From 84dfdcbff33fff185528501be408c25c44499f32 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Fri, 17 Jan 2025 12:17:08 +0100 Subject: [PATCH 1/7] net: Fix announce_self b9ad513e1876 ("net: Remove receive_raw()") adds an iovec entry in qemu_deliver_packet_iov() to add the virtio-net header in the data when QEMU_NET_PACKET_FLAG_RAW is set but forgets to increase the number of iovec entries in the array, so receive_iov() will only send the first entry (the virtio-net entry, full of 0) and no data. The packet will be discarded. The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self. We can see the problem with tcpdump: - QEMU parameters: .. -monitor stdio \ -netdev bridge,id=netdev0,br=virbr0 \ -device virtio-net,mac=9a:2b:2c:2d:2e:2f,netdev=netdev0 \ - HMP command: (qemu) announce_self - TCP dump: $ sudo tcpdump -nxi virbr0 without the fix: with the fix: ARP, Reverse Request who-is 9a:2b:2c:2d:2e:2f tell 9a:2b:2c:2d:2e:2f, length 46 0x0000: 0001 0800 0604 0003 9a2b 2c2d 2e2f 0000 0x0010: 0000 9a2b 2c2d 2e2f 0000 0000 0000 0000 0x0020: 0000 0000 0000 0000 0000 0000 0000 Reported-by: Xiaohui Li Bug: https://issues.redhat.com/browse/RHEL-73891 Fixes: b9ad513e1876 ("net: Remove receive_raw()") Cc: akihiko.odaki@daynix.com Signed-off-by: Laurent Vivier Reviewed-by: Akihiko Odaki Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- net/net.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/net.c b/net/net.c index c1bb19a523..9cded70dde 100644 --- a/net/net.c +++ b/net/net.c @@ -822,6 +822,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender, iov_copy[0].iov_len = nc->vnet_hdr_len; memcpy(&iov_copy[1], iov, iovcnt * sizeof(*iov)); iov = iov_copy; + iovcnt++; } if (nc->info->receive_iov) { From c6a1b591a68b4d7230d6c3f56965e18080d737e5 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Fri, 17 Jan 2025 12:17:09 +0100 Subject: [PATCH 2/7] net/dump: Correctly compute Ethernet packet offset When a packet is sent with QEMU_NET_PACKET_FLAG_RAW by QEMU it never includes virtio-net header even if qemu_get_vnet_hdr_len() is not 0, and filter-dump is not managing this case. The only user of QEMU_NET_PACKET_FLAG_RAW is announce_self, we can show the problem using it and tcpddump: - QEMU parameters: .. -monitor stdio \ -netdev bridge,id=netdev0,br=virbr0 \ -device virtio-net,mac=9a:2b:2c:2d:2e:2f,netdev=netdev0 \ -object filter-dump,netdev=netdev0,file=log.pcap,id=pcap0 - HMP command: (qemu) announce_self - TCP dump: $ tcpdump -nxr log.pcap without the fix: 08:00:06:04:00:03 > 2e:2f:80:35:00:01, ethertype Unknown (0x9a2b), length 50: 0x0000: 2c2d 2e2f 0000 0000 9a2b 2c2d 2e2f 0000 0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 0x0020: 0000 0000 with the fix: ARP, Reverse Request who-is 9a:2b:2c:2d:2e:2f tell 9a:2b:2c:2d:2e:2f, length 46 0x0000: 0001 0800 0604 0003 9a2b 2c2d 2e2f 0000 0x0010: 0000 9a2b 2c2d 2e2f 0000 0000 0000 0000 0x0020: 0000 0000 0000 0000 0000 0000 0000 Fixes: 481c52320a26 ("net: Strip virtio-net header when dumping") Cc: akihiko.odaki@daynix.com Signed-off-by: Laurent Vivier Reviewed-by: Akihiko Odaki Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- net/dump.