From patchwork Fri Feb 7 10:21:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 13964744 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 66160C0219C for ; Fri, 7 Feb 2025 10:21:51 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tgLUX-000800-9X; Fri, 07 Feb 2025 05:21:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUV-0007ym-HK; Fri, 07 Feb 2025 05:21:43 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUS-0006J4-5s; Fri, 07 Feb 2025 05:21:42 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 981ACE7379; Fri, 07 Feb 2025 13:20:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 131E71B0A6B; Fri, 7 Feb 2025 13:21:38 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 0D0FD52D87; Fri, 07 Feb 2025 13:21:38 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Michael Tokarev Subject: [Stable-8.2.9 46/51] target/arm: arm_reset_sve_state() should set FPSR, not FPCR Date: Fri, 7 Feb 2025 13:21:27 +0300 Message-Id: <20250207102136.2239826-1-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Peter Maydell The pseudocode ResetSVEState() does: FPSR = ZeroExtend(0x0800009f<31:0>, 64); but QEMU's arm_reset_sve_state() called vfp_set_fpcr() by accident. Before the advent of FEAT_AFP, this was only setting a collection of RES0 bits, which vfp_set_fpsr() would then ignore, so the only effect was that we didn't actually set the FPSR the way we are supposed to do. Once FEAT_AFP is implemented, setting the bottom bits of FPSR will change the floating point behaviour. Call vfp_set_fpsr(), as we ought to. (Note for stable backports: commit 7f2a01e7368f9 moved this function from sme_helper.c to helper.c, but it had the same bug before the move too.) Cc: qemu-stable@nongnu.org Fixes: f84734b87461 ("target/arm: Implement SMSTART, SMSTOP") Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20250124162836.2332150-4-peter.maydell@linaro.org (cherry picked from commit 1edc3d43f20df0d04f8d00b906ba19fed37512a5) Signed-off-by: Michael Tokarev diff --git a/target/arm/helper.c b/target/arm/helper.c index 9ff266a235..7bef2c6675 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6960,7 +6960,7 @@ static void arm_reset_sve_state(CPUARMState *env) memset(env->vfp.zregs, 0, sizeof(env->vfp.zregs)); /* Recall that FFR is stored as pregs[16]. */ memset(env->vfp.pregs, 0, sizeof(env->vfp.pregs)); - vfp_set_fpcr(env, 0x0800009f); + vfp_set_fpsr(env, 0x0800009f); } void aarch64_set_svcr(CPUARMState *env, uint64_t new, uint64_t mask) From patchwork Fri Feb 7 10:21:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 13964745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5E646C02196 for ; Fri, 7 Feb 2025 10:21:53 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tgLUZ-000843-E7; Fri, 07 Feb 2025 05:21:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUX-00082T-VD; Fri, 07 Feb 2025 05:21:45 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUU-0006JZ-BD; Fri, 07 Feb 2025 05:21:45 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 9F2C7E737A; Fri, 07 Feb 2025 13:20:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 1A6F81B0A6C; Fri, 7 Feb 2025 13:21:38 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 1030C52D89; Fri, 07 Feb 2025 13:21:38 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Hongren Zheng , Juan Jose Lopez Jaimez , Peter Maydell , Michael Tokarev Subject: [Stable-8.2.9 47/51] hw/usb/canokey: Fix buffer overflow for OUT packet Date: Fri, 7 Feb 2025 13:21:28 +0300 Message-Id: <20250207102136.2239826-2-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Hongren Zheng When USBPacket in OUT direction has larger payload than the ep_out_buffer (of size 512), a buffer overflow would occur. It could be fixed by limiting the size of usb_packet_copy to be at most buffer size. Further optimization gets rid of the ep_out_buffer and directly uses ep_out as the target buffer. This is reported by a security researcher who artificially constructed an OUT packet of size 2047. The report has gone through the QEMU security process, and as this device is for testing purpose and no deployment of it in virtualization environment is observed, it is triaged not to be a security bug. Cc: qemu-stable@nongnu.org Fixes: d7d34918551dc48 ("hw/usb: Add CanoKey Implementation") Reported-by: Juan Jose Lopez Jaimez Signed-off-by: Hongren Zheng Message-id: Z4TfMOrZz6IQYl_h@Sun Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit 664280abddcb3cacc9c6204706bb739fcc1316f7) Signed-off-by: Michael Tokarev diff --git a/hw/usb/canokey.c b/hw/usb/canokey.c index b306eeb20e..9af9d4da6e 100644 --- a/hw/usb/canokey.c +++ b/hw/usb/canokey.c @@ -197,8 +197,8 @@ static void canokey_handle_data(USBDevice *dev, USBPacket *p) switch (p->pid) { case USB_TOKEN_OUT: trace_canokey_handle_data_out(ep_out, p->iov.size); - usb_packet_copy(p, key->ep_out_buffer[ep_out], p->iov.size); out_pos = 0; + /* segment packet into (possibly multiple) ep_out */ while (out_pos != p->iov.size) { /* * key->ep_out[ep_out] set by prepare_receive @@ -207,8 +207,8 @@ static void canokey_handle_data(USBDevice *dev, USBPacket *p) * to be the buffer length */ out_len = MIN(p->iov.size - out_pos, key->ep_out_size[ep_out]); - memcpy(key->ep_out[ep_out], - key->ep_out_buffer[ep_out] + out_pos, out_len); + /* usb_packet_copy would update the pos offset internally */ + usb_packet_copy(p, key->ep_out[ep_out], out_len); out_pos += out_len; /* update ep_out_size to actual len */ key->ep_out_size[ep_out] = out_len; diff --git a/hw/usb/canokey.h b/hw/usb/canokey.h index e528889d33..1b60d73485 100644 --- a/hw/usb/canokey.h +++ b/hw/usb/canokey.h @@ -24,8 +24,6 @@ #define CANOKEY_EP_NUM 3 /* BULK/INTR IN can be up to 1352 bytes, e.g. get key info */ #define CANOKEY_EP_IN_BUFFER_SIZE 2048 -/* BULK OUT can be up to 270 bytes, e.g. PIV import cert */ -#define CANOKEY_EP_OUT_BUFFER_SIZE 512 typedef enum { CANOKEY_EP_IN_WAIT, @@ -59,8 +57,6 @@ typedef struct CanoKeyState { /* OUT pointer to canokey recv buffer */ uint8_t *ep_out[CANOKEY_EP_NUM]; uint32_t ep_out_size[CANOKEY_EP_NUM]; - /* For large BULK OUT, multiple write to ep_out is needed */ - uint8_t ep_out_buffer[CANOKEY_EP_NUM][CANOKEY_EP_OUT_BUFFER_SIZE]; /* Properties */ char *file; /* canokey-file */ From patchwork Fri Feb 7 10:21:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 13964748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D1E56C0219B for ; Fri, 7 Feb 2025 10:22:47 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tgLUb-00085u-MG; Fri, 07 Feb 2025 05:21:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUY-00083N-Rb; Fri, 07 Feb 2025 05:21:46 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUX-0006K3-0F; Fri, 07 Feb 2025 05:21:46 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id A34C7E737B; Fri, 07 Feb 2025 13:20:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 1E9551B0A6D; Fri, 7 Feb 2025 13:21:38 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 12E9652D8B; Fri, 07 Feb 2025 13:21:38 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Steve