diff --git a/Fixed-integer-overflow-in-e1000e.patch b/Fixed-integer-overflow-in-e1000e.patch index 004390fc5a3d60d2aaf4912d0679c4fa471d28a2..9ed97cad008b848ca1bee2706eb543d8d262c600 100644 --- a/Fixed-integer-overflow-in-e1000e.patch +++ b/Fixed-integer-overflow-in-e1000e.patch @@ -1,40 +1,40 @@ -From 41077af2c4283c15c0a822017ea51612d15b68f8 Mon Sep 17 00:00:00 2001 -From: Andrew Melnychenko -Date: Wed, 4 Mar 2020 16:20:58 +0200 -Subject: [PATCH 1/5] Fixed integer overflow in e1000e -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1737400 -Fixed setting max_queue_num if there are no peers in -NICConf. qemu_new_nic() creates NICState with 1 NetClientState(index -0) without peers, set max_queue_num to 0 - It prevents undefined -behavior and possible crashes, especially during pcie hotplug. - -Fixes: 6f3fbe4ed06 ("net: Introduce e1000e device emulation") -Signed-off-by: Andrew Melnychenko -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Dmitry Fleytman -Signed-off-by: Jason Wang -Signed-off-by: Zhenyu Ye ---- - hw/net/e1000e.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c -index 581f7d03..1e827c4f 100644 ---- a/hw/net/e1000e.c -+++ b/hw/net/e1000e.c -@@ -325,7 +325,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr) - s->nic = qemu_new_nic(&net_e1000e_info, &s->conf, - object_get_typename(OBJECT(s)), dev->id, s); - -- s->core.max_queue_num = s->conf.peers.queues - 1; -+ s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0; - - trace_e1000e_mac_set_permanent(MAC_ARG(macaddr)); - memcpy(s->core.permanent_mac, macaddr, sizeof(s->core.permanent_mac)); --- -2.22.0.windows.1 - +From 711d9b5253baf4079696ea13b0c1b259e7d7c803 Mon Sep 17 00:00:00 2001 +From: Andrew Melnychenko +Date: Wed, 4 Mar 2020 16:20:58 +0200 +Subject: [PATCH] Fixed integer overflow in e1000e +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1737400 +Fixed setting max_queue_num if there are no peers in +NICConf. qemu_new_nic() creates NICState with 1 NetClientState(index +0) without peers, set max_queue_num to 0 - It prevents undefined +behavior and possible crashes, especially during pcie hotplug. + +Fixes: 6f3fbe4ed06 ("net: Introduce e1000e device emulation") +Signed-off-by: Andrew Melnychenko +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Dmitry Fleytman +Signed-off-by: Jason Wang +Signed-off-by: Zhenyu Ye +--- + hw/net/e1000e.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c +index 581f7d03d5..1e827c4f8c 100644 +--- a/hw/net/e1000e.c ++++ b/hw/net/e1000e.c +@@ -325,7 +325,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr) + s->nic = qemu_new_nic(&net_e1000e_info, &s->conf, + object_get_typename(OBJECT(s)), dev->id, s); + +- s->core.max_queue_num = s->conf.peers.queues - 1; ++ s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0; + + trace_e1000e_mac_set_permanent(MAC_ARG(macaddr)); + memcpy(s->core.permanent_mac, macaddr, sizeof(s->core.permanent_mac)); +-- +2.23.0 + diff --git a/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch b/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch index 4a96fc5ce1372f0e2f59ab9019cf8d72e0ee7bee..9e0adb8a47b20bfb5525fa0b8a1b35efe7fd5da7 100644 --- a/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch +++ b/apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch @@ -1,7 +1,7 @@ -From 3bdd21c4b7d80cacc6b5f1b26ab52ef3a0aceb06 Mon Sep 17 00:00:00 2001 +From ae0786f03e7d29c0d4fac158fb4295e5a15133a4 Mon Sep 17 00:00:00 2001 From: Peter Xu Date: Wed, 16 Oct 2019 10:29:32 +0800 -Subject: [PATCH 7/8] apic: Use 32bit APIC ID for migration instance ID +Subject: [PATCH] apic: Use 32bit APIC ID for migration instance ID Migration is silently broken now with x2apic config like this: @@ -30,7 +30,7 @@ Signed-off-by: Juan Quintela 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c -index 07adba0..2c0cb1e 100644 +index 07adba04ef..2c0cb1ec3f 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -313,7 +313,10 @@ static void apic_common_realize(DeviceState *dev, Error **errp) @@ -46,5 +46,5 @@ index 07adba0..2c0cb1e 100644 info = APIC_COMMON_GET_CLASS(s); info->realize(dev, errp); -- -1.8.3.1 +2.23.0 diff --git a/audio-fix-integer-overflow.patch b/audio-fix-integer-overflow.patch index 91f5280f1854634460e43b48ae98a4f5eb57b26c..208d616eb782dcded68fd99d8e622e1f82bfdbb3 100644 --- a/audio-fix-integer-overflow.patch +++ b/audio-fix-integer-overflow.patch @@ -1,7 +1,7 @@ -From d0c4e8cc25dc3bfed1659c35fb59b2f0418ba1d5 Mon Sep 17 00:00:00 2001 +From b242ad1f0bae81b7d5e38d3f8ebbe48759525267 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Thu, 19 Dec 2019 21:34:05 +0100 -Subject: [PATCH 2/8] audio: fix integer overflow +Subject: [PATCH] audio: fix integer overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +20,7 @@ Signed-off-by: Gerd Hoffmann 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audio/audio.c b/audio/audio.c -index 05adf7f..efcb5d4 100644 +index 05adf7ffeb..efcb5d4c57 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1473,7 +1473,7 @@ static int audio_init(Audiodev *dev) @@ -33,5 +33,5 @@ index 05adf7f..efcb5d4 100644 e = qemu_add_vm_change_state_handler (audio_vm_change_state_handler, s); -- -1.8.3.1 +2.23.0 diff --git a/block-Avoid-memleak-on-qcow2-image-info-failure.patch b/block-Avoid-memleak-on-qcow2-image-info-failure.patch index 13917f5b61ed267f584feac9041450e6fe9bbca6..f06b3e98a1ac3087b08c686d27e08a4941d6cb84 100644 --- a/block-Avoid-memleak-on-qcow2-image-info-failure.patch +++ b/block-Avoid-memleak-on-qcow2-image-info-failure.patch @@ -1,7 +1,7 @@ -From 6a39af8880c18fb3bcbfb715aef909c64286524e Mon Sep 17 00:00:00 2001 +From 565ed61905378936bf692eb8b27c9fd53f13d461 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Fri, 20 Mar 2020 13:36:20 -0500 -Subject: [PATCH 04/14] block: Avoid memleak on qcow2 image info failure +Subject: [PATCH] block: Avoid memleak on qcow2 image info failure If we fail to get bitmap info, we must not leak the encryption info. @@ -19,7 +19,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+) diff --git a/block/qcow2.c b/block/qcow2.c -index 27c54b9905aa..0f4b0940d457 100644 +index 27c54b9905..0f4b0940d4 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -4588,6 +4588,7 @@ static ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *bs, @@ -31,5 +31,5 @@ index 27c54b9905aa..0f4b0940d457 100644 } *spec_info->u.qcow2.data = (ImageInfoSpecificQCow2){ -- -2.26.2 +2.23.0 diff --git a/block-bdrv_set_backing_bs-fix-use-after-free.patch b/block-bdrv_set_backing_bs-fix-use-after-free.patch index 93ac72169d8518a8fcadc82c7ee01fcfdfcf94fc..7722888a2a02b7b743e9379abaf9fab0327e48d5 100644 --- a/block-bdrv_set_backing_bs-fix-use-after-free.patch +++ b/block-bdrv_set_backing_bs-fix-use-after-free.patch @@ -1,7 +1,7 @@ -From 3754525eb383f91869634766ccd041cfe40bbf17 Mon Sep 17 00:00:00 2001 +From 0fe1450c50cf0875b812fc34b0cb492678ad3a23 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Mon, 16 Mar 2020 09:06:30 +0300 -Subject: [PATCH 05/14] block: bdrv_set_backing_bs: fix use-after-free +Subject: [PATCH] block: bdrv_set_backing_bs: fix use-after-free MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -96,7 +96,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block.c b/block.c -index 29e504b86aff..e834102c87f7 100644 +index 29e504b86a..e834102c87 100644 --- a/block.c +++ b/block.c @@ -2549,10 +2549,10 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd, @@ -112,5 +112,5 @@ index 29e504b86aff..e834102c87f7 100644 } -- -2.26.2 +2.23.0 diff --git a/block-fix-bdrv_root_attach_child-forget-to-unref-chi.patch b/block-fix-bdrv_root_attach_child-forget-to-unref-chi.patch index d901f1062659223d2899ab5520759a6a5065545a..6973ebbcce16b6e063bfe005ad4a6a0a3c3416e5 100644 --- a/block-fix-bdrv_root_attach_child-forget-to-unref-chi.patch +++ b/block-fix-bdrv_root_attach_child-forget-to-unref-chi.patch @@ -1,8 +1,7 @@ -From 5060ef71fa4621061101a30fa9e0d1690696c5c1 Mon Sep 17 00:00:00 2001 +From db04286f48107abd841fc2e21253cf87daa01b86 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Tue, 24 Mar 2020 18:59:21 +0300 -Subject: [PATCH 10/14] block: fix bdrv_root_attach_child forget to unref - child_bs +Subject: [PATCH] block: fix bdrv_root_attach_child forget to unref child_bs bdrv_root_attach_child promises to drop child_bs reference on failure. It does it on first handled failure path, but not on the second. Fix @@ -17,7 +16,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+) diff --git a/block.c b/block.c -index e834102c87f7..38880eabf801 100644 +index e834102c87..38880eabf8 100644 --- a/block.c +++ b/block.c @@ -2399,6 +2399,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs, @@ -29,5 +28,5 @@ index e834102c87f7..38880eabf801 100644 } } -- -2.26.2 +2.23.0 diff --git a/block-mirror-fix-use-after-free-of-local_err.patch b/block-mirror-fix-use-after-free-of-local_err.patch index ea2f739410164f7df43f020192cd60653a3b8cf0..2b4a514a0ced19e90ec3ce8a7f37c306c014ae49 100644 --- a/block-mirror-fix-use-after-free-of-local_err.patch +++ b/block-mirror-fix-use-after-free-of-local_err.patch @@ -1,7 +1,7 @@ -From 682d23829adf0a872d5a3ca6eb4b31c424f558fc Mon Sep 17 00:00:00 2001 +From 74a7421507748afc5e1b0acfea8e0ceb1a64a848 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Tue, 24 Mar 2020 18:36:26 +0300 -Subject: [PATCH 09/14] block/mirror: fix use after free of local_err +Subject: [PATCH] block/mirror: fix use after free of local_err local_err is used again in mirror_exit_common() after bdrv_set_backing_hd(), so we must zero it. Otherwise try to set @@ -18,7 +18,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+) diff --git a/block/mirror.c b/block/mirror.c -index 681b305de650..ef6c958ff9b3 100644 +index 681b305de6..ef6c958ff9 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -674,6 +674,7 @@ static int mirror_exit_common(Job *job) @@ -30,5 +30,5 @@ index 681b305de650..ef6c958ff9b3 100644 } } -- -2.26.2 +2.23.0 diff --git a/block-nbd-extract-the-common-cleanup-code.patch b/block-nbd-extract-the-common-cleanup-code.patch index 4cc24818b7c96cc8c85a0c8ac97dc2452c234610..ef006fc8611842cddb3be1cc00fc87f78fb976ae 100644 --- a/block-nbd-extract-the-common-cleanup-code.patch +++ b/block-nbd-extract-the-common-cleanup-code.patch @@ -1,7 +1,7 @@ -From 1196a2079a558cbb673e06142fa67a401c5e6c30 Mon Sep 17 00:00:00 2001 +From 77d45868f1d393504e85c5ec8a312e87d41bc94f Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Thu, 5 Dec 2019 11:45:27 +0800 -Subject: [PATCH 6/9] block/nbd: extract the common cleanup code +Subject: [PATCH] block/nbd: extract the common cleanup code The BDRVNBDState cleanup code is common in two places, add nbd_clear_bdrvstate() function to do these cleanups. @@ -19,7 +19,7 @@ Signed-off-by: AlexChen 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/block/nbd.c b/block/nbd.c -index 57c1a20..3977b1e 100644 +index 57c1a20581..3977b1efc7 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -73,6 +73,16 @@ typedef struct BDRVNBDState { @@ -63,5 +63,5 @@ index 57c1a20..3977b1e 100644 static int64_t nbd_getlength(BlockDriverState *bs) -- -1.8.3.1 +2.23.0 diff --git a/block-qcow2-do-free-crypto_opts-in-qcow2_close.patch b/block-qcow2-do-free-crypto_opts-in-qcow2_close.patch index 44b0ea19e95b95bbd583034e9c830e3dd6d647e6..4e2f5a3e263da3986ea39888337122d61c3b6427 100644 --- a/block-qcow2-do-free-crypto_opts-in-qcow2_close.patch +++ b/block-qcow2-do-free-crypto_opts-in-qcow2_close.patch @@ -1,7 +1,7 @@ -From 88ef4e1862987227f8b87228cff94be3af66d054 Mon Sep 17 00:00:00 2001 +From 453431d97435d2dc6e4760b8cb4e05a86e219fbc Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Thu, 27 Feb 2020 09:29:49 +0800 -Subject: [PATCH 01/14] block/qcow2: do free crypto_opts in qcow2_close() +Subject: [PATCH] block/qcow2: do free crypto_opts in qcow2_close() 'crypto_opts' forgot to free in qcow2_close(), this patch fix the bellow leak stack: @@ -38,7 +38,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+) diff --git a/block/qcow2.c b/block/qcow2.c -index 1909df6e1d24..27c54b9905aa 100644 +index 1909df6e1d..27c54b9905 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -2408,6 +2408,7 @@ static void qcow2_close(BlockDriverState *bs) @@ -50,5 +50,5 @@ index 1909df6e1d24..27c54b9905aa 100644 g_free(s->unknown_header_fields); cleanup_unknown_header_ext(bs); -- -2.26.2 +2.23.0 diff --git a/block-qcow2-threads-fix-qcow2_decompress.patch b/block-qcow2-threads-fix-qcow2_decompress.patch index d2fd9ee74fc5b57fb57ee1f655763895f1fe4356..1f50ff6b65acab3963a9fb05ed491a85a30370b4 100644 --- a/block-qcow2-threads-fix-qcow2_decompress.patch +++ b/block-qcow2-threads-fix-qcow2_decompress.patch @@ -1,7 +1,7 @@ -From a583b6b616b086d3fdce93e255d24ab2c865efd3 Mon Sep 17 00:00:00 2001 +From 681b9f40967c40b2740a077f33b0d74f65480987 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Mon, 2 Mar 2020 18:09:30 +0300 -Subject: [PATCH 03/14] block/qcow2-threads: fix qcow2_decompress +Subject: [PATCH] block/qcow2-threads: fix qcow2_decompress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -29,7 +29,7 @@ Signed-off-by: Peng Liang 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/block/qcow2-threads.c b/block/qcow2-threads.c -index 3b1e63fe414d..449cd3c0a1f4 100644 +index 3b1e63fe41..449cd3c0a1 100644 --- a/block/qcow2-threads.c +++ b/block/qcow2-threads.c @@ -128,12 +128,12 @@ static ssize_t qcow2_compress(void *dest, size_t dest_size, @@ -71,5 +71,5 @@ index 3b1e63fe414d..449cd3c0a1f4 100644 inflateEnd(&strm); -- -2.26.2 +2.23.0 diff --git a/build-smt-processor-structure-to-support-smt-topolog.patch b/build-smt-processor-structure-to-support-smt-topolog.patch index ed01d38bb17dd4931a1f23b5a21127a2c5dd0425..cc116564c4fa45a6ea73050b824c0c8ecaa9cd0b 100644 --- a/build-smt-processor-structure-to-support-smt-topolog.patch +++ b/build-smt-processor-structure-to-support-smt-topolog.patch @@ -1,4 +1,4 @@ -From af8740502815be450709e88df44ad322da2b071f Mon Sep 17 00:00:00 2001 +From 7cfcd8c8a2fe3bd59714c6d5c6d55eb86bf7bc99 Mon Sep 17 00:00:00 2001 From: Henglong Fan Date: Tue, 18 Aug 2020 21:42:33 +0800 Subject: [PATCH] build smt processor structure to support smt topology @@ -14,7 +14,7 @@ Signed-off-by: Henglong Fan 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c -index 74e95005..8a3b51c8 100644 +index 74e950057b..8a3b51c835 100644 --- a/hw/acpi/aml-build.c +++ b/hw/acpi/aml-build.c @@ -53,7 +53,7 @@ static void build_append_array(GArray *array, GArray *val) diff --git a/char-fix-use-after-free-with-dup-chardev-reconnect.patch b/char-fix-use-after-free-with-dup-chardev-reconnect.patch index fd81015a18beced443caef903d0ec1f2a1fd8850..ffab65b0db105bcf3de88f2770e8eb4db986a093 100644 --- a/char-fix-use-after-free-with-dup-chardev-reconnect.patch +++ b/char-fix-use-after-free-with-dup-chardev-reconnect.patch @@ -1,126 +1,126 @@ -From 902a8192600ff81681a162509e23bf95619d1f04 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 20 Apr 2020 13:20:12 +0200 -Subject: [PATCH] char: fix use-after-free with dup chardev & reconnect -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -With a reconnect socket, qemu_char_open() will start a background -thread. It should keep a reference on the chardev. - -Fixes invalid read: -READ of size 8 at 0x6040000ac858 thread T7 - #0 0x5555598d37b8 in unix_connect_saddr /home/elmarco/src/qq/util/qemu-sockets.c:954 - #1 0x5555598d4751 in socket_connect /home/elmarco/src/qq/util/qemu-sockets.c:1109 - #2 0x555559707c34 in qio_channel_socket_connect_sync /home/elmarco/src/qq/io/channel-socket.c:145 - #3 0x5555596adebb in tcp_chr_connect_client_task /home/elmarco/src/qq/chardev/char-socket.c:1104 - #4 0x555559723d55 in qio_task_thread_worker /home/elmarco/src/qq/io/task.c:123 - #5 0x5555598a6731 in qemu_thread_start /home/elmarco/src/qq/util/qemu-thread-posix.c:519 - #6 0x7ffff40d4431 in start_thread (/lib64/libpthread.so.0+0x9431) - #7 0x7ffff40029d2 in __clone (/lib64/libc.so.6+0x1019d2) - -Signed-off-by: Marc-André Lureau -Reviewed-by: Daniel P. Berrangé -Message-Id: <20200420112012.567284-1-marcandre.lureau@redhat.com> -Signed-off-by: Zhenyu Ye ---- - chardev/char-socket.c | 3 ++- - tests/test-char.c | 53 ++++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 54 insertions(+), 2 deletions(-) - -diff --git a/chardev/char-socket.c b/chardev/char-socket.c -index 7ca5d97a..701b62f9 100644 ---- a/chardev/char-socket.c -+++ b/chardev/char-socket.c -@@ -1118,7 +1118,8 @@ static void tcp_chr_connect_client_async(Chardev *chr) - */ - s->connect_task = qio_task_new(OBJECT(sioc), - qemu_chr_socket_connected, -- chr, NULL); -+ object_ref(OBJECT(chr)), -+ (GDestroyNotify)object_unref); - qio_task_run_in_thread(s->connect_task, - tcp_chr_connect_client_task, - s->addr, -diff --git a/tests/test-char.c b/tests/test-char.c -index f9440cdc..0e4069fb 100644 ---- a/tests/test-char.c -+++ b/tests/test-char.c -@@ -871,6 +871,53 @@ typedef struct { - } CharSocketClientTestConfig; - - -+static void char_socket_client_dupid_test(gconstpointer opaque) -+{ -+ const CharSocketClientTestConfig *config = opaque; -+ QIOChannelSocket *ioc; -+ char *optstr; -+ Chardev *chr1, *chr2; -+ SocketAddress *addr; -+ QemuOpts *opts; -+ Error *local_err = NULL; -+ -+ /* -+ * Setup a listener socket and determine get its address -+ * so we know the TCP port for the client later -+ */ -+ ioc = qio_channel_socket_new(); -+ g_assert_nonnull(ioc); -+ qio_channel_socket_listen_sync(ioc, config->addr, &error_abort); -+ addr = qio_channel_socket_get_local_address(ioc, &error_abort); -+ g_assert_nonnull(addr); -+ -+ /* -+ * Populate the chardev address based on what the server -+ * is actually listening on -+ */ -+ optstr = char_socket_addr_to_opt_str(addr, -+ config->fd_pass, -+ config->reconnect, -+ false); -+ -+ opts = qemu_opts_parse_noisily(qemu_find_opts("chardev"), -+ optstr, true); -+ g_assert_nonnull(opts); -+ chr1 = qemu_chr_new_from_opts(opts, NULL, &error_abort); -+ g_assert_nonnull(chr1); -+ -+ chr2 = qemu_chr_new_from_opts(opts, NULL, &local_err); -+ g_assert_null(chr2); -+ error_free_or_abort(&local_err); -+ -+ object_unref(OBJECT(ioc)); -+ qemu_opts_del(opts); -+ object_unparent(OBJECT(chr1)); -+ qapi_free_SocketAddress(addr); -+ g_free(optstr); -+} -+ -+ - static void char_socket_client_test(gconstpointer opaque) - { - const CharSocketClientTestConfig *config = opaque; -@@ -1425,6 +1472,8 @@ int main(int argc, char **argv) - { addr, NULL, false, true }; \ - CharSocketClientTestConfig client6 ## name = \ - { addr, NULL, true, true }; \ -+ CharSocketClientTestConfig client7 ## name = \ -+ { addr, ",reconnect=1", false, false }; \ - g_test_add_data_func("/char/socket/client/mainloop/" # name, \ - &client1 ##name, char_socket_client_test); \ - g_test_add_data_func("/char/socket/client/wait-conn/" # name, \ -@@ -1436,7 +1485,9 @@ int main(int argc, char **argv) - g_test_add_data_func("/char/socket/client/mainloop-fdpass/" # name, \ - &client5 ##name, char_socket_client_test); \ - g_test_add_data_func("/char/socket/client/wait-conn-fdpass/" # name, \ -- &client6 ##name, char_socket_client_test) -+ &client6 ##name, char_socket_client_test); \ -+ g_test_add_data_func("/char/socket/client/dupid-reconnect/" # name, \ -+ &client7 ##name, char_socket_client_dupid_test) - - SOCKET_SERVER_TEST(tcp, &tcpaddr); - SOCKET_CLIENT_TEST(tcp, &tcpaddr); --- -2.22.0.windows.1 - +From 9c3aedec015d21913f8ea1bfc756a31fd64461cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Mon, 20 Apr 2020 13:20:12 +0200 +Subject: [PATCH] char: fix use-after-free with dup chardev & reconnect +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With a reconnect socket, qemu_char_open() will start a background +thread. It should keep a reference on the chardev. + +Fixes invalid read: +READ of size 8 at 0x6040000ac858 thread T7 + #0 0x5555598d37b8 in unix_connect_saddr /home/elmarco/src/qq/util/qemu-sockets.c:954 + #1 0x5555598d4751 in socket_connect /home/elmarco/src/qq/util/qemu-sockets.c:1109 + #2 0x555559707c34 in qio_channel_socket_connect_sync /home/elmarco/src/qq/io/channel-socket.c:145 + #3 0x5555596adebb in tcp_chr_connect_client_task /home/elmarco/src/qq/chardev/char-socket.c:1104 + #4 0x555559723d55 in qio_task_thread_worker /home/elmarco/src/qq/io/task.c:123 + #5 0x5555598a6731 in qemu_thread_start /home/elmarco/src/qq/util/qemu-thread-posix.c:519 + #6 0x7ffff40d4431 in start_thread (/lib64/libpthread.so.0+0x9431) + #7 0x7ffff40029d2 in __clone (/lib64/libc.so.6+0x1019d2) + +Signed-off-by: Marc-André Lureau +Reviewed-by: Daniel P. Berrangé +Message-Id: <20200420112012.567284-1-marcandre.lureau@redhat.com> +Signed-off-by: Zhenyu Ye +--- + chardev/char-socket.c | 3 ++- + tests/test-char.c | 53 ++++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 54 insertions(+), 2 deletions(-) + +diff --git a/chardev/char-socket.c b/chardev/char-socket.c +index 7ca5d97af3..701b62f9d3 100644 +--- a/chardev/char-socket.c ++++ b/chardev/char-socket.c +@@ -1118,7 +1118,8 @@ static void tcp_chr_connect_client_async(Chardev *chr) + */ + s->connect_task = qio_task_new(OBJECT(sioc), + qemu_chr_socket_connected, +- chr, NULL); ++ object_ref(OBJECT(chr)), ++ (GDestroyNotify)object_unref); + qio_task_run_in_thread(s->connect_task, + tcp_chr_connect_client_task, + s->addr, +diff --git a/tests/test-char.c b/tests/test-char.c +index f9440cdcfd..0e4069fbb7 100644 +--- a/tests/test-char.c ++++ b/tests/test-char.c +@@ -871,6 +871,53 @@ typedef struct { + } CharSocketClientTestConfig; + + ++static void char_socket_client_dupid_test(gconstpointer opaque) ++{ ++ const CharSocketClientTestConfig *config = opaque; ++ QIOChannelSocket *ioc; ++ char *optstr; ++ Chardev *chr1, *chr2; ++ SocketAddress *addr; ++ QemuOpts *opts; ++ Error *local_err = NULL; ++ ++ /* ++ * Setup a listener socket and determine get its address ++ * so we know the TCP port for the client later ++ */ ++ ioc = qio_channel_socket_new(); ++ g_assert_nonnull(ioc); ++ qio_channel_socket_listen_sync(ioc, config->addr, &error_abort); ++ addr = qio_channel_socket_get_local_address(ioc, &error_abort); ++ g_assert_nonnull(addr); ++ ++ /* ++ * Populate the chardev address based on what the server ++ * is actually listening on ++ */ ++ optstr = char_socket_addr_to_opt_str(addr, ++ config->fd_pass, ++ config->reconnect, ++ false); ++ ++ opts = qemu_opts_parse_noisily(qemu_find_opts("chardev"), ++ optstr, true); ++ g_assert_nonnull(opts); ++ chr1 = qemu_chr_new_from_opts(opts, NULL, &error_abort); ++ g_assert_nonnull(chr1); ++ ++ chr2 = qemu_chr_new_from_opts(opts, NULL, &local_err); ++ g_assert_null(chr2); ++ error_free_or_abort(&local_err); ++ ++ object_unref(OBJECT(ioc)); ++ qemu_opts_del(opts); ++ object_unparent(OBJECT(chr1)); ++ qapi_free_SocketAddress(addr); ++ g_free(optstr); ++} ++ ++ + static void char_socket_client_test(gconstpointer opaque) + { + const CharSocketClientTestConfig *config = opaque; +@@ -1425,6 +1472,8 @@ int main(int argc, char **argv) + { addr, NULL, false, true }; \ + CharSocketClientTestConfig client6 ## name = \ + { addr, NULL, true, true }; \ ++ CharSocketClientTestConfig client7 ## name = \ ++ { addr, ",reconnect=1", false, false }; \ + g_test_add_data_func("/char/socket/client/mainloop/" # name, \ + &client1 ##name, char_socket_client_test); \ + g_test_add_data_func("/char/socket/client/wait-conn/" # name, \ +@@ -1436,7 +1485,9 @@ int main(int argc, char **argv) + g_test_add_data_func("/char/socket/client/mainloop-fdpass/" # name, \ + &client5 ##name, char_socket_client_test); \ + g_test_add_data_func("/char/socket/client/wait-conn-fdpass/" # name, \ +- &client6 ##name, char_socket_client_test) ++ &client6 ##name, char_socket_client_test); \ ++ g_test_add_data_func("/char/socket/client/dupid-reconnect/" # name, \ ++ &client7 ##name, char_socket_client_dupid_test) + + SOCKET_SERVER_TEST(tcp, &tcpaddr); + SOCKET_CLIENT_TEST(tcp, &tcpaddr); +-- +2.23.0 + diff --git a/chardev-tcp-Fix-error-message-double-free-error.patch b/chardev-tcp-Fix-error-message-double-free-error.patch index 175ddfe2dea85111016d162aa0cd95d79a49a492..37ae50d750faf7a84c54ca0f7604335b6e0fd18b 100644 --- a/chardev-tcp-Fix-error-message-double-free-error.patch +++ b/chardev-tcp-Fix-error-message-double-free-error.patch @@ -1,7 +1,7 @@ -From 4488ab4700d344b049ddef808a64eda4b5867902 Mon Sep 17 00:00:00 2001 +From 850464b19340640a9fb125ea06648f33ce04f955 Mon Sep 17 00:00:00 2001 From: lichun Date: Mon, 22 Jun 2020 05:30:17 +0800 -Subject: [PATCH 06/11] chardev/tcp: Fix error message double free error +Subject: [PATCH] chardev/tcp: Fix error message double free error Errors are already freed by error_report_err, so we only need to call error_free when that function is not called. @@ -18,7 +18,7 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c -index 701b62f9..9b06c8aa 100644 +index 701b62f9d3..9b06c8aa32 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -141,6 +141,8 @@ static void check_report_connect_error(Chardev *chr, @@ -39,5 +39,5 @@ index 701b62f9..9b06c8aa 100644 } -- -2.27.0.dirty +2.23.0 diff --git a/colo-compare-Fix-memory-leak-in-packet_enqueue.patch b/colo-compare-Fix-memory-leak-in-packet_enqueue.patch index ca5e43c49a6ad18fa7c6d204c1eabfac7ed6ddd5..1d68db6dca82748ece1dd69c1c4100f97923ea5d 100644 --- a/colo-compare-Fix-memory-leak-in-packet_enqueue.patch +++ b/colo-compare-Fix-memory-leak-in-packet_enqueue.patch @@ -1,7 +1,7 @@ -From 19afb1431bd730a1e4e09e3c0835c35572517268 Mon Sep 17 00:00:00 2001 +From 505c7efc7baafc97ec9fcac27f2b75402c6144a4 Mon Sep 17 00:00:00 2001 From: Derek Su Date: Fri, 22 May 2020 15:53:57 +0800 -Subject: [PATCH 07/11] colo-compare: Fix memory leak in packet_enqueue() +Subject: [PATCH] colo-compare: Fix memory leak in packet_enqueue() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -24,7 +24,7 @@ Signed-off-by: BiaoXiang Ye 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/net/colo-compare.c b/net/colo-compare.c -index 7ee17f2c..3168407e 100644 +index 7ee17f2cf8..3168407ea3 100644 --- a/net/colo-compare.c +++ b/net/colo-compare.c @@ -120,6 +120,10 @@ enum { @@ -74,7 +74,7 @@ index 7ee17f2c..3168407e 100644 return 0; diff --git a/net/trace-events b/net/trace-events -index ac570564..a9995387 100644 +index ac57056497..a9995387b1 100644 --- a/net/trace-events +++ b/net/trace-events @@ -12,6 +12,7 @@ colo_proxy_main(const char *chr) ": %s" @@ -86,5 +86,5 @@ index ac570564..a9995387 100644 colo_compare_icmp_miscompare(const char *sta, int size) ": %s = %d" colo_compare_ip_info(int psize, const char *sta, const char *stb, int ssize, const char *stc, const char *std) "ppkt size = %d, ip_src = %s, ip_dst = %s, spkt size = %d, ip_src = %s, ip_dst = %s" -- -2.27.0.dirty +2.23.0 diff --git a/cris-do-not-leak-struct-cris_disasm_data.patch b/cris-do-not-leak-struct-cris_disasm_data.patch index fa7623fe1878eca815805e853d64ff9b2d8a88a3..e38c8f4c688763272ccacad7cf092e7d341385ef 100644 --- a/cris-do-not-leak-struct-cris_disasm_data.patch +++ b/cris-do-not-leak-struct-cris_disasm_data.patch @@ -1,4 +1,4 @@ -From d0586065e67b5df2611f4cf61eb791d48b78ff77 Mon Sep 17 00:00:00 2001 +From 5cacb3d417624ca229fbacd905f7406be82abc7a Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 14:42:59 +0800 Subject: [PATCH] cris: do not leak struct cris_disasm_data @@ -11,7 +11,7 @@ Signed-off-by: Paolo Bonzini 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/disas/cris.c b/disas/cris.c -index 2f43c9b2..f3ff44ba 100644 +index 2f43c9b209..f3ff44bad5 100644 --- a/disas/cris.c +++ b/disas/cris.c @@ -1294,24 +1294,17 @@ static int cris_constraint @@ -135,5 +135,5 @@ index 2f43c9b2..f3ff44ba 100644 } #endif -- -2.19.1 +2.23.0 diff --git a/delete-the-in-tpm.txt.patch b/delete-the-in-tpm.txt.patch index 01ce3ace541aca115bccd47100f5dbd954643764..35e0553e8835c12e5d3e73a5a1258e2ce7d49d3f 100644 --- a/delete-the-in-tpm.txt.patch +++ b/delete-the-in-tpm.txt.patch @@ -1,7 +1,7 @@ -From 3020ae141ef40f06b17eb0f16d2a3c6d5872ff89 Mon Sep 17 00:00:00 2001 +From 817628f474ee1e8fc7e33523e2ba31370aa0fb3e Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Wed, 29 Jul 2020 08:45:50 +0000 -Subject: [PATCH 05/19] delete the in tpm.txt +Subject: [PATCH] delete the in tpm.txt Signed-off-by: jiangfangjie --- @@ -9,7 +9,7 @@ Signed-off-by: jiangfangjie 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/specs/tpm.txt b/docs/specs/tpm.txt -index 5d8c26b1..9c8cca04 100644 +index 5d8c26b1ad..9c8cca042d 100644 --- a/docs/specs/tpm.txt +++ b/docs/specs/tpm.txt @@ -89,7 +89,7 @@ TPM upon reboot. The PPI specification defines the operation requests and the diff --git a/display-bochs-display-fix-memory-leak.patch b/display-bochs-display-fix-memory-leak.patch index 4dd3aa61c2b2b1026e0065c708ead4aeb79b3c21..5881a33db3da1a84a26bbfe18c6533f5b7c775e5 100644 --- a/display-bochs-display-fix-memory-leak.patch +++ b/display-bochs-display-fix-memory-leak.patch @@ -1,7 +1,7 @@ -From 7edca67dc630e31043644e87ede2e05e504f845b Mon Sep 17 00:00:00 2001 +From a7f65314c4d9b19ce8464ba386657b83d57aaed7 Mon Sep 17 00:00:00 2001 From: Cameron Esfahani Date: Tue, 10 Dec 2019 13:27:54 -0800 -Subject: [PATCH 1/8] display/bochs-display: fix memory leak +Subject: [PATCH] display/bochs-display: fix memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -18,7 +18,7 @@ Signed-off-by: Gerd Hoffmann 1 file changed, 2 insertions(+) diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c -index 8e83b51..b601b2f 100644 +index 8e83b5164b..b601b2fadc 100644 --- a/hw/display/bochs-display.c +++ b/hw/display/bochs-display.c @@ -251,6 +251,8 @@ static void bochs_display_update(void *opaque) @@ -31,5 +31,5 @@ index 8e83b51..b601b2f 100644 } -- -1.8.3.1 +2.23.0 diff --git a/docs-specs-tpm-Document-TPM_TIS-sysbus-device-for-AR.patch b/docs-specs-tpm-Document-TPM_TIS-sysbus-device-for-AR.patch index f0be64a937fd5b1f78c54f5f74854f388c023786..31e8b6eee67a8d6d954cc39154b2b345bb04d2b8 100644 --- a/docs-specs-tpm-Document-TPM_TIS-sysbus-device-for-AR.patch +++ b/docs-specs-tpm-Document-TPM_TIS-sysbus-device-for-AR.patch @@ -1,7 +1,7 @@ -From dd7f6cc3bcd71681920e3530f2c53041c812c5d3 Mon Sep 17 00:00:00 2001 +From fe063465621c169b66bb4f4c6e5944be35ad0ea5 Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Thu, 5 Mar 2020 17:51:46 +0100 -Subject: [PATCH 16/19] docs/specs/tpm: Document TPM_TIS sysbus device for ARM +Subject: [PATCH] docs/specs/tpm: Document TPM_TIS sysbus device for ARM Update the documentation with recent changes related to the sysbus TPM_TIS device addition and add the command line @@ -17,7 +17,7 @@ Signed-off-by: jiangfangjie 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst -index 2bdf637f..da9eb39c 100644 +index 2bdf637f55..da9eb39ca9 100644 --- a/docs/specs/tpm.rst +++ b/docs/specs/tpm.rst @@ -18,9 +18,15 @@ The TIS interface makes a memory mapped IO region in the area diff --git a/docs-specs-tpm-reST-ify-TPM-documentation.patch b/docs-specs-tpm-reST-ify-TPM-documentation.patch index d4648994bde2fc4b68ce49f28f4a612f53e65551..6be37e6899a5323e010bcb086f5bfc86b299f514 100644 --- a/docs-specs-tpm-reST-ify-TPM-documentation.patch +++ b/docs-specs-tpm-reST-ify-TPM-documentation.patch @@ -1,7 +1,7 @@ -From 5d1865496ca39f08142a0c1eb2c9b14ec1ec9140 Mon Sep 17 00:00:00 2001 +From cdbc07fe1e01377a211019d719a8abe665bbc184 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 21 Jan 2020 10:29:35 -0500 -Subject: [PATCH 09/19] docs/specs/tpm: reST-ify TPM documentation +Subject: [PATCH] docs/specs/tpm: reST-ify TPM documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +20,7 @@ Signed-off-by: jiangfangjie delete mode 100644 docs/specs/tpm.txt diff --git a/docs/specs/index.rst b/docs/specs/index.rst -index 984ba440..de46a8b5 100644 +index 984ba44029..de46a8b5e7 100644 --- a/docs/specs/index.rst +++ b/docs/specs/index.rst @@ -13,3 +13,4 @@ Contents: @@ -30,7 +30,7 @@ index 984ba440..de46a8b5 100644 + tpm diff --git a/docs/specs/tpm.rst b/docs/specs/tpm.rst new file mode 100644 -index 00000000..2bdf637f +index 0000000000..2bdf637f55 --- /dev/null +++ b/docs/specs/tpm.rst @@ -0,0 +1,503 @@ @@ -539,7 +539,7 @@ index 00000000..2bdf637f + https://github.com/stefanberger/swtpm/blob/master/man/man3/swtpm_ioctls.pod diff --git a/docs/specs/tpm.txt b/docs/specs/tpm.txt deleted file mode 100644 -index 9c3e67d8..00000000 +index 9c3e67d8a7..0000000000 --- a/docs/specs/tpm.txt +++ /dev/null @@ -1,445 +0,0 @@ diff --git a/file-posix-Fix-leaked-fd-in-raw_open_common-error-pa.patch b/file-posix-Fix-leaked-fd-in-raw_open_common-error-pa.patch index 28c1e3bc6837063888bb8c862fb1e629f70de8be..89f5ddcfdb01ee237e7a5ac9924d853e41b936da 100644 --- a/file-posix-Fix-leaked-fd-in-raw_open_common-error-pa.patch +++ b/file-posix-Fix-leaked-fd-in-raw_open_common-error-pa.patch @@ -1,31 +1,31 @@ -From 94be73a20d42482cdf30115e672c36af2fe9068d Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Fri, 17 Jul 2020 12:54:26 +0200 -Subject: [PATCH 5/5] file-posix: Fix leaked fd in raw_open_common() error path - -Signed-off-by: Kevin Wolf -Message-Id: <20200717105426.51134-4-kwolf@redhat.com> -Reviewed-by: Max Reitz -Signed-off-by: Kevin Wolf -Signed-off-by: Zhenyu Ye ---- - block/file-posix.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/block/file-posix.c b/block/file-posix.c -index 2184aa98..1259bf58 100644 ---- a/block/file-posix.c -+++ b/block/file-posix.c -@@ -671,6 +671,9 @@ static int raw_open_common(BlockDriverState *bs, QDict *options, - bs->supported_zero_flags = BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK; - ret = 0; - fail: -+ if (ret < 0 && s->fd != -1) { -+ qemu_close(s->fd); -+ } - if (filename && (bdrv_flags & BDRV_O_TEMPORARY)) { - unlink(filename); - } --- -2.22.0.windows.1 - +From 51f56163bb1d8e3070ff121f03aae34ab2e10f4f Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Fri, 17 Jul 2020 12:54:26 +0200 +Subject: [PATCH] file-posix: Fix leaked fd in raw_open_common() error path + +Signed-off-by: Kevin Wolf +Message-Id: <20200717105426.51134-4-kwolf@redhat.com> +Reviewed-by: Max Reitz +Signed-off-by: Kevin Wolf +Signed-off-by: Zhenyu Ye +--- + block/file-posix.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/block/file-posix.c b/block/file-posix.c +index 2184aa980c..1259bf58c9 100644 +--- a/block/file-posix.c ++++ b/block/file-posix.c +@@ -671,6 +671,9 @@ static int raw_open_common(BlockDriverState *bs, QDict *options, + bs->supported_zero_flags = BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK; + ret = 0; + fail: ++ if (ret < 0 && s->fd != -1) { ++ qemu_close(s->fd); ++ } + if (filename && (bdrv_flags & BDRV_O_TEMPORARY)) { + unlink(filename); + } +-- +2.23.0 + diff --git a/fix-vhost_user_blk_watch-crash.patch b/fix-vhost_user_blk_watch-crash.patch index 905cbe3c2542b7d59f8d69da720bf0639a4be9bb..1654c51d039714ade8ebec41166841a8d801882a 100644 --- a/fix-vhost_user_blk_watch-crash.patch +++ b/fix-vhost_user_blk_watch-crash.patch @@ -1,7 +1,7 @@ -From 0b77995819a596f96c621697643e83624126e668 Mon Sep 17 00:00:00 2001 +From 5389e1823ca9a5bec5f86b4848824773ad01370f Mon Sep 17 00:00:00 2001 From: Li Feng Date: Mon, 23 Mar 2020 13:29:24 +0800 -Subject: [PATCH 13/14] fix vhost_user_blk_watch crash +Subject: [PATCH] fix vhost_user_blk_watch crash the G_IO_HUP is watched in tcp_chr_connect, and the callback vhost_user_blk_watch is not needed, because tcp_chr_hup is registered as @@ -18,7 +18,7 @@ Signed-off-by: Peng Liang 2 files changed, 20 deletions(-) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index 85bc4017e7e9..dc66f8a5febd 100644 +index 85bc4017e7..dc66f8a5fe 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -346,18 +346,6 @@ static void vhost_user_blk_disconnect(DeviceState *dev) @@ -65,7 +65,7 @@ index 85bc4017e7e9..dc66f8a5febd 100644 qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event, diff --git a/include/hw/virtio/vhost-user-blk.h b/include/hw/virtio/vhost-user-blk.h -index 8dbf11c6f071..ad9b742a644c 100644 +index 8dbf11c6f0..ad9b742a64 100644 --- a/include/hw/virtio/vhost-user-blk.h +++ b/include/hw/virtio/vhost-user-blk.h @@ -38,7 +38,6 @@ typedef struct VHostUserBlk { @@ -77,5 +77,5 @@ index 8dbf11c6f071..ad9b742a644c 100644 } VHostUserBlk; -- -2.26.2 +2.23.0 diff --git a/hmp-vnc-Fix-info-vnc-list-leak.patch b/hmp-vnc-Fix-info-vnc-list-leak.patch index ccc4e1db511a18c5da864a1d8b2732e9a4cd8a1f..03780dd5ac590944603a610779e4192bedd55ddb 100644 --- a/hmp-vnc-Fix-info-vnc-list-leak.patch +++ b/hmp-vnc-Fix-info-vnc-list-leak.patch @@ -1,7 +1,7 @@ -From 6cb599f75b7844aefd7823ad97fc3bae70eff11f Mon Sep 17 00:00:00 2001 +From 714ede199c21da041c3e2812a358b14a93477424 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Mon, 23 Mar 2020 12:08:22 +0000 -Subject: [PATCH 06/14] hmp/vnc: Fix info vnc list leak +Subject: [PATCH] hmp/vnc: Fix info vnc list leak We're iterating the list, and then freeing the iteration pointer rather than the list head. @@ -18,7 +18,7 @@ Signed-off-by: Peng Liang 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c -index 5ca3ebe94272..fc5d6b92c4b6 100644 +index 5ca3ebe942..fc5d6b92c4 100644 --- a/monitor/hmp-cmds.c +++ b/monitor/hmp-cmds.c @@ -745,10 +745,11 @@ static void hmp_info_vnc_servers(Monitor *mon, VncServerInfo2List *server) @@ -44,5 +44,5 @@ index 5ca3ebe94272..fc5d6b92c4b6 100644 } #endif -- -2.26.2 +2.23.0 diff --git a/hppa-fix-leak-from-g_strdup_printf.patch b/hppa-fix-leak-from-g_strdup_printf.patch index b04193e380fe58ef14e91cb56d162abc264dce9b..a2e238b3bf1a2dedfd33e713760db1b7b508adfd 100644 --- a/hppa-fix-leak-from-g_strdup_printf.patch +++ b/hppa-fix-leak-from-g_strdup_printf.patch @@ -1,4 +1,4 @@ -From b7ef7e6fb5a2b08268f4b19c07c07abd4fbb2064 Mon Sep 17 00:00:00 2001 +From 0a19f6e789c7b5cffd4fcb4b1bd080479ce6681a Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 14:48:49 +0800 Subject: [PATCH] hppa: fix leak from g_strdup_printf @@ -17,7 +17,7 @@ Reviewed-by: Philippe Mathieu-Daudé 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c -index e94614ab..ef923b49 100644 +index e94614abbd..ef923b4969 100644 --- a/hw/hppa/dino.c +++ b/hw/hppa/dino.c @@ -485,6 +485,7 @@ PCIBus *dino_init(MemoryRegion *addr_space, @@ -29,7 +29,7 @@ index e94614ab..ef923b49 100644 /* Set up PCI view of memory: Bus master address space. */ diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c -index 662838d8..9e25660e 100644 +index 662838d83b..9e25660e19 100644 --- a/hw/hppa/machine.c +++ b/hw/hppa/machine.c @@ -78,13 +78,15 @@ static void machine_hppa_init(MachineState *machine) @@ -50,5 +50,5 @@ index 662838d8..9e25660e 100644 /* Limit main memory. */ -- -2.19.1 +2.23.0 diff --git a/hw-arm-acpi-enable-SHPC-native-hot-plug.patch b/hw-arm-acpi-enable-SHPC-native-hot-plug.patch index 2b2e530bb8e3555b4f9cf2a807b060ac62ccd9de..8e429c0a114a1bfc3a1d44413eb0dd9e4c8f48d3 100644 --- a/hw-arm-acpi-enable-SHPC-native-hot-plug.patch +++ b/hw-arm-acpi-enable-SHPC-native-hot-plug.patch @@ -1,4 +1,4 @@ -From 1ad2e774f4fd3f720d5db07e86fe60df13f21a6d Mon Sep 17 00:00:00 2001 +From 7a82db0be5b790b8546e5d55e82e78b73bfec3e8 Mon Sep 17 00:00:00 2001 From: Heyi Guo Date: Mon, 9 Dec 2019 14:37:19 +0800 Subject: [PATCH] hw/arm/acpi: enable SHPC native hot plug diff --git a/hw-arm-virt-Init-PMU-for-hotplugged-vCPU.patch b/hw-arm-virt-Init-PMU-for-hotplugged-vCPU.patch index c124df5394121fdb0415b3b85d04fc3417a747aa..9ad394a51c14b5a5b80b81c13fe3c73112fb5ab4 100644 --- a/hw-arm-virt-Init-PMU-for-hotplugged-vCPU.patch +++ b/hw-arm-virt-Init-PMU-for-hotplugged-vCPU.patch @@ -1,4 +1,4 @@ -From acc5162f1d1591ee4830f9b67934fc6d8a9ebbc1 Mon Sep 17 00:00:00 2001 +From 460541a74139586fbf744ecd25425a67aac8767f Mon Sep 17 00:00:00 2001 From: Keqian Zhu Date: Tue, 8 Sep 2020 22:09:44 +0800 Subject: [PATCH] hw/arm/virt: Init PMU for hotplugged vCPU @@ -12,7 +12,7 @@ Signed-off-by: Keqian Zhu 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c -index 7afc6c5e..7506d0ff 100644 +index 7afc6c5e91..7506d0ff32 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -605,6 +605,23 @@ static void fdt_add_gic_node(VirtMachineState *vms) @@ -70,4 +70,3 @@ index 7afc6c5e..7506d0ff 100644 -- 2.23.0 - diff --git a/hw-arm-virt-vTPM-support.patch b/hw-arm-virt-vTPM-support.patch index cbdc68e62f88981b10ebd459ce101caaf10dba6d..1c184e7892f90ff22849905a74f9319e74f1a14b 100644 --- a/hw-arm-virt-vTPM-support.patch +++ b/hw-arm-virt-vTPM-support.patch @@ -1,7 +1,7 @@ -From 443ebab9c299b04f020a6873454facb078723141 Mon Sep 17 00:00:00 2001 +From d911f3f6524d39972f6116b8f67fc4760edb79e9 Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Thu, 13 Aug 2020 20:01:10 +0800 -Subject: [PATCH 15/19] hw/arm/virt: vTPM support +Subject: [PATCH] hw/arm/virt: vTPM support Let the TPM TIS SYSBUS device be dynamically instantiable in ARM virt. A device tree node is dynamically created @@ -35,7 +35,7 @@ Signed-off-by: jiangfangjie 3 files changed, 41 insertions(+) diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig -index 15e18b0a..06e49f26 100644 +index 15e18b0a48..06e49f2669 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -5,6 +5,7 @@ config ARM_VIRT @@ -47,7 +47,7 @@ index 15e18b0a..06e49f26 100644 select ACPI select ARM_SMMUV3 diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c -index 57f94e65..c725d325 100644 +index 57f94e6581..c725d3255d 100644 --- a/hw/arm/sysbus-fdt.c +++ b/hw/arm/sysbus-fdt.c @@ -30,6 +30,7 @@ @@ -105,7 +105,7 @@ index 57f94e65..c725d325 100644 TYPE_BINDING("", NULL), /* last element */ }; diff --git a/hw/arm/virt.c b/hw/arm/virt.c -index 133d36a4..7afc6c5e 100644 +index 133d36a400..7afc6c5e91 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -47,6 +47,7 @@ diff --git a/hw-block-nvme-fix-pci-doorbell-size-calculation.patch b/hw-block-nvme-fix-pci-doorbell-size-calculation.patch index f0aa09670e471a344c220ae38b8f5ba43b263eaf..9ee58518c9b634eb0f7cfc1c9de018a71d66d567 100644 --- a/hw-block-nvme-fix-pci-doorbell-size-calculation.patch +++ b/hw-block-nvme-fix-pci-doorbell-size-calculation.patch @@ -1,7 +1,7 @@ -From 1aa42c9269c762ad1b7efa41e92f734b093dce1c Mon Sep 17 00:00:00 2001 +From 1c5443f595146ea42226b31ac8ca7ba176a08eec Mon Sep 17 00:00:00 2001 From: Klaus Jensen Date: Tue, 9 Jun 2020 21:03:12 +0200 -Subject: [PATCH 10/11] hw/block/nvme: fix pci doorbell size calculation +Subject: [PATCH] hw/block/nvme: fix pci doorbell size calculation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -33,7 +33,7 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/block/nvme.c b/hw/block/nvme.c -index 417068d8..edac2f1d 100644 +index e35c2e1027..4f3ab5034a 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -42,6 +42,9 @@ @@ -58,5 +58,5 @@ index 417068d8..edac2f1d 100644 n->namespaces = g_new0(NvmeNamespace, n->num_namespaces); -- -2.27.0.dirty +2.23.0 diff --git a/hw-block-nvme-fix-pin-based-interrupt-behavior.patch b/hw-block-nvme-fix-pin-based-interrupt-behavior.patch index 1fe1213d998869c0f87eabd5d75fc62c3750f06b..bc3bc09c17f6db6158a7b3313f38731de8450f89 100644 --- a/hw-block-nvme-fix-pin-based-interrupt-behavior.patch +++ b/hw-block-nvme-fix-pin-based-interrupt-behavior.patch @@ -1,87 +1,87 @@ -From 74ef18c90684f0ae18aef071b9e11a5e8796177b Mon Sep 17 00:00:00 2001 -From: alexchen -Date: Tue, 8 Sep 2020 11:17:20 +0000 -Subject: [PATCH] hw/block/nvme: fix pin-based interrupt behavior - -First, since the device only supports MSI-X or pin-based interrupt, if -MSI-X is not enabled, it should not accept interrupt vectors different -from 0 when creating completion queues. - -Secondly, the irq_status NvmeCtrl member is meant to be compared to the -INTMS register, so it should only be 32 bits wide. And it is really only -useful when used with multi-message MSI. - -Third, since we do not force a 1-to-1 correspondence between cqid and -interrupt vector, the irq_status register should not have bits set -according to cqid, but according to the associated interrupt vector. - -Fix these issues, but keep irq_status available so we can easily support -multi-message MSI down the line. - -Fixes: 5e9aa92eb1a5 ("hw/block: Fix pin-based interrupt behaviour of NVMe") -Cc: "Michael S. Tsirkin" -Cc: Marcel Apfelbaum -Signed-off-by: Klaus Jensen -Reviewed-by: Keith Busch -Message-Id: <20200609190333.59390-8-its@irrelevant.dk> -Signed-off-by: Kevin Wolf -Signed-off-by: BiaoXiang Ye -Signed-off-by: Zhenyu Ye ---- - hw/block/nvme.c | 12 ++++++++---- - hw/block/nvme.h | 2 +- - 2 files changed, 9 insertions(+), 5 deletions(-) - -diff --git a/hw/block/nvme.c b/hw/block/nvme.c -index 36d6a8bb..e35c2e10 100644 ---- a/hw/block/nvme.c -+++ b/hw/block/nvme.c -@@ -115,8 +115,8 @@ static void nvme_irq_assert(NvmeCtrl *n, NvmeCQueue *cq) - msix_notify(&(n->parent_obj), cq->vector); - } else { - trace_nvme_irq_pin(); -- assert(cq->cqid < 64); -- n->irq_status |= 1 << cq->cqid; -+ assert(cq->vector < 32); -+ n->irq_status |= 1 << cq->vector; - nvme_irq_check(n); - } - } else { -@@ -130,8 +130,8 @@ static void nvme_irq_deassert(NvmeCtrl *n, NvmeCQueue *cq) - if (msix_enabled(&(n->parent_obj))) { - return; - } else { -- assert(cq->cqid < 64); -- n->irq_status &= ~(1 << cq->cqid); -+ assert(cq->vector < 32); -+ n->irq_status &= ~(1 << cq->vector); - nvme_irq_check(n); - } - } -@@ -630,6 +630,10 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd) - trace_nvme_err_invalid_create_cq_addr(prp1); - return NVME_INVALID_FIELD | NVME_DNR; - } -+ if (unlikely(!msix_enabled(&n->parent_obj) && vector)) { -+ trace_nvme_err_invalid_create_cq_vector(vector); -+ return NVME_INVALID_IRQ_VECTOR | NVME_DNR; -+ } - if (unlikely(vector > n->num_queues)) { - trace_nvme_err_invalid_create_cq_vector(vector); - return NVME_INVALID_IRQ_VECTOR | NVME_DNR; -diff --git a/hw/block/nvme.h b/hw/block/nvme.h -index 557194ee..f4c1ff91 100644 ---- a/hw/block/nvme.h -+++ b/hw/block/nvme.h -@@ -78,7 +78,7 @@ typedef struct NvmeCtrl { - uint32_t cmbsz; - uint32_t cmbloc; - uint8_t *cmbuf; -- uint64_t irq_status; -+ uint32_t irq_status; - uint64_t host_timestamp; /* Timestamp sent by the host */ - uint64_t timestamp_set_qemu_clock_ms; /* QEMU clock time */ - --- -2.23.0 - +From fc4498f3595b85de1e18f283a0acaf01c6ac75d3 Mon Sep 17 00:00:00 2001 +From: alexchen +Date: Tue, 8 Sep 2020 11:17:20 +0000 +Subject: [PATCH] hw/block/nvme: fix pin-based interrupt behavior + +First, since the device only supports MSI-X or pin-based interrupt, if +MSI-X is not enabled, it should not accept interrupt vectors different +from 0 when creating completion queues. + +Secondly, the irq_status NvmeCtrl member is meant to be compared to the +INTMS register, so it should only be 32 bits wide. And it is really only +useful when used with multi-message MSI. + +Third, since we do not force a 1-to-1 correspondence between cqid and +interrupt vector, the irq_status register should not have bits set +according to cqid, but according to the associated interrupt vector. + +Fix these issues, but keep irq_status available so we can easily support +multi-message MSI down the line. + +Fixes: 5e9aa92eb1a5 ("hw/block: Fix pin-based interrupt behaviour of NVMe") +Cc: "Michael S. Tsirkin" +Cc: Marcel Apfelbaum +Signed-off-by: Klaus Jensen +Reviewed-by: Keith Busch +Message-Id: <20200609190333.59390-8-its@irrelevant.dk> +Signed-off-by: Kevin Wolf +Signed-off-by: BiaoXiang Ye +Signed-off-by: Zhenyu Ye +--- + hw/block/nvme.c | 12 ++++++++---- + hw/block/nvme.h | 2 +- + 2 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/hw/block/nvme.c b/hw/block/nvme.c +index 36d6a8bb3a..e35c2e1027 100644 +--- a/hw/block/nvme.c ++++ b/hw/block/nvme.c +@@ -115,8 +115,8 @@ static void nvme_irq_assert(NvmeCtrl *n, NvmeCQueue *cq) + msix_notify(&(n->parent_obj), cq->vector); + } else { + trace_nvme_irq_pin(); +- assert(cq->cqid < 64); +- n->irq_status |= 1 << cq->cqid; ++ assert(cq->vector < 32); ++ n->irq_status |= 1 << cq->vector; + nvme_irq_check(n); + } + } else { +@@ -130,8 +130,8 @@ static void nvme_irq_deassert(NvmeCtrl *n, NvmeCQueue *cq) + if (msix_enabled(&(n->parent_obj))) { + return; + } else { +- assert(cq->cqid < 64); +- n->irq_status &= ~(1 << cq->cqid); ++ assert(cq->vector < 32); ++ n->irq_status &= ~(1 << cq->vector); + nvme_irq_check(n); + } + } +@@ -630,6 +630,10 @@ static uint16_t nvme_create_cq(NvmeCtrl *n, NvmeCmd *cmd) + trace_nvme_err_invalid_create_cq_addr(prp1); + return NVME_INVALID_FIELD | NVME_DNR; + } ++ if (unlikely(!msix_enabled(&n->parent_obj) && vector)) { ++ trace_nvme_err_invalid_create_cq_vector(vector); ++ return NVME_INVALID_IRQ_VECTOR | NVME_DNR; ++ } + if (unlikely(vector > n->num_queues)) { + trace_nvme_err_invalid_create_cq_vector(vector); + return NVME_INVALID_IRQ_VECTOR | NVME_DNR; +diff --git a/hw/block/nvme.h b/hw/block/nvme.h +index 557194ee19..f4c1ff9131 100644 +--- a/hw/block/nvme.h ++++ b/hw/block/nvme.h +@@ -78,7 +78,7 @@ typedef struct NvmeCtrl { + uint32_t cmbsz; + uint32_t cmbloc; + uint8_t *cmbuf; +- uint64_t irq_status; ++ uint32_t irq_status; + uint64_t host_timestamp; /* Timestamp sent by the host */ + uint64_t timestamp_set_qemu_clock_ms; /* QEMU clock time */ + +-- +2.23.0 + diff --git a/hw-pci-pci_bridge-Correct-pci_bridge_io-memory-regio.patch b/hw-pci-pci_bridge-Correct-pci_bridge_io-memory-regio.patch index 76497d9ef4f4e111baba53cdd84ac7b7dbecb112..9d6a0a30e9b20fc7d34c857f3474a95bf13fedfe 100644 --- a/hw-pci-pci_bridge-Correct-pci_bridge_io-memory-regio.patch +++ b/hw-pci-pci_bridge-Correct-pci_bridge_io-memory-regio.patch @@ -1,8 +1,7 @@ -From 595a0d0a0f21cd73863ea3b78ecccb6e0ea8b7a8 Mon Sep 17 00:00:00 2001 +From 88e376c2dd8207ef6f2709374f4696f1dc8c3093 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 1 Jun 2020 16:29:25 +0200 -Subject: [PATCH 2/5] hw/pci/pci_bridge: Correct pci_bridge_io memory region - size +Subject: [PATCH] hw/pci/pci_bridge: Correct pci_bridge_io memory region size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -42,7 +41,7 @@ Reviewed-by: Richard Henderson 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c -index 715b9a4f..d67c691d 100644 +index 715b9a4fe6..d67c691d89 100644 --- a/hw/pci/pci_bridge.c +++ b/hw/pci/pci_bridge.c @@ -30,6 +30,7 @@ diff --git a/hw-ppc-Kconfig-Enable-TPM_SPAPR-as-part-of-PSERIES-c.patch b/hw-ppc-Kconfig-Enable-TPM_SPAPR-as-part-of-PSERIES-c.patch index ad3fc3a8356d20d28805db548c12b2b3745e8054..6a72f091841075599ca991464954e109d6012d78 100644 --- a/hw-ppc-Kconfig-Enable-TPM_SPAPR-as-part-of-PSERIES-c.patch +++ b/hw-ppc-Kconfig-Enable-TPM_SPAPR-as-part-of-PSERIES-c.patch @@ -1,8 +1,7 @@ -From 95cbe18c649a20f98562a993537a67e0ad78bf36 Mon Sep 17 00:00:00 2001 +From 84d9c6b4f9df563c6502cddf5ee3b31d8ba84cba Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 21 Jan 2020 10:29:34 -0500 -Subject: [PATCH 08/19] hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES - config +Subject: [PATCH] hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +19,7 @@ Signed-off-by: jiangfangjie 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig -index 4d4ab085..9e67d990 100644 +index 4d4ab0855c..9e67d990e8 100644 --- a/hw/tpm/Kconfig +++ b/hw/tpm/Kconfig @@ -25,6 +25,6 @@ config TPM_EMULATOR diff --git a/hw-tpm-rename-Error-parameter-to-more-common-errp.patch b/hw-tpm-rename-Error-parameter-to-more-common-errp.patch index a47a1ae68da792d7811b9d85cb5cbd5f5d5ac0cd..8dd3cb99ee29c0c661bb56419896314ec107954f 100644 --- a/hw-tpm-rename-Error-parameter-to-more-common-errp.patch +++ b/hw-tpm-rename-Error-parameter-to-more-common-errp.patch @@ -1,7 +1,7 @@ -From f2dceb3cde537210896a2cadb8958cfd310113a3 Mon Sep 17 00:00:00 2001 +From b984b6f9cfbb0b344a351740362d12cd128168f0 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Thu, 5 Dec 2019 20:46:30 +0300 -Subject: [PATCH 01/19] hw/tpm: rename Error ** parameter to more common errp +Subject: [PATCH] hw/tpm: rename Error ** parameter to more common errp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -17,7 +17,7 @@ Signed-off-by: jiangfangjie 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c -index fc0b512f..38bf5fd6 100644 +index fc0b512f4f..38bf5fd6a0 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -155,7 +155,7 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu, diff --git a/hw-usb-core.c-fix-buffer-overflow.patch b/hw-usb-core.c-fix-buffer-overflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..3e4c72cdb74426ec1c3b1cf40c09c24722b76e0f --- /dev/null +++ b/hw-usb-core.c-fix-buffer-overflow.patch @@ -0,0 +1,44 @@ +From e532a6dba233292110ae5e1ec6c32c5339d61333 Mon Sep 17 00:00:00 2001 +From: root +Date: Wed, 19 Aug 2020 17:04:04 +0800 +Subject: [PATCH] hw/usb/core.c fix buffer overflow + +Store calculated setup_len in a local variable, verify it, + and only write it to the struct (USBDevice->setup_len) in case it passed the + sanity checks. + +This prevents other code (do_token_{in,out} function specifically) +from working with invalid USBDevice->setup_len values and overruning +the USBDevice->setup_buf[] buffer. +Store +Fixes: CVE-2020-14364 +Signed-off-by: Gred Hoffman +--- + hw/usb/core.