From 1566b8c8df9e8603f5d03cc1a7708c4ecfda0897 Mon Sep 17 00:00:00 2001 From: Stefan Weil via Date: Sat, 9 Aug 2025 08:13:02 +0200 Subject: [PATCH 1/5] chardev/baum: Fix compiler warning for Windows builds Compiler warning: ../chardev/baum.c:657:25: warning: comparison between pointer and integer Use brlapi_fileDescriptor instead of int for brlapi_fd and BRLAPI_INVALID_FILE_DESCRIPTOR instead of -1. Signed-off-by: Stefan Weil Reviewed-by: Samuel Thibault Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- chardev/baum.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/chardev/baum.c b/chardev/baum.c index f3e8cd27f0..ad68321504 100644 --- a/chardev/baum.c +++ b/chardev/baum.c @@ -94,7 +94,7 @@ struct BaumChardev { Chardev parent; brlapi_handle_t *brlapi; - int brlapi_fd; + brlapi_fileDescriptor brlapi_fd; unsigned int x, y; bool deferred_init; @@ -654,7 +654,7 @@ static void baum_chr_open(Chardev *chr, baum->brlapi = handle; baum->brlapi_fd = brlapi__openConnection(handle, NULL, NULL); - if (baum->brlapi_fd == -1) { + if (baum->brlapi_fd == BRLAPI_INVALID_FILE_DESCRIPTOR) { error_setg(errp, "brlapi__openConnection: %s", brlapi_strerror(brlapi_error_location())); g_free(handle); @@ -665,6 +665,10 @@ static void baum_chr_open(Chardev *chr, baum->cellCount_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, baum_cellCount_timer_cb, baum); + /* + * On Windows, brlapi_fd is a pointer, which is being used here + * as an integer, but in practice it seems to work + */ qemu_set_fd_handler(baum->brlapi_fd, baum_chr_read, NULL, baum); } From 606978500c3d18fb89a49844f253097b17f757de Mon Sep 17 00:00:00 2001 From: Michael Tokarev Date: Sun, 24 Aug 2025 03:05:32 +0300 Subject: [PATCH 2/5] block/curl: fix curl internal handles handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit block/curl.c uses CURLMOPT_SOCKETFUNCTION to register a socket callback. According to the documentation, this callback is called not just with application-created sockets but also with internal curl sockets, - and for such sockets, user data pointer is not set by the application, so the result qemu crashing. Pass BDRVCURLState directly to the callback function as user pointer, instead of relying on CURLINFO_PRIVATE. This problem started happening with update of libcurl from 8.9 to 8.10 -- apparently with this change curl started using private handles more. (CURLINFO_PRIVATE is used in one more place, in curl_multi_check_completion() - it might need a similar fix too) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3081 Cc: qemu-stable@qemu.org Reviewed-by: Daniel P. Berrangé Signed-off-by: Michael Tokarev --- block/curl.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/block/curl.c b/block/curl.c index 5467678024..00b949ea45 100644 --- a/block/curl.c +++ b/block/curl.c @@ -162,13 +162,9 @@ static int curl_timer_cb(CURLM *multi, long timeout_ms, void *opaque) static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action, void *userp, void *sp) { - BDRVCURLState *s; - CURLState *state = NULL; + BDRVCURLState *s = userp; CURLSocket *socket; - curl_easy_getinfo(curl, CURLINFO_PRIVATE, (char **)&state); - s = state->s; - socket = g_hash_table_lookup(s->sockets, GINT_TO_POINTER(fd)); if (!socket) { socket = g_new0(CURLSocket, 1); @@ -605,6 +601,7 @@ static void curl_attach_aio_context(BlockDriverState *bs, assert(!s->multi); s->multi = curl_multi_init(); s->aio_context = new_context; + curl_multi_setopt(s->multi, CURLMOPT_SOCKETDATA, s); curl_multi_setopt(s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb); curl_multi_setopt(s->multi, CURLMOPT_TIMERDATA, s); curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb); From 29e68f41c064299d4b45f3517c2e4400b1c17231 Mon Sep 17 00:00:00 2001 From: Michael Tokarev Date: Mon, 25 Aug 2025 12:52:46 +0300 Subject: [PATCH 3/5] block/curl: drop old/unuspported curl version checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We currently require libcurl >=7.29.0 (since f9cd86fe72be3cd8). Drop older LIBCURL_VERSION_NUM checks from the driver. Reviewed-by: Daniel P. Berrangé Signed-off-by: Michael Tokarev --- block/curl.