[PULL 00/10] Misc QEMU bugfixes for 6.2 hard freeze

[PULL 00/10] Misc QEMU bugfixes for 6.2 hard freeze

[Paolo Bonzini]

The following changes since commit 63ed851de474b1e2458cb9b4ba6e02a88f72c25c:

  Merge remote-tracking branch 'remotes/juanquintela/tags/migration-20211106-pull-request' into staging (2021-11-06 19:43:42 -0400)

are available in the Git repository at:

  https://gitlab.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 8b4ed0dabae559ebe1fd6f8eb54e1ec6000a0a7a:

  ui/gtk-egl: Fix build failure when libgbm is not available (2021-11-08 12:20:13 +0100)

----------------------------------------------------------------
* Fix off-by-one in MODE SELECT commands
* extend --extra-*flags behavior to meson-based tests
* allow using snappy in static builds
* i386 TCG fixes
* fix build failure when libgbm is not available

----------------------------------------------------------------
Mauro Matteo Cascella (1):
      hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands

Paolo Bonzini (8):
      target-i386: mmu: use pg_mode instead of HF_LMA_MASK
      target-i386: mmu: fix handling of noncanonical virtual addresses
      meson: perform snappy test with the C++ compiler if used
      docs: adjust for demise of scripts/create_config
      configure: simplify calls to meson_quote
      configure: preserve CFLAGS, CXXFLAGS and LDFLAGS in config.status
      configure: propagate --extra-cflags and --extra-ldflags to meson compile tests
      configure: ignore preexisting QEMU_*FLAGS envvars

Philippe Mathieu-Daudé (1):
      ui/gtk-egl: Fix build failure when libgbm is not available

 configure                            | 46 ++++++++++++++++++++++--------------
 docs/devel/build-system.rst          |  9 ++++---
 hw/scsi/scsi-disk.c                  |  6 +++++
 meson.build                          |  6 ++++-
 target/i386/tcg/sysemu/excp_helper.c | 25 +++++++++++---------
 ui/gtk-egl.c                         |  2 ++
 6 files changed, 59 insertions(+), 35 deletions(-)
-- 
2.33.1

[PULL 01/10] target-i386: mmu: use pg_mode instead of HF_LMA_MASK

[Paolo Bonzini]

Correctly look up the paging mode of the hypervisor when it is using 64-bit
mode but the guest is not.

Fixes: 68746930ae ("target/i386: use mmu_translate for NPT walk", 2021-05-11)
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/tcg/sysemu/excp_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 7af887be4d..492b777de9 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -90,7 +90,7 @@ static int mmu_translate(CPUState *cs, hwaddr addr, MMUTranslateFunc get_hphys_f
         target_ulong pdpe_addr;
 
 #ifdef TARGET_X86_64
-        if (env->hflags & HF_LMA_MASK) {
+        if (pg_mode & PG_MODE_LMA) {
             bool la57 = pg_mode & PG_MODE_LA57;
             uint64_t pml5e_addr, pml5e;
             uint64_t pml4e_addr, pml4e;
@@ -287,7 +287,7 @@ do_check_protect_pse36:
         *prot |= PAGE_EXEC;
     }
 
-    if (!(env->hflags & HF_LMA_MASK)) {
+    if (!(pg_mode & PG_MODE_LMA)) {
         pkr = 0;
     } else if (ptep & PG_USER_MASK) {
         pkr = pg_mode & PG_MODE_PKE ? env->pkru : 0;
-- 
2.33.1

[PULL 02/10] target-i386: mmu: fix handling of noncanonical virtual addresses

[Paolo Bonzini]

mmu_translate is supposed to return an error code for page faults; it is
not able to handle other exceptions.  The #GP case for noncanonical
virtual addresses is not handled correctly, and incorrectly raised as
a page fault with error code 1.  Since it cannot happen for nested
page tables, move it directly to handle_mmu_fault, even before the
invocation of mmu_translate.

