Comparing changes

Later the returned value is compared with -1, and negated errno is not expected. Fixes: 00faf08 ("linux-user: Don't use MAP_FIXED in do_brk()") Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20230802071754.14876-4-akihiko.odaki@daynix.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

MAP_FIXED_NOREPLACE can ensure the mapped address is fixed without concerning that the new mapping overwrites something else. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20230802071754.14876-5-akihiko.odaki@daynix.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Linux 6.4.7 does nothing when a value smaller than the initial brk is specified. Fixes: 86f0473 ("linux-user: Fix brk() to release pages") Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20230802071754.14876-6-akihiko.odaki@daynix.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

do_brk() minimizes calls into target_mmap() by aligning the address with host page size, which is potentially larger than the target page size. However, the current implementation of this optimization has two bugs: - The start of brk is rounded up with the host page size while brk advertises an address aligned with the target page size as the beginning of brk. This makes the beginning of brk unmapped. - Content clearing after mapping is flawed. The size to clear is specified as HOST_PAGE_ALIGN(brk_page) - brk_page, but brk_page is aligned with the host page size so it is always zero. This optimization actually has no practical benefit. It makes difference when brk() is called multiple times with values in a range of the host page size. However, sophisticated memory allocators try to avoid to make such frequent brk() calls. For example, glibc 2.37 calls brk() to shrink the heap only when there is a room more than 128 KiB. It is rare to have a page size larger than 128 KiB if it happens. Let's remove the optimization to fix the bugs and make the code simpler. Fixes: 86f0473 ("linux-user: Fix brk() to release pages") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1616 Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20230802071754.14876-7-akihiko.odaki@daynix.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The heap starts at "brk" not "start_brk". With this fixed, image_info.start_brk is unused and may be removed. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

This variable is unused. Reviewed-by: Helge Deller <deller@gmx.de> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

This variable is unused. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

…to staging accel/tcg: Do not issue misaligned i/o accel/tcg: Call save_iotlb_data from io_readx gdbstub: use 0 ("any process") on packets with no PID linux-user: Fixes for MAP_FIXED_NOREPLACE linux-user: Fixes for brk linux-user: Set V in ELF_HWCAP for RISC-V *-user: Remove last_brk as unused # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTQMPsdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/rmQf/az6d6X4iom0Hch19 # U4BkoNP7NQB2Rue/avjP6Vy6yATDEPgIA5vcPcub+jYsCyEasRRCD1d4odxZp7Cr # MLoeX6dC+iGg0N7i3S1DSpZBqsRv/4+YE5ibPjYnZlv0F7re1L89yw4doj5OPN1w # 1p8bpTxA2+s/FOxgfKLSyZR4yMJ4jWKeH+em6qjEBXEAMSiE6u0S+Kt3bAO8amdo # 86e5d16F4sjs4kXMTEp9myNoXN/aRsWd1stzebQK+uV6qQQsdkIkMLZmZ8+o158A # QEuWpV8yoMxhXUsnjkNGbL5S3r2WDJpM6WbWxtjs1xOAaygYCOicXh+sqRefgyH/ # 0NQQRw== # =4I5/ # -----END PGP SIGNATURE----- # gpg: Signature made Sun 06 Aug 2023 04:47:07 PM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate] * tag 'pull-tcg-20230806-3' of https://gitlab.com/rth7680/qemu: bsd-user: Remove last_brk linux-user: Remove last_brk linux-user: Properly set image_info.brk in flatload linux-user: Do not align brk with host page size linux-user: Do nothing if too small brk is specified linux-user: Use MAP_FIXED_NOREPLACE for do_brk() linux-user: Do not call get_errno() in do_brk() linux-user: Fix MAP_FIXED_NOREPLACE on old kernels linux-user: Unset MAP_FIXED_NOREPLACE for host linux-user/elfload: Set V in ELF_HWCAP for RISC-V configure: Fix linux-user host detection for riscv64 gdbstub: use 0 ("any process") on packets with no PID accel/tcg: Call save_iotlb_data from io_readx as well accel/tcg: Do not issue misaligned i/o accel/tcg: Issue wider aligned i/o in do_{ld,st}_mmio_* accel/tcg: Adjust parameters and locking with do_{ld,st}_mmio_* Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

As reported by Trend Micro's Zero Day Initiative, an oob memory read vulnerability exists in nvme_fdp_events(). The host-provided offset is not verified. Fix this. This is only exploitable when Flexible Data Placement mode (fdp=on) is enabled. Fixes: CVE-2023-4135 Fixes: 73064ed ("hw/nvme: flexible data placement emulation") Reported-by: Trend Micro's Zero Day Initiative Signed-off-by: Klaus Jensen <k.jensen@samsung.com>

As of prior to this patch, the controller checks the value of CC.IOCQES and CC.IOSQES prior to enabling the controller. As reported by Ben in GitLab issue #1691, this is not spec compliant. The controller should only check these values when queues are created. This patch moves these checks to nvme_create_cq(). We do not need to check it in nvme_create_sq() since that will error out if the completion queue is not already created. Also, since the controller exclusively supports SQEs of size 64 bytes and CQEs of size 16 bytes, hard code that. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1691 Signed-off-by: Klaus Jensen <k.jensen@samsung.com>

… into staging hw/nvme fixes - two fixes for hw/nvme # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTQ2y4ACgkQTeGvMW1P # DenpWQf/WFgEljzgTcgxlfZhCyzWGwVNgKqRxlTuF6ELqm8BajCuCeA5ias6AXOr # x/gZ0VqrL91L5tRIH5Q0sdC+HBFC1yMs66jopdzc1oL1eYu1HTrLIqMDtkXp/K/P # PyGah2t4qEMtacSkad+hmB68ViUkkmhkxrWYIeufUQTfLNF5pBqNvB1kQON3jmXE # a1jI/PabYxi8Km0rfFJD6SUGmL9+m7MY/SyZAy+4EZZ1OEnp5jb3o9lbdwbhIU5e # dRX4NW4BEDiOJeIcNVDiQkXv2/Lna1B51RVMvM4owpk0eRvRXMSqs2DQ5/jp/nGb # 8uChUJ0QW68I4e9ptTfxmBsr4pSktg== # =0nwp # -----END PGP SIGNATURE----- # gpg: Signature made Mon 07 Aug 2023 04:53:18 AM PDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown] # gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: fix compliance issue wrt. iosqes/iocqes hw/nvme: fix oob memory read in fdp events log Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Aug 6, 2023

Commits on Aug 7, 2023

This comparison is taking too long to generate.