconfig +++ b/hw/display/Kconfig @@ -55,7 +55,7 @@ config VGA_MMIO config VMWARE_VGA bool - default y if PCI_DEVICES && PC_PCI + default y if PCI_DEVICES && (PC_PCI || MIPS) depends on PCI select VGA diff --git a/hw/hyperv/hv-balloon.c b/hw/hyperv/hv-balloon.c index ade283335a..3a9ef07691 100644 --- a/hw/hyperv/hv-balloon.c +++ b/hw/hyperv/hv-balloon.c @@ -366,7 +366,7 @@ static void hv_balloon_unballoon_posting(HvBalloon *balloon, StateDesc *stdesc) PageRangeTree dtree; uint64_t *dctr; bool our_range; - struct dm_unballoon_request *ur; + g_autofree struct dm_unballoon_request *ur = NULL; size_t ur_size = sizeof(*ur) + sizeof(ur->range_array[0]); PageRange range; bool bret; @@ -388,8 +388,7 @@ static void hv_balloon_unballoon_posting(HvBalloon *balloon, StateDesc *stdesc) assert(dtree.t); assert(dctr); - ur = alloca(ur_size); - memset(ur, 0, ur_size); + ur = g_malloc0(ur_size); ur->hdr.type = DM_UNBALLOON_REQUEST; ur->hdr.size = ur_size; ur->hdr.trans_id = balloon->trans_id; @@ -514,8 +513,8 @@ ret_idle: static void hv_balloon_hot_add_rb_wait(HvBalloon *balloon, StateDesc *stdesc) { VMBusChannel *chan = hv_balloon_get_channel(balloon); - struct dm_hot_add *ha; - size_t ha_size = sizeof(*ha) + sizeof(ha->range); + struct dm_hot_add_with_region *ha; + size_t ha_size = sizeof(*ha); assert(balloon->state == S_HOT_ADD_RB_WAIT); @@ -531,8 +530,8 @@ static void hv_balloon_hot_add_posting(HvBalloon *balloon, StateDesc *stdesc) PageRange *hot_add_range = &balloon->hot_add_range; uint64_t *current_count = &balloon->ha_current_count; VMBusChannel *chan = hv_balloon_get_channel(balloon); - struct dm_hot_add *ha; - size_t ha_size = sizeof(*ha) + sizeof(ha->range); + g_autofree struct dm_hot_add_with_region *ha = NULL; + size_t ha_size = sizeof(*ha); union dm_mem_page_range *ha_region; uint64_t align, chunk_max_size; ssize_t ret; @@ -560,9 +559,8 @@ static void hv_balloon_hot_add_posting(HvBalloon *balloon, StateDesc *stdesc) */ *current_count = MIN(hot_add_range->count, chunk_max_size); - ha = alloca(ha_size); - ha_region = &(&ha->range)[1]; - memset(ha, 0, ha_size); + ha = g_malloc0(ha_size); + ha_region = &ha->region; ha->hdr.type = DM_MEM_HOT_ADD_REQUEST; ha->hdr.size = ha_size; ha->hdr.trans_id = balloon->trans_id; diff --git a/hw/hyperv/hyperv.c b/hw/hyperv/hyperv.c index 6c4a18dd0e..3ea54ba818 100644 --- a/hw/hyperv/hyperv.c +++ b/hw/hyperv/hyperv.c @@ -951,3 +951,15 @@ uint64_t hyperv_syndbg_query_options(void) return msg.u.query_options.options; } + +static bool vmbus_recommended_features_enabled; + +bool hyperv_are_vmbus_recommended_features_enabled(void) +{ + return vmbus_recommended_features_enabled; +} + +void hyperv_set_vmbus_recommended_features_enabled(void) +{ + vmbus_recommended_features_enabled = true; +} diff --git a/hw/hyperv/vmbus.c b/hw/hyperv/vmbus.c index 380239af2c..f33afeeea2 100644 --- a/hw/hyperv/vmbus.c +++ b/hw/hyperv/vmbus.c @@ -2631,6 +2631,12 @@ static void vmbus_bridge_realize(DeviceState *dev, Error **errp) return; } + if (!hyperv_are_vmbus_recommended_features_enabled()) { + warn_report("VMBus enabled without the recommended set of Hyper-V features: " + "hv-stimer, hv-vapic and hv-runtime. " + "Some Windows versions might not boot