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/usb/core.c b/hw/usb/core.c +index 5abd128b6b..12342f1330 100644 +--- a/hw/usb/core.c ++++ b/hw/usb/core.c +@@ -144,6 +144,8 @@ static void do_token_setup(USBDevice *s, USBPacket *p) + "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", + s->setup_len, sizeof(s->data_buf)); + p->status = USB_RET_STALL; ++ s->setup_len = 0; ++ s->setup_state = SETUP_STATE_ACK; + return; + } + +@@ -277,6 +279,8 @@ static void do_parameter(USBDevice *s, USBPacket *p) + "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", + s->setup_len, sizeof(s->data_buf)); + p->status = USB_RET_STALL; ++ s->setup_len = 0; ++ s->setup_state = SETUP_STATE_ACK; + return; + } + +-- +2.23.0 + diff --git a/ide-fix-leak-from-qemu_allocate_irqs.patch b/ide-fix-leak-from-qemu_allocate_irqs.patch index dce6e906ce92e7e303d2198d7a612905ca0632c1..833720a827957cb8715311509065da2141144df5 100644 --- a/ide-fix-leak-from-qemu_allocate_irqs.patch +++ b/ide-fix-leak-from-qemu_allocate_irqs.patch @@ -1,4 +1,4 @@ -From df35f8fe2687df32cb65f6a03b8dd80314cc4c53 Mon Sep 17 00:00:00 2001 +From 9a40191479d473cb01137c32243b840cbefaec80 Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 15:00:08 +0800 Subject: [PATCH] ide: fix leak from qemu_allocate_irqs @@ -12,7 +12,7 @@ Reviewed-by: Thomas Huth 1 file changed, 1 insertion(+) diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c -index ed23aabf..a149cd6c 100644 +index ed23aabf21..2ed063a52d 100644 --- a/hw/ide/cmd646.c +++ b/hw/ide/cmd646.c @@ -299,6 +299,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error **errp) @@ -24,5 +24,5 @@ index ed23aabf..a149cd6c 100644 vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d); qemu_register_reset(cmd646_reset, d); -- -2.19.1 +2.23.0 diff --git a/linux-user-mmap.c-fix-integer-underflow-in-target_mr.patch b/linux-user-mmap.c-fix-integer-underflow-in-target_mr.patch index 2d0c6abf3d233a0694cec23a2097011c39d4fd1f..fdb3619e4150e82c2e50cdf6d8f866883e92af29 100644 --- a/linux-user-mmap.c-fix-integer-underflow-in-target_mr.patch +++ b/linux-user-mmap.c-fix-integer-underflow-in-target_mr.patch @@ -1,7 +1,7 @@ -From 7b4aded3f772ef43e2b600594f755eadd5da5958 Mon Sep 17 00:00:00 2001 +From 09642fb35441da30d15e64150e36de9afee454ed Mon Sep 17 00:00:00 2001 From: Jonathan Marler Date: Sat, 2 May 2020 10:12:25 -0600 -Subject: [PATCH 3/5] linux-user/mmap.c: fix integer underflow in target_mremap +Subject: [PATCH] linux-user/mmap.c: fix integer underflow in target_mremap Fixes: https://bugs.launchpad.net/bugs/1876373 @@ -17,7 +17,7 @@ Signed-off-by: Laurent Vivier 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c -index 46a6e3a7..2a9ca0c3 100644 +index 46a6e3a761..2a9ca0c3fa 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -740,7 +740,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, diff --git a/lm32-do-not-leak-memory-on-object_new-object_unref.patch b/lm32-do-not-leak-memory-on-object_new-object_unref.patch index 7ccc53684bb3d3224757209a4c1710883214fcc8..1f661904d105d7a21716c15e1f3d6f6bac52a565 100644 --- a/lm32-do-not-leak-memory-on-object_new-object_unref.patch +++ b/lm32-do-not-leak-memory-on-object_new-object_unref.patch @@ -1,4 +1,4 @@ -From d50be5295c49be1b6024f5902948b52e683b4c23 Mon Sep 17 00:00:00 2001 +From cac0612ee4b5c185485a54b004422ecbb5c17c60 Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 14:18:35 +0800 Subject: [PATCH] lm32: do not leak memory on object_new/object_unref @@ -21,7 +21,7 @@ Reviewed-by: Philippe Mathieu-Daudé 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hw/timer/lm32_timer.c b/hw/timer/lm32_timer.c -index 6ce876c6..13f15825 100644 +index 6ce876c6ae..13f1582512 100644 --- a/hw/timer/lm32_timer.c +++ b/hw/timer/lm32_timer.c @@ -184,9 +184,6 @@ static void lm32_timer_init(Object *obj) @@ -45,7 +45,7 @@ index 6ce876c6..13f15825 100644 } diff --git a/hw/timer/milkymist-sysctl.c b/hw/timer/milkymist-sysctl.c -index a9d25087..2f1ecc6d 100644 +index a9d250877c..2f1ecc6dba 100644 --- a/hw/timer/milkymist-sysctl.c +++ b/hw/timer/milkymist-sysctl.c @@ -280,11 +280,6 @@ static void milkymist_sysctl_init(Object *obj) @@ -73,5 +73,5 @@ index a9d25087..2f1ecc6d 100644 ptimer_set_freq(s->ptimer1, s->freq_hz); } -- -2.19.1 +2.23.0 diff --git a/make-check-unit-use-after-free-in-test-opts-visitor.patch b/make-check-unit-use-after-free-in-test-opts-visitor.patch index 590970004769b464b68977639a0e5e823bb9b9ac..2672dfacf89eaceaed1168a0b244c28baceaf354 100644 --- a/make-check-unit-use-after-free-in-test-opts-visitor.patch +++ b/make-check-unit-use-after-free-in-test-opts-visitor.patch @@ -1,4 +1,4 @@ -From e3dfb5d2848975e9e947cb894afac87ce386a2bc Mon Sep 17 00:00:00 2001 +From 6d5cde99bcc14917bff38f40d0f126c433eaeade Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 15:18:52 +0800 Subject: [PATCH] make check-unit: use after free in test-opts-visitor @@ -19,7 +19,7 @@ Message-Id: <1565024586-387112-1-git-send-email-andrey.shinkevich@virtuozzo.com> 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c -index 324b1974..42d87df6 100644 +index 324b197495..42d87df681 100644 --- a/qapi/opts-visitor.c +++ b/qapi/opts-visitor.c @@ -24,7 +24,8 @@ enum ListMode @@ -98,5 +98,5 @@ index 324b1974..42d87df6 100644 return g_queue_peek_head(ov->repeated_opts); } -- -2.19.1 +2.23.0 diff --git a/mcf5208-fix-leak-from-qemu_allocate_irqs.patch b/mcf5208-fix-leak-from-qemu_allocate_irqs.patch index 7e254f577e4f08bc332bb94dda769ce9a584c623..d2ad1731068016afb85c33674af5364d5a18a896 100644 --- a/mcf5208-fix-leak-from-qemu_allocate_irqs.patch +++ b/mcf5208-fix-leak-from-qemu_allocate_irqs.patch @@ -1,4 +1,4 @@ -From 07b7cdb648124748c34be299fbfdfe3b6e38a521 Mon Sep 17 00:00:00 2001 +From e285e509d02a1d0568ad3df7c4f556b9f16a33f8 Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 14:53:00 +0800 Subject: [PATCH] mcf5208: fix leak from qemu_allocate_irqs @@ -12,7 +12,7 @@ Reviewed-by: Thomas Huth 1 file changed, 2 insertions(+) diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c -index 6f6efae9..cc765eac 100644 +index 6f6efae9fc..cc765eaca5 100644 --- a/hw/m68k/mcf5208.c +++ b/hw/m68k/mcf5208.c @@ -270,6 +270,8 @@ static void mcf5208evb_init(MachineState *machine) @@ -25,5 +25,5 @@ index 6f6efae9..cc765eac 100644 /* 0xfc004000 XBS. */ /* 0xfc008000 FlexBus CS. */ -- -2.19.1 +2.23.0 diff --git a/microblaze-fix-leak-of-fdevice-tree-blob.patch b/microblaze-fix-leak-of-fdevice-tree-blob.patch index dd845e80cef5f3315e44417f3b7eeaa60ce6b8bb..c2f9ab8ba8cbad1f00fcf622597258f1b40e9401 100644 --- a/microblaze-fix-leak-of-fdevice-tree-blob.patch +++ b/microblaze-fix-leak-of-fdevice-tree-blob.patch @@ -1,4 +1,4 @@ -From 2ff9c28e2b72cd359a0c4e931412e355baee8e1e Mon Sep 17 00:00:00 2001 +From d16f5f86caa4b6c349326737a8fca1957727269a Mon Sep 17 00:00:00 2001 From: lizhengui Date: Wed, 9 Sep 2020 14:55:11 +0800 Subject: [PATCH] microblaze: fix leak of fdevice tree blob @@ -16,7 +16,7 @@ Reviewed-by: Philippe Mathieu-Daudé 1 file changed, 1 insertion(+) diff --git a/hw/microblaze/boot.c b/hw/microblaze/boot.c -index a7af4c07..0fcc4e9d 100644 +index a7af4c0704..0fcc4e9de2 100644 --- a/hw/microblaze/boot.c +++ b/hw/microblaze/boot.c @@ -99,6 +99,7 @@ static int microblaze_load_dtb(hwaddr addr, @@ -28,5 +28,5 @@ index a7af4c07..0fcc4e9d 100644 } -- -2.19.1 +2.23.0 diff --git a/migration-Change-SaveStateEntry.instance_id-into-uin.patch b/migration-Change-SaveStateEntry.instance_id-into-uin.patch index 3eb83b3996ccd7b934d7ca5c65800ead9c0ae3bd..1d8e353dc1e5c52c9844d57d27e93397e96c50c0 100644 --- a/migration-Change-SaveStateEntry.instance_id-into-uin.patch +++ b/migration-Change-SaveStateEntry.instance_id-into-uin.patch @@ -1,8 +1,7 @@ -From 2eadc5c611ca8cc916f74c0f393f1fd942903ef7 Mon Sep 17 00:00:00 2001 +From 0c6f0f1041fd3696df92a5335c7d12c5c6d8d640 Mon Sep 17 00:00:00 2001 From: Peter Xu Date: Wed, 16 Oct 2019 10:29:31 +0800 -Subject: [PATCH 6/8] migration: Change SaveStateEntry.instance_id into - uint32_t +Subject: [PATCH] migration: Change SaveStateEntry.instance_id into uint32_t It was always used as 32bit, so define it as used to be clear. Instead of using -1 as the auto-gen magic value, we switch to @@ -22,7 +21,7 @@ Signed-off-by: Juan Quintela 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c -index faea1af..07adba0 100644 +index faea1af5d6..07adba04ef 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -313,7 +313,7 @@ static void apic_common_realize(DeviceState *dev, Error **errp) @@ -35,7 +34,7 @@ index faea1af..07adba0 100644 info = APIC_COMMON_GET_CLASS(s); info->realize(dev, errp); diff --git a/include/migration/register.h b/include/migration/register.h -index 3d0b983..8b2bc5b 100644 +index 3d0b9833c6..8b2bc5b129 100644 --- a/include/migration/register.h +++ b/include/migration/register.h @@ -70,7 +70,7 @@ typedef struct SaveVMHandlers { @@ -48,7 +47,7 @@ index 3d0b983..8b2bc5b 100644 const SaveVMHandlers *ops, void *opaque); diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h -index 92f531a..8abd2e3 100644 +index 92f531a59a..8abd2e3b80 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -1117,7 +1117,7 @@ bool vmstate_save_needed(const VMStateDescription *vmsd, void *opaque); @@ -61,7 +60,7 @@ index 92f531a..8abd2e3 100644 void *base, int alias_id, int required_for_version, diff --git a/migration/savevm.c b/migration/savevm.c -index 62552ab..7d89c57 100644 +index 62552ab16e..7d89c57c49 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -229,7 +229,7 @@ typedef struct CompatEntry { @@ -141,7 +140,7 @@ index 62552ab..7d89c57 100644 return ret; } diff --git a/stubs/vmstate.c b/stubs/vmstate.c -index e1e89b8..4ed5cc6 100644 +index e1e89b87f0..4ed5cc6e9e 100644 --- a/stubs/vmstate.c +++ b/stubs/vmstate.c @@ -4,7 +4,7 @@ @@ -154,5 +153,5 @@ index e1e89b8..4ed5cc6 100644 void *base, int alias_id, int required_for_version, -- -1.8.3.1 +2.23.0 diff --git a/migration-Count-new_dirty-instead-of-real_dirty.patch b/migration-Count-new_dirty-instead-of-real_dirty.patch index a9ff297ffac9fb42ce63ef8a256e648adf1166dd..a018e5fd20927c1dc339ac04fe1a9fbf76459785 100644 --- a/migration-Count-new_dirty-instead-of-real_dirty.patch +++ b/migration-Count-new_dirty-instead-of-real_dirty.patch @@ -1,7 +1,7 @@ -From 63320ae36834e4ff2f0d139f205c464caa3887b4 Mon Sep 17 00:00:00 2001 +From 11923e7e0ea96edae85d9c863f82eeffa3af9cee Mon Sep 17 00:00:00 2001 From: Keqian Zhu Date: Mon, 22 Jun 2020 11:20:37 +0800 -Subject: [PATCH 04/11] migration: Count new_dirty instead of real_dirty +Subject: [PATCH] migration: Count new_dirty instead of real_dirty real_dirty_pages becomes equal to total ram size after dirty log sync in ram_init_bitmaps, the reason is that the bitmap of ramblock is @@ -21,7 +21,7 @@ Signed-off-by: BiaoXiang Ye 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h -index b7b2e60f..52344066 100644 +index b7b2e60ff6..523440662b 100644 --- a/include/exec/ram_addr.h +++ b/include/exec/ram_addr.h @@ -485,8 +485,7 @@ static inline void cpu_physical_memory_clear_dirty_range(ram_addr_t start, @@ -51,7 +51,7 @@ index b7b2e60f..52344066 100644 if (!test_and_set_bit(k, dest)) { num_dirty++; diff --git a/migration/ram.c b/migration/ram.c -index 840e3548..83cabec6 100644 +index 840e35480b..83cabec600 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -1765,9 +1765,11 @@ static inline bool migration_bitmap_clear_dirty(RAMState *rs, @@ -70,5 +70,5 @@ index 840e3548..83cabec6 100644 /** -- -2.27.0.dirty +2.23.0 diff --git a/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch b/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch index cd32b04997c14345aa7f488cd1a960a106d9aa15..0db1f63ed1a8959bf367787895fbceedd0518eb2 100644 --- a/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch +++ b/migration-Define-VMSTATE_INSTANCE_ID_ANY.patch @@ -1,7 +1,7 @@ -From 21e049e2941b108df45c9089cbf7539caae538e6 Mon Sep 17 00:00:00 2001 +From d0a95dd0b1a41b3ff4c7c890e1b8c8ea6136a959 Mon Sep 17 00:00:00 2001 From: Peter Xu Date: Wed, 16 Oct 2019 10:29:30 +0800 -Subject: [PATCH 5/8] migration: Define VMSTATE_INSTANCE_ID_ANY +Subject: [PATCH] migration: Define VMSTATE_INSTANCE_ID_ANY Define the new macro VMSTATE_INSTANCE_ID_ANY for callers who wants to auto-generate the vmstate instance ID. Previously it was hard coded @@ -29,7 +29,7 @@ Signed-off-by: Juan Quintela 14 files changed, 24 insertions(+), 16 deletions(-) diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c -index 499035f..3432033 100644 +index 499035f5c8..3432033166 100644 --- a/hw/arm/stellaris.c +++ b/hw/arm/stellaris.c @@ -705,7 +705,7 @@ static int stellaris_sys_init(uint32_t base, qemu_irq irq, @@ -42,7 +42,7 @@ index 499035f..3432033 100644 } diff --git a/hw/core/qdev.c b/hw/core/qdev.c -index 94ebc0a..4b32f2f 100644 +index 94ebc0a4a1..4b32f2f46d 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -848,7 +848,9 @@ static void device_set_realized(Object *obj, bool value, Error **errp) @@ -57,7 +57,7 @@ index 94ebc0a..4b32f2f 100644 dev->alias_required_for_version, &local_err) < 0) { diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c -index 1a97e97..be1802e 100644 +index 1a97e97638..be1802e5ec 100644 --- a/hw/display/ads7846.c +++ b/hw/display/ads7846.c @@ -152,7 +152,7 @@ static void ads7846_realize(SSISlave *d, Error **errp) @@ -70,7 +70,7 @@ index 1a97e97..be1802e 100644 static void ads7846_class_init(ObjectClass *klass, void *data) diff --git a/hw/i2c/core.c b/hw/i2c/core.c -index 20f36f1..186702b 100644 +index 20f36f1d55..186702b576 100644 --- a/hw/i2c/core.c +++ b/hw/i2c/core.c @@ -59,7 +59,7 @@ I2CBus *i2c_init_bus(DeviceState *parent, const char *name) @@ -83,7 +83,7 @@ index 20f36f1..186702b 100644 } diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c -index 3a666d6..6c5b6d8 100644 +index 3a666d61d4..6c5b6d823d 100644 --- a/hw/input/stellaris_input.c +++ b/hw/input/stellaris_input.c @@ -86,5 +86,6 @@ void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode) @@ -95,7 +95,7 @@ index 3a666d6..6c5b6d8 100644 + &vmstate_stellaris_gamepad, s); } diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c -index e764a2b..faea1af 100644 +index e764a2bb03..faea1af5d6 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -329,7 +329,7 @@ static void apic_common_realize(DeviceState *dev, Error **errp) @@ -108,7 +108,7 @@ index e764a2b..faea1af 100644 vmstate_register_with_alias_id(NULL, instance_id, &vmstate_apic_common, s, -1, 0, NULL); diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c -index d373ece..364cb01 100644 +index d373ece0c9..364cb0147b 100644 --- a/hw/misc/max111x.c +++ b/hw/misc/max111x.c @@ -144,7 +144,8 @@ static int max111x_init(SSISlave *d, int inputs) @@ -122,7 +122,7 @@ index d373ece..364cb01 100644 } diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c -index 6607c91..03edd25 100644 +index 6607c9142d..03edd25468 100644 --- a/hw/net/eepro100.c +++ b/hw/net/eepro100.c @@ -1872,7 +1872,8 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error **errp) @@ -136,7 +136,7 @@ index 6607c91..03edd25 100644 static void eepro100_instance_init(Object *obj) diff --git a/hw/pci/pci.c b/hw/pci/pci.c -index 8076a80..e74143c 100644 +index 8076a80ab3..e74143ccc3 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -118,7 +118,7 @@ static void pci_bus_realize(BusState *qbus, Error **errp) @@ -149,7 +149,7 @@ index 8076a80..e74143c 100644 static void pcie_bus_realize(BusState *qbus, Error **errp) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c -index 12ed4b0..b0f37c3 100644 +index 12ed4b065c..b0f37c34a4 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -3069,7 +3069,7 @@ static void spapr_machine_init(MachineState *machine) @@ -162,7 +162,7 @@ index 12ed4b0..b0f37c3 100644 qbus_set_hotplug_handler(sysbus_get_default(), OBJECT(machine), diff --git a/hw/timer/arm_timer.c b/hw/timer/arm_timer.c -index f0a7534..1ce4e01 100644 +index f0a753404d..1ce4e01a09 100644 --- a/hw/timer/arm_timer.c +++ b/hw/timer/arm_timer.c @@ -172,7 +172,7 @@ static arm_timer_state *arm_timer_init(uint32_t freq) @@ -175,7 +175,7 @@ index f0a7534..1ce4e01 100644 } diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c -index 38bf5fd..836c489 100644 +index 38bf5fd6a0..836c48936a 100644 --- a/hw/tpm/tpm_emulator.c +++ b/hw/tpm/tpm_emulator.c @@ -914,7 +914,8 @@ static void tpm_emulator_inst_init(Object *obj) @@ -189,7 +189,7 @@ index 38bf5fd..836c489 100644 /* diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h -index c2bfa7a..92f531a 100644 +index c2bfa7a7f0..92f531a59a 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -1114,6 +1114,8 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd, @@ -202,7 +202,7 @@ index c2bfa7a..92f531a 100644 int vmstate_register_with_alias_id(DeviceState *dev, int instance_id, const VMStateDescription *vmsd, diff --git a/migration/savevm.c b/migration/savevm.c -index 480c511..62552ab 100644 +index 480c511b19..62552ab16e 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -722,7 +722,7 @@ int register_savevm_live(DeviceState *dev, @@ -233,5 +233,5 @@ index 480c511..62552ab 100644 } else { se->instance_id = instance_id; -- -1.8.3.1 +2.23.0 diff --git a/migration-colo-fix-use-after-free-of-local_err.patch b/migration-colo-fix-use-after-free-of-local_err.patch index c03ceb5120bc3069ac123cc9c2702653c4d2da17..f053fff10bda33d1eaa1a200b03207335ed5009a 100644 --- a/migration-colo-fix-use-after-free-of-local_err.patch +++ b/migration-colo-fix-use-after-free-of-local_err.patch @@ -1,7 +1,7 @@ -From 663e9b5f25d22834260a0686f77a27c957cd7b2f Mon Sep 17 00:00:00 2001 +From 1e9abf666ab9cd5fb59db3d1183397c3916b5853 Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Tue, 24 Mar 2020 18:36:28 +0300 -Subject: [PATCH 07/14] migration/colo: fix use after free of local_err +Subject: [PATCH] migration/colo: fix use after free of local_err local_err is used again in secondary_vm_do_failover() after replication_stop_all(), so we must zero it. Otherwise try to set @@ -17,7 +17,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+) diff --git a/migration/colo.c b/migration/colo.c -index 9f84b1fa3c0f..761b3544d472 100644 +index 9f84b1fa3c..761b3544d4 100644 --- a/migration/colo.c +++ b/migration/colo.c @@ -89,6 +89,7 @@ static void secondary_vm_do_failover(void) @@ -29,5 +29,5 @@ index 9f84b1fa3c0f..761b3544d472 100644 /* Notify all filters of all NIC to do checkpoint */ -- -2.26.2 +2.23.0 diff --git a/migration-fix-cleanup_bh-leak-on-resume.patch b/migration-fix-cleanup_bh-leak-on-resume.patch index 6b75ed01b8faa4c3d5b9d1e17e6d3d205daa2396..4feb1b8d3ea8b09e7cfe940f43ff4263bfe04f69 100644 --- a/migration-fix-cleanup_bh-leak-on-resume.patch +++ b/migration-fix-cleanup_bh-leak-on-resume.patch @@ -1,64 +1,64 @@ -From 1d7c227bbb24665cea03f96a984ad6be223ac40c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Wed, 25 Mar 2020 19:47:21 +0100 -Subject: [PATCH 2/5] migration: fix cleanup_bh leak on resume -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since commit 8c6b0356b53977bcfdea5299db07884915425b0c ("util/async: -make bh_aio_poll() O(1)"), migration-test reveals a leak: - -QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 -tests/qtest/migration-test -p /x86_64/migration/postcopy/recovery -tests/qtest/libqtest.c:140: kill_qemu() tried to terminate QEMU -process but encountered exit status 1 (expected 0) - -================================================================= -==2082571==ERROR: LeakSanitizer: detected memory leaks - -Direct leak of 40 byte(s) in 1 object(s) allocated from: - #0 0x7f25971dfc58 in __interceptor_malloc (/lib64/libasan.so.5+0x10dc58) - #1 0x7f2596d08358 in g_malloc (/lib64/libglib-2.0.so.0+0x57358) - #2 0x560970d006f8 in qemu_bh_new /home/elmarco/src/qemu/util/main-loop.c:532 - #3 0x5609704afa02 in migrate_fd_connect -/home/elmarco/src/qemu/migration/migration.c:3407 - #4 0x5609704b6b6f in migration_channel_connect -/home/elmarco/src/qemu/migration/channel.c:92 - #5 0x5609704b2bfb in socket_outgoing_migration -/home/elmarco/src/qemu/migration/socket.c:108 - #6 0x560970b9bd6c in qio_task_complete /home/elmarco/src/qemu/io/task.c:196 - #7 0x560970b9aa97 in qio_task_thread_result -/home/elmarco/src/qemu/io/task.c:111 - #8 0x7f2596cfee3a (/lib64/libglib-2.0.so.0+0x4de3a) - -Signed-off-by: Marc-André Lureau -Message-Id: <20200325184723.2029630-2-marcandre.lureau@redhat.com> -Reviewed-by: Juan Quintela -Signed-off-by: Paolo Bonzini -Signed-off-by: Zhenyu Ye ---- - migration/migration.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/migration/migration.c b/migration/migration.c -index 8f2fc2b4..7949f2a4 100644 ---- a/migration/migration.c -+++ b/migration/migration.c -@@ -3313,7 +3313,12 @@ void migrate_fd_connect(MigrationState *s, Error *error_in) - bool resume = s->state == MIGRATION_STATUS_POSTCOPY_PAUSED; - - s->expected_downtime = s->parameters.downtime_limit; -- s->cleanup_bh = qemu_bh_new(migrate_fd_cleanup_bh, s); -+ if (resume) { -+ assert(s->cleanup_bh); -+ } else { -+ assert(!s->cleanup_bh); -+ s->cleanup_bh = qemu_bh_new(migrate_fd_cleanup_bh, s); -+ } - if (error_in) { - migrate_fd_error(s, error_in); - migrate_fd_cleanup(s); --- -2.22.0.windows.1 - +From e3896ecfd74f76deb1ea626467a6b005de685f47 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Wed, 25 Mar 2020 19:47:21 +0100 +Subject: [PATCH] migration: fix cleanup_bh leak on resume +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since commit 8c6b0356b53977bcfdea5299db07884915425b0c ("util/async: +make bh_aio_poll() O(1)"), migration-test reveals a leak: + +QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 +tests/qtest/migration-test -p /x86_64/migration/postcopy/recovery +tests/qtest/libqtest.c:140: kill_qemu() tried to terminate QEMU +process but encountered exit status 1 (expected 0) + +================================================================= +==2082571==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 40 byte(s) in 1 object(s) allocated from: + #0 0x7f25971dfc58 in __interceptor_malloc (/lib64/libasan.so.5+0x10dc58) + #1 0x7f2596d08358 in g_malloc (/lib64/libglib-2.0.so.0+0x57358) + #2 0x560970d006f8 in qemu_bh_new /home/elmarco/src/qemu/util/main-loop.c:532 + #3 0x5609704afa02 in migrate_fd_connect +/home/elmarco/src/qemu/migration/migration.c:3407 + #4 0x5609704b6b6f in migration_channel_connect +/home/elmarco/src/qemu/migration/channel.c:92 + #5 0x5609704b2bfb in socket_outgoing_migration +/home/elmarco/src/qemu/migration/socket.c:108 + #6 0x560970b9bd6c in qio_task_complete /home/elmarco/src/qemu/io/task.c:196 + #7 0x560970b9aa97 in qio_task_thread_result +/home/elmarco/src/qemu/io/task.c:111 + #8 0x7f2596cfee3a (/lib64/libglib-2.0.so.0+0x4de3a) + +Signed-off-by: Marc-André Lureau +Message-Id: <20200325184723.2029630-2-marcandre.lureau@redhat.com> +Reviewed-by: Juan Quintela +Signed-off-by: Paolo Bonzini +Signed-off-by: Zhenyu Ye +--- + migration/migration.