Reported-by: NAlberto Garcia <berto@igalia.com>
Signed-off-by: NFam Zheng <famz@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180306024328.19195-1-famz@redhat.com
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Starting qemu with the following arguments causes qemu to segfault:
... -device lsi,id=lsi0 -drive file=iscsi:<...>,format=raw,if=none,node-name=
iscsi1 -device scsi-block,bus=lsi0.0,id=<...>,drive=iscsi1

This patch fixes blk_aio_ioctl() so it does not pass stack addresses to
blk_aio_ioctl_entry() which may be invoked after blk_aio_ioctl() returns. More
details about the bug follow.

blk_aio_ioctl() invokes blk_aio_prwv() with blk_aio_ioctl_entry as the
coroutine parameter. blk_aio_prwv() ultimately calls aio_co_enter().

When blk_aio_ioctl() is executed from within a coroutine context (e.g.
iscsi_bh_cb()), aio_co_enter() adds the coroutine (blk_aio_ioctl_entry) to
the current coroutine's wakeup queue. blk_aio_ioctl() then returns.

When blk_aio_ioctl_entry() executes later, it accesses an invalid pointer:
....
    BlkRwCo *rwco = &acb->rwco;

    rwco->ret = blk_co_ioctl(rwco->blk, rwco->offset,
                             rwco->qiov->iov[0].iov_base);  <--- qiov is
                                                                 invalid here
...

In the case when blk_aio_ioctl() is called from a non-coroutine context,
blk_aio_ioctl_entry() executes immediately. But if bdrv_co_ioctl() calls
qemu_coroutine_yield(), blk_aio_ioctl() will return. When the coroutine
execution is complete, control returns to blk_aio_ioctl_entry() after the call
to blk_co_ioctl(). There is no invalid reference after this point, but the
function is still holding on to invalid pointers.

The fix is to change blk_aio_prwv() to accept a void pointer for the IO buffer
rather than a QEMUIOVector. blk_aio_prwv() passes this through in BlkRwCo and the
coroutine function casts it to QEMUIOVector or uses the void pointer directly.
Signed-off-by: NDeepa Srinivasan <deepa.srinivasan@oracle.com>
Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: NMark Kanda <mark.kanda@oracle.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>

Merge tpm 2018/03/07

# gpg: Signature made Wed 07 Mar 2018 12:42:13 GMT
# gpg:                using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE  C66B 75AD 6580 2A0B 4211

* remotes/stefanberger/tags/pull-tpm-2018-03-07-1:
  tpm: convert tpm_tis.c to use trace-events
  tpm: convert tpm_emulator.c to use trace-events
  tpm: convert tpm_util.c to use trace-events
  tpm: convert tpm_passthrough.c to use trace-events
  tpm: convert tpm_crb.c to use trace-events
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

# gpg: Signature made Wed 07 Mar 2018 11:24:41 GMT
# gpg:                using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qio-next-pull-request:
  qio: non-default context for TLS handshake
  qio: non-default context for async conn
  qio: non-default context for threaded qtask
  qio: store gsources for net listeners
  qio: introduce qio_channel_add_watch_{full|source}
  qio: rename qio_task_thread_result
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Multiboot patches

# gpg: Signature made Wed 07 Mar 2018 11:15:17 GMT
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  multiboot: fprintf(stderr...) -> error_report()
  multiboot: Use header names when displaying fields
  multiboot: Remove unused variables from multiboot.c
  multiboot: bss_end_addr can be zero
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Change all fprintf(stderr...) calls in hw/i386/multiboot.c to call
error_report() instead, including the mb_debug macro.  Remove the "\n"
from strings passed to all modified calls, since error_report() appends
one.
Signed-off-by: NJack Schwartz <jack.schwartz@oracle.com>
Reviewed-by: NDaniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Refer to field names when displaying fields in printf and debug statements.
Signed-off-by: NJack Schwartz <jack.schwartz@oracle.com>
Reviewed-by: NDaniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Remove unused variables: mh_mode_type, mh_width, mh_height, mh_depth
Signed-off-by: NJack Schwartz <jack.schwartz@oracle.com>
Reviewed-by: NDaniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: NPrasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/),
section 3.1.3, allows for bss_end_addr to be zero.