or enable the VMBus device"); + } + bridge->bus = VMBUS(qbus_new(TYPE_VMBUS, dev, "vmbus")); } diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c index e8801805b9..b679dfae1c 100644 --- a/hw/mem/cxl_type3.c +++ b/hw/mem/cxl_type3.c @@ -46,12 +46,12 @@ static void ct3_build_cdat_entries_for_mr(CDATSubHeader **cdat_table, int dsmad_handle, MemoryRegion *mr, bool is_pmem, uint64_t dpa_base) { - g_autofree CDATDsmas *dsmas = NULL; - g_autofree CDATDslbis *dslbis0 = NULL; - g_autofree CDATDslbis *dslbis1 = NULL; - g_autofree CDATDslbis *dslbis2 = NULL; - g_autofree CDATDslbis *dslbis3 = NULL; - g_autofree CDATDsemts *dsemts = NULL; + CDATDsmas *dsmas; + CDATDslbis *dslbis0; + CDATDslbis *dslbis1; + CDATDslbis *dslbis2; + CDATDslbis *dslbis3; + CDATDsemts *dsemts; dsmas = g_malloc(sizeof(*dsmas)); *dsmas = (CDATDsmas) { @@ -135,12 +135,12 @@ static void ct3_build_cdat_entries_for_mr(CDATSubHeader **cdat_table, }; /* Header always at start of structure */ - cdat_table[CT3_CDAT_DSMAS] = g_steal_pointer(&dsmas); - cdat_table[CT3_CDAT_DSLBIS0] = g_steal_pointer(&dslbis0); - cdat_table[CT3_CDAT_DSLBIS1] = g_steal_pointer(&dslbis1); - cdat_table[CT3_CDAT_DSLBIS2] = g_steal_pointer(&dslbis2); - cdat_table[CT3_CDAT_DSLBIS3] = g_steal_pointer(&dslbis3); - cdat_table[CT3_CDAT_DSEMTS] = g_steal_pointer(&dsemts); + cdat_table[CT3_CDAT_DSMAS] = (CDATSubHeader *)dsmas; + cdat_table[CT3_CDAT_DSLBIS0] = (CDATSubHeader *)dslbis0; + cdat_table[CT3_CDAT_DSLBIS1] = (CDATSubHeader *)dslbis1; + cdat_table[CT3_CDAT_DSLBIS2] = (CDATSubHeader *)dslbis2; + cdat_table[CT3_CDAT_DSLBIS3] = (CDATSubHeader *)dslbis3; + cdat_table[CT3_CDAT_DSEMTS] = (CDATSubHeader *)dsemts; } static int ct3_build_cdat_table(CDATSubHeader ***cdat_table, void *priv) diff --git a/hw/mips/Kconfig b/hw/mips/Kconfig index e57db4f641..5c83ef49cf 100644 --- a/hw/mips/Kconfig +++ b/hw/mips/Kconfig @@ -1,8 +1,15 @@ config MALTA bool + imply PCNET_PCI + imply PCI_DEVICES + imply TEST_DEVICES select FDC37M81X select GT64120 + select MIPS_CPS select PIIX + select PFLASH_CFI01 + select SERIAL + select SMBUS_EEPROM config MIPSSIM bool @@ -31,17 +38,26 @@ config JAZZ config FULOONG bool + imply PCI_DEVICES + imply TEST_DEVICES + imply ATI_VGA + imply RTL8139_PCI select PCI_BONITO + select SMBUS_EEPROM select VT82C686 config LOONGSON3V bool + imply PCI_DEVICES + imply TEST_DEVICES + imply VIRTIO_PCI + imply VIRTIO_NET imply VIRTIO_VGA imply QXL if SPICE + imply USB_OHCI_PCI select SERIAL select GOLDFISH_RTC select LOONGSON_LIOINTC - select PCI_DEVICES select PCI_EXPRESS_GENERIC_BRIDGE select MSI_NONBROKEN select FW_CFG_MIPS @@ -53,6 +69,8 @@ config MIPS_CPS config MIPS_BOSTON bool + imply PCI_DEVICES + imply TEST_DEVICES select FITLOADER select MIPS_CPS select PCI_EXPRESS_XILINX diff --git a/hw/pci-bridge/cxl_upstream.c b/hw/pci-bridge/cxl_upstream.c index e87eb40177..537f9affb8 100644 --- a/hw/pci-bridge/cxl_upstream.c +++ b/hw/pci-bridge/cxl_upstream.c @@ -192,8 +192,8 @@ enum { static int build_cdat_table(CDATSubHeader ***cdat_table, void *priv) { - g_autofree CDATSslbis *sslbis_latency = NULL; - g_autofree CDATSslbis *sslbis_bandwidth = NULL; + CDATSslbis *sslbis_latency; + CDATSslbis *sslbis_bandwidth; CXLUpstreamPort *us = CXL_USP(priv); PCIBus *bus = &PCI_BRIDGE(us)->sec_bus; int devfn, sslbis_size, i; @@ -270,8 +270,8 @@ static int build_cdat_table(CDATSubHeader ***cdat_table, void *priv) *cdat_table = g_new0(CDATSubHeader *, CXL_USP_CDAT_NUM_ENTRIES); /* Header always at start of structure */ - (*cdat_table)[CXL_USP_CDAT_SSLBIS_LAT] = g_steal_pointer(&sslbis_latency); - (*cdat_table)[CXL_USP_CDAT_SSLBIS_BW] = g_steal_pointer(&sslbis_bandwidth); + (*cdat_table)[CXL_USP_CDAT_SSLBIS_LAT] = (CDATSubHeader *)sslbis_latency; + (*cdat_table)[CXL_USP_CDAT_SSLBIS_BW] = (CDATSubHeader *)sslbis_bandwidth; return CXL_USP_CDAT_NUM_ENTRIES; } diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index d607a5f9fb..71f759a59d 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -188,7 +188,7 @@ static const char *names[] = { #define LSI_TAG_VALID (1 << 16) /* Maximum instructions to process. */ -#define LSI_MAX_INSN 10000 +#define LSI_MAX_INSN 100 typedef struct lsi_request { SCSIRequest *req; @@ -205,6 +205,7 @@ enum { LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ + LSI_WAIT_SCRIPTS, /* SCRIPTS stopped because of instruction count limit */ }; enum { @@ -224,8 +225,9 @@ struct LSIState { MemoryRegion ram_io; MemoryRegion io_io; AddressSpace pci_io_as; + QEMUTimer *scripts_timer; - int carry; /* ??? Should this be an a visible register somewhere? */ + int carry; /* ??? Should this be in a visible register somewhere? */ int status; int msg_action; int msg_len; @@ -415,6 +417,7 @@ static void lsi_soft_reset(LSIState *s) s->sbr = 0; assert(QTAILQ_EMPTY(&s->queue)); assert(!s->current); + timer_del(s->scripts_timer); } static int lsi_dma_40bit(LSIState *s) @@ -570,8 +573,9 @@ static inline void lsi_set_phase(LSIState *s, int phase) s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; } -static void lsi_bad_phase(LSIState *s, int out, int new_phase) +static int lsi_bad_phase(LSIState *s, int out, int new_phase) { + int ret = 0; /* Trigger a phase mismatch. */ if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { @@ -584,8 +588,10 @@ static void lsi_bad_phase(LSIState *s, int out, int new_phase) trace_lsi_bad_phase_interrupt(); lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); lsi_stop_script(s); + ret = 1; } lsi_set_phase(s, new_phase); + return ret; } @@ -789,7 +795,7 @@ static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) static void lsi_command_complete(SCSIRequest *req, size_t resid) { LSIState *s = LSI53C895A(req->bus->qbus.parent); - int out; + int out, stop = 0; out = (s->sstat1 & PHASE_MASK) == PHASE_DO; trace_lsi_command_complete(req->status); @@ -797,7 +803,10 @@ static void lsi_command_complete(SCSIRequest *req, size_t resid) s->command_complete = 2; if (s->waiting && s->dbc != 0) { /* Raise phase mismatch for short transfers. */ - lsi_bad_phase(s, out, PHASE_ST); + stop = lsi_bad_phase(s, out, PHASE_ST); + if (stop) { + s->waiting = 0; + } } else { lsi_set_phase(s, PHASE_ST); } @@ -807,7 +816,9 @@ static void lsi_command_complete(SCSIRequest *req, size_t resid) lsi_request_free(s, s->current); scsi_req_unref(req); } - lsi_resume_script(s); + if (!stop) { + lsi_resume_script(s); + } } /* Callback to indicate that the SCSI layer has completed