diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml index 7173749c52..d21b4a1fd4 100644 --- a/.gitlab-ci.d/buildtest.yml +++ b/.gitlab-ci.d/buildtest.yml @@ -494,7 +494,17 @@ check-gprof-gcov: IMAGE: ubuntu2004 MAKE_CHECK_ARGS: check after_script: - - ${CI_PROJECT_DIR}/scripts/ci/coverage-summary.sh + - cd build + - gcovr --xml-pretty --exclude-unreachable-branches --print-summary + -o coverage.xml --root ${CI_PROJECT_DIR} . *.p + coverage: /^\s*lines:\s*\d+.\d+\%/ + artifacts: + name: ${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHA} + expire_in: 2 days + reports: + coverage_report: + coverage_format: cobertura + path: build/coverage.xml build-oss-fuzz: extends: .native_build_job_template diff --git a/MAINTAINERS b/MAINTAINERS index be151f0024..6966490c94 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -23,7 +23,7 @@ Descriptions of section entries: W: Web-page with status/info Q: Patchwork web based patch tracking system site T: SCM tree type and location. Type is one of: git, hg, quilt, stgit. - S: Status, one of the following: + S: Status, one of the following (keep in sync with docs/devel/maintainers.rst): Supported: Someone is actually paid to look after this. Maintained: Someone actually looks after it. Odd Fixes: It has a maintainer but they don't have time to do @@ -1865,6 +1865,7 @@ F: hw/acpi/viot.h ACPI/AVOCADO/BIOSBITS M: Ani Sinha +M: Michael S. Tsirkin S: Supported F: tests/avocado/acpi-bits/* F: tests/avocado/acpi-bits.py @@ -2004,6 +2005,7 @@ F: docs/interop/vhost-user.rst F: contrib/vhost-user-*/ F: backends/vhost-user.c F: include/sysemu/vhost-user-backend.h +F: subprojects/libvhost-user/ virtio M: Michael S. Tsirkin diff --git a/VERSION b/VERSION index 7038194808..73559ba4f6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -7.1.91 +7.1.94 diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index 9ab4ab6c4f..dad4a1a705 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -661,6 +661,12 @@ static inline void cpu_handle_debug_exception(CPUState *cpu) } } +//// --- Begin LibAFL code --- + +void libafl_sync_breakpoint_cpu(void); + +//// --- End LibAFL code --- + static inline bool cpu_handle_exception(CPUState *cpu, int *ret) { //// --- Begin LibAFL code --- @@ -670,6 +676,8 @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret) if (cpu->exception_index == EXCP_LIBAFL_BP) { *ret = cpu->exception_index; cpu->exception_index = -1; + + libafl_sync_breakpoint_cpu(); return true; } diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 6f1c00682b..3bc1d05a44 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -2312,6 +2312,12 @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val, } } +//// --- Begin LibAFL code --- + +void syx_snapshot_dirty_list_add_hostaddr(void* host_addr); + +//// --- End LibAFL code --- + static inline void QEMU_ALWAYS_INLINE store_helper(CPUArchState *env, target_ulong addr, uint64_t val, MemOpIdx oi, uintptr_t retaddr, MemOp op) @@ -2389,6 +2395,12 @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val, haddr = (void *)((uintptr_t)addr + entry->addend); +//// --- Begin LibAFL code --- + + syx_snapshot_dirty_list_add_hostaddr(haddr); + +//// --- End LibAFL code --- + /* * Keep these two store_memop separate to ensure that the compiler * is able to fold the entire function to a single instruction. @@ -2413,6 +2425,13 @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val, } haddr = (void *)((uintptr_t)addr + entry->addend); + +//// --- Begin LibAFL code --- + + syx_snapshot_dirty_list_add_hostaddr(haddr); + +//// --- End LibAFL code --- + store_memop(haddr, val, op); } diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c index 64f78aa77b..0267b79da3 100644 --- a/accel/tcg/tcg-runtime.c +++ b/accel/tcg/tcg-runtime.c @@ -40,6 +40,8 @@ #include "qapi/error.h" #include "qemu/error-report.h" #include "qemu/main-loop.h" +#include "hw/core/cpu.h" +#include "sysemu/hw_accel.h" #include #include @@ -129,28 +131,47 @@ void libafl_load_qemu_snapshot(char *name, bool sync) int libafl_qemu_break_asap = 0; CPUState* libafl_breakpoint_cpu; +vaddr libafl_breakpoint_pc; + +#ifdef TARGET_ARM +#define THUMB_MASK(value) (value | libafl_breakpoint_cpu->env_ptr->thumb) +#else +#define THUMB_MASK(value) value +#endif void libafl_qemu_trigger_breakpoint(CPUState* cpu); +void libafl_sync_breakpoint_cpu(void); + +void libafl_sync_breakpoint_cpu(void) +{ + if (libafl_breakpoint_pc) { + CPUClass* cc = CPU_GET_CLASS(libafl_breakpoint_cpu); + cc->set_pc(libafl_breakpoint_cpu, THUMB_MASK(libafl_breakpoint_pc)); + } + libafl_breakpoint_pc = 0; +} + void libafl_qemu_trigger_breakpoint(CPUState* cpu) { + libafl_breakpoint_cpu = cpu; #ifndef CONFIG_USER_ONLY - libafl_breakpoint_cpu = cpu; - cpu->stopped = true; qemu_system_debug_request(); -#else + cpu->stopped = true; +#endif if (cpu->running) { cpu->exception_index = EXCP_LIBAFL_BP; cpu_loop_exit(cpu); } else { libafl_qemu_break_asap = 1; } -#endif } -void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env) +void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env, target_ulong pc) { - libafl_qemu_trigger_breakpoint(env_cpu(env)); + CPUState* cpu = env_cpu(env); + libafl_breakpoint_pc = pc; + libafl_qemu_trigger_breakpoint(cpu); } //// --- End LibAFL code --- diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h index 20eda6f1ec..14605327c5 100644 --- a/accel/tcg/tcg-runtime.h +++ b/accel/tcg/tcg-runtime.h @@ -288,6 +288,7 @@ DEF_HELPER_FLAGS_5(gvec_bitsel, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) //// --- Begin LibAFL code --- -DEF_HELPER_FLAGS_1(libafl_qemu_handle_breakpoint, TCG_CALL_NO_RWG, void, env) +DEF_HELPER_FLAGS_2(libafl_qemu_handle_breakpoint, TCG_CALL_NO_RWG, + void, env, tl) //// --- End LibAFL code --- diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c index 3cfed44f38..9494245bfc 100644 --- a/accel/tcg/translator.c +++ b/accel/tcg/translator.c @@ -145,7 +145,13 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns, struct libafl_breakpoint* bp = libafl_qemu_breakpoints; while (bp) { if (bp->addr == db->pc_next) { - gen_helper_libafl_qemu_handle_breakpoint(cpu_env); + TCGv tmp0 = tcg_const_tl(db->pc_next); + gen_helper_libafl_qemu_handle_breakpoint(cpu_env, tmp0); +#if TARGET_LONG_BITS == 32 + tcg_temp_free_i32(tmp0); +#else + tcg_temp_free_i64(tmp0); +#endif } bp = bp->next; } diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c index bc13e466b4..572f87b3be 100644 --- a/backends/cryptodev-vhost.c +++ b/backends/cryptodev-vhost.c @@ -94,7 +94,7 @@ cryptodev_vhost_start_one(CryptoDevBackendVhost *crypto, goto fail_notifiers; } - r = vhost_dev_start(&crypto->dev, dev); + r = vhost_dev_start(&crypto->dev, dev, false); if (r < 0) { goto fail_start; } @@ -111,7 +111,7 @@ static void cryptodev_vhost_stop_one(CryptoDevBackendVhost *crypto, VirtIODevice *dev) { - vhost_dev_stop(&crypto->dev, dev); + vhost_dev_stop(&crypto->dev, dev, false); vhost_dev_disable_notifiers(&crypto->dev, dev); } diff --git a/backends/vhost-user.c b/backends/vhost-user.c index 5dedb2d987..7bfcaef976 100644 --- a/backends/vhost-user.c +++ b/backends/vhost-user.c @@ -85,7 +85,7 @@ vhost_user_backend_start(VhostUserBackend *b) } b->dev.acked_features = b->vdev->guest_features; - ret = vhost_dev_start(&b->dev, b->vdev); + ret = vhost_dev_start(&b->dev, b->vdev, true); if (ret < 0) { error_report("Error start vhost dev"); goto err_guest_notifiers; @@ -120,7 +120,7 @@ vhost_user_backend_stop(VhostUserBackend *b) return; } - vhost_dev_stop(&b->dev, b->vdev); + vhost_dev_stop(&b->dev, b->vdev, true); if (k->set_guest_notifiers) { ret = k->set_guest_notifiers(qbus->parent, diff --git a/block/block-backend.c b/block/block-backend.c index b48c91f4e1..d98a96ff37 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -2576,14 +2576,25 @@ static void blk_root_drained_end(BdrvChild *child, int *drained_end_counter) bool blk_register_buf(BlockBackend *blk, void *host, size_t size, Error **errp) { + BlockDriverState *bs = blk_bs(blk); + GLOBAL_STATE_CODE(); - return bdrv_register_buf(blk_bs(blk), host, size, errp); + + if (bs) { + return bdrv_register_buf(bs, host, size, errp); + } + return true; } void blk_unregister_buf(BlockBackend *blk, void *host, size_t size) { + BlockDriverState *bs = blk_bs(blk); + GLOBAL_STATE_CODE(); - bdrv_unregister_buf(blk_bs(blk), host, size); + + if (bs) { + bdrv_unregister_buf(bs, host, size); + } } int coroutine_fn blk_co_copy_range(BlockBackend *blk_in, int64_t off_in, diff --git a/configure b/configure index 948b41daf0..2d5c3f2e69 100755 --- a/configure +++ b/configure @@ -1807,7 +1807,7 @@ fi # functions to probe cross compilers container="no" -if test $use_containers = "yes"; then +if test $use_containers = "yes" && (has "docker" || has "podman"); then case $($python "$source_path"/tests/docker/docker.py probe) in *docker) container=docker ;; podman) container=podman ;; diff --git a/cpu.c b/cpu.c index 811ba4c696..22373826ab 100644 --- a/cpu.c +++ b/cpu.c @@ -98,6 +98,8 @@ void libafl_flush_jit(void); extern CPUState* libafl_breakpoint_cpu; +extern int libafl_restoring_devices; + /* void* libafl_qemu_g2h(CPUState *cpu, target_ulong x); target_ulong libafl_qemu_h2g(CPUState *cpu, void* x); @@ -348,7 +350,15 @@ static int cpu_common_post_load(void *opaque, int version_id) * memory we've translated code from. So we must flush all TBs, * which will now be stale. */ - tb_flush(cpu); + //tb_flush(cpu); + +//// --- Begin LibAFL code --- + + // flushing the TBs every restore makes it really slow + // TODO handle writes to X code with specific calls to tb_invalidate_phys_addr + if (!libafl_restoring_devices) tb_flush(cpu); + +//// --- End LibAFL code --- return 0; } @@ -610,6 +620,7 @@ void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs) void libafl_breakpoint_invalidate(CPUState *cpu, target_ulong pc) { + // TODO invalidate only the virtual pages related to the TB tb_flush(cpu); } diff --git a/docs/devel/code-of-conduct.rst b/docs/devel/code-of-conduct.rst index 195444d1b4..f734ed0317 100644 --- a/docs/devel/code-of-conduct.rst +++ b/docs/devel/code-of-conduct.rst @@ -1,3 +1,5 @@ +.. _code_of_conduct: + Code of Conduct =============== diff --git a/docs/devel/index-process.rst b/docs/devel/index-process.rst index d0d7a200fd..d50dd74c3e 100644 --- a/docs/devel/index-process.rst +++ b/docs/devel/index-process.rst @@ -8,6 +8,7 @@ Notes about how to interact with the community and how and where to submit patch code-of-conduct conflict-resolution + maintainers style submitting-a-patch trivial-patches diff --git a/docs/devel/maintainers.rst b/docs/devel/maintainers.rst new file mode 100644 index 0000000000..5c907d901c --- /dev/null +++ b/docs/devel/maintainers.rst @@ -0,0 +1,107 @@ +.. _maintainers: + +The Role of Maintainers +======================= + +Maintainers are a critical part of the project's contributor ecosystem. +They come from a wide range of backgrounds from unpaid hobbyists +working in their spare time to employees who work on the project as +part of their job. Maintainer activities include: + + - reviewing patches and suggesting changes + - collecting patches and preparing pull requests + - tending to the long term health of their area + - participating in other project activities + +They are also human and subject to the same pressures as everyone else +including overload and burnout. Like everyone else they are subject +to project's :ref:`code_of_conduct` and should also be exemplars of +excellent community collaborators. + +The MAINTAINERS file +-------------------- + +The `MAINTAINERS +`__ +file contains the canonical list of who is a maintainer. The file +is machine readable so an appropriately configured git (see +:ref:`cc_the_relevant_maintainer`) can automatically Cc them on +patches that touch their area of code. + +The file also describes the status of the area of code to give an idea +of how actively that section is maintained. + +.. list-table:: Meaning of support status in MAINTAINERS + :widths: 25 75 + :header-rows: 1 + + * - Status + - Meaning + * - Supported + - Someone is actually paid to look after this. + * - Maintained + - Someone actually looks after it. + * - Odd Fixes + - It has a maintainer but they don't have time to do + much other than throw the odd patch in. + * - Orphan + - No current maintainer. + * - Obsolete + - Old obsolete code, should use something else. + +Please bear in mind that even if someone is paid to support something +it does not mean they are paid to support you. This is open source and +the code comes with no warranty and the project makes no guarantees +about dealing with bugs or features requests. + + + +Becoming a reviewer +------------------- + +Most maintainers start by becoming subsystem reviewers. While anyone +is welcome to review code on the mailing list getting added to the +MAINTAINERS file with a line like:: + + R: Random Hacker + +marks you as a 'designated reviewer' - expected to provide regular +spontaneous feedback. This will ensure that patches touching a given +subsystem will automatically be CC'd to you. + +Becoming a maintainer +--------------------- + +Maintainers are volunteers who put themselves forward or have been +asked by others to keep an eye on an area of code. They have generally +demonstrated to the community, usually via contributions and code +reviews, that they have a good understanding of the subsystem. They +are also trusted to make a positive contribution to the project and +work well with the other contributors. + +The process is simple - simply send a patch to the list that updates +the ``MAINTAINERS`` file. Sometimes this is done as part of a larger +series when a new sub-system is being added to the code base. This can +also be done by a retiring maintainer who nominates their replacement +after discussion with other contributors. + +Once the patch is reviewed and merged the only other step is to make +sure your GPG key is signed. + +.. _maintainer_keys: + +Maintainer GPG Keys +~~~~~~~~~~~~~~~~~~~ + +GPG is used to sign pull requests so they can be identified as really +coming from the maintainer. If your key is not already signed by +members of the QEMU community, you should make arrangements to attend +a `KeySigningParty `__ (for +example at KVM Forum) or make alternative arrangements to have your +key signed by an attendee. Key signing requires meeting another +community member **in person** [#]_ so please make appropriate +arrangements. + +.. [#] In recent pandemic times we have had to exercise some + flexibility here. Maintainers still need to sign their pull + requests though. diff --git a/docs/devel/submitting-a-patch.rst b/docs/devel/submitting-a-patch.rst index fec33ce148..c641d948f1 100644 --- a/docs/devel/submitting-a-patch.rst +++ b/docs/devel/submitting-a-patch.rst @@ -3,34 +3,27 @@ Submitting a Patch ================== -QEMU welcomes contributions of code (either fixing bugs or adding new -functionality). However, we get a lot of patches, and so we have some -guidelines about submitting patches. If you follow these, you'll help -make our task of code review easier and your patch is likely to be -committed faster. +QEMU welcomes contributions to fix bugs, add functionality or improve +the documentation. However, we get a lot of patches, and so we have +some guidelines about submitting them. If you follow these, you'll +help make our task of contribution review easier and your change is +likely to be accepted and committed faster. This page seems very long, so if you are only trying to post a quick one-shot fix, the bare minimum we ask is that: -- You **must** provide a Signed-off-by: line (this is a hard - requirement because it's how you say "I'm legally okay to contribute - this and happy for it to go into QEMU", modeled after the `Linux kernel - `__ - policy.) ``git commit -s`` or ``git format-patch -s`` will add one. -- All contributions to QEMU must be **sent as patches** to the - qemu-devel `mailing list `__. - Patch contributions should not be posted on the bug tracker, posted on - forums, or externally hosted and linked to. (We have other mailing lists too, - but all patches must go to qemu-devel, possibly with a Cc: to another - list.) ``git send-email`` (`step-by-step setup - guide `__ and `hints and - tips `__) - works best for delivering the patch without mangling it, but - attachments can be used as a last resort on a first-time submission. -- You must read replies to your message, and be willing to act on them. - Note, however, that maintainers are often willing to manually fix up - first-time contributions, since there is a learning curve involved in - making an ideal patch submission. +.. list-table:: Minimal Checklist for Patches + :widths: 35 65 + :header-rows: 1 + + * - Check + - Reason + * - Patches contain Signed-off-by: Real Name + - States you are legally able to contribute the code. See :ref:`patch_emails_must_include_a_signed_off_by_line` + * - Sent as patch emails to ``qemu-devel@nongnu.org`` + - The project uses an email list based workflow. See :ref:`submitting_your_patches` + * - Be prepared to respond to review comments + - Code that doesn't pass review will not get merged. See :ref:`participating_in_code_review` You do not have to subscribe to post (list policy is to reply-to-all to preserve CCs and keep non-subscribers in the loop on the threads they @@ -229,6 +222,19 @@ bisection doesn't land on a known-broken state. Submitting your Patches ----------------------- +The QEMU project uses a public email based workflow for reviewing and +merging patches. As a result all contributions to QEMU must be **sent +as patches** to the qemu-devel `mailing list +`__. Patch +contributions should not be posted on the bug tracker, posted on +forums, or externally hosted and linked to. (We have other mailing +lists too, but all patches must go to qemu-devel, possibly with a Cc: +to another list.) ``git send-email`` (`step-by-step setup guide +`__ and `hints and tips +`__) +works best for delivering the patch without mangling it, but +attachments can be used as a last resort on a first-time submission. + .. _if_you_cannot_send_patch_emails: If you cannot send patch emails @@ -314,10 +320,12 @@ git repository to fetch the original commit. Patch emails must include a ``Signed-off-by:`` line ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -For more information see `SubmittingPatches 1.12 -`__. -This is vital or we will not be able to apply your patch! Please use -your real name to sign a patch (not an alias or acronym). +Your patches **must** include a Signed-off-by: line. This is a hard +requirement because it's how you say "I'm legally okay to contribute +this and happy for it to go into QEMU". The process is modelled after +the `Linux kernel +`__ +policy. If you wrote the patch, make sure your "From:" and "Signed-off-by:" lines use the same spelling. It's okay if you subscribe or contribute to @@ -327,6 +335,11 @@ include a "From:" line in the body of the email (different from your envelope From:) that will give credit to the correct author; but again, that author's Signed-off-by: line is mandatory, with the same spelling. +There are various tooling options for automatically adding these tags +include using ``git commit -s`` or ``git format-patch -s``. For more +information see `SubmittingPatches 1.12 +`__. + .. _include_a_meaningful_cover_letter: Include a meaningful cover letter @@ -397,9 +410,19 @@ Participating in Code Review ---------------------------- All patches submitted to the QEMU project go through a code review -process before they are accepted. Some areas of code that are well -maintained may review patches quickly, lesser-loved areas of code may -have a longer delay. +process before they are accepted. This will often mean a series will +go through a number of iterations before being picked up by +:ref:`maintainers`. You therefore should be prepared to +read replies to your messages and be willing to act on them. + +Maintainers are often willing to manually fix up first-time +contributions, since there is a learning curve involved in making an +ideal patch submission. However for the best results you should +proactively respond to suggestions with changes or justifications for +your current approach. + +Some areas of code that are well maintained may review patches +quickly, lesser-loved areas of code may have a longer delay. .. _stay_around_to_fix_problems_raised_in_code_review: @@ -411,14 +434,20 @@ developers will identify bugs, or suggest a cleaner approach, or even just point out code style issues or commit message typos. You'll need to respond to these, and then send a second version of your patches with the issues fixed. This takes a little time and effort on your part, but -if you don't do it then your changes will never get into QEMU. It's also -just polite -- it is quite disheartening for a developer to spend time -reviewing your code and suggesting improvements, only to find that -you're not going to do anything further and it was all wasted effort. +if you don't do it then your changes will never get into QEMU. + +Remember that a maintainer is under no obligation to take your +patches. If someone has spent the time reviewing your code and +suggesting improvements and you simply re-post without either +addressing the comment directly or providing additional justification +for the change then it becomes wasted effort. You cannot demand others +merge and then fix up your code after the fact. When replying to comments on your patches **reply to all and not just the sender** -- keeping discussion on the mailing list means everybody -can follow it. +can follow it. Remember the spirit of the :ref:`code_of_conduct` and +keep discussions respectful and collaborative and avoid making +personal comments. .. _pay_attention_to_review_comments: diff --git a/docs/devel/submitting-a-pull-request.rst b/docs/devel/submitting-a-pull-request.rst index c9d1e8afd9..a4cd7ebbb6 100644 --- a/docs/devel/submitting-a-pull-request.rst +++ b/docs/devel/submitting-a-pull-request.rst @@ -53,14 +53,10 @@ series) and that "make check" passes before sending out the pull request. As a submaintainer you're one of QEMU's lines of defense against bad code, so double check the details. -**All pull requests must be signed**. If your key is not already signed -by members of the QEMU community, you should make arrangements to attend -a `KeySigningParty `__ (for -example at KVM Forum) or make alternative arrangements to have your key -signed by an attendee. Key signing requires meeting another community -member \*in person\* so please make appropriate arrangements. By -"signed" here we mean that the pullreq email should quote a tag which is -a GPG-signed tag (as created with 'gpg tag -s ...'). +**All pull requests must be signed**. By "signed" here we mean that +the pullreq email should quote a tag which is a GPG-signed tag (as +created with 'gpg tag -s ...'). See :ref:`maintainer_keys` for +details. **Pull requests not for master should say "not for master" and have "PULL SUBSYSTEM whatever" in the subject tag**. If your pull request is diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c index f38117057b..b9ed231fe8 100644 --- a/hw/audio/intel-hda.c +++ b/hw/audio/intel-hda.c @@ -220,8 +220,6 @@ struct IntelHDAReg { void (*rhandler)(IntelHDAState *d, const IntelHDAReg *reg); }; -static void intel_hda_reset(DeviceState *dev); - /* --------------------------------------------------------------------- */ static hwaddr intel_hda_addr(uint32_t lbase, uint32_t ubase) @@ -516,7 +514,7 @@ static void intel_hda_notify_codecs(IntelHDAState *d, uint32_t stream, bool runn static void intel_hda_set_g_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint32_t old) { if ((d->g_ctl & ICH6_GCTL_RESET) == 0) { - intel_hda_reset(DEVICE(d)); + device_cold_reset(DEVICE(d)); } } @@ -1083,11 +1081,9 @@ static void intel_hda_reset(DeviceState *dev) intel_hda_regs_reset(d); d->wall_base_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); - /* reset codecs */ QTAILQ_FOREACH(kid, &d->codecs.qbus.children, sibling) { DeviceState *qdev = kid->child; cdev = HDA_CODEC_DEVICE(qdev); - device_legacy_reset(DEVICE(cdev)); d->state_sts |= (1 << cdev->cad); } intel_hda_update_irq(d); diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c index 16ad400889..aff4d2b8cb 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -52,6 +52,7 @@ static const int user_feature_bits[] = { VIRTIO_F_NOTIFY_ON_EMPTY, VIRTIO_F_RING_PACKED, VIRTIO_F_IOMMU_PLATFORM, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; @@ -177,7 +178,7 @@ static int vhost_user_blk_start(VirtIODevice *vdev, Error **errp) } s->dev.vq_index_end = s->dev.nvqs; - ret = vhost_dev_start(&s->dev, vdev); + ret = vhost_dev_start(&s->dev, vdev, true); if (ret < 0) { error_setg_errno(errp, -ret, "Error starting vhost"); goto err_guest_notifiers; @@ -212,7 +213,7 @@ static void vhost_user_blk_stop(VirtIODevice *vdev) return; } - vhost_dev_stop(&s->dev, vdev); + vhost_dev_stop(&s->dev, vdev, true); ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, false); if (ret < 0) { @@ -368,17 +369,10 @@ static void vhost_user_blk_disconnect(DeviceState *dev) vhost_user_blk_stop(vdev); vhost_dev_cleanup(&s->dev); -} -static void vhost_user_blk_chr_closed_bh(void *opaque) -{ - DeviceState *dev = opaque; - VirtIODevice *vdev = VIRTIO_DEVICE(dev); - VHostUserBlk *s = VHOST_USER_BLK(vdev); - - vhost_user_blk_disconnect(dev); + /* Re-instate the event handler for new connections */ qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event, - NULL, opaque, NULL, true); + NULL, dev, NULL, true); } static void vhost_user_blk_event(void *opaque, QEMUChrEvent event) @@ -397,33 +391,9 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event) } break; case CHR_EVENT_CLOSED: - if (!runstate_check(RUN_STATE_SHUTDOWN)) { - /* - * A close event may happen during a read/write, but vhost - * code assumes the vhost_dev remains setup, so delay the - * stop & clear. - */ - AioContext *ctx = qemu_get_current_aio_context(); - - qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, NULL, NULL, - NULL, NULL, false); - aio_bh_schedule_oneshot(ctx, vhost_user_blk_chr_closed_bh, opaque); - - /* - * Move vhost device to the stopped state. The vhost-user device - * will be clean up and disconnected in BH. This can be useful in - * the vhost migration code. If disconnect was caught there is an - * option for the general vhost code to get the dev state without - * knowing its type (in this case vhost-user). - * - * FIXME: this is sketchy to be reaching into vhost_dev - * now because we are forcing something that implies we - * have executed vhost_dev_stop() but that won't happen - * until vhost_user_blk_stop() gets called from the bh. - * Really this state check should be tracked locally. - */ - s->dev.started = false; - } + /* defer close until later to avoid circular close */ + vhost_user_async_close(dev, &s->chardev, &s->dev, + vhost_user_blk_disconnect); break; case CHR_EVENT_BREAK: case CHR_EVENT_MUX_IN: diff --git a/hw/display/next-fb.c b/hw/display/next-fb.c index dd6a1aa8ae..8446ff3c00 100644 --- a/hw/display/next-fb.c +++ b/hw/display/next-fb.c @@ -126,7 +126,7 @@ static void nextfb_class_init(ObjectClass *oc, void *data) set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); dc->realize = nextfb_realize; - /* Note: This device does not any state that we have to reset or migrate */ + /* Note: This device does not have any state that we have to reset or migrate */ } static const TypeInfo nextfb_info = { diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c index 68bfa47568..35c38f6252 100644 --- a/hw/display/qxl-logger.c +++ b/hw/display/qxl-logger.c @@ -106,7 +106,7 @@ static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id) QXLImage *image; QXLImageDescriptor *desc; - image = qxl_phys2virt(qxl, addr, group_id); + image = qxl_phys2virt(qxl, addr, group_id, sizeof(QXLImage)); if (!image) { return 1; } @@ -214,7 +214,8 @@ int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id) cmd->u.set.position.y, cmd->u.set.visible ? "yes" : "no", cmd->u.set.shape); - cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id); + cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id, + sizeof(QXLCursor)); if (!cursor) { return 1; } @@ -236,6 +237,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) { bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT; void *data; + size_t datasz; int ret; if (!qxl->cmdlog) { @@ -247,7 +249,20 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) qxl_name(qxl_type, ext->cmd.type), compat ? "(compat)" : ""); - data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + switch (ext->cmd.type) { + case QXL_CMD_DRAW: + datasz = compat ? sizeof(QXLCompatDrawable) : sizeof(QXLDrawable); + break; + case QXL_CMD_SURFACE: + datasz = sizeof(QXLSurfaceCmd); + break; + case QXL_CMD_CURSOR: + datasz = sizeof(QXLCursorCmd); + break; + default: + goto out; + } + data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, datasz); if (!data) { return 1; } @@ -269,6 +284,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) qxl_log_cmd_cursor(qxl, data, ext->group_id); break; } +out: fprintf(stderr, "\n"); return 0; } diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c index ca217004bf..fcfd40c3ac 100644 --- a/hw/display/qxl-render.c +++ b/hw/display/qxl-render.c @@ -107,7 +107,9 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) qxl->guest_primary.resized = 0; qxl->guest_primary.data = qxl_phys2virt(qxl, qxl->guest_primary.surface.mem, - MEMSLOT_GROUP_GUEST); + MEMSLOT_GROUP_GUEST, + qxl->guest_primary.abs_stride + * height); if (!qxl->guest_primary.data) { goto end; } @@ -228,7 +230,8 @@ static void qxl_unpack_chunks(void *dest, size_t size, PCIQXLDevice *qxl, if (offset == size) { return; } - chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id); + chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id, + sizeof(QXLDataChunk) + chunk->data_size); if (!chunk) { return; } @@ -295,7 +298,8 @@ fail: /* called from spice server thread context only */ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext) { - QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, + sizeof(QXLCursorCmd)); QXLCursor *cursor; QEMUCursor *c; @@ -314,7 +318,15 @@ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext) } switch (cmd->type) { case QXL_CURSOR_SET: - cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id); + /* First read the QXLCursor to get QXLDataChunk::data_size ... */ + cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id, + sizeof(QXLCursor)); + if (!cursor) { + return 1; + } + /* Then read including the chunked data following QXLCursor. */ + cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id, + sizeof(QXLCursor) + cursor->chunk.data_size); if (!cursor) { return 1; } diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 5b10f697f1..6772849dec 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -274,7 +274,8 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay) QXL_IO_MONITORS_CONFIG_ASYNC)); } - cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST); + cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST, + sizeof(QXLMonitorsConfig)); if (cfg != NULL && cfg->count == 1) { qxl->guest_primary.resized = 1; qxl->guest_head0_width = cfg->heads[0].width; @@ -459,7 +460,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) switch (le32_to_cpu(ext->cmd.type)) { case QXL_CMD_SURFACE: { - QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, + sizeof(QXLSurfaceCmd)); if (!cmd) { return 1; @@ -494,7 +496,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) } case QXL_CMD_CURSOR: { - QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, + sizeof(QXLCursorCmd)); if (!cmd) { return 1; @@ -1381,6 +1384,7 @@ static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region); return 1; } + assert(guest_end - pci_start <= memory_region_size(mr)); virt_start = (intptr_t)memory_region_get_ram_ptr(mr); memslot.slot_id = slot_id; @@ -1421,11 +1425,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) /* can be also called from spice server thread context */ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, - uint32_t *s, uint64_t *o) + uint32_t *s, uint64_t *o, + size_t size_requested) { uint64_t phys = le64_to_cpu(pqxl); uint32_t slot = (phys >> (64 - 8)) & 0xff; uint64_t offset = phys & 0xffffffffffff; + uint64_t size_available; if (slot >= NUM_MEMSLOTS) { qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, @@ -1449,6 +1455,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, slot, offset, qxl->guest_slots[slot].size); return false; } + size_available = memory_region_size(qxl->guest_slots[slot].mr); + if (qxl->guest_slots[slot].offset + offset >= size_available) { + qxl_set_guest_bug(qxl, + "slot %d offset %"PRIu64" > region size %"PRIu64"\n", + slot, qxl->guest_slots[slot].offset + offset, + size_available); + return false; + } + size_available -= qxl->guest_slots[slot].offset + offset; + if (size_requested > size_available) { + qxl_set_guest_bug(qxl, + "slot %d offset %"PRIu64" size %zu: " + "overrun by %"PRIu64" bytes\n", + slot, offset, size_requested, + size_requested - size_available); + return false; + } *s = slot; *o = offset; @@ -1456,7 +1479,8 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, } /* can be also called from spice server thread context */ -void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) +void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id, + size_t size) { uint64_t offset; uint32_t slot; @@ -1467,7 +1491,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) offset = le64_to_cpu(pqxl) & 0xffffffffffff; return (void *)(intptr_t)offset; case MEMSLOT_GROUP_GUEST: - if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { + if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) { return NULL; } ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr); @@ -1933,9 +1957,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, uint32_t slot; bool rc; - rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset); - assert(rc == true); size = (uint64_t)height * abs(stride); + rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size); + assert(rc == true); trace_qxl_surfaces_dirty(qxl->id, offset, size); qxl_set_dirty(qxl->guest_slots[slot].mr, qxl->guest_slots[slot].offset + offset, @@ -1964,7 +1988,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) } cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i], - MEMSLOT_GROUP_GUEST); + MEMSLOT_GROUP_GUEST, sizeof(QXLSurfaceCmd)); assert(cmd); assert(cmd->type == QXL_SURFACE_CMD_CREATE); qxl_dirty_one_surface(qxl, cmd->u.surface_create.data, diff --git a/hw/display/qxl.h b/hw/display/qxl.h index e74de9579d..7894bd5134 100644 --- a/hw/display/qxl.h +++ b/hw/display/qxl.h @@ -147,7 +147,28 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL) #define QXL_DEFAULT_REVISION (QXL_REVISION_STABLE_V12 + 1) /* qxl.c */ -void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id); +/** + * qxl_phys2virt: Get a pointer within a PCI VRAM memory region. + * + * @qxl: QXL device + * @phys: physical offset of buffer within the VRAM + * @group_id: memory slot group + * @size: size of the buffer + * + * Returns a host pointer to a buffer placed at offset @phys within the + * active slot @group_id of the PCI VGA RAM memory region associated with + * the @qxl device. If the slot is inactive, or the offset + size are out + * of the memory region, returns NULL. + * + * Use with care; by the time this function returns, the returned pointer is + * not protected by RCU anymore. If the caller is not within an RCU critical + * section and does not hold the iothread lock, it must have other means of + * protecting the pointer, such as a reference to the region that includes + * the incoming ram_addr_t. + * + */ +void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id, + size_t size); void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...) G_GNUC_PRINTF(2, 3); diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c index 0b0a83e080..6c44cc9767 100644 --- a/hw/isa/lpc_ich9.c +++ b/hw/isa/lpc_ich9.c @@ -813,12 +813,13 @@ static void build_ich9_isa_aml(AcpiDevAmlIf *adev, Aml *scope) BusChild *kid; ICH9LPCState *s = ICH9_LPC_DEVICE(adev); BusState *bus = BUS(s->isa_bus); + Aml *sb_scope = aml_scope("\\_SB"); /* ICH9 PCI to ISA irq remapping */ aml_append(scope, aml_operation_region("PIRQ", AML_PCI_CONFIG, aml_int(0x60), 0x0C)); /* Fields declarion has to happen *after* operation region */ - field = aml_field("PIRQ", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE); + field = aml_field("PCI0.SF8.PIRQ", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE); aml_append(field, aml_named_field("PRQA", 8)); aml_append(field, aml_named_field("PRQB", 8)); aml_append(field, aml_named_field("PRQC", 8)); @@ -828,17 +829,8 @@ static void build_ich9_isa_aml(AcpiDevAmlIf *adev, Aml *scope) aml_append(field, aml_named_field("PRQF", 8)); aml_append(field, aml_named_field("PRQG", 8)); aml_append(field, aml_named_field("PRQH", 8)); - aml_append(scope, field); - - /* hack: put fields into _SB scope for LNKx to find them */ - aml_append(scope, aml_alias("PRQA", "\\_SB.PRQA")); - aml_append(scope, aml_alias("PRQB", "\\_SB.PRQB")); - aml_append(scope, aml_alias("PRQC", "\\_SB.PRQC")); - aml_append(scope, aml_alias("PRQD", "\\_SB.PRQD")); - aml_append(scope, aml_alias("PRQE", "\\_SB.PRQE")); - aml_append(scope, aml_alias("PRQF", "\\_SB.PRQF")); - aml_append(scope, aml_alias("PRQG", "\\_SB.PRQG")); - aml_append(scope, aml_alias("PRQH", "\\_SB.PRQH")); + aml_append(sb_scope, field); + aml_append(scope, sb_scope); QTAILQ_FOREACH(kid, &bus->children, sibling) { call_dev_aml_func(DEVICE(kid->child), scope); diff --git a/hw/isa/piix3.c b/hw/isa/piix3.c index f9b4af5c05..eabad7ba58 100644 --- a/hw/isa/piix3.c +++ b/hw/isa/piix3.c @@ -318,24 +318,20 @@ static void build_pci_isa_aml(AcpiDevAmlIf *adev, Aml *scope) { Aml *field; BusChild *kid; + Aml *sb_scope = aml_scope("\\_SB"); BusState *bus = qdev_get_child_bus(DEVICE(adev), "isa.0"); /* PIIX PCI to ISA irq remapping */ aml_append(scope, aml_operation_region("P40C", AML_PCI_CONFIG, aml_int(0x60), 0x04)); /* Fields declarion has to happen *after* operation region */ - field = aml_field("P40C", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE); + field = aml_field("PCI0.S08.P40C", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE); aml_append(field, aml_named_field("PRQ0", 8)); aml_append(field, aml_named_field("PRQ1", 8)); aml_append(field, aml_named_field("PRQ2", 8)); aml_append(field, aml_named_field("PRQ3", 8)); - aml_append(scope, field); - - /* hack: put fields into _SB scope for LNKx to find them */ - aml_append(scope, aml_alias("PRQ0", "\\_SB.PRQ0")); - aml_append(scope, aml_alias("PRQ1", "\\_SB.PRQ1")); - aml_append(scope, aml_alias("PRQ2", "\\_SB.PRQ2")); - aml_append(scope, aml_alias("PRQ3", "\\_SB.PRQ3")); + aml_append(sb_scope, field); + aml_append(scope, sb_scope); QTAILQ_FOREACH(kid, &bus->children, sibling) { call_dev_aml_func(DEVICE(kid->child), scope); diff --git a/hw/loongarch/acpi-build.c b/hw/loongarch/acpi-build.c index 68dfb9f88a..7d5f5a757d 100644 --- a/hw/loongarch/acpi-build.c +++ b/hw/loongarch/acpi-build.c @@ -226,7 +226,8 @@ static void build_uart_device_aml(Aml *table) aml_append(crs, aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED, AML_NON_CACHEABLE, AML_READ_WRITE, - 0, 0x1FE001E0, 0x1FE001E7, 0, 0x8)); + 0, VIRT_UART_BASE, VIRT_UART_BASE + VIRT_UART_SIZE - 1, + 0, VIRT_UART_SIZE)); aml_append(crs, aml_interrupt(AML_CONSUMER, AML_LEVEL, AML_ACTIVE_HIGH, AML_SHARED, &uart_irq, 1)); aml_append(dev, aml_name_decl("_CRS", crs)); diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c index 5136940b0b..958be74fa1 100644 --- a/hw/loongarch/virt.c +++ b/hw/loongarch/virt.c @@ -53,7 +53,7 @@ static void fdt_add_rtc_node(LoongArchMachineState *lams) nodename = g_strdup_printf("/rtc@%" PRIx64, base); qemu_fdt_add_subnode(ms->fdt, nodename); qemu_fdt_setprop_string(ms->fdt, nodename, "compatible", "loongson,ls7a-rtc"); - qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg", 0x0, base, size); + qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg", 2, base, 2, size); g_free(nodename); } @@ -69,6 +69,7 @@ static void fdt_add_uart_node(LoongArchMachineState *lams) qemu_fdt_setprop_string(ms->fdt, nodename, "compatible", "ns16550a"); qemu_fdt_setprop_cells(ms->fdt, nodename, "reg", 0x0, base, 0x0, size); qemu_fdt_setprop_cell(ms->fdt, nodename, "clock-frequency", 100000000); + qemu_fdt_setprop_string(ms->fdt, "/chosen", "stdout-path", nodename); g_free(nodename); } @@ -87,6 +88,7 @@ static void create_fdt(LoongArchMachineState *lams) "linux,dummy-loongson3"); qemu_fdt_setprop_cell(ms->fdt, "/", "#address-cells", 0x2); qemu_fdt_setprop_cell(ms->fdt, "/", "#size-cells", 0x2); + qemu_fdt_add_subnode(ms->fdt, "/chosen"); } static void fdt_add_cpu_nodes(const LoongArchMachineState *lams) diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c index feda448878..043058ff43 100644 --- a/hw/net/vhost_net.c +++ b/hw/net/vhost_net.c @@ -75,6 +75,7 @@ static const int user_feature_bits[] = { VIRTIO_NET_F_MTU, VIRTIO_F_IOMMU_PLATFORM, VIRTIO_F_RING_PACKED, + VIRTIO_F_RING_RESET, VIRTIO_NET_F_RSS, VIRTIO_NET_F_HASH_REPORT, @@ -258,7 +259,7 @@ static int vhost_net_start_one(struct vhost_net *net, goto fail_notifiers; } - r = vhost_dev_start(&net->dev, dev); + r = vhost_dev_start(&net->dev, dev, false); if (r < 0) { goto fail_start; } @@ -307,7 +308,7 @@ fail: if (net->nc->info->poll) { net->nc->info->poll(net->nc, true); } - vhost_dev_stop(&net->dev, dev); + vhost_dev_stop(&net->dev, dev, false); fail_start: vhost_dev_disable_notifiers(&net->dev, dev); fail_notifiers: @@ -328,7 +329,7 @@ static void vhost_net_stop_one(struct vhost_net *net, if (net->nc->info->poll) { net->nc->info->poll(net->nc, true); } - vhost_dev_stop(&net->dev, dev); + vhost_dev_stop(&net->dev, dev, false); if (net->nc->info->stop) { net->nc->info->stop(net->nc); } @@ -605,7 +606,7 @@ err_start: assert(r >= 0); } - vhost_dev_stop(&net->dev, vdev); + vhost_dev_stop(&net->dev, vdev, false); return r; } diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index ac3885ce50..e54276dc1d 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -2329,7 +2329,6 @@ typedef struct NvmeDSMAIOCB { BlockAIOCB common; BlockAIOCB *aiocb; NvmeRequest *req; - QEMUBH *bh; int ret; NvmeDsmRange *range; @@ -2351,7 +2350,7 @@ static void nvme_dsm_cancel(BlockAIOCB *aiocb) } else { /* * We only reach this if nvme_dsm_cancel() has already been called or - * the command ran to completion and nvme_dsm_bh is scheduled to run. + * the command ran to completion. */ assert(iocb->idx == iocb->nr); } @@ -2362,17 +2361,6 @@ static const AIOCBInfo nvme_dsm_aiocb_info = { .cancel_async = nvme_dsm_cancel, }; -static void nvme_dsm_bh(void *opaque) -{ - NvmeDSMAIOCB *iocb = opaque; - - iocb->common.cb(iocb->common.opaque, iocb->ret); - - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; - qemu_aio_unref(iocb); -} - static void nvme_dsm_cb(void *opaque, int ret); static void nvme_dsm_md_cb(void *opaque, int ret) @@ -2384,16 +2372,10 @@ static void nvme_dsm_md_cb(void *opaque, int ret) uint64_t slba; uint32_t nlb; - if (ret < 0) { - iocb->ret = ret; + if (ret < 0 || iocb->ret < 0 || !ns->lbaf.ms) { goto done; } - if (!ns->lbaf.ms) { - nvme_dsm_cb(iocb, 0); - return; - } - range = &iocb->range[iocb->idx - 1]; slba = le64_to_cpu(range->slba); nlb = le32_to_cpu(range->nlb); @@ -2406,7 +2388,6 @@ static void nvme_dsm_md_cb(void *opaque, int ret) ret = nvme_block_status_all(ns, slba, nlb, BDRV_BLOCK_ZERO); if (ret) { if (ret < 0) { - iocb->ret = ret; goto done; } @@ -2420,8 +2401,7 @@ static void nvme_dsm_md_cb(void *opaque, int ret) return; done: - iocb->aiocb = NULL; - qemu_bh_schedule(iocb->bh); + nvme_dsm_cb(iocb, ret); } static void nvme_dsm_cb(void *opaque, int ret) @@ -2434,7 +2414,9 @@ static void nvme_dsm_cb(void *opaque, int ret) uint64_t slba; uint32_t nlb; - if (ret < 0) { + if (iocb->ret < 0) { + goto done; + } else if (ret < 0) { iocb->ret = ret; goto done; } @@ -2468,7 +2450,8 @@ next: done: iocb->aiocb = NULL; - qemu_bh_schedule(iocb->bh); + iocb->common.cb(iocb->common.opaque, iocb->ret); + qemu_aio_unref(iocb); } static uint16_t nvme_dsm(NvmeCtrl *n, NvmeRequest *req) @@ -2486,7 +2469,6 @@ static uint16_t nvme_dsm(NvmeCtrl *n, NvmeRequest *req) nvme_misc_cb, req); iocb->req = req; - iocb->bh = qemu_bh_new(nvme_dsm_bh, iocb); iocb->ret = 0; iocb->range = g_new(NvmeDsmRange, nr); iocb->nr = nr; @@ -2570,7 +2552,6 @@ typedef struct NvmeCopyAIOCB { BlockAIOCB common; BlockAIOCB *aiocb; NvmeRequest *req; - QEMUBH *bh; int ret; void *ranges; @@ -2608,9 +2589,8 @@ static const AIOCBInfo nvme_copy_aiocb_info = { .cancel_async = nvme_copy_cancel, }; -static void nvme_copy_bh(void *opaque) +static void nvme_copy_done(NvmeCopyAIOCB *iocb) { - NvmeCopyAIOCB *iocb = opaque; NvmeRequest *req = iocb->req; NvmeNamespace *ns = req->ns; BlockAcctStats *stats = blk_get_stats(ns->blkconf.blk); @@ -2622,9 +2602,6 @@ static void nvme_copy_bh(void *opaque) qemu_iovec_destroy(&iocb->iov); g_free(iocb->bounce); - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; - if (iocb->ret < 0) { block_acct_failed(stats, &iocb->acct.read); block_acct_failed(stats, &iocb->acct.write); @@ -2637,7 +2614,7 @@ static void nvme_copy_bh(void *opaque) qemu_aio_unref(iocb); } -static void nvme_copy_cb(void *opaque, int ret); +static void nvme_do_copy(NvmeCopyAIOCB *iocb); static void nvme_copy_source_range_parse_format0(void *ranges, int idx, uint64_t *slba, uint32_t *nlb, @@ -2749,7 +2726,7 @@ static void nvme_copy_out_completed_cb(void *opaque, int ret) iocb->idx++; iocb->slba += nlb; out: - nvme_copy_cb(iocb, iocb->ret); + nvme_do_copy(iocb); } static void nvme_copy_out_cb(void *opaque, int ret) @@ -2761,16 +2738,8 @@ static void nvme_copy_out_cb(void *opaque, int ret) size_t mlen; uint8_t *mbounce; - if (ret < 0) { - iocb->ret = ret; + if (ret < 0 || iocb->ret < 0 || !ns->lbaf.ms) { goto out; - } else if (iocb->ret < 0) { - goto out; - } - - if (!ns->lbaf.ms) { - nvme_copy_out_completed_cb(iocb, 0); - return; } nvme_copy_source_range_parse(iocb->ranges, iocb->idx, iocb->format, NULL, @@ -2789,7 +2758,7 @@ static void nvme_copy_out_cb(void *opaque, int ret) return; out: - nvme_copy_cb(iocb, ret); + nvme_copy_out_completed_cb(iocb, ret); } static void nvme_copy_in_completed_cb(void *opaque, int ret) @@ -2883,15 +2852,9 @@ static void nvme_copy_in_completed_cb(void *opaque, int ret) invalid: req->status = status; - iocb->aiocb = NULL; - if (iocb->bh) { - qemu_bh_schedule(iocb->bh); - } - - return; - + iocb->ret = -1; out: - nvme_copy_cb(iocb, ret); + nvme_do_copy(iocb); } static void nvme_copy_in_cb(void *opaque, int ret) @@ -2902,16 +2865,8 @@ static void nvme_copy_in_cb(void *opaque, int ret) uint64_t slba; uint32_t nlb; - if (ret < 0) { - iocb->ret = ret; + if (ret < 0 || iocb->ret < 0 || !ns->lbaf.ms) { goto out; - } else if (iocb->ret < 0) { - goto out; - } - - if (!ns->lbaf.ms) { - nvme_copy_in_completed_cb(iocb, 0); - return; } nvme_copy_source_range_parse(iocb->ranges, iocb->idx, iocb->format, &slba, @@ -2927,12 +2882,11 @@ static void nvme_copy_in_cb(void *opaque, int ret) return; out: - nvme_copy_cb(iocb, iocb->ret); + nvme_copy_in_completed_cb(iocb, ret); } -static void nvme_copy_cb(void *opaque, int ret) +static void nvme_do_copy(NvmeCopyAIOCB *iocb) { - NvmeCopyAIOCB *iocb = opaque; NvmeRequest *req = iocb->req; NvmeNamespace *ns = req->ns; uint64_t slba; @@ -2940,10 +2894,7 @@ static void nvme_copy_cb(void *opaque, int ret) size_t len; uint16_t status; - if (ret < 0) { - iocb->ret = ret; - goto done; - } else if (iocb->ret < 0) { + if (iocb->ret < 0) { goto done; } @@ -2990,14 +2941,11 @@ static void nvme_copy_cb(void *opaque, int ret) invalid: req->status = status; + iocb->ret = -1; done: - iocb->aiocb = NULL; - if (iocb->bh) { - qemu_bh_schedule(iocb->bh); - } + nvme_copy_done(iocb); } - static uint16_t nvme_copy(NvmeCtrl *n, NvmeRequest *req) { NvmeNamespace *ns = req->ns; @@ -3067,7 +3015,6 @@ static uint16_t nvme_copy(NvmeCtrl *n, NvmeRequest *req) } iocb->req = req; - iocb->bh = qemu_bh_new(nvme_copy_bh, iocb); iocb->ret = 0; iocb->nr = nr; iocb->idx = 0; @@ -3084,7 +3031,7 @@ static uint16_t nvme_copy(NvmeCtrl *n, NvmeRequest *req) BLOCK_ACCT_WRITE); req->aiocb = &iocb->common; - nvme_copy_cb(iocb, 0); + nvme_do_copy(iocb); return NVME_NO_COMPLETE; @@ -3160,7 +3107,6 @@ typedef struct NvmeFlushAIOCB { BlockAIOCB common; BlockAIOCB *aiocb; NvmeRequest *req; - QEMUBH *bh; int ret; NvmeNamespace *ns; @@ -3176,6 +3122,7 @@ static void nvme_flush_cancel(BlockAIOCB *acb) if (iocb->aiocb) { blk_aio_cancel_async(iocb->aiocb); + iocb->aiocb = NULL; } } @@ -3185,6 +3132,8 @@ static const AIOCBInfo nvme_flush_aiocb_info = { .get_aio_context = nvme_get_aio_context, }; +static void nvme_do_flush(NvmeFlushAIOCB *iocb); + static void nvme_flush_ns_cb(void *opaque, int ret) { NvmeFlushAIOCB *iocb = opaque; @@ -3206,13 +3155,11 @@ static void nvme_flush_ns_cb(void *opaque, int ret) } out: - iocb->aiocb = NULL; - qemu_bh_schedule(iocb->bh); + nvme_do_flush(iocb); } -static void nvme_flush_bh(void *opaque) +static void nvme_do_flush(NvmeFlushAIOCB *iocb) { - NvmeFlushAIOCB *iocb = opaque; NvmeRequest *req = iocb->req; NvmeCtrl *n = nvme_ctrl(req); int i; @@ -3239,14 +3186,8 @@ static void nvme_flush_bh(void *opaque) return; done: - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; - iocb->common.cb(iocb->common.opaque, iocb->ret); - qemu_aio_unref(iocb); - - return; } static uint16_t nvme_flush(NvmeCtrl *n, NvmeRequest *req) @@ -3258,7 +3199,6 @@ static uint16_t nvme_flush(NvmeCtrl *n, NvmeRequest *req) iocb = qemu_aio_get(&nvme_flush_aiocb_info, NULL, nvme_misc_cb, req); iocb->req = req; - iocb->bh = qemu_bh_new(nvme_flush_bh, iocb); iocb->ret = 0; iocb->ns = NULL; iocb->nsid = 0; @@ -3280,13 +3220,11 @@ static uint16_t nvme_flush(NvmeCtrl *n, NvmeRequest *req) } req->aiocb = &iocb->common; - qemu_bh_schedule(iocb->bh); + nvme_do_flush(iocb); return NVME_NO_COMPLETE; out: - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; qemu_aio_unref(iocb); return status; @@ -3721,7 +3659,6 @@ typedef struct NvmeZoneResetAIOCB { BlockAIOCB common; BlockAIOCB *aiocb; NvmeRequest *req; - QEMUBH *bh; int ret; bool all; @@ -3750,17 +3687,6 @@ static const AIOCBInfo nvme_zone_reset_aiocb_info = { .cancel_async = nvme_zone_reset_cancel, }; -static void nvme_zone_reset_bh(void *opaque) -{ - NvmeZoneResetAIOCB *iocb = opaque; - - iocb->common.cb(iocb->common.opaque, iocb->ret); - - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; - qemu_aio_unref(iocb); -} - static void nvme_zone_reset_cb(void *opaque, int ret); static void nvme_zone_reset_epilogue_cb(void *opaque, int ret) @@ -3771,14 +3697,8 @@ static void nvme_zone_reset_epilogue_cb(void *opaque, int ret) int64_t moff; int count; - if (ret < 0) { - nvme_zone_reset_cb(iocb, ret); - return; - } - - if (!ns->lbaf.ms) { - nvme_zone_reset_cb(iocb, 0); - return; + if (ret < 0 || iocb->ret < 0 || !ns->lbaf.ms) { + goto out; } moff = nvme_moff(ns, iocb->zone->d.zslba); @@ -3788,6 +3708,9 @@ static void nvme_zone_reset_epilogue_cb(void *opaque, int ret) BDRV_REQ_MAY_UNMAP, nvme_zone_reset_cb, iocb); return; + +out: + nvme_zone_reset_cb(iocb, ret); } static void nvme_zone_reset_cb(void *opaque, int ret) @@ -3796,7 +3719,9 @@ static void nvme_zone_reset_cb(void *opaque, int ret) NvmeRequest *req = iocb->req; NvmeNamespace *ns = req->ns; - if (ret < 0) { + if (iocb->ret < 0) { + goto done; + } else if (ret < 0) { iocb->ret = ret; goto done; } @@ -3844,9 +3769,9 @@ static void nvme_zone_reset_cb(void *opaque, int ret) done: iocb->aiocb = NULL; - if (iocb->bh) { - qemu_bh_schedule(iocb->bh); - } + + iocb->common.cb(iocb->common.opaque, iocb->ret); + qemu_aio_unref(iocb); } static uint16_t nvme_zone_mgmt_send_zrwa_flush(NvmeCtrl *n, NvmeZone *zone, @@ -3951,7 +3876,6 @@ static uint16_t nvme_zone_mgmt_send(NvmeCtrl *n, NvmeRequest *req) nvme_misc_cb, req); iocb->req = req; - iocb->bh = qemu_bh_new(nvme_zone_reset_bh, iocb); iocb->ret = 0; iocb->all = all; iocb->idx = zone_idx; @@ -5741,7 +5665,6 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeRequest *req) typedef struct NvmeFormatAIOCB { BlockAIOCB common; BlockAIOCB *aiocb; - QEMUBH *bh; NvmeRequest *req; int ret; @@ -5756,14 +5679,15 @@ typedef struct NvmeFormatAIOCB { uint8_t pil; } NvmeFormatAIOCB; -static void nvme_format_bh(void *opaque); - static void nvme_format_cancel(BlockAIOCB *aiocb) { NvmeFormatAIOCB *iocb = container_of(aiocb, NvmeFormatAIOCB, common); + iocb->ret = -ECANCELED; + if (iocb->aiocb) { blk_aio_cancel_async(iocb->aiocb); + iocb->aiocb = NULL; } } @@ -5787,13 +5711,17 @@ static void nvme_format_set(NvmeNamespace *ns, uint8_t lbaf, uint8_t mset, nvme_ns_init_format(ns); } +static void nvme_do_format(NvmeFormatAIOCB *iocb); + static void nvme_format_ns_cb(void *opaque, int ret) { NvmeFormatAIOCB *iocb = opaque; NvmeNamespace *ns = iocb->ns; int bytes; - if (ret < 0) { + if (iocb->ret < 0) { + goto done; + } else if (ret < 0) { iocb->ret = ret; goto done; } @@ -5817,8 +5745,7 @@ static void nvme_format_ns_cb(void *opaque, int ret) iocb->offset = 0; done: - iocb->aiocb = NULL; - qemu_bh_schedule(iocb->bh); + nvme_do_format(iocb); } static uint16_t nvme_format_check(NvmeNamespace *ns, uint8_t lbaf, uint8_t pi) @@ -5842,9 +5769,8 @@ static uint16_t nvme_format_check(NvmeNamespace *ns, uint8_t lbaf, uint8_t pi) return NVME_SUCCESS; } -static void nvme_format_bh(void *opaque) +static void nvme_do_format(NvmeFormatAIOCB *iocb) { - NvmeFormatAIOCB *iocb = opaque; NvmeRequest *req = iocb->req; NvmeCtrl *n = nvme_ctrl(req); uint32_t dw10 = le32_to_cpu(req->cmd.cdw10); @@ -5882,11 +5808,7 @@ static void nvme_format_bh(void *opaque) return; done: - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; - iocb->common.cb(iocb->common.opaque, iocb->ret); - qemu_aio_unref(iocb); } @@ -5905,7 +5827,6 @@ static uint16_t nvme_format(NvmeCtrl *n, NvmeRequest *req) iocb = qemu_aio_get(&nvme_format_aiocb_info, NULL, nvme_misc_cb, req); iocb->req = req; - iocb->bh = qemu_bh_new(nvme_format_bh, iocb); iocb->ret = 0; iocb->ns = NULL; iocb->nsid = 0; @@ -5934,14 +5855,13 @@ static uint16_t nvme_format(NvmeCtrl *n, NvmeRequest *req) } req->aiocb = &iocb->common; - qemu_bh_schedule(iocb->bh); + nvme_do_format(iocb); return NVME_NO_COMPLETE; out: - qemu_bh_delete(iocb->bh); - iocb->bh = NULL; qemu_aio_unref(iocb); + return status; } diff --git a/hw/scsi/vhost-scsi-common.c b/hw/scsi/vhost-scsi-common.c index 767f827e55..18ea5dcfa1 100644 --- a/hw/scsi/vhost-scsi-common.c +++ b/hw/scsi/vhost-scsi-common.c @@ -68,7 +68,7 @@ int vhost_scsi_common_start(VHostSCSICommon *vsc) goto err_guest_notifiers; } - ret = vhost_dev_start(&vsc->dev, vdev); + ret = vhost_dev_start(&vsc->dev, vdev, true); if (ret < 0) { error_report("Error start vhost dev"); goto err_guest_notifiers; @@ -101,7 +101,7 @@ void vhost_scsi_common_stop(VHostSCSICommon *vsc) VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus); int ret = 0; - vhost_dev_stop(&vsc->dev, vdev); + vhost_dev_stop(&vsc->dev, vdev, true); if (k->set_guest_notifiers) { ret = k->set_guest_notifiers(qbus->parent, vsc->dev.nvqs, false); diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c index bdf337a7a2..6a0fd0dfb1 100644 --- a/hw/scsi/vhost-scsi.c +++ b/hw/scsi/vhost-scsi.c @@ -38,6 +38,7 @@ static const int kernel_feature_bits[] = { VIRTIO_RING_F_INDIRECT_DESC, VIRTIO_RING_F_EVENT_IDX, VIRTIO_SCSI_F_HOTPLUG, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c index bc37317d55..b7a71a802c 100644 --- a/hw/scsi/vhost-user-scsi.c +++ b/hw/scsi/vhost-user-scsi.c @@ -36,6 +36,7 @@ static const int user_feature_bits[] = { VIRTIO_RING_F_INDIRECT_DESC, VIRTIO_RING_F_EVENT_IDX, VIRTIO_SCSI_F_HOTPLUG, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c index e934b1a5b1..643d4643e4 100644 --- a/hw/usb/hcd-xhci-pci.c +++ b/hw/usb/hcd-xhci-pci.c @@ -85,7 +85,7 @@ static void xhci_pci_reset(DeviceState *dev) { XHCIPciState *s = XHCI_PCI(dev); - device_legacy_reset(DEVICE(&s->xhci)); + device_cold_reset(DEVICE(&s->xhci)); } static int xhci_pci_vmstate_post_load(void *opaque, int version_id) diff --git a/hw/usb/hcd-xhci-sysbus.c b/hw/usb/hcd-xhci-sysbus.c index a14e438196..faf57b4797 100644 --- a/hw/usb/hcd-xhci-sysbus.c +++ b/hw/usb/hcd-xhci-sysbus.c @@ -29,7 +29,7 @@ void xhci_sysbus_reset(DeviceState *dev) { XHCISysbusState *s = XHCI_SYSBUS(dev); - device_legacy_reset(DEVICE(&s->xhci)); + device_cold_reset(DEVICE(&s->xhci)); } static void xhci_sysbus_realize(DeviceState *dev, Error **errp) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 8299f35e66..b89b618ec2 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -796,7 +796,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) */ } while (length < TRB_LINK_LIMIT * 65536 / TRB_SIZE); - qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum tranfer ring size!