Sistare , Peter Xu , David Hildenbrand , Fabiano Rosas , Michael Tokarev Subject: [Stable-8.2.9 48/51] physmem: fix qemu_ram_alloc_from_fd size calculation Date: Fri, 7 Feb 2025 13:21:29 +0300 Message-Id: <20250207102136.2239826-3-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Steve Sistare qemu_ram_alloc_from_fd allocates space if file_size == 0. If non-zero, it uses the existing space and verifies it is large enough, but the verification was broken when the offset parameter was introduced. As a result, a file smaller than offset passes the verification and causes errors later. Fix that, and update the error message to include offset. Peter provides this concise reproducer: $ touch ramfile $ truncate -s 64M ramfile $ ./qemu-system-x86_64 -object memory-backend-file,mem-path=./ramfile,offset=128M,size=128M,id=mem1,prealloc=on qemu-system-x86_64: qemu_prealloc_mem: preallocating memory failed: Bad address With the fix, the error message is: qemu-system-x86_64: mem1 backing store size 0x4000000 is too small for 'size' option 0x8000000 plus 'offset' option 0x8000000 Cc: qemu-stable@nongnu.org Fixes: 4b870dc4d0c0 ("hostmem-file: add offset option") Signed-off-by: Steve Sistare Reviewed-by: Peter Xu Acked-by: David Hildenbrand Link: https://lore.kernel.org/r/1736967650-129648-3-git-send-email-steven.sistare@oracle.com Signed-off-by: Fabiano Rosas (cherry picked from commit 719168fba7c3215cc996dcfd32a6e5e9c7b8eee0) Signed-off-by: Michael Tokarev diff --git a/system/physmem.c b/system/physmem.c index e25c12d267..ea1d80f934 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -1901,10 +1901,12 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, size = HOST_PAGE_ALIGN(size); file_size = get_file_size(fd); - if (file_size > offset && file_size < (offset + size)) { - error_setg(errp, "backing store size 0x%" PRIx64 - " does not match 'size' option 0x" RAM_ADDR_FMT, - file_size, size); + if (file_size && file_size < offset + size) { + error_setg(errp, "%s backing store size 0x%" PRIx64 + " is too small for 'size' option 0x" RAM_ADDR_FMT + " plus 'offset' option 0x%" PRIx64, + memory_region_name(mr), file_size, size, + (uint64_t)offset); return NULL; } From patchwork Fri Feb 7 10:21:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 13964749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3E38BC02196 for ; Fri, 7 Feb 2025 10:23:10 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tgLUc-00086e-Sh; Fri, 07 Feb 2025 05:21:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUb-00085W-98; Fri, 07 Feb 2025 05:21:49 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUZ-0006KT-Co; Fri, 07 Feb 2025 05:21:49 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id A8606E737C; Fri, 07 Feb 2025 13:20:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 23A781B0A6E; Fri, 7 Feb 2025 13:21:38 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 1605F52D8D; Fri, 07 Feb 2025 13:21:38 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Ilya Leoshkevich , Berthold Gunreben , Sarah Kriesch , Richard Henderson , David Hildenbrand , Thomas Huth , Michael Tokarev Subject: [Stable-8.2.9 49/51] target/s390x: Fix MVC not always invalidating translation blocks Date: Fri, 7 Feb 2025 13:21:30 +0300 Message-Id: <20250207102136.2239826-4-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Ilya Leoshkevich Node.js crashes in qemu-system-s390x with random SIGSEGVs / SIGILLs. The v8 JIT used by Node.js can garbage collect and overwrite unused code. Overwriting is