a transfer. */ @@ -1127,6 +1138,12 @@ static void lsi_wait_reselect(LSIState *s) } } +static void lsi_scripts_timer_start(LSIState *s) +{ + trace_lsi_scripts_timer_start(); + timer_mod(s->scripts_timer, qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) + 500); +} + static void lsi_execute_script(LSIState *s) { PCIDevice *pci_dev = PCI_DEVICE(s); @@ -1136,6 +1153,11 @@ static void lsi_execute_script(LSIState *s) int insn_processed = 0; static int reentrancy_level; + if (s->waiting == LSI_WAIT_SCRIPTS) { + timer_del(s->scripts_timer); + s->waiting = LSI_NOWAIT; + } + reentrancy_level++; s->istat1 |= LSI_ISTAT1_SRUN; @@ -1143,8 +1165,8 @@ again: /* * Some windows drivers make the device spin waiting for a memory location * to change. If we have executed more than LSI_MAX_INSN instructions then - * assume this is the case and force an unexpected device disconnect. This - * is apparently sufficient to beat the drivers into submission. + * assume this is the case and start a timer. Until the timer fires, the + * host CPU has a chance to run and change the memory location. * * Another issue (CVE-2023-0330) can occur if the script is programmed to * trigger itself again and again. Avoid this problem by stopping after @@ -1152,13 +1174,8 @@ again: * which should be enough for all valid use cases). */ if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) { - if (!(s->sien0 & LSI_SIST0_UDC)) { - qemu_log_mask(LOG_GUEST_ERROR, - "lsi_scsi: inf. loop with UDC masked"); - } - lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); - lsi_disconnect(s); - trace_lsi_execute_script_stop(); + s->waiting = LSI_WAIT_SCRIPTS; + lsi_scripts_timer_start(s); reentrancy_level--; return; } @@ -2197,6 +2214,9 @@ static int lsi_post_load(void *opaque, int version_id) return -EINVAL; } + if (s->waiting == LSI_WAIT_SCRIPTS) { + lsi_scripts_timer_start(s); + } return 0; } @@ -2294,6 +2314,15 @@ static const struct SCSIBusInfo lsi_scsi_info = { .cancel = lsi_request_cancelled }; +static void scripts_timer_cb(void *opaque) +{ + LSIState *s = opaque; + + trace_lsi_scripts_timer_triggered(); + s->waiting = LSI_NOWAIT; + lsi_execute_script(s); +} + static void lsi_scsi_realize(PCIDevice *dev, Error **errp) { LSIState *s = LSI53C895A(dev); @@ -2313,6 +2342,7 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp) "lsi-ram", 0x2000); memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, "lsi-io", 256); + s->scripts_timer = timer_new_us(QEMU_CLOCK_VIRTUAL, scripts_timer_cb, s); /* * Since we use the address-space API to interact with ram_io, disable the @@ -2337,6 +2367,7 @@ static void lsi_scsi_exit(PCIDevice *dev) LSIState *s = LSI53C895A(dev); address_space_destroy(&s->pci_io_as); + timer_del(s->scripts_timer); } static void lsi_class_init(ObjectClass *klass, void *data) diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events index d72f741ed8..f0f2a98c2e 100644 --- a/hw/scsi/trace-events +++ b/hw/scsi/trace-events @@ -302,6 +302,8 @@ lsi_execute_script_stop(void) "SCRIPTS execution stopped" lsi_awoken(void) "Woken by SIGP" lsi_reg_read(const char *name, int offset, uint8_t ret) "Read reg %s 0x%x = 0x%02x" lsi_reg_write(const char *name, int offset, uint8_t val) "Write