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/migration/migration.c b/migration/migration.c +index 8f2fc2b4ff..7949f2a40b 100644 +--- a/migration/migration.c ++++ b/migration/migration.c +@@ -3313,7 +3313,12 @@ void migrate_fd_connect(MigrationState *s, Error *error_in) + bool resume = s->state == MIGRATION_STATUS_POSTCOPY_PAUSED; + + s->expected_downtime = s->parameters.downtime_limit; +- s->cleanup_bh = qemu_bh_new(migrate_fd_cleanup_bh, s); ++ if (resume) { ++ assert(s->cleanup_bh); ++ } else { ++ assert(!s->cleanup_bh); ++ s->cleanup_bh = qemu_bh_new(migrate_fd_cleanup_bh, s); ++ } + if (error_in) { + migrate_fd_error(s, error_in); + migrate_fd_cleanup(s); +-- +2.23.0 + diff --git a/migration-fix-multifd_send_pages-next-channel.patch b/migration-fix-multifd_send_pages-next-channel.patch index 4bb113c644c4175386636e02a5d7188e8c2e408c..3331022e6546e58fd0341e06885b1cd4c118fd77 100644 --- a/migration-fix-multifd_send_pages-next-channel.patch +++ b/migration-fix-multifd_send_pages-next-channel.patch @@ -1,7 +1,7 @@ -From c11a23b92334ae86eddfdc2b155d404293891985 Mon Sep 17 00:00:00 2001 +From 47941939da5cfe42b9b0e5c60a8b91f22b6a7a43 Mon Sep 17 00:00:00 2001 From: alexchen Date: Tue, 8 Sep 2020 11:18:50 +0000 -Subject: [PATCH 08/11] migration: fix multifd_send_pages() next channel +Subject: [PATCH] migration: fix multifd_send_pages() next channel multifd_send_pages() loops around the available channels, the next channel to use between two calls to multifd_send_pages() is stored @@ -29,7 +29,7 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 6 insertions(+) diff --git a/migration/ram.c b/migration/ram.c -index 83cabec6..ac033f22 100644 +index 83cabec600..ac033f2249 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -931,6 +931,12 @@ static int multifd_send_pages(RAMState *rs) @@ -46,5 +46,5 @@ index 83cabec6..ac033f22 100644 p = &multifd_send_state->params[i]; -- -2.27.0.dirty +2.23.0 diff --git a/migration-multifd-clean-pages-after-filling-packet.patch b/migration-multifd-clean-pages-after-filling-packet.patch index 596c5244691dc0a60a486598a74e23466a62645b..cde214b129d1073b72a137d17e078e5e387ce444 100644 --- a/migration-multifd-clean-pages-after-filling-packet.patch +++ b/migration-multifd-clean-pages-after-filling-packet.patch @@ -1,7 +1,7 @@ -From 0f7e704a4faa661583ea6d82659f206e561f23d4 Mon Sep 17 00:00:00 2001 +From ec4fb2e8cd05b86bee9f67f8fdb40a776da36ca8 Mon Sep 17 00:00:00 2001 From: Wei Yang Date: Sat, 26 Oct 2019 07:19:59 +0800 -Subject: [PATCH 3/8] migration/multifd: clean pages after filling packet +Subject: [PATCH] migration/multifd: clean pages after filling packet This is a preparation for the next patch: @@ -22,10 +22,10 @@ Signed-off-by: Juan Quintela 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/migration/ram.c b/migration/ram.c -index 840e354..c2eb1ed 100644 +index dbb1a9b12f..d770cfeebe 100644 --- a/migration/ram.c +++ b/migration/ram.c -@@ -947,10 +947,10 @@ static int multifd_send_pages(RAMState *rs) +@@ -953,10 +953,10 @@ static int multifd_send_pages(RAMState *rs) } qemu_mutex_unlock(&p->mutex); } @@ -38,7 +38,7 @@ index 840e354..c2eb1ed 100644 multifd_send_state->pages = p->pages; p->pages = pages; transferred = ((uint64_t) pages->used) * TARGET_PAGE_SIZE + p->packet_len; -@@ -1137,6 +1137,7 @@ static void *multifd_send_thread(void *opaque) +@@ -1143,6 +1143,7 @@ static void *multifd_send_thread(void *opaque) p->num_packets++; p->num_pages += used; p->pages->used = 0; @@ -47,5 +47,5 @@ index 840e354..c2eb1ed 100644 trace_multifd_send(p->id, packet_num, used, flags, -- -1.8.3.1 +2.23.0 diff --git a/migration-multifd-not-use-multifd-during-postcopy.patch b/migration-multifd-not-use-multifd-during-postcopy.patch index 6df61bfdd8d637854acea0e13e787db04dbdeca2..cca8ebf1c88ceaa5afb5b2410c84cacdb8012669 100644 --- a/migration-multifd-not-use-multifd-during-postcopy.patch +++ b/migration-multifd-not-use-multifd-during-postcopy.patch @@ -1,7 +1,7 @@ -From 7331554bd6ab230404b20d612aed20a95c20eba6 Mon Sep 17 00:00:00 2001 +From bbf11fe262b889bdaa389963c426354e67271190 Mon Sep 17 00:00:00 2001 From: Wei Yang Date: Sat, 26 Oct 2019 07:20:00 +0800 -Subject: [PATCH 4/8] migration/multifd: not use multifd during postcopy +Subject: [PATCH] migration/multifd: not use multifd during postcopy We don't support multifd during postcopy, but user still could enable both multifd and postcopy. This leads to migration failure. @@ -16,10 +16,10 @@ Signed-off-by: Juan Quintela 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/migration/ram.c b/migration/ram.c -index c2eb1ed..aace3a5 100644 +index d770cfeebe..848059d9fb 100644 --- a/migration/ram.c +++ b/migration/ram.c -@@ -2571,10 +2571,13 @@ static int ram_save_target_page(RAMState *rs, PageSearchStatus *pss, +@@ -2580,10 +2580,13 @@ static int ram_save_target_page(RAMState *rs, PageSearchStatus *pss, } /* @@ -37,5 +37,5 @@ index c2eb1ed..aace3a5 100644 } -- -1.8.3.1 +2.23.0 diff --git a/migration-ram-fix-use-after-free-of-local_err.patch b/migration-ram-fix-use-after-free-of-local_err.patch index f74e3b18df98ae0e5a88ff9224fa06c8ea24197a..04b7a90173b1354c5c74eb1ce707527cf77c08a6 100644 --- a/migration-ram-fix-use-after-free-of-local_err.patch +++ b/migration-ram-fix-use-after-free-of-local_err.patch @@ -1,7 +1,7 @@ -From 019526f7f7b42a7d1b8a74e1db6a8050adf9e1fb Mon Sep 17 00:00:00 2001 +From d0ebf0cd0a3f55c99073e33d4abf6f44a99f7dbb Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Tue, 24 Mar 2020 18:36:29 +0300 -Subject: [PATCH 08/14] migration/ram: fix use after free of local_err +Subject: [PATCH] migration/ram: fix use after free of local_err local_err is used again in migration_bitmap_sync_precopy() after precopy_notify(), so we must zero it. Otherwise try to set @@ -17,10 +17,10 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+) diff --git a/migration/ram.c b/migration/ram.c -index 840e35480b04..5d1ae7570018 100644 +index ac033f2249..dbb1a9b12f 100644 --- a/migration/ram.c +++ b/migration/ram.c -@@ -1912,6 +1912,7 @@ static void migration_bitmap_sync_precopy(RAMState *rs) +@@ -1920,6 +1920,7 @@ static void migration_bitmap_sync_precopy(RAMState *rs) */ if (precopy_notify(PRECOPY_NOTIFY_BEFORE_BITMAP_SYNC, &local_err)) { error_report_err(local_err); @@ -29,5 +29,5 @@ index 840e35480b04..5d1ae7570018 100644 migration_bitmap_sync(rs); -- -2.26.2 +2.23.0 diff --git a/migration-rdma-cleanup-rdma-context-before-g_free-to.patch b/migration-rdma-cleanup-rdma-context-before-g_free-to.patch index a39894ada540a713645b0735b719eb4d5a3edbff..8e9a379be6129ff48f8d94ef55c7405d554eb64c 100644 --- a/migration-rdma-cleanup-rdma-context-before-g_free-to.patch +++ b/migration-rdma-cleanup-rdma-context-before-g_free-to.patch @@ -1,8 +1,8 @@ -From 9867dc6fc3f131324b73664b9617376270d8d013 Mon Sep 17 00:00:00 2001 +From 30ca683bb07b2fbf07e643e21abddf0c976cab81 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Fri, 8 May 2020 06:07:55 -0400 -Subject: [PATCH 4/5] migration/rdma: cleanup rdma context before g_free to - avoid memleaks +Subject: [PATCH] migration/rdma: cleanup rdma context before g_free to avoid + memleaks When error happen in initializing 'rdma_return_path', we should cleanup rdma context before g_free(rdma) to avoid some memleaks. This patch fix that. @@ -17,10 +17,10 @@ Signed-off-by: Dr. David Alan Gilbert 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/migration/rdma.c b/migration/rdma.c -index 3036221e..bb24dac5 100644 +index b5fdb6a7b0..bea2e8dc79 100644 --- a/migration/rdma.c +++ b/migration/rdma.c -@@ -4103,20 +4103,20 @@ void rdma_start_outgoing_migration(void *opaque, +@@ -4106,20 +4106,20 @@ void rdma_start_outgoing_migration(void *opaque, rdma_return_path = qemu_rdma_data_init(host_port, errp); if (rdma_return_path == NULL) { @@ -44,7 +44,7 @@ index 3036221e..bb24dac5 100644 } rdma->return_path = rdma_return_path; -@@ -4129,6 +4129,8 @@ void rdma_start_outgoing_migration(void *opaque, +@@ -4132,6 +4132,8 @@ void rdma_start_outgoing_migration(void *opaque, s->to_dst_file = qemu_fopen_rdma(rdma, "wb"); migrate_fd_connect(s, NULL); return; diff --git a/migration-savevm-release-gslist-after-dump_vmstate_j.patch b/migration-savevm-release-gslist-after-dump_vmstate_j.patch index d5ec9b881005dc21ec927a9f4b37f57999c89c1f..ed22d3d3ea23adb191f55c092c55024e6245e794 100644 --- a/migration-savevm-release-gslist-after-dump_vmstate_j.patch +++ b/migration-savevm-release-gslist-after-dump_vmstate_j.patch @@ -1,7 +1,7 @@ -From 0d8c145e986d4f500f065d2d8645e95175324e62 Mon Sep 17 00:00:00 2001 +From 44806e5231858ea66f160e461314c5d7dbeb9422 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Wed, 19 Feb 2020 17:47:05 +0800 -Subject: [PATCH 8/9] migration/savevm: release gslist after dump_vmstate_json +Subject: [PATCH] migration/savevm: release gslist after dump_vmstate_json 'list' forgot to free at the end of dump_vmstate_json_to_file(), although it's called only once, but seems like a clean code. @@ -47,7 +47,7 @@ Signed-off-by: AlexChen 1 file changed, 1 insertion(+) diff --git a/migration/savevm.c b/migration/savevm.c -index 7d89c57..8163de7 100644 +index 7d89c57c49..8163de7f21 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -614,6 +614,7 @@ void dump_vmstate_json_to_file(FILE *out_file) @@ -59,5 +59,5 @@ index 7d89c57..8163de7 100644 static uint32_t calculate_new_instance_id(const char *idstr) -- -1.8.3.1 +2.23.0 diff --git a/migration-socket-fix-a-compilation-failure.patch b/migration-socket-fix-a-compilation-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..c605869f7d592cf73e38dedb6ec97ce86b672d69 --- /dev/null +++ b/migration-socket-fix-a-compilation-failure.patch @@ -0,0 +1,25 @@ +From e3be23067a8cdda34072e77692bbd0aeaf020607 Mon Sep 17 00:00:00 2001 +From: AlexChen +Date: Tue, 15 Sep 2020 14:55:28 +0800 +Subject: [PATCH] migration/socket: fix a compilation failure + +Signed-off-by: AlexChen +--- + migration/socket.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/migration/socket.c b/migration/socket.c +index bc0960c639..093b956b80 100644 +--- a/migration/socket.c ++++ b/migration/socket.c +@@ -22,6 +22,7 @@ + #include "channel.h" + #include "socket.h" + #include "migration.h" ++#include "ram.h" + #include "qemu-file.h" + #include "io/channel-socket.h" + #include "io/net-listener.h" +-- +2.23.0 + diff --git a/object-return-self-in-object_ref.patch b/object-return-self-in-object_ref.patch index e851fb30d20a4c56b65bb7ce1c6ddb9109c643aa..26dc0d9ede1919afaf45f6535b7bcc478d1ff65b 100644 --- a/object-return-self-in-object_ref.patch +++ b/object-return-self-in-object_ref.patch @@ -1,58 +1,58 @@ -From b77ade9bb37b2e9813a42008cb21d0c743aa50a1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Fri, 10 Jan 2020 19:30:31 +0400 -Subject: [PATCH] object: return self in object_ref() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This allow for simpler assignment with ref: foo = object_ref(bar) - -Signed-off-by: Marc-André Lureau -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20200110153039.1379601-19-marcandre.lureau@redhat.com> -Signed-off-by: Paolo Bonzini -Signed-off-by: Zhenyu Ye ---- - include/qom/object.h | 3 ++- - qom/object.c | 5 +++-- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/include/qom/object.h b/include/qom/object.h -index 5e2f60d4b0..18660fde1c 100644 ---- a/include/qom/object.h -+++ b/include/qom/object.h -@@ -1005,8 +1005,9 @@ GSList *object_class_get_list_sorted(const char *implements_type, - * - * Increase the reference count of a object. A object cannot be freed as long - * as its reference count is greater than zero. -+ * Returns: @obj - */ --void object_ref(Object *obj); -+Object *object_ref(Object *obj); - - /** - * object_unref: -diff --git a/qom/object.c b/qom/object.c -index 66c4a5f1cb..555c8b9d07 100644 ---- a/qom/object.c -+++ b/qom/object.c -@@ -1107,12 +1107,13 @@ GSList *object_class_get_list_sorted(const char *implements_type, - object_class_cmp); - } - --void object_ref(Object *obj) -+Object *object_ref(Object *obj) - { - if (!obj) { -- return; -+ return NULL; - } - atomic_inc(&obj->ref); -+ return obj; - } - - void object_unref(Object *obj) --- -2.22.0.windows.1 - +From 4a799d02b67b08152e866fc29b293b992dacbb8a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Fri, 10 Jan 2020 19:30:31 +0400 +Subject: [PATCH] object: return self in object_ref() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allow for simpler assignment with ref: foo = object_ref(bar) + +Signed-off-by: Marc-André Lureau +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20200110153039.1379601-19-marcandre.lureau@redhat.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Zhenyu Ye +--- + include/qom/object.h | 3 ++- + qom/object.c | 5 +++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/include/qom/object.h b/include/qom/object.h +index 7bb82a7f56..2fd21f5f86 100644 +--- a/include/qom/object.h ++++ b/include/qom/object.h +@@ -974,8 +974,9 @@ GSList *object_class_get_list_sorted(const char *implements_type, + * + * Increase the reference count of a object. A object cannot be freed as long + * as its reference count is greater than zero. ++ * Returns: @obj + */ +-void object_ref(Object *obj); ++Object *object_ref(Object *obj); + + /** + * object_unref: +diff --git a/qom/object.c b/qom/object.c +index 1555547727..061aba77d3 100644 +--- a/qom/object.c ++++ b/qom/object.c +@@ -1053,12 +1053,13 @@ GSList *object_class_get_list_sorted(const char *implements_type, + object_class_cmp); + } + +-void object_ref(Object *obj) ++Object *object_ref(Object *obj) + { + if (!obj) { +- return; ++ return NULL; + } + atomic_inc(&obj->ref); ++ return obj; + } + + void object_unref(Object *obj) +-- +2.23.0 + diff --git a/pc-bios-s390-ccw-net-fix-a-possible-memory-leak-in-g.patch b/pc-bios-s390-ccw-net-fix-a-possible-memory-leak-in-g.patch index 6e29f08d69c56a2907892008c9c4ce177778c097..1c02b0756e81e4357f3493b9a142eb11b49e8e91 100644 --- a/pc-bios-s390-ccw-net-fix-a-possible-memory-leak-in-g.patch +++ b/pc-bios-s390-ccw-net-fix-a-possible-memory-leak-in-g.patch @@ -1,7 +1,7 @@ -From d2bb5b4c4ed3b1dbc0096deb195b6df33f813f23 Mon Sep 17 00:00:00 2001 +From e6c32beb4e163e6f5a3f9f8a38eb38f63b8d9157 Mon Sep 17 00:00:00 2001 From: Yifan Luo Date: Wed, 14 Aug 2019 14:14:26 +0800 -Subject: [PATCH 5/5] pc-bios/s390-ccw/net: fix a possible memory leak in +Subject: [PATCH] pc-bios/s390-ccw/net: fix a possible memory leak in get_uuid() There is a possible memory leak in get_uuid(). Should free allocated mem @@ -18,7 +18,7 @@ Signed-off-by: Thomas Huth 1 file changed, 1 insertion(+) diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c -index f3542cb2..f2dcc01e 100644 +index f3542cb2cf..f2dcc01e27 100644 --- a/pc-bios/s390-ccw/netmain.c +++ b/pc-bios/s390-ccw/netmain.c @@ -269,6 +269,7 @@ static const char *get_uuid(void) diff --git a/qemu-img-free-memory-before-re-assign.patch b/qemu-img-free-memory-before-re-assign.patch index 2d46d64b1b9664b66efc76ea6490a1bc22663137..0f6317801fc6794b2375d0191ca12105fd86e0e0 100644 --- a/qemu-img-free-memory-before-re-assign.patch +++ b/qemu-img-free-memory-before-re-assign.patch @@ -1,7 +1,7 @@ -From d22af5cb41c16829dbf3ed3c611ef56ceeb840ff Mon Sep 17 00:00:00 2001 +From 03e1fa354e52465d17311ab3f0d7b539e6614752 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Thu, 27 Feb 2020 09:29:50 +0800 -Subject: [PATCH 02/14] qemu-img: free memory before re-assign +Subject: [PATCH] qemu-img: free memory before re-assign collect_image_check() is called twice in img_check(), the filename/format will be alloced without free the original memory. It is not a big deal since the process will exit anyway, but seems like a clean code and it will remove the warning spotted by asan. @@ -16,7 +16,7 @@ Signed-off-by: Peng Liang 1 file changed, 2 insertions(+) diff --git a/qemu-img.c b/qemu-img.c -index 79983772de39..2e9cc5db7c4c 100644 +index 79983772de..2e9cc5db7c 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -808,6 +808,8 @@ static int img_check(int argc, char **argv) @@ -29,5 +29,5 @@ index 79983772de39..2e9cc5db7c4c 100644 check->leaks_fixed = leaks_fixed; -- -2.26.2 +2.23.0 diff --git a/qemu.spec b/qemu.spec index d84edcf2e762b781fb59368872af9a33ecdecc4f..9a2ba13e16305f3e68463e04b45305921d2a3c25 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 4.1.0 -Release: 29 +Release: 30 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY @@ -289,6 +289,113 @@ Patch0276: block-nbd-extract-the-common-cleanup-code.patch Patch0277: virtio-gracefully-handle-invalid-region-caches.patch Patch0278: migration-savevm-release-gslist-after-dump_vmstate_j.patch Patch0279: virtio-input-fix-memory-leak-on-unrealize.patch +Patch0280: hw-arm-acpi-enable-SHPC-native-hot-plug.patch +Patch0281: hw-tpm-rename-Error-parameter-to-more-common-errp.patch +Patch0282: tpm-ppi-page-align-PPI-RAM.patch +Patch0283: tpm-Move-tpm_tis_show_buffer-to-tpm_util.c.patch +Patch0284: spapr-Implement-get_dt_compatible-callback.patch +Patch0285: delete-the-in-tpm.txt.patch +Patch0286: tpm_spapr-Support-TPM-for-ppc64-using-CRQ-based-inte.patch +Patch0287: tpm_spapr-Support-suspend-and-resume.patch +Patch0288: hw-ppc-Kconfig-Enable-TPM_SPAPR-as-part-of-PSERIES-c.patch +Patch0289: docs-specs-tpm-reST-ify-TPM-documentation.patch +Patch0290: tpm-rename-TPM_TIS-into-TPM_TIS_ISA.patch +Patch0291: tpm-Use-TPMState-as-a-common-struct.patch +Patch0292: tpm-Separate-tpm_tis-common-functions-from-isa-code.patch +Patch0293: tpm-Separate-TPM_TIS-and-TPM_TIS_ISA-configs-MIME-Ve.patch +Patch0294: tpm-Add-the-SysBus-TPM-TIS-device.patch +Patch0295: hw-arm-virt-vTPM-support.patch +Patch0296: docs-specs-tpm-Document-TPM_TIS-sysbus-device-for-AR.patch +Patch0297: test-tpm-pass-optional-machine-options-to-swtpm-test.patch +Patch0298: test-tpm-tis-Get-prepared-to-share-tests-between-ISA.patch +Patch0299: test-tpm-tis-Add-Sysbus-TPM-TIS-device-test.patch +Patch0300: build-smt-processor-structure-to-support-smt-topolog.patch +Patch0301: target-arm-Add-isar_feature-tests-for-PAN-ATS1E1.patch +Patch0302: target-arm-Add-ID_AA64MMFR2_EL1.patch +Patch0303: target-arm-Add-and-use-FIELD-definitions-for-ID_AA64.patch +Patch0304: target-arm-Use-FIELD-macros-for-clearing-ID_DFR0-PER.patch +Patch0305: target-arm-Define-an-aa32_pmu_8_1-isar-feature-test-.patch +Patch0306: target-arm-Add-_aa64_-and-_any_-versions-of-pmu_8_1-.patch +Patch0307: target-arm-Stop-assuming-DBGDIDR-always-exists.patch +Patch0308: target-arm-Move-DBGDIDR-into-ARMISARegisters.patch +Patch0309: target-arm-Enable-ARMv8.2-ATS1E1-in-cpu-max.patch +Patch0310: target-arm-Test-correct-register-in-aa32_pan-and-aa3.patch +Patch0311: target-arm-Read-debug-related-ID-registers-from-KVM.patch +Patch0312: target-arm-monitor-Introduce-qmp_query_cpu_model_exp.patch +Patch0313: target-arm-monitor-query-cpu-model-expansion-crashed.patch +Patch0314: target-arm-convert-isar-regs-to-array.patch +Patch0315: target-arm-parse-cpu-feature-related-options.patch +Patch0316: target-arm-register-CPU-features-for-property.patch +Patch0317: target-arm-Allow-ID-registers-to-synchronize-to-KVM.patch +Patch0318: target-arm-introduce-CPU-feature-dependency-mechanis.patch +Patch0319: target-arm-introduce-KVM_CAP_ARM_CPU_FEATURE.patch +Patch0320: target-arm-Add-CPU-features-to-query-cpu-model-expan.patch +Patch0321: target-arm-Update-ID-fields.patch +Patch0322: target-arm-Add-more-CPU-features.patch +Patch0323: hw-usb-core.c-fix-buffer-overflow.patch +Patch0324: target-arm-ignore-evtstrm-and-cpuid-CPU-features.patch +Patch0325: hw-arm-virt-Init-PMU-for-hotplugged-vCPU.patch +Patch0326: Fixed-integer-overflow-in-e1000e.patch +Patch0327: migration-fix-cleanup_bh-leak-on-resume.patch +Patch0328: qmp-fix-leak-on-callbacks-that-return-both-value-and.patch +Patch0329: qga-commands-posix-fix-use-after-free-of-local_err.patch +Patch0330: file-posix-Fix-leaked-fd-in-raw_open_common-error-pa.patch +Patch0331: object-return-self-in-object_ref.patch +Patch0332: lm32-do-not-leak-memory-on-object_new-object_unref.patch +Patch0333: cris-do-not-leak-struct-cris_disasm_data.patch +Patch0334: hppa-fix-leak-from-g_strdup_printf.patch +Patch0335: mcf5208-fix-leak-from-qemu_allocate_irqs.patch +Patch0336: microblaze-fix-leak-of-fdevice-tree-blob.patch +Patch0337: ide-fix-leak-from-qemu_allocate_irqs.patch +Patch0338: make-check-unit-use-after-free-in-test-opts-visitor.patch +Patch0339: xhci-fix-valid.max_access_size-to-access-address-reg.patch +Patch0340: qga-fix-assert-regression-on-guest-shutdown.patch +Patch0341: char-fix-use-after-free-with-dup-chardev-reconnect.patch +Patch0342: migration-Count-new_dirty-instead-of-real_dirty.patch +Patch0343: qga-Plug-unlikely-memory-leak-in-guest-set-memory-bl.patch +Patch0344: chardev-tcp-Fix-error-message-double-free-error.patch +Patch0345: colo-compare-Fix-memory-leak-in-packet_enqueue.patch +Patch0346: migration-fix-multifd_send_pages-next-channel.patch +Patch0347: hw-block-nvme-fix-pin-based-interrupt-behavior.patch +Patch0348: hw-block-nvme-fix-pci-doorbell-size-calculation.patch +Patch0349: virtio-pci-fix-queue_enable-write.patch +Patch0350: hw-pci-pci_bridge-Correct-pci_bridge_io-memory-regio.patch +Patch0351: linux-user-mmap.c-fix-integer-underflow-in-target_mr.patch +Patch0352: migration-rdma-cleanup-rdma-context-before-g_free-to.patch +Patch0353: pc-bios-s390-ccw-net-fix-a-possible-memory-leak-in-g.patch +Patch0354: block-qcow2-do-free-crypto_opts-in-qcow2_close.patch +Patch0355: qemu-img-free-memory-before-re-assign.patch +Patch0356: block-qcow2-threads-fix-qcow2_decompress.patch +Patch0357: block-Avoid-memleak-on-qcow2-image-info-failure.patch +Patch0358: block-bdrv_set_backing_bs-fix-use-after-free.patch +Patch0359: hmp-vnc-Fix-info-vnc-list-leak.patch +Patch0360: migration-colo-fix-use-after-free-of-local_err.patch +Patch0361: migration-ram-fix-use-after-free-of-local_err.patch +Patch0362: block-mirror-fix-use-after-free-of-local_err.patch +Patch0363: block-fix-bdrv_root_attach_child-forget-to-unref-chi.patch +Patch0364: virtio-serial-bus-Plug-memory-leak-on-realize-error-.patch +Patch0365: virtio-blk-delete-vqs-on-the-error-path-in-realize.patch +Patch0366: fix-vhost_user_blk_watch-crash.patch +Patch0367: vhost-user-blk-delay-vhost_user_blk_disconnect.patch +Patch0368: usbredir-fix-buffer-overflow-on-vmload.patch +Patch0369: display-bochs-display-fix-memory-leak.patch +Patch0370: audio-fix-integer-overflow.patch +Patch0371: migration-multifd-clean-pages-after-filling-packet.patch +Patch0372: migration-multifd-not-use-multifd-during-postcopy.patch +Patch0373: migration-Define-VMSTATE_INSTANCE_ID_ANY.patch +Patch0374: migration-Change-SaveStateEntry.instance_id-into-uin.patch +Patch0375: apic-Use-32bit-APIC-ID-for-migration-instance-ID.patch +Patch0376: virtio-add-ability-to-delete-vq-through-a-pointer.patch +Patch0377: virtio-pmem-do-delete-rq_vq-in-virtio_pmem_unrealize.patch +Patch0378: virtio-crypto-do-delete-ctrl_vq-in-virtio_crypto_dev.patch +Patch0379: vhost-user-blk-delete-virtioqueues-in-unrealize-to-f.patch +Patch0380: vhost-user-blk-convert-to-new-virtio_delete_queue.patch +Patch0381: block-nbd-extract-the-common-cleanup-code.patch +Patch0382: virtio-gracefully-handle-invalid-region-caches.patch +Patch0383: migration-savevm-release-gslist-after-dump_vmstate_j.patch +Patch0384: virtio-input-fix-memory-leak-on-unrealize.patch +Patch0385: migration-socket-fix-a-compilation-failure.patch +Patch0386: tests-Disalbe-filemonitor-testcase.patch BuildRequires: flex BuildRequires: bison @@ -635,6 +742,115 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Thu Aug 6 2020 Ying Fang +- hw/arm/acpi: enable SHPC native hot plug +- hw/tpm: rename Error ** parameter to more common errp +- tpm-ppi: page-align PPI RAM +- tpm: Move tpm_tis_show_buffer to tpm_util.c +- spapr: Implement get_dt_compatible() callback +- delete the in tpm.txt +- tpm_spapr: Support TPM for ppc64 using CRQ based interface +- tpm_spapr: Support suspend and resume +- hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config +- docs/specs/tpm: reST-ify TPM documentation +- tpm: rename TPM_TIS into TPM_TIS_ISA +- tpm: Use TPMState as a common struct +- tpm: Separate tpm_tis common functions from isa code +- tpm: Separate TPM_TIS and TPM_TIS_ISA configs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit +- tpm: Add the SysBus TPM TIS device +- hw/arm/virt: vTPM support +- docs/specs/tpm: Document TPM_TIS sysbus device for ARM +- test: tpm: pass optional machine options to swtpm test functions +- test: tpm-tis: Get prepared to share tests between ISA and sysbus devices +- test: tpm-tis: Add Sysbus TPM-TIS device test +- build smt processor structure to support smt topology +- target/arm: Add isar_feature tests for PAN + ATS1E1 +- target/arm: Add ID_AA64MMFR2_EL1 +- target/arm: Add and use FIELD definitions for ID_AA64DFR0_EL1 +- target/arm: Use FIELD macros for clearing ID_DFR0 PERFMON field +- target/arm: Define an aa32_pmu_8_1 isar feature test function +- target/arm: Add _aa64_ and _any_ versions of pmu_8_1 isar checks +- target/arm: Stop assuming DBGDIDR always exists +- target/arm: Move DBGDIDR into ARMISARegisters +- target/arm: Enable ARMv8.2-ATS1E1 in -cpu max +- target/arm: Test correct register in aa32_pan and aa32_ats1e1 checks +- target/arm: Read debug-related ID registers from KVM +- target/arm/monitor: Introduce qmp_query_cpu_model_expansion +- target/arm/monitor: query-cpu-model-expansion crashed qemu when using machine type none +- target/arm: convert isar regs to array +- target/arm: parse cpu feature related options +- target/arm: register CPU features for property +- target/arm: Allow ID registers to synchronize to KVM +- target/arm: introduce CPU feature dependency mechanism +- target/arm: introduce KVM_CAP_ARM_CPU_FEATURE +- target/arm: Add CPU features to query-cpu-model-expansion +- target/arm: Update ID fields +- target/arm: Add more CPU features +- hw/usb/core.c fix buffer overflow +- target/arm: ignore evtstrm and cpuid CPU features +- hw/arm/virt: Init PMU for hotplugged vCPU +- Fixed integer overflow in e1000e +- migration: fix cleanup_bh leak on resume +- qmp: fix leak on callbacks that return both value and error +- qga/commands-posix: fix use after free of local_err +- file-posix: Fix leaked fd in raw_open_common() error path +- object: return self in object_ref() +- lm32: do not leak memory on object_new/object_unref +- cris: do not leak struct cris_disasm_data +- hppa: fix leak from g_strdup_printf +- mcf5208: fix leak from qemu_allocate_irqs +- microblaze: fix leak of fdevice tree blob +- ide: fix leak from qemu_allocate_irqs +- make check-unit: use after free in test-opts-visitor +- xhci: fix valid.max_access_size to access address registers +- qga: fix assert regression on guest-shutdown +- char: fix use-after-free with dup chardev & reconnect +- migration: Count new_dirty instead of real_dirty +- qga: Plug unlikely memory leak in guest-set-memory-blocks +- chardev/tcp: Fix error message double free error +- colo-compare: Fix memory leak in packet_enqueue() +- migration: fix multifd_send_pages() next channel +- hw/block/nvme: fix pin-based interrupt behavior +- hw/block/nvme: fix pci doorbell size calculation +- virtio-pci: fix queue_enable write +- hw/pci/pci_bridge: Correct pci_bridge_io memory region size +- linux-user/mmap.c: fix integer underflow in target_mremap +- migration/rdma: cleanup rdma context before g_free to avoid memleaks +- pc-bios/s390-ccw/net: fix a possible memory leak in get_uuid() +- block/qcow2: do free crypto_opts in qcow2_close() +- qemu-img: free memory before re-assign +- block/qcow2-threads: fix qcow2_decompress +- block: Avoid memleak on qcow2 image info failure +- block: bdrv_set_backing_bs: fix use-after-free +- hmp/vnc: Fix info vnc list leak +- migration/colo: fix use after free of local_err +- migration/ram: fix use after free of local_err +- block/mirror: fix use after free of local_err +- block: fix bdrv_root_attach_child forget to unref child_bs +- virtio-serial-bus: Plug memory leak on realize() error paths +- virtio-blk: delete vqs on the error path in realize() +- fix vhost_user_blk_watch crash +- vhost-user-blk: delay vhost_user_blk_disconnect +- usbredir: fix buffer-overflow on vmload +- display/bochs-display: fix memory leak +- audio: fix integer overflow +- migration/multifd: clean pages after filling packet +- migration/multifd: not use multifd during postcopy +- migration: Define VMSTATE_INSTANCE_ID_ANY +- migration: Change SaveStateEntry.instance_id into uint32_t +- apic: Use 32bit APIC ID for migration instance ID +- virtio: add ability to delete vq through a pointer +- virtio-pmem: do delete rq_vq in virtio_pmem_unrealize +- virtio-crypto: do delete ctrl_vq in virtio_crypto_device_unrealize +- vhost-user-blk: delete virtioqueues in unrealize to fix memleaks +- vhost-user-blk: convert to new virtio_delete_queue +- block/nbd: extract the common cleanup code +- virtio: gracefully handle invalid region caches +- migration/savevm: release gslist after dump_vmstate_json +- virtio-input: fix memory leak on unrealize +- migration/socket: fix a compilation failure +- tests: Disalbe filemonitor testcase + * Tue sep 15 2020 Huawei Technologies Co., Ltd - qemu: rename some patchs of slirp diff --git a/qga-Plug-unlikely-memory-leak-in-guest-set-memory-bl.patch b/qga-Plug-unlikely-memory-leak-in-guest-set-memory-bl.patch index a901a500181bb9a36f9bd307d8bdee5929b6144f..1a50f2b8d013986b48b6554c381e81d58e409a83 100644 --- a/qga-Plug-unlikely-memory-leak-in-guest-set-memory-bl.patch +++ b/qga-Plug-unlikely-memory-leak-in-guest-set-memory-bl.patch @@ -1,8 +1,7 @@ -From 1580682eafb489eaf417456778267662629cf696 Mon Sep 17 00:00:00 2001 +From 84dd1c59b1284c0e19add3a76764541e30e32cd0 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 30 Jun 2020 11:03:33 +0200 -Subject: [PATCH 05/11] qga: Plug unlikely memory leak in - guest-set-memory-blocks +Subject: [PATCH] qga: Plug unlikely memory leak in guest-set-memory-blocks transfer_memory_block() leaks an Error object when reading file /sys/devices/system/memory/memory/state fails with errno other @@ -24,10 +23,10 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 1 insertion(+) diff --git a/qga/commands-posix.c b/qga/commands-posix.c -index dfc05f5b..c318cee7 100644 +index 66164e6cd7..cf42563914 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c -@@ -2420,6 +2420,7 @@ static void transfer_memory_block(GuestMemoryBlock *mem_blk, bool sys2memblk, +@@ -2423,6 +2423,7 @@ static void transfer_memory_block(GuestMemoryBlock *mem_blk, bool sys2memblk, if (sys2memblk) { error_propagate(errp, local_err); } else { @@ -36,5 +35,5 @@ index dfc05f5b..c318cee7 100644 GUEST_MEMORY_BLOCK_RESPONSE_TYPE_OPERATION_FAILED; } -- -2.27.0.dirty +2.23.0 diff --git a/qga-commands-posix-fix-use-after-free-of-local_err.patch b/qga-commands-posix-fix-use-after-free-of-local_err.patch index 9628d0c59445c9d29ddaa39e6fb271fe73a5c274..63b6b47c5f99f92f24e28ed7701d53fecbf7a748 100644 --- a/qga-commands-posix-fix-use-after-free-of-local_err.patch +++ b/qga-commands-posix-fix-use-after-free-of-local_err.patch @@ -1,49 +1,49 @@ -From 15847279f29b0bd67b95daefff395cab8fad80d3 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy -Date: Tue, 24 Mar 2020 18:36:30 +0300 -Subject: [PATCH 4/5] qga/commands-posix: fix use after free of local_err - -local_err is used several times in guest_suspend(). Setting non-NULL -local_err will crash, so let's zero it after freeing. Also fix possible -leak of local_err in final if(). - -Signed-off-by: Vladimir Sementsov-Ogievskiy -Message-Id: <20200324153630.11882-7-vsementsov@virtuozzo.com> -Reviewed-by: Richard Henderson -Signed-off-by: Markus Armbruster -Signed-off-by: Zhenyu Ye ---- - qga/commands-posix.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/qga/commands-posix.c b/qga/commands-posix.c -index dfc05f5b..66164e6c 100644 ---- a/qga/commands-posix.c -+++ b/qga/commands-posix.c -@@ -1760,6 +1760,7 @@ static void guest_suspend(SuspendMode mode, Error **errp) - } - - error_free(local_err); -+ local_err = NULL; - - if (pmutils_supports_mode(mode, &local_err)) { - mode_supported = true; -@@ -1771,6 +1772,7 @@ static void guest_suspend(SuspendMode mode, Error **errp) - } - - error_free(local_err); -+ local_err = NULL; - - if (linux_sys_state_supports_mode(mode, &local_err)) { - mode_supported = true; -@@ -1778,6 +1780,7 @@ static void guest_suspend(SuspendMode mode, Error **errp) - } - - if (!mode_supported) { -+ error_free(local_err); - error_setg(errp, - "the requested suspend mode is not supported by the guest"); - } else { --- -2.22.0.windows.1 - +From 7e6e944fa5ec0d53c32a3e0e0fc62908ad90e09d Mon Sep 17 00:00:00 2001 +From: Vladimir Sementsov-Ogievskiy +Date: Tue, 24 Mar 2020 18:36:30 +0300 +Subject: [PATCH] qga/commands-posix: fix use after free of local_err + +local_err is used several times in guest_suspend(). Setting non-NULL +local_err will crash, so let's zero it after freeing. Also fix possible +leak of local_err in final if(). + +Signed-off-by: Vladimir Sementsov-Ogievskiy +Message-Id: <20200324153630.11882-7-vsementsov@virtuozzo.com> +Reviewed-by: Richard Henderson +Signed-off-by: Markus Armbruster +Signed-off-by: Zhenyu Ye +--- + qga/commands-posix.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index dfc05f5b8a..66164e6cd7 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -1760,6 +1760,7 @@ static void guest_suspend(SuspendMode mode, Error **errp) + } + + error_free(local_err); ++ local_err = NULL; + + if (pmutils_supports_mode(mode, &local_err)) { + mode_supported = true; +@@ -1771,6 +1772,7 @@ static void guest_suspend(SuspendMode mode, Error **errp) + } + + error_free(local_err); ++ local_err = NULL; + + if (linux_sys_state_supports_mode(mode, &local_err)) { + mode_supported = true; +@@ -1778,6 +1780,7 @@ static void guest_suspend(SuspendMode mode, Error **errp) + } + + if (!mode_supported) { ++ error_free(local_err); + error_setg(errp, + "the requested suspend mode is not supported by the guest"); + } else { +-- +2.23.0 + diff --git a/qga-fix-assert-regression-on-guest-shutdown.patch b/qga-fix-assert-regression-on-guest-shutdown.patch index c5f1e1069b5097ff1adf2328bea6a25e9483cda1..2cf2b539b2e90d46b82f4829c1c1e7c31662ba56 100644 --- a/qga-fix-assert-regression-on-guest-shutdown.patch +++ b/qga-fix-assert-regression-on-guest-shutdown.patch @@ -1,7 +1,7 @@ -From aeccff89333c565c7a894f99c17c0044d7d43be2 Mon Sep 17 00:00:00 2001 +From ce0be27366ca8f28f6bf0532d79acc1b228be2e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 4 Jun 2020 11:44:25 +0200 -Subject: [PATCH 02/11] qga: fix assert regression on guest-shutdown +Subject: [PATCH] qga: fix assert regression on guest-shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -26,7 +26,7 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/qga/main.c b/qga/main.c -index c35c2a21..12fa463f 100644 +index c35c2a2120..12fa463f4c 100644 --- a/qga/main.c +++ b/qga/main.c @@ -529,7 +529,11 @@ static int send_response(GAState *s, const QDict *rsp) @@ -43,5 +43,5 @@ index c35c2a21..12fa463f 100644 payload_qstr = qobject_to_json(QOBJECT(rsp)); if (!payload_qstr) { -- -2.27.0.dirty +2.23.0 diff --git a/qmp-fix-leak-on-callbacks-that-return-both-value-and.patch b/qmp-fix-leak-on-callbacks-that-return-both-value-and.patch index 1ceb1e70b84f1e1a9a3f785ff2d4d55b697a7cb4..09b96ecae84d57178ef4c32c262bcb22d75b436c 100644 --- a/qmp-fix-leak-on-callbacks-that-return-both-value-and.patch +++ b/qmp-fix-leak-on-callbacks-that-return-both-value-and.patch @@ -1,47 +1,46 @@ -From 1f1949368d4ac7a18973aa83a074daf01daf97ad Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Wed, 25 Mar 2020 19:47:22 +0100 -Subject: [PATCH 3/5] qmp: fix leak on callbacks that return both value and - error -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Direct leak of 4120 byte(s) in 1 object(s) allocated from: - #0 0x7fa114931887 in __interceptor_calloc (/lib64/libasan.so.6+0xb0887) - #1 0x7fa1144ad8f0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x588f0) - #2 0x561e3c9c8897 in qmp_object_add /home/elmarco/src/qemu/qom/qom-qmp-cmds.c:291 - #3 0x561e3cf48736 in qmp_dispatch /home/elmarco/src/qemu/qapi/qmp-dispatch.c:155 - #4 0x561e3c8efb36 in monitor_qmp_dispatch /home/elmarco/src/qemu/monitor/qmp.c:145 - #5 0x561e3c8f09ed in monitor_qmp_bh_dispatcher /home/elmarco/src/qemu/monitor/qmp.c:234 - #6 0x561e3d08c993 in aio_bh_call /home/elmarco/src/qemu/util/async.c:136 - #7 0x561e3d08d0a5 in aio_bh_poll /home/elmarco/src/qemu/util/async.c:164 - #8 0x561e3d0a535a in aio_dispatch /home/elmarco/src/qemu/util/aio-posix.c:380 - #9 0x561e3d08e3ca in aio_ctx_dispatch /home/elmarco/src/qemu/util/async.c:298 - #10 0x7fa1144a776e in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x5276e) - -Signed-off-by: Marc-André Lureau -Message-Id: <20200325184723.2029630-3-marcandre.lureau@redhat.com> -Reviewed-by: Markus Armbruster -Signed-off-by: Paolo Bonzini -Signed-off-by: Zhenyu Ye ---- - qapi/qmp-dispatch.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c -index 6dfdad57..a635abb9 100644 ---- a/qapi/qmp-dispatch.c -+++ b/qapi/qmp-dispatch.c -@@ -189,6 +189,8 @@ QDict *qmp_dispatch(QmpCommandList *cmds, QObject *request, - - ret = do_qmp_dispatch(cmds, request, allow_oob, &err); - if (err) { -+ /* or assert(!ret) after reviewing all handlers: */ -+ qobject_unref(ret); - rsp = qmp_error_response(err); - } else if (ret) { - rsp = qdict_new(); --- -2.22.0.windows.1 - +From 0bd0c4a3d8460fd1046ddedabd3e73fa747ec732 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Wed, 25 Mar 2020 19:47:22 +0100 +Subject: [PATCH] qmp: fix leak on callbacks that return both value and error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Direct leak of 4120 byte(s) in 1 object(s) allocated from: + #0 0x7fa114931887 in __interceptor_calloc (/lib64/libasan.so.6+0xb0887) + #1 0x7fa1144ad8f0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x588f0) + #2 0x561e3c9c8897 in qmp_object_add /home/elmarco/src/qemu/qom/qom-qmp-cmds.c:291 + #3 0x561e3cf48736 in qmp_dispatch /home/elmarco/src/qemu/qapi/qmp-dispatch.c:155 + #4 0x561e3c8efb36 in monitor_qmp_dispatch /home/elmarco/src/qemu/monitor/qmp.c:145 + #5 0x561e3c8f09ed in monitor_qmp_bh_dispatcher /home/elmarco/src/qemu/monitor/qmp.c:234 + #6 0x561e3d08c993 in aio_bh_call /home/elmarco/src/qemu/util/async.c:136 + #7 0x561e3d08d0a5 in aio_bh_poll /home/elmarco/src/qemu/util/async.c:164 + #8 0x561e3d0a535a in aio_dispatch /home/elmarco/src/qemu/util/aio-posix.c:380 + #9 0x561e3d08e3ca in aio_ctx_dispatch /home/elmarco/src/qemu/util/async.c:298 + #10 0x7fa1144a776e in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x5276e) + +Signed-off-by: Marc-André Lureau +Message-Id: <20200325184723.2029630-3-marcandre.lureau@redhat.com> +Reviewed-by: Markus Armbruster +Signed-off-by: Paolo Bonzini +Signed-off-by: Zhenyu Ye +--- + qapi/qmp-dispatch.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c +index 6dfdad571e..a635abb95d 100644 +--- a/qapi/qmp-dispatch.c ++++ b/qapi/qmp-dispatch.c +@@ -189,6 +189,8 @@ QDict *qmp_dispatch(QmpCommandList *cmds, QObject *request, + + ret = do_qmp_dispatch(cmds, request, allow_oob, &err); + if (err) { ++ /* or assert(!ret) after reviewing all handlers: */ ++ qobject_unref(ret); + rsp = qmp_error_response(err); + } else if (ret) { + rsp = qdict_new(); +-- +2.23.0 + diff --git a/spapr-Implement-get_dt_compatible-callback.patch b/spapr-Implement-get_dt_compatible-callback.patch index e64a8746f498a68085824f6cace1bb2e958ce7c7..c95deafac6e7111e2b9b48de7a2d7144cd26b2f2 100644 --- a/spapr-Implement-get_dt_compatible-callback.patch +++ b/spapr-Implement-get_dt_compatible-callback.patch @@ -1,7 +1,7 @@ -From c520d8e823431be94268daa2a911e224cab81521 Mon Sep 17 00:00:00 2001 +From 49cfb7a993d6c59d466ebdfd727bbfcd94b635dc Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 21 Jan 2020 10:29:31 -0500 -Subject: [PATCH 04/19] spapr: Implement get_dt_compatible() callback +Subject: [PATCH] spapr: Implement get_dt_compatible() callback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -22,7 +22,7 @@ Signed-off-by: jiangfangjie 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c -index 583c13de..4e50916f 100644 +index 583c13deda..4e50916fbc 100644 --- a/hw/ppc/spapr_vio.c +++ b/hw/ppc/spapr_vio.c @@ -89,6 +89,7 @@ static int vio_make_devnode(SpaprVioDevice *dev, @@ -52,7 +52,7 @@ index 583c13de..4e50916f 100644 return ret; } diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h -index 04609f21..97951fc6 100644 +index 04609f214e..97951fc6b4 100644 --- a/include/hw/ppc/spapr_vio.h +++ b/include/hw/ppc/spapr_vio.h @@ -56,6 +56,7 @@ typedef struct SpaprVioDeviceClass { diff --git a/target-arm-Add-CPU-features-to-query-cpu-model-expan.patch b/target-arm-Add-CPU-features-to-query-cpu-model-expan.patch index 4047145033d7010acfb3cfb002feb920fb303f0d..6741134aaca4d3376f9ceb94d892d60a23c58efa 100644 --- a/target-arm-Add-CPU-features-to-query-cpu-model-expan.patch +++ b/target-arm-Add-CPU-features-to-query-cpu-model-expan.patch @@ -1,7 +1,7 @@ -From 274d25bdb2df13a26ad6d2a8a06fcc281a22f642 Mon Sep 17 00:00:00 2001 +From e39f3e8e4d945a87a936388204b3125041da4032 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:58 +0800 -Subject: [PATCH 7/9] target/arm: Add CPU features to query-cpu-model-expansion +Subject: [PATCH] target/arm: Add CPU features to query-cpu-model-expansion Add CPU features to the result of query-cpu-model-expansion so that other applications (such as libvirt) can know the supported CPU @@ -16,7 +16,7 @@ Signed-off-by: Peng Liang 3 files changed, 31 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index db46afba..dcf9f49e 100644 +index db46afba7b..dcf9f49ed3 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -25,6 +25,8 @@ @@ -61,7 +61,7 @@ index db46afba..dcf9f49e 100644 void *opaque, Error **errp) { diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 7bb481fb..068c3fa2 100644 +index 7bb481fb4d..068c3fa2ad 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3692,4 +3692,6 @@ static inline bool isar_feature_any_pmu_8_1(const ARMISARegisters *id) @@ -72,7 +72,7 @@ index 7bb481fb..068c3fa2 100644 + #endif diff --git a/target/arm/monitor.c b/target/arm/monitor.c -index e2b1d117..7c2ff3c0 100644 +index e2b1d117a4..7c2ff3c06e 100644 --- a/target/arm/monitor.c +++ b/target/arm/monitor.c @@ -219,6 +219,8 @@ CpuModelExpansionInfo *qmp_query_cpu_model_expansion(CpuModelExpansionType type, @@ -85,5 +85,5 @@ index e2b1d117..7c2ff3c0 100644 qobject_unref(qdict_out); } else { -- -2.25.1 +2.23.0 diff --git a/target-arm-Add-ID_AA64MMFR2_EL1.patch b/target-arm-Add-ID_AA64MMFR2_EL1.patch index eee33ae241bde2333d5308c7ca39297782598ccc..6596871cd9d4aa90f58f8a5ab6a4c68dea3e5cd4 100644 --- a/target-arm-Add-ID_AA64MMFR2_EL1.patch +++ b/target-arm-Add-ID_AA64MMFR2_EL1.patch @@ -1,7 +1,7 @@ -From 3451fb922aa7b0fe532e508ca13d4ab4b3ec75bf Mon Sep 17 00:00:00 2001 +From a03fb5f53d3796a1f98dfc13a16141d35142871d Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 8 Feb 2020 12:58:13 +0000 -Subject: [PATCH 02/13] target/arm: Add ID_AA64MMFR2_EL1 +Subject: [PATCH] target/arm: Add ID_AA64MMFR2_EL1 Add definitions for all of the fields, up to ARMv8.5. Convert the existing RESERVED register to a full register. @@ -18,7 +18,7 @@ Signed-off-by: Peter Maydell 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index fe310828..3e65bc50 100644 +index fe3108281a..3e65bc50a4 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -866,6 +866,7 @@ struct ARMCPU { @@ -53,7 +53,7 @@ index fe310828..3e65bc50 100644 FIELD(ID_DFR0, COPSDBG, 4, 4) FIELD(ID_DFR0, MMAPDBG, 8, 4) diff --git a/target/arm/helper.c b/target/arm/helper.c -index b74c23a9..c50b1ba1 100644 +index b74c23a9bc..c50b1ba1c9 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6182,10 +6182,10 @@ void register_cp_regs_for_features(ARMCPU *cpu) @@ -70,7 +70,7 @@ index b74c23a9..c50b1ba1 100644 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3, .access = PL1_R, .type = ARM_CP_CONST, diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c -index 4f0bf000..b794108a 100644 +index 4f0bf00070..b794108a06 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -541,6 +541,8 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) @@ -83,5 +83,5 @@ index 4f0bf000..b794108a 100644 /* * Note that if AArch32 support is not present in the host, -- -2.25.1 +2.23.0 diff --git a/target-arm-Add-_aa64_-and-_any_-versions-of-pmu_8_1-.patch b/target-arm-Add-_aa64_-and-_any_-versions-of-pmu_8_1-.patch index 7516ed8108de271970e600dbd03c964611b3b0ba..54eeaac9fb9abab53e23850902d463b0fe9d36ce 100644 --- a/target-arm-Add-_aa64_-and-_any_-versions-of-pmu_8_1-.patch +++ b/target-arm-Add-_aa64_-and-_any_-versions-of-pmu_8_1-.patch @@ -1,8 +1,8 @@ -From 515975da851ca9567053bcf0487fde4447dfdc4f Mon Sep 17 00:00:00 2001 +From 6949d54ab9ff4637da29493dbc3ddc154dfef721 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:04 +0000 -Subject: [PATCH 06/13] target/arm: Add _aa64_ and _any_ versions of pmu_8_1 - isar checks +Subject: [PATCH] target/arm: Add _aa64_ and _any_ versions of pmu_8_1 isar + checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -28,7 +28,7 @@ Message-id: 20200214175116.9164-10-peter.maydell@linaro.org 4 files changed, 26 insertions(+), 12 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index 7e9b85a2..bb2edf4e 100644 +index 7e9b85a289..bb2edf4e18 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1522,7 +1522,8 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) @@ -42,7 +42,7 @@ index 7e9b85a2..bb2edf4e 100644 cpu->pmceid0 = 0; cpu->pmceid1 = 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 2d8d27e8..230130be 100644 +index 2d8d27e80a..230130be81 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -868,6 +868,8 @@ struct ARMCPU { @@ -82,7 +82,7 @@ index 2d8d27e8..230130be 100644 * Forward to the above feature tests given an ARMCPU pointer. */ diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index afdabbeb..aa96548f 100644 +index afdabbebbf..aa96548f10 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -137,7 +137,7 @@ static void aarch64_a57_initfn(Object *obj) @@ -122,7 +122,7 @@ index afdabbeb..aa96548f 100644 cpu->isar.id_aa64mmfr0 = 0x101125; } diff --git a/target/arm/helper.c b/target/arm/helper.c -index 3f06ca19..a71f4ef6 100644 +index 3f06ca1964..a71f4ef62d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -23,6 +23,7 @@ @@ -162,5 +162,5 @@ index 3f06ca19..a71f4ef6 100644 .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST, -- -2.25.1 +2.23.0 diff --git a/target-arm-Add-and-use-FIELD-definitions-for-ID_AA64.patch b/target-arm-Add-and-use-FIELD-definitions-for-ID_AA64.patch index 66e4ec4ad078aacdd4e7cb9a76244e1460487551..1f3e16cdbdb3a89b7d2ecc54a6b4b10cd88709f5 100644 --- a/target-arm-Add-and-use-FIELD-definitions-for-ID_AA64.patch +++ b/target-arm-Add-and-use-FIELD-definitions-for-ID_AA64.patch @@ -1,8 +1,7 @@ -From 4001f3040937094660eab44dbb49b86817317ea9 Mon Sep 17 00:00:00 2001 +From 4cc398caa75a7d49aa067392f3bc856c818216ed Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:01 +0000 -Subject: [PATCH 03/13] target/arm: Add and use FIELD definitions for - ID_AA64DFR0_EL1 +Subject: [PATCH] target/arm: Add and use FIELD definitions for ID_AA64DFR0_EL1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -21,7 +20,7 @@ Message-id: 20200214175116.9164-7-peter.maydell@linaro.org 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index 811e5c63..dbd05e01 100644 +index 811e5c6365..dbd05e0113 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1522,7 +1522,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) @@ -34,7 +33,7 @@ index 811e5c63..dbd05e01 100644 cpu->pmceid0 = 0; cpu->pmceid1 = 0; diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 3e65bc50..91cc02b4 100644 +index 3e65bc50a4..91cc02b43f 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1779,6 +1779,16 @@ FIELD(ID_AA64MMFR2, BBM, 52, 4) @@ -55,7 +54,7 @@ index 3e65bc50..91cc02b4 100644 FIELD(ID_DFR0, COPSDBG, 4, 4) FIELD(ID_DFR0, MMAPDBG, 8, 4) diff --git a/target/arm/helper.c b/target/arm/helper.c -index c50b1ba1..419be640 100644 +index c50b1ba1c9..419be64037 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5611,9 +5611,9 @@ static void define_debug_regs(ARMCPU *cpu) @@ -72,5 +71,5 @@ index c50b1ba1..419be640 100644 define_one_arm_cp_reg(cpu, &dbgdidr); -- -2.25.1 +2.23.0 diff --git a/target-arm-Add-isar_feature-tests-for-PAN-ATS1E1.patch b/target-arm-Add-isar_feature-tests-for-PAN-ATS1E1.patch index d6e29be12e1bbf6ef55d43bf35960e2168fc51e8..ba29193dcc64a392fa04e006d3d9fab748908374 100644 --- a/target-arm-Add-isar_feature-tests-for-PAN-ATS1E1.patch +++ b/target-arm-Add-isar_feature-tests-for-PAN-ATS1E1.patch @@ -1,7 +1,7 @@ -From 6f18e959eabf9c752659eb3851f193bf343346c5 Mon Sep 17 00:00:00 2001 +From 6b0e361f34d2e4a4176962b5dd641bcc4cf4ac19 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 8 Feb 2020 12:57:59 +0000 -Subject: [PATCH 01/13] target/arm: Add isar_feature tests for PAN + ATS1E1 +Subject: [PATCH] target/arm: Add isar_feature tests for PAN + ATS1E1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -19,7 +19,7 @@ Signed-off-by: Peter Maydell 1 file changed, 29 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 86eb79cd..fe310828 100644 +index 86eb79cd02..fe3108281a 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1680,6 +1680,15 @@ FIELD(ID_ISAR6, FHM, 8, 4) @@ -73,5 +73,5 @@ index 86eb79cd..fe310828 100644 { return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, BT) != 0; -- -2.25.1 +2.23.0 diff --git a/target-arm-Add-more-CPU-features.patch b/target-arm-Add-more-CPU-features.patch index a22e5177300d305df8c0430ee21e29c587bd5399..d0c6ead480fbb6cb508f8667dfcb94e8c558988a 100644 --- a/target-arm-Add-more-CPU-features.patch +++ b/target-arm-Add-more-CPU-features.patch @@ -1,7 +1,7 @@ -From 3eee1e4ff1ca342e760f759c727abc41780d0afa Mon Sep 17 00:00:00 2001 +From 8acf8dd1a20c53453d028a7b86f593019329d8c1 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Tue, 11 Aug 2020 10:28:10 +0800 -Subject: [PATCH 9/9] target/arm: Add more CPU features +Subject: [PATCH] target/arm: Add more CPU features Add i8mm, bf16, and dgh CPU features for AArch64. @@ -12,7 +12,7 @@ Signed-off-by: Peng Liang 1 file changed, 3 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index dcf9f49e..7ae2d3da 100644 +index dcf9f49ed3..7ae2d3da56 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1132,6 +1132,9 @@ static struct CPUFeatureInfo cpu_features[] = { @@ -26,5 +26,5 @@ index dcf9f49e..7ae2d3da 100644 FIELD_INFO("cmaintva", ID_MMFR3, CMAINTVA, false, 1, 0, true), FIELD_INFO("cmaintsw", ID_MMFR3, CMAINTSW, false, 1, 0, true), -- -2.25.1 +2.23.0 diff --git a/target-arm-Allow-ID-registers-to-synchronize-to-KVM.patch b/target-arm-Allow-ID-registers-to-synchronize-to-KVM.patch index 81ad2961b00130a741079e0f38c56b7dffdcf803..b143b42fcc2d0dfd24ea9079e4d57b4bcdb47d83 100644 --- a/target-arm-Allow-ID-registers-to-synchronize-to-KVM.patch +++ b/target-arm-Allow-ID-registers-to-synchronize-to-KVM.patch @@ -1,7 +1,7 @@ -From 79a60f0eeb56faf5d162ca566d1cd9988c3e4d60 Mon Sep 17 00:00:00 2001 +From f4e592d1235bbb1290b8bc3684cb57c4304d63dc Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:40 +0800 -Subject: [PATCH 4/9] target/arm: Allow ID registers to synchronize to KVM +Subject: [PATCH] target/arm: Allow ID registers to synchronize to KVM There are 2 steps to synchronize the values of system registers from CPU state to KVM: @@ -33,7 +33,7 @@ Signed-off-by: Peng Liang 3 files changed, 61 insertions(+), 11 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c -index 459af431..97b6b861 100644 +index 459af43101..97b6b86197 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -32,6 +32,7 @@ @@ -95,7 +95,7 @@ index 459af431..97b6b861 100644 cpu->cpreg_values[i] = newval; } diff --git a/target/arm/kvm.c b/target/arm/kvm.c -index 4f131f68..229b17ce 100644 +index 4f131f687d..229b17cea0 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -457,6 +457,44 @@ out: @@ -144,7 +144,7 @@ index 4f131f68..229b17ce 100644 { CPUState *cs = CPU(cpu); diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h -index 0de5f83e..9b7104d6 100644 +index 0de5f83ee8..9b7104d622 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -400,4 +400,7 @@ static inline const char *its_class_name(void) @@ -156,5 +156,5 @@ index 0de5f83e..9b7104d6 100644 + #endif -- -2.25.1 +2.23.0 diff --git a/target-arm-Define-an-aa32_pmu_8_1-isar-feature-test-.patch b/target-arm-Define-an-aa32_pmu_8_1-isar-feature-test-.patch index bfcce54936d4cb8c8ca1de997a6d0d469dab3bc1..d25c6ca930b0646752cf9c06a8e75b5c39e5bd10 100644 --- a/target-arm-Define-an-aa32_pmu_8_1-isar-feature-test-.patch +++ b/target-arm-Define-an-aa32_pmu_8_1-isar-feature-test-.patch @@ -1,8 +1,7 @@ -From 2eded1a4deeb5dd8d28414e54948bcf773f6b540 Mon Sep 17 00:00:00 2001 +From edfaf04467468305ab79410d9ef05200150fd6e5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:03 +0000 -Subject: [PATCH 05/13] target/arm: Define an aa32_pmu_8_1 isar feature test - function +Subject: [PATCH] target/arm: Define an aa32_pmu_8_1 isar feature test function Instead of open-coding a check on the ID_DFR0 PerfMon ID register field, create a standardly-named isar_feature for "does AArch32 have @@ -22,7 +21,7 @@ Message-id: 20200214175116.9164-9-peter.maydell@linaro.org 5 files changed, 27 insertions(+), 21 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c -index 9f8f0d3f..0741db7b 100644 +index 9f8f0d3ff5..0741db7b0b 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1223,7 +1223,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) @@ -35,7 +34,7 @@ index 