From 9f8981a91d9016a0e556d153b2a815f89f9096f0 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 23 May 2023 13:04:31 +0200 Subject: [PATCH 01/15] hw/hppa: Use MachineClass->default_nic in the hppa machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Message-Id: <20230523110435.1375774-2-thuth@redhat.com> Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth --- hw/hppa/machine.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c index 8fea5fa6b8..b00a91ecfe 100644 --- a/hw/hppa/machine.c +++ b/hw/hppa/machine.c @@ -177,6 +177,7 @@ static void machine_hppa_init(MachineState *machine) const char *kernel_filename = machine->kernel_filename; const char *kernel_cmdline = machine->kernel_cmdline; const char *initrd_filename = machine->initrd_filename; + MachineClass *mc = MACHINE_GET_CLASS(machine); DeviceState *dev, *dino_dev, *lasi_dev; PCIBus *pci_bus; ISABus *isa_bus; @@ -272,7 +273,7 @@ static void machine_hppa_init(MachineState *machine) for (i = 0; i < nb_nics; i++) { if (!enable_lasi_lan()) { - pci_nic_init_nofail(&nd_table[i], pci_bus, "tulip", NULL); + pci_nic_init_nofail(&nd_table[i], pci_bus, mc->default_nic, NULL); } } @@ -462,6 +463,7 @@ static void hppa_machine_init_class_init(ObjectClass *oc, void *data) mc->default_ram_size = 512 * MiB; mc->default_boot_order = "cd"; mc->default_ram_id = "ram"; + mc->default_nic = "tulip"; nc->nmi_monitor_handler = hppa_nmi; } From cdd684b8e1cb7cfa5818d9eb7b9eaa9b7b4d717e Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 23 May 2023 13:04:32 +0200 Subject: [PATCH 02/15] hw/alpha: Use MachineClass->default_nic in the alpha machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Message-Id: <20230523110435.1375774-3-thuth@redhat.com> Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth --- hw/alpha/dp264.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c index 4161f559a7..03495e1e60 100644 --- a/hw/alpha/dp264.c +++ b/hw/alpha/dp264.c @@ -49,6 +49,7 @@ static void clipper_init(MachineState *machine) const char *kernel_filename = machine->kernel_filename; const char *kernel_cmdline = machine->kernel_cmdline; const char *initrd_filename = machine->initrd_filename; + MachineClass *mc = MACHINE_GET_CLASS(machine); AlphaCPU *cpus[4]; PCIBus *pci_bus; PCIDevice *pci_dev; @@ -124,7 +125,7 @@ static void clipper_init(MachineState *machine) /* Network setup. e1000 is good enough, failing Tulip support. */ for (i = 0; i < nb_nics; i++) { - pci_nic_init_nofail(&nd_table[i], pci_bus, "e1000", NULL); + pci_nic_init_nofail(&nd_table[i], pci_bus, mc->default_nic, NULL); } /* Super I/O */ @@ -213,6 +214,7 @@ static void clipper_machine_init(MachineClass *mc) mc->is_default = true; mc->default_cpu_type = ALPHA_CPU_TYPE_NAME("ev67"); mc->default_ram_id = "ram"; + mc->default_nic = "e1000"; } DEFINE_MACHINE("clipper", clipper_machine_init) From 50989d04d669a073c67d560583460ff4f8531547 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 23 May 2023 13:04:33 +0200 Subject: [PATCH 03/15] hw/arm: Use MachineClass->default_nic in the virt machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Message-Id: <20230523110435.1375774-4-thuth@redhat.com> Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth --- hw/arm/virt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index b99ae18501..9b9f7d9c68 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1426,6 +1426,7 @@ static void create_pcie(VirtMachineState *vms) int i, ecam_id; PCIHostState *pci; MachineState *ms = MACHINE(vms); + MachineClass *mc = MACHINE_GET_CLASS(ms); dev = qdev_new(TYPE_GPEX_HOST); sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); @@ -1479,7 +1480,7 @@ static void create_pcie(VirtMachineState *vms) NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci->bus, nd->model, NULL); @@ -3033,6 +3034,7 @@ static void virt_machine_class_init(ObjectClass *oc, void *data) mc->auto_enable_numa_with_memhp = true; mc->auto_enable_numa_with_memdev = true; mc->default_ram_id = "mach-virt.ram"; + mc->default_nic = "virtio-net-pci"; object_class_property_add(oc, "acpi", "OnOffAuto", virt_get_acpi, virt_set_acpi, From 240294cac71c741bccdd0e22e21b72eea5b44ff9 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 23 May 2023 13:04:34 +0200 Subject: [PATCH 04/15] hw/loongarch64: Use MachineClass->default_nic in the virt machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Message-Id: <20230523110435.1375774-5-thuth@redhat.com> Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Reviewed-by: Song Gao Tested-by: Song Gao Signed-off-by: Thomas Huth --- hw/loongarch/virt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c index 2b7588e32a..ceddec1b23 100644 --- a/hw/loongarch/virt.c +++ b/hw/loongarch/virt.c @@ -474,6 +474,7 @@ static DeviceState *create_platform_bus(DeviceState *pch_pic) static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState *lams) { + MachineClass *mc = MACHINE_GET_CLASS(lams); DeviceState *gpex_dev; SysBusDevice *d; PCIBus *pci_bus; @@ -528,7 +529,7 @@ static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState * NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci_bus, nd->model, NULL); @@ -1038,6 +1039,7 @@ static void loongarch_class_init(ObjectClass *oc, void *data) mc->default_boot_order = "c"; mc->no_cdrom = 1; mc->get_hotplug_handler = virt_machine_get_hotplug_handler; + mc->default_nic = "virtio-net-pci"; hc->plug = loongarch_machine_device_plug_cb; hc->pre_plug = virt_machine_device_pre_plug; hc->unplug_request = virt_machine_device_unplug_request; From 69720ff2286ecd2d1e3dc9100141a1befe726262 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 23 May 2023 13:04:35 +0200 Subject: [PATCH 05/15] hw/xtensa: Use MachineClass->default_nic in the virt machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Message-Id: <20230523110435.1375774-6-thuth@redhat.com> Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth --- hw/xtensa/virt.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/hw/xtensa/virt.c b/hw/xtensa/virt.c index a18e3fc910..b87f842e74 100644 --- a/hw/xtensa/virt.c +++ b/hw/xtensa/virt.c @@ -38,7 +38,8 @@ #include "xtensa_memory.h" #include "xtensa_sim.h" -static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base) +static void create_pcie(MachineState *ms, CPUXtensaState *env, int irq_base, + hwaddr addr_base) { hwaddr base_ecam = addr_base + 0x00100000; hwaddr size_ecam = 0x03f00000; @@ -54,6 +55,7 @@ static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base) MemoryRegion *mmio_alias; MemoryRegion *mmio_reg; + MachineClass *mc = MACHINE_GET_CLASS(ms); DeviceState *dev; PCIHostState *pci; qemu_irq *extints; @@ -104,7 +106,7 @@ static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base) NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci->bus, nd->model, NULL); @@ -117,7 +119,7 @@ static void xtensa_virt_init(MachineState *machine) XtensaCPU *cpu = xtensa_sim_common_init(machine); CPUXtensaState *env = &cpu->env; - create_pcie(env, 0, 0xf0000000); + create_pcie(machine, env, 0, 0xf0000000); xtensa_sim_load_kernel(cpu, machine); } @@ -127,6 +129,7 @@ static void xtensa_virt_machine_init(MachineClass *mc) mc->init = xtensa_virt_init; mc->max_cpus = 32; mc->default_cpu_type = XTENSA_DEFAULT_CPU_TYPE; + mc->default_nic = "virtio-net-pci"; } DEFINE_MACHINE("virt", xtensa_virt_machine_init) From 611eda5981c1c07d4f0841f5aca64d26d70da641 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 23 May 2023 16:41:56 +0200 Subject: [PATCH 06/15] hw/arm: Use MachineClass->default_nic in the sbsa-ref machine Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Message-Id: <20230524082037.1620952-1-thuth@redhat.com> Reviewed-by: Richard Henderson Tested-by: Marcin Juszkiewicz Signed-off-by: Thomas Huth --- hw/arm/sbsa-ref.