Fixes: #676
Fixes: 661ff4879e ("target/i386: extract mmu_translate", 2021-05-11)
Cc: qemu-stable@nongnu.org
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/tcg/sysemu/excp_helper.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 492b777de9..5ba739fbed 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -94,15 +94,6 @@ static int mmu_translate(CPUState *cs, hwaddr addr, MMUTranslateFunc get_hphys_f
             bool la57 = pg_mode & PG_MODE_LA57;
             uint64_t pml5e_addr, pml5e;
             uint64_t pml4e_addr, pml4e;
-            int32_t sext;
-
-            /* test virtual address sign extension */
-            sext = la57 ? (int64_t)addr >> 56 : (int64_t)addr >> 47;
-            if (get_hphys_func && sext != 0 && sext != -1) {
-                env->error_code = 0;
-                cs->exception_index = EXCP0D_GPF;
-                return 1;
-            }
 
             if (la57) {
                 pml5e_addr = ((cr3 & ~0xfff) +
@@ -423,6 +414,18 @@ static int handle_mmu_fault(CPUState *cs, vaddr addr, int size,
         page_size = 4096;
     } else {
         pg_mode = get_pg_mode(env);
+        if (pg_mode & PG_MODE_LMA) {
+            int32_t sext;
+
+            /* test virtual address sign extension */
+            sext = (int64_t)addr >> (pg_mode & PG_MODE_LA57 ? 56 : 47);
+            if (sext != 0 && sext != -1) {
+                env->error_code = 0;
+                cs->exception_index = EXCP0D_GPF;
+                return 1;
+            }
+        }
+
         error_code = mmu_translate(cs, addr, get_hphys, env->cr[3], is_write1,
                                    mmu_idx, pg_mode,
                                    &paddr, &page_size, &prot);
-- 
2.33.1

[PULL 03/10] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands

[Paolo Bonzini]

From: Mauro Matteo Cascella <mcascell@redhat.com>

This avoids an off-by-one read of 'mode_sense_valid' buffer in
hw/scsi/scsi-disk.c:mode_sense_page().

Fixes: CVE-2021-3930
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: a8f4bbe2900 ("scsi-disk: store valid mode pages in a table")
Fixes: #546
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi/scsi-disk.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e8a547dbb7..d4914178ea 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1087,6 +1087,7 @@ static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
     uint8_t *p = *p_outbuf + 2;
     int length;
 
+    assert(page < ARRAY_SIZE(mode_sense_valid));
     if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
         return -1;
     }
@@ -1428,6 +1429,11 @@ static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
         return -1;
     }
 
+    /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
+    if (page == MODE_PAGE_ALLS) {
+        return -1;
+    }
+
     p = mode_current;
     memset(mode_current, 0, inlen + 2);
     len = mode_sense_page(s, page, &p, 0);
-- 
2.33.1

[PULL 04/10] meson: perform snappy test with the C++ compiler if used

[Paolo Bonzini]

Snappy is written in C++ and as such needs to link against libstdc++.  When
linking statically, this means that the compile test cannot succeed unless
performed with a C++ compiler.  Do so if link_language is set to C++; if it
is C, the test will usually fail and snappy will be disabled.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 meson.build | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 47df10afc2..6bfed294d0 100644
--- a/meson.build
+++ b/meson.build
@@ -197,6 +197,10 @@ add_project_arguments('-iquote', '.',
 link_language = meson.get_external_property('link_language', 'cpp')
 if link_language == 'cpp'
   add_languages('cpp', required: true, native: false)
+  cxx = meson.get_compiler('cpp')
+  linker = cxx
+else
+  linker = cc
 endif
 if host_machine.system() == 'darwin'
   add_languages('objc', required: false, native: false)
@@ -1109,7 +1113,7 @@ if not get_option('snappy').auto() or have_system
                            required: get_option('snappy'),
                            kwargs: static_kwargs)
 endif
-if snappy.found() and not cc.links('''
+if snappy.found() and not linker.links('''
    #include <snappy-c.h>
    int main(void) { snappy_max_compressed_length(4096); return 0; }''', dependencies: snappy)
   snappy = not_found
-- 
2.33.1

