Revision tags: v9.1.0 |
|
#
f0613160 |
| 20-Dec-2023 |
Richard Henderson <richard.henderson@linaro.org> |
hw/display: Constify VMState
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20231221031652.119827-27-richard.henderson@linaro.org>
|
#
303c33e6 |
| 09-Oct-2023 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
ramfb: add migration support
Implementing RAMFB migration is quite straightforward. One caveat is to treat the whole RAMFBCfg as a blob, since that's what is exposed to the guest directly. This avoi
ramfb: add migration support
Implementing RAMFB migration is quite straightforward. One caveat is to treat the whole RAMFBCfg as a blob, since that's what is exposed to the guest directly. This avoid having to fiddle with endianness issues if we were to migrate fields individually as integers.
The devices using RAMFB will have to include ramfb_vmstate in their migration description.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
show more ...
|
#
e0288a77 |
| 19-Sep-2023 |
Laszlo Ersek <lersek@redhat.com> |
hw/display/ramfb: plug slight guest-triggerable leak on mode setting
The fw_cfg DMA write callback in ramfb prepares a new display surface in QEMU; this new surface is put to use ("swapped in") upon
hw/display/ramfb: plug slight guest-triggerable leak on mode setting
The fw_cfg DMA write callback in ramfb prepares a new display surface in QEMU; this new surface is put to use ("swapped in") upon the next display update. At that time, the old surface (if any) is released.
If the guest triggers the fw_cfg DMA write callback at least twice between two adjacent display updates, then the second callback (and further such callbacks) will leak the previously prepared (but not yet swapped in) display surface.
The issue can be shown by:
(1) starting QEMU with "-trace displaysurface_free", and
(2) running the following program in the guest UEFI shell:
> #include <Library/ShellCEntryLib.h> // ShellAppMain() > #include <Library/UefiBootServicesTableLib.h> // gBS > #include <Protocol/GraphicsOutput.h> // EFI_GRAPHICS_OUTPUT_PROTOCOL > > INTN > EFIAPI > ShellAppMain ( > IN UINTN Argc, > IN CHAR16 **Argv > ) > { > EFI_STATUS Status; > VOID *Interface; > EFI_GRAPHICS_OUTPUT_PROTOCOL *Gop; > UINT32 Mode; > > Status = gBS->LocateProtocol ( > &gEfiGraphicsOutputProtocolGuid, > NULL, > &Interface > ); > if (EFI_ERROR (Status)) { > return 1; > } > > Gop = Interface; > > Mode = 1; > for ( ; ;) { > Status = Gop->SetMode (Gop, Mode); > if (EFI_ERROR (Status)) { > break; > } > > Mode = 1 - Mode; > } > > return 1; > }
The symptom is then that:
- only one trace message appears periodically,
- the time between adjacent messages keeps increasing -- implying that some list structure (containing the leaked resources) keeps growing,
- the "surface" pointer is ever different.
> 18566@1695127471.449586:displaysurface_free surface=0x7f2fcc09a7c0 > 18566@1695127471.529559:displaysurface_free surface=0x7f2fcc9dac10 > 18566@1695127471.659812:displaysurface_free surface=0x7f2fcc441dd0 > 18566@1695127471.839669:displaysurface_free surface=0x7f2fcc0363d0 > 18566@1695127472.069674:displaysurface_free surface=0x7f2fcc413a80 > 18566@1695127472.349580:displaysurface_free surface=0x7f2fcc09cd00 > 18566@1695127472.679783:displaysurface_free surface=0x7f2fcc1395f0 > 18566@1695127473.059848:displaysurface_free surface=0x7f2fcc1cae50 > 18566@1695127473.489724:displaysurface_free surface=0x7f2fcc42fc50 > 18566@1695127473.969791:displaysurface_free surface=0x7f2fcc45dcc0 > 18566@1695127474.499708:displaysurface_free surface=0x7f2fcc70b9d0 > 18566@1695127475.079769:displaysurface_free surface=0x7f2fcc82acc0 > 18566@1695127475.709941:displaysurface_free surface=0x7f2fcc369c00 > 18566@1695127476.389619:displaysurface_free surface=0x7f2fcc32b910 > 18566@1695127477.119772:displaysurface_free surface=0x7f2fcc0d5a20 > 18566@1695127477.899517:displaysurface_free surface=0x7f2fcc086c40 > 18566@1695127478.729962:displaysurface_free surface=0x7f2fccc72020 > 18566@1695127479.609839:displaysurface_free surface=0x7f2fcc185160 > 18566@1695127480.539688:displaysurface_free surface=0x7f2fcc23a7e0 > 18566@1695127481.519759:displaysurface_free surface=0x7f2fcc3ec870 > 18566@1695127482.549930:displaysurface_free surface=0x7f2fcc634960 > 18566@1695127483.629661:displaysurface_free surface=0x7f2fcc26b140 > 18566@1695127484.759987:displaysurface_free surface=0x7f2fcc321700 > 18566@1695127485.940289:displaysurface_free surface=0x7f2fccaad100
We figured this wasn't a CVE-worthy problem, as only small amounts of memory were leaked (the framebuffer itself is mapped from guest RAM, QEMU only allocates administrative structures), plus libvirt restricts QEMU memory footprint anyway, thus the guest can only DoS itself.