\n", + qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum transfer ring size!\n", __func__); return -1; diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index 1bd30efc3e..fd7df599bc 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -1280,8 +1280,7 @@ static void usbredir_create_parser(USBRedirDevice *dev) } #endif - if (runstate_check(RUN_STATE_INMIGRATE) || - runstate_check(RUN_STATE_PRELAUNCH)) { + if (runstate_check(RUN_STATE_INMIGRATE)) { flags |= usbredirparser_fl_no_hello; } usbredirparser_init(dev->parser, VERSION, caps, USB_REDIR_CAPS_SIZE, diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events index 820dadc26c..14fc5b9bb2 100644 --- a/hw/virtio/trace-events +++ b/hw/virtio/trace-events @@ -9,8 +9,8 @@ vhost_section(const char *name) "%s" vhost_reject_section(const char *name, int d) "%s:%d" vhost_iotlb_miss(void *dev, int step) "%p step %d" vhost_dev_cleanup(void *dev) "%p" -vhost_dev_start(void *dev, const char *name) "%p:%s" -vhost_dev_stop(void *dev, const char *name) "%p:%s" +vhost_dev_start(void *dev, const char *name, bool vrings) "%p:%s vrings:%d" +vhost_dev_stop(void *dev, const char *name, bool vrings) "%p:%s vrings:%d" # vhost-user.c diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c index 1c40f42045..d97b179e6f 100644 --- a/hw/virtio/vhost-user-fs.c +++ b/hw/virtio/vhost-user-fs.c @@ -32,6 +32,7 @@ static const int user_feature_bits[] = { VIRTIO_F_NOTIFY_ON_EMPTY, VIRTIO_F_RING_PACKED, VIRTIO_F_IOMMU_PLATFORM, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; @@ -75,7 +76,7 @@ static void vuf_start(VirtIODevice *vdev) } fs->vhost_dev.acked_features = vdev->guest_features; - ret = vhost_dev_start(&fs->vhost_dev, vdev); + ret = vhost_dev_start(&fs->vhost_dev, vdev, true); if (ret < 0) { error_report("Error starting vhost: %d", -ret); goto err_guest_notifiers; @@ -109,7 +110,7 @@ static void vuf_stop(VirtIODevice *vdev) return; } - vhost_dev_stop(&fs->vhost_dev, vdev); + vhost_dev_stop(&fs->vhost_dev, vdev, true); ret = k->set_guest_notifiers(qbus->parent, fs->vhost_dev.nvqs, false); if (ret < 0) { diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c index 677d1c7730..b7b82a1099 100644 --- a/hw/virtio/vhost-user-gpio.c +++ b/hw/virtio/vhost-user-gpio.c @@ -24,6 +24,7 @@ static const int feature_bits[] = { VIRTIO_RING_F_INDIRECT_DESC, VIRTIO_RING_F_EVENT_IDX, VIRTIO_GPIO_F_IRQ, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; @@ -80,11 +81,12 @@ static int vu_gpio_start(VirtIODevice *vdev) */ vhost_ack_features(&gpio->vhost_dev, feature_bits, vdev->guest_features); - ret = vhost_dev_start(&gpio->vhost_dev, vdev); + ret = vhost_dev_start(&gpio->vhost_dev, vdev, false); if (ret < 0) { error_report("Error starting vhost-user-gpio: %d", ret); goto err_guest_notifiers; } + gpio->started_vu = true; /* * guest_notifier_mask/pending not used yet, so just unmask @@ -125,20 +127,16 @@ static void vu_gpio_stop(VirtIODevice *vdev) struct vhost_dev *vhost_dev = &gpio->vhost_dev; int ret; + if (!gpio->started_vu) { + return; + } + gpio->started_vu = false; + if (!k->set_guest_notifiers) { return; } - /* - * We can call vu_gpio_stop multiple times, for example from - * vm_state_notify and the final object finalisation. Check we - * aren't already stopped before doing so. - */ - if (!vhost_dev_is_started(vhost_dev)) { - return; - } - - vhost_dev_stop(vhost_dev, vdev); + vhost_dev_stop(vhost_dev, vdev, false); ret = k->set_guest_notifiers(qbus->parent, vhost_dev->nvqs, false); if (ret < 0) { @@ -235,6 +233,8 @@ static int vu_gpio_connect(DeviceState *dev, Error **errp) return 0; } +static void vu_gpio_event(void *opaque, QEMUChrEvent event); + static void vu_gpio_disconnect(DeviceState *dev) { VirtIODevice *vdev = VIRTIO_DEVICE(dev); @@ -247,6 +247,11 @@ static void vu_gpio_disconnect(DeviceState *dev) vu_gpio_stop(vdev); vhost_dev_cleanup(&gpio->vhost_dev); + + /* Re-instate the event handler for new connections */ + qemu_chr_fe_set_handlers(&gpio->chardev, + NULL, NULL, vu_gpio_event, + NULL, dev, NULL, true); } static void vu_gpio_event(void *opaque, QEMUChrEvent event) @@ -264,7 +269,9 @@ static void vu_gpio_event(void *opaque, QEMUChrEvent event) } break; case CHR_EVENT_CLOSED: - vu_gpio_disconnect(dev); + /* defer close until later to avoid circular close */ + vhost_user_async_close(dev, &gpio->chardev, &gpio->vhost_dev, + vu_gpio_disconnect); break; case CHR_EVENT_BREAK: case CHR_EVENT_MUX_IN: diff --git a/hw/virtio/vhost-user-i2c.c b/hw/virtio/vhost-user-i2c.c index 864eba695e..dc5c828ba6 100644 --- a/hw/virtio/vhost-user-i2c.c +++ b/hw/virtio/vhost-user-i2c.c @@ -16,6 +16,7 @@ static const int feature_bits[] = { VIRTIO_I2C_F_ZERO_LENGTH_REQUEST, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; @@ -45,7 +46,7 @@ static void vu_i2c_start(VirtIODevice *vdev) i2c->vhost_dev.acked_features = vdev->guest_features; - ret = vhost_dev_start(&i2c->vhost_dev, vdev); + ret = vhost_dev_start(&i2c->vhost_dev, vdev, true); if (ret < 0) { error_report("Error starting vhost-user-i2c: %d", -ret); goto err_guest_notifiers; @@ -79,7 +80,7 @@ static void vu_i2c_stop(VirtIODevice *vdev) return; } - vhost_dev_stop(&i2c->vhost_dev, vdev); + vhost_dev_stop(&i2c->vhost_dev, vdev, true); ret = k->set_guest_notifiers(qbus->parent, i2c->vhost_dev.nvqs, false); if (ret < 0) { diff --git a/hw/virtio/vhost-user-rng.c b/hw/virtio/vhost-user-rng.c index 8b47287875..201a39e220 100644 --- a/hw/virtio/vhost-user-rng.c +++ b/hw/virtio/vhost-user-rng.c @@ -16,6 +16,11 @@ #include "qemu/error-report.h" #include "standard-headers/linux/virtio_ids.h" +static const int feature_bits[] = { + VIRTIO_F_RING_RESET, + VHOST_INVALID_FEATURE_BIT +}; + static void vu_rng_start(VirtIODevice *vdev) { VHostUserRNG *rng = VHOST_USER_RNG(vdev); @@ -42,7 +47,7 @@ static void vu_rng_start(VirtIODevice *vdev) } rng->vhost_dev.acked_features = vdev->guest_features; - ret = vhost_dev_start(&rng->vhost_dev, vdev); + ret = vhost_dev_start(&rng->vhost_dev, vdev, true); if (ret < 0) { error_report("Error starting vhost-user-rng: %d", -ret); goto err_guest_notifiers; @@ -76,7 +81,7 @@ static void vu_rng_stop(VirtIODevice *vdev) return; } - vhost_dev_stop(&rng->vhost_dev, vdev); + vhost_dev_stop(&rng->vhost_dev, vdev, true); ret = k->set_guest_notifiers(qbus->parent, rng->vhost_dev.nvqs, false); if (ret < 0) { @@ -106,8 +111,10 @@ static void vu_rng_set_status(VirtIODevice *vdev, uint8_t status) static uint64_t vu_rng_get_features(VirtIODevice *vdev, uint64_t requested_features, Error **errp) { - /* No feature bits used yet */ - return requested_features; + VHostUserRNG *rng = VHOST_USER_RNG(vdev); + + return vhost_get_features(&rng->vhost_dev, feature_bits, + requested_features); } static void vu_rng_handle_output(VirtIODevice *vdev, VirtQueue *vq) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index abe23d4ebe..8f635844af 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -21,6 +21,7 @@ #include "qemu/error-report.h" #include "qemu/main-loop.h" #include "qemu/sockets.h" +#include "sysemu/runstate.h" #include "sysemu/cryptodev.h" #include "migration/migration.h" #include "migration/postcopy-ram.h" @@ -2670,6 +2671,76 @@ void vhost_user_cleanup(VhostUserState *user) user->chr = NULL; } + +typedef struct { + vu_async_close_fn cb; + DeviceState *dev; + CharBackend *cd; + struct vhost_dev *vhost; +} VhostAsyncCallback; + +static void vhost_user_async_close_bh(void *opaque) +{ + VhostAsyncCallback *data = opaque; + struct vhost_dev *vhost = data->vhost; + + /* + * If the vhost_dev has been cleared in the meantime there is + * nothing left to do as some other path has completed the + * cleanup. + */ + if (vhost->vdev) { + data->cb(data->dev); + } + + g_free(data); +} + +/* + * We only schedule the work if the machine is running. If suspended + * we want to keep all the in-flight data as is for migration + * purposes. + */ +void vhost_user_async_close(DeviceState *d, + CharBackend *chardev, struct vhost_dev *vhost, + vu_async_close_fn cb) +{ + if (!runstate_check(RUN_STATE_SHUTDOWN)) { + /* + * A close event may happen during a read/write, but vhost + * code assumes the vhost_dev remains setup, so delay the + * stop & clear. + */ + AioContext *ctx = qemu_get_current_aio_context(); + VhostAsyncCallback *data = g_new0(VhostAsyncCallback, 1); + + /* Save data for the callback */ + data->cb = cb; + data->dev = d; + data->cd = chardev; + data->vhost = vhost; + + /* Disable any further notifications on the chardev */ + qemu_chr_fe_set_handlers(chardev, + NULL, NULL, NULL, NULL, NULL, NULL, + false); + + aio_bh_schedule_oneshot(ctx, vhost_user_async_close_bh, data); + + /* + * Move vhost device to the stopped state. The vhost-user device + * will be clean up and disconnected in BH. This can be useful in + * the vhost migration code. If disconnect was caught there is an + * option for the general vhost code to get the dev state without + * knowing its type (in this case vhost-user). + * + * Note if the vhost device is fully cleared by the time we + * execute the bottom half we won't continue with the cleanup. + */ + vhost->started = false; + } +} + static int vhost_user_dev_start(struct vhost_dev *dev, bool started) { if (!virtio_has_feature(dev->protocol_features, diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c index 29b9ab4f72..d21c72b401 100644 --- a/hw/virtio/vhost-vsock-common.c +++ b/hw/virtio/vhost-vsock-common.c @@ -21,6 +21,7 @@ const int feature_bits[] = { VIRTIO_VSOCK_F_SEQPACKET, + VIRTIO_F_RING_RESET, VHOST_INVALID_FEATURE_BIT }; @@ -69,7 +70,7 @@ int vhost_vsock_common_start(VirtIODevice *vdev) } vvc->vhost_dev.acked_features = vdev->guest_features; - ret = vhost_dev_start(&vvc->vhost_dev, vdev); + ret = vhost_dev_start(&vvc->vhost_dev, vdev, true); if (ret < 0) { error_report("Error starting vhost: %d", -ret); goto err_guest_notifiers; @@ -104,7 +105,7 @@ void vhost_vsock_common_stop(VirtIODevice *vdev) return; } - vhost_dev_stop(&vvc->vhost_dev, vdev); + vhost_dev_stop(&vvc->vhost_dev, vdev, true); ret = k->set_guest_notifiers(qbus->parent, vvc->vhost_dev.nvqs, false); if (ret < 0) { diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index d1c4c20b8c..7fb008bc9e 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -1777,15 +1777,36 @@ int vhost_dev_get_inflight(struct vhost_dev *dev, uint16_t queue_size, return 0; } +static int vhost_dev_set_vring_enable(struct vhost_dev *hdev, int enable) +{ + if (!hdev->vhost_ops->vhost_set_vring_enable) { + return 0; + } + + /* + * For vhost-user devices, if VHOST_USER_F_PROTOCOL_FEATURES has not + * been negotiated, the rings start directly in the enabled state, and + * .vhost_set_vring_enable callback will fail since + * VHOST_USER_SET_VRING_ENABLE is not supported. + */ + if (hdev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER && + !virtio_has_feature(hdev->backend_features, + VHOST_USER_F_PROTOCOL_FEATURES)) { + return 0; + } + + return hdev->vhost_ops->vhost_set_vring_enable(hdev, enable); +} + /* Host notifiers must be enabled at this point. */ -int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev) +int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev, bool vrings) { int i, r; /* should only be called after backend is connected */ assert(hdev->vhost_ops); - trace_vhost_dev_start(hdev, vdev->name); + trace_vhost_dev_start(hdev, vdev->name, vrings); vdev->vhost_started = true; hdev->started = true; @@ -1830,10 +1851,16 @@ int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev) goto fail_log; } } + if (vrings) { + r = vhost_dev_set_vring_enable(hdev, true); + if (r) { + goto fail_log; + } + } if (hdev->vhost_ops->vhost_dev_start) { r = hdev->vhost_ops->vhost_dev_start(hdev, true); if (r) { - goto fail_log; + goto fail_start; } } if (vhost_dev_has_iommu(hdev) && @@ -1848,6 +1875,10 @@ int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev) } } return 0; +fail_start: + if (vrings) { + vhost_dev_set_vring_enable(hdev, false); + } fail_log: vhost_log_put(hdev, false); fail_vq: @@ -1866,18 +1897,21 @@ fail_features: } /* Host notifiers must be enabled at this point. */ -void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev) +void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev, bool vrings) { int i; /* should only be called after backend is connected */ assert(hdev->vhost_ops); - trace_vhost_dev_stop(hdev, vdev->name); + trace_vhost_dev_stop(hdev, vdev->name, vrings); if (hdev->vhost_ops->vhost_dev_start) { hdev->vhost_ops->vhost_dev_start(hdev, false); } + if (vrings) { + vhost_dev_set_vring_enable(hdev, false); + } for (i = 0; i < hdev->nvqs; ++i) { vhost_virtqueue_stop(hdev, vdev, diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 9683b2e158..eb6347ab5d 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2499,10 +2499,17 @@ void virtio_queue_enable(VirtIODevice *vdev, uint32_t queue_index) { VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); + /* + * TODO: Seabios is currently out of spec and triggering this error. + * So this needs to be fixed in Seabios, then this can + * be re-enabled for new machine types only, and also after + * being converted to LOG_GUEST_ERROR. + * if (!virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) { error_report("queue_enable is only suppported in devices of virtio " "1.0 or later."); } + */ if (k->queue_enable) { k->queue_enable(vdev, queue_index); diff --git a/include/hw/virtio/vhost-user-gpio.h b/include/hw/virtio/vhost-user-gpio.h index 4fe9aeecc0..a9305c5e6c 100644 --- a/include/hw/virtio/vhost-user-gpio.h +++ b/include/hw/virtio/vhost-user-gpio.h @@ -28,7 +28,17 @@ struct VHostUserGPIO { VhostUserState vhost_user; VirtQueue *command_vq; VirtQueue *interrupt_vq; + /** + * There are at least two steps of initialization of the + * vhost-user device. The first is a "connect" step and + * second is a "start" step. Make a separation between + * those initialization phases by using two fields. + * + * @connected: see vu_gpio_connect()/vu_gpio_disconnect() + * @started_vu: see vu_gpio_start()/vu_gpio_stop() + */ bool connected; + bool started_vu; /*< public >*/ }; diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h index c6e693cd3f..191216a74f 100644 --- a/include/hw/virtio/vhost-user.h +++ b/include/hw/virtio/vhost-user.h @@ -68,4 +68,22 @@ bool vhost_user_init(VhostUserState *user, CharBackend *chr, Error **errp); */ void vhost_user_cleanup(VhostUserState *user); +/** + * vhost_user_async_close() - cleanup vhost-user post connection drop + * @d: DeviceState for the associated device (passed to callback) + * @chardev: the CharBackend associated with the connection + * @vhost: the common vhost device + * @cb: the user callback function to complete the clean-up + * + * This function is used to handle the shutdown of a vhost-user + * connection to a backend. We handle this centrally to make sure we + * do all the steps and handle potential races due to VM shutdowns. + * Once the connection is disabled we call a backhalf to ensure + */ +typedef void (*vu_async_close_fn)(DeviceState *cb); + +void vhost_user_async_close(DeviceState *d, + CharBackend *chardev, struct vhost_dev *vhost, + vu_async_close_fn cb); + #endif diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h index 353252ac3e..67a6807fac 100644 --- a/include/hw/virtio/vhost.h +++ b/include/hw/virtio/vhost.h @@ -184,24 +184,26 @@ static inline bool vhost_dev_is_started(struct vhost_dev *hdev) * vhost_dev_start() - start the vhost device * @hdev: common vhost_dev structure * @vdev: the VirtIODevice structure + * @vrings: true to have vrings enabled in this call * * Starts the vhost device. From this point VirtIO feature negotiation * can start and the device can start processing VirtIO transactions. * * Return: 0 on success, < 0 on error. */ -int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev); +int vhost_dev_start(struct vhost_dev *hdev, VirtIODevice *vdev, bool vrings); /** * vhost_dev_stop() - stop the vhost device * @hdev: common vhost_dev structure * @vdev: the VirtIODevice structure + * @vrings: true to have vrings disabled in this call * * Stop the vhost device. After the device is stopped the notifiers * can be disabled (@vhost_dev_disable_notifiers) and the device can * be torn down (@vhost_dev_cleanup). */ -void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev); +void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev, bool vrings); /** * DOC: vhost device configuration handling diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index a973811cbf..acfd4df125 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -116,6 +116,13 @@ struct VirtIODevice bool broken; /* device in invalid state, needs reset */ bool use_disabled_flag; /* allow use of 'disable' flag when needed */ bool disabled; /* device in temporarily disabled state */ + /** + * @use_started: true if the @started flag should be used to check the + * current state of the VirtIO device. Otherwise status bits + * should be checked for a current status of the device. + * @use_started is only set via QMP and defaults to true for all + * modern machines (since 4.1). + */ bool use_started; bool started; bool start_on_kick; /* when virtio 1.0 feature has not been negotiated */ @@ -391,6 +398,16 @@ static inline bool virtio_is_big_endian(VirtIODevice *vdev) return false; } +/** + * virtio_device_started() - check if device started + * @vdev - the VirtIO device + * @status - the devices status bits + * + * Check if the device is started. For most modern machines this is + * tracked via the @vdev->started field (to support migration), + * otherwise we check for the final negotiated status bit that + * indicates everything is ready. + */ static inline bool virtio_device_started(VirtIODevice *vdev, uint8_t status) { if (vdev->use_started) { @@ -411,15 +428,11 @@ static inline bool virtio_device_started(VirtIODevice *vdev, uint8_t status) */ static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status) { - if (vdev->use_started) { - return vdev->started; - } - if (!vdev->vm_running) { return