A zero bss_end_addr signifies there is no .bss section.
Suggested-by: NDaniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: NJack Schwartz <jack.schwartz@oracle.com>
Reviewed-by: NDaniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: NPrasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Leave the DEBUG_TIS for more debugging and convert to use if (DEBUG_TIS)
rather than #if DEBUG_TIS where it is being used.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

Use types that are defined by QEMU in trace events caused build failures
for the UST trace backend:

  In file included from trace-ust-all.c:13:0:
  trace-ust-all.h:11844:206: error: unknown type name ‘hwaddr’

It only knows about C built-in types, and any types that are pulled in
from includs of qemu-common.h and lttng/tracepoint.h. This does not
include the 'hwaddr' type, so replace it with a uint64_t which is what
exec/hwaddr.h defines 'hwaddr' as. This fixes the build failure
introduced by

  commit 9eb8040c
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   Fri Mar 2 10:45:39 2018 +0000

    hw/misc/tz-ppc: Model TrustZone peripheral protection controller
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 20180306134317.836-1-berrange@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* new QMP command qom-list-properties (Alexey)
* TCG cleanups (David)
* use g_path_get_basename/g_path_get_dirname when useful (Julia)
* WHPX fixes (Justin)
* ASAN fixes (Marc-André)
* g364fb memory leak fix, address_space_to_flatview RCU fixes (me)
* chardev memory leak fix (Peter)
* checkpatch improvements (Julia, Su Hang)
* next round of deprecation patches (Thomas)

# gpg: Signature made Tue 06 Mar 2018 13:11:58 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (34 commits)
  use g_path_get_basename instead of basename
  balloon: Fix documentation of the --balloon parameter and deprecate it
  WHPX improve interrupt notification registration
  WHXP Removes the use of WHvGetExitContextSize
  Fix WHPX issue leaking tpr values
  Fix WHPX typo in 'mmio'
  Fix WHPX additional lock acquisition
  Remove unnecessary WHPX __debugbreak();
  Resolves WHPX breaking changes in SDK 17095
  Fixing WHPX casing to match SDK
  Revert "build-sys: compile with -Og or -O1 when --enable-debug"
  checkpatch: add check for `while` and `for`
  checkpatch: add a warning for basename/dirname
  address_space_rw: address_space_to_flatview needs RCU lock
  address_space_map: address_space_to_flatview needs RCU lock
  address_space_access_valid: address_space_to_flatview needs RCU lock
  address_space_read: address_space_to_flatview needs RCU lock
  address_space_write: address_space_to_flatview needs RCU lock
  memory: inline some performance-sensitive accessors
  openpic_kvm: drop address_space_to_flatview call
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

basename(3) and dirname(3) modify their argument and may return
pointers to statically allocated memory which may be overwritten by
subsequent calls.
g_path_get_basename and g_path_get_dirname have no such issues, and
therefore more preferable.
Signed-off-by: NJulia Suvorova <jusual@mail.ru>
Message-Id: <1519888086-4207-1-git-send-email-jusual@mail.ru>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NCornelia Huck <cohuck@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

There are two issues with the documentation of the --balloon parameter:
First, "--balloon none" is simply doing nothing. Even if a machine had a
balloon device by default, this option is not disabling anything, it is
simply ignored. Thus let's simply drop this option from the documentation
to avoid to confuse the users (but keep the code in vl.c for backward
compatibility).
Second, the documentation claims that "--balloon virtio" is the default
mode, but this is not true anymore since commit 382f0743.
Since that commit, the option also has no real use case anymore, since
you can simply use "--device virtio-balloon" nowadays instead. Thus to
simplify our complex parameter zoo a little bit, let's deprecate the
the parameter now and tell the user to use "--device virtio-balloon"
instead.

Fixes: 382f0743Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1519796303-13257-1-git-send-email-thuth@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Improves the usage of the InterruptNotification registration by skipping the
additional call to WHvSetVirtualProcessorRegisters if we have already
registered for the window exit.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-9-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

The use of WHvGetExitContextSize will break ABI compatibility if the platform
changes the context size while a qemu compiled executable does not recompile.
To avoid this we now use sizeof and let the platform determine which version
of the struction was passed for ABI compatibility.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-8-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

Fixes an issue where if the tpr is assigned to the array but not a different
value from what is already expected on the vp the code will skip incrementing
the reg_count. In this case its possible that we set an invalid memory section
of the next call for DeliverabilityNotifications that was not expected.

The fix is to use a local variable to store the temporary tpr and only update
the array if the local tpr value is different than the vp context.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-7-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

Renames the usage of 'memio' to 'mmio' in the emulator callbacks.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-6-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

The code already is holding the qemu_mutex for the IO thread. We do not need
to additionally take the lock again in this case.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-5-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

Minor code cleanup. The calls to __debugbreak() are not required and should
no longer be used to prevent unnecessary breaks.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-4-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

1. Fixes the changes required to the WHvTryMmioEmulation, WHvTryIoEmulation, and
WHvEmulatorCreateEmulator based on the new VpContext forwarding.
2. Removes the WHvRunVpExitReasonAlerted case.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-3-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

Fixes an issue where the SDK that was releases had a different casing for the
*.h and *.lib files causing a build break if linked directly from Windows Kits.
Signed-off-by: NJustin Terry (VM) <juterry@microsoft.com>
Message-Id: <1519665216-1078-2-git-send-email-juterry@microsoft.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NJustin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>

This reverts commit 90654868.
Even with -Og, the debug experience is noticeably worse
because gdb shows a lot more "<optimised out>" variables and
function arguments.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Adding check for `while` and `for` statements, which condition has more than
one line.