Plug the leak, by releasing the last prepared (not yet swapped in) display surface, if any, in the fw_cfg DMA write callback.
Regarding the "reproducer", with the fix in place, the log is flooded with trace messages (one per fw_cfg write), *and* the trace message alternates between just two "surface" pointer values (i.e., nothing is leaked, the allocator flip-flops between two objects in effect).
This issue appears to date back to the introducion of ramfb (995b30179bdc, "hw/display: add ramfb, a simple boot framebuffer living in guest ram", 2018-06-18).
Cc: Gerd Hoffmann <kraxel@redhat.com> (maintainer:ramfb) Cc: qemu-stable@nongnu.org Fixes: 995b30179bdc Signed-off-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <20230919131955.27223-1-lersek@redhat.com>
show more ...
|
Revision tags: v8.0.0, v7.2.0, v7.0.0, v6.2.0, v6.1.0, v5.2.0 |
|
#
5acc270a |
| 25-Jun-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/xtensa/tags/20200625-xtensa' into staging target/xtensa fixes for 5.1: - fix access to special registers missing in the core configuration;
Merge remote-tracking branch 'remotes/xtensa/tags/20200625-xtensa' into staging target/xtensa fixes for 5.1: - fix access to special registers missing in the core configuration; - fix simcall opcode behavior for new hardware; - drop gen_io_end call from xtensa translator. # gpg: Signature made Thu 25 Jun 2020 09:08:58 BST # gpg: using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044 # gpg: issuer "jcmvbkbc@gmail.com" # gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown] # gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" [full] # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" [full] # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20200625-xtensa: target/xtensa: drop gen_io_end call target/xtensa: fix simcall for newer hardware target/xtensa: fetch HW version from configuration overlay target/xtensa: work around missing SR definitions Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
cccdd8c7 |
| 02-Jun-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging machine queue, 2020-05-13 Bug fixes: * hostmem: don't use mbind() if host-nodes is em
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging machine queue, 2020-05-13 Bug fixes: * hostmem: don't use mbind() if host-nodes is empty (Igor Mammedov) # gpg: Signature made Wed 13 May 2020 15:00:25 BST # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/machine-next-pull-request: hostmem: don't use mbind() if host-nodes is empty Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
ad5a5912 |
| 21-May-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kraxel/tags/ui-20200520-pull-request' into staging ui: windows keyboard fixes for gtk & sdl. ui: require GTK 3.22 or newer. # gpg: Signatur
Merge remote-tracking branch 'remotes/kraxel/tags/ui-20200520-pull-request' into staging ui: windows keyboard fixes for gtk & sdl. ui: require GTK 3.22 or newer. # gpg: Signature made Wed 20 May 2020 09:41:48 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20200520-pull-request: ui: increase min required GTK version to 3.22.0 ui/gtk: use native keyboard scancodes on Windows ui/gtk: don't pass on win keys without keyboard grab ui/sdl2-input: use trace-events to debug key events ui/sdl2: start in full screen with grab enabled ui/sdl2: fix handling of AltGr key on Windows ui/gtk: remove unused variable ignore_keys ui/gtk: remove unused code ui/gkt: release all keys on grab-broken-event ui/gtk: fix handling of AltGr key on Windows ui/win32-kbd-hook: handle AltGr in a hook procedure Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
f2465433 |
| 19-May-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging Pull request # gpg: Signature made Tue 19 May 2020 09:00:32 BST # gpg: using
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging Pull request # gpg: Signature made Tue 19 May 2020 09:00:32 BST # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: aio-posix: disable fdmon-io_uring when GSource is used aio-posix: don't duplicate fd handler deletion in fdmon_io_uring_destroy() tests/fuzz: Extract ioport_fuzz_qtest() method tests/fuzz: Extract pciconfig_fuzz_qos() method tests/fuzz: Remove unuseful/unused typedefs tests/fuzz: Add missing space in test description Makefile: List fuzz targets in 'make help' tests/fuzz/Makefile: Do not link code using unavailable devices Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
