Misc fixes for QEMU v9.2.0

-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmdO66kACgkQ4+MsLN6t wN4dGw//ZSVZO/cdOc1izC44mCPjnHkhSjX5i12E09QnDfNQ9cef2pG50lsndm3N xJwunST+Hqfoh07YT4zuGSO+60BiiPsPse+ytnuHK0E4wLbIfrWzPcf1CMRDk3wf O4IniCv8O7BRYccK1iPkFI8ZVqK84m3Bn1tQ51LOy09b6om7jIqNwlxWxGYqkWCR l+9RxW/IKWD3OrveBATEhD1lwoUBIYPPzdm6NayEdOJXGOgnvbNbtmuRCR8dCxCS RUH3GZu0vvRTpOYjFzeR9Xy+CE1vcOeKsZf35QwV4eX8+UKv30HgF6J8fInkS60m EqPA+AU7fi+DN3Ua1Jx38wXHPr8mPTQoVGV6q0UB8b3B22kPQn+Mu8jHLyMOp4rK 6JEX5cAOZuwBEk0I8VjwqeDGVYgFwnMHhVuss0N4kCvP0qQcC2JMGMW0Rk4Lxw16 q0kwbQ0c56+qET57EOf9VW40Yb1q3Zu9t39XfNO/m3KGLkVSPfFZEu5voWD14mZW RutPlG/ww3n878Xz06YsqYF0ED/0SiW8U1tmEzg+X9vA/7Z7/0MH0rleNb36a0Fs 0aDq/mZBcnFLKy+9rlpy18OolY/N6LZnebCpdQe5wSRn/ioWDc4/GyIaLO9lSE5o TFHmGtIIQ2FoeRgtwCSfVNwaA6ILgPRsgXFDOqxCUplgKv6GX2Q= =GZ/H -----END PGP SIGNATURE----- Merge tag 'hw-misc-20241203' of https://github.com/philmd/qemu into staging Misc fixes for QEMU v9.2.0 # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmdO66kACgkQ4+MsLN6t # wN4dGw//ZSVZO/cdOc1izC44mCPjnHkhSjX5i12E09QnDfNQ9cef2pG50lsndm3N # xJwunST+Hqfoh07YT4zuGSO+60BiiPsPse+ytnuHK0E4wLbIfrWzPcf1CMRDk3wf # O4IniCv8O7BRYccK1iPkFI8ZVqK84m3Bn1tQ51LOy09b6om7jIqNwlxWxGYqkWCR # l+9RxW/IKWD3OrveBATEhD1lwoUBIYPPzdm6NayEdOJXGOgnvbNbtmuRCR8dCxCS # RUH3GZu0vvRTpOYjFzeR9Xy+CE1vcOeKsZf35QwV4eX8+UKv30HgF6J8fInkS60m # EqPA+AU7fi+DN3Ua1Jx38wXHPr8mPTQoVGV6q0UB8b3B22kPQn+Mu8jHLyMOp4rK # 6JEX5cAOZuwBEk0I8VjwqeDGVYgFwnMHhVuss0N4kCvP0qQcC2JMGMW0Rk4Lxw16 # q0kwbQ0c56+qET57EOf9VW40Yb1q3Zu9t39XfNO/m3KGLkVSPfFZEu5voWD14mZW # RutPlG/ww3n878Xz06YsqYF0ED/0SiW8U1tmEzg+X9vA/7Z7/0MH0rleNb36a0Fs # 0aDq/mZBcnFLKy+9rlpy18OolY/N6LZnebCpdQe5wSRn/ioWDc4/GyIaLO9lSE5o # TFHmGtIIQ2FoeRgtwCSfVNwaA6ILgPRsgXFDOqxCUplgKv6GX2Q= # =GZ/H # -----END PGP SIGNATURE----- # gpg: Signature made Tue 03 Dec 2024 11:29:45 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'hw-misc-20241203' of https://github.com/philmd/qemu: system: Select HVF by default when no other accelerator is available tests/qtest: add test for querying balloon guest stats tests/qtest: drop 'fuzz-' prefix from virtio-balloon test hw/virtio: fix crash in processing balloon stats hw/display/vga: Do not reset 'big_endian_fb' in vga_common_reset() target/riscv: Avoid bad shift in riscv_cpu_do_interrupt() hw/core/machine: diagnose wrapping of maxmem MAINTAINERS: update email addr for Brian Cain meson: Add missing SDL dependency to system/main.c MAINTAINERS: add myself as the maintainer for LoongArch VirtMachine ui/cocoa: Temporarily ignore annoying deprecated declaration warnings hw/openrisc/openrisc_sim: keep serial@90000000 as default hw/openrisc: Fixed undercounting of TTCR in continuous mode Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
1 year ago · 712f7150a8
12 changed files with 102 additions and 48 deletions
--- a/.mailmap
+++ b/.mailmap
@ -75,6 +75,8 @@ Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> <aleksandar.rikalo@rt-rk.com>
 Alexander Graf <agraf@csgraf.de> <agraf@suse.de>
 Ani Sinha <anisinha@redhat.com> <ani@anisinha.ca>
 Anthony Liguori <anthony@codemonkey.ws> Anthony Liguori <aliguori@us.ibm.com>
+Brian Cain <brian.cain@oss.qualcomm.com> <bcain@quicinc.com>
+Brian Cain <brian.cain@oss.qualcomm.com> <quic_bcain@quicinc.com>
 Christian Borntraeger <borntraeger@linux.ibm.com> <borntraeger@de.ibm.com>
 Damien Hedde <damien.hedde@dahe.fr> <damien.hedde@greensocs.com>
 Filip Bozuta <filip.bozuta@syrmia.com> <filip.bozuta@rt-rk.com.com>
--- a/4
+++ b/4
@ -226,7 +226,7 @@ F: target/avr/
 F: tests/functional/test_avr_mega2560.py