[PULL 05/10] docs: adjust for demise of scripts/create_config

[Paolo Bonzini]

The config-host.h, $TARGET_NAME-config-target.h,
$TARGET_NAME-config-devices.h files are now generated by
configure_file() rather than scripts/create_config.  Adjust
he relevant paragraph in docs/devel/build-system.rst, and take
the occasion to fix a preexisting confusion of *.h vs *.mak.

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 docs/devel/build-system.rst | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/docs/devel/build-system.rst b/docs/devel/build-system.rst
index 7f106d2f1c..3c05032438 100644
--- a/docs/devel/build-system.rst
+++ b/docs/devel/build-system.rst
@@ -464,11 +464,10 @@ Built by Meson:
   scripts/make_device_config.sh program, feeding it the
   default-configs/$TARGET-NAME file as input.
 
-``config-host.h``, ``$TARGET-NAME/config-target.h``, ``$TARGET-NAME/config-devices.h``
-  These files are used by source code to determine what features
-  are enabled.  They are generated from the contents of the corresponding
-  ``*.h`` files using the scripts/create_config program. This extracts
-  relevant variables and formats them as C preprocessor macros.
+``config-host.h``, ``$TARGET_NAME-config-target.h``, ``$TARGET_NAME-config-devices.h``
+  These files are used by source code to determine what features are
+  enabled.  They are generated from the contents of the corresponding
+  ``*.mak`` files using Meson's ``configure_file()`` function.
 
 ``build.ninja``
   The build rules.
-- 
2.33.1

[PULL 06/10] configure: simplify calls to meson_quote

[Paolo Bonzini]

meson_quote assumes a non-empty argument list, and incorrectly returns a
one-entry array if passed nothing.  Move the check for an empty argument
list from the invocations to the function itself.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/configure b/configure
index 33682cb971..369b5455b6 100755
--- a/configure
+++ b/configure
@@ -3894,6 +3894,7 @@ echo "TOPSRC_DIR=$source_path" >> $config_mak
 if test "$skip_meson" = no; then
   cross="config-meson.cross.new"
   meson_quote() {
+    test $# = 0 && return
     echo "'$(echo $* | sed "s/ /','/g")'"
   }
 
@@ -3908,10 +3909,10 @@ if test "$skip_meson" = no; then
 
   test -z "$cxx" && echo "link_language = 'c'" >> $cross
   echo "[built-in options]" >> $cross
-  echo "c_args = [${CFLAGS:+$(meson_quote $CFLAGS)}]" >> $cross
-  echo "cpp_args = [${CXXFLAGS:+$(meson_quote $CXXFLAGS)}]" >> $cross
-  echo "c_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross
-  echo "cpp_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross
+  echo "c_args = [$(meson_quote $CFLAGS)]" >> $cross
+  echo "cpp_args = [$(meson_quote $CXXFLAGS)]" >> $cross
+  echo "c_link_args = [$(meson_quote $LDFLAGS)]" >> $cross
+  echo "cpp_link_args = [$(meson_quote $LDFLAGS)]" >> $cross
   echo "[binaries]" >> $cross
   echo "c = [$(meson_quote $cc $CPU_CFLAGS)]" >> $cross
   test -n "$cxx" && echo "cpp = [$(meson_quote $cxx $CPU_CFLAGS)]" >> $cross
-- 
2.33.1

[PULL 07/10] configure: preserve CFLAGS, CXXFLAGS and LDFLAGS in config.status

[Paolo Bonzini]