bffe88d1 |
| 19-May-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - Introduce real BdrvChildRole - blk/bdrv_make_empty() functions instead of call
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - Introduce real BdrvChildRole - blk/bdrv_make_empty() functions instead of calling callbacks directly - mirror: Make sure that source and target size match - block-copy: Fix uninitialized variable - block/replication: Avoid cancelling the job twice - ahci: Log lost IRQs - iotests: Run pylint and mypy in a testcase - iotests: log messages from notrun() # gpg: Signature made Mon 18 May 2020 18:05:32 BST # gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6 # gpg: issuer "kwolf@redhat.com" # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (52 commits) hw: Use QEMU_IS_ALIGNED() on parallel flash block size iotests/030: Reduce run time by unthrottling job earlier hw/ide/ahci: Log lost IRQs iotests: log messages from notrun() block/block-copy: Simplify block_copy_do_copy() block/block-copy: Fix uninitialized variable in block_copy_task_entry block: Drop @child_class from bdrv_child_perm() block: Pass BdrvChildRole in remaining cases block: Drop child_file block: Drop bdrv_format_default_perms() block: Make bdrv_filter_default_perms() static block: Use bdrv_default_perms() tests: Use child_of_bds instead of child_file block: Use child_of_bds in remaining places block: Make filter drivers use child_of_bds block: Make format drivers use child_of_bds block: Drop child_backing block: Make backing files child_of_bds children block: Drop child_format block: Switch child_format users to child_of_bds ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
a89af8c2 |
| 18-May-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-05-18' into staging nbd patches for 2020-05-20 - fix stranded fd in 'qemu-nbd -c /dev/nbd0' - add 'qemu-img map --
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-05-18' into staging nbd patches for 2020-05-20 - fix stranded fd in 'qemu-nbd -c /dev/nbd0' - add 'qemu-img map --start-offset --max-length' options # gpg: Signature made Mon 18 May 2020 17:29:56 BST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2020-05-18: iotests: Enhance 223 to cover qemu-img map improvements qemu-img: Add --start-offset and --max-length to map qemu-img: refactor dump_map_entry JSON format output qemu-img: validate image length in img_map qemu_img: add cvtnum_full to print error reports qemu-nbd: Close inherited stderr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
3fcf15df |
| 29-Apr-2020 |
Gerd Hoffmann <kraxel@redhat.com> |
ramfb: fix size calculation size calculation isn't correct with guest-supplied stride, the last display line isn't accounted for correctly. For the typical case of stride > line
ramfb: fix size calculation size calculation isn't correct with guest-supplied stride, the last display line isn't accounted for correctly. For the typical case of stride > linesize (add padding) we error on the safe side (calculated size is larger than actual size). With stride < linesize (scanlines overlap) the calculated size is smaller than the actual size though so our guest memory mapping might end up being too small. While being at it also fix ramfb_create_display_surface to use hwaddr for the parameters. That way all calculation are done with hwaddr type and we can't get funny effects from type castings. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.28709-7-kraxel@redhat.com
show more ...
|
#
819c83e2 |
| 29-Apr-2020 |
Gerd Hoffmann <kraxel@redhat.com> |
ramfb: add sanity checks to ramfb_create_display_surface Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.287
ramfb: add sanity checks to ramfb_create_display_surface Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.28709-6-kraxel@redhat.com
show more ...