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/block/curl.c b/block/curl.c index 00b949ea45..e0f98e035a 100644 --- a/block/curl.c +++ b/block/curl.c @@ -516,7 +516,7 @@ static int curl_init_state(BDRVCURLState *s, CURLState *state) CURLOPT_REDIR_PROTOCOLS_STR, PROTOCOLS)) { goto err; } -#elif LIBCURL_VERSION_NUM >= 0x071304 +#else if (curl_easy_setopt(state->curl, CURLOPT_PROTOCOLS, PROTOCOLS) || curl_easy_setopt(state->curl, CURLOPT_REDIR_PROTOCOLS, PROTOCOLS)) { goto err; @@ -821,22 +821,11 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags, goto out; } #endif - /* Prior CURL 7.19.4 return value of 0 could mean that the file size is not - * know or the size is zero. From 7.19.4 CURL returns -1 if size is not - * known and zero if it is really zero-length file. */ -#if LIBCURL_VERSION_NUM >= 0x071304 if (cl < 0) { pstrcpy(state->errmsg, CURL_ERROR_SIZE, "Server didn't report file size."); goto out; } -#else - if (cl <= 0) { - pstrcpy(state->errmsg, CURL_ERROR_SIZE, - "Unknown file size or zero-length file."); - goto out; - } -#endif s->len = cl; From 0ac122d933323610b3dc7ce846cb47ba48d78266 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 11 Aug 2025 11:43:41 +0200 Subject: [PATCH 4/5] scripts/coverity-scan/COMPONENTS.md: Add a 'plugins' category MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cover the TCG plugins files under their own Coverity category. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Peter Maydell Acked-by: Alex Bennée Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- scripts/coverity-scan/COMPONENTS.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/coverity-scan/COMPONENTS.md b/scripts/coverity-scan/COMPONENTS.md index 72995903ff..95805b536b 100644 --- a/scripts/coverity-scan/COMPONENTS.md +++ b/scripts/coverity-scan/COMPONENTS.md @@ -147,6 +147,9 @@ tcg system ~ .*/qemu(/system/.*|/accel/.*) +plugins + ~ .*/qemu(/contrib|/tests/tcg)?/plugins/.* + (headers) ~ .*/qemu(/include/.*) From 25fef09ce17ac1ae22638a0b57d97c2bd5cd7d83 Mon Sep 17 00:00:00 2001 From: Aditya Gupta Date: Wed, 27 Aug 2025 11:02:28 +0530 Subject: [PATCH 5/5] docs: fix typo in xive doc "Interrupt Pending Buffer" IPB, which got written as IBP due to typo. The "IPB" register is also mentioned in same doc multiple times. Signed-off-by: Aditya Gupta Reviewed-by: Thomas Huth Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- docs/specs/ppc-xive.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/specs/ppc-xive.rst b/docs/specs/ppc-xive.rst index 83d43f658b..968cc760d4 100644 --- a/docs/specs/ppc-xive.rst +++ b/docs/specs/ppc-xive.rst @@ -157,7 +157,7 @@ Interrupt flow from an O/S perspective After an event data has been enqueued in the O/S Event Queue, the IVPE raises the bit corresponding to the priority of the pending interrupt -in the register IBP (Interrupt Pending Buffer) to indicate that an +in the register IPB (Interrupt Pending Buffer) to indicate that an event is pending in one of the 8 priority queues. The Pending Interrupt Priority Register (PIPR) is also updated using the IPB. This register represent the priority of the most favored pending