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/dump.c b/net/dump.c index d7dd2ce461..140215aa10 100644 --- a/net/dump.c +++ b/net/dump.c @@ -155,7 +155,8 @@ static ssize_t filter_dump_receive_iov(NetFilterState *nf, NetClientState *sndr, { NetFilterDumpState *nfds = FILTER_DUMP(nf); - dump_receive_iov(&nfds->ds, iov, iovcnt, qemu_get_vnet_hdr_len(nf->netdev)); + dump_receive_iov(&nfds->ds, iov, iovcnt, flags & QEMU_NET_PACKET_FLAG_RAW ? + 0 : qemu_get_vnet_hdr_len(nf->netdev)); return 0; } From 6003402aa91053c6884f1cf324692dcc035df96c Mon Sep 17 00:00:00 2001 From: Michael Tokarev Date: Sun, 19 Jan 2025 12:35:47 +0300 Subject: [PATCH 3/7] vvfat: create_long_filename: fix out-of-bounds array access create_long_filename() intentionally uses direntry_t->name[8+3] array as a larger array. This works, but makes static code analysis tools unhappy. The problem here is that a directory entry holding long file name is significantly different from regular directory entry, and the name is split into several parts within the entry, not just in regular 8+3 name field. Treat the entry as array of bytes instead. This fixes the OOB access from the compiler/tools PoV, but does not change the resulting code in any way. Keep the existing code style. Signed-off-by: Michael Tokarev --- block/vvfat.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/block/vvfat.c b/block/vvfat.c index 8ffe8b3b9b..bfbcc5562c 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -403,7 +403,6 @@ static direntry_t *create_long_filename(BDRVVVFATState *s, const char *filename) { int number_of_entries, i; glong length; - direntry_t *entry; gunichar2 *longname = g_utf8_to_utf16(filename, -1, NULL, &length, NULL); if (!longname) { @@ -414,24 +413,24 @@ static direntry_t *create_long_filename(BDRVVVFATState *s, const char *filename) number_of_entries = DIV_ROUND_UP(length * 2, 26); for(i=0;idirectory)); + direntry_t *entry=array_get_next(&(s->directory)); entry->attributes=0xf; entry->reserved[0]=0; entry->begin=0; entry->name[0]=(number_of_entries-i)|(i==0?0x40:0); } for(i=0;i<26*number_of_entries;i++) { + unsigned char *entry=array_get(&(s->directory),s->directory.next-1-(i/26)); int offset=(i%26); if(offset<10) offset=1+offset; else if(offset<22) offset=14+offset-10; else offset=28+offset-22; - entry=array_get(&(s->directory),s->directory.next-1-(i/26)); if (i >= 2 * length + 2) { - entry->name[offset] = 0xff; + entry[offset] = 0xff; } else if (i % 2 == 0) { - entry->name[offset] = longname[i / 2] & 0xff; + entry[offset] = longname[i / 2] & 0xff; } else { - entry->name[offset] = longname[i / 2] >> 8; + entry[offset] = longname[i / 2] >> 8; } } g_free(longname); From 8b647bd352505234cab2acd2422aba183a1aa1fd Mon Sep 17 00:00:00 2001 From: Dominik 'Disconnect3d' Czarnota Date: Mon, 20 Jan 2025 23:28:58 +0100 Subject: [PATCH 4/7] gdbstub/user-target: fix gdbserver int format (%d -> %x) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit fixes an incorrect format string for formatting integers provided to GDB when debugging a target run in QEMU user mode. The correct format is hexadecimal for both success and errno values, some of which can be seen here [0]. [0] https://github.com/bminor/binutils-gdb/blob/e65a355022d0dc6b5707310876a72b5693ec0aa5/gdbserver/hostio.cc#L196-L213 Signed-off-by: Dominik 'Disconnect3d' Czarnota Reviewed-by: Alex Bennée Fixes: e282010b2e1e ("gdbstub: Add support for info proc mappings") Cc: qemu-stable@nongnu.org Reviewed-by: Ilya Leoshkevich Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- gdbstub/user-target.