false; } - return status & VIRTIO_CONFIG_S_DRIVER_OK; + return virtio_device_started(vdev, status); } static inline void virtio_set_started(VirtIODevice *vdev, bool started) diff --git a/include/net/net.h b/include/net/net.h index 3db75ff841..dc20b31e9f 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -177,7 +177,8 @@ ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf, void qemu_purge_queued_packets(NetClientState *nc); void qemu_flush_queued_packets(NetClientState *nc); void qemu_flush_or_purge_queued_packets(NetClientState *nc, bool purge); -void qemu_set_info_str(NetClientState *nc, const char *fmt, ...); +void qemu_set_info_str(NetClientState *nc, + const char *fmt, ...) G_GNUC_PRINTF(2, 3); void qemu_format_nic_info_str(NetClientState *nc, uint8_t macaddr[6]); bool qemu_has_ufo(NetClientState *nc); bool qemu_has_vnet_hdr(NetClientState *nc); diff --git a/libafl_extras/meson.build b/libafl_extras/meson.build new file mode 100644 index 0000000000..78699d0480 --- /dev/null +++ b/libafl_extras/meson.build @@ -0,0 +1,4 @@ +specific_ss.add(when: 'CONFIG_SOFTMMU', if_true: [files( + 'syx-snapshot/device-save.c', + 'syx-snapshot/syx-snapshot.c', +)]) diff --git a/libafl_extras/syx-misc.h b/libafl_extras/syx-misc.h new file mode 100644 index 0000000000..bacfc190e1 --- /dev/null +++ b/libafl_extras/syx-misc.h @@ -0,0 +1,16 @@ +#pragma once +//#ifdef QEMU_SYX + +#define SYX_PRINTF(format, ...) fprintf(stderr, ("[QEMU-SYX] " format), ##__VA_ARGS__) + +#ifdef CONFIG_DEBUG_SYX +#define SYX_DEBUG(format, ...) fprintf(stderr, ("[QEMU-SYX] DEBUG: " format), ##__VA_ARGS__) +#else +#define SYX_DEBUG(format, ...) +#endif + +#define SYX_WARNING(format, ...) warn_report(("[QEMU-SYX] " format), ##__VA_ARGS__) + +#define SYX_ERROR(format, ...) error_report(("[QEMU-SYX] " format), ##__VA_ARGS__) + +//#endif diff --git a/libafl_extras/syx-snapshot/device-save.c b/libafl_extras/syx-snapshot/device-save.c new file mode 100644 index 0000000000..6b8cf2f671 --- /dev/null +++ b/libafl_extras/syx-snapshot/device-save.c @@ -0,0 +1,147 @@ +#include "qemu/osdep.h" +#include "device-save.h" +#include "migration/qemu-file.h" +#include "migration/vmstate.h" +#include "qemu/main-loop.h" +#include "libafl_extras/syx-misc.h" + +#include "migration/savevm.h" + +#define QEMU_FILE_RAM_LIMIT (32 * 1024 * 1024) + +///// From migration/savevm.c + +#include "qapi/qapi-commands-migration.h" +#include "migration/vmstate.h" +#include "migration/register.h" +#include "qemu/uuid.h" + +typedef struct CompatEntry { + char idstr[256]; + int instance_id; +} CompatEntry; + +typedef struct SaveStateEntry { + QTAILQ_ENTRY(SaveStateEntry) entry; + char idstr[256]; + uint32_t instance_id; + int alias_id; + int version_id; + /* version id read from the stream */ + int load_version_id; + int section_id; + /* section id read from the stream */ + int load_section_id; + const SaveVMHandlers *ops; + const VMStateDescription *vmsd; + void *opaque; + CompatEntry *compat; + int is_ram; +} SaveStateEntry; + +typedef struct SaveState { + QTAILQ_HEAD(, SaveStateEntry) handlers; + SaveStateEntry *handler_pri_head[MIG_PRI_MAX + 1]; + int global_section_id; + uint32_t len; + const char *name; + uint32_t target_page_bits; + uint32_t caps_count; + MigrationCapability *capabilities; + QemuUUID uuid; +} SaveState; + +///// End migration/savevm.c + +int libafl_restoring_devices; + +extern SaveState savevm_state; + +void save_section_header(QEMUFile *f, SaveStateEntry *se, uint8_t section_type); +void save_section_footer(QEMUFile *f, SaveStateEntry *se); +int vmstate_save(QEMUFile *f, SaveStateEntry *se, JSONWriter *vmdesc); + +// iothread must be locked +device_save_state_t* device_save_all(void) { + device_save_state_t* dss = g_new0(device_save_state_t, 1); + SaveStateEntry *se; + + dss->kind = DEVICE_SAVE_KIND_FULL; + dss->save_buffer = qio_channel_buffer_new(QEMU_FILE_RAM_LIMIT); + + QEMUFile* f = qemu_file_new_output(QIO_CHANNEL(dss->save_buffer)); + + QTAILQ_FOREACH(se, &savevm_state.handlers, entry) { + int ret; + + if (se->is_ram) { + continue; + } + if ((!se->ops || !se->ops->save_state) && !se->vmsd) { + continue; + } + if (se->vmsd && !vmstate_save_needed(se->vmsd, se->opaque)) { + continue; + } + if (!strcmp(se->idstr, "globalstate")) { + continue; + } + + // printf("Saving section %p %s...\n", se, se->idstr); + + save_section_header(f, se, QEMU_VM_SECTION_FULL); + + ret = vmstate_save(f, se, NULL); + + if (ret) { + SYX_PRINTF("Device save all error: %d\n", ret); + abort(); + } + + save_section_footer(f, se); + } + + printf("\n"); + + qemu_put_byte(f, QEMU_VM_EOF); + + qemu_fflush(f); + + // fclose will call io_close and free device_save_state->save_buffer, don't do that + //qemu_fclose(f); + + return dss; +} + +void device_restore_all(device_save_state_t* device_save_state) { + bool must_unlock_iothread = false; + + Error* errp = NULL; + qio_channel_io_seek(QIO_CHANNEL(device_save_state->save_buffer), 0, SEEK_SET, &errp); + QEMUFile* f = qemu_file_new_input(QIO_CHANNEL(device_save_state->save_buffer)); + + if (!qemu_mutex_iothread_locked()) { + qemu_mutex_lock_iothread(); + must_unlock_iothread = true; + } + + int save_libafl_restoring_devices = libafl_restoring_devices; + libafl_restoring_devices = 1; + + qemu_load_device_state(f); + + libafl_restoring_devices = save_libafl_restoring_devices; + + if (must_unlock_iothread) { + qemu_mutex_unlock_iothread(); + } + + // qemu_fclose(f); +} + +void device_free_all(device_save_state_t* dss) { + // g_free(dss->save_buffer); + Error* errp = NULL; + qio_channel_close(QIO_CHANNEL(dss->save_buffer), &errp); + object_unref(OBJECT(dss->save_buffer)); +} diff --git a/libafl_extras/syx-snapshot/device-save.h b/libafl_extras/syx-snapshot/device-save.h new file mode 100644 index 0000000000..f0f6e9707f --- /dev/null +++ b/libafl_extras/syx-snapshot/device-save.h @@ -0,0 +1,16 @@ +#pragma once + +#include "qemu/osdep.h" +#include "io/channel-buffer.h" + +#define DEVICE_SAVE_KIND_FULL 0 + +typedef struct device_save_state_s { + uint8_t kind; + QIOChannelBuffer* save_buffer; + QEMUFile* save_file; +} device_save_state_t; + +device_save_state_t* device_save_all(void); +void device_restore_all(device_save_state_t* device_save_state); +void device_free_all(device_save_state_t* dss); diff --git a/libafl_extras/syx-snapshot/syx-snapshot.c b/libafl_extras/syx-snapshot/syx-snapshot.c new file mode 100644 index 0000000000..1afc43f0b5 --- /dev/null +++ b/libafl_extras/syx-snapshot/syx-snapshot.c @@ -0,0 +1,429 @@ +#include "qemu/osdep.h" +//#include "qemu-common.h" +#include "sysemu/sysemu.h" +#include "cpu.h" +#include "qemu/main-loop.h" +#include "migration/qemu-file.h" +#include "migration/vmstate.h" +#include "migration/savevm.h" +#include "memory.h" + +#include "exec/ram_addr.h" +#include "exec/ramlist.h" +#include "exec/address-spaces.h" +#include "exec/exec-all.h" + +#include "sysemu/block-backend.h" +#include "migration/register.h" + +#include "syx-snapshot.h" +#include "device-save.h" + +///// From migration/savevm.c + +#include "qapi/qapi-commands-migration.h" +#include "migration/vmstate.h" +#include "migration/register.h" +#include "qemu/uuid.h" + +typedef struct CompatEntry { + char idstr[256]; + int instance_id; +} CompatEntry; + +typedef struct SaveStateEntry { + QTAILQ_ENTRY(SaveStateEntry) entry; + char idstr[256]; + uint32_t instance_id; + int alias_id; + int version_id; + /* version id read from the stream */ + int load_version_id; + int section_id; + /* section id read from the stream */ + int load_section_id; + const SaveVMHandlers *ops; + const VMStateDescription *vmsd; + void *opaque; + CompatEntry *compat; + int is_ram; +} SaveStateEntry; + +typedef struct SaveState { + QTAILQ_HEAD(, SaveStateEntry) handlers; + SaveStateEntry *handler_pri_head[MIG_PRI_MAX + 1]; + int global_section_id; + uint32_t len; + const char *name; + uint32_t target_page_bits; + uint32_t caps_count; + MigrationCapability *capabilities; + QemuUUID uuid; +} SaveState; + +///// End migration/savevm.c + +#define SYX_SNAPSHOT_LIST_INIT_SIZE 4096 +#define SYX_SNAPSHOT_LIST_GROW_FACTOR 2 + +syx_snapshot_state_t syx_snapshot_state = {0}; + +void syx_snapshot_init(void) { + uint64_t page_size = TARGET_PAGE_SIZE; + + syx_snapshot_state.page_size = page_size; + syx_snapshot_state.page_mask = ((uint64_t)-1) << __builtin_ctz(page_size); + + syx_snapshot_state.tracked_snapshots = syx_snapshot_tracker_init(); + + syx_snapshot_state.is_enabled = false; +} + +syx_snapshot_t* syx_snapshot_create(bool track) { + syx_snapshot_t* snapshot = g_new0(syx_snapshot_t, 1); + + snapshot->root_snapshot = syx_snapshot_root_create(); + snapshot->last_incremental_snapshot = NULL; + snapshot->dirty_list = syx_snapshot_dirty_list_create(); + + if (track) { + syx_snapshot_track(&syx_snapshot_state.tracked_snapshots, snapshot); + } + + syx_snapshot_state.is_enabled = true; + + return snapshot; +} + +void syx_snapshot_free(syx_snapshot_t* snapshot) { + syx_snapshot_increment_t* increment = snapshot->last_incremental_snapshot; + + while (increment != NULL) { + increment = syx_snapshot_increment_free(increment); + } + + syx_snapshot_dirty_list_free(&snapshot->dirty_list); + syx_snapshot_root_free(&snapshot->root_snapshot); + + g_free(snapshot); +} + +syx_snapshot_root_t syx_snapshot_root_create(void) { + syx_snapshot_root_t root = {0}; + + RAMBlock* block; + uint64_t nb_blocks = 0; + device_save_state_t* dss = device_save_all(); + + RAMBLOCK_FOREACH(block) { + nb_blocks++; + } + + root.ram_blocks = g_new0(syx_snapshot_ramblock_t, nb_blocks); + root.nb_ram_blocks = nb_blocks; + root.dss = dss; + + uint64_t ram_block_idx = 0; + RAMBLOCK_FOREACH(block) { + syx_snapshot_ramblock_t* snapshot_ram_block = &root.ram_blocks[ram_block_idx]; + strcpy(snapshot_ram_block->idstr, block->idstr); + snapshot_ram_block->used_length = block->used_length; + + snapshot_ram_block->ram = g_new(uint8_t, block->used_length); + memcpy(snapshot_ram_block->ram, block->host, block->used_length); + + ram_block_idx++; + } + assert(ram_block_idx == nb_blocks); + + return root; +} + +void syx_snapshot_root_free(syx_snapshot_root_t* root) { + for (uint64_t i = 0; i < root->nb_ram_blocks; ++i) { + g_free(root->ram_blocks[i].ram); + } + + g_free(root->ram_blocks); +} + +syx_snapshot_tracker_t syx_snapshot_tracker_init(void) { + syx_snapshot_tracker_t tracker = { + .length = 0, + .capacity = SYX_SNAPSHOT_LIST_INIT_SIZE, + .tracked_snapshots = g_new(syx_snapshot_t*, SYX_SNAPSHOT_LIST_INIT_SIZE) + }; + + return tracker; +} + +void syx_snapshot_track(syx_snapshot_tracker_t* tracker, syx_snapshot_t* snapshot) { + if (tracker->length == tracker->capacity) { + tracker->capacity *= SYX_SNAPSHOT_LIST_GROW_FACTOR; + tracker->tracked_snapshots = g_realloc(tracker->tracked_snapshots, tracker->capacity * sizeof(syx_snapshot_t*)); + } + + assert(tracker->length < tracker->capacity); + + tracker->tracked_snapshots[tracker->length] = snapshot; + tracker->length++; +} + +void syx_snapshot_stop_track(syx_snapshot_tracker_t* tracker, syx_snapshot_t* snapshot) { + for (uint64_t i = 0; i < tracker->length; ++i) { + if (tracker->tracked_snapshots[i] == snapshot) { + for (uint64_t j = i + i; j < tracker->length; ++j) { + tracker->tracked_snapshots[j-1] = tracker->tracked_snapshots[j]; + } + tracker->length--; + return; + } + } + + SYX_PRINTF("ERROR: trying to remove an untracked snapshot\n"); + abort(); +} + +void syx_snapshot_increment_push(syx_snapshot_t* snapshot) { + syx_snapshot_increment_t* increment = g_new0(syx_snapshot_increment_t, 1); + increment->parent = snapshot->last_incremental_snapshot; + snapshot->last_incremental_snapshot = increment; + + increment->dirty_page_list = syx_snapshot_dirty_list_to_dirty_page_list(&snapshot->dirty_list); + increment->dss = device_save_all(); + + syx_snapshot_dirty_list_flush(&snapshot->dirty_list); +} + +static syx_snapshot_dirty_page_t* get_dirty_page_from_addr_rec(syx_snapshot_increment_t* increment, hwaddr addr) { + if (increment == NULL) { + return NULL; + } + + for (uint64_t i = 0; i < increment->dirty_page_list.length; ++i) { + if (increment->dirty_page_list.dirty_pages[i].addr == addr) { + return &increment->dirty_page_list.dirty_pages[i]; + } + } + + return get_dirty_page_from_addr_rec(increment->parent, addr); +} + +static syx_snapshot_ramblock_t* find_ramblock(syx_snapshot_root_t* root, char* idstr) { + for (size_t i = 0; i < root->nb_ram_blocks; i++) { + if (!strcmp(idstr, root->ram_blocks[i].idstr)) { + return &root->ram_blocks[i]; + } + } + + return NULL; +} + +static void restore_page_from_root(syx_snapshot_root_t* root, MemoryRegion* mr, hwaddr addr) { + MemoryRegionSection mr_section = memory_region_find(mr, addr, syx_snapshot_state.page_size); // memory_region_find is quite slow + + if (mr_section.size == 0) { + assert(mr_section.mr == NULL); + + SYX_WARNING("Did not found a memory region while restoring the address %p from root snapshot.\n", (void*) addr); + return; + } + + if (mr_section.mr->ram) { + syx_snapshot_ramblock_t* ram_block = find_ramblock(root, mr_section.mr->ram_block->idstr); + assert(ram_block != NULL); + assert(!strcmp(mr_section.mr->ram_block->idstr, ram_block->idstr)); + + memcpy(mr_section.mr->ram_block->host + mr_section.offset_within_region, + ram_block->ram + mr_section.offset_within_region, syx_snapshot_state.page_size); + } +} + +static void restore_page(MemoryRegion* mr, syx_snapshot_dirty_page_t* page) { + MemoryRegionSection mr_section = memory_region_find(mr, page->addr, syx_snapshot_state.page_size); + assert(mr_section.size != 0 && mr_section.mr != NULL); + assert(mr_section.mr->ram); + + memcpy(mr_section.mr->ram_block->host + mr_section.offset_within_region, page->data, syx_snapshot_state.page_size); +} + +static void restore_to_last_increment(syx_snapshot_t* snapshot, MemoryRegion* mr) { + syx_snapshot_increment_t* increment = snapshot->last_incremental_snapshot; + syx_snapshot_dirty_list_t* dirty_list = &snapshot->dirty_list; + + for (uint64_t i = 0; i < dirty_list->length; ++i) { + syx_snapshot_dirty_page_t* dirty_page = get_dirty_page_from_addr_rec(increment, dirty_list->dirty_addr[i]); + if (dirty_page == NULL) { + restore_page_from_root(&snapshot->root_snapshot, mr, dirty_list->dirty_addr[i]); + } else { + restore_page(mr, dirty_page); + } + } +} + +void syx_snapshot_increment_pop(syx_snapshot_t* snapshot) { + MemoryRegion* system_mr = get_system_memory(); + syx_snapshot_increment_t* last_increment = snapshot->last_incremental_snapshot; + + restore_to_last_increment(snapshot, system_mr); + + device_restore_all(last_increment->dss); + + syx_snapshot_dirty_list_flush(&snapshot->dirty_list); + + snapshot->last_incremental_snapshot = last_increment->parent; + syx_snapshot_increment_free(last_increment); +} + +void syx_snapshot_increment_restore_last(syx_snapshot_t* snapshot) { + MemoryRegion* system_mr = get_system_memory(); + syx_snapshot_increment_t* last_increment = snapshot->last_incremental_snapshot; + + restore_to_last_increment(snapshot, system_mr); + + device_restore_all(last_increment->dss); + + syx_snapshot_dirty_list_flush(&snapshot->dirty_list); +} + +syx_snapshot_increment_t* syx_snapshot_increment_free(syx_snapshot_increment_t* increment) { + syx_snapshot_increment_t* parent = increment->parent; + + for (uint64_t i = 0; i < increment->dirty_page_list.length; ++i) { + g_free(increment->dirty_page_list.dirty_pages[i].data); + } + + device_free_all(increment->dss); + g_free(increment); + + return parent; +} + +syx_snapshot_dirty_list_t syx_snapshot_dirty_list_create(void) { + syx_snapshot_dirty_list_t dirty_list = { + .length = 0, + .capacity = SYX_SNAPSHOT_LIST_INIT_SIZE, + .dirty_addr = g_new(hwaddr, SYX_SNAPSHOT_LIST_INIT_SIZE) + }; + + return dirty_list; +} + +void syx_snapshot_dirty_list_free(syx_snapshot_dirty_list_t* dirty_list) { + g_free(dirty_list->dirty_addr); +} + +static inline syx_snapshot_dirty_page_t* syx_snapshot_save_page_from_addr(MemoryRegion* mr, hwaddr addr) { + syx_snapshot_dirty_page_t* dirty_page = g_new(syx_snapshot_dirty_page_t, 1); + + dirty_page->addr = addr; + dirty_page->data = g_new(uint8_t, syx_snapshot_state.page_size); + + MemoryRegionSection mr_section = memory_region_find(mr, addr, syx_snapshot_state.page_size); + + assert(mr_section.size != 0 && mr_section.mr != NULL); + + if (!mr_section.mr->ram) { + return NULL; + } + + memcpy(dirty_page->data, mr_section.mr->ram_block->host + mr_section.offset_within_region, syx_snapshot_state.page_size); + return dirty_page; +} + +syx_snapshot_dirty_page_list_t syx_snapshot_dirty_list_to_dirty_page_list(syx_snapshot_dirty_list_t* dirty_list) { + syx_snapshot_dirty_page_list_t dirty_page_list = { + .length = dirty_list->length, + .dirty_pages = g_new(syx_snapshot_dirty_page_t, dirty_list->length) + }; + MemoryRegion* system_mr = get_system_memory(); + + uint64_t real_len = 0; + for (uint64_t i = 0; i < dirty_page_list.length; ++i) { + syx_snapshot_dirty_page_t* page = syx_snapshot_save_page_from_addr(system_mr, dirty_list->dirty_addr[i]); + if (page == NULL) { + continue; + } + dirty_page_list.dirty_pages[real_len] = *page; + real_len++; + g_free(page); + } + + dirty_page_list.length = real_len; + + return dirty_page_list; +} + +static inline void syx_snapshot_dirty_list_add_internal(hwaddr paddr) { + paddr &= syx_snapshot_state.page_mask; + + for (uint64_t i = 0; i < syx_snapshot_state.tracked_snapshots.length; ++i) { + syx_snapshot_dirty_list_t* dirty_list = &syx_snapshot_state.tracked_snapshots.tracked_snapshots[i]->dirty_list; + + // Avoid adding already marked addresses + for (uint64_t j = 0; j < dirty_list->length; ++j) { + if (dirty_list->dirty_addr[j] == paddr) { + continue; + } + } + + if (dirty_list->length == dirty_list->capacity) { + dirty_list->capacity *= SYX_SNAPSHOT_LIST_GROW_FACTOR; + dirty_list->dirty_addr = g_realloc(dirty_list->dirty_addr, dirty_list->capacity * sizeof(hwaddr)); + } + + dirty_list->dirty_addr[dirty_list->length] = paddr; + + dirty_list->length++; + } +} + +bool syx_snapshot_is_enabled(void) { + return syx_snapshot_state.is_enabled; +} + +void syx_snapshot_dirty_list_add_hostaddr(void* host_addr) { + // early check to know whether we should log the page access or not + if (!syx_snapshot_is_enabled()) { + return; + } + + ram_addr_t offset; + RAMBlock* rb = qemu_ram_block_from_host((void*) host_addr, true, &offset); + + assert(rb); + + hwaddr paddr = rb->mr->addr + offset; + // If this assert is ever false, please understand why + // qemu_ram_block_from_host result with true as second + // param would not be host page aligned. + assert(paddr == (paddr & syx_snapshot_state.page_mask)); + + syx_snapshot_dirty_list_add_internal(paddr); +} + + +void syx_snapshot_dirty_list_add(hwaddr paddr) { + if (!syx_snapshot_is_enabled()) { + return; + } + + syx_snapshot_dirty_list_add_internal(paddr); +} + +inline void syx_snapshot_dirty_list_flush(syx_snapshot_dirty_list_t* dirty_list) { + dirty_list->length = 0; +} + +static void syx_snapshot_restore_root_from_dirty_list(syx_snapshot_root_t* root, MemoryRegion* mr, syx_snapshot_dirty_list_t* dirty_list) { + for (size_t i = 0; i < dirty_list->length; ++i) { + restore_page_from_root(root, mr, dirty_list->dirty_addr[i]); + } +} + +void syx_snapshot_root_restore(syx_snapshot_t* snapshot) { + MemoryRegion* system_mr = get_system_memory(); + syx_snapshot_restore_root_from_dirty_list(&snapshot->root_snapshot, system_mr, &snapshot->dirty_list); + device_restore_all(snapshot->root_snapshot.dss); + syx_snapshot_dirty_list_flush(&snapshot->dirty_list); +} diff --git a/libafl_extras/syx-snapshot/syx-snapshot.h b/libafl_extras/syx-snapshot/syx-snapshot.h new file mode 100644 index 0000000000..910b70e364 --- /dev/null +++ b/libafl_extras/syx-snapshot/syx-snapshot.h @@ -0,0 +1,166 @@ +#pragma once +//#ifdef QEMU_SYX + +#include "qemu/osdep.h" +#include "qom/object.h" +#include "device-save.h" +//#include "qemu-common.h" +#include "sysemu/sysemu.h" +#include "libafl_extras/syx-misc.h" + +/** + * Saved ramblock + */ +typedef struct syx_snapshot_ramblock_s { + uint8_t* ram; // RAM block + uint64_t used_length; // Length of the ram block + char idstr[256]; // Unique string identifier for the ramblock +} syx_snapshot_ramblock_t; + +/** + * A root snapshot representation. + */ +typedef struct syx_snapshot_root_s { + syx_snapshot_ramblock_t* ram_blocks; + uint64_t nb_ram_blocks; + + device_save_state_t* dss; +} syx_snapshot_root_t; + +/** + * A snapshot's dirty list. It only stores dirty addresses + * (without data). It is the developer's responsibility to + * to effectively save dirty pages when it is necessary. + */ +typedef struct syx_snapshot_dirty_list_s { + // Dirty pages since the last snapshot + // Only physical addresses are stored at this point + // Better if a few addresses are marked + hwaddr* dirty_addr; + uint64_t length; + uint64_t capacity; +} syx_snapshot_dirty_list_t; + +/** + * A list of dirty pages with their old data. + */ +typedef struct syx_snapshot_dirty_page_s { + hwaddr addr; + uint8_t* data; +} syx_snapshot_dirty_page_t; + +typedef struct syx_snapshot_dirty_page_list_s { + syx_snapshot_dirty_page_t* dirty_pages; + uint64_t length; +} syx_snapshot_dirty_page_list_t; + +/** + * A snapshot increment. It is used to quickly + * save a VM state. + */ +typedef struct syx_snapshot_increment_s { + // Back to root snapshot if NULL + struct syx_snapshot_increment_s* parent; + + device_save_state_t* dss; + + syx_snapshot_dirty_page_list_t dirty_page_list; +} syx_snapshot_increment_t; + +/** + * A snapshot. It is the main object used in this API to + * handle snapshoting. + */ +typedef struct syx_snapshot_s { + syx_snapshot_root_t root_snapshot; + syx_snapshot_increment_t* last_incremental_snapshot; + + syx_snapshot_dirty_list_t dirty_list; +} syx_snapshot_t; + +typedef struct syx_snapshot_tracker_s { + syx_snapshot_t** tracked_snapshots; + uint64_t length; + uint64_t capacity; +} syx_snapshot_tracker_t; + +typedef struct syx_snapshot_state_s { + bool is_enabled; + + uint64_t page_size; + uint64_t page_mask; + + // Actively tracked snapshots. Their dirty lists will + // be updated at each dirty access + syx_snapshot_tracker_t tracked_snapshots; +} syx_snapshot_state_t; + +// +// Namespace API's functions +// + +void syx_snapshot_init(void); + +// +// Snapshot API +// + +syx_snapshot_t* syx_snapshot_create(bool track); +void syx_snapshot_free(syx_snapshot_t* snapshot); +// void syx_snapshot_load(syx_snapshot_t* snapshot); + + +// +// Root snapshot API +// + +syx_snapshot_root_t syx_snapshot_root_create(void); +void syx_snapshot_root_restore(syx_snapshot_t* snapshot); +void syx_snapshot_root_free(syx_snapshot_root_t* root); + + +// +// Snapshot tracker API +// + +syx_snapshot_tracker_t syx_snapshot_tracker_init(void); +void syx_snapshot_track(syx_snapshot_tracker_t* tracker, syx_snapshot_t* snapshot); +void syx_snapshot_stop_track(syx_snapshot_tracker_t* tracker, syx_snapshot_t* snapshot); + + +// +// Snapshot increment API +// + +void syx_snapshot_increment_push(syx_snapshot_t* snapshot); +void syx_snapshot_increment_pop(syx_snapshot_t* snapshot); +void syx_snapshot_increment_restore_last(syx_snapshot_t* snapshot); +syx_snapshot_increment_t* syx_snapshot_increment_free(syx_snapshot_increment_t* increment); + + +// +// Misc functions +// + +bool syx_snapshot_is_enabled(void); + + +// +// Dirty list API +// + +syx_snapshot_dirty_list_t syx_snapshot_dirty_list_create(void); +void syx_snapshot_dirty_list_free(syx_snapshot_dirty_list_t* dirty_list); +syx_snapshot_dirty_page_list_t syx_snapshot_dirty_list_to_dirty_page_list(syx_snapshot_dirty_list_t* dirty_list); +void syx_snapshot_dirty_list_flush(syx_snapshot_dirty_list_t* dirty_list); + + +/** + * @brief Add a dirty physical address to the list + * + * @param paddr The physical address to add + */ +void syx_snapshot_dirty_list_add(hwaddr paddr); +void syx_snapshot_dirty_list_add_hostaddr(void* host_addr); + +//#endif diff --git a/meson.build b/meson.build index 49d7c6aefd..7b755c6cbd 100644 --- a/meson.build +++ b/meson.build @@ -1246,6 +1246,8 @@ endif gtk = not_found gtkx11 = not_found vte = not_found +have_gtk_clipboard = get_option('gtk_clipboard').enabled() + if not get_option('gtk').auto() or have_system gtk = dependency('gtk+-3.0', version: '>=3.22.0', method: 'pkg-config', @@ -1264,6 +1266,8 @@ if not get_option('gtk').auto() or have_system required: get_option('vte'), kwargs: static_kwargs) endif + elif have_gtk_clipboard + error('GTK clipboard requested, but GTK not found') endif endif @@ -1842,6 +1846,7 @@ if glusterfs.found() endif config_host_data.set('CONFIG_GTK', gtk.found()) config_host_data.set('CONFIG_VTE', vte.found()) +config_host_data.set('CONFIG_GTK_CLIPBOARD', have_gtk_clipboard) config_host_data.set('CONFIG_LIBATTR', have_old_libattr) config_host_data.set('CONFIG_LIBCAP_NG', libcap_ng.found()) config_host_data.set('CONFIG_EBPF', libbpf.found()) @@ -2883,6 +2888,10 @@ target_arch = {} target_softmmu_arch = {} target_user_arch = {} +### LibAFL extras + +subdir('libafl_extras') + ############### # Trace files # ############### diff --git a/meson_options.txt b/meson_options.txt index 66128178bf..4b749ca549 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -219,6 +219,13 @@ option('vnc_sasl', type : 'feature', value : 'auto', description: 'SASL authentication for VNC server') option('vte', type : 'feature', value : 'auto', description: 'vte support for the gtk UI') + +# GTK Clipboard implementation is disabled by default, since it may cause hangs +# of the guest VCPUs. See gitlab issue 1150: +# https://gitlab.com/qemu-project/qemu/-/issues/1150 + +option('gtk_clipboard', type: 'feature', value : 'disabled', + description: 'clipboard support for the gtk UI (EXPERIMENTAL, MAY HANG)') option('xkbcommon', type : 'feature', value : 'auto', description: 'xkbcommon support') option('zstd', type : 'feature', value : 'auto', diff --git a/migration/savevm.c b/migration/savevm.c index a0cdb714f7..650c69857d 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -228,7 +228,7 @@ typedef struct SaveState { QemuUUID uuid; } SaveState; -static SaveState savevm_state = { +/* static */ SaveState savevm_state = { .handlers = QTAILQ_HEAD_INITIALIZER(savevm_state.handlers), .handler_pri_head = { [MIG_PRI_DEFAULT ... MIG_PRI_MAX] = NULL }, .global_section_id = 0, @@ -897,7 +897,15 @@ static void vmstate_save_old_style(QEMUFile *f, SaveStateEntry *se, } } -static int vmstate_save(QEMUFile *f, SaveStateEntry *se, +//// --- Begin LibAFL code --- + +void save_section_header(QEMUFile *f, SaveStateEntry *se, uint8_t section_type); +void save_section_footer(QEMUFile *f, SaveStateEntry *se); +int vmstate_save(QEMUFile *f, SaveStateEntry *se, JSONWriter *vmdesc); + +//// --- End LibAFL code --- + +/* static */ int vmstate_save(QEMUFile *f, SaveStateEntry *se, JSONWriter *vmdesc) { trace_vmstate_save(se->idstr, se->vmsd ? se->vmsd->name : "(old)"); @@ -911,7 +919,7 @@ static int vmstate_save(QEMUFile *f, SaveStateEntry *se, /* * Write the header for device section (QEMU_VM_SECTION START/END/PART/FULL) */ -static void save_section_header(QEMUFile *f, SaveStateEntry *se, +/* static */ void save_section_header(QEMUFile *f, SaveStateEntry *se, uint8_t section_type) { qemu_put_byte(f, section_type); @@ -933,7 +941,7 @@ static void save_section_header(QEMUFile *f, SaveStateEntry *se, * Write a footer onto device sections that catches cases misformatted device * sections. */ -static void save_section_footer(QEMUFile *f, SaveStateEntry *se) +/* static */ void save_section_footer(QEMUFile *f, SaveStateEntry *se) { if (migrate_get_current()->send_section_footer) { qemu_put_byte(f, QEMU_VM_SECTION_FOOTER); diff --git a/net/socket.c b/net/socket.c index 4944bb70d5..e62137c839 100644 --- a/net/socket.c +++ b/net/socket.c @@ -179,7 +179,7 @@ static void net_socket_send(void *opaque) s->fd = -1; net_socket_rs_init(&s->rs, net_socket_rs_finalize, false); s->nc.link_down = true; - qemu_set_info_str(&s->nc, ""); + qemu_set_info_str(&s->nc, "%s", ""); return; } diff --git a/net/stream.c b/net/stream.c index 53b7040cc4..37ff727e0c 100644 --- a/net/stream.c +++ b/net/stream.c @@ -167,7 +167,7 @@ static gboolean net_stream_send(QIOChannel *ioc, net_socket_rs_init(&s->rs, net_stream_rs_finalize, false); s->nc.link_down = true; - qemu_set_info_str(&s->nc, ""); + qemu_set_info_str(&s->nc, "%s", ""); qapi_event_send_netdev_stream_disconnected(s->nc.name); @@ -245,7 +245,7 @@ static void net_stream_listen(QIONetListener *listener, } g_assert(addr != NULL); uri = socket_uri(addr); - qemu_set_info_str(&s->nc, uri); + qemu_set_info_str(&s->nc, "%s", uri); g_free(uri); qapi_event_send_netdev_stream_connected(s->nc.name, addr); qapi_free_SocketAddress(addr); @@ -319,7 +319,7 @@ static void net_stream_client_connected(QIOTask *task, gpointer opaque) addr = qio_channel_socket_get_remote_address(sioc, NULL); g_assert(addr != NULL); uri = socket_uri(addr); - qemu_set_info_str(&s->nc, uri); + qemu_set_info_str(&s->nc, "%s", uri); g_free(uri); ret = qemu_socket_try_set_nonblock(sioc->fd); diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c index 6811089231..2b4b85d8f8 100644 --- a/net/vhost-vdpa.c +++ b/net/vhost-vdpa.c @@ -69,6 +69,7 @@ const int vdpa_feature_bits[] = { VIRTIO_NET_F_CTRL_VQ, VIRTIO_F_IOMMU_PLATFORM, VIRTIO_F_RING_PACKED, + VIRTIO_F_RING_RESET, VIRTIO_NET_F_RSS, VIRTIO_NET_F_HASH_REPORT, VIRTIO_NET_F_GUEST_ANNOUNCE, diff --git a/pc-bios/bios-256k.bin b/pc-bios/bios-256k.bin index 6163fb8149..211b2a4da2 100644 Binary files a/pc-bios/bios-256k.bin and b/pc-bios/bios-256k.bin differ diff --git a/pc-bios/bios-microvm.bin b/pc-bios/bios-microvm.bin index 97fbd3192a..6204a714cd 100644 Binary files a/pc-bios/bios-microvm.bin and b/pc-bios/bios-microvm.bin differ diff --git a/pc-bios/bios.bin b/pc-bios/bios.bin index 68f65ff2fd..12d6a037be 100644 Binary files a/pc-bios/bios.bin and b/pc-bios/bios.bin differ diff --git a/pc-bios/vgabios-ati.bin b/pc-bios/vgabios-ati.bin index 4533d0d063..39b2405148 100644 Binary files a/pc-bios/vgabios-ati.bin and b/pc-bios/vgabios-ati.bin differ diff --git a/pc-bios/vgabios-bochs-display.bin b/pc-bios/vgabios-bochs-display.bin index 3ecf92de01..b20d67ccf5 100644 Binary files a/pc-bios/vgabios-bochs-display.bin and b/pc-bios/vgabios-bochs-display.bin differ diff --git a/pc-bios/vgabios-cirrus.bin b/pc-bios/vgabios-cirrus.bin index 9b4ffdf45f..ebe53366e4 100644 Binary files a/pc-bios/vgabios-cirrus.bin and b/pc-bios/vgabios-cirrus.bin differ diff --git a/pc-bios/vgabios-qxl.bin b/pc-bios/vgabios-qxl.bin index 8a27dac557..4b5573a857 100644 Binary files a/pc-bios/vgabios-qxl.bin and b/pc-bios/vgabios-qxl.bin differ diff --git a/pc-bios/vgabios-ramfb.bin b/pc-bios/vgabios-ramfb.bin index ec9541cfb4..d458ec7436 100644 Binary files a/pc-bios/vgabios-ramfb.bin and b/pc-bios/vgabios-ramfb.bin differ diff --git a/pc-bios/vgabios-stdvga.bin b/pc-bios/vgabios-stdvga.bin index 55390c45c9..797e1036c9 100644 Binary files a/pc-bios/vgabios-stdvga.bin and b/pc-bios/vgabios-stdvga.bin differ diff --git a/pc-bios/vgabios-virtio.bin b/pc-bios/vgabios-virtio.bin index 2334733a75..3f8fe9de13 100644 Binary files a/pc-bios/vgabios-virtio.bin and b/pc-bios/vgabios-virtio.bin differ diff --git a/pc-bios/vgabios-vmware.bin b/pc-bios/vgabios-vmware.bin index b668ac04a6..d5f263a9f7 100644 Binary files a/pc-bios/vgabios-vmware.bin and b/pc-bios/vgabios-vmware.bin differ diff --git a/pc-bios/vgabios.bin b/pc-bios/vgabios.bin index a924891ea5..d26af416ce 100644 Binary files a/pc-bios/vgabios.bin and b/pc-bios/vgabios.bin differ diff --git a/replay/replay-internal.h b/replay/replay-internal.h index 89e377be90..b6836354ac 100644 --- a/replay/replay-internal.h +++ b/replay/replay-internal.h @@ -136,7 +136,7 @@ bool replay_next_event_is(int event); /*! Reads next clock value from the file. If clock kind read from the file is different from the parameter, the value is not used. */ -void replay_read_next_clock(unsigned int kind); +void replay_read_next_clock(ReplayClockKind kind); /* Asynchronous events queue */ diff --git a/roms/seabios b/roms/seabios index d239552ce7..3208b098f5 160000 --- a/roms/seabios +++ b/roms/seabios @@ -1 +1 @@ -Subproject commit d239552ce7220e448ae81f41515138f7b9e3c4db +Subproject commit 3208b098f51a9ef96d0dfa71d5ec3a3eaec88f0a diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh index ce18dcd152..cf49f41b21 100644 --- a/scripts/meson-buildoptions.sh +++ b/scripts/meson-buildoptions.sh @@ -93,6 +93,7 @@ meson_options_help() { printf "%s\n" ' glusterfs Glusterfs block device driver' printf "%s\n" ' gnutls GNUTLS cryptography support' printf "%s\n" ' gtk GTK+ user interface' + printf "%s\n" ' gtk-clipboard clipboard support for GTK (EXPERIMENTAL, MAY HANG)' printf "%s\n" ' guest-agent Build QEMU Guest Agent' printf "%s\n" ' guest-agent-msi Build MSI package for the QEMU Guest Agent' printf "%s\n" ' hax HAX acceleration support' @@ -276,6 +277,8 @@ _meson_option_parse() { --disable-gprof) printf "%s" -Dgprof=false ;; --enable-gtk) printf "%s" -Dgtk=enabled ;; --disable-gtk) printf "%s" -Dgtk=disabled ;; + --enable-gtk-clipboard) printf "%s" -Dgtk_clipboard=enabled ;; + --disable-gtk-clipboard) printf "%s" -Dgtk_clipboard=disabled ;; --enable-guest-agent) printf "%s" -Dguest_agent=enabled ;; --disable-guest-agent) printf "%s" -Dguest_agent=disabled ;; --enable-guest-agent-msi) printf "%s" -Dguest_agent_msi=enabled ;; diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c index ffed4729a3..d6ee6e7d91 100644 --- a/subprojects/libvhost-user/libvhost-user.c +++ b/subprojects/libvhost-user/libvhost-user.c @@ -45,6 +45,17 @@ #include "libvhost-user.h" /* usually provided by GLib */ +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4) +#if !defined(__clang__) && (__GNUC__ == 4 && __GNUC_MINOR__ == 4) +#define G_GNUC_PRINTF(format_idx, arg_idx) \ + __attribute__((__format__(gnu_printf, format_idx, arg_idx))) +#else +#define G_GNUC_PRINTF(format_idx, arg_idx) \ + __attribute__((__format__(__printf__, format_idx, arg_idx))) +#endif +#else /* !__GNUC__ */ +#define G_GNUC_PRINTF(format_idx, arg_idx) +#endif /* !__GNUC__ */ #ifndef MIN #define MIN(x, y) ({ \ typeof(x) _min1 = (x); \ @@ -151,7 +162,7 @@ vu_request_to_string(unsigned int req) } } -static void +static void G_GNUC_PRINTF(2, 3) vu_panic(VuDev *dev, const char *msg, ...) { char *buf = NULL; @@ -651,7 +662,8 @@ generate_faults(VuDev *dev) { if (ioctl(dev->postcopy_ufd, UFFDIO_REGISTER, ®_struct)) { vu_panic(dev, "%s: Failed to userfault region %d " - "@%p + size:%zx offset: %zx: (ufd=%d)%s\n", + "@%" PRIx64 " + size:%" PRIx64 " offset: %" PRIx64 + ": (ufd=%d)%s\n", __func__, i, dev_region->mmap_addr, dev_region->size, dev_region->mmap_offset, @@ -700,7 +712,7 @@ vu_add_mem_reg(VuDev *dev, VhostUserMsg *vmsg) { if (vmsg->size < VHOST_USER_MEM_REG_SIZE) { close(vmsg->fds[0]); vu_panic(dev, "VHOST_USER_ADD_MEM_REG requires a message size of at " - "least %d bytes and only %d bytes were received", + "least %zu bytes and only %d bytes were received", VHOST_USER_MEM_REG_SIZE, vmsg->size); return false; } @@ -826,7 +838,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) { if (vmsg->size < VHOST_USER_MEM_REG_SIZE) { vmsg_close_fds(vmsg); vu_panic(dev, "VHOST_USER_REM_MEM_REG requires a message size of at " - "least %d bytes and only %d bytes were received", + "least %zu bytes and only %d bytes were received", VHOST_USER_MEM_REG_SIZE, vmsg->size); return false; } diff --git a/target/arm/cpu.c b/target/arm/cpu.c index a021df9e9e..38d066c294 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -91,9 +91,9 @@ void arm_cpu_synchronize_from_tb(CPUState *cs, } } -static void arm_restore_state_to_opc(CPUState *cs, - const TranslationBlock *tb, - const uint64_t *data) +void arm_restore_state_to_opc(CPUState *cs, + const TranslationBlock *tb, + const uint64_t *data) { CPUARMState *env = cs->env_ptr; diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c index 60ff539fa1..9a2cef7d05 100644 --- a/target/arm/cpu_tcg.c +++ b/target/arm/cpu_tcg.c @@ -1035,6 +1035,7 @@ static const struct TCGCPUOps arm_v7m_tcg_ops = { .initialize = arm_translate_init, .synchronize_from_tb = arm_cpu_synchronize_from_tb, .debug_excp_handler = arm_debug_excp_handler, + .restore_state_to_opc = arm_restore_state_to_opc, #ifdef CONFIG_USER_ONLY .record_sigsegv = arm_cpu_record_sigsegv, diff --git a/target/arm/internals.h b/target/arm/internals.h index d9121d9ff8..161e42d50f 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -185,6 +185,10 @@ static inline int r14_bank_number(int mode) void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu); void arm_translate_init(void); +void arm_restore_state_to_opc(CPUState *cs, + const TranslationBlock *tb, + const uint64_t *data); + #ifdef CONFIG_TCG void arm_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb); #endif /* CONFIG_TCG */ diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 9a6277d862..f812734bfb 100644 --- a/target/arm/ptw.c +++ b/target/arm/ptw.c @@ -1172,7 +1172,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, ARMCPU *cpu = env_archcpu(env); ARMMMUIdx mmu_idx = ptw->in_mmu_idx; bool is_secure = ptw->in_secure; - uint32_t level; + int32_t level; ARMVAParameters param; uint64_t ttbr; hwaddr descaddr, indexmask, indexmask_grainsize; @@ -1302,7 +1302,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, */ uint32_t sl0 = extract32(tcr, 6, 2); uint32_t sl2 = extract64(tcr, 33, 1); - uint32_t startlevel; + int32_t startlevel; bool ok; /* SL2 is RES0 unless DS=1 & 4kb granule. */ @@ -2612,8 +2612,8 @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi); - /* If S1 fails or S2 is disabled, return early. */ - if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) { + /* If S1 fails, return early. */ + if (ret) { return ret; } @@ -2739,7 +2739,8 @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw, * Otherwise, a stage1+stage2 translation is just stage 1. */ ptw->in_mmu_idx = mmu_idx = s1_mmu_idx; - if (arm_feature(env, ARM_FEATURE_EL2)) { + if (arm_feature(env, ARM_FEATURE_EL2) && + !