reg %s 0x%x = 0x%02x" +lsi_scripts_timer_triggered(void) "SCRIPTS timer triggered" +lsi_scripts_timer_start(void) "SCRIPTS timer started" # virtio-scsi.c virtio_scsi_cmd_req(int lun, uint32_t tag, uint8_t cmd) "virtio_scsi_cmd_req lun=%u tag=0x%x cmd=0x%x" diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index 4fa387f043..a1522a011a 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -2558,7 +2558,7 @@ static bool vfio_display_migration_needed(void *opaque) (vdev->ramfb_migrate == ON_OFF_AUTO_AUTO && vdev->enable_ramfb); } -const VMStateDescription vmstate_vfio_display = { +static const VMStateDescription vmstate_vfio_display = { .name = "VFIOPCIDevice/VFIODisplay", .version_id = 1, .minimum_version_id = 1, @@ -2570,7 +2570,7 @@ const VMStateDescription vmstate_vfio_display = { } }; -const VMStateDescription vmstate_vfio_pci_config = { +static const VMStateDescription vmstate_vfio_pci_config = { .name = "VFIOPCIDevice", .version_id = 1, .minimum_version_id = 1, diff --git a/include/hw/cxl/cxl_cdat.h b/include/hw/cxl/cxl_cdat.h index 8e3d094608..17a09066dc 100644 --- a/include/hw/cxl/cxl_cdat.h +++ b/include/hw/cxl/cxl_cdat.h @@ -82,7 +82,8 @@ typedef struct CDATDsmas { uint16_t reserved; uint64_t DPA_base; uint64_t DPA_length; -} QEMU_PACKED CDATDsmas; +} CDATDsmas; +QEMU_BUILD_BUG_ON(sizeof(CDATDsmas) != 24); /* Device Scoped Latency and Bandwidth Information Structure - CDAT Table 5 */ typedef struct CDATDslbis { @@ -95,7 +96,8 @@ typedef struct CDATDslbis { uint64_t entry_base_unit; uint16_t entry[3]; uint16_t reserved2; -} QEMU_PACKED CDATDslbis; +} CDATDslbis; +QEMU_BUILD_BUG_ON(sizeof(CDATDslbis) != 24); /* Device Scoped Memory Side Cache Information Structure - CDAT Table 6 */ typedef struct CDATDsmscis { @@ -122,7 +124,8 @@ typedef struct CDATDsemts { uint16_t reserved; uint64_t DPA_offset; uint64_t DPA_length; -} QEMU_PACKED CDATDsemts; +} CDATDsemts; +QEMU_BUILD_BUG_ON(sizeof(CDATDsemts) != 24); /* Switch Scoped Latency and Bandwidth Information Structure - CDAT Table 9 */ typedef struct CDATSslbisHeader { @@ -130,7 +133,8 @@ typedef struct CDATSslbisHeader { uint8_t data_type; uint8_t reserved[3]; uint64_t entry_base_unit; -} QEMU_PACKED CDATSslbisHeader; +} CDATSslbisHeader; +QEMU_BUILD_BUG_ON(sizeof(CDATSslbisHeader) != 16); #define CDAT_PORT_ID_USP 0x100 /* Switch Scoped Latency and Bandwidth Entry - CDAT Table 10 */ @@ -139,12 +143,13 @@ typedef struct CDATSslbe { uint16_t port_y_id; uint16_t latency_bandwidth; uint16_t reserved; -} QEMU_PACKED CDATSslbe; +} CDATSslbe; +QEMU_BUILD_BUG_ON(sizeof(CDATSslbe) != 8); typedef struct CDATSslbis { CDATSslbisHeader sslbis_header; CDATSslbe sslbe[]; -} QEMU_PACKED CDATSslbis; +} CDATSslbis; typedef struct CDATEntry { void *base; diff --git a/include/hw/hyperv/dynmem-proto.h b/include/hw/hyperv/dynmem-proto.h index a657786a94..68b8b606f2 100644 --- a/include/hw/hyperv/dynmem-proto.h +++ b/include/hw/hyperv/dynmem-proto.h @@ -328,7 +328,8 @@ struct dm_unballoon_response { /* * Hot add request message. Message sent from the host to the guest. * - * mem_range: Memory range to hot add. + * range: Memory range to hot add. + * region: Explicit hot add memory region for guest to use. Optional. * */ @@ -337,6 +338,12 @@ struct dm_hot_add { union dm_mem_page_range range; } QEMU_PACKED; +struct dm_hot_add_with_region { + struct dm_header hdr; + union dm_mem_page_range range; + union dm_mem_page_range region; +} QEMU_PACKED; + /* * Hot add response message. * This message is sent by the guest to report the status of a hot add request. diff --git a/include/hw/hyperv/hyperv.h b/include/hw/hyperv/hyperv.h index 015c3524b1..d717b4e13d 100644 --- a/include/hw/hyperv/hyperv.h +++ b/include/hw/hyperv/hyperv.h @@ -139,4 +139,8 @@ typedef struct HvSynDbgMsg { } HvSynDbgMsg; typedef uint16_t (*HvSynDbgHandler)(void *context, HvSynDbgMsg *msg); void hyperv_set_syndbg_handler(HvSynDbgHandler handler, void *context); + +bool hyperv_are_vmbus_recommended_features_enabled(void); +void hyperv_set_vmbus_recommended_features_enabled(void); + #endif diff --git a/include/qapi/qmp/qerror.h b/include/qapi/qmp/qerror.h index 8dd9fcb071..0c2689cf8a 100644 --- a/include/qapi/qmp/qerror.h +++ b/include/qapi/qmp/qerror.h @@ -23,9 +23,6 @@ #define QERR_DEVICE_HAS_NO_MEDIUM \ "Device '%s' has no medium" -#define QERR_DEVICE_IN_USE \ - "Device '%s' is in use" - #define QERR_DEVICE_NO_HOTPLUG \ "Device '%s' does not support hotplugging" diff --git a/meson.build b/meson.build index c59ca496f2..f9dbe7634e 100644 --- a/meson.build +++ b/meson.build @@ -476,11 +476,6 @@ if host_os == 'windows' qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va') endif -# Exclude --warn-common with TSan to suppress warnings from the TSan libraries. -if host_os != 'sunos' and not get_option('tsan') - qemu_ldflags += cc.get_supported_link_arguments('-Wl,--warn-common') -endif - if get_option('fuzzing') # Specify a filter to only instrument code that is directly related to # virtual-devices. diff --git a/replay/replay.c b/replay/replay.c index 3fd241a4fc..a2c576c16e 100644 --- a/replay/replay.c +++ b/replay/replay.c @@ -511,7 +511,7 @@ void replay_add_blocker(const char *feature) { Error *reason = NULL; - error_setg(&reason, "Record/replay feature is not supported for '%s'", + error_setg(&reason, "Record/replay is not supported with %s", feature); replay_blockers = g_slist_prepend(replay_blockers, reason); } diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index d56c9b6677..43cf770f5e 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -28,6 +28,7 @@ # project settings, if you have maintainer access there. # Command line options: +# --check-upload-only : return success if upload is possible # --dry-run : run the tools, but don't actually do the upload # --docker : create and work inside a container # --docker-engine : specify the container engine to use (docker/podman/auto); @@ -57,18 +58,18 @@ # putting it in a file and using --tokenfile. Everything else has # a reasonable default if this is run from a git tree. -check_upload_permissions() { - # Check whether we can do an upload to the server; will exit the script - # with status 1 if the check failed (usually a bad token); - # will exit the script with status 0 if the check indicated that we - # can't upload yet (ie we are at quota) - # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. +upload_permitted() { + # Check whether we can do an