performed by WritableJitAllocation::CopyCode(), which ultimately calls memcpy(). For certain sizes, memcpy() uses the MVC instruction. QEMU implements MVC and other similar instructions using helpers. While TCG store ops invalidate affected translation blocks automatically, helpers must do this manually by calling probe_access_flags(). The MVC helper does this using the access_prepare() -> access_prepare_nf() -> s390_probe_access() -> probe_access_flags() call chain. At the last step of this chain, the store size is replaced with 0. This causes the probe_access_flags() -> notdirty_write() -> tb_invalidate_phys_range_fast() chain to miss some translation blocks. When this happens, QEMU executes a mix of old and new code. This quickly leads to either a SIGSEGV or a SIGILL in case the old code ends in the middle of a new instruction. Fix by passing the true size. Reported-by: Berthold Gunreben Cc: Sarah Kriesch Cc: qemu-stable@nongnu.org Closes: https://bugzilla.opensuse.org/show_bug.cgi?id=1235709 Signed-off-by: Ilya Leoshkevich Reviewed-by: Richard Henderson Reviewed-by: David Hildenbrand Fixes: e2faabee78ff ("accel/tcg: Forward probe size on to notdirty_write") Message-ID: <20250128001338.11474-1-iii@linux.ibm.com> Signed-off-by: Thomas Huth (cherry picked from commit e43ced8be18dda77c229ab09f85136a4d600d40d) Signed-off-by: Michael Tokarev diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c index 84103251b9..1da47c78e8 100644 --- a/target/s390x/tcg/mem_helper.c +++ b/target/s390x/tcg/mem_helper.c @@ -146,7 +146,7 @@ static inline int s390_probe_access(CPUArchState *env, target_ulong addr, int mmu_idx, bool nonfault, void **phost, uintptr_t ra) { - int flags = probe_access_flags(env, addr, 0, access_type, mmu_idx, + int flags = probe_access_flags(env, addr, size, access_type, mmu_idx, nonfault, phost, ra); if (unlikely(flags & TLB_INVALID_MASK)) { From patchwork Fri Feb 7 10:21:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 13964750 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C9407C0219B for ; Fri, 7 Feb 2025 10:23:22 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tgLUe-00089m-7D; Fri, 07 Feb 2025 05:21:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUc-00086C-0a; Fri, 07 Feb 2025 05:21:50 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUa-0006Kg-7b; Fri, 07 Feb 2025 05:21:49 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id AC522E737D; Fri, 07 Feb 2025 13:20:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 27AA51B0A6F; Fri, 7 Feb 2025 13:21:38 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 18B5C52D8F; Fri, 07 Feb 2025 13:21:38 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Dominik 'Disconnect3d' Czarnota , =?utf-8?q?A?= =?utf-8?q?lex_Benn=C3=A9e?= , Ilya Leoshkevich , Michael Tokarev Subject: [Stable-8.2.9 50/51] gdbstub/user-target: fix gdbserver int format (%d -> %x) Date: Fri, 7 Feb 2025 13:21:31 +0300 Message-Id: <20250207102136.2239826-5-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Dominik 'Disconnect3d' Czarnota This commit fixes an incorrect format string for formatting integers provided to GDB when debugging a target run in QEMU user mode. The correct format is hexadecimal for both success and errno values, some of which can be seen here [0]. [0] https://github.com/bminor/binutils-gdb/blob/e65a355022d0dc6b5707310876a72b5693ec0aa5/gdbserver/hostio.cc#L196-L213 Signed-off-by: Dominik 'Disconnect3d' Czarnota Reviewed-by: Alex Bennée Fixes: e282010b2e1e ("gdbstub: Add