 Hexagon TCG CPUs
-M: Brian Cain <bcain@quicinc.com>
+M: Brian Cain <bcain@oss.qualcomm.com>
 S: Supported
 F: target/hexagon/
 X: target/hexagon/idef-parser/
@ -1199,6 +1199,7 @@ LoongArch Machines
 ------------------
 Virt
 M: Song Gao <gaosong@loongson.cn>
+M: Bibo Mao <maobibo@loongson.cn>
 R: Jiaxun Yang <jiaxun.yang@flygoat.com>
 S: Maintained
 F: docs/system/loongarch/virt.rst
@ -2227,6 +2228,7 @@ F: hw/virtio/virtio-balloon*.c
 F: include/hw/virtio/virtio-balloon.h
 F: system/balloon.c
 F: include/sysemu/balloon.h
+F: tests/qtest/virtio-balloon-test.c

 virtio-9p
 M: Greg Kurz <groug@kaod.org>
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@ -598,11 +598,19 @@ static void machine_set_mem(Object *obj, Visitor *v, const char *name,
        mem->size = mc->fixup_ram_size(mem->size);
    }
    if ((ram_addr_t)mem->size != mem->size) {
-        error_setg(errp, "ram size too large");
+        error_setg(errp, "ram size %llu exceeds permitted maximum %llu",
+                   (unsigned long long)mem->size,
+                   (unsigned long long)RAM_ADDR_MAX);
        goto out_free;
    }

    if (mem->has_max_size) {
+        if ((ram_addr_t)mem->max_size != mem->max_size) {
+            error_setg(errp, "ram size %llu exceeds permitted maximum %llu",
+                       (unsigned long long)mem->max_size,
+                       (unsigned long long)RAM_ADDR_MAX);
+            goto out_free;
+        }
        if (mem->max_size < mem->size) {
            error_setg(errp, "invalid value of maxmem: "
                       "maximum memory size (0x%" PRIx64 ") must be at least "
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@ -1873,7 +1873,6 @@ void vga_common_reset(VGACommonState *s)
    s->cursor_start = 0;
    s->cursor_end = 0;
    s->cursor_offset = 0;
-    s->big_endian_fb = s->default_endian_fb;
    memset(s->invalidated_y_table, '\0', sizeof(s->invalidated_y_table));
    memset(s->last_palette, '\0', sizeof(s->last_palette));
    memset(s->last_ch_attr, '\0', sizeof(s->last_ch_attr));
@ -2266,6 +2265,7 @@ bool vga_common_init(VGACommonState *s, Object *obj, Error **errp)
     * all target endian dependencies from this file.
     */
    s->default_endian_fb = target_words_bigendian();
+    s->big_endian_fb = s->default_endian_fb;

    vga_dirty_log_start(s);

--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@ -167,19 +167,33 @@ static void balloon_deflate_page(VirtIOBalloon *balloon,
    }
 }