upload to the server; will exit *the script* + # with status 99 if the check failed (usually a bad token); + # will return from the function with status 1 if the check indicated + # that we can't upload yet (ie we are at quota) + # Assumes that COVERITY_TOKEN and PROJNAME have been initialized. echo "Checking upload permissions..." if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then echo "Coverity Scan API access denied: bad token?" - exit 1 + exit 99 fi # Really up_perm is a JSON response with either @@ -76,25 +77,40 @@ check_upload_permissions() { # We do some hacky string parsing instead of properly parsing it. case "$up_perm" in *upload_permitted*true*) - echo "Coverity Scan: upload permitted" + return 0 ;; *next_upload_permitted_at*) - if [ "$DRYRUN" = yes ]; then - echo "Coverity Scan: upload quota reached, continuing dry run" - else - echo "Coverity Scan: upload quota reached; stopping here" - # Exit success as this isn't a build error. - exit 0 - fi + return 1 ;; *) echo "Coverity Scan upload check: unexpected result $up_perm" - exit 1 + exit 99 ;; esac } +check_upload_permissions() { + # Check whether we can do an upload to the server; will exit the script + # with status 99 if the check failed (usually a bad token); + # will exit the script with status 0 if the check indicated that we + # can't upload yet (ie we are at quota) + # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. + + if upload_permitted; then + echo "Coverity Scan: upload permitted" + else + if [ "$DRYRUN" = yes ]; then + echo "Coverity Scan: upload quota reached, continuing dry run" + else + echo "Coverity Scan: upload quota reached; stopping here" + # Exit success as this isn't a build error. + exit 0 + fi + fi +} + + build_docker_image() { # build docker container including the coverity-scan tools echo "Building docker container..." @@ -152,9 +168,14 @@ update_coverity_tools () { DRYRUN=no UPDATE=yes DOCKER=no +PROJNAME=QEMU while [ "$#" -ge 1 ]; do case "$1" in + --check-upload-only) + shift + DRYRUN=check + ;; --dry-run) shift DRYRUN=yes @@ -251,6 +272,11 @@ if [ -z "$COVERITY_TOKEN" ]; then exit 1 fi +if [ "$DRYRUN" = check ]; then + upload_permitted + exit $? +fi + if [ -z "$COVERITY_BUILD_CMD" ]; then NPROC=$(nproc) COVERITY_BUILD_CMD="make -j$NPROC" @@ -266,7 +292,6 @@ if [ -z "$SRCDIR" ]; then SRCDIR="$PWD" fi -PROJNAME=QEMU TARBALL=cov-int.tar.xz if [ "$UPDATE" = only ]; then diff --git a/scripts/make-release b/scripts/make-release index 9c570b87f4..6e0433de24 100755 --- a/scripts/make-release +++ b/scripts/make-release @@ -47,5 +47,5 @@ meson subprojects download $SUBPROJECTS CryptoPkg/Library/OpensslLib/openssl \ MdeModulePkg/Library/BrotliCustomDecompressLib/brotli) popd -tar --exclude=.git -cjf ${destination}.tar.bz2 ${destination} +tar --exclude=.git -cJf ${destination}.tar.xz ${destination} rm -rf ${destination} diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c index ad91e74181..09e07cab9b 100644 --- a/system/qdev-monitor.c +++ b/system/qdev-monitor.c @@ -861,19 +861,18 @@ void qmp_device_add(QDict *qdict, QObject **ret_data, Error **errp) return; } dev = qdev_device_add(opts, errp); - - /* - * Drain all pending RCU callbacks. This is done