From 8aedc369c6ae4fb4c4c6920f703b000015df3d8d Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Thu, 9 Jul 2015 13:01:14 +0200 Subject: [PATCH 1/4] qdev: fix 64 bit properties 64 bit props used 32 bit callbacks in two places, leading to broken feature bits on virtio (example: got 0x31000000000006d4 which is obviously bogus). Fix this. Fixes: fdba6d96 ("qdev: add 64bit properties") Signed-off-by: Cornelia Huck Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Tested-by: Christian Borntraeger Acked-by: Paolo Bonzini --- hw/core/qdev-properties.c | 2 +- include/hw/qdev-properties.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c index e9e686f260..04fd80a4de 100644 --- a/hw/core/qdev-properties.c +++ b/hw/core/qdev-properties.c @@ -130,7 +130,7 @@ PropertyInfo qdev_prop_bit = { static uint64_t qdev_get_prop_mask64(Property *prop) { - assert(prop->info == &qdev_prop_bit); + assert(prop->info == &qdev_prop_bit64); return 0x1ull << prop->bitnr; } diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h index 0cfff1c77c..77538a8ca2 100644 --- a/include/hw/qdev-properties.h +++ b/include/hw/qdev-properties.h @@ -53,7 +53,7 @@ extern PropertyInfo qdev_prop_arraylen; } #define DEFINE_PROP_BIT64(_name, _state, _field, _bit, _defval) { \ .name = (_name), \ - .info = &(qdev_prop_bit), \ + .info = &(qdev_prop_bit64), \ .bitnr = (_bit), \ .offset = offsetof(_state, _field) \ + type_check(uint64_t, typeof_field(_state, _field)), \ From 2a6391232fa58f32469fb61d55343eff32a91083 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 13 Jul 2015 10:32:50 +0300 Subject: [PATCH 2/4] virtio-pci: don't crash on illegal length Some guests seem to access cfg with an illegal length value. It's worth fixing them but debugging is easier if qemu does not crash. Signed-off-by: Michael S. Tsirkin --- hw/virtio/virtio-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 6ca0258067..c5e8cc041f 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -546,7 +546,8 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address, off = le32_to_cpu(cfg->cap.offset); len = le32_to_cpu(cfg->cap.length); - if (len <= sizeof cfg->pci_cfg_data) { + if (len == 1 || len == 2 || len == 4) { + assert(len <= sizeof cfg->pci_cfg_data); virtio_address_space_write(&proxy->modern_as, off, cfg->pci_cfg_data, len); } @@ -570,7 +571,8 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev, off = le32_to_cpu(cfg->cap.offset); len = le32_to_cpu(cfg->cap.length); - if (len <= sizeof cfg->pci_cfg_data) { + if (len == 1 || len == 2 || len == 4) { + assert(len <= sizeof cfg->pci_cfg_data); virtio_address_space_read(&proxy->modern_as, off, cfg->pci_cfg_data, len); } From 06c4670ff6d4acdc5a24e3d25748ee4a489d5869 Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Mon, 13 Jul 2015 13:46:50 +0800 Subject: [PATCH 3/4] Revert "virtio-net: enable virtio 1.0" This reverts commit df91055db5c9cee93d70ca8c08d72119a240b987. This is because: - vhost support virtio 1.0 now - transport code (e.g virtio-pci) set this feature when modern is enabled, setting this unconditionally will break disable-modern=on. Cc: Cornelia Huck Signed-off-by: Jason Wang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/net/virtio-net.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index d7282335de..e3c2db3250 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -466,7 +466,6 @@ static uint64_t virtio_net_get_features(VirtIODevice *vdev, uint64_t features) } if (!get_vhost_net(nc->peer)) { - virtio_add_feature(&features, VIRTIO_F_VERSION_1); return features; } return vhost_net_get_features(get_vhost_net(nc->peer), features); From 4421c6a38a37d558b8e6f82d2d54aee30350f57f Mon Sep 17 00:00:00 2001 From: Eduardo Habkost Date: Tue, 23 Jun 2015 14:00:51 -0300 Subject: [PATCH 4/4] pc: fix reuse of pc-i440fx-2.4 in pc-i440fx-2.3 commit fddd179ab962f6f78a8493742e1068d6a620e059, "pc: Convert *_MACHINE_OPTIONS macros into functions" broke the chaining of *_machine_options() functions on pc-i440fx-2.3, at: -#define PC_I440FX_2_3_MACHINE_OPTIONS \ - PC_I440FX_2_4_MACHINE_OPTIONS, \ - .alias = NULL, \ - .is_default = 0 +static void pc_i440fx_2_3_machine_options(QEMUMachine *m) +{ + pc_i440fx_machine_options(m); + m->alias = NULL; + m->is_default = 0; +} I have replaced PC_I440FX_2_4_MACHINE_OPTIONS with a pc_i440fx_machine_options() call, instead of calling pc_i440fx_2_4_machine_options(). This broke the setting of default_machine_opts and default_display on pc-i440fx-{2.0,2,1,2.2,2.3}. Fix this by making pc_i440fx_2_3_machine_options() reuse pc_i440fx_2_4_machine_options(). Reported-by: "Dr. David Alan Gilbert" Signed-off-by: Eduardo Habkost Signed-off-by: Michael Roth Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Laszlo Ersek --- hw/i386/pc_piix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 0f99fdc3cc..916d626cb8 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -490,7 +490,7 @@ DEFINE_I440FX_MACHINE(v2_4, "pc-i440fx-2.4", NULL, static void pc_i440fx_2_3_machine_options(MachineClass *m) { - pc_i440fx_machine_options(m); + pc_i440fx_2_4_machine_options(m); m->alias = NULL; m->is_default = 0; SET_MACHINE_COMPAT(m, PC_COMPAT_2_3);