Skip to content

Q
qemu

openeuler / qemu

通知 10
Star 0
Fork 0
Q
qemu

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 09 1月, 2019 21 次提交
  3. 08 1月, 2019 12 次提交
    • R
      qemu-thread: Don't block SEGV, ILL and FPE · 21a43af0
      Roman Bolshakov 提交于 
      If any of these signals happen on macOS, they are not delivered to other
threads and signalfd_compat receives nothing. Indeed, POSIX reference
and sigprocmask(2) note that an attempt to block the signals results in
undefined behaviour. SEGV and FPE can't also be received by signalfd(2)
on Linux.

An ability to retrieve SIGBUS via signalfd(2) is used by QEMU for
memory preallocation therefore we can't unblock it without consequences.
But it's important to leave a remark that the signal is lost on macOS.
Signed-off-by: NRoman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      21a43af0
    • R
      util: Implement debug-threads for macOS · 479a5747
      Roman Bolshakov 提交于 
      macOS provides pthread_setname_np that doesn't have thread id argument.
Signed-off-by: NRoman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      479a5747
    • M
      ui/cocoa: Include less of the generated modular QAPI headers · 16bf5234
      Markus Armbruster 提交于 
      Avoids pointless recompilation.  Missed in commit 112ed241.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRoman Bolshakov <r.bolshakov@yadro.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NRoman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20181220084559.13880-1-armbru@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      16bf5234
    • P
      usb: move ehci_create_ich9_with_companions to hw/i386 · efce3175
      Paolo Bonzini 提交于 
      This function is only needed when Q35 is in use.  Moving it to
the same file that uses it lets you disable the entire USB
subsystem in x86_64-softmmu.mak; of course doing that will
cause -usb to break horribly, but one thing at a time.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Message-id: 1545064358-4601-1-git-send-email-pbonzini@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      efce3175
    • H
      hw/usb: Add generic sys-bus EHCI controller · 114529f7
      Hongbo Zhang 提交于 
      This patch introduces a new system bus generic EHCI controller.
For the system bus EHCI controller, we've already had "xlnx",
"exynos4210", "tegra2", "ppc4xx" and "fusbh200", they are specific and
only suitable for their own platforms, platforms such as an Arm server,
may need a generic system bus EHCI controller, this patch creates it,
and the kernel driver ehci_platform.c works well on it.
Signed-off-by: NHongbo Zhang <hongbo.zhang@linaro.org>
Message-id: 1546077657-22637-1-git-send-email-hongbo.zhang@linaro.org
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      114529f7
    • L
      usb: dev-mtp: fix memory leak in error path · 8e3759ef
      Li Qiang 提交于 
      Spotted by Coverity: CID 1397074

Fixes: c52d46e0Signed-off-by: NLi Qiang <liq3ea@163.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190103132605.49476-1-liq3ea@163.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      8e3759ef
    • J
      usb: drop unnecessary usb_device_post_load checks · f3081539
      Jonathan Davies 提交于 
      In usb_device_post_load, certain values of dev->setup_len or
dev->setup_index can cause -EINVAL to be returned. One example is when
setup_len exceeds 4096, the hard-coded value of sizeof(dev->data_buf).
This can happen through legitimate guest activity and will cause all
subsequent attempts to migrate the guest to fail in vmstate_load_state.

The values of these variables can be set by USB packets originating in
the guest. There are two ways in which they can be set: in
do_token_setup and in do_parameter in hw/usb/core.c.

It is easy to craft a USB packet in a guest that causes do_token_setup
to set setup_len to a value larger than 4096. When this has been done
once, all subsequent attempts to migrate the VM will fail in
usb_device_post_load until the VM is next power-cycled or a
smaller-sized USB packet is sent to the device.

Sample code for achieving this in a VM started with "-device usb-tablet"
running Linux with CONFIG_HIDRAW=y and HID_MAX_BUFFER_SIZE > 4096:

  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>

  int main() {
           char buf[4097];
           int fd = open("/dev/hidraw0", O_RDWR|O_NONBLOCK);

           buf[0] = 0x1;
           write(fd, buf, 4097);

           return 0;
  }

When this code is run in the VM, qemu will output:

  usb_generic_handle_packet: ctrl buffer too small (4097 > 4096)

A subsequent attempt to migrate the VM will fail and output the
following on the destination host:

  qemu-kvm: error while loading state for instance 0x0 of device '0000:00:06.7/1/usb-ptr'
  qemu-kvm: load of migration failed: Invalid argument

The idea behind checking the values of setup_len and setup_index before
they are used is correct, but doing it in usb_device_post_load feels
arbitrary, and will cause unnecessary migration failures. Indeed, none
of the commit messages for c60174e8, 9f8e9895 and 719ffe1f justify why
post_load is the right place to do these checks. They correctly point
out that the important thing to protect is the usb_packet_copy.

Instead, the right place to do the checks is in do_token_setup and
do_parameter. Indeed, there are already some checks here. We can examine
each of the disjuncts currently tested in usb_device_post_load to see
whether any need adding to do_token_setup or do_parameter to improve
safety there:

  * dev->setup_index < 0
     - This test is not needed because setup_index is explicitly set to
0 in do_token_setup and do_parameter.