CFLAGS, CXXFLAGS and LDFLAGS influence the tests (for example if they include
-L or -I options), so they should be kept from the invocation of configure
to the subsequent reinvocations via config.status.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/configure b/configure
index 369b5455b6..d268f59246 100755
--- a/configure
+++ b/configure
@@ -4057,9 +4057,12 @@ preserve_env AR
 preserve_env AS
 preserve_env CC
 preserve_env CPP
+preserve_env CFLAGS
 preserve_env CXX
+preserve_env CXXFLAGS
 preserve_env INSTALL
 preserve_env LD
+preserve_env LDFLAGS
 preserve_env LD_LIBRARY_PATH
 preserve_env LIBTOOL
 preserve_env MAKE
-- 
2.33.1

[PULL 08/10] configure: propagate --extra-cflags and --extra-ldflags to meson compile tests

[Paolo Bonzini]

Meson (intentionally) does not add QEMU_CFLAGS to cc.compiles/cc.links
tests, as they are supposed to be independent of the specific sets of
compilation flags used to build the programs.  However, the user can
still use CFLAGS or the toolchain file's LANG_args/LANG_link_args option
to specify -I or -L options that apply to cc.compiles/cc.links as well.

This is also the intended use of configure's --extra-cflags,
--extra-cxxflags and --extra-ldflags options.  For example, if
one has netmap's header in a nonstandard directory, up to commit
837b84b1c078bf3e909 it used to work fine to do:

.../configure --enable-netmap \
     --extra-cflags=-I/path/to/netmap/sys

but since the test was converted to meson, this does not work anymore.

Pass these options to meson via the toolchain file instead of via
config-host.mak, since both have the same purpose.

Reported-by: Owen LaGarde
Reported-by: Thomas Huth <thuth@redhat.com>
Fixes: 47b30835e4 ("configure: consistently pass CFLAGS/CXXFLAGS/LDFLAGS to meson", 2020-10-06)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/configure b/configure
index d268f59246..9f1641e79c 100755
--- a/configure
+++ b/configure
@@ -174,14 +174,14 @@ update_cxxflags() {
 
 compile_object() {
   local_cflags="$1"
-  do_cc $CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -c -o $TMPO $TMPC
+  do_cc $CFLAGS $EXTRA_CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -c -o $TMPO $TMPC
 }
 
 compile_prog() {
   local_cflags="$1"
   local_ldflags="$2"
-  do_cc $CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC \
-      $LDFLAGS $CONFIGURE_LDFLAGS $QEMU_LDFLAGS $local_ldflags
+  do_cc $CFLAGS $EXTRA_CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC \
+      $LDFLAGS $EXTRA_LDFLAGS $CONFIGURE_LDFLAGS $QEMU_LDFLAGS $local_ldflags
 }
 