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index 792371fdce..9c3e670ec6 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -596,6 +596,7 @@ static void create_pcie(SBSAMachineState *sms) hwaddr size_mmio_high = sbsa_ref_memmap[SBSA_PCIE_MMIO_HIGH].size; hwaddr base_pio = sbsa_ref_memmap[SBSA_PCIE_PIO].base; int irq = sbsa_ref_irqmap[SBSA_PCIE]; + MachineClass *mc = MACHINE_GET_CLASS(sms); MemoryRegion *mmio_alias, *mmio_alias_high, *mmio_reg; MemoryRegion *ecam_alias, *ecam_reg; DeviceState *dev; @@ -641,7 +642,7 @@ static void create_pcie(SBSAMachineState *sms) NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("e1000e"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci->bus, nd->model, NULL); @@ -858,6 +859,7 @@ static void sbsa_ref_class_init(ObjectClass *oc, void *data) mc->minimum_page_bits = 12; mc->block_default_type = IF_IDE; mc->no_cdrom = 1; + mc->default_nic = "e1000e"; mc->default_ram_size = 1 * GiB; mc->default_ram_id = "sbsa-ref.ram"; mc->default_cpus = 4; From bdc20bf5d1a750003f36d0c9e1b6065b61af5f2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Wed, 24 May 2023 14:25:59 +0200 Subject: [PATCH 07/15] hw/mips: Use MachineClass->default_nic in the virt machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the default NIC via the new MachineClass->default_nic setting so that the machine-defaults code in vl.c can decide whether the default NIC is usable or not (for example when compiling with the "--without-default-devices" configure switch). Inspired-by: Thomas Huth Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20230524122559.28863-1-philmd@linaro.org> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- hw/mips/loongson3_virt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/mips/loongson3_virt.c b/hw/mips/loongson3_virt.c index 25534288dd..216812f660 100644 --- a/hw/mips/loongson3_virt.c +++ b/hw/mips/loongson3_virt.c @@ -406,6 +406,7 @@ static inline void loongson3_virt_devices_init(MachineState *machine, PCIBus *pci_bus; DeviceState *dev; MemoryRegion *mmio_reg, *ecam_reg; + MachineClass *mc = MACHINE_GET_CLASS(machine); LoongsonMachineState *s = LOONGSON_MACHINE(machine); dev = qdev_new(TYPE_GPEX_HOST); @@ -456,7 +457,7 @@ static inline void loongson3_virt_devices_init(MachineState *machine, NICInfo *nd = &nd_table[i]; if (!nd->model) { - nd->model = g_strdup("virtio"); + nd->model = g_strdup(mc->default_nic); } pci_nic_init_nofail(nd, pci_bus, nd->model, NULL); @@ -619,6 +620,7 @@ static void loongson3v_machine_class_init(ObjectClass *oc, void *data) mc->default_ram_size = 1600 * MiB; mc->kvm_type = mips_kvm_type; mc->minimum_page_bits = 14; + mc->default_nic = "virtio-net-pci"; } static const TypeInfo loongson3_machine_types[] = { From 54c8ff27f60dfef7909b4a4a5a9ed96fc2ce8197 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 25 May 2023 10:10:13 +0200 Subject: [PATCH 08/15] tests/qtest/usb-hcd-uhci-test: Check whether "usb-storage" is available The "usb-storage" device might not have been compiled into the binary (e.g. when compiling with "--without-default-devices"), so we have to check first before using it. Message-Id: <20230525081016.1870364-2-thuth@redhat.com> Reviewed-by: Ani Sinha Signed-off-by: Thomas Huth --- tests/qtest/usb-hcd-uhci-test.