|
#
19aaee2a |
| 29-Apr-2020 |
Gerd Hoffmann <kraxel@redhat.com> |
ramfb: don't update RAMFBState on errors Store width & height & surface in local variables. Update RAMFBState with the new values only in case the ramfb_create_display_surface() call
ramfb: don't update RAMFBState on errors Store width & height & surface in local variables. Update RAMFBState with the new values only in case the ramfb_create_display_surface() call succeeds. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.28709-5-kraxel@redhat.com
show more ...
|
#
46a298d6 |
| 29-Apr-2020 |
Gerd Hoffmann <kraxel@redhat.com> |
ramfb: drop leftover debug message Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.c
ramfb: drop leftover debug message Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.28709-4-kraxel@redhat.com
show more ...
|
#
c326eedc |
| 29-Apr-2020 |
Gerd Hoffmann <kraxel@redhat.com> |
Revert "hw/display/ramfb: lock guest resolution after it's set" This reverts commit a9e0cb67b7f4c485755659f9b764c38b5f970de4. This breaks OVMF. Reproducer: Just hit 'ESC' at early
Revert "hw/display/ramfb: lock guest resolution after it's set" This reverts commit a9e0cb67b7f4c485755659f9b764c38b5f970de4. This breaks OVMF. Reproducer: Just hit 'ESC' at early boot to enter firmware setup. OVMF wants switch from (default) 800x600 to 640x480 for that, and this patch blocks it. Cc: Hou Qiming <hqm03ster@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.28709-3-kraxel@redhat.com
show more ...
|
#
2fc979cb |
| 29-Apr-2020 |
Gerd Hoffmann <kraxel@redhat.com> |
Revert "hw/display/ramfb: initialize fw-config space with xres/ yres" This reverts commit f79081b4b71b72640bedd40a7cd76f864c8287f1. Patch has broken byteorder handling: RAMFBCfg fie
Revert "hw/display/ramfb: initialize fw-config space with xres/ yres" This reverts commit f79081b4b71b72640bedd40a7cd76f864c8287f1. Patch has broken byteorder handling: RAMFBCfg fields are in bigendian byteorder, the reset function doesn't care so native byteorder is used instead. Given this went unnoticed so far the feature is obviously unused, so just revert the patch. Cc: Hou Qiming <hqm03ster@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20200429115236.28709-2-kraxel@redhat.com
show more ...
|
Revision tags: v5.0.0 |
|
#
8b6b68e0 |
| 27-Feb-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging virtio, pc: fixes, features New virtio iommu. Unrealize memory leaks. In-band kick/call support.
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging virtio, pc: fixes, features New virtio iommu. Unrealize memory leaks. In-band kick/call support. Bugfixes, documentation all over the place. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 27 Feb 2020 08:46:33 GMT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (30 commits) Fixed assert in vhost_user_set_mem_table_postcopy vhost-user: only set slave channel for first vq acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command libvhost-user: implement in-band notifications docs: vhost-user: add in-band kick/call messages libvhost-user: handle NOFD flag in call/kick/err better libvhost-user-glib: use g_main_context_get_thread_default() libvhost-user-glib: fix VugDev main fd cleanup libvhost-user: implement VHOST_USER_PROTOCOL_F_REPLY_ACK MAINTAINERS: add virtio-iommu related files hw/arm/virt: Add the virtio-iommu device tree mappings virtio-iommu-pci: Add virtio iommu pci support virtio-iommu: Support migration virtio-iommu: Implement fault reporting virtio-iommu: Implement translate virtio-iommu: Implement map/unmap virtio-iommu: Implement attach/detach command virtio-iommu: Decode the command payload virtio-iommu: Add skeleton virtio: gracefully handle invalid region caches ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
db736e04 |
| 25-Feb-2020 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging * device_del fix (Julia) * FXAM fix (myself) * memdev refactoring (Igor) * memory region API cleanup