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) { return get_phys_addr_twostage(env, ptw, address, access_type, result, fi); } diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index e4878b967f..80c579164f 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -1488,7 +1488,8 @@ static bool validate_vex(DisasContext *s, X86DecodedInsn *decode) if (!(s->flags & HF_AVX_EN_MASK)) { goto illegal; } - } else { + } else if (e->special != X86_SPECIAL_MMX || + (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA))) { if (!(s->flags & HF_OSFXSR_MASK)) { goto illegal; } diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c index 405a5d414a..55bd1194d3 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -71,10 +71,11 @@ static bool ptw_translate(PTETranslate *inout, hwaddr addr) TranslateFault *err = inout->err; assert(inout->ptw_idx == MMU_NESTED_IDX); - err->exception_index = 0; /* unused */ - err->error_code = inout->env->error_code; - err->cr2 = addr; - err->stage2 = S2_GPT; + *err = (TranslateFault){ + .error_code = inout->env->error_code, + .cr2 = addr, + .stage2 = S2_GPT, + }; return false; } return true; @@ -431,10 +432,11 @@ do_check_protect_pse36: MMU_NESTED_IDX, true, &pte_trans.haddr, &full, 0); if (unlikely(flags & TLB_INVALID_MASK)) { - err->exception_index = 0; /* unused */ - err->error_code = env->error_code; - err->cr2 = paddr; - err->stage2 = S2_GPA; + *err = (TranslateFault){ + .error_code = env->error_code, + .cr2 = paddr, + .stage2 = S2_GPA, + }; return false; } @@ -494,10 +496,11 @@ do_check_protect_pse36: } break; } - err->exception_index = EXCP0E_PAGE; - err->error_code = error_code; - err->cr2 = addr; - err->stage2 = S2_NONE; + *err = (TranslateFault){ + .exception_index = EXCP0E_PAGE, + .error_code = error_code, + .cr2 = addr, + }; return false; } @@ -564,9 +567,10 @@ static bool get_physical_address(CPUX86State *env, vaddr addr, int shift = in.pg_mode & PG_MODE_LA57 ? 56 : 47; int64_t sext = (int64_t)addr >> shift; if (sext != 0 && sext != -1) { - err->exception_index = EXCP0D_GPF; - err->error_code = 0; - err->cr2 = addr; + *err = (TranslateFault){ + .exception_index = EXCP0D_GPF, + .cr2 = addr, + }; return false; } } diff --git a/target/s390x/tcg/cc_helper.c b/target/s390x/tcg/cc_helper.c index b2e8d3d9f5..b36f8cdc8b 100644 --- a/target/s390x/tcg/cc_helper.c +++ b/target/s390x/tcg/cc_helper.c @@ -487,6 +487,10 @@ void HELPER(sacf)(CPUS390XState *env, uint64_t a1) { HELPER_LOG("%s: %16" PRIx64 "\n", __func__, a1); + if (!(env->psw.mask & PSW_MASK_DAT)) { + tcg_s390_program_interrupt(env, PGM_SPECIAL_OP, GETPC()); + } + switch (a1 & 0xf00) { case 0x000: env->psw.mask &= ~PSW_MASK_ASC; @@ -497,6 +501,9 @@ void HELPER(sacf)(CPUS390XState *env, uint64_t a1) env->psw.mask |= PSW_ASC_SECONDARY; break; case 0x300: + if ((env->psw.mask & PSW_MASK_PSTATE) != 0) { + tcg_s390_program_interrupt(env, PGM_PRIVILEGED, GETPC()); + } env->psw.mask &= ~PSW_MASK_ASC; env->psw.mask |= PSW_ASC_HOME; break; diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc index 7e952bdfc8..54d4250c9f 100644 --- a/target/s390x/tcg/insn-data.h.inc +++ b/target/s390x/tcg/insn-data.h.inc @@ -1365,7 +1365,7 @@ /* SERVICE CALL LOGICAL PROCESSOR (PV hypercall) */ F(0xb220, SERVC, RRE, Z, r1_o, r2_o, 0, 0, servc, 0, IF_PRIV | IF_IO) /* SET ADDRESS SPACE CONTROL FAST */ - F(0xb279, SACF, S, Z, 0, a2, 0, 0, sacf, 0, IF_PRIV) + C(0xb279, SACF, S, Z, 0, a2, 0, 0, sacf, 0) /* SET CLOCK */ F(0xb204, SCK, S, Z, 0, m2_64a, 0, 0, sck, 0, IF_PRIV | IF_IO) /* SET CLOCK COMPARATOR */ diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c index cd5616d13b..89a4b465c6 100644 --- a/tcg/tcg-op.c +++ b/tcg/tcg-op.c @@ -2925,15 +2925,15 @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) addr = plugin_prep_mem_callbacks(addr); + gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx); + plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R); + //// --- Begin LibAFL code --- libafl_gen_read(addr, oi); //// --- End LibAFL code --- - gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx); - plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R); - if ((orig_memop ^ memop) & MO_BSWAP) { switch (orig_memop & MO_SIZE) { case MO_16: @@ -2977,12 +2977,6 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) addr = plugin_prep_mem_callbacks(addr); -//// --- Begin LibAFL code --- - - libafl_gen_write(addr, oi); - -//// --- End LibAFL code --- - if (TCG_TARGET_HAS_qemu_st8_i32 && (memop & MO_SIZE) == MO_8) { gen_ldst_i32(INDEX_op_qemu_st8_i32, val, addr, memop, idx); } else { @@ -2990,6 +2984,12 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, MemOp memop) } plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W); +//// --- Begin LibAFL code --- + + libafl_gen_write(addr, oi); + +//// --- End LibAFL code --- + if (swap) { tcg_temp_free_i32(swap); } @@ -3025,15 +3025,15 @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop) addr = plugin_prep_mem_callbacks(addr); + gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx); + plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R); + //// --- Begin LibAFL code --- libafl_gen_read(addr, oi); //// --- End LibAFL code --- - gen_ldst_i64(INDEX_op_qemu_ld_i64, val, addr, memop, idx); - plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_R); - if ((orig_memop ^ memop) & MO_BSWAP) { int flags = (orig_memop & MO_SIGN ? TCG_BSWAP_IZ | TCG_BSWAP_OS @@ -3089,15 +3089,15 @@ void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, MemOp memop) addr = plugin_prep_mem_callbacks(addr); + gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx); + plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W); + //// --- Begin LibAFL code --- libafl_gen_write(addr, oi); //// --- End LibAFL code --- - gen_ldst_i64(INDEX_op_qemu_st_i64, val, addr, memop, idx); - plugin_gen_mem_callbacks(addr, oi, QEMU_PLUGIN_MEM_W); - if (swap) { tcg_temp_free_i64(swap); } diff --git a/tests/avocado/acpi-bits.py b/tests/avocado/acpi-bits.py index 9ac87f01f1..898c837f26 100644 --- a/tests/avocado/acpi-bits.py +++ b/tests/avocado/acpi-bits.py @@ -263,7 +263,7 @@ class AcpiBitsTest(QemuBaseTest): #pylint: disable=too-many-instance-attributes self.logger.info('using grub-mkrescue for generating biosbits iso ...') try: - if os.getenv('V'): + if os.getenv('V') or os.getenv('BITS_DEBUG'): subprocess.check_call([mkrescue_script, '-o', iso_file, bits_dir], stderr=subprocess.STDOUT) else: @@ -347,7 +347,7 @@ class AcpiBitsTest(QemuBaseTest): #pylint: disable=too-many-instance-attributes self._print_log(log) raise e else: - if os.getenv('V'): + if os.getenv('V') or os.getenv('BITS_DEBUG'): self._print_log(log) def tearDown(self): @@ -356,8 +356,13 @@ class AcpiBitsTest(QemuBaseTest): #pylint: disable=too-many-instance-attributes """ if self._vm: self.assertFalse(not self._vm.is_running) - self.logger.info('removing the work directory %s', self._workDir) - shutil.rmtree(self._workDir) + if not os.getenv('BITS_DEBUG'): + self.logger.info('removing the work directory %s', self._workDir) + shutil.rmtree(self._workDir) + else: + self.logger.info('not removing the work directory %s ' \ + 'as BITS_DEBUG is ' \ + 'passed in the environment', self._workDir) super().tearDown() def test_acpi_smbios_bits(self): @@ -388,12 +393,6 @@ class AcpiBitsTest(QemuBaseTest): #pylint: disable=too-many-instance-attributes self._vm.launch() # biosbits has been configured to run all the specified test suites # in batch mode and then automatically initiate a vm shutdown. - # sleep for maximum of one minute - max_sleep_time = time.monotonic() + 60 - while self._vm.is_running() and time.monotonic() < max_sleep_time: - time.sleep(1) - - self.assertFalse(time.monotonic() > max_sleep_time, - 'The VM seems to have failed to shutdown in time') - + # Rely on avocado's unit test timeout. + self._vm.wait(timeout=None) self.parse_log() diff --git a/tests/avocado/boot_linux.py b/tests/avocado/boot_linux.py index 32adae6ff6..b3e58fa309 100644 --- a/tests/avocado/boot_linux.py +++ b/tests/avocado/boot_linux.py @@ -58,6 +58,9 @@ class BootLinuxX8664(LinuxTest): self.launch_and_wait(set_up_ssh_connection=False) +# For Aarch64 we only boot KVM tests in CI as the TCG tests are very +# heavyweight. There are lighter weight distros which we use in the +# machine_aarch64_virt.py tests. class BootLinuxAarch64(LinuxTest): """ :avocado: tags=arch:aarch64 @@ -73,7 +76,8 @@ class BootLinuxAarch64(LinuxTest): self.vm.add_args('-device', 'virtio-rng-pci,rng=rng0') self.vm.add_args('-object', 'rng-random,id=rng0,filename=/dev/urandom') - def test_virt_tcg_gicv2(self): + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab') + def test_fedora_cloud_tcg_gicv2(self): """ :avocado: tags=accel:tcg :avocado: tags=cpu:max @@ -86,7 +90,8 @@ class BootLinuxAarch64(LinuxTest): self.add_common_args() self.launch_and_wait(set_up_ssh_connection=False) - def test_virt_tcg_gicv3(self): + @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab') + def test_fedora_cloud_tcg_gicv3(self): """ :avocado: tags=accel:tcg :avocado: tags=cpu:max @@ -116,7 +121,7 @@ class BootLinuxPPC64(LinuxTest): :avocado: tags=arch:ppc64 """ - timeout = 180 + timeout = 360 def test_pseries_tcg(self): """ diff --git a/tests/avocado/boot_linux_console.py b/tests/avocado/boot_linux_console.py index 4c9d551f47..ec07c64291 100644 --- a/tests/avocado/boot_linux_console.py +++ b/tests/avocado/boot_linux_console.py @@ -793,8 +793,8 @@ class BootLinuxConsole(LinuxKernelTest): dtb_path = '/usr/lib/linux-image-current-sunxi/sun8i-h3-orangepi-pc.dtb' dtb_path = self.extract_from_deb(deb_path, dtb_path) rootfs_url = ('http://storage.kernelci.org/images/rootfs/buildroot/' - 'kci-2019.02/armel/base/rootfs.ext2.xz') - rootfs_hash = '692510cb625efda31640d1de0a8d60e26040f061' + 'buildroot-baseline/20221116.0/armel/rootfs.ext2.xz') + rootfs_hash = 'fae32f337c7b87547b10f42599acf109da8b6d9a' rootfs_path_xz = self.fetch_asset(rootfs_url, asset_hash=rootfs_hash) rootfs_path = os.path.join(self.workdir, 'rootfs.cpio') archive.lzma_uncompress(rootfs_path_xz, rootfs_path) @@ -1029,8 +1029,8 @@ class BootLinuxConsole(LinuxKernelTest): self.wait_for_console_pattern(console_pattern) def do_test_advcal_2018(self, day, tar_hash, kernel_name, console=0): - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day' + day + '.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day' + day + '.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) archive.extract(file_path, self.workdir) self.vm.set_console(console_index=console) diff --git a/tests/avocado/machine_aarch64_virt.py b/tests/avocado/machine_aarch64_virt.py index 21848cba70..c2b2ba2cf8 100644 --- a/tests/avocado/machine_aarch64_virt.py +++ b/tests/avocado/machine_aarch64_virt.py @@ -1,4 +1,5 @@ -# Functional test that boots a Linux kernel and checks the console +# Functional test that boots a various Linux systems and checks the +# console output. # # Copyright (c) 2022 Linaro Ltd. # @@ -8,19 +9,62 @@ # SPDX-License-Identifier: GPL-2.0-or-later import time +import os from avocado_qemu import QemuSystemTest from avocado_qemu import wait_for_console_pattern from avocado_qemu import exec_command +from avocado_qemu import BUILD_DIR class Aarch64VirtMachine(QemuSystemTest): KERNEL_COMMON_COMMAND_LINE = 'printk.time=0 ' + timeout = 360 def wait_for_console_pattern(self, success_message, vm=None): wait_for_console_pattern(self, success_message, failure_message='Kernel panic - not syncing', vm=vm) + # This tests the whole boot chain from EFI to Userspace + # We only boot a whole OS for the current top level CPU and GIC + # Other test profiles should use more minimal boots + def test_alpine_virt_tcg_gic_max(self): + """ + :avocado: tags=arch:aarch64 + :avocado: tags=machine:virt + :avocado: tags=accel:tcg + """ + iso_url = ('https://dl-cdn.alpinelinux.org/' + 'alpine/v3.16/releases/aarch64/' + 'alpine-virt-3.16.3-aarch64.iso') + + # Alpine use sha256 so I recalculated this myself + iso_sha1 = '0683bc089486d55c91bf6607d5ecb93925769bc0' + iso_path = self.fetch_asset(iso_url, asset_hash=iso_sha1) + + self.vm.set_console() + kernel_command_line = (self.KERNEL_COMMON_COMMAND_LINE + + 'console=ttyAMA0') + self.require_accelerator("tcg") + + self.vm.add_args("-accel", "tcg") + self.vm.add_args("-cpu", "max,pauth-impdef=on") + self.vm.add_args("-machine", + "virt,acpi=on," + "virtualization=on," + "mte=on," + "gic-version=max,iommu=smmuv3") + self.vm.add_args("-smp", "2", "-m", "1024") + self.vm.add_args('-bios', os.path.join(BUILD_DIR, 'pc-bios', + 'edk2-aarch64-code.fd')) + self.vm.add_args("-drive", f"file={iso_path},format=raw") + self.vm.add_args('-device', 'virtio-rng-pci,rng=rng0') + self.vm.add_args('-object', 'rng-random,id=rng0,filename=/dev/urandom') + + self.vm.launch() + self.wait_for_console_pattern('Welcome to Alpine Linux 3.16') + + def test_aarch64_virt(self): """ :avocado: tags=arch:aarch64 diff --git a/tests/avocado/machine_arm_canona1100.py b/tests/avocado/machine_arm_canona1100.py index 182a0b0513..a42d8b0f2b 100644 --- a/tests/avocado/machine_arm_canona1100.py +++ b/tests/avocado/machine_arm_canona1100.py @@ -23,8 +23,8 @@ class CanonA1100Machine(QemuSystemTest): :avocado: tags=machine:canon-a1100 :avocado: tags=device:pflash_cfi02 """ - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day18.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day18.tar.xz') tar_hash = '068b5fc4242b29381acee94713509f8a876e9db6' file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) archive.extract(file_path, self.workdir) diff --git a/tests/avocado/machine_aspeed.py b/tests/avocado/machine_aspeed.py index fba6527026..1fc385e1c8 100644 --- a/tests/avocado/machine_aspeed.py +++ b/tests/avocado/machine_aspeed.py @@ -12,6 +12,7 @@ from avocado_qemu import QemuSystemTest from avocado_qemu import wait_for_console_pattern from avocado_qemu import exec_command from avocado_qemu import exec_command_and_wait_for_pattern +from avocado_qemu import interrupt_interactive_console_until_pattern from avocado.utils import archive from avocado import skipIf @@ -182,6 +183,8 @@ class AST2x00Machine(QemuSystemTest): class AST2x00MachineSDK(QemuSystemTest): + EXTRA_BOOTARGS = ' quiet' + # FIXME: Although these tests boot a whole distro they are still # slower than comparable machine models. There may be some # optimisations which bring down the runtime. In the meantime they @@ -194,7 +197,7 @@ class AST2x00MachineSDK(QemuSystemTest): failure_message='Kernel panic - not syncing', vm=vm) - def do_test_arm_aspeed_sdk_start(self, image, cpu_id): + def do_test_arm_aspeed_sdk_start(self, image): self.require_netdev('user') self.vm.set_console() self.vm.add_args('-drive', 'file=' + image + ',if=mtd,format=raw', @@ -202,9 +205,13 @@ class AST2x00MachineSDK(QemuSystemTest): self.vm.launch() self.wait_for_console_pattern('U-Boot 2019.04') - self.wait_for_console_pattern('## Loading kernel from FIT Image') + interrupt_interactive_console_until_pattern( + self, 'Hit any key to stop autoboot:', 'ast#') + exec_command_and_wait_for_pattern( + self, 'setenv bootargs ${bootargs}' + self.EXTRA_BOOTARGS, 'ast#') + exec_command_and_wait_for_pattern( + self, 'boot', '## Loading kernel from FIT Image') self.wait_for_console_pattern('Starting kernel ...') - self.wait_for_console_pattern('Booting Linux on physical CPU ' + cpu_id) @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab') def test_arm_ast2500_evb_sdk(self): @@ -221,7 +228,7 @@ class AST2x00MachineSDK(QemuSystemTest): archive.extract(image_path, self.workdir) self.do_test_arm_aspeed_sdk_start( - self.workdir + '/ast2500-default/image-bmc', '0x0') + self.workdir + '/ast2500-default/image-bmc') self.wait_for_console_pattern('ast2500-default login:') @skipIf(os.getenv('GITLAB_CI'), 'Running on GitLab') @@ -243,7 +250,7 @@ class AST2x00MachineSDK(QemuSystemTest): self.vm.add_args('-device', 'ds1338,bus=aspeed.i2c.bus.5,address=0x32'); self.do_test_arm_aspeed_sdk_start( - self.workdir + '/ast2600-default/image-bmc', '0xf00') + self.workdir + '/ast2600-default/image-bmc') self.wait_for_console_pattern('ast2600-default login:') exec_command_and_wait_for_pattern(self, 'root', 'Password:') exec_command_and_wait_for_pattern(self, '0penBmc', 'root@ast2600-default:~#') diff --git a/tests/avocado/machine_microblaze.py b/tests/avocado/machine_microblaze.py index 4928920f96..8d0efff30d 100644 --- a/tests/avocado/machine_microblaze.py +++ b/tests/avocado/machine_microblaze.py @@ -19,8 +19,8 @@ class MicroblazeMachine(QemuSystemTest): :avocado: tags=machine:petalogix-s3adsp1800 """ - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day17.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day17.tar.xz') tar_hash = '08bf3e3bfb6b6c7ce1e54ab65d54e189f2caf13f' file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) archive.extract(file_path, self.workdir) diff --git a/tests/avocado/machine_sparc64_sun4u.py b/tests/avocado/machine_sparc64_sun4u.py index 458165500e..d333c0ae91 100644 --- a/tests/avocado/machine_sparc64_sun4u.py +++ b/tests/avocado/machine_sparc64_sun4u.py @@ -24,8 +24,8 @@ class Sun4uMachine(LinuxKernelTest): :avocado: tags=arch:sparc64 :avocado: tags=machine:sun4u """ - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day23.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day23.tar.xz') tar_hash = '142db83cd974ffadc4f75c8a5cad5bcc5722c240' file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) archive.extract(file_path, self.workdir) diff --git a/tests/avocado/ppc_mpc8544ds.py b/tests/avocado/ppc_mpc8544ds.py index 8d6a749201..b599fb1cc9 100644 --- a/tests/avocado/ppc_mpc8544ds.py +++ b/tests/avocado/ppc_mpc8544ds.py @@ -22,9 +22,9 @@ class Mpc8544dsMachine(QemuSystemTest): :avocado: tags=accel:tcg """ self.require_accelerator("tcg") - tar_url = ('https://www.qemu-advent-calendar.org' - '/2020/download/day17.tar.gz') - tar_hash = '7a5239542a7c4257aa4d3b7f6ddf08fb6775c494' + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day04.tar.xz') + tar_hash = 'f46724d281a9f30fa892d458be7beb7d34dc25f9' file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) archive.extract(file_path, self.workdir) self.vm.set_console() diff --git a/tests/avocado/ppc_virtex_ml507.py b/tests/avocado/ppc_virtex_ml507.py index 6b07686b56..a73f8ae396 100644 --- a/tests/avocado/ppc_virtex_ml507.py +++ b/tests/avocado/ppc_virtex_ml507.py @@ -22,9 +22,9 @@ class VirtexMl507Machine(QemuSystemTest): :avocado: tags=accel:tcg """ self.require_accelerator("tcg") - tar_url = ('https://www.qemu-advent-calendar.org' - '/2020/download/hippo.tar.gz') - tar_hash = '306b95bfe7d147f125aa176a877e266db8ef914a' + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day08.tar.xz') + tar_hash = '74c68f5af7a7b8f21c03097b298f3bb77ff52c1f' file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) archive.extract(file_path, self.workdir) self.vm.set_console() diff --git a/tests/avocado/replay_kernel.py b/tests/avocado/replay_kernel.py index 0b2b0dc692..00a26e4a0c 100644 --- a/tests/avocado/replay_kernel.py +++ b/tests/avocado/replay_kernel.py @@ -296,8 +296,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:vexpress-a9 """ tar_hash = '32b7677ce8b6f1471fb0059865f451169934245b' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day16.