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/qtest/usb-hcd-uhci-test.c b/tests/qtest/usb-hcd-uhci-test.c index 84ac2f3c1a..28751f53da 100644 --- a/tests/qtest/usb-hcd-uhci-test.c +++ b/tests/qtest/usb-hcd-uhci-test.c @@ -74,7 +74,9 @@ int main(int argc, char **argv) qtest_add_func("/uhci/pci/init", test_uhci_init); qtest_add_func("/uhci/pci/port1", test_port_1); qtest_add_func("/uhci/pci/hotplug", test_uhci_hotplug); - qtest_add_func("/uhci/pci/hotplug/usb-storage", test_usb_storage_hotplug); + if (qtest_has_device("usb-storage")) { + qtest_add_func("/uhci/pci/hotplug/usb-storage", test_usb_storage_hotplug); + } if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { qs = qtest_pc_boot("%s", cmd); From 8c730de717f431868919f2a8323442b8bd77545e Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 25 May 2023 10:10:14 +0200 Subject: [PATCH 09/15] tests/qtest: Check for virtio-blk before using -cdrom with the arm virt machine The arm "virt" machine needs "virtio-blk-pci" for devices that get attached via the "-cdrom" option. Since this is an optional device that might not be available in the binary, we should check for the availability of this device first before using it. Message-Id: <20230525081016.1870364-3-thuth@redhat.com> Reviewed-by: Fabiano Rosas Signed-off-by: Thomas Huth --- tests/qtest/bios-tables-test.c | 2 +- tests/qtest/cdrom-test.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index 159e4edb8f..ed1c69cf01 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -2164,7 +2164,7 @@ int main(int argc, char *argv[]) } } } else if (strcmp(arch, "aarch64") == 0) { - if (has_tcg) { + if (has_tcg && qtest_has_device("virtio-blk-pci")) { qtest_add_func("acpi/virt", test_acpi_virt_tcg); qtest_add_func("acpi/virt/acpihmatvirt", test_acpi_virt_tcg_acpi_hmat); diff --git a/tests/qtest/cdrom-test.c b/tests/qtest/cdrom-test.c index d1cc375849..f2a8d91929 100644 --- a/tests/qtest/cdrom-test.c +++ b/tests/qtest/cdrom-test.c @@ -264,9 +264,13 @@ int main(int argc, char **argv) const char *armmachines[] = { "realview-eb", "realview-eb-mpcore", "realview-pb-a8", "realview-pbx-a9", "versatileab", "versatilepb", "vexpress-a15", - "vexpress-a9", "virt", NULL + "vexpress-a9", NULL }; add_cdrom_param_tests(armmachines); + if (qtest_has_device("virtio-blk-pci")) { + const char *virtmachine[] = { "virt", NULL }; + add_cdrom_param_tests(virtmachine); + } } else { const char *nonemachine[] = { "none", NULL }; add_cdrom_param_tests(nonemachine); From f5af1dad564d76121c810330824d5e0a1f6294d4 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 25 May 2023 10:10:15 +0200 Subject: [PATCH 10/15] tests/qtest/rtl8139-test: Check whether the rtl8139 device is available Though we are already using CONFIG_RTL8139_PCI in the meson.build file for testing whether the rtl8139 device is available or not, this is not enough: The CONFIG switch might have been selected by another target (e.g. the mips fuloong2e machine has the rtl8139 chip soldered on the board), so CONFIG_RTL8139_PCI ends up in config_all_devices and the test then gets executed on x86. We need an additional run-time check to be on the safe side to make this test also work when configure has been run with "--without-default-devices". Message-Id: <20230525081016.1870364-4-thuth@redhat.com> Reviewed-by: Fabiano Rosas Signed-off-by: Thomas Huth --- tests/qtest/rtl8139-test.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/qtest/rtl8139-test.c b/tests/qtest/rtl8139-test.c index 4bd240e9ee..4dc0a0d22e 100644 --- a/tests/qtest/rtl8139-test.c +++ b/tests/qtest/rtl8139-test.c @@ -209,6 +209,10 @@ int main(int argc, char **argv) g_test_init(&argc, &argv, NULL); + if (!qtest_has_device("rtl8139")) { + return 0; + } + qtest_start("-device rtl8139"); qtest_add_func("/rtl8139/nop", nop); From 5af3438a7c2ff846dec31dbe85163d9f71281445 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Thu, 25 May 2023 10:10:16 +0200 Subject: [PATCH 11/15] tests/qtest/usb-hcd-ehci-test: Check for EHCI and UHCI HCDs before using them The devices might not be available in the binary (e.g. when compiling with "--without-default-devices"), so we have to check before we can use them. Message-Id: <20230525081016.1870364-5-thuth@redhat.com> Reviewed-by: Ani Sinha Signed-off-by: Thomas Huth --- tests/qtest/usb-hcd-ehci-test.