+/*
+ * All stats upto VIRTIO_BALLOON_S_NR /must/ have a
+ * non-NULL name declared here, since these are used
+ * as keys for populating the QDict with stats
+ */
 static const char *balloon_stat_names[] = {
   [VIRTIO_BALLOON_S_SWAP_IN] = "stat-swap-in",
   [VIRTIO_BALLOON_S_SWAP_OUT] = "stat-swap-out",
   [VIRTIO_BALLOON_S_MAJFLT] = "stat-major-faults",
   [VIRTIO_BALLOON_S_MINFLT] = "stat-minor-faults",
   [VIRTIO_BALLOON_S_MEMFREE] = "stat-free-memory",
+
   [VIRTIO_BALLOON_S_MEMTOT] = "stat-total-memory",
   [VIRTIO_BALLOON_S_AVAIL] = "stat-available-memory",
   [VIRTIO_BALLOON_S_CACHES] = "stat-disk-caches",
   [VIRTIO_BALLOON_S_HTLB_PGALLOC] = "stat-htlb-pgalloc",
   [VIRTIO_BALLOON_S_HTLB_PGFAIL] = "stat-htlb-pgfail",
-   [VIRTIO_BALLOON_S_NR] = NULL
+
+   [VIRTIO_BALLOON_S_OOM_KILL] = "stat-oom-kills",
+   [VIRTIO_BALLOON_S_ALLOC_STALL] = "stat-alloc-stalls",
+   [VIRTIO_BALLOON_S_ASYNC_SCAN] = "stat-async-scans",
+   [VIRTIO_BALLOON_S_DIRECT_SCAN] = "stat-direct-scans",
+   [VIRTIO_BALLOON_S_ASYNC_RECLAIM] = "stat-async-reclaims",
+
+   [VIRTIO_BALLOON_S_DIRECT_RECLAIM] = "stat-direct-reclaims",
 };
+G_STATIC_ASSERT(G_N_ELEMENTS(balloon_stat_names) == VIRTIO_BALLOON_S_NR);

 /*
 * reset_stats - Mark all items in the stats array as unset
--- a/meson.build
+++ b/meson.build
@ -4235,14 +4235,14 @@ foreach target : target_dirs
      'name': 'qemu-system-' + target_name,
      'win_subsystem': 'console',
      'sources': files('system/main.c'),
-      'dependencies': []
+      'dependencies': [sdl]
    }]
    if host_os == 'windows' and (sdl.found() or gtk.found())
      execs += [{
        'name': 'qemu-system-' + target_name + 'w',
        'win_subsystem': 'windows',
        'sources': files('system/main.c'),
-        'dependencies': []
+        'dependencies': [sdl]
      }]
    endif
    if get_option('fuzzing')
--- a/system/vl.c
+++ b/system/vl.c
@ -2362,6 +2362,7 @@ static void configure_accelerators(const char *progname)
            /* Select the default accelerator */
            bool have_tcg = accel_find("tcg");
            bool have_kvm = accel_find("kvm");
+            bool have_hvf = accel_find("hvf");