The former checkpatch.pl can check `if` statement, which condition has more
than one line, whether block misses brace round, like this:
'''
if (cond1 ||
    cond2)
    statement;
'''
But it doesn't do the same check for `for` and `while` statements.

Using `(?:...)` instead of `(...)` in regex pattern catch.
Because `(?:...)` is faster and avoids unwanted side-effect.
Suggested-by: NStefan Hajnoczi <stefanha@redhat.com>
Suggested-by: NEric Blake <eblake@redhat.com>
Suggested-by: NThomas Huth <thuth@redhat.com>
Signed-off-by: NSu Hang <suhang16@mails.ucas.ac.cn>
Message-Id: <1520319890-19761-1-git-send-email-suhang16@mails.ucas.ac.cn>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

g_path_get_* do the same as g_strdup(basename/dirname(...)) but
without modifying the argument.
Signed-off-by: NJulia Suvorova <jusual@mail.ru>
Message-Id: <1519987399-19160-1-git-send-email-jusual@mail.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

address_space_rw is calling address_space_to_flatview but it can
be called outside the RCU lock.  To fix it, transform flatview_rw
into address_space_rw, since flatview_rw is otherwise unused.
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

address_space_map is calling address_space_to_flatview but it can
be called outside the RCU lock.  The function itself is calling
rcu_read_lock/rcu_read_unlock, just in the wrong place, so the
fix is easy.
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

address_space_access_valid is calling address_space_to_flatview but it can
be called outside the RCU lock.  To fix it, push the rcu_read_lock/unlock
pair up from flatview_access_valid to address_space_access_valid.
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

address_space_read is calling address_space_to_flatview but it can
be called outside the RCU lock.  To fix it, push the rcu_read_lock/unlock
pair up from flatview_read_full to address_space_read's constant size
fast path and address_space_read_full.
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

address_space_write is calling address_space_to_flatview but it can
be called outside the RCU lock.  To fix it, push the rcu_read_lock/unlock
pair up from flatview_write to address_space_write.
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

These accessors are called from inlined functions, and the call sequence
is much more expensive than just inlining the access.  Move the
struct declaration to memory-internal.h so that exec.c and memory.c
can both use an inline function.
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The MemoryListener is registered on address_space_memory, there is
not much to assert.  This currently works because the callback
is invoked only once when the listener is registered, but section->fv
is the _new_ FlatView, not the old one on later calls and that
would break.

This confines address_space_to_flatview to exec.c and memory.c.
Acked-by: NDavid Gibson <david@gibson.dropbear.id.au>
Reviewed-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Need to free TCPChardevTelnetInit when session established.

Since at it, switch to use G_SOURCE_* macros.
Reviewed-by: NDaniel P. Berrange <berrange@redhat.com>
Signed-off-by: NPeter Xu <peterx@redhat.com>
Message-Id: <20180301084438.13594-2-peterx@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Fix the following ASAN reports:

==20125==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f0faea03a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
    #1 0x7f0fae450f75 in g_malloc0 ../glib/gmem.c:124
    #2 0x562fffd526fc in machine_start /home/elmarco/src/qemu/tests/sdhci-test.c:180

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
    #0 0x7f0faea03850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7f0fae450f0c in g_malloc ../glib/gmem.c:94
    #2 0x562fffd5d21d in qpci_init_pc /home/elmarco/src/qemu/tests/libqos/pci-pc.c:122
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180215212552.26997-7-marcandre.lureau@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Fixes the following ASAN report:

Direct leak of 128 byte(s) in 8 object(s) allocated from:
    #0 0x7fefce311850 in malloc (/lib64/libasan.so.4+0xde850)
    #1 0x7fefcdd5ef0c in g_malloc ../glib/gmem.c:94
    #2 0x559b976faff0 in create_ahci_io_test /home/elmarco/src/qemu/tests/ahci-test.c:1810
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180215212552.26997-6-marcandre.lureau@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Current GCC has an optimization bug when compiling with ASAN.

See also GCC bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84307Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180215212552.26997-3-marcandre.lureau@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>