 # symbolically link $1 to $2.  Portable version of "ln -sf".
@@ -286,6 +286,10 @@ for opt do
   esac
 done
 
+EXTRA_CFLAGS=""
+EXTRA_CXXFLAGS=""
+EXTRA_LDFLAGS=""
+
 xen_ctrl_version="$default_feature"
 xfs="$default_feature"
 membarrier="$default_feature"
@@ -394,13 +398,13 @@ for opt do
   ;;
   --cpu=*) cpu="$optarg"
   ;;
-  --extra-cflags=*) QEMU_CFLAGS="$QEMU_CFLAGS $optarg"
-                    QEMU_LDFLAGS="$QEMU_LDFLAGS $optarg"
+  --extra-cflags=*)
+    EXTRA_CFLAGS="$EXTRA_CFLAGS $optarg"
+    EXTRA_CXXFLAGS="$EXTRA_CXXFLAGS $optarg"
+    ;;
+  --extra-cxxflags=*) EXTRA_CXXFLAGS="$EXTRA_CXXFLAGS $optarg"
   ;;
-  --extra-cxxflags=*) QEMU_CXXFLAGS="$QEMU_CXXFLAGS $optarg"
-  ;;
-  --extra-ldflags=*) QEMU_LDFLAGS="$QEMU_LDFLAGS $optarg"
-                     EXTRA_LDFLAGS="$optarg"
+  --extra-ldflags=*) EXTRA_LDFLAGS="$EXTRA_LDFLAGS $optarg"
   ;;
   --enable-debug-info) debug_info="yes"
   ;;
@@ -1346,8 +1350,8 @@ Advanced options (experts only):
                            build time
   --cxx=CXX                use C++ compiler CXX [$cxx]
   --objcc=OBJCC            use Objective-C compiler OBJCC [$objcc]
-  --extra-cflags=CFLAGS    append extra C compiler flags QEMU_CFLAGS
-  --extra-cxxflags=CXXFLAGS append extra C++ compiler flags QEMU_CXXFLAGS
+  --extra-cflags=CFLAGS    append extra C compiler flags CFLAGS
+  --extra-cxxflags=CXXFLAGS append extra C++ compiler flags CXXFLAGS
   --extra-ldflags=LDFLAGS  append extra linker flags LDFLAGS
   --cross-cc-ARCH=CC       use compiler when building ARCH guest test cases
   --cross-cc-flags-ARCH=   use compiler flags when building ARCH guest tests
@@ -3402,7 +3406,7 @@ EOF
 
     update_cxxflags
 
-    if do_cxx $CXXFLAGS $CONFIGURE_CXXFLAGS $QEMU_CXXFLAGS -o $TMPE $TMPCXX $TMPO $QEMU_LDFLAGS; then
+    if do_cxx $CXXFLAGS $EXTRA_CXXFLAGS $CONFIGURE_CXXFLAGS $QEMU_CXXFLAGS -o $TMPE $TMPCXX $TMPO $QEMU_LDFLAGS; then
         # C++ compiler $cxx works ok with C compiler $cc
         :
     else
@@ -3909,10 +3913,10 @@ if test "$skip_meson" = no; then
 
   test -z "$cxx" && echo "link_language = 'c'" >> $cross
   echo "[built-in options]" >> $cross
-  echo "c_args = [$(meson_quote $CFLAGS)]" >> $cross
-  echo "cpp_args = [$(meson_quote $CXXFLAGS)]" >> $cross
-  echo "c_link_args = [$(meson_quote $LDFLAGS)]" >> $cross
-  echo "cpp_link_args = [$(meson_quote $LDFLAGS)]" >> $cross
+  echo "c_args = [$(meson_quote $CFLAGS $EXTRA_CFLAGS)]" >> $cross
+  echo "cpp_args = [$(meson_quote $CXXFLAGS $EXTRA_CXXFLAGS)]" >> $cross
+  echo "c_link_args = [$(meson_quote $CFLAGS $LDFLAGS $EXTRA_CFLAGS $EXTRA_LDFLAGS)]" >> $cross
+  echo "cpp_link_args = [$(meson_quote $CXXFLAGS $LDFLAGS $EXTRA_CXXFLAGS $EXTRA_LDFLAGS)]" >> $cross
   echo "[binaries]" >> $cross
   echo "c = [$(meson_quote $cc $CPU_CFLAGS)]" >> $cross
   test -n "$cxx" && echo "cpp = [$(meson_quote $cxx $CPU_CFLAGS)]" >> $cross
-- 
2.33.1

[PULL 09/10] configure: ignore preexisting QEMU_*FLAGS envvars

[Paolo Bonzini]

User flags should be passed via CFLAGS/CXXFLAGS/LDFLAGS,
or --extra-cflags/extra-cxxflags/--extra-ldflags on the
command line.