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day16.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) dtb_path = self.workdir + '/day16/vexpress-v2p-ca9.dtb' self.do_test_advcal_2018(file_path, 'winter.zImage', @@ -309,8 +309,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:mcf5208evb """ tar_hash = 'ac688fd00561a2b6ce1359f9ff6aa2b98c9a570c' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day07.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day07.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'sanity-clause.elf') @@ -321,8 +321,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:petalogix-s3adsp1800 """ tar_hash = '08bf3e3bfb6b6c7ce1e54ab65d54e189f2caf13f' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day17.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day17.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'ballerina.bin') @@ -333,8 +333,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=cpu:e5500 """ tar_hash = '6951d86d644b302898da2fd701739c9406527fe1' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day19.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day19.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'uImage') @@ -344,8 +344,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:or1k-sim """ tar_hash = '20334cdaf386108c530ff0badaecc955693027dd' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day20.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day20.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'vmlinux') @@ -355,8 +355,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:10m50-ghrd """ tar_hash = 'e4251141726c412ac0407c5a6bceefbbff018918' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day14.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day14.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'vmlinux.elf') @@ -366,8 +366,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:g3beige """ tar_hash = 'e0b872a5eb8fdc5bed19bd43ffe863900ebcedfc' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day15.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day15.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'invaders.elf', args=('-M', 'graphics=off')) @@ -378,8 +378,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:mac99 """ tar_hash = 'e0b872a5eb8fdc5bed19bd43ffe863900ebcedfc' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day15.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day15.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'invaders.elf', args=('-M', 'graphics=off')) @@ -390,8 +390,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=machine:SS-20 """ tar_hash = 'b18550d5d61c7615d989a06edace051017726a9f' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day11.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day11.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'zImage.elf') @@ -402,8 +402,8 @@ class ReplayKernelNormal(ReplayKernelBase): :avocado: tags=cpu:dc233c """ tar_hash = '49e88d9933742f0164b60839886c9739cb7a0d34' - tar_url = ('https://www.qemu-advent-calendar.org' - '/2018/download/day02.tar.xz') + tar_url = ('https://qemu-advcal.gitlab.io' + '/qac-best-of-multiarch/download/day02.tar.xz') file_path = self.fetch_asset(tar_url, asset_hash=tar_hash) self.do_test_advcal_2018(file_path, 'santas-sleigh-ride.elf') diff --git a/tests/data/acpi/pc/DSDT b/tests/data/acpi/pc/DSDT index f1cf7fab34..b688686dc3 100644 Binary files a/tests/data/acpi/pc/DSDT and b/tests/data/acpi/pc/DSDT differ diff --git a/tests/data/acpi/pc/DSDT.acpierst b/tests/data/acpi/pc/DSDT.acpierst index 5cb477625e..86259be9d1 100644 Binary files a/tests/data/acpi/pc/DSDT.acpierst and b/tests/data/acpi/pc/DSDT.acpierst differ diff --git a/tests/data/acpi/pc/DSDT.acpihmat b/tests/data/acpi/pc/DSDT.acpihmat index 76e8bef36f..e2cc2a6fc9 100644 Binary files a/tests/data/acpi/pc/DSDT.acpihmat and b/tests/data/acpi/pc/DSDT.acpihmat differ diff --git a/tests/data/acpi/pc/DSDT.bridge b/tests/data/acpi/pc/DSDT.bridge index c94c1b54b3..75016fd4b7 100644 Binary files a/tests/data/acpi/pc/DSDT.bridge and b/tests/data/acpi/pc/DSDT.bridge differ diff --git a/tests/data/acpi/pc/DSDT.cphp b/tests/data/acpi/pc/DSDT.cphp index eb3da0e232..53eb0dd7d4 100644 Binary files a/tests/data/acpi/pc/DSDT.cphp and b/tests/data/acpi/pc/DSDT.cphp differ diff --git a/tests/data/acpi/pc/DSDT.dimmpxm b/tests/data/acpi/pc/DSDT.dimmpxm index 6553e4c605..9089d994e0 100644 Binary files a/tests/data/acpi/pc/DSDT.dimmpxm and b/tests/data/acpi/pc/DSDT.dimmpxm differ diff --git a/tests/data/acpi/pc/DSDT.hpbridge b/tests/data/acpi/pc/DSDT.hpbridge index 5cb477625e..86259be9d1 100644 Binary files a/tests/data/acpi/pc/DSDT.hpbridge and b/tests/data/acpi/pc/DSDT.hpbridge differ diff --git a/tests/data/acpi/pc/DSDT.hpbrroot b/tests/data/acpi/pc/DSDT.hpbrroot index ff04ad360b..578468f4f0 100644 Binary files a/tests/data/acpi/pc/DSDT.hpbrroot and b/tests/data/acpi/pc/DSDT.hpbrroot differ diff --git a/tests/data/acpi/pc/DSDT.ipmikcs b/tests/data/acpi/pc/DSDT.ipmikcs index 83eec58a52..39427103aa 100644 Binary files a/tests/data/acpi/pc/DSDT.ipmikcs and b/tests/data/acpi/pc/DSDT.ipmikcs differ diff --git a/tests/data/acpi/pc/DSDT.memhp b/tests/data/acpi/pc/DSDT.memhp index 9e2201d170..987a263339 100644 Binary files a/tests/data/acpi/pc/DSDT.memhp and b/tests/data/acpi/pc/DSDT.memhp differ diff --git a/tests/data/acpi/pc/DSDT.nohpet b/tests/data/acpi/pc/DSDT.nohpet index c969e0dae4..fc7598b762 100644 Binary files a/tests/data/acpi/pc/DSDT.nohpet and b/tests/data/acpi/pc/DSDT.nohpet differ diff --git a/tests/data/acpi/pc/DSDT.numamem b/tests/data/acpi/pc/DSDT.numamem index 1cecaa64e9..85af400cdb 100644 Binary files a/tests/data/acpi/pc/DSDT.numamem and b/tests/data/acpi/pc/DSDT.numamem differ diff --git a/tests/data/acpi/pc/DSDT.roothp b/tests/data/acpi/pc/DSDT.roothp index f57a14cd5c..545512adfa 100644 Binary files a/tests/data/acpi/pc/DSDT.roothp and b/tests/data/acpi/pc/DSDT.roothp differ diff --git a/tests/data/acpi/q35/DSDT b/tests/data/acpi/q35/DSDT index 8e989819a5..2771bcea89 100644 Binary files a/tests/data/acpi/q35/DSDT and b/tests/data/acpi/q35/DSDT differ diff --git a/tests/data/acpi/q35/DSDT.acpierst b/tests/data/acpi/q35/DSDT.acpierst index 03745d78de..b45abca7c2 100644 Binary files a/tests/data/acpi/q35/DSDT.acpierst and b/tests/data/acpi/q35/DSDT.acpierst differ diff --git a/tests/data/acpi/q35/DSDT.acpihmat b/tests/data/acpi/q35/DSDT.acpihmat index 3ad9ba3c98..d90fd4723a 100644 Binary files a/tests/data/acpi/q35/DSDT.acpihmat and b/tests/data/acpi/q35/DSDT.acpihmat differ diff --git a/tests/data/acpi/q35/DSDT.acpihmat-noinitiator b/tests/data/acpi/q35/DSDT.acpihmat-noinitiator index 8efa1c5ded..279fafa821 100644 Binary files a/tests/data/acpi/q35/DSDT.acpihmat-noinitiator and b/tests/data/acpi/q35/DSDT.acpihmat-noinitiator differ diff --git a/tests/data/acpi/q35/DSDT.applesmc b/tests/data/acpi/q35/DSDT.applesmc index 5f01572dc2..fdf6d14428 100644 Binary files a/tests/data/acpi/q35/DSDT.applesmc and b/tests/data/acpi/q35/DSDT.applesmc differ diff --git a/tests/data/acpi/q35/DSDT.bridge b/tests/data/acpi/q35/DSDT.bridge index 97141f9db2..b41a4dddc0 100644 Binary files a/tests/data/acpi/q35/DSDT.bridge and b/tests/data/acpi/q35/DSDT.bridge differ diff --git a/tests/data/acpi/q35/DSDT.core-count2 b/tests/data/acpi/q35/DSDT.core-count2 index ca309f6569..375aceed6b 100644 Binary files a/tests/data/acpi/q35/DSDT.core-count2 and b/tests/data/acpi/q35/DSDT.core-count2 differ diff --git a/tests/data/acpi/q35/DSDT.cphp b/tests/data/acpi/q35/DSDT.cphp index 622e8e5f37..a0ecafc36c 100644 Binary files a/tests/data/acpi/q35/DSDT.cphp and b/tests/data/acpi/q35/DSDT.cphp differ diff --git a/tests/data/acpi/q35/DSDT.cxl b/tests/data/acpi/q35/DSDT.cxl index cecc1caaab..f9c6dd4ee0 100644 Binary files a/tests/data/acpi/q35/DSDT.cxl and b/tests/data/acpi/q35/DSDT.cxl differ diff --git a/tests/data/acpi/q35/DSDT.dimmpxm b/tests/data/acpi/q35/DSDT.dimmpxm index e5be00b4fa..f0659716e3 100644 Binary files a/tests/data/acpi/q35/DSDT.dimmpxm and b/tests/data/acpi/q35/DSDT.dimmpxm differ diff --git a/tests/data/acpi/q35/DSDT.ipmibt b/tests/data/acpi/q35/DSDT.ipmibt index c4f8212c63..9c52529919 100644 Binary files a/tests/data/acpi/q35/DSDT.ipmibt and b/tests/data/acpi/q35/DSDT.ipmibt differ diff --git a/tests/data/acpi/q35/DSDT.ipmismbus b/tests/data/acpi/q35/DSDT.ipmismbus index 05fb38820f..3f32dffdbf 100644 Binary files a/tests/data/acpi/q35/DSDT.ipmismbus and b/tests/data/acpi/q35/DSDT.ipmismbus differ diff --git a/tests/data/acpi/q35/DSDT.ivrs b/tests/data/acpi/q35/DSDT.ivrs index 03745d78de..b45abca7c2 100644 Binary files a/tests/data/acpi/q35/DSDT.ivrs and b/tests/data/acpi/q35/DSDT.ivrs differ diff --git a/tests/data/acpi/q35/DSDT.memhp b/tests/data/acpi/q35/DSDT.memhp index 2a4635d48c..28a192c69a 100644 Binary files a/tests/data/acpi/q35/DSDT.memhp and b/tests/data/acpi/q35/DSDT.memhp differ diff --git a/tests/data/acpi/q35/DSDT.mmio64 b/tests/data/acpi/q35/DSDT.mmio64 index 0491761dc7..8fda921296 100644 Binary files a/tests/data/acpi/q35/DSDT.mmio64 and b/tests/data/acpi/q35/DSDT.mmio64 differ diff --git a/tests/data/acpi/q35/DSDT.multi-bridge b/tests/data/acpi/q35/DSDT.multi-bridge index 485f571afd..3dba4d8436 100644 Binary files a/tests/data/acpi/q35/DSDT.multi-bridge and b/tests/data/acpi/q35/DSDT.multi-bridge differ diff --git a/tests/data/acpi/q35/DSDT.nohpet b/tests/data/acpi/q35/DSDT.nohpet index 9c2ec9f2c9..b116947dac 100644 Binary files a/tests/data/acpi/q35/DSDT.nohpet and b/tests/data/acpi/q35/DSDT.nohpet differ diff --git a/tests/data/acpi/q35/DSDT.numamem b/tests/data/acpi/q35/DSDT.numamem index 2302de88e9..5eb6159d5f 100644 Binary files a/tests/data/acpi/q35/DSDT.numamem and b/tests/data/acpi/q35/DSDT.numamem differ diff --git a/tests/data/acpi/q35/DSDT.pvpanic-isa b/tests/data/acpi/q35/DSDT.pvpanic-isa index 5e4b51d33b..908e7b6606 100644 Binary files a/tests/data/acpi/q35/DSDT.pvpanic-isa and b/tests/data/acpi/q35/DSDT.pvpanic-isa differ diff --git a/tests/data/acpi/q35/DSDT.tis.tpm12 b/tests/data/acpi/q35/DSDT.tis.tpm12 index 1723fca446..ce2c2c29c2 100644 Binary files a/tests/data/acpi/q35/DSDT.tis.tpm12 and b/tests/data/acpi/q35/DSDT.tis.tpm12 differ diff --git a/tests/data/acpi/q35/DSDT.tis.tpm2 b/tests/data/acpi/q35/DSDT.tis.tpm2 index 1a0d6284da..e9e4b7f6ed 100644 Binary files a/tests/data/acpi/q35/DSDT.tis.tpm2 and b/tests/data/acpi/q35/DSDT.tis.tpm2 differ diff --git a/tests/data/acpi/q35/DSDT.viot b/tests/data/acpi/q35/DSDT.viot index 6927d1cc96..6b436f9cd9 100644 Binary files a/tests/data/acpi/q35/DSDT.viot and b/tests/data/acpi/q35/DSDT.viot differ diff --git a/tests/data/acpi/q35/DSDT.xapic b/tests/data/acpi/q35/DSDT.xapic index 4a8a4af625..f47f091222 100644 Binary files a/tests/data/acpi/q35/DSDT.xapic and b/tests/data/acpi/q35/DSDT.xapic differ diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index c87f14477a..fc7a3b7e71 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -184,6 +184,7 @@ docker: @echo ' TARGET_LIST=a,b,c Override target list in builds.' @echo ' EXTRA_CONFIGURE_OPTS="..."' @echo ' Extra configure options.' + @echo ' TEST_COMMAND="..." Override the default `make check` target.' @echo ' IMAGES="a b c ..": Restrict available images to subset.' @echo ' TESTS="x y z .." Restrict available tests to subset.' @echo ' J=[0..9]* Overrides the -jN parameter for make commands' @@ -230,6 +231,7 @@ docker-run: docker-qemu-src $(if $(NETWORK),$(if $(subst $(NETWORK),,1),--net=$(NETWORK)),--net=none) \ -e TARGET_LIST=$(subst $(SPACE),$(COMMA),$(TARGET_LIST)) \ -e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \ + -e TEST_COMMAND="$(TEST_COMMAND)" \ -e V=$V -e J=$J -e DEBUG=$(DEBUG) \ -e SHOW_ENV=$(SHOW_ENV) \ $(if $(NOUSER),, \ diff --git a/tests/docker/common.rc b/tests/docker/common.rc index e6f8cee0d6..9a33df2832 100755 --- a/tests/docker/common.rc +++ b/tests/docker/common.rc @@ -63,12 +63,12 @@ check_qemu() { # default to make check unless the caller specifies if [ $# = 0 ]; then - INVOCATION="check" + INVOCATION="${TEST_COMMAND:-make $MAKEFLAGS check}" else - INVOCATION="$@" + INVOCATION="make $MAKEFLAGS $@" fi - make $MAKEFLAGS $INVOCATION + $INVOCATION } test_fail() diff --git a/tests/qtest/libqos/virtio-gpio.c b/tests/qtest/libqos/virtio-gpio.c index 762aa6695b..f22d7b5eb5 100644 --- a/tests/qtest/libqos/virtio-gpio.c +++ b/tests/qtest/libqos/virtio-gpio.c @@ -154,7 +154,8 @@ static void virtio_gpio_register_nodes(void) QOSGraphEdgeOptions edge_opts = { }; /* vhost-user-gpio-device */ - edge_opts.extra_device_opts = "id=gpio0,chardev=chr-vhost-user-test"; + edge_opts.extra_device_opts = "id=gpio0,chardev=chr-vhost-user-test " + "-global virtio-mmio.force-legacy=false"; qos_node_create_driver("vhost-user-gpio-device", virtio_gpio_device_create); qos_node_consumes("vhost-user-gpio-device", "virtio-bus", &edge_opts); diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 442998d9eb..dbde726adf 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1066,15 +1066,27 @@ test_migrate_tls_x509_finish(QTestState *from, TestMigrateTLSX509Data *data = opaque; test_tls_cleanup(data->keyfile); - unlink(data->cacert); - unlink(data->servercert); - unlink(data->serverkey); - unlink(data->clientcert); - unlink(data->clientkey); - rmdir(data->workdir); - - g_free(data->workdir); g_free(data->keyfile); + + unlink(data->cacert); + g_free(data->cacert); + unlink(data->servercert); + g_free(data->servercert); + unlink(data->serverkey); + g_free(data->serverkey); + + if (data->clientcert) { + unlink(data->clientcert); + g_free(data->clientcert); + } + if (data->clientkey) { + unlink(data->clientkey); + g_free(data->clientkey); + } + + rmdir(data->workdir); + g_free(data->workdir); + g_free(data); } #endif /* CONFIG_TASN1 */ diff --git a/tests/qtest/qom-test.c b/tests/qtest/qom-test.c index 7b871b2a31..13510bc349 100644 --- a/tests/qtest/qom-test.c +++ b/tests/qtest/qom-test.c @@ -20,6 +20,7 @@ static void test_properties(QTestState *qts, const char *path, bool recurse) QDict *response, *tuple, *tmp; QList *list; QListEntry *entry; + GSList *children = NULL, *links = NULL; g_test_message("Obtaining properties of %s", path); response = qtest_qmp(qts, "{ 'execute': 'qom-list'," @@ -41,11 +42,14 @@ static void test_properties(QTestState *qts, const char *path, bool recurse) if (is_child || is_link) { child_path = g_strdup_printf("%s/%s", path, qdict_get_str(tuple, "name")); - test_properties(qts, child_path, is_child); - g_free(child_path); + if (is_child) { + children = g_slist_prepend(children, child_path); + } else { + links = g_slist_prepend(links, child_path); + } } else { const char *prop = qdict_get_str(tuple, "name"); - g_test_message("Testing property %s.%s", path, prop); + g_test_message("-> %s", prop); tmp = qtest_qmp(qts, "{ 'execute': 'qom-get'," " 'arguments': { 'path': %s, 'property': %s } }", @@ -55,6 +59,18 @@ static void test_properties(QTestState *qts, const char *path, bool recurse) qobject_unref(tmp); } } + + while (links) { + test_properties(qts, links->data, false); + g_free(links->data); + links = g_slist_delete_link(links, links); + } + while (children) { + test_properties(qts, children->data, true); + g_free(children->data); + children = g_slist_delete_link(children, children); + } + qobject_unref(response); } diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c index 888295c073..0033dab493 100644 --- a/tools/virtiofsd/passthrough_seccomp.c +++ b/tools/virtiofsd/passthrough_seccomp.c @@ -110,6 +110,7 @@ static const int syscall_allowlist[] = { #endif SCMP_SYS(set_robust_list), SCMP_SYS(setxattr), + SCMP_SYS(sigreturn), SCMP_SYS(symlinkat), SCMP_SYS(syncfs), SCMP_SYS(time), /* Rarely needed, except on static builds */ diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c index 35f917ceb1..e84431790c 100644 --- a/ui/gtk-egl.c +++ b/ui/gtk-egl.c @@ -341,7 +341,7 @@ void gd_egl_flush(DisplayChangeListener *dcl, VirtualConsole *vc = container_of(dcl, VirtualConsole, gfx.dcl); GtkWidget *area = vc->gfx.drawing_area; - if (vc->gfx.guest_fb.dmabuf) { + if (vc->gfx.guest_fb.dmabuf && !vc->gfx.guest_fb.dmabuf->draw_submitted) { graphic_hw_gl_block(vc->gfx.dcl.con, true); vc->gfx.guest_fb.dmabuf->draw_submitted = true; gtk_widget_queue_draw_area(area, x, y, w, h); diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c index 682638a197..7696df1f6b 100644 --- a/ui/gtk-gl-area.c +++ b/ui/gtk-gl-area.c @@ -278,7 +278,7 @@ void gd_gl_area_scanout_flush(DisplayChangeListener *dcl, { VirtualConsole *vc = container_of(dcl, VirtualConsole, gfx.dcl); - if (vc->gfx.guest_fb.dmabuf) { + if (vc->gfx.guest_fb.dmabuf && !vc->gfx.guest_fb.dmabuf->draw_submitted) { graphic_hw_gl_block(vc->gfx.dcl.con, true); vc->gfx.guest_fb.dmabuf->draw_submitted = true; } diff --git a/ui/gtk.c b/ui/gtk.c index 7ec21f7798..4817623c8f 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -2403,7 +2403,9 @@ static void gtk_display_init(DisplayState *ds, DisplayOptions *opts) opts->u.gtk.show_tabs) { gtk_menu_item_activate(GTK_MENU_ITEM(s->show_tabs_item)); } +#ifdef CONFIG_GTK_CLIPBOARD gd_clipboard_init(s); +#endif /* CONFIG_GTK_CLIPBOARD */ } static void early_gtk_display_init(DisplayOptions *opts) diff --git a/ui/meson.build b/ui/meson.build index ec13949776..c1b137bf33 100644 --- a/ui/meson.build +++ b/ui/meson.build @@ -97,7 +97,10 @@ if gtk.found() softmmu_ss.add(when: 'CONFIG_WIN32', if_true: files('win32-kbd-hook.c')) gtk_ss = ss.source_set() - gtk_ss.add(gtk, vte, pixman, files('gtk.c', 'gtk-clipboard.c')) + gtk_ss.add(gtk, vte, pixman, files('gtk.c')) + if have_gtk_clipboard + gtk_ss.add(files('gtk-clipboard.c')) + endif gtk_ss.add(when: x11, if_true: files('x_keymap.c')) gtk_ss.add(when: opengl, if_true: files('gtk-gl-area.c')) gtk_ss.add(when: [x11, opengl], if_true: files('gtk-egl.c'))