because - * some bus related operations can delay a device removal - * (in this case this can happen if device is added and then - * removed due to a configuration error) - * to a RCU callback, but user might expect that this interface - * will finish its job completely once qmp command returns result - * to the user - */ - drain_call_rcu(); - if (!dev) { + /* + * Drain all pending RCU callbacks. This is done because + * some bus related operations can delay a device removal + * (in this case this can happen if device is added and then + * removed due to a configuration error) + * to a RCU callback, but user might expect that this interface + * will finish its job completely once qmp command returns result + * to the user + */ + drain_call_rcu(); + qemu_opts_del(opts); return; } diff --git a/system/vl.c b/system/vl.c index 48aae6e053..70f4cece7f 100644 --- a/system/vl.c +++ b/system/vl.c @@ -1932,7 +1932,7 @@ static void qemu_apply_machine_options(QDict *qdict) } if (current_machine->smp.cpus > 1) { - replay_add_blocker("smp"); + replay_add_blocker("multiple CPUs"); } } diff --git a/target/i386/kvm/hyperv-stub.c b/target/i386/kvm/hyperv-stub.c index 778ed782e6..3263dcf05d 100644 --- a/target/i386/kvm/hyperv-stub.c +++ b/target/i386/kvm/hyperv-stub.c @@ -52,3 +52,7 @@ void hyperv_x86_synic_reset(X86CPU *cpu) void hyperv_x86_synic_update(X86CPU *cpu) { } + +void hyperv_x86_set_vmbus_recommended_features_enabled(void) +{ +} diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c index 6825c89af3..f2a3fe650a 100644 --- a/target/i386/kvm/hyperv.c +++ b/target/i386/kvm/hyperv.c @@ -149,3 +149,8 @@ int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit) return -1; } } + +void hyperv_x86_set_vmbus_recommended_features_enabled(void) +{ + hyperv_set_vmbus_recommended_features_enabled(); +} diff --git a/target/i386/kvm/hyperv.h b/target/i386/kvm/hyperv.h index 67543296c3..e3982c8f4d 100644 --- a/target/i386/kvm/hyperv.h +++ b/target/i386/kvm/hyperv.h @@ -26,4 +26,6 @@ int hyperv_x86_synic_add(X86CPU *cpu); void hyperv_x86_synic_reset(X86CPU *cpu); void hyperv_x86_synic_update(X86CPU *cpu); +void hyperv_x86_set_vmbus_recommended_features_enabled(void); + #endif diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 42970ab046..e68cbe9293 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1650,6 +1650,13 @@ static int hyperv_init_vcpu(X86CPU *cpu) } } + /* Skip SynIC and VP_INDEX since they are hard deps already */ + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_STIMER) && + hyperv_feat_enabled(cpu, HYPERV_FEAT_VAPIC) && + hyperv_feat_enabled(cpu, HYPERV_FEAT_RUNTIME)) { + hyperv_x86_set_vmbus_recommended_features_enabled(); + } + return 0; } diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 3c379f96c2..e76441695b 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -467,11 +467,13 @@ static int touch_all_pages(char *area, size_t hpagesize, size_t numpages, * preallocating synchronously. */ if (context->num_threads == 1 && !async) { + ret = 0; if (qemu_madvise(area, hpagesize * numpages, QEMU_MADV_POPULATE_WRITE)) { - return -errno; + ret = -errno; } - return 0; + g_free(context); + return ret; } touch_fn = do_madv_populate_write_pages; } else { |