9f8f0d3f..0741db7b 100644 return cpu->id_afr0; case 0xd50: /* MMFR0. */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index 6ad211b1..7e9b85a2 100644 +index 6ad211b138..7e9b85a289 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1523,7 +1523,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) @@ -156,7 +155,7 @@ index 6ad211b1..7e9b85a2 100644 cpu->id_mmfr0 = 0x10201105; cpu->id_mmfr1 = 0x20000000; diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 91cc02b4..2d8d27e8 100644 +index 91cc02b43f..2d8d27e80a 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -860,6 +860,7 @@ struct ARMCPU { @@ -190,7 +189,7 @@ index 91cc02b4..2d8d27e8 100644 * 64-bit feature tests via id registers. */ diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index 15f4ee92..afdabbeb 100644 +index 15f4ee9215..afdabbebbf 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -123,7 +123,7 @@ static void aarch64_a57_initfn(Object *obj) @@ -221,7 +220,7 @@ index 15f4ee92..afdabbeb 100644 cpu->id_mmfr0 = 0x10201105; cpu->id_mmfr1 = 0x40000000; diff --git a/target/arm/helper.c b/target/arm/helper.c -index 419be640..3f06ca19 100644 +index 419be64037..3f06ca1964 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5907,7 +5907,7 @@ void register_cp_regs_for_features(ARMCPU *cpu) @@ -244,5 +243,5 @@ index 419be640..3f06ca19 100644 { .name = "PMCEID2", .state = ARM_CP_STATE_AA32, .cp = 15, .opc1 = 0, .crn = 9, .crm = 14, .opc2 = 4, -- -2.25.1 +2.23.0 diff --git a/target-arm-Enable-ARMv8.2-ATS1E1-in-cpu-max.patch b/target-arm-Enable-ARMv8.2-ATS1E1-in-cpu-max.patch index d6e82fae2dc02954d37eb723f930bccd28b70618..c4f6fd16f2c274fe78997dc45804412cd412489a 100644 --- a/target-arm-Enable-ARMv8.2-ATS1E1-in-cpu-max.patch +++ b/target-arm-Enable-ARMv8.2-ATS1E1-in-cpu-max.patch @@ -1,7 +1,7 @@ -From 69eedbfc873ded9bf35439b813e9f6a7431dc727 Mon Sep 17 00:00:00 2001 +From 875fc0e56130c5e3c284ee28e47c1eb9a073f1fa Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 8 Feb 2020 12:58:12 +0000 -Subject: [PATCH 09/13] target/arm: Enable ARMv8.2-ATS1E1 in -cpu max +Subject: [PATCH] target/arm: Enable ARMv8.2-ATS1E1 in -cpu max This includes enablement of ARMv8.1-PAN. @@ -15,7 +15,7 @@ Signed-off-by: Peter Maydell 2 files changed, 9 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index a23c71db..119bd275 100644 +index a23c71dbf7..119bd27558 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -2484,6 +2484,10 @@ static void arm_max_initfn(Object *obj) @@ -30,7 +30,7 @@ index a23c71db..119bd275 100644 t = FIELD_DP32(t, ID_MMFR4, HPDS, 1); /* AA32HPD */ cpu->id_mmfr4 = t; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index 7ad8b5e2..a0d07fd7 100644 +index 7ad8b5e237..a0d07fd78e 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -362,6 +362,7 @@ static void aarch64_max_initfn(Object *obj) @@ -53,5 +53,5 @@ index 7ad8b5e2..a0d07fd7 100644 * FIXME: We do not yet support ARMv8.2-fp16 for AArch32 yet, * so do not set MVFR1.FPHP. Strictly speaking this is not legal, -- -2.25.1 +2.23.0 diff --git a/target-arm-Move-DBGDIDR-into-ARMISARegisters.patch b/target-arm-Move-DBGDIDR-into-ARMISARegisters.patch index e7f2833ee889363902a3e063bffbbff4b4e2c6af..0d08ab93bbc14ebf567a448178cd8952b9831004 100644 --- a/target-arm-Move-DBGDIDR-into-ARMISARegisters.patch +++ b/target-arm-Move-DBGDIDR-into-ARMISARegisters.patch @@ -1,7 +1,7 @@ -From df641941e6fd7fef78e5c77c9a809a7a8e148589 Mon Sep 17 00:00:00 2001 +From a576098c18d89db69a17686e04ec21d8c57fd8f9 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:06 +0000 -Subject: [PATCH 08/13] target/arm: Move DBGDIDR into ARMISARegisters +Subject: [PATCH] target/arm: Move DBGDIDR into ARMISARegisters We're going to want to read the DBGDIDR register from KVM in a subsequent commit, which means it needs to be in the @@ -19,7 +19,7 @@ Message-id: 20200214175116.9164-12-peter.maydell@linaro.org 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index bb2edf4e..a23c71db 100644 +index bb2edf4e18..a23c71dbf7 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -2070,7 +2070,7 @@ static void cortex_a8_initfn(Object *obj) @@ -59,7 +59,7 @@ index bb2edf4e..a23c71db 100644 cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */ cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */ diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 4b1ae32b..3040aa40 100644 +index 4b1ae32bd2..3040aa4027 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -861,6 +861,7 @@ struct ARMCPU { @@ -79,7 +79,7 @@ index 4b1ae32b..3040aa40 100644 uint64_t mp_affinity; /* MP ID without feature bits */ /* The elements of this array are the CCSIDR values for each cache, diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index aa96548f..7ad8b5e2 100644 +index aa96548f10..7ad8b5e237 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -140,7 +140,7 @@ static void aarch64_a57_initfn(Object *obj) @@ -110,7 +110,7 @@ index aa96548f..7ad8b5e2 100644 cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */ cpu->ccsidr[1] = 0x201fe012; /* 48KB L1 icache */ diff --git a/target/arm/helper.c b/target/arm/helper.c -index c1ff4b6b..60ff7c0f 100644 +index c1ff4b6bd0..60ff7c0fa1 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5597,7 +5597,7 @@ static void define_debug_regs(ARMCPU *cpu) @@ -123,7 +123,7 @@ index c1ff4b6b..60ff7c0f 100644 /* Note that all these register fields hold "number of Xs minus 1". */ diff --git a/target/arm/internals.h b/target/arm/internals.h -index a72d0a6c..1d01ecc4 100644 +index a72d0a6cd1..1d01ecc413 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -867,7 +867,7 @@ static inline int arm_num_brps(ARMCPU *cpu) @@ -154,5 +154,5 @@ index a72d0a6c..1d01ecc4 100644 } -- -2.25.1 +2.23.0 diff --git a/target-arm-Read-debug-related-ID-registers-from-KVM.patch b/target-arm-Read-debug-related-ID-registers-from-KVM.patch index 1be7cd1713a456204efcb412c1d76398991ef77d..6b8fc53b4af9103e75772518eab16ac2b818b374 100644 --- a/target-arm-Read-debug-related-ID-registers-from-KVM.patch +++ b/target-arm-Read-debug-related-ID-registers-from-KVM.patch @@ -1,7 +1,7 @@ -From 9cda8af5af9e95e7b0ff683d0fb661c1ffcba8d8 Mon Sep 17 00:00:00 2001 +From c071ccb821715e9cb6d223a64b39f24f985326e7 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:07 +0000 -Subject: [PATCH 11/13] target/arm: Read debug-related ID registers from KVM +Subject: [PATCH] target/arm: Read debug-related ID registers from KVM Now we have isar_feature test functions that look at fields in the ID_AA64DFR0_EL1 and ID_DFR0 ID registers, add the code that reads @@ -24,7 +24,7 @@ Message-id: 20200214175116.9164-13-peter.maydell@linaro.org 3 files changed, 49 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index a78c30c3..56d8cd8c 100644 +index a78c30c355..56d8cd8ce6 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -848,6 +848,11 @@ struct ARMCPU { @@ -40,7 +40,7 @@ index a78c30c3..56d8cd8c 100644 struct ARMISARegisters { uint32_t id_isar0; diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c -index 2247148e..e984d52d 100644 +index 2247148e25..e984d52dd2 100644 --- a/target/arm/kvm32.c +++ b/target/arm/kvm32.c @@ -93,6 +93,9 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) @@ -66,7 +66,7 @@ index 2247148e..e984d52d 100644 if (err < 0) { diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c -index 276d1466..2a88b8df 100644 +index 276d146600..2a88b8df37 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -533,6 +533,10 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) @@ -127,5 +127,5 @@ index 276d1466..2a88b8df 100644 kvm_arm_destroy_scratch_host_vcpu(fdarray); -- -2.25.1 +2.23.0 diff --git a/target-arm-Stop-assuming-DBGDIDR-always-exists.patch b/target-arm-Stop-assuming-DBGDIDR-always-exists.patch index c7648c5430ebd61b2267a184ad16828dd8d25015..b82584edcc813e3e05b05ee799f81ea129813556 100644 --- a/target-arm-Stop-assuming-DBGDIDR-always-exists.patch +++ b/target-arm-Stop-assuming-DBGDIDR-always-exists.patch @@ -1,7 +1,7 @@ -From 1d4d4cda9637ec09f8cf30785f68b58cd46815c8 Mon Sep 17 00:00:00 2001 +From afd571307358e2663c58031d996f4df77c7f2141 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:05 +0000 -Subject: [PATCH 07/13] target/arm: Stop assuming DBGDIDR always exists +Subject: [PATCH] target/arm: Stop assuming DBGDIDR always exists The AArch32 DBGDIDR defines properties like the number of breakpoints, watchpoints and context-matching comparators. On an @@ -38,7 +38,7 @@ Message-id: 20200214175116.9164-11-peter.maydell@linaro.org 4 files changed, 57 insertions(+), 19 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 230130be..4b1ae32b 100644 +index 230130be81..4b1ae32bd2 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1798,6 +1798,13 @@ FIELD(ID_DFR0, MPROFDBG, 20, 4) @@ -56,7 +56,7 @@ index 230130be..4b1ae32b 100644 FIELD(MVFR0, FPSP, 4, 4) FIELD(MVFR0, FPDP, 8, 4) diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c -index dde80273..3f8f667d 100644 +index dde80273ff..3f8f667df7 100644 --- a/target/arm/debug_helper.c +++ b/target/arm/debug_helper.c @@ -16,8 +16,8 @@ static bool linked_bp_matches(ARMCPU *cpu, int lbn) @@ -80,7 +80,7 @@ index dde80273..3f8f667d 100644 } diff --git a/target/arm/helper.c b/target/arm/helper.c -index a71f4ef6..c1ff4b6b 100644 +index a71f4ef62d..c1ff4b6bd0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5601,23 +5601,12 @@ static void define_debug_regs(ARMCPU *cpu) @@ -129,7 +129,7 @@ index a71f4ef6..c1ff4b6b 100644 { .name = "DBGWVR", .state = ARM_CP_STATE_BOTH, .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6, diff --git a/target/arm/internals.h b/target/arm/internals.h -index 232d9638..a72d0a6c 100644 +index 232d963875..a72d0a6cd1 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -857,6 +857,48 @@ static inline uint32_t arm_debug_exception_fsr(CPUARMState *env) @@ -182,5 +182,5 @@ index 232d9638..a72d0a6c 100644 * Thus a TCGMemOpIdx, without any MO_ALIGN bits, fits in 8 bits. */ -- -2.25.1 +2.23.0 diff --git a/target-arm-Test-correct-register-in-aa32_pan-and-aa3.patch b/target-arm-Test-correct-register-in-aa32_pan-and-aa3.patch index ecbaf7750c42aab1efade6d50e53fd7e92762883..36e76879c42c56fd48e31bb69ef6d961fa31bb5f 100644 --- a/target-arm-Test-correct-register-in-aa32_pan-and-aa3.patch +++ b/target-arm-Test-correct-register-in-aa32_pan-and-aa3.patch @@ -1,8 +1,8 @@ -From 2bc630dc858bd0c010b7c375ebf1e8f4b4e0e346 Mon Sep 17 00:00:00 2001 +From a70325ccaa7932aadc0783b05f881e6b304cac0d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:13 +0000 -Subject: [PATCH 10/13] target/arm: Test correct register in aa32_pan and - aa32_ats1e1 checks +Subject: [PATCH] target/arm: Test correct register in aa32_pan and aa32_ats1e1 + checks The isar_feature_aa32_pan and isar_feature_aa32_ats1e1 functions are supposed to be testing fields in ID_MMFR3; but a cut-and-paste @@ -27,7 +27,7 @@ Message-id: 20200214175116.9164-19-peter.maydell@linaro.org 7 files changed, 106 insertions(+), 79 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c -index 0741db7b..f7ef6ad1 100644 +index 0741db7b0b..f7ef6ad141 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1227,13 +1227,13 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) @@ -49,7 +49,7 @@ index 0741db7b..f7ef6ad1 100644 return cpu->isar.id_isar0; case 0xd64: /* ISAR1. */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index 119bd275..c3728e3d 100644 +index 119bd27558..c3728e3d95 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1764,9 +1764,9 @@ static void arm1136_r2_initfn(Object *obj) @@ -243,7 +243,7 @@ index 119bd275..c3728e3d 100644 #endif } diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 3040aa40..a78c30c3 100644 +index 3040aa4027..a78c30c355 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -857,6 +857,11 @@ struct ARMCPU { @@ -286,7 +286,7 @@ index 3040aa40..a78c30c3 100644 static inline bool isar_feature_aa32_pmu_8_1(const ARMISARegisters *id) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index a0d07fd7..d450b8c8 100644 +index a0d07fd78e..d450b8c8d7 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -125,10 +125,10 @@ static void aarch64_a57_initfn(Object *obj) @@ -347,7 +347,7 @@ index a0d07fd7..d450b8c8 100644 /* * FIXME: We do not yet support ARMv8.2-fp16 for AArch32 yet, diff --git a/target/arm/helper.c b/target/arm/helper.c -index 60ff7c0f..49cd7a7e 100644 +index 60ff7c0fa1..49cd7a7ee4 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5906,19 +5906,19 @@ void register_cp_regs_for_features(ARMCPU *cpu) @@ -393,7 +393,7 @@ index 60ff7c0f..49cd7a7e 100644 } } diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c -index ee158830..2247148e 100644 +index ee1588305d..2247148e25 100644 --- a/target/arm/kvm32.c +++ b/target/arm/kvm32.c @@ -104,6 +104,23 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) @@ -421,7 +421,7 @@ index ee158830..2247148e 100644 if (err < 0) { diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c -index b794108a..276d1466 100644 +index b794108a06..276d146600 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -551,6 +551,14 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) @@ -449,5 +449,5 @@ index b794108a..276d1466 100644 ARM64_SYS_REG(3, 0, 0, 2, 7)); -- -2.25.1 +2.23.0 diff --git a/target-arm-Update-ID-fields.patch b/target-arm-Update-ID-fields.patch index 94ed8027c9e238f384e767bc88c209749eee234e..acf89610f83c140a0aa695314d36a8df010ce334 100644 --- a/target-arm-Update-ID-fields.patch +++ b/target-arm-Update-ID-fields.patch @@ -1,7 +1,7 @@ -From 47c76d73a435884b66ce6417cb853893099be5eb Mon Sep 17 00:00:00 2001 +From f87ed4385cdadf4af38b76385d2aa581b7ade6c9 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Tue, 11 Aug 2020 10:18:57 +0800 -Subject: [PATCH 8/9] target/arm: Update ID fields +Subject: [PATCH] target/arm: Update ID fields Update definitions for ID fields, up to ARMv8.6. @@ -12,7 +12,7 @@ Signed-off-by: Peng Liang 1 file changed, 17 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 068c3fa2..eb875e11 100644 +index 068c3fa2ad..eb875e112a 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1691,6 +1691,8 @@ FIELD(ID_ISAR6, DP, 4, 4) @@ -80,5 +80,5 @@ index 068c3fa2..eb875e11 100644 FIELD(ID_DFR0, COPDBG, 0, 4) FIELD(ID_DFR0, COPSDBG, 4, 4) -- -2.25.1 +2.23.0 diff --git a/target-arm-Use-FIELD-macros-for-clearing-ID_DFR0-PER.patch b/target-arm-Use-FIELD-macros-for-clearing-ID_DFR0-PER.patch index 0e32f85104cb492dba2d0e72aa6138342ef960db..1735dae51d34ff0dd19581d1379bd787ff3f676f 100644 --- a/target-arm-Use-FIELD-macros-for-clearing-ID_DFR0-PER.patch +++ b/target-arm-Use-FIELD-macros-for-clearing-ID_DFR0-PER.patch @@ -1,8 +1,8 @@ -From f54cdca97bf86f5ca1df8471bc229b89797b287e Mon Sep 17 00:00:00 2001 +From 7f32b76a262ab0076f13d63eaf9cca230192c2d5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 14 Feb 2020 17:51:02 +0000 -Subject: [PATCH 04/13] target/arm: Use FIELD macros for clearing ID_DFR0 - PERFMON field +Subject: [PATCH] target/arm: Use FIELD macros for clearing ID_DFR0 PERFMON + field MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -19,7 +19,7 @@ Message-id: 20200214175116.9164-8-peter.maydell@linaro.org 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index dbd05e01..6ad211b1 100644 +index dbd05e0113..6ad211b138 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1523,7 +1523,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) @@ -32,5 +32,5 @@ index dbd05e01..6ad211b1 100644 cpu->pmceid1 = 0; } -- -2.25.1 +2.23.0 diff --git a/target-arm-convert-isar-regs-to-array.patch b/target-arm-convert-isar-regs-to-array.patch index 528371212aad42f034db62858b1a2da2cdcba79d..d6e1a51bb5576cb387acc5791f608c212f1ba00c 100644 --- a/target-arm-convert-isar-regs-to-array.patch +++ b/target-arm-convert-isar-regs-to-array.patch @@ -1,7 +1,7 @@ -From ac92f0f7bbf7cf063ba45fbfaf7e7970dd76544a Mon Sep 17 00:00:00 2001 +From 5b5976d6d99a55bdaf0f1596c8b0706366d0df92 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:25 +0800 -Subject: [PATCH 1/9] target/arm: convert isar regs to array +Subject: [PATCH] target/arm: convert isar regs to array The isar in ARMCPU is a struct, each field of which represents an ID register. It's not convenient for us to support CPU feature in AArch64. @@ -23,7 +23,7 @@ Signed-off-by: Peng Liang 7 files changed, 478 insertions(+), 463 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c -index f7ef6ad1..5013ec97 100644 +index f7ef6ad141..5013ec978c 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1223,29 +1223,29 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) @@ -83,7 +83,7 @@ index f7ef6ad1..5013ec97 100644 bad_offset: qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset); diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index c3728e3d..5bcdad0c 100644 +index c3728e3d95..5bcdad0c5e 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -170,9 +170,9 @@ static void arm_cpu_reset(CPUState *s) @@ -830,7 +830,7 @@ index c3728e3d..5bcdad0c 100644 #endif } diff --git a/target/arm/cpu.h b/target/arm/cpu.h -index 56d8cd8c..7bb481fb 100644 +index 56d8cd8ce6..7bb481fb4d 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -63,6 +63,37 @@ @@ -1280,7 +1280,7 @@ index 56d8cd8c..7bb481fb 100644 static inline bool isar_feature_any_pmu_8_1(const ARMISARegisters *id) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index d450b8c8..fe648752 100644 +index d450b8c8d7..fe64875216 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -116,31 +116,31 @@ static void aarch64_a57_initfn(Object *obj) @@ -1533,7 +1533,7 @@ index d450b8c8..fe648752 100644 /* * FIXME: We do not yet support ARMv8.2-fp16 for AArch32 yet, diff --git a/target/arm/helper.c b/target/arm/helper.c -index 49cd7a7e..459af431 100644 +index 49cd7a7ee4..459af43101 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -5597,7 +5597,7 @@ static void define_debug_regs(ARMCPU *cpu) @@ -1712,7 +1712,7 @@ index 49cd7a7e..459af431 100644 } } diff --git a/target/arm/internals.h b/target/arm/internals.h -index 1d01ecc4..2da13ba8 100644 +index 1d01ecc413..2da13ba807 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -237,7 +237,7 @@ static inline unsigned int arm_pamax(ARMCPU *cpu) @@ -1762,7 +1762,7 @@ index 1d01ecc4..2da13ba8 100644 } diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c -index 2a88b8df..06cf31e8 100644 +index 2a88b8df37..06cf31e809 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -455,7 +455,7 @@ static inline void unset_feature(uint64_t *features, int feature) @@ -1904,5 +1904,5 @@ index 2a88b8df..06cf31e8 100644 } -- -2.25.1 +2.23.0 diff --git a/target-arm-ignore-evtstrm-and-cpuid-CPU-features.patch b/target-arm-ignore-evtstrm-and-cpuid-CPU-features.patch index cf9bb73b8f5bf63c5e073042ca137266fd28e894..297b896b9a6250ca70a4a2d9e9ae86cf77ba39bd 100644 --- a/target-arm-ignore-evtstrm-and-cpuid-CPU-features.patch +++ b/target-arm-ignore-evtstrm-and-cpuid-CPU-features.patch @@ -1,4 +1,4 @@ -From dfedc889fafd35efd4f8382b7672bf0e556f9f45 Mon Sep 17 00:00:00 2001 +From 02f8ee8f420e62aff233748c7e848a1c1197b741 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Mon, 7 Sep 2020 14:07:07 +0800 Subject: [PATCH] target/arm: ignore evtstrm and cpuid CPU features @@ -19,7 +19,7 @@ Signed-off-by: Peng Liang 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index 7de20848..726d123d 100644 +index 7de208488c..726d123d8e 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -506,10 +506,37 @@ static void arm_cpu_parse_featurestr(const char *typename, char *features, @@ -62,5 +62,5 @@ index 7de20848..726d123d 100644 prop->property = g_strdup(name); prop->value = g_strdup(val); -- -2.28.0 +2.23.0 diff --git a/target-arm-introduce-CPU-feature-dependency-mechanis.patch b/target-arm-introduce-CPU-feature-dependency-mechanis.patch index 8c47cba243d4890cfc205c6c9b5b04b37705664f..6d7da53afeaa0d009e6907c2d2fabfd342867f93 100644 --- a/target-arm-introduce-CPU-feature-dependency-mechanis.patch +++ b/target-arm-introduce-CPU-feature-dependency-mechanis.patch @@ -1,7 +1,7 @@ -From da538bb9d1acc22543a2b7b07ae35a62386bf226 Mon Sep 17 00:00:00 2001 +From 9a16d2b2389664aa50e63c33af0ea94afb45185b Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:46 +0800 -Subject: [PATCH 5/9] target/arm: introduce CPU feature dependency mechanism +Subject: [PATCH] target/arm: introduce CPU feature dependency mechanism Some CPU features are dependent on other CPU features. For example, ID_AA64PFR0_EL1.FP field and ID_AA64PFR0_EL1.AdvSIMD must have the same @@ -26,7 +26,7 @@ Signed-off-by: Peng Liang 1 file changed, 129 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index 3f63312c..d5576538 100644 +index 3f63312c85..d55765386b 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1306,6 +1306,103 @@ static struct CPUFeatureInfo cpu_features[] = { @@ -180,5 +180,5 @@ index 3f63312c..d5576538 100644 } -- -2.25.1 +2.23.0 diff --git a/target-arm-introduce-KVM_CAP_ARM_CPU_FEATURE.patch b/target-arm-introduce-KVM_CAP_ARM_CPU_FEATURE.patch index 0477419196061a5e452363845ffd4591bfc5ef21..c3e20ec46d0f23d34f792a2f1bf6f52b1ba3ee8e 100644 --- a/target-arm-introduce-KVM_CAP_ARM_CPU_FEATURE.patch +++ b/target-arm-introduce-KVM_CAP_ARM_CPU_FEATURE.patch @@ -1,7 +1,7 @@ -From 7ed595242f52d0654982d41a9c2a63be2bc3378e Mon Sep 17 00:00:00 2001 +From e55671b1d033f8815316407e0274fd85f48bc4df Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:55 +0800 -Subject: [PATCH 6/9] target/arm: introduce KVM_CAP_ARM_CPU_FEATURE +Subject: [PATCH] target/arm: introduce KVM_CAP_ARM_CPU_FEATURE Introduce KVM_CAP_ARM_CPU_FEATURE to check whether KVM supports to set CPU features in ARM. @@ -16,7 +16,7 @@ Signed-off-by: Peng Liang 4 files changed, 28 insertions(+) diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h -index 744e888e..4844edc3 100644 +index 744e888e68..4844edc3a3 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -995,6 +995,8 @@ struct kvm_ppc_resize_hpt { @@ -29,7 +29,7 @@ index 744e888e..4844edc3 100644 struct kvm_irq_routing_irqchip { diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index d5576538..db46afba 100644 +index d55765386b..db46afba7b 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1427,6 +1427,11 @@ static void arm_cpu_set_bit_prop(Object *obj, Visitor *v, const char *name, @@ -45,7 +45,7 @@ index d5576538..db46afba 100644 qdev_prop_set_after_realize(dev, name, errp); return; diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c -index 06cf31e8..05345556 100644 +index 06cf31e809..05345556dd 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -644,6 +644,20 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) @@ -70,7 +70,7 @@ index 06cf31e8..05345556 100644 int kvm_arch_init_vcpu(CPUState *cs) diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h -index 9b7104d6..49e80878 100644 +index 9b7104d622..49e80878f4 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -239,6 +239,13 @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu); @@ -88,5 +88,5 @@ index 9b7104d6..49e80878 100644 * kvm_arm_get_max_vm_ipa_size: * @ms: Machine state handle -- -2.25.1 +2.23.0 diff --git a/target-arm-monitor-Introduce-qmp_query_cpu_model_exp.patch b/target-arm-monitor-Introduce-qmp_query_cpu_model_exp.patch index 30f14bafcc5b70310e462e9b4f5ca5cb91708cef..36c4deb43e6a668d0b682b7a5b4614d861a8526b 100644 --- a/target-arm-monitor-Introduce-qmp_query_cpu_model_exp.patch +++ b/target-arm-monitor-Introduce-qmp_query_cpu_model_exp.patch @@ -1,8 +1,7 @@ -From c527fa45dd0bb03c7f35b79ff53f127297f96314 Mon Sep 17 00:00:00 2001 +From 243e374dacca4a884cd0f99261aea3b39eea932e Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 31 Oct 2019 15:27:26 +0100 -Subject: [PATCH 12/13] target/arm/monitor: Introduce - qmp_query_cpu_model_expansion +Subject: [PATCH] target/arm/monitor: Introduce qmp_query_cpu_model_expansion Add support for the query-cpu-model-expansion QMP command to Arm. We do this selectively, only exposing CPU properties which represent @@ -35,7 +34,7 @@ Signed-off-by: Peter Maydell diff --git a/docs/arm-cpu-features.rst b/docs/arm-cpu-features.rst new file mode 100644 -index 00000000..c79dcffb +index 0000000000..c79dcffb55 --- /dev/null +++ b/docs/arm-cpu-features.rst @@ -0,0 +1,137 @@ @@ -177,7 +176,7 @@ index 00000000..c79dcffb +The example above disables the PMU for the `max` CPU type. + diff --git a/qapi/machine-target.json b/qapi/machine-target.json -index 55310a6a..04623224 100644 +index 55310a6aa2..0462322472 100644 --- a/qapi/machine-target.json +++ b/qapi/machine-target.json @@ -212,7 +212,7 @@ @@ -208,7 +207,7 @@ index 55310a6a..04623224 100644 ## # @CpuDefinitionInfo: diff --git a/target/arm/monitor.c b/target/arm/monitor.c -index 6ec6dd04..560970de 100644 +index 6ec6dd04ac..560970de7f 100644 --- a/target/arm/monitor.c +++ b/target/arm/monitor.c @@ -23,7 +23,14 @@ @@ -369,5 +368,5 @@ index 6ec6dd04..560970de 100644 + return expansion_info; +} -- -2.25.1 +2.23.0 diff --git a/target-arm-monitor-query-cpu-model-expansion-crashed.patch b/target-arm-monitor-query-cpu-model-expansion-crashed.patch index 60973a7c2233a8e57f23d89c69a0c3a972835e8b..4297c1137d583e881a789ad2fe7f0a0a2e77c723 100644 --- a/target-arm-monitor-query-cpu-model-expansion-crashed.patch +++ b/target-arm-monitor-query-cpu-model-expansion-crashed.patch @@ -1,8 +1,8 @@ -From 5d75b922480f3fbefe83b5bb5e241e56a16e1e3e Mon Sep 17 00:00:00 2001 +From 8e85ef371cce80bb597a73bc49b2672d8bd1eedf Mon Sep 17 00:00:00 2001 From: Liang Yan Date: Fri, 7 Feb 2020 14:04:21 +0000 -Subject: [PATCH 13/13] target/arm/monitor: query-cpu-model-expansion crashed - qemu when using machine type none +Subject: [PATCH] target/arm/monitor: query-cpu-model-expansion crashed qemu + when using machine type none Commit e19afd566781 mentioned that target-arm only supports queryable cpu models 'max', 'host', and the current type when KVM is in use. @@ -24,7 +24,7 @@ Signed-off-by: Peter Maydell 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/target/arm/monitor.c