  * dev->setup_len < 0
     - In both do_token_setup and do_parameter, the value of setup_len
is computed by (s->setup_buf[7] << 8) | s->setup_buf[6]. Since
s->setup_buf is a byte array and setup_len is an int32_t, it's
impossible for this arithmetic to set setup_len's top bit, so it can
never be negative.

  * dev->setup_index > dev->setup_len
     - Since setup_index is 0, this is equivalent to the previous test,
so is redundant.

  * dev->setup_len > sizeof(dev->data_buf)
     - This condition is already explicitly checked in both
do_token_setup and do_parameter.

Hence there is no need to bolster the existing checks in do_token_setup
or do_parameter, and we can safely remove these checks from
usb_device_post_load without reducing safety but allowing migrations to
proceed regardless of what USB packets have been generated by the guest.
Signed-off-by: NJonathan Davies <jonathan.davies@nutanix.com>
Message-Id: <20190107175117.23769-1-jonathan.davies@nutanix.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      f3081539
    • P
      Merge remote-tracking branch 'remotes/rth/tags/pull-axp-20190108' into staging · 625fa8de
      Peter Maydell 提交于 
      Queued target/alpha patches

# gpg: Signature made Tue 08 Jan 2019 02:14:18 GMT
# gpg:                using RSA key 64DF38E8AF7E215F
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>"
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-axp-20190108:
  pc-bios: Update palcode-clipper
  target/alpha: Fix user-only initialization of fpcr
  hw/alpha/typhoon: Stop calling cpu_unassigned_access()
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      625fa8de
    • R
      pc-bios: Update palcode-clipper · ac89de40
      Richard Henderson 提交于 
      Do not double-update the PC after OPCDEC.

Fixes: https://bugs.launchpad.net/bugs/1810545Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
      ac89de40
    • R
      target/alpha: Fix user-only initialization of fpcr · 29eb5280
      Richard Henderson 提交于 
      When the representation of fpcr was changed, the user-only
initialization was not updated to match.  Oops.

Fixes: f3d3aad4
Fixes: https://bugs.launchpad.net/bugs/1701835Reported-by: NBruno Haible <bruno@clisp.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
      29eb5280
    • P
      hw/alpha/typhoon: Stop calling cpu_unassigned_access() · b7ed683a
      Peter Maydell 提交于 
      The typhoon MemoryRegionOps callbacks directly call
cpu_unassigned_access(), presumably as the old-fashioned way
to provoke a CPU exception.  This won't work since commit
6ad4d7ee when we switched Alpha over to the
transaction_failed hook API, because now cpu_unassigned_access()
is a no-op for Alpha.

Make the MemoryRegionOps callbacks use the read_with_attrs
and write_with_attrs hooks, so they can signal a failure
that should cause a CPU exception by returning MEMTX_ERROR.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Message-Id: <20181210173350.13073-1-peter.maydell@linaro.org>
Tested-by: NRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
      b7ed683a
    • P
      Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190107' into staging · c102d947
      Peter Maydell 提交于 
      target-arm queue:
 * Support u-boot 'noload' images for Arm (as used by NetBSD/evbarm GENERIC kernel)
 * hw/misc/tz-mpc: Fix value of BLK_MAX register
 * target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
 * nRF51 SoC: add timer, GPIO, RNG peripherals
 * hw/arm/allwinner-a10: Add the 'A' SRAM and the SRAM controller
 * cpus.c: Fix race condition in cpu_stop_current()
 * hw/arm: versal: Plug memory leaks
 * Allow M profile boards to run even if -kernel not specified
 * gdbstub: Add multiprocess extension support for use when the
   board has multiple CPUs of different types (like the Xilinx Zynq boards)
 * target/arm: Don't decode S bit in SVE brk[ab] merging insns
 * target/arm: Convert ARM_TBFLAG_* to FIELDs

# gpg: Signature made Mon 07 Jan 2019 16:29:52 GMT
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190107: (37 commits)
  Support u-boot noload images for arm as used by, NetBSD/evbarm GENERIC kernel.
  hw/misc/tz-mpc: Fix value of BLK_MAX register
  target/arm: Emit barriers for A32/T32 load-acquire/store-release insns
  arm: Add Clock peripheral stub to NRF51 SOC
  tests/microbit-test: Add Tests for nRF51 Timer
  arm: Instantiate NRF51 Timers
  hw/timer/nrf51_timer: Add nRF51 Timer peripheral
  tests/microbit-test: Add Tests for nRF51 GPIO
  arm: Instantiate NRF51 general purpose I/O
  hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
  arm: Instantiate NRF51 random number generator
  hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
  arm: Add header to host common definition for nRF51 SOC peripherals
  qtest: Add set_irq_in command to set IRQ/GPIO level
  hw/arm/allwinner-a10: Add the 'A' SRAM and the SRAM controller
  cpus.c: Fix race condition in cpu_stop_current()
  MAINTAINERS: Add ARM-related files for hw/[misc|input|timer]/
  hw/arm: versal: Plug memory leaks
  Revert "armv7m: Guard against no -kernel argument"
  arm/xlnx-zynqmp: put APUs and RPUs in separate CPU clusters
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      c102d947
  5. 07 1月, 2019 7 次提交