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging * device_del fix (Julia) * FXAM fix (myself) * memdev refactoring (Igor) * memory region API cleanups (Peter, Philippe) * ioeventfd optimization (Stefan) * new WHPX maintainer (Sunil) * Large guest startup optimizations (Chen) # gpg: Signature made Tue 25 Feb 2020 12:42:24 GMT # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (104 commits) WHPX: Assigning maintainer for Windows Hypervisor Platform accel/kvm: Check ioctl(KVM_SET_USER_MEMORY_REGION) return value target/i386: check for empty register in FXAM qdev-monitor: Forbid repeated device_del mem-prealloc: optimize large guest startup memory: batch allocate ioeventfds[] in address_space_update_ioeventfds() Avoid cpu_physical_memory_rw() with a constant is_write argument Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument exec: Let cpu_[physical]_memory API use a boolean 'is_write' argument Avoid address_space_rw() with a constant is_write argument Let address_space_rw() calls pass a boolean 'is_write' argument exec: Let address_space_unmap() use a boolean 'is_write' argument hw/virtio: Let vhost_memory_map() use a boolean 'is_write' argument hw/virtio: Let virtqueue_map_iovec() use a boolean 'is_write' argument hw/ide: Let the DMAIntFunc prototype use a boolean 'is_write' argument hw/ide/internal: Remove unused DMARestartFunc typedef Remove unnecessary cast when using the cpu_[physical]_memory API exec: Let the cpu_[physical]_memory API use void pointer arguments Remove unnecessary cast when using the address_space API hw/net: Avoid casting non-const pointer, use address_space_write() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
9e264985 |
| 25-Feb-2020 |
Paolo Bonzini <pbonzini@redhat.com> |
Merge branch 'exec_rw_const_v4' of https://github.com/philmd/qemu into HEAD
|
#
85eb7c18 |
| 19-Feb-2020 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument Use an explicit boolean type. This commit was produced with the included Coccinelle script scripts/coccinell
Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument Use an explicit boolean type. This commit was produced with the included Coccinelle script scripts/coccinelle/exec_rw_const. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
show more ...
|
Revision tags: v4.2.0 |
|
#
afd76053 |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190816' into staging target-arm queue: * target/arm: generate a custom MIDR for -cpu max * hw/misc/zynq_slcr:
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190816' into staging target-arm queue: * target/arm: generate a custom MIDR for -cpu max * hw/misc/zynq_slcr: refactor to use standard register definition * Set ENET_BD_BDU in I.MX FEC controller * target/arm: Fix routing of singlestep exceptions * refactor a32/t32 decoder handling of PC * minor optimisations/cleanups of some a32/t32 codegen * target/arm/cpu64: Ensure kvm really supports aarch64=off * target/arm/cpu: Ensure we can use the pmu with kvm * target/arm: Minor cleanups preparatory to KVM SVE support # gpg: Signature made Fri 16 Aug 2019 14:15:55 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20190816: (29 commits) target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR target/arm: Use tcg_gen_rotri_i32 for gen_swap_half target/arm: Use ror32 instead of open-coding the operation target/arm: Remove redundant shift tests target/arm: Use tcg_gen_deposit_i32 for PKHBT, PKHTB target/arm: Use tcg_gen_extract_i32 for shifter_out_im target/arm/kvm64: Move the get/put of fpsimd registers out target/arm/kvm64: Fix error returns target/arm/cpu: Use div-round-up to determine predicate register array size target/arm/helper: zcr: Add build bug next to value range assumption target/arm/cpu: Ensure we can use the pmu with kvm target/arm/cpu64: Ensure kvm really supports aarch64=off target/arm: Remove helper_double_saturate target/arm: Use unallocated_encoding for aarch32 target/arm: Remove offset argument to gen_exception_bkpt_insn target/arm: Replace offset with pc in gen_exception_internal_insn target/arm: Replace offset with pc in gen_exception_insn target/arm: Replace s->pc with s->base.pc_next target/arm: Remove redundant s->pc & ~1 ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
e018ccb3 |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - file-posix: Fix O_DIRECT alignment detection - Fixes for concurrent block jobs
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - file-posix: Fix O_DIRECT alignment detection - Fixes for concurrent block jobs - block-backend: Queue requests while drained (fix IDE vs. job crashes) - qemu-img convert: Deprecate using -n and -o together - iotests: Migration tests with filter nodes - iotests: More media change tests # gpg: Signature made Fri 16 Aug 2019 10:29:18 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: file-posix: Handle undetectable alignment qemu-img convert: Deprecate using -n and -o together block-backend: Queue requests while drained mirror: Keep mirror_top_bs drained after dropping permissions block: Remove blk_pread_unthrottled() iotests: Add test for concurrent stream/commit tests: Test mid-drain bdrv_replace_child_noperm() tests: Test polling in bdrv_drop_intermediate() block: Reduce (un)drains when replacing a child block: Keep subtree drained in drop_intermediate block: Simplify bdrv_filter_default_perms() iotests: Test migration with all kinds of filter nodes iotests: Move migration helpers to iotests.py iotests/118: Add -blockdev based tests iotests/118: Create test classes dynamically iotests/118: Test media change for scsi-cd Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