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/qtest/usb-hcd-ehci-test.c b/tests/qtest/usb-hcd-ehci-test.c index c51e8bb223..87e37cdd7c 100644 --- a/tests/qtest/usb-hcd-ehci-test.c +++ b/tests/qtest/usb-hcd-ehci-test.c @@ -149,6 +149,11 @@ int main(int argc, char **argv) g_test_init(&argc, &argv, NULL); + if (!qtest_has_device("ich9-usb-ehci1") || + !qtest_has_device("ich9-usb-uhci1")) { + return 0; + } + qtest_add_func("/ehci/pci/uhci-port-1", pci_uhci_port_1); qtest_add_func("/ehci/pci/ehci-port-1", pci_ehci_port_1); qtest_add_func("/ehci/pci/ehci-config", pci_ehci_config); From 031616cd75ea1cea40eb130f4f4e900aeb0b2be4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Sat, 20 May 2023 13:33:13 +0200 Subject: [PATCH 12/15] tests/qtest/ac97-test: add up-/downsampling tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test if the audio subsystem can handle extreme up- and down- sampling ratios like 44100/1 and 1/44100. For some time these used to trigger QEMU aborts. The test was taken from https://gitlab.com/qemu-project/qemu/-/issues/71 where it was used to demonstrate a very different issue. Suggested-by: Marc-André Lureau Signed-off-by: Volker Rümelin Message-Id: <20230520113313.5177-1-vr_qemu@t-online.de> Signed-off-by: Thomas Huth --- tests/qtest/ac97-test.c | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/tests/qtest/ac97-test.c b/tests/qtest/ac97-test.c index 74103efdfa..b71bd60a8a 100644 --- a/tests/qtest/ac97-test.c +++ b/tests/qtest/ac97-test.c @@ -42,16 +42,54 @@ static void *ac97_create(void *pci_bus, QGuestAllocator *alloc, void *addr) return &ac97->obj; } +/* + * This is rather a test of the audio subsystem and not an AC97 test. Test if + * the audio subsystem can handle a 44100/1 upsample ratio. For some time this + * used to trigger QEMU aborts. + */ +static void ac97_playback_upsample(void *obj, void *data, QGuestAllocator *alloc) +{ + QAC97 *ac97 = obj; + QPCIDevice *dev = &ac97->dev; + QPCIBar bar0; + + qpci_device_enable(dev); + bar0 = qpci_iomap(dev, 0, NULL); + /* IOBAR0 offset 0x2c: PCM Front DAC Rate */ + qpci_io_writew(dev, bar0, 0x2c, 0x1); +} + +/* + * This test is similar to the playback upsample test. QEMU shouldn't abort if + * asked for a 1/44100 downsample ratio. + */ +static void ac97_record_downsample(void *obj, void *data, QGuestAllocator *alloc) +{ + QAC97 *ac97 = obj; + QPCIDevice *dev = &ac97->dev; + QPCIBar bar0; + + qpci_device_enable(dev); + bar0 = qpci_iomap(dev, 0, NULL); + /* IOBAR0 offset 0x32: PCM L/R ADC Rate */ + qpci_io_writew(dev, bar0, 0x32, 0x1); +} + static void ac97_register_nodes(void) { QOSGraphEdgeOptions opts = { - .extra_device_opts = "addr=04.0", + .extra_device_opts = "addr=04.0,audiodev=snd0", + .after_cmd_line = "-audiodev none,id=snd0" + ",out.frequency=44100,in.frequency=44100", }; add_qpci_address(&opts, &(QPCIAddress) { .devfn = QPCI_DEVFN(4, 0) }); qos_node_create_driver("AC97", ac97_create); qos_node_produces("AC97", "pci-device"); qos_node_consumes("AC97", "pci-bus", &opts); + + qos_add_test("playback_upsample", "AC97", ac97_playback_upsample, NULL); + qos_add_test("record_downsample", "AC97", ac97_record_downsample, NULL); } libqos_init(ac97_register_nodes); From a37531f2381c4e294e48b1417089474128388b44 Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Mon, 22 May 2023 15:17:17 +0200 Subject: [PATCH 13/15] machine: do not crash if default RAM backend name