QEMU_CFLAGS, QEMU_CXXFLAGS and QEMU_LDFLAGS are reserved
for flags detected by configure, so do not add to them
and clear them at the beginning of the script.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 9f1641e79c..89c1872c3b 100755
--- a/configure
+++ b/configure
@@ -158,7 +158,7 @@ update_cxxflags() {
     # Set QEMU_CXXFLAGS from QEMU_CFLAGS by filtering out those
     # options which some versions of GCC's C++ compiler complain about
     # because they only make sense for C programs.
-    QEMU_CXXFLAGS="$QEMU_CXXFLAGS -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS"
+    QEMU_CXXFLAGS="-D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS"
     CONFIGURE_CXXFLAGS=$(echo "$CONFIGURE_CFLAGS" | sed s/-std=gnu11/-std=gnu++11/)
     for arg in $QEMU_CFLAGS; do
         case $arg in
@@ -465,11 +465,13 @@ sdl2_config="${SDL2_CONFIG-${cross_prefix}sdl2-config}"
 # left shift of signed integers is well defined and has the expected
 # 2s-complement style results. (Both clang and gcc agree that it
 # provides these semantics.)
-QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv $QEMU_CFLAGS"
+QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv"
 QEMU_CFLAGS="-Wundef -Wwrite-strings -Wmissing-prototypes $QEMU_CFLAGS"
 QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS"
 QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS"
 
+QEMU_LDFLAGS=
+
 # Flags that are needed during configure but later taken care of by Meson
 CONFIGURE_CFLAGS="-std=gnu11 -Wall"
 CONFIGURE_LDFLAGS=
-- 
2.33.1

[PULL 10/10] ui/gtk-egl: Fix build failure when libgbm is not available

[Paolo Bonzini]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Since commit 4872a023a59 ("ui/gtk-egl: guest fb texture needs
to be regenerated when reinitializing egl") we get on Ubuntu
18.04.4 LTS and Debian Buster (oldstable):

  $ ../configure --enable-virglrenderer
  [...]
  ui/gtk-egl.c: In function 'gd_egl_refresh':
  ui/gtk-egl.c:159:13: error: implicit declaration of function 'egl_dmabuf_release_texture' [-Werror=implicit-function-declaration]
    159 |             egl_dmabuf_release_texture(vc->gfx.guest_fb.dmabuf);
        |             ^~~~~~~~~~~~~~~~~~~~~~~~~~
  ui/gtk-egl.c:159:13: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
  ui/gtk-egl.c:159:13: error: nested extern declaration of 'egl_dmabuf_release_texture' [-Werror=nested-externs]

Fix by restricting the egl_dmabuf_release_texture() call to the
availability of the generic buffer management library (libgbm).

Fixes: 4872a023a593e6519b272a
Cc: Dongwon Kim <dongwon.kim@intel.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Reported-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20211108083129.1262040-1-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 ui/gtk-egl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
index f2026e4b5c..45cb67712d 100644
--- a/ui/gtk-egl.c
+++ b/ui/gtk-egl.c
@@ -155,10 +155,12 @@ void gd_egl_refresh(DisplayChangeListener *dcl)
             surface_gl_destroy_texture(vc->gfx.gls, vc->gfx.ds);
             surface_gl_create_texture(vc->gfx.gls, vc->gfx.ds);
         }
+#ifdef CONFIG_GBM
         if (vc->gfx.guest_fb.dmabuf) {
             egl_dmabuf_release_texture(vc->gfx.guest_fb.dmabuf);
             gd_egl_scanout_dmabuf(dcl, vc->gfx.guest_fb.dmabuf);
         }
+#endif
     }
 
     graphic_hw_update(dcl->con);
-- 
2.33.1

Re: [PULL 03/10] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands

[Philippe Mathieu-Daudé]

On 11/8/21 15:36, Paolo Bonzini wrote:
> From: Mauro Matteo Cascella <mcascell@redhat.com>
> 
> This avoids an off-by-one read of 'mode_sense_valid' buffer in
> hw/scsi/scsi-disk.c:mode_sense_page().
> 
> Fixes: CVE-2021-3930
> Cc: qemu-stable@nongnu.org
> Reported-by: Alexander Bulekov <alxndr@bu.edu>
> Fixes: a8f4bbe2900 ("scsi-disk