c6a2225a |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-08-15' into staging nbd patches for 2019-08-15 - Addition of InetSocketAddress keep-alive - Addition of BDRV_REQ_P
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-08-15' into staging nbd patches for 2019-08-15 - Addition of InetSocketAddress keep-alive - Addition of BDRV_REQ_PREFETCH for more efficient copy-on-read - Initial refactoring in preparation of NBD reconnect # gpg: Signature made Thu 15 Aug 2019 19:28:41 BST # gpg: using RSA key A7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2019-08-15: block/nbd: refactor nbd connection parameters block/nbd: add cmdline and qapi parameter reconnect-delay block/nbd: move from quit to state block/nbd: use non-blocking io channel for nbd negotiation block/nbd: split connection_co start out of nbd_client_connect nbd: improve CMD_CACHE: use BDRV_REQ_PREFETCH block/stream: use BDRV_REQ_PREFETCH block: implement BDRV_REQ_PREFETCH qapi: Add InetSocketAddress member keep-alive Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
95a9457f |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2019-08-13-v2' into staging Header cleanup patches for 2019-08-13 # gpg: Signature made Fri 16 Aug 2019 12:39:12 BST
Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2019-08-13-v2' into staging Header cleanup patches for 2019-08-13 # gpg: Signature made Fri 16 Aug 2019 12:39:12 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-include-2019-08-13-v2: (29 commits) sysemu: Split sysemu/runstate.h off sysemu/sysemu.h sysemu: Move the VMChangeStateEntry typedef to qemu/typedefs.h Include sysemu/sysemu.h a lot less Clean up inclusion of sysemu/sysemu.h numa: Move remaining NUMA declarations from sysemu.h to numa.h Include sysemu/hostmem.h less numa: Don't include hw/boards.h into sysemu/numa.h Include hw/boards.h a bit less Include hw/qdev-properties.h less Include qemu/main-loop.h less Include qemu/queue.h slightly less Include hw/hw.h exactly where needed Include qom/object.h slightly less Include exec/memory.h slightly less Include migration/vmstate.h less migration: Move the VMStateDescription typedef to typedefs.h Clean up inclusion of exec/cpu-common.h Include hw/irq.h a lot less typedefs: Separate incomplete types and function types ide: Include hw/ide/internal a bit less outside hw/ide/ ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
d5938f29 |
| 12-Aug-2019 |
Markus Armbruster <armbru@redhat.com> |
Clean up inclusion of sysemu/sysemu.h In my "build everything" tree, changing sysemu/sysemu.h triggers a recompile of some 5400 out of 6600 objects (not counting tests and objects th
Clean up inclusion of sysemu/sysemu.h In my "build everything" tree, changing sysemu/sysemu.h triggers a recompile of some 5400 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). Almost a third of its inclusions are actually superfluous. Delete them. Downgrade two more to qapi/qapi-types-run-state.h, and move one from char/serial.h to char/serial.c. hw/semihosting/config.c, monitor/monitor.c, qdev-monitor.c, and stubs/semihost.c define variables declared in sysemu/sysemu.h without including it. The compiler is cool with that, but include it anyway. This doesn't reduce actual use much, as it's still included into widely included headers. The next commit will tackle that. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-27-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
show more ...
|
#
71e8a915 |
| 12-Aug-2019 |
Markus Armbruster <armbru@redhat.com> |
Include sysemu/reset.h a lot less In my "build everything" tree, changing sysemu/reset.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that do
Include sysemu/reset.h a lot less In my "build everything" tree, changing sysemu/reset.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). The main culprit is hw/hw.h, which supposedly includes it for convenience. Include sysemu/reset.h only where it's needed. Touching it now recompiles less than 200 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-9-armbru@redhat.com>
show more ...
|