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gdbstub/user-target.c b/gdbstub/user-target.c index 22bf4008c0..4bfcf78aaa 100644 --- a/gdbstub/user-target.c +++ b/gdbstub/user-target.c @@ -317,9 +317,9 @@ void gdb_handle_v_file_open(GArray *params, void *user_ctx) int fd = open(filename, flags, mode); #endif if (fd < 0) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); } else { - g_string_printf(gdbserver_state.str_buf, "F%d", fd); + g_string_printf(gdbserver_state.str_buf, "F%x", fd); } gdb_put_strbuf(); } @@ -329,7 +329,7 @@ void gdb_handle_v_file_close(GArray *params, void *user_ctx) int fd = gdb_get_cmd_param(params, 0)->val_ul; if (close(fd) == -1) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); gdb_put_strbuf(); return; } @@ -352,7 +352,7 @@ void gdb_handle_v_file_pread(GArray *params, void *user_ctx) ssize_t n = pread(fd, buf, bufsiz, offset); if (n < 0) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); gdb_put_strbuf(); return; } @@ -375,7 +375,7 @@ void gdb_handle_v_file_readlink(GArray *params, void *user_ctx) ssize_t n = readlink(filename, buf, BUFSIZ); #endif if (n < 0) { - g_string_printf(gdbserver_state.str_buf, "F-1,%d", errno); + g_string_printf(gdbserver_state.str_buf, "F-1,%x", errno); gdb_put_strbuf(); return; } From 394388dfdb413d50167b2efc47ee9f2432657482 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 27 Jan 2025 19:41:10 +0100 Subject: [PATCH 5/7] tests/functional/test_mips_malta: Fix comment about endianness of the test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This test is for the big endian MIPS target, not for the little endian target. Signed-off-by: Thomas Huth Fixes: 79cb4a14cb6 ("tests/functional: Convert mips32eb 4Kc Malta tests") Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- tests/functional/test_mips_malta.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/functional/test_mips_malta.py b/tests/functional/test_mips_malta.py index 3b15038d89..eaf372255b 100755 --- a/tests/functional/test_mips_malta.py +++ b/tests/functional/test_mips_malta.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Functional tests for the little-endian 32-bit MIPS Malta board +# Functional tests for the big-endian 32-bit MIPS Malta board # # Copyright (c) Philippe Mathieu-Daudé # From d6f7642230f15c5e470a8988b31980ff570124f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 2 Jan 2025 17:05:10 +0100 Subject: [PATCH 6/7] licenses: Remove SPDX tags not being license identifier for Linaro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per [*]: "we're only interested in adopting SPDX for recording the licensing info, [not] any other SPDX metadata." Replace the 'SPDX-FileCopyrightText' and 'SPDX-FileContributor' tags added by Linaro by 'Copyright (c)' and 'Authors' words respectively. [*] https://lore.kernel.org/qemu-devel/20241007154548.1144961-4-berrange@redhat.com/ Inspired-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Reviewed-by: Daniel P. Berrangé Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- accel/tcg/vcpu-state.h | 9 +++++++-- hw/misc/ivshmem-flat.c | 5 +++-- include/hw/misc/ivshmem-flat.h | 5 +++-- scripts/qom-cast-macro-clean-cocci-gen.py | 7 +++++-- target/m68k/semihosting-stub.c | 7 +++++-- target/mips/tcg/system/semihosting-stub.c | 5 +++-- tests/functional/test_aarch64_sbsaref.py | 8 +++++--- tests/functional/test_aarch64_sbsaref_alpine.py | 8 +++++--- tests/functional/test_aarch64_sbsaref_freebsd.py | 8 +++++--- tests/qtest/libqos/virtio-scmi.c | 2 +- 10 files changed, 42 insertions(+), 22 deletions(-) diff --git a/accel/tcg/vcpu-state.h b/accel/tcg/vcpu-state.h index e407d914df..2e3464b5ee 100644 --- a/accel/tcg/vcpu-state.h +++ b/accel/tcg/vcpu-state.h @@ -1,6 +1,11 @@ /* - * SPDX-FileContributor: Philippe Mathieu-Daudé - * SPDX-FileCopyrightText: 2023 Linaro Ltd. + * TaskState helpers for QEMU + * + * Copyright (c) 2023 Linaro Ltd. + * + * Authors: + * Philippe Mathieu-Daudé + * * SPDX-License-Identifier: GPL-2.0-or-later */ #ifndef ACCEL_TCG_VCPU_STATE_H diff --git a/hw/misc/ivshmem-flat.c b/hw/misc/ivshmem-flat.c index 33fc9425d2..40309a8ff3 100644 --- a/hw/misc/ivshmem-flat.c +++ b/hw/misc/ivshmem-flat.c @@ -1,9 +1,10 @@ /* * Inter-VM Shared Memory Flat Device * - * SPDX-FileCopyrightText: 2023 Linaro Ltd. - * SPDX-FileContributor: Gustavo Romero * SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (c) 2023 Linaro Ltd. + * Authors: + * Gustavo Romero * */ diff --git a/include/hw/misc/ivshmem-flat.h b/include/hw/misc/ivshmem-flat.h index 97ca0ddce6..0c2b015781 100644 --- a/include/hw/misc/ivshmem-flat.h +++ b/include/hw/misc/ivshmem-flat.h @@ -1,9 +1,10 @@ /* * Inter-VM Shared Memory Flat Device * - * SPDX-FileCopyrightText: 2023 Linaro Ltd. - * SPDX-FileContributor: Gustavo Romero * SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (c) 2023 Linaro Ltd. + * Authors: + * Gustavo Romero * */ diff --git a/scripts/qom-cast-macro-clean-cocci-gen.py b/scripts/qom-cast-macro-clean-cocci-gen.py index 2fa8438a14..5aa51d0c18 100644 --- a/scripts/qom-cast-macro-clean-cocci-gen.py +++ b/scripts/qom-cast-macro-clean-cocci-gen.py @@ -13,8 +13,11 @@ # --in-place \ # --dir . # -# SPDX-FileContributor: Philippe Mathieu-Daudé -# SPDX-FileCopyrightText: 2023 Linaro Ltd. +# Copyright (c) 2023 Linaro Ltd. +# +# Authors: +# Philippe Mathieu-Daudé +# # SPDX-License-Identifier: GPL-2.0-or-later import re diff --git a/target/m68k/semihosting-stub.c b/target/m68k/semihosting-stub.c index d6a5965e29..dbe669cc5f 100644 --- a/target/m68k/semihosting-stub.c +++ b/target/m68k/semihosting-stub.c @@ -1,8 +1,11 @@ /* * m68k/ColdFire semihosting stub * - * SPDX-FileContributor: Philippe Mathieu-Daudé - * SPDX-FileCopyrightText: 2024 Linaro Ltd. + * Copyright (c) 2024 Linaro Ltd. + * + * Authors: + * Philippe Mathieu-Daudé + * * SPDX-License-Identifier: GPL-2.0-or-later */ diff --git a/target/mips/tcg/system/semihosting-stub.c b/target/mips/tcg/system/semihosting-stub.c index 7ae27d746f..bb1f7aae62 100644 --- a/target/mips/tcg/system/semihosting-stub.c +++ b/target/mips/tcg/system/semihosting-stub.c @@ -1,9 +1,10 @@ /* * MIPS semihosting stub * - * SPDX-FileContributor: Philippe Mathieu-Daudé - * SPDX-FileCopyrightText: 2024 Linaro Ltd. * SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (c) 2024 Linaro Ltd. + * Authors: + * Philippe Mathieu-Daudé */ #include "qemu/osdep.h" diff --git a/tests/functional/test_aarch64_sbsaref.py b/tests/functional/test_aarch64_sbsaref.py index 99cfb6f29a..e6a55aecfa 