b/target/arm/monitor.c -index 560970de..e2b1d117 100644 +index 560970de7f..e2b1d117a4 100644 --- a/target/arm/monitor.c +++ b/target/arm/monitor.c @@ -131,17 +131,20 @@ CpuModelExpansionInfo *qmp_query_cpu_model_expansion(CpuModelExpansionType type, @@ -55,5 +55,5 @@ index 560970de..e2b1d117 100644 if (!supported) { error_setg(errp, "We cannot guarantee the CPU type '%s' works " -- -2.25.1 +2.23.0 diff --git a/target-arm-parse-cpu-feature-related-options.patch b/target-arm-parse-cpu-feature-related-options.patch index 066e231af6266d21eecaf5d0c519b8a6aa4069d6..fe5df01607f58394f420b99e30ed2dc11c63e339 100644 --- a/target-arm-parse-cpu-feature-related-options.patch +++ b/target-arm-parse-cpu-feature-related-options.patch @@ -1,7 +1,7 @@ -From dca1df05ce3d6b17d03203fc6fd94e23548216c7 Mon Sep 17 00:00:00 2001 +From d7d6c711c44f18d34c7d5e730dd66da3664e02d5 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:35 +0800 -Subject: [PATCH 2/9] target/arm: parse cpu feature related options +Subject: [PATCH] target/arm: parse cpu feature related options The implementation of CPUClass::parse_features only supports CPU features in "feature=value" format. However, libvirt maybe send us a @@ -19,7 +19,7 @@ Signed-off-by: Peng Liang 1 file changed, 83 insertions(+) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c -index fe648752..7de20848 100644 +index fe64875216..7de208488c 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -506,6 +506,88 @@ static void arm_cpu_parse_featurestr(const char *typename, char *features, @@ -120,5 +120,5 @@ index fe648752..7de20848 100644 static void aarch64_cpu_instance_init(Object *obj) -- -2.25.1 +2.23.0 diff --git a/target-arm-register-CPU-features-for-property.patch b/target-arm-register-CPU-features-for-property.patch index ea42a63ea7620fc790d01ae94590fb4336e12c32..cdba0269e07170d74e2ef76819f3753045138b21 100644 --- a/target-arm-register-CPU-features-for-property.patch +++ b/target-arm-register-CPU-features-for-property.patch @@ -1,7 +1,7 @@ -From f169b1f76cad9f727c701df853b05ad5e8d7f927 Mon Sep 17 00:00:00 2001 +From 234f15e02b3b6e7195cc2cba0de3b7053dc9da09 Mon Sep 17 00:00:00 2001 From: Peng Liang Date: Thu, 6 Aug 2020 16:14:37 +0800 -Subject: [PATCH 3/9] target/arm: register CPU features for property +Subject: [PATCH] target/arm: register CPU features for property The Arm architecture specifies a number of ID registers that are characterized as comprising a set of 4-bit ID fields. Each ID field @@ -33,7 +33,7 @@ Signed-off-by: Peng Liang 1 file changed, 343 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c -index 5bcdad0c..3f63312c 100644 +index 5bcdad0c5e..3f63312c85 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1034,6 +1034,347 @@ static void arm_set_init_svtor(Object *obj, Visitor *v, const char *name, @@ -394,5 +394,5 @@ index 5bcdad0c..3f63312c 100644 static void arm_cpu_finalizefn(Object *obj) -- -2.25.1 +2.23.0 diff --git a/test-tpm-pass-optional-machine-options-to-swtpm-test.patch b/test-tpm-pass-optional-machine-options-to-swtpm-test.patch index fe7fd4ac907813d676cdf0c2a713e31279c29685..de9e110073c856f3d813faaef198a9cb5addc34e 100644 --- a/test-tpm-pass-optional-machine-options-to-swtpm-test.patch +++ b/test-tpm-pass-optional-machine-options-to-swtpm-test.patch @@ -1,7 +1,7 @@ -From c06a3ceacc1793bc1cfe5c2a6ed510c9aea8253d Mon Sep 17 00:00:00 2001 +From a324cab51d84396d15f4cb0c78abe2dae17e3093 Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Thu, 13 Aug 2020 20:28:25 +0800 -Subject: [PATCH 17/19] test: tpm: pass optional machine options to swtpm test +Subject: [PATCH] test: tpm: pass optional machine options to swtpm test functions We plan to use swtpm test functions on ARM for testing the @@ -25,7 +25,7 @@ Signed-off-by: jiangfangjie 6 files changed, 23 insertions(+), 13 deletions(-) diff --git a/tests/tpm-crb-swtpm-test.c b/tests/tpm-crb-swtpm-test.c -index 2c4fb8ae..5228cb7a 100644 +index 2c4fb8ae29..5228cb7af4 100644 --- a/tests/tpm-crb-swtpm-test.c +++ b/tests/tpm-crb-swtpm-test.c @@ -29,7 +29,8 @@ static void tpm_crb_swtpm_test(const void *data) @@ -48,7 +48,7 @@ index 2c4fb8ae..5228cb7a 100644 int main(int argc, char **argv) diff --git a/tests/tpm-tests.c b/tests/tpm-tests.c -index e640777a..d823bda8 100644 +index e640777aa9..d823bda843 100644 --- a/tests/tpm-tests.c +++ b/tests/tpm-tests.c @@ -30,7 +30,7 @@ tpm_test_swtpm_skip(void) @@ -93,7 +93,7 @@ index e640777a..d823bda8 100644 tpm_util_startup(src_qemu, tx); tpm_util_pcrextend(src_qemu, tx); diff --git a/tests/tpm-tests.h b/tests/tpm-tests.h -index b97688fe..a5df35ab 100644 +index b97688fe75..a5df35ab5b 100644 --- a/tests/tpm-tests.h +++ b/tests/tpm-tests.h @@ -16,11 +16,12 @@ @@ -112,7 +112,7 @@ index b97688fe..a5df35ab 100644 #endif /* TESTS_TPM_TESTS_H */ diff --git a/tests/tpm-tis-swtpm-test.c b/tests/tpm-tis-swtpm-test.c -index 9f58a3a9..9470f157 100644 +index 9f58a3a92b..9470f15751 100644 --- a/tests/tpm-tis-swtpm-test.c +++ b/tests/tpm-tis-swtpm-test.c @@ -29,7 +29,8 @@ static void tpm_tis_swtpm_test(const void *data) @@ -135,7 +135,7 @@ index 9f58a3a9..9470f157 100644 int main(int argc, char **argv) diff --git a/tests/tpm-util.c b/tests/tpm-util.c -index e08b1376..7ecdae2f 100644 +index e08b137651..7ecdae2fc6 100644 --- a/tests/tpm-util.c +++ b/tests/tpm-util.c @@ -258,23 +258,27 @@ void tpm_util_migration_start_qemu(QTestState **src_qemu, @@ -169,7 +169,7 @@ index e08b1376..7ecdae2f 100644 ifmodel, miguri); diff --git a/tests/tpm-util.h b/tests/tpm-util.h -index 5755698a..15e39249 100644 +index 5755698ad2..15e3924942 100644 --- a/tests/tpm-util.h +++ b/tests/tpm-util.h @@ -44,7 +44,8 @@ void tpm_util_migration_start_qemu(QTestState **src_qemu, diff --git a/test-tpm-tis-Add-Sysbus-TPM-TIS-device-test.patch b/test-tpm-tis-Add-Sysbus-TPM-TIS-device-test.patch index fe33c8f4bd99eba304dc696d70a5126c559cd052..1c1ebc8f1b7e89aa2650902c7e3c14c30c563067 100644 --- a/test-tpm-tis-Add-Sysbus-TPM-TIS-device-test.patch +++ b/test-tpm-tis-Add-Sysbus-TPM-TIS-device-test.patch @@ -1,7 +1,7 @@ -From 2d28c0edddeaee5e4aa6e8c6b109776cddc1c4e4 Mon Sep 17 00:00:00 2001 +From 7735c9f0f0cf9ed17bbfecb7cf784c675aa94ce3 Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Thu, 13 Aug 2020 21:37:23 +0800 -Subject: [PATCH 19/19] test: tpm-tis: Add Sysbus TPM-TIS device test +Subject: [PATCH] test: tpm-tis: Add Sysbus TPM-TIS device test The tests themselves are the same as the ISA device ones. Only the main() changes as the tpm-tis-device device gets @@ -23,10 +23,10 @@ Signed-off-by: jiangfangjie create mode 100644 tests/tpm-tis-device-test.c diff --git a/tests/Makefile.include b/tests/Makefile.include -index 950b32a2..d6de4e10 100644 +index 077ddf57ac..1b7398996e 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include -@@ -263,6 +263,8 @@ check-qtest-arm-y += tests/boot-serial-test$(EXESUF) +@@ -264,6 +264,8 @@ check-qtest-arm-y += tests/boot-serial-test$(EXESUF) check-qtest-arm-y += tests/hexloader-test$(EXESUF) check-qtest-arm-$(CONFIG_PFLASH_CFI02) += tests/pflash-cfi02-test$(EXESUF) @@ -35,7 +35,7 @@ index 950b32a2..d6de4e10 100644 check-qtest-aarch64-y = tests/numa-test$(EXESUF) check-qtest-aarch64-y += tests/boot-serial-test$(EXESUF) check-qtest-aarch64-y += tests/migration-test$(EXESUF) -@@ -667,7 +669,10 @@ tests/tpm-crb-swtpm-test$(EXESUF): tests/tpm-crb-swtpm-test.o tests/tpm-emu.o \ +@@ -670,7 +672,10 @@ tests/tpm-crb-swtpm-test$(EXESUF): tests/tpm-crb-swtpm-test.o tests/tpm-emu.o \ tests/tpm-crb-test$(EXESUF): tests/tpm-crb-test.o tests/tpm-emu.o $(test-io-obj-y) tests/tpm-tis-swtpm-test$(EXESUF): tests/tpm-tis-swtpm-test.o tests/tpm-emu.o \ tests/tpm-util.o tests/tpm-tests.o $(test-io-obj-y) @@ -48,7 +48,7 @@ index 950b32a2..d6de4e10 100644 tests/test-io-channel-tls$(EXESUF): tests/test-io-channel-tls.o \ diff --git a/tests/tpm-tis-device-swtpm-test.c b/tests/tpm-tis-device-swtpm-test.c new file mode 100644 -index 00000000..7b200351 +index 0000000000..7b20035142 --- /dev/null +++ b/tests/tpm-tis-device-swtpm-test.c @@ -0,0 +1,76 @@ @@ -130,7 +130,7 @@ index 00000000..7b200351 +} diff --git a/tests/tpm-tis-device-test.c b/tests/tpm-tis-device-test.c new file mode 100644 -index 00000000..63ed3644 +index 0000000000..63ed36440f --- /dev/null +++ b/tests/tpm-tis-device-test.c @@ -0,0 +1,87 @@ diff --git a/test-tpm-tis-Get-prepared-to-share-tests-between-ISA.patch b/test-tpm-tis-Get-prepared-to-share-tests-between-ISA.patch index 4c7be00a5f1d015d5da4fcf4791e6a175f0ff9c7..6b605d770198ceb91f6ff0d4de41b18fd6093892 100644 --- a/test-tpm-tis-Get-prepared-to-share-tests-between-ISA.patch +++ b/test-tpm-tis-Get-prepared-to-share-tests-between-ISA.patch @@ -1,8 +1,8 @@ -From c8ed2a1fbe306ecbfb5c7d4156ae81c029829d95 Mon Sep 17 00:00:00 2001 +From 7f662f57ade6dba9e855e604e7d9b3865af483f5 Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Thu, 13 Aug 2020 20:56:54 +0800 -Subject: [PATCH 18/19] test: tpm-tis: Get prepared to share tests between ISA - and sysbus devices +Subject: [PATCH] test: tpm-tis: Get prepared to share tests between ISA and + sysbus devices ISA and sysbus TPM-TIS devices will share their tests. Only the main() will change (instantiation option is different). @@ -37,10 +37,10 @@ Signed-off-by: jiangfangjie create mode 100644 tests/tpm-tis-util.h diff --git a/tests/Makefile.include b/tests/Makefile.include -index c151de64..950b32a2 100644 +index b9da8d3a9e..077ddf57ac 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include -@@ -667,7 +667,7 @@ tests/tpm-crb-swtpm-test$(EXESUF): tests/tpm-crb-swtpm-test.o tests/tpm-emu.o \ +@@ -670,7 +670,7 @@ tests/tpm-crb-swtpm-test$(EXESUF): tests/tpm-crb-swtpm-test.o tests/tpm-emu.o \ tests/tpm-crb-test$(EXESUF): tests/tpm-crb-test.o tests/tpm-emu.o $(test-io-obj-y) tests/tpm-tis-swtpm-test$(EXESUF): tests/tpm-tis-swtpm-test.o tests/tpm-emu.o \ tests/tpm-util.o tests/tpm-tests.o $(test-io-obj-y) @@ -50,7 +50,7 @@ index c151de64..950b32a2 100644 tests/io-channel-helpers.o $(test-io-obj-y) tests/test-io-channel-tls$(EXESUF): tests/test-io-channel-tls.o \ diff --git a/tests/tpm-crb-swtpm-test.c b/tests/tpm-crb-swtpm-test.c -index 5228cb7a..55fdb565 100644 +index 5228cb7af4..55fdb5657d 100644 --- a/tests/tpm-crb-swtpm-test.c +++ b/tests/tpm-crb-swtpm-test.c @@ -18,6 +18,10 @@ @@ -65,7 +65,7 @@ index 5228cb7a..55fdb565 100644 typedef struct TestState { char *src_tpm_path; diff --git a/tests/tpm-crb-test.c b/tests/tpm-crb-test.c -index a139caa5..32695810 100644 +index a139caa51d..3269581002 100644 --- a/tests/tpm-crb-test.c +++ b/tests/tpm-crb-test.c @@ -19,6 +19,9 @@ @@ -79,7 +79,7 @@ index a139caa5..32695810 100644 static void tpm_crb_test(const void *data) diff --git a/tests/tpm-tis-swtpm-test.c b/tests/tpm-tis-swtpm-test.c -index 9470f157..90131cb3 100644 +index 9470f15751..90131cb3c4 100644 --- a/tests/tpm-tis-swtpm-test.c +++ b/tests/tpm-tis-swtpm-test.c @@ -18,6 +18,9 @@ @@ -93,7 +93,7 @@ index 9470f157..90131cb3 100644 typedef struct TestState { char *src_tpm_path; diff --git a/tests/tpm-tis-test.c b/tests/tpm-tis-test.c -index 92a7e95a..8042de13 100644 +index 92a7e95aad..8042de139a 100644 --- a/tests/tpm-tis-test.c +++ b/tests/tpm-tis-test.c @@ -1,5 +1,5 @@ @@ -525,7 +525,7 @@ index 92a7e95a..8042de13 100644 { diff --git a/tests/tpm-tis-util.c b/tests/tpm-tis-util.c new file mode 100644 -index 00000000..9aff503f +index 0000000000..61d568d3bf --- /dev/null +++ b/tests/tpm-tis-util.c @@ -0,0 +1,451 @@ @@ -982,7 +982,7 @@ index 00000000..9aff503f +} diff --git a/tests/tpm-tis-util.h b/tests/tpm-tis-util.h new file mode 100644 -index 00000000..d10efe86 +index 0000000000..d10efe86ae --- /dev/null +++ b/tests/tpm-tis-util.h @@ -0,0 +1,23 @@ @@ -1010,7 +1010,7 @@ index 00000000..d10efe86 + +#endif /* TESTS_TPM_TIS_UTIL_H */ diff --git a/tests/tpm-util.c b/tests/tpm-util.c -index 7ecdae2f..34efae8f 100644 +index 7ecdae2fc6..34efae8f18 100644 --- a/tests/tpm-util.c +++ b/tests/tpm-util.c @@ -19,9 +19,6 @@ @@ -1024,7 +1024,7 @@ index 7ecdae2f..34efae8f 100644 const unsigned char *req, size_t req_size, unsigned char *rsp, size_t rsp_size) diff --git a/tests/tpm-util.h b/tests/tpm-util.h -index 15e39249..3b97d690 100644 +index 15e3924942..3b97d69017 100644 --- a/tests/tpm-util.h +++ b/tests/tpm-util.h @@ -15,6 +15,11 @@ diff --git a/tests-Disalbe-filemonitor-testcase.patch b/tests-Disalbe-filemonitor-testcase.patch index b389299e35dd49154f6e660ee3d66237b15ec58b..7865225f5963c12d72e96608ae0697d05849ef75 100644 --- a/tests-Disalbe-filemonitor-testcase.patch +++ b/tests-Disalbe-filemonitor-testcase.patch @@ -1,4 +1,4 @@ -From 4f1eaa63065594276c11958e963377a09668d44b Mon Sep 17 00:00:00 2001 +From 3716566ec0d93e52901906da3e6ddac9960a89b4 Mon Sep 17 00:00:00 2001 From: Ying Fang Date: Thu, 6 Aug 2020 10:05:00 +0800 Subject: [PATCH] tests: Disalbe filemonitor testcase @@ -7,9 +7,12 @@ Since filemonitor testcase requires that host kernel being a LTS version, we cannot guarantee that on OBS system. Let's disable it by default. Signed-of-by: Ying Fang +--- + tests/Makefile.include | 3 --- + 1 file changed, 3 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include -index d8cf00c1..f3273ad3 100644 +index 1b7398996e..d6de4e1042 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -117,7 +117,6 @@ ifneq (,$(findstring qemu-ga,$(TOOLS))) @@ -20,7 +23,7 @@ index d8cf00c1..f3273ad3 100644 check-unit-y += tests/test-util-sockets$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-simple$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-list$(EXESUF) -@@ -654,8 +653,6 @@ tests/test-crypto-tlssession$(EXESUF): tests/test-crypto-tlssession.o \ +@@ -656,8 +655,6 @@ tests/test-crypto-tlssession$(EXESUF): tests/test-crypto-tlssession.o \ tests/crypto-tls-x509-helpers.o tests/pkix_asn1_tab.o \ tests/crypto-tls-psk-helpers.o \ $(test-crypto-obj-y) diff --git a/tpm-Add-the-SysBus-TPM-TIS-device.patch b/tpm-Add-the-SysBus-TPM-TIS-device.patch index e0a6254025932eb942b3a15d16b66d4808a33f42..fd99aefcfb2080b3cfa6167ae10a170c6482cc2f 100644 --- a/tpm-Add-the-SysBus-TPM-TIS-device.patch +++ b/tpm-Add-the-SysBus-TPM-TIS-device.patch @@ -1,7 +1,7 @@ -From 4fe655326eeae322b621dcc25c53af722d2e1afa Mon Sep 17 00:00:00 2001 +From 423aaad37f4e80895460c96f277b3cce30c9514b Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Tue, 11 Aug 2020 11:23:34 +0800 -Subject: [PATCH 14/19] tpm: Add the SysBus TPM TIS device +Subject: [PATCH] tpm: Add the SysBus TPM TIS device Introduce the tpm-tis-device which is a sysbus device and is bound to be used on ARM. @@ -22,7 +22,7 @@ Signed-off-by: jiangfangjie create mode 100644 hw/tpm/tpm_tis_sysbus.c diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig -index 686f8206..4794e7fe 100644 +index 686f8206bb..4794e7fe28 100644 --- a/hw/tpm/Kconfig +++ b/hw/tpm/Kconfig @@ -7,6 +7,11 @@ config TPM_TIS_ISA @@ -38,7 +38,7 @@ index 686f8206..4794e7fe 100644 bool depends on TPM diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs -index 3ef2036c..f1ec4beb 100644 +index 3ef2036cca..f1ec4beb95 100644 --- a/hw/tpm/Makefile.objs +++ b/hw/tpm/Makefile.objs @@ -1,6 +1,7 @@ @@ -51,7 +51,7 @@ index 3ef2036c..f1ec4beb 100644 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o diff --git a/hw/tpm/tpm_tis_sysbus.c b/hw/tpm/tpm_tis_sysbus.c new file mode 100644 -index 00000000..18c02aed +index 0000000000..4deabc7418 --- /dev/null +++ b/hw/tpm/tpm_tis_sysbus.c @@ -0,0 +1,159 @@ @@ -215,7 +215,7 @@ index 00000000..18c02aed + +type_init(tpm_tis_sysbus_register) diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h -index 1691b92c..f37851b1 100644 +index 1691b92c28..f37851b1aa 100644 --- a/include/sysemu/tpm.h +++ b/include/sysemu/tpm.h @@ -44,6 +44,7 @@ typedef struct TPMIfClass { diff --git a/tpm-Move-tpm_tis_show_buffer-to-tpm_util.c.patch b/tpm-Move-tpm_tis_show_buffer-to-tpm_util.c.patch index 93139b5e7f8284cecf6faa9930eaa8e802db13d9..c4434b214c0351d5c32fddbb24de3f5c10213888 100644 --- a/tpm-Move-tpm_tis_show_buffer-to-tpm_util.c.patch +++ b/tpm-Move-tpm_tis_show_buffer-to-tpm_util.c.patch @@ -1,7 +1,7 @@ -From c6cf45f38cb6e28cf4db42296fedcd5f26ca610b Mon Sep 17 00:00:00 2001 +From d0d17e49f456870f015a19bdececf2456a4e86ee Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 21 Jan 2020 10:29:30 -0500 -Subject: [PATCH 03/19] tpm: Move tpm_tis_show_buffer to tpm_util.c +Subject: [PATCH] tpm: Move tpm_tis_show_buffer to tpm_util.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +20,7 @@ Signed-off-by: jiangfangjie 4 files changed, 33 insertions(+), 29 deletions(-) diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c -index d6b32128..96a9ac48 100644 +index d6b3212890..96a9ac4866 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -104,30 +104,6 @@ static uint8_t tpm_tis_locality_from_addr(hwaddr addr) @@ -77,7 +77,7 @@ index d6b32128..96a9ac48 100644 if (TPM_TIS_IS_VALID_LOCTY(s->next_locty)) { diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c -index ee41757e..8643eb50 100644 +index ee41757ea2..8643eb50e8 100644 --- a/hw/tpm/tpm_util.c +++ b/hw/tpm/tpm_util.c @@ -350,3 +350,28 @@ void tpm_sized_buffer_reset(TPMSizedBuffer *tsb) @@ -110,7 +110,7 @@ index ee41757e..8643eb50 100644 + g_free(line_buffer); +} diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h -index f397ac21..7889081f 100644 +index f397ac21b8..7889081fba 100644 --- a/hw/tpm/tpm_util.h +++ b/hw/tpm/tpm_util.h @@ -79,4 +79,7 @@ typedef struct TPMSizedBuffer { @@ -122,7 +122,7 @@ index f397ac21..7889081f 100644 + #endif /* TPM_TPM_UTIL_H */ diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events -index 0b94aa15..82c45ee5 100644 +index 0b94aa1526..82c45ee542 100644 --- a/hw/tpm/trace-events +++ b/hw/tpm/trace-events @@ -14,6 +14,7 @@ tpm_util_get_buffer_size_len(uint32_t len, size_t expected) "tpm_resp->len = %u, diff --git a/tpm-Separate-TPM_TIS-and-TPM_TIS_ISA-configs-MIME-Ve.patch b/tpm-Separate-TPM_TIS-and-TPM_TIS_ISA-configs-MIME-Ve.patch new file mode 100644 index 0000000000000000000000000000000000000000..aac3f475c06fb49e4c2f88d0990044843d6fecf8 --- /dev/null +++ b/tpm-Separate-TPM_TIS-and-TPM_TIS_ISA-configs-MIME-Ve.patch @@ -0,0 +1,107 @@ +From a2fbd9bf99f42bbc0fda3ddb75a69618d95822b9 Mon Sep 17 00:00:00 2001 +From: jiangfangjie +Date: Tue, 11 Aug 2020 12:42:31 +0800 +Subject: [PATCH] tpm: Separate TPM_TIS and TPM_TIS_ISA configs MIME-Version: + 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Let's separate the compilation of tpm_tis_common.c from +the compilation of tpm_tis_isa.c + +The common part will be also compiled along with the +tpm_tis_sysbus device. + +Signed-off-by: Eric Auger +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Ard Biesheuvel +Acked-by: Ard Biesheuvel +Message-id: 20200305165149.618-5-eric.auger@redhat.com +Signed-off-by: Stefan Berger +Signed-off-by: jiangfangjie +--- + default-configs/i386-softmmu.mak | 2 +- + hw/i386/Kconfig | 2 +- + hw/tpm/Kconfig | 7 ++++++- + hw/tpm/Makefile.objs | 3 ++- + tests/Makefile.include | 4 ++-- + 5 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak +index cd5ea391e8..bdeef670aa 100644 +--- a/default-configs/i386-softmmu.mak ++++ b/default-configs/i386-softmmu.mak +@@ -17,7 +17,7 @@ + #CONFIG_SGA=n + #CONFIG_TEST_DEVICES=n + #CONFIG_TPM_CRB=n +-#CONFIG_TPM_TIS=n ++#CONFIG_TPM_TIS_ISA=n + #CONFIG_VTD=n + + # Boards: +diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig +index 6350438036..603345048b 100644 +--- a/hw/i386/Kconfig ++++ b/hw/i386/Kconfig +@@ -17,7 +17,7 @@ config PC + imply SGA + imply TEST_DEVICES + imply TPM_CRB +- imply TPM_TIS ++ imply TPM_TIS_ISA + imply VGA_PCI + imply VIRTIO_VGA + select FDC +diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig +index 9e67d990e8..686f8206bb 100644 +--- a/hw/tpm/Kconfig ++++ b/hw/tpm/Kconfig +@@ -2,9 +2,14 @@ config TPMDEV + bool + depends on TPM + +-config TPM_TIS ++config TPM_TIS_ISA + bool + depends on TPM && ISA_BUS ++ select TPM_TIS ++ ++config TPM_TIS ++ bool ++ depends on TPM + select TPMDEV + + config TPM_CRB +diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs +index fcc4c2f27c..3ef2036cca 100644 +--- a/hw/tpm/Makefile.objs ++++ b/hw/tpm/Makefile.objs +@@ -1,6 +1,7 @@ + common-obj-$(CONFIG_TPM) += tpm_util.o + obj-$(call lor,$(CONFIG_TPM_TIS),$(CONFIG_TPM_CRB)) += tpm_ppi.o +-common-obj-$(CONFIG_TPM_TIS) += tpm_tis_isa.o tpm_tis_common.o ++common-obj-$(CONFIG_TPM_TIS_ISA) += tpm_tis_isa.o ++common-obj-$(CONFIG_TPM_TIS) += tpm_tis_common.o + common-obj-$(CONFIG_TPM_CRB) += tpm_crb.o + common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o + common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o +diff --git a/tests/Makefile.include b/tests/Makefile.include +index d8cf00c129..b9da8d3a9e 100644 +--- a/tests/Makefile.include ++++ b/tests/Makefile.include +@@ -191,8 +191,8 @@ check-qtest-i386-y += tests/q35-test$(EXESUF) + check-qtest-i386-y += tests/vmgenid-test$(EXESUF) + check-qtest-i386-$(CONFIG_TPM_CRB) += tests/tpm-crb-swtpm-test$(EXESUF) + check-qtest-i386-$(CONFIG_TPM_CRB) += tests/tpm-crb-test$(EXESUF) +-check-qtest-i386-$(CONFIG_TPM_TIS) += tests/tpm-tis-swtpm-test$(EXESUF) +-check-qtest-i386-$(CONFIG_TPM_TIS) += tests/tpm-tis-test$(EXESUF) ++check-qtest-i386-$(CONFIG_TPM_TIS_ISA) += tests/tpm-tis-swtpm-test$(EXESUF) ++check-qtest-i386-$(CONFIG_TPM_TIS_ISA) += tests/tpm-tis-test$(EXESUF) + check-qtest-i386-$(CONFIG_SLIRP) += tests/test-netfilter$(EXESUF) + check-qtest-i386-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF) + check-qtest-i386-$(CONFIG_RTL8139_PCI) += tests/test-filter-redirector$(EXESUF) +-- +2.23.0 + diff --git a/tpm-Separate-tpm_tis-common-functions-from-isa-code.patch b/tpm-Separate-tpm_tis-common-functions-from-isa-code.patch index 32f180c98d784b1478268a768b4caed6c8a3fa23..217eab6f35840cfdfd46c6086f4e95fbf43de09a 100644 --- a/tpm-Separate-tpm_tis-common-functions-from-isa-code.patch +++ b/tpm-Separate-tpm_tis-common-functions-from-isa-code.patch @@ -1,7 +1,7 @@ -From 425f6bc8392c71d2f29b572d19232785d0ab0b73 Mon Sep 17 00:00:00 2001 +From 3e2fc5275d24c15be11bb66f5d4f70919bdd6279 Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Tue, 11 Aug 2020 02:55:35 +0000 -Subject: [PATCH 12/19] tpm: Separate tpm_tis common functions from isa code +Subject: [PATCH] tpm: Separate tpm_tis common functions from isa code Move the device agnostic code into tpm_tis_common.c and put the ISA device specific code into tpm_tis_isa.c @@ -26,7 +26,7 @@ Signed-off-by: jiangfangjie create mode 100644 hw/tpm/tpm_tis_isa.c diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs -index 85eb99ae..fcc4c2f2 100644 +index 85eb99ae05..fcc4c2f27c 100644 --- a/hw/tpm/Makefile.objs +++ b/hw/tpm/Makefile.objs @@ -1,6 +1,6 @@ @@ -43,7 +43,7 @@ rename from hw/tpm/tpm_tis.c rename to hw/tpm/tpm_tis.c.orig diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h new file mode 100644 -index 00000000..55549893 +index 0000000000..5554989395 --- /dev/null +++ b/hw/tpm/tpm_tis.h @@ -0,0 +1,91 @@ @@ -140,7 +140,7 @@ index 00000000..55549893 +#endif /* TPM_TPM_TIS_H */ diff --git a/hw/tpm/tpm_tis_common.c b/hw/tpm/tpm_tis_common.c new file mode 100644 -index 00000000..9a51c71e +index 0000000000..9a51c71e21 --- /dev/null +++ b/hw/tpm/tpm_tis_common.c @@ -0,0 +1,869 @@ @@ -1015,7 +1015,7 @@ index 00000000..9a51c71e + diff --git a/hw/tpm/tpm_tis_isa.c b/hw/tpm/tpm_tis_isa.c new file mode 100644 -index 00000000..45e25c02 +index 0000000000..45e25c0243 --- /dev/null +++ b/hw/tpm/tpm_tis_isa.c @@ -0,0 +1,170 @@ diff --git a/tpm-Use-TPMState-as-a-common-struct.patch b/tpm-Use-TPMState-as-a-common-struct.patch index 61a1dd037bb2356cb7307d53f82732af404ed4e2..162f2899ab075ea8c18e36e83f1d8541cedda12f 100644 --- a/tpm-Use-TPMState-as-a-common-struct.patch +++ b/tpm-Use-TPMState-as-a-common-struct.patch @@ -1,7 +1,7 @@ -From c57e57c86f9d3c13b33746436bc1f09db88d4d42 Mon Sep 17 00:00:00 2001 +From 2fb80d7d422d73288cd2ce6df62a86c45d670f3d Mon Sep 17 00:00:00 2001 From: jiangfangjie Date: Tue, 11 Aug 2020 02:52:12 +0000 -Subject: [PATCH 11/19] tpm: Use TPMState as a common struct +Subject: [PATCH] tpm: Use TPMState as a common struct As we plan to introduce a SysBus TPM TIS device, let's make the TPMState a common struct usable by both the @@ -28,7 +28,7 @@ Signed-off-by: jiangfangjie 1 file changed, 92 insertions(+), 55 deletions(-) diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c -index 49d44652..735a528f 100644 +index 49d44652e4..735a528f1f 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -62,7 +62,6 @@ typedef struct TPMLocality { diff --git a/tpm-ppi-page-align-PPI-RAM.patch b/tpm-ppi-page-align-PPI-RAM.patch index d7ba2c876605392e79d887b89a4a274cb51660d4..400da6ba68061aa459fa6f6d781a622d6276863a 100644 --- a/tpm-ppi-page-align-PPI-RAM.patch +++ b/tpm-ppi-page-align-PPI-RAM.patch @@ -1,7 +1,7 @@ -From 26b54c545f253049faa633ff886132602ff47241 Mon Sep 17 00:00:00 2001 +From 75f88678f84d067a318e5cfe0f502e27644fe970 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Fri, 3 Jan 2020 11:39:59 +0400 -Subject: [PATCH 02/19] tpm-ppi: page-align PPI RAM +Subject: [PATCH] tpm-ppi: page-align PPI RAM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -25,7 +25,7 @@ Signed-off-by: jiangfangjie 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c -index cd8205f2..6509ffd4 100644 +index cd8205f212..6509ffd497 100644 --- a/hw/tpm/tpm_ppi.c +++ b/hw/tpm/tpm_ppi.c @@ -44,7 +44,8 @@ void tpm_ppi_reset(TPMPPI *tpmppi) diff --git a/tpm-rename-TPM_TIS-into-TPM_TIS_ISA.patch b/tpm-rename-TPM_TIS-into-TPM_TIS_ISA.patch index ea6e1d28a10cb6d29ba1c1c76245ef6749825ba2..ad7032c93686c1eaea3fb533176c5682e8865f22 100644 --- a/tpm-rename-TPM_TIS-into-TPM_TIS_ISA.patch +++ b/tpm-rename-TPM_TIS-into-TPM_TIS_ISA.patch @@ -1,7 +1,7 @@ -From 7974f8ffd75171be106a1ce2705878abbb6c4477 Mon Sep 17 00:00:00 2001 +From 6dd25cca363bedcd0538015bbd84ffb3225140fc Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Thu, 5 Mar 2020 17:51:40 +0100 -Subject: [PATCH 10/19] tpm: rename TPM_TIS into TPM_TIS_ISA +Subject: [PATCH] tpm: rename TPM_TIS into TPM_TIS_ISA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -24,7 +24,7 @@ Signed-off-by: jiangfangjie 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c -index c97731ec..093f7d93 100644 +index c97731ecb3..093f7d9368 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -2007,7 +2007,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, @@ -55,7 +55,7 @@ index c97731ec..093f7d93 100644 tpm2_ptr->start_method = cpu_to_le32(TPM2_START_METHOD_MMIO); } else if (TPM_IS_CRB(tpm_find())) { diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c -index 96a9ac48..49d44652 100644 +index 96a9ac4866..49d44652e4 100644 --- a/hw/tpm/tpm_tis.c +++ b/hw/tpm/tpm_tis.c @@ -88,7 +88,7 @@ typedef struct TPMState { @@ -77,7 +77,7 @@ index 96a9ac48..49d44652 100644 .instance_size = sizeof(TPMState), .instance_init = tpm_tis_initfn, diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h -index 15979a36..1691b92c 100644 +index 15979a3647..1691b92c28 100644 --- a/include/sysemu/tpm.h +++ b/include/sysemu/tpm.h @@ -43,12 +43,12 @@ typedef struct TPMIfClass { diff --git a/tpm_spapr-Support-TPM-for-ppc64-using-CRQ-based-inte.patch b/tpm_spapr-Support-TPM-for-ppc64-using-CRQ-based-inte.patch index ffc0b62ed7ef655056cfd1280282b768f22ad501..baca097b9b976202c94272702645355ea0775f47 100644 --- a/tpm_spapr-Support-TPM-for-ppc64-using-CRQ-based-inte.patch +++ b/tpm_spapr-Support-TPM-for-ppc64-using-CRQ-based-inte.patch @@ -1,8 +1,7 @@ -From 14402a8ca57fb722eb324d141fafb41ef06f4c2b Mon Sep 17 00:00:00 2001 +From c2d49e50832fa273f076dc81ebf7666aedba0e0e Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 21 Jan 2020 10:29:32 -0500 -Subject: [PATCH 06/19] tpm_spapr: Support TPM for ppc64 using CRQ based - interface +Subject: [PATCH] tpm_spapr: Support TPM for ppc64 using CRQ based interface Implement support for TPM on ppc64 by implementing the vTPM CRQ interface as a frontend. It can use the tpm_emulator driver backend with the external @@ -29,7 +28,7 @@ Signed-off-by: jiangfangjie create mode 100644 hw/tpm/tpm_spapr.c diff --git a/docs/specs/tpm.txt b/docs/specs/tpm.txt -index 9c8cca04..9c3e67d8 100644 +index 9c8cca042d..9c3e67d8a7 100644 --- a/docs/specs/tpm.txt +++ b/docs/specs/tpm.txt @@ -34,6 +34,12 @@ The CRB interface makes a memory mapped IO region in the area 0xfed40000 - @@ -74,7 +73,7 @@ index 9c8cca04..9c3e67d8 100644 In case SeaBIOS is used as firmware, it should show the TPM menu item after entering the menu with 'ESC'. diff --git a/hw/tpm/Kconfig b/hw/tpm/Kconfig -index 4c8ee87d..4d4ab085 100644 +index 4c8ee87d67..4d4ab0855c 100644 --- a/hw/tpm/Kconfig +++ b/hw/tpm/Kconfig @@ -22,3 +22,9 @@ config TPM_EMULATOR @@ -88,7 +87,7 @@ index 4c8ee87d..4d4ab085 100644 + depends on TPM && PSERIES + select TPMDEV diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs -index de0b85d0..85eb99ae 100644 +index de0b85d02a..85eb99ae05 100644 --- a/hw/tpm/Makefile.objs +++ b/hw/tpm/Makefile.objs @@ -4,3 +4,4 @@ common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o @@ -98,7 +97,7 @@ index de0b85d0..85eb99ae 100644 +obj-$(CONFIG_TPM_SPAPR) += tpm_spapr.o diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c new file mode 100644 -index 00000000..1db9696a +index 0000000000..1db9696ae0 --- /dev/null +++ b/hw/tpm/tpm_spapr.c @@ -0,0 +1,379 @@ @@ -482,7 +481,7 @@ index 00000000..1db9696a + +type_init(tpm_spapr_register_types) diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events -index 82c45ee5..edbe1bd7 100644 +index 82c45ee542..edbe1bd7c7 100644 --- a/hw/tpm/trace-events +++ b/hw/tpm/trace-events @@ -55,3 +55,15 @@ tpm_tis_pre_save(uint8_t locty, uint32_t rw_offset) "locty: %d, rw_offset = %u" @@ -502,7 +501,7 @@ index 82c45ee5..edbe1bd7 100644 +tpm_spapr_do_crq_unknown_msg_type(uint8_t type) "Unknown message type 0x%02x" +tpm_spapr_do_crq_unknown_crq(uint8_t raw1, uint8_t raw2) "unknown CRQ 0x%02x 0x%02x ..." diff --git a/include/sysemu/tpm.h b/include/sysemu/tpm.h -index 5b541a71..15979a36 100644 +index 5b541a71c8..15979a3647 100644 --- a/include/sysemu/tpm.h +++ b/include/sysemu/tpm.h @@ -45,11 +45,14 @@ typedef struct TPMIfClass { @@ -521,7 +520,7 @@ index 5b541a71..15979a36 100644 /* returns NULL unless there is exactly one TPM device */ static inline TPMIf *tpm_find(void) diff --git a/qapi/tpm.json b/qapi/tpm.json -index b30323bb..63878aa0 100644 +index b30323bb6b..63878aa0f4 100644 --- a/qapi/tpm.json +++ b/qapi/tpm.json @@ -12,11 +12,11 @@ diff --git a/tpm_spapr-Support-suspend-and-resume.patch b/tpm_spapr-Support-suspend-and-resume.patch index 55ed521a261fe5c058d9f6b95334c0884cdfd7ea..c9ed7953c6cca75cf5b17304624b3966989ba139 100644 --- a/tpm_spapr-Support-suspend-and-resume.patch +++ b/tpm_spapr-Support-suspend-and-resume.patch @@ -1,7 +1,7 @@ -From 2948d9712a7058bcdca6732101874beb1a6e00a9 Mon Sep 17 00:00:00 2001 +From 6c729ce6460fd86d789b234827b05acc5c9cc117 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Tue, 21 Jan 2020 10:29:33 -0500 -Subject: [PATCH 07/19] tpm_spapr: Support suspend and resume +Subject: [PATCH] tpm_spapr: Support suspend and resume MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -19,7 +19,7 @@ Signed-off-by: jiangfangjie 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/hw/tpm/tpm_spapr.c b/hw/tpm/tpm_spapr.c -index 1db9696a..8ba561f4 100644 +index 1db9696ae0..8ba561f41c 100644 --- a/hw/tpm/tpm_spapr.c +++ b/hw/tpm/tpm_spapr.c @@ -76,6 +76,8 @@ typedef struct { @@ -105,7 +105,7 @@ index 1db9696a..8ba561f4 100644 static Property tpm_spapr_properties[] = { diff --git a/hw/tpm/trace-events b/hw/tpm/trace-events -index edbe1bd7..b97eea24 100644 +index edbe1bd7c7..b97eea242f 100644 --- a/hw/tpm/trace-events +++ b/hw/tpm/trace-events @@ -67,3 +67,5 @@ tpm_spapr_do_crq_get_version(uint32_t version) "response: version %u" diff --git a/usbredir-fix-buffer-overflow-on-vmload.patch b/usbredir-fix-buffer-overflow-on-vmload.patch index 4a43c35cad37bcece9822ddf61033c18dd7edfc4..75e8b81cbc786c6e409b87b5eaa6f5bc85162532 100644 --- a/usbredir-fix-buffer-overflow-on-vmload.patch +++ b/usbredir-fix-buffer-overflow-on-vmload.patch @@ -1,54 +1,54 @@ -From 66fce891aecec3969d1ba979cf0a9a6df70afecd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Wed, 7 Aug 2019 12:40:48 +0400 -Subject: [PATCH] usbredir: fix buffer-overflow on vmload -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If interface_count is NO_INTERFACE_INFO, let's not access the arrays -out-of-bounds. - -==994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000243930 at pc 0x5642068086a8 bp 0x7f0b6f9ffa50 sp 0x7f0b6f9ffa40 -READ of size 1 at 0x625000243930 thread T0 - #0 0x5642068086a7 in usbredir_check_bulk_receiving /home/elmarco/src/qemu/hw/usb/redirect.c:1503 - #1 0x56420681301c in usbredir_post_load /home/elmarco/src/qemu/hw/usb/redirect.c:2154 - #2 0x5642068a56c2 in vmstate_load_state /home/elmarco/src/qemu/migration/vmstate.c:168 - #3 0x56420688e2ac in vmstate_load /home/elmarco/src/qemu/migration/savevm.c:829 - #4 0x5642068980cb in qemu_loadvm_section_start_full /home/elmarco/src/qemu/migration/savevm.c:2211 - #5 0x564206899645 in qemu_loadvm_state_main /home/elmarco/src/qemu/migration/savevm.c:2395 - #6 0x5642068998cf in qemu_loadvm_state /home/elmarco/src/qemu/migration/savevm.c:2467 - #7 0x56420685f3e9 in process_incoming_migration_co /home/elmarco/src/qemu/migration/migration.c:449 - #8 0x564207106c47 in coroutine_trampoline /home/elmarco/src/qemu/util/coroutine-ucontext.c:115 - #9 0x7f0c0604e37f (/lib64/libc.so.6+0x4d37f) - -Signed-off-by: Marc-André Lureau -Reviewed-by: Liam Merwick -Reviewed-by: Li Qiang -Reviewed-by: Philippe Mathieu-Daudé -Message-id: 20190807084048.4258-1-marcandre.lureau@redhat.com -Signed-off-by: Gerd Hoffmann -Signed-off-by: Zhenyu Ye ---- - hw/usb/redirect.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c -index 998fc6e4..9764a579 100644 ---- a/hw/usb/redirect.c -+++ b/hw/usb/redirect.c -@@ -1495,6 +1495,11 @@ static void usbredir_check_bulk_receiving(USBRedirDevice *dev) - for (i = EP2I(USB_DIR_IN); i < MAX_ENDPOINTS; i++) { - dev->endpoint[i].bulk_receiving_enabled = 0; - } -+ -+ if (dev->interface_info.interface_count == NO_INTERFACE_INFO) { -+ return; -+ } -+ - for (i = 0; i < dev->interface_info.interface_count; i++) { - quirks = usb_get_quirks(dev->device_info.vendor_id, - dev->device_info.product_id, --- -2.22.0.windows.1 - +From c75e5031d9c2734922d26cf7dece9e0be316fae7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Wed, 7 Aug 2019 12:40:48 +0400 +Subject: [PATCH] usbredir: fix buffer-overflow on vmload +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If interface_count is NO_INTERFACE_INFO, let's not access the arrays +out-of-bounds. + +==994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000243930 at pc 0x5642068086a8 bp 0x7f0b6f9ffa50 sp 0x7f0b6f9ffa40 +READ of size 1 at 0x625000243930 thread T0 + #0 0x5642068086a7 in usbredir_check_bulk_receiving /home/elmarco/src/qemu/hw/usb/redirect.c:1503 + #1 0x56420681301c in usbredir_post_load /home/elmarco/src/qemu/hw/usb/redirect.c:2154 + #2 0x5642068a56c2 in vmstate_load_state /home/elmarco/src/qemu/migration/vmstate.c:168 + #3 0x56420688e2ac in vmstate_load /home/elmarco/src/qemu/migration/savevm.c:829 + #4 0x5642068980cb in qemu_loadvm_section_start_full /home/elmarco/src/qemu/migration/savevm.c:2211 + #5 0x564206899645 in qemu_loadvm_state_main /home/elmarco/src/qemu/migration/savevm.c:2395 + #6 0x5642068998cf in qemu_loadvm_state /home/elmarco/src/qemu/migration/savevm.c:2467 + #7 0x56420685f3e9 in process_incoming_migration_co /home/elmarco/src/qemu/migration/migration.c:449 + #8 0x564207106c47 in coroutine_trampoline /home/elmarco/src/qemu/util/coroutine-ucontext.c:115 + #9 0x7f0c0604e37f (/lib64/libc.so.6+0x4d37f) + +Signed-off-by: Marc-André Lureau +Reviewed-by: Liam Merwick +Reviewed-by: Li Qiang +Reviewed-by: Philippe Mathieu-Daudé +Message-id: 20190807084048.4258-1-marcandre.lureau@redhat.com +Signed-off-by: Gerd Hoffmann +Signed-off-by: Zhenyu Ye +--- + hw/usb/redirect.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 998fc6e4b0..9764a57987 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -1495,6 +1495,11 @@ static void usbredir_check_bulk_receiving(USBRedirDevice *dev) + for (i = EP2I(USB_DIR_IN); i < MAX_ENDPOINTS; i++) { + dev->endpoint[i].bulk_receiving_enabled = 0; + } ++ ++ if (dev->interface_info.interface_count == NO_INTERFACE_INFO) { ++ return; ++ } ++ + for (i = 0; i < dev->interface_info.interface_count; i++) { + quirks = usb_get_quirks(dev->device_info.vendor_id, + dev->device_info.product_id, +-- +2.23.0 + diff --git a/vhost-user-blk-convert-to-new-virtio_delete_queue.patch b/vhost-user-blk-convert-to-new-virtio_delete_queue.patch index 3f419966ec034fe4eecd8e6606b6e7dc611517e1..b7c349cb7fce09a3bcc5ef59bdb007c2126084b9 100644 --- a/vhost-user-blk-convert-to-new-virtio_delete_queue.patch +++ b/vhost-user-blk-convert-to-new-virtio_delete_queue.patch @@ -1,7 +1,7 @@ -From 30d20e1258722431198cd2a8298c85b7af2a0c1b Mon Sep 17 00:00:00 2001 +From a2394440d174b9581f9136c4840af50d80c5565f Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Mon, 24 Feb 2020 12:13:36 +0800 -Subject: [PATCH 5/9] vhost-user-blk: convert to new virtio_delete_queue +Subject: [PATCH] vhost-user-blk: convert to new virtio_delete_queue use the new virtio_delete_queue function to cleanup. @@ -17,7 +17,7 @@ Signed-off-by: AlexChen 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index dbc0a2e..146b927 100644 +index dbc0a2e831..146b927519 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -303,7 +303,7 @@ static int vhost_user_blk_connect(DeviceState *dev) @@ -80,7 +80,7 @@ index dbc0a2e..146b927 100644 vhost_user_cleanup(&s->vhost_user); } diff --git a/include/hw/virtio/vhost-user-blk.h b/include/hw/virtio/vhost-user-blk.h -index ad9b742..29375dd 100644 +index ad9b742a64..29375dde9d 100644 --- a/include/hw/virtio/vhost-user-blk.h +++ b/include/hw/virtio/vhost-user-blk.h @@ -37,7 +37,9 @@ typedef struct VHostUserBlk { @@ -95,5 +95,5 @@ index ad9b742..29375dd 100644 } VHostUserBlk; -- -1.8.3.1 +2.23.0 diff --git a/vhost-user-blk-delay-vhost_user_blk_disconnect.patch b/vhost-user-blk-delay-vhost_user_blk_disconnect.patch index 422e2a17b028d83690cc620a57829260c76aab52..07dee19d35b320530f7a83a9dcae67cd3cf3ecd0 100644 --- a/vhost-user-blk-delay-vhost_user_blk_disconnect.patch +++ b/vhost-user-blk-delay-vhost_user_blk_disconnect.patch @@ -1,7 +1,7 @@ -From 632a841b6ba547906b475250f5c2cb46774ab4af Mon Sep 17 00:00:00 2001 +From ddb668e29b56d14141d21c2d8e7780e17559d010 Mon Sep 17 00:00:00 2001 From: Dima Stepanov Date: Thu, 28 May 2020 12:11:19 +0300 -Subject: [PATCH 14/14] vhost-user-blk: delay vhost_user_blk_disconnect +Subject: [PATCH] vhost-user-blk: delay vhost_user_blk_disconnect A socket write during vhost-user communication may trigger a disconnect event, calling vhost_user_blk_disconnect() and clearing all the @@ -30,7 +30,7 @@ Signed-off-by: Peng Liang 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index dc66f8a5febd..6b719d1d80e1 100644 +index dc66f8a5fe..6b719d1d80 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -346,6 +346,19 @@ static void vhost_user_blk_disconnect(DeviceState *dev) @@ -86,5 +86,5 @@ index dc66f8a5febd..6b719d1d80e1 100644 } } -- -2.26.2 +2.23.0 diff --git a/vhost-user-blk-delete-virtioqueues-in-unrealize-to-f.patch b/vhost-user-blk-delete-virtioqueues-in-unrealize-to-f.patch index e57f5b59c972cf4c769d7b87cc2a654b72eb3b64..165ffeb84e75cb0e973b19bdf6b1d4fbe625155e 100644 --- a/vhost-user-blk-delete-virtioqueues-in-unrealize-to-f.patch +++ b/vhost-user-blk-delete-virtioqueues-in-unrealize-to-f.patch @@ -1,7 +1,7 @@ -From d8febdc4940d719dba77a17a10a8d36ad08305ab Mon Sep 17 00:00:00 2001 +From b7a6e2de491a3ba9505e46bff764e73565be3c52 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Mon, 24 Feb 2020 12:13:35 +0800 -Subject: [PATCH 4/9] vhost-user-blk: delete virtioqueues in unrealize to fix +Subject: [PATCH] vhost-user-blk: delete virtioqueues in unrealize to fix memleaks virtio queues forgot to delete in unrealize, and aslo error path in @@ -32,7 +32,7 @@ Signed-off-by: AlexChen 1 file changed, 8 insertions(+) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index 6b719d1..dbc0a2e 100644 +index 6b719d1d80..dbc0a2e831 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -469,6 +469,9 @@ reconnect: @@ -65,5 +65,5 @@ index 6b719d1..dbc0a2e 100644 vhost_user_cleanup(&s->vhost_user); } -- -1.8.3.1 +2.23.0 diff --git a/virtio-add-ability-to-delete-vq-through-a-pointer.patch b/virtio-add-ability-to-delete-vq-through-a-pointer.patch index e0989895e40fe4e0d3816966a24075d74b8797a0..011b15aba7e567ec03795a6490f9d0eeb19002de 100644 --- a/virtio-add-ability-to-delete-vq-through-a-pointer.patch +++ b/virtio-add-ability-to-delete-vq-through-a-pointer.patch @@ -1,7 +1,7 @@ -From 98ae454efe48b2a465dfe9bc3c412b6375f1fbfc Mon Sep 17 00:00:00 2001 +From 83687016f619025720ff8c7f04ab4729f1d58c4f Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 9 Dec 2019 11:46:13 -0500 -Subject: [PATCH 1/9] virtio: add ability to delete vq through a pointer +Subject: [PATCH] virtio: add ability to delete vq through a pointer Devices tend to maintain vq pointers, allow deleting them trough a vq pointer. @@ -14,7 +14,7 @@ Signed-off-by: AlexChen 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 79c2dcf..3d027d3 100644 +index 79c2dcf54a..3d027d3c2c 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -1636,16 +1636,21 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, @@ -44,7 +44,7 @@ index 79c2dcf..3d027d3 100644 static void virtio_set_isr(VirtIODevice *vdev, int value) diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h -index f9f6237..ca2fbae 100644 +index f9f62370e9..ca2fbaeb35 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -187,6 +187,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, @@ -57,5 +57,5 @@ index f9f6237..ca2fbae 100644 unsigned int len); void virtqueue_flush(VirtQueue *vq, unsigned int count); -- -1.8.3.1 +2.23.0 diff --git a/virtio-blk-delete-vqs-on-the-error-path-in-realize.patch b/virtio-blk-delete-vqs-on-the-error-path-in-realize.patch index 205f663470d3aa594910bd19e2be8547d226e1a8..c7784f9bf05556d037a77ef804c589804ff08e4f 100644 --- a/virtio-blk-delete-vqs-on-the-error-path-in-realize.patch +++ b/virtio-blk-delete-vqs-on-the-error-path-in-realize.patch @@ -1,7 +1,7 @@ -From ec8a25fec9898f46a6a94aa4f328fe02948b3d59 Mon Sep 17 00:00:00 2001 +From 4c0d6f2155407a5c198687f369f837698395a471 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Sat, 28 Mar 2020 08:57:04 +0800 -Subject: [PATCH 12/14] virtio-blk: delete vqs on the error path in realize() +Subject: [PATCH] virtio-blk: delete vqs on the error path in realize() virtio_vqs forgot to free on the error path in realize(). Fix that. @@ -27,7 +27,7 @@ Signed-off-by: Peng Liang 1 file changed, 3 insertions(+) diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c -index cbb3729158fe..703ed4c93bff 100644 +index cbb3729158..703ed4c93b 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -1173,6 +1173,9 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp) @@ -41,5 +41,5 @@ index cbb3729158fe..703ed4c93bff 100644 return; } -- -2.26.2 +2.23.0 diff --git a/virtio-crypto-do-delete-ctrl_vq-in-virtio_crypto_dev.patch b/virtio-crypto-do-delete-ctrl_vq-in-virtio_crypto_dev.patch index aab3e86663021d2576763fff2a4f9c5985a2fb32..836fced5589b84f4087499e3d9c93b21b0287259 100644 --- a/virtio-crypto-do-delete-ctrl_vq-in-virtio_crypto_dev.patch +++ b/virtio-crypto-do-delete-ctrl_vq-in-virtio_crypto_dev.patch @@ -1,7 +1,7 @@ -From 62ded4fc6b38e2642ea4d95a93d70d0f608bee65 Mon Sep 17 00:00:00 2001 +From 200b3ff2afd6f4ebe9413d3ac257a1c6ed2d4d67 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Tue, 25 Feb 2020 15:55:54 +0800 -Subject: [PATCH 3/9] virtio-crypto: do delete ctrl_vq in +Subject: [PATCH] virtio-crypto: do delete ctrl_vq in virtio_crypto_device_unrealize Similar to other virtio-deivces, ctrl_vq forgot to delete in virtio_crypto_device_unrealize, this patch fix it. @@ -32,7 +32,7 @@ Signed-off-by: AlexChen 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c -index 45187d3..0076b4b 100644 +index 45187d3344..0076b4bcf9 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -830,12 +830,13 @@ static void virtio_crypto_device_unrealize(DeviceState *dev, Error **errp) @@ -51,5 +51,5 @@ index 45187d3..0076b4b 100644 virtio_cleanup(vdev); cryptodev_backend_set_used(vcrypto->cryptodev, false); -- -1.8.3.1 +2.23.0 diff --git a/virtio-gracefully-handle-invalid-region-caches.patch b/virtio-gracefully-handle-invalid-region-caches.patch index 2793f21b0d988625b4f53624c471c403937fcedc..c1b3fb511643b0be4defcbfeaffbab6ca4efa713 100644 --- a/virtio-gracefully-handle-invalid-region-caches.patch +++ b/virtio-gracefully-handle-invalid-region-caches.patch @@ -1,7 +1,7 @@ -From 63a3c25baa9c7372b80df80be4447552af6d6ba0 Mon Sep 17 00:00:00 2001 +From fa46f706bed6c4ff8097f71209f1fcd87a74cf5f Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 7 Feb 2020 10:46:19 +0000 -Subject: [PATCH 7/9] virtio: gracefully handle invalid region caches +Subject: [PATCH] virtio: gracefully handle invalid region caches The virtqueue code sets up MemoryRegionCaches to access the virtqueue guest RAM data structures. The code currently assumes that @@ -75,11 +75,11 @@ Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Signed-off-by: AlexChen --- - hw/virtio/virtio.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++------ + hw/virtio/virtio.c | 66 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 59 insertions(+), 7 deletions(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c -index 3d027d3..90971f4 100644 +index 3d027d3c2c..90971f4afa 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -221,15 +221,19 @@ static void vring_desc_read(VirtIODevice *vdev, VRingDesc *desc, @@ -234,5 +234,5 @@ index 3d027d3..90971f4 100644 virtio_error(vdev, "Cannot map descriptor ring"); goto done; -- -1.8.3.1 +2.23.0 diff --git a/virtio-input-fix-memory-leak-on-unrealize.patch b/virtio-input-fix-memory-leak-on-unrealize.patch index df83453f04525eb4b9fa29ba3d03dc6fa8b31fc5..f84c43f2ef954c0e53f310ed2766634186b9a4be 100644 --- a/virtio-input-fix-memory-leak-on-unrealize.patch +++ b/virtio-input-fix-memory-leak-on-unrealize.patch @@ -1,7 +1,7 @@ -From e29f08036ff11bf220463b4327b315505e760a44 Mon Sep 17 00:00:00 2001 +From 41705a0455703ff65c2797b46d12482082f88df9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 21 Nov 2019 13:56:49 +0400 -Subject: [PATCH 9/9] virtio-input: fix memory leak on unrealize +Subject: [PATCH] virtio-input: fix memory leak on unrealize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -20,7 +20,7 @@ Signed-off-by: AlexChen 1 file changed, 3 insertions(+) diff --git a/hw/input/virtio-input.c b/hw/input/virtio-input.c -index 9946394..401c1de 100644 +index 9946394cf4..401c1de908 100644 --- a/hw/input/virtio-input.c +++ b/hw/input/virtio-input.c @@ -275,6 +275,7 @@ static void virtio_input_finalize(Object *obj) @@ -41,5 +41,5 @@ index 9946394..401c1de 100644 } -- -1.8.3.1 +2.23.0 diff --git a/virtio-pci-fix-queue_enable-write.patch b/virtio-pci-fix-queue_enable-write.patch index 481b41bbf11f4ebb94ae8fd746b13ad4ac41555d..9f6e97fda7b9e68e2fb95c9588ce0a05aa0febcc 100644 --- a/virtio-pci-fix-queue_enable-write.patch +++ b/virtio-pci-fix-queue_enable-write.patch @@ -1,7 +1,7 @@ -From aebd6a1512e03ba51f6824fcdbaa09f67e9ff5e2 Mon Sep 17 00:00:00 2001 +From 8c4a0d6cd833b78c743b035583f1622b311d1fdf Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Wed, 10 Jun 2020 13:43:51 +0800 -Subject: [PATCH 11/11] virtio-pci: fix queue_enable write +Subject: [PATCH] virtio-pci: fix queue_enable write Spec said: The driver uses this to selectively prevent the device from executing requests from this virtqueue. 1 - enabled; 0 - disabled. @@ -25,7 +25,7 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c -index b4b0ed26..4b8845a6 100644 +index b4b0ed26ee..4b8845a6e6 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1259,16 +1259,20 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr, @@ -54,5 +54,5 @@ index b4b0ed26..4b8845a6 100644 case VIRTIO_PCI_COMMON_Q_DESCLO: proxy->vqs[vdev->queue_sel].desc[0] = val; -- -2.27.0.dirty +2.23.0 diff --git a/virtio-pmem-do-delete-rq_vq-in-virtio_pmem_unrealize.patch b/virtio-pmem-do-delete-rq_vq-in-virtio_pmem_unrealize.patch index d8ed58faa8f5c6517d131ced73209bc41122158e..fd0d3b67f7d993c1b7aba6563230a6938ae6c5db 100644 --- a/virtio-pmem-do-delete-rq_vq-in-virtio_pmem_unrealize.patch +++ b/virtio-pmem-do-delete-rq_vq-in-virtio_pmem_unrealize.patch @@ -1,7 +1,7 @@ -From 637606d18c7208e21d8ab4f318cccde64ae58c76 Mon Sep 17 00:00:00 2001 +From 844ada18df47abb8b4d159467b7187d8d048c738 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Tue, 25 Feb 2020 15:55:53 +0800 -Subject: [PATCH 2/9] virtio-pmem: do delete rq_vq in virtio_pmem_unrealize +Subject: [PATCH] virtio-pmem: do delete rq_vq in virtio_pmem_unrealize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -23,7 +23,7 @@ Signed-off-by: AlexChen 1 file changed, 1 insertion(+) diff --git a/hw/virtio/virtio-pmem.c b/hw/virtio/virtio-pmem.c -index 17c196d..c680b0a 100644 +index 17c196d107..c680b0a755 100644 --- a/hw/virtio/virtio-pmem.c +++ b/hw/virtio/virtio-pmem.c @@ -127,6 +127,7 @@ static void virtio_pmem_unrealize(DeviceState *dev, Error **errp) @@ -35,5 +35,5 @@ index 17c196d..c680b0a 100644 } -- -1.8.3.1 +2.23.0 diff --git a/virtio-serial-bus-Plug-memory-leak-on-realize-error-.patch b/virtio-serial-bus-Plug-memory-leak-on-realize-error-.patch index 02069901b096cd09b0f30dbef9d55e3fe6dc920d..f529fae44f5b0b36f69237b35c2b74493a656a31 100644 --- a/virtio-serial-bus-Plug-memory-leak-on-realize-error-.patch +++ b/virtio-serial-bus-Plug-memory-leak-on-realize-error-.patch @@ -1,8 +1,7 @@ -From 0d93f5455489274201b1054d987b12f8e8a6206e Mon Sep 17 00:00:00 2001 +From b2a308da0d6c51cf8cea0b81c811881508b4c7d3 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Mon, 9 Mar 2020 10:17:38 +0800 -Subject: [PATCH 11/14] virtio-serial-bus: Plug memory leak on realize() error - paths +Subject: [PATCH] virtio-serial-bus: Plug memory leak on realize() error paths We neglect to free port->bh on the error paths. Fix that. Reproducer: @@ -41,7 +40,7 @@ Signed-off-by: Peng Liang 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c -index f7a54f261b21..2d23dae6d2b7 100644 +index f7a54f261b..2d23dae6d2 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -940,7 +940,6 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) @@ -61,5 +60,5 @@ index f7a54f261b21..2d23dae6d2b7 100644 } -- -2.26.2 +2.23.0 diff --git a/xhci-fix-valid.max_access_size-to-access-address-reg.patch b/xhci-fix-valid.max_access_size-to-access-address-reg.patch index 466cbf2667efaf26cc65c160c8223659abb0c288..588d22e819ea127dc5cb7e3a3fa46fc344b73eab 100644 --- a/xhci-fix-valid.max_access_size-to-access-address-reg.patch +++ b/xhci-fix-valid.max_access_size-to-access-address-reg.patch @@ -1,8 +1,7 @@ -From a71d1847aa780b3c4062e582ab400a7fea0413b3 Mon Sep 17 00:00:00 2001 +From c62a1918ac4006a4225b57daf8a45dbe78768ea0 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Tue, 21 Jul 2020 10:33:22 +0200 -Subject: [PATCH 01/11] xhci: fix valid.max_access_size to access address - registers +Subject: [PATCH] xhci: fix valid.max_access_size to access address registers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -36,7 +35,7 @@ Signed-off-by: BiaoXiang Ye 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index a21485fe..24565de1 100644 +index a21485fe8a..24565de1d1 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -3171,7 +3171,7 @@ static const MemoryRegionOps xhci_oper_ops = { @@ -58,5 +57,5 @@ index a21485fe..24565de1 100644 }; -- -2.27.0.dirty +2.23.0