support for info proc mappings") Cc: qemu-stable@nongnu.org Reviewed-by: Ilya Leoshkevich Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev (cherry picked from commit 8b647bd352505234cab2acd2422aba183a1aa1fd) Signed-off-by: Michael Tokarev diff --git a/gdbstub/user-target.c b/gdbstub/user-target.c index c4bba4c72c..b760beb0fc 100644 --- a/gdbstub/user-target.c +++ b/gdbstub/user-target.c @@ -316,9 +316,9 @@ void gdb_handle_v_file_open(GArray *params, void *user_ctx) int fd = open(filename, flags, mode); #endif if (fd < 0) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); } else { - g_string_printf(gdbserver_state.str_buf, "F%d", fd); + g_string_printf(gdbserver_state.str_buf, "F%x", fd); } gdb_put_strbuf(); } @@ -328,7 +328,7 @@ void gdb_handle_v_file_close(GArray *params, void *user_ctx) int fd = get_param(params, 0)->val_ul; if (close(fd) == -1) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); gdb_put_strbuf(); return; } @@ -351,7 +351,7 @@ void gdb_handle_v_file_pread(GArray *params, void *user_ctx) ssize_t n = pread(fd, buf, bufsiz, offset); if (n < 0) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); gdb_put_strbuf(); return; } @@ -374,7 +374,7 @@ void gdb_handle_v_file_readlink(GArray *params, void *user_ctx) ssize_t n = readlink(filename, buf, BUFSIZ); #endif if (n < 0) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); gdb_put_strbuf(); return; } From patchwork Fri Feb 7 10:21:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 13964746 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 66CF6C02196 for ; Fri, 7 Feb 2025 10:22:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tgLUh-0008GD-Lx; Fri, 07 Feb 2025 05:21:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUe-0008Bm-SJ; Fri, 07 Feb 2025 05:21:52 -0500 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tgLUc-0006L2-NQ; Fri, 07 Feb 2025 05:21:52 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id B0676E737E; Fri, 07 Feb 2025 13:20:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id 2BA391B0A70; Fri, 7 Feb 2025 13:21:38 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id 1B47A52D91; Fri, 07 Feb 2025 13:21:38 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Akihiko Odaki , Jason Wang , Michael Tokarev Subject: [Stable-8.2.9 51/51] tap: Remove qemu_using_vnet_hdr() Date: Fri, 7 Feb 2025 13:21:32 +0300 Message-Id: <20250207102136.2239826-6-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Akihiko Odaki Since qemu_set_vnet_hdr_len() is always called when qemu_using_vnet_hdr() is called, we can merge them and save some code. For consistency, express that the virtio-net header is not in use by returning 0 with qemu_get_vnet_hdr_len() instead of having a dedicated function, qemu_get_using_vnet_hdr(). Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang (cherry picked from commit 4b52d63249a508dd927222ffac1a868d38681fc5) Signed-off-by: Michael Tokarev diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c index e41a6c1038..4edb58858e 100644 --- a/hw/net/e1000e.c +++ b/hw/net/e1000e.c @@ -352,7 +352,6 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr) for (i = 0; i < s->conf.peers.queues; i++) { nc = qemu_get_subqueue(s->nic, i); qemu_set_vnet_hdr_len(nc->peer, sizeof(struct virtio_net_hdr)); - qemu_using_vnet_hdr(nc->peer, true); } } diff --git a/hw/net/igb.c b/hw/net/igb.c index 8089acfea4..7cebbc276b 100644 --- a/hw/net/igb.c +++ b/hw/net/igb.c @@ -349,7 +349,6 @@ igb_init_net_peer(IGBState *s, PCIDevice *pci_dev, uint8_t *macaddr) for (i = 0; i < s->conf.peers.queues; i++) { nc = qemu_get_subqueue(s->nic, i); qemu_set_vnet_hdr_len(nc->peer, sizeof(struct virtio_net_hdr)); - qemu_using_vnet_hdr(nc->peer, true); } } diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c index b7b1de816d..1f79b82b77 100644 --- a/hw/net/net_tx_pkt.c +++ b/hw/net/net_tx_pkt.c @@ -582,7 +582,7 @@ static void net_tx_pkt_sendv( { NetClientState *nc = opaque; - if (qemu_get_using_vnet_hdr(nc->peer)) { + if (qemu_get_vnet_hdr_len(nc->peer)) { qemu_sendv_packet(nc, virt_iov, virt_iov_cnt); } else { qemu_sendv_packet(nc, iov, iov_cnt); @@ -812,7 +812,7 @@ static bool net_tx_pkt_do_sw_fragmentation(struct NetTxPkt *pkt, bool net_tx_pkt_send(struct NetTxPkt *pkt, NetClientState *nc) { - bool offload = qemu_get_using_vnet_hdr(nc->peer); + bool offload = qemu_get_vnet_hdr_len(nc->peer); return net_tx_pkt_send_custom(pkt, offload, net_tx_pkt_sendv, nc); } diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 534faa1b88..405e920b28 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -3751,9 +3751,6 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) peer_test_vnet_hdr(n); if (peer_has_vnet_hdr(n)) { - for (i = 0; i < n->max_queue_pairs; i++) { - qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true); - } n->host_hdr_len = sizeof(struct virtio_net_hdr); } else { n->host_hdr_len = 0; diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 6fb4102d03..81ab8ada55 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -2091,8 +2091,6 @@ static void vmxnet3_net_init(VMXNET3State *s) if (s->peer_has_vhdr) { qemu_set_vnet_hdr_len(qemu_get_queue(s->nic)->peer, sizeof(struct virtio_net_hdr)); - - qemu_using_vnet_hdr(qemu_get_queue(s->nic)->peer, 1); } qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); diff --git a/include/net/net.h b/include/net/net.h index ffbd2c8d56..374a827190 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -57,8 +57,6 @@ typedef bool (HasUfo)(NetClientState *); typedef bool (HasUso)(NetClientState *); typedef bool (HasVnetHdr)(NetClientState *); typedef bool (HasVnetHdrLen)(NetClientState *, int); -typedef bool (GetUsingVnetHdr)(NetClientState *); -typedef void (UsingVnetHdr)(NetClientState *, bool); typedef void (SetOffload)(NetClientState *, int, int, int, int, int, int, int); typedef int (GetVnetHdrLen)(NetClientState *); typedef void (SetVnetHdrLen)(NetClientState *, int); @@ -88,10 +86,7 @@ typedef struct NetClientInfo { HasUso *has_uso; HasVnetHdr *has_vnet_hdr; HasVnetHdrLen *has_vnet_hdr_len; - GetUsingVnetHdr *get_using_vnet_hdr; - UsingVnetHdr *using_vnet_hdr; SetOffload *set_offload; - GetVnetHdrLen *get_vnet_hdr_len; SetVnetHdrLen *set_vnet_hdr_len; SetVnetLE *set_vnet_le; SetVnetBE *set_vnet_be; @@ -194,8 +189,6 @@ bool qemu_has_ufo(NetClientState *nc); bool qemu_has_uso(NetClientState *nc); bool qemu_has_vnet_hdr(NetClientState *nc); bool qemu_has_vnet_hdr_len(NetClientState *nc, int len); -bool qemu_get_using_vnet_hdr(NetClientState *nc); -void qemu_using_vnet_hdr(NetClientState *nc, bool enable); void qemu_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int ecn, int ufo, int uso4, int uso6); int qemu_get_vnet_hdr_len(NetClientState *nc); diff --git a/net/dump.c b/net/dump.c index 16073f2458..956e34a123 100644 --- a/net/dump.c +++ b/net/dump.c @@ -154,10 +154,8 @@ static ssize_t filter_dump_receive_iov(NetFilterState *nf, NetClientState *sndr, int iovcnt, NetPacketSent *sent_cb) { NetFilterDumpState *nfds = FILTER_DUMP(nf); - int offset = qemu_get_using_vnet_hdr(nf->netdev) ? - qemu_get_vnet_hdr_len(nf->netdev) : 0; - dump_receive_iov(&nfds->ds, iov, iovcnt, offset); + dump_receive_iov(&nfds->ds, iov, iovcnt, qemu_get_vnet_hdr_len(nf->netdev)); return 0; } diff --git a/net/net.c b/net/net.c index 0520bc1681..98ed0280d3 100644 --- a/net/net.c +++ b/net/net.c @@ -524,24 +524,6 @@ bool qemu_has_vnet_hdr_len(NetClientState *nc, int len) return nc->info->has_vnet_hdr_len(nc, len); } -bool qemu_get_using_vnet_hdr(NetClientState *nc) -{ - if (!nc || !nc->info->get_using_vnet_hdr) { - return false; - } - - return nc->info->get_using_vnet_hdr(nc); -} - -void qemu_using_vnet_hdr(NetClientState *nc, bool enable) -{ - if (!nc || !nc->info->using_vnet_hdr) { - return; - } - - nc->info->using_vnet_hdr(nc, enable); -} - void qemu_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int ecn, int ufo, int uso4, int uso6) { @@ -554,11 +536,7 @@ void qemu_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int qemu_get_vnet_hdr_len(NetClientState *nc) { - if (!nc || !nc->info->get_vnet_hdr_len) { - return 0; - } - - return nc->info->get_vnet_hdr_len(nc); + return nc->vnet_hdr_len; } void qemu_set_vnet_hdr_len(NetClientState *nc, int len) diff --git a/net/netmap.c b/net/netmap.c index 241b27c8e9..297510e190 100644 --- a/net/netmap.c +++ b/net/netmap.c @@ -351,10 +351,6 @@ static bool netmap_has_vnet_hdr(NetClientState *nc) return netmap_has_vnet_hdr_len(nc, sizeof(struct virtio_net_hdr)); } -static void netmap_using_vnet_hdr(NetClientState *nc, bool enable) -{ -} - static void netmap_set_vnet_hdr_len(NetClientState *nc, int len) { NetmapState *s = DO_UPCAST(NetmapState, nc, nc); @@ -393,7 +389,6 @@ static NetClientInfo net_netmap_info = { .has_ufo = netmap_has_vnet_hdr, .has_vnet_hdr = netmap_has_vnet_hdr, .has_vnet_hdr_len = netmap_has_vnet_hdr_len, - .using_vnet_hdr = netmap_using_vnet_hdr, .set_offload = netmap_set_offload, .set_vnet_hdr_len = netmap_set_vnet_hdr_len, }; diff --git a/net/tap.c b/net/tap.c index c23d0323c2..e080a9b969 100644 --- a/net/tap.c +++ b/net/tap.c @@ -266,13 +266,6 @@ static bool tap_has_vnet_hdr_len(NetClientState *nc, int len) return !!tap_probe_vnet_hdr_len(s->fd, len); } -static int tap_get_vnet_hdr_len(NetClientState *nc) -{ - TAPState *s = DO_UPCAST(TAPState, nc, nc); - - return s->host_vnet_hdr_len; -} - static void tap_set_vnet_hdr_len(NetClientState *nc, int len) { TAPState *s = DO_UPCAST(TAPState, nc, nc); @@ -284,23 +277,7 @@ static void tap_set_vnet_hdr_len(NetClientState *nc, int len) tap_fd_set_vnet_hdr_len(s->fd, len); s->host_vnet_hdr_len = len; -} - -static bool tap_get_using_vnet_hdr(NetClientState *nc) -{ - TAPState *s = DO_UPCAST(TAPState, nc, nc); - - return s->using_vnet_hdr; -} - -static void tap_using_vnet_hdr(NetClientState *nc, bool using_vnet_hdr) -{ - TAPState *s = DO_UPCAST(TAPState, nc, nc); - - assert(nc->info->type == NET_CLIENT_DRIVER_TAP); - assert(!!s->host_vnet_hdr_len == using_vnet_hdr); - - s->using_vnet_hdr = using_vnet_hdr; + s->using_vnet_hdr = true; } static int tap_set_vnet_le(NetClientState *nc, bool is_le) @@ -398,10 +375,7 @@ static NetClientInfo net_tap_info = { .has_uso = tap_has_uso, .has_vnet_hdr = tap_has_vnet_hdr, .has_vnet_hdr_len = tap_has_vnet_hdr_len, - .get_using_vnet_hdr = tap_get_using_vnet_hdr, - .using_vnet_hdr = tap_using_vnet_hdr, .set_offload = tap_set_offload, - .get_vnet_hdr_len = tap_get_vnet_hdr_len, .set_vnet_hdr_len = tap_set_vnet_hdr_len, .set_vnet_le = tap_set_vnet_le, .set_vnet_be = tap_set_vnet_be,