100755 --- a/tests/functional/test_aarch64_sbsaref.py +++ b/tests/functional/test_aarch64_sbsaref.py @@ -2,9 +2,11 @@ # # Functional test that boots a kernel and checks the console # -# SPDX-FileCopyrightText: 2023-2024 Linaro Ltd. -# SPDX-FileContributor: Philippe Mathieu-Daudé -# SPDX-FileContributor: Marcin Juszkiewicz +# Copyright (c) 2023-2024 Linaro Ltd. +# +# Authors: +# Philippe Mathieu-Daudé +# Marcin Juszkiewicz # # SPDX-License-Identifier: GPL-2.0-or-later diff --git a/tests/functional/test_aarch64_sbsaref_alpine.py b/tests/functional/test_aarch64_sbsaref_alpine.py index 6dbc90f30e..9faf066d18 100755 --- a/tests/functional/test_aarch64_sbsaref_alpine.py +++ b/tests/functional/test_aarch64_sbsaref_alpine.py @@ -2,9 +2,11 @@ # # Functional test that boots a kernel and checks the console # -# SPDX-FileCopyrightText: 2023-2024 Linaro Ltd. -# SPDX-FileContributor: Philippe Mathieu-Daudé -# SPDX-FileContributor: Marcin Juszkiewicz +# Copyright (c) 2023-2024 Linaro Ltd. +# +# Authors: +# Philippe Mathieu-Daudé +# Marcin Juszkiewicz # # SPDX-License-Identifier: GPL-2.0-or-later diff --git a/tests/functional/test_aarch64_sbsaref_freebsd.py b/tests/functional/test_aarch64_sbsaref_freebsd.py index 77ba2ba1da..8dcb4991c3 100755 --- a/tests/functional/test_aarch64_sbsaref_freebsd.py +++ b/tests/functional/test_aarch64_sbsaref_freebsd.py @@ -2,9 +2,11 @@ # # Functional test that boots a kernel and checks the console # -# SPDX-FileCopyrightText: 2023-2024 Linaro Ltd. -# SPDX-FileContributor: Philippe Mathieu-Daudé -# SPDX-FileContributor: Marcin Juszkiewicz +# Copyright (c) 2023-2024 Linaro Ltd. +# +# Authors: +# Philippe Mathieu-Daudé +# Marcin Juszkiewicz # # SPDX-License-Identifier: GPL-2.0-or-later diff --git a/tests/qtest/libqos/virtio-scmi.c b/tests/qtest/libqos/virtio-scmi.c index ce8f4d5c06..6b5bd4db42 100644 --- a/tests/qtest/libqos/virtio-scmi.c +++ b/tests/qtest/libqos/virtio-scmi.c @@ -1,7 +1,7 @@ /* * virtio-scmi nodes for testing * - * SPDX-FileCopyrightText: Linaro Ltd + * Copyright (c) Linaro Ltd. * SPDX-FileCopyrightText: Red Hat, Inc. * SPDX-License-Identifier: GPL-2.0-or-later * From 6a784f12000582b9f0f40fadc967ad474fc27c7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 16 Jan 2025 00:22:27 +0100 Subject: [PATCH 7/7] hw/i386/pc: Remove unused pc_compat_2_3 declarations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We removed the implementations in commit 46a2bd52571 ("hw/i386/pc: Remove deprecated pc-i440fx-2.3 machine") but forgot to remove the declarations. Do it now. Fixes: 46a2bd52571 ("hw/i386/pc: Remove deprecated pc-i440fx-2.3 machine") Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Reviewed-by: Richard Henderson Reviewed-by: Thomas Huth Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- include/hw/i386/pc.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index a558705cb9..103b54301f 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -302,9 +302,6 @@ extern const size_t pc_compat_2_5_len; extern GlobalProperty pc_compat_2_4[]; extern const size_t pc_compat_2_4_len; -extern GlobalProperty pc_compat_2_3[]; -extern const size_t pc_compat_2_3_len; - #define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ static void pc_machine_##suffix##_class_init(ObjectClass *oc, void *data) \ { \