has been stolen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit QEMU aborts when default RAM backend should be used (i.e. no explicit '-machine memory-backend=' specified) but user has created an object which 'id' equals to default RAM backend name used by board. $QEMU -machine pc \ -object memory-backend-ram,id=pc.ram,size=4294967296 Actual results: QEMU 7.2.0 monitor - type 'help' for more information (qemu) Unexpected error in object_property_try_add() at ../qom/object.c:1239: qemu-kvm: attempt to add duplicate property 'pc.ram' to object (type 'container') Aborted (core dumped) Instead of abort, check for the conflicting 'id' and exit with an error, suggesting how to remedy the issue. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2207886 Signed-off-by: Igor Mammedov Message-Id: <20230522131717.3780533-1-imammedo@redhat.com> Tested-by: Thomas Huth Reviewed-by: Thomas Huth Reviewed-by: Shaoqin Huang Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth --- hw/core/machine.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index 07f763eb2e..1000406211 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1338,6 +1338,14 @@ void machine_run_board_init(MachineState *machine, const char *mem_path, Error * } } else if (machine_class->default_ram_id && machine->ram_size && numa_uses_legacy_mem()) { + if (object_property_find(object_get_objects_root(), + machine_class->default_ram_id)) { + error_setg(errp, "object name '%s' is reserved for the default" + " RAM backend, it can't be used for any other purposes." + " Change the object's 'id' to something else", + machine_class->default_ram_id); + return; + } if (!create_default_memdev(current_machine, mem_path, errp)) { return; } From d139fe9ad8a27bcc50b4ead77d2f97d191a0e95e Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Tue, 16 May 2023 11:05:56 +0200 Subject: [PATCH 14/15] lsi53c895a: disable reentrancy detection for MMIO region, too While trying to use a SCSI disk on the LSI controller with an older version of Fedora (25), I'm getting: qemu: warning: Blocked re-entrant IO on MemoryRegion: lsi-mmio at addr: 0x34 and the SCSI controller is not usable. Seems like we have to disable the reentrancy checker for the MMIO region, too, to get this working again. The problem could be reproduced it like this: ./qemu-system-x86_64 -accel kvm -m 2G -machine q35 \ -device lsi53c810,id=lsi1 -device scsi-hd,drive=d0 \ -drive if=none,id=d0,file=.../somedisk.qcow2 \ -cdrom Fedora-Everything-netinst-i386-25-1.3.iso Where somedisk.qcow2 is an image that contains already some partitions and file systems. In the boot menu of Fedora, go to "Troubleshooting" -> "Rescue a Fedora system" -> "3) Skip to shell" Then check "dmesg | grep -i 53c" for failure messages, and try to mount a partition from somedisk.qcow2. Message-Id: <20230516090556.553813-1-thuth@redhat.com> Signed-off-by: Thomas Huth --- hw/scsi/lsi53c895a.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index db27872963..048436352b 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -2307,6 +2307,7 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp) * re-entrancy guard. */ s->ram_io.disable_reentrancy_guard = true; + s->mmio_io.disable_reentrancy_guard = true; address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); qdev_init_gpio_out(d, &s->ext_irq, 1); From b987718bbb1d0eabf95499b976212dd5f0120d75 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 22 May 2023 11:10:11 +0200 Subject: [PATCH 15/15] hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) We cannot use the generic reentrancy guard in the LSI code, so we have to manually prevent endless reentrancy here. The problematic lsi_execute_script() function has already a way to detect whether too many instructions have been executed - we just have to slightly change the logic here that it also takes into account if the function has been called too often in a reentrant way. The code in fuzz-lsi53c895a-test.c has been taken from an earlier patch by Mauro Matteo Cascella. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1563 Message-Id: <20230522091011.1082574-1-thuth@redhat.com> Reviewed-by: Stefan Hajnoczi Reviewed-by: Alexander Bulekov Signed-off-by: Thomas Huth --- hw/scsi/lsi53c895a.c | 23 +++++++++++++++------ tests/qtest/fuzz-lsi53c895a-test.c | 33 ++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 048436352b..f7d45b0b20 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1134,15 +1134,24 @@ static void lsi_execute_script(LSIState *s) uint32_t addr, addr_high; int opcode; int insn_processed = 0; + static int reentrancy_level; + + reentrancy_level++; s->istat1 |= LSI_ISTAT1_SRUN; again: - if (++insn_processed > LSI_MAX_INSN) { - /* Some windows drivers make the device spin waiting for a memory - location to change. If we have been executed a lot of code then - assume this is the case and force an unexpected device disconnect. - This is apparently sufficient to beat the drivers into submission. - */ + /* + * Some windows drivers make the device spin waiting for a memory location + * to change. If we have executed more than LSI_MAX_INSN instructions then + * assume this is the case and force an unexpected device disconnect. This + * is apparently sufficient to beat the drivers into submission. + * + * Another issue (CVE-2023-0330) can occur if the script is programmed to + * trigger itself again and again. Avoid this problem by stopping after + * being called multiple times in a reentrant way (8 is an arbitrary value + * which should be enough for all valid use cases). + */ + if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) { if (!(s->sien0 & LSI_SIST0_UDC)) { qemu_log_mask(LOG_GUEST_ERROR, "lsi_scsi: inf. loop with UDC masked"); @@ -1596,6 +1605,8 @@ again: } } trace_lsi_execute_script_stop(); + + reentrancy_level--; } static uint8_t lsi_reg_readb(LSIState *s, int offset) diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c index 2012bd54b7..1b55928b9f 100644 --- a/tests/qtest/fuzz-lsi53c895a-test.c +++ b/tests/qtest/fuzz-lsi53c895a-test.c @@ -8,6 +8,36 @@ #include "qemu/osdep.h" #include "libqtest.h" +/* + * This used to trigger a DMA reentrancy issue + * leading to memory corruption bugs like stack + * overflow or use-after-free + * https://gitlab.com/qemu-project/qemu/-/issues/1563 + */ +static void test_lsi_dma_reentrancy(void) +{ + QTestState *s; + + s = qtest_init("-M q35 -m 512M -nodefaults " + "-blockdev driver=null-co,node-name=null0 " + "-device lsi53c810 -device scsi-cd,drive=null0"); + + qtest_outl(s, 0xcf8, 0x80000804); /* PCI Command Register */ + qtest_outw(s, 0xcfc, 0x7); /* Enables accesses */ + qtest_outl(s, 0xcf8, 0x80000814); /* Memory Bar 1 */ + qtest_outl(s, 0xcfc, 0xff100000); /* Set MMIO Address*/ + qtest_outl(s, 0xcf8, 0x80000818); /* Memory Bar 2 */ + qtest_outl(s, 0xcfc, 0xff000000); /* Set RAM Address*/ + qtest_writel(s, 0xff000000, 0xc0000024); + qtest_writel(s, 0xff000114, 0x00000080); + qtest_writel(s, 0xff00012c, 0xff000000); + qtest_writel(s, 0xff000004, 0xff000114); + qtest_writel(s, 0xff000008, 0xff100014); + qtest_writel(s, 0xff10002f, 0x000000ff); + + qtest_quit(s); +} + /* * This used to trigger a UAF in lsi_do_msgout() * https://gitlab.com/qemu-project/qemu/-/issues/972 @@ -124,5 +154,8 @@ int main(int argc, char **argv) qtest_add_func("fuzz/lsi53c895a/lsi_do_msgout_cancel_req", test_lsi_do_msgout_cancel_req); + qtest_add_func("fuzz/lsi53c895a/lsi_dma_reentrancy", + test_lsi_dma_reentrancy); + return g_test_run(); }