            if (have_tcg && have_kvm) {
                if (g_str_has_suffix(progname, "kvm")) {
@ -2374,6 +2375,8 @@ static void configure_accelerators(const char *progname)
                accelerators = "kvm";
            } else if (have_tcg) {
                accelerators = "tcg";
+            } else if (have_hvf) {
+                accelerators = "hvf";
            } else {
                error_report("No accelerator selected and"
                             " no default accelerator available");
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@ -1802,10 +1802,10 @@ void riscv_cpu_do_interrupt(CPUState *cs)
    bool async = !!(cs->exception_index & RISCV_EXCP_INT_FLAG);
    target_ulong cause = cs->exception_index & RISCV_EXCP_INT_MASK;
    uint64_t deleg = async ? env->mideleg : env->medeleg;
-    bool s_injected = env->mvip & (1 << cause) & env->mvien &&
-        !(env->mip & (1 << cause));
-    bool vs_injected = env->hvip & (1 << cause) & env->hvien &&
-        !(env->mip & (1 << cause));
+    bool s_injected = env->mvip & (1ULL << cause) & env->mvien &&
+        !(env->mip & (1ULL << cause));
+    bool vs_injected = env->hvip & (1ULL << cause) & env->hvien &&
+        !(env->mip & (1ULL << cause));
    target_ulong tval = 0;
    target_ulong tinst = 0;
    target_ulong htval = 0;
--- a/tests/qtest/fuzz-virtio-balloon-test.c
+++ b/tests/qtest/fuzz-virtio-balloon-test.c
@ -1,37 +0,0 @@
-/*
- * QTest fuzzer-generated testcase for virtio balloon device
- *
- * Copyright (c) 2024 Gao Shiyuan <gaoshiyuan@baidu.com>
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#include "qemu/osdep.h"
-#include "libqtest.h"
-
-/*
- * https://gitlab.com/qemu-project/qemu/-/issues/2576
- * Used to trigger:
- *   virtio_address_space_lookup: Assertion `mrs.mr' failed.
- */
-static void oss_fuzz_71649(void)
-{
-    QTestState *s = qtest_init("-device virtio-balloon -machine q35"
-                               " -nodefaults");
-
-    qtest_outl(s, 0xcf8, 0x80000890);
-    qtest_outl(s, 0xcfc, 0x2);
-    qtest_outl(s, 0xcf8, 0x80000891);
-    qtest_inl(s, 0xcfc);
-    qtest_quit(s);
-}
-
-int main(int argc, char **argv)
-{
-    g_test_init(&argc, &argv, NULL);
-
-    qtest_add_func("fuzz/virtio/oss_fuzz_71649", oss_fuzz_71649);
-
-    return g_test_run();
-}
-
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@ -88,7 +88,7 @@ qtests_i386 = \
  (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) +    \
  (config_all_devices.has_key('CONFIG_LSI_SCSI_PCI') ? ['fuzz-lsi53c895a-test'] : []) +     \
  (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) +     \
-  (config_all_devices.has_key('CONFIG_VIRTIO_BALLOON') ? ['fuzz-virtio-balloon-test'] : []) + \
+  (config_all_devices.has_key('CONFIG_VIRTIO_BALLOON') ? ['virtio-balloon-test'] : []) + \
  (config_all_devices.has_key('CONFIG_Q35') ? ['q35-test'] : []) +                          \
  (config_all_devices.has_key('CONFIG_SB16') ? ['fuzz-sb16-test'] : []) +                   \
  (config_all_devices.has_key('CONFIG_SDHCI_PCI') ? ['fuzz-sdcard-test'] : []) +            \
--- a/tests/qtest/virtio-balloon-test.c
+++ b/tests/qtest/virtio-balloon-test.c
@ -0,0 +1,57 @@
+/*
+ * QTest test cases for virtio balloon device
+ *
+ * Copyright (c) 2024 Gao Shiyuan <gaoshiyuan@baidu.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+#include "standard-headers/linux/virtio_balloon.h"
+
+/*
+ * https://gitlab.com/qemu-project/qemu/-/issues/2576
+ * Used to trigger:
+ *   virtio_address_space_lookup: Assertion `mrs.mr' failed.
+ */
+static void oss_fuzz_71649(void)
+{
+    QTestState *s = qtest_init("-device virtio-balloon -machine q35"
+                               " -nodefaults");
+
+    qtest_outl(s, 0xcf8, 0x80000890);
+    qtest_outl(s, 0xcfc, 0x2);
+    qtest_outl(s, 0xcf8, 0x80000891);
+    qtest_inl(s, 0xcfc);
+    qtest_quit(s);
+}
+
+static void query_stats(void)
+{
+    QTestState *s = qtest_init("-device virtio-balloon,id=balloon"
+                               " -nodefaults");
+    QDict *ret = qtest_qmp_assert_success_ref(
+        s,
+        "{ 'execute': 'qom-get', 'arguments': "     \
+        "{ 'path': '/machine/peripheral/balloon', " \
+        "  'property': 'guest-stats' } }");
+    QDict *stats = qdict_get_qdict(ret, "stats");
+
+    /* We expect 1 entry in the dict for each known kernel stat */
+    assert(qdict_size(stats) == VIRTIO_BALLOON_S_NR);
+
+    qobject_unref(ret);
+    qtest_quit(s);
+}
+
+int main(int argc, char **argv)
+{
+    g_test_init(&argc, &argv, NULL);
+
+    qtest_add_func("virtio-balloon/oss_fuzz_71649", oss_fuzz_71649);
+    qtest_add_func("virtio-balloon/query-stats", query_stats);
+
+    return g_test_run();
+}
+
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@ -639,6 +639,9 @@ static CGEventRef handleTapEvent(CGEventTapProxy proxy, CGEventType type, CGEven
    [self setBoundsSize:NSMakeSize(screen.width, screen.height)];
 }

+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
 - (void) updateUIInfoLocked
 {
    /* Must be called with the BQL, i.e. via updateUIInfo */
@ -685,6 +688,8 @@ static CGEventRef handleTapEvent(CGEventTapProxy proxy, CGEventType type, CGEven
    dpy_set_ui_info(dcl.con, &info, TRUE);
 }

+#pragma clang diagnostic pop
+
 - (void) updateUIInfo
 {
    if (!allow_events) {