From bc38e31b4e0366f3a70c0939abde4c3dd6e0fa30 Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Fri, 23 Apr 2021 11:18:03 +0800 Subject: [PATCH 1/4] net: check the existence of peer before trying to pad There could be case that peer is NULL. This can happen when during network device hot-add where net device needs to be added first. So the patch check the existence of peer before trying to do the pad. Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP") Signed-off-by: Jason Wang Reviewed-by: Bin Meng Reviewed-by: Stefan Weil Message-id: 20210423031803.1479-1-jasowang@redhat.com Signed-off-by: Peter Maydell --- include/net/net.h | 5 +++++ net/slirp.c | 2 +- net/tap-win32.c | 2 +- net/tap.c | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/net/net.h b/include/net/net.h index eff24519d2..1ef536d771 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len); .offset = vmstate_offset_macaddr(_state, _field), \ } +static inline bool net_peer_needs_padding(NetClientState *nc) +{ + return nc->peer && !nc->peer->do_not_pad; +} + #endif diff --git a/net/slirp.c b/net/slirp.c index a01a0fccd3..7a4e96db5c 100644 --- a/net/slirp.c +++ b/net/slirp.c @@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void *pkt, size_t pkt_len, uint8_t min_pkt[ETH_ZLEN]; size_t min_pktsz = sizeof(min_pkt); - if (!s->nc.peer->do_not_pad) { + if (net_peer_needs_padding(&s->nc)) { if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) { pkt = min_pkt; pkt_len = min_pktsz; diff --git a/net/tap-win32.c b/net/tap-win32.c index 897bd18e32..6096972f5d 100644 --- a/net/tap-win32.c +++ b/net/tap-win32.c @@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque) if (size > 0) { orig_buf = buf; - if (!s->nc.peer->do_not_pad) { + if (net_peer_needs_padding(&s->nc)) { if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) { buf = min_pkt; size = min_pktsz; diff --git a/net/tap.c b/net/tap.c index dd42ac6134..bae895e287 100644 --- a/net/tap.c +++ b/net/tap.c @@ -203,7 +203,7 @@ static void tap_send(void *opaque) size -= s->host_vnet_hdr_len; } - if (!s->nc.peer->do_not_pad) { + if (net_peer_needs_padding(&s->nc)) { if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) { buf = min_pkt; size = min_pktsz; From ffa090bc56e73e287a63261e70ac02c0970be61a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Thu, 22 Apr 2021 16:44:27 +0100 Subject: [PATCH 2/4] target/s390x: fix s390_probe_access to check PAGE_WRITE_ORG for writeability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We can remove PAGE_WRITE when (internally) marking a page read-only because it contains translated code. This can get confused when we are executing signal return code on signal stacks. Fixes: e56552cf07 ("target/s390x: Implement the MVPG condition-code-option bit") Found-by: Richard Henderson Signed-off-by: Alex Bennée Reviewed-by: Richard Henderson Reviewed-by: David Hildenbrand Message-id: 20210422154427.13038-1-alex.bennee@linaro.org Cc: Cornelia Huck Cc: Thomas Huth Cc: David Hildenbrand Cc: Laurent Vivier Signed-off-by: Peter Maydell --- target/s390x/mem_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 12e84a4285..f6a7d29273 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -145,7 +145,7 @@ static int s390_probe_access(CPUArchState *env, target_ulong addr, int size, #if defined(CONFIG_USER_ONLY) flags = page_get_flags(addr); - if (!(flags & (access_type == MMU_DATA_LOAD ? PAGE_READ : PAGE_WRITE))) { + if (!(flags & (access_type == MMU_DATA_LOAD ? PAGE_READ : PAGE_WRITE_ORG))) { env->__excp_addr = addr; flags = (flags & PAGE_VALID) ? PGM_PROTECTION : PGM_ADDRESSING; if (nonfault) { From 5351fb7cb2caf81bccbfd5ee4228106cadc56e3c Mon Sep 17 00:00:00 2001 From: Klaus Jensen Date: Fri, 23 Apr 2021 07:21:26 +0200 Subject: [PATCH 3/4] hw/block/nvme: fix invalid msix exclusive uninit Commit 1901b4967c3f changed the nvme device from using a bar exclusive for MSI-x to sharing it on bar0. Unfortunately, the msix_uninit_exclusive_bar() call remains in nvme_exit() which causes havoc when the device is removed with, say, device_del. Fix this. Additionally, a subregion is added but it is not removed on exit which causes a reference to linger and the drive to never be unlocked. Fixes: 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0") Signed-off-by: Klaus Jensen Reviewed-by: Michael S. Tsirkin Signed-off-by: Peter Maydell --- hw/block/nvme.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/block/nvme.c b/hw/block/nvme.c index 624a1431d0..5fe082ec34 100644 --- a/hw/block/nvme.c +++ b/hw/block/nvme.c @@ -6235,7 +6235,8 @@ static void nvme_exit(PCIDevice *pci_dev) if (n->pmr.dev) { host_memory_backend_set_mapped(n->pmr.dev, false); } - msix_uninit_exclusive_bar(pci_dev); + msix_uninit(pci_dev, &n->bar0, &n->bar0); + memory_region_del_subregion(&n->bar0, &n->iomem); } static Property nvme_props[] = { From 0cef06d18762374c94eb4d511717a4735d668a24 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 26 Apr 2021 16:24:54 +0100 Subject: [PATCH 4/4] Update version for v6.0.0-rc5 release Signed-off-by: Peter Maydell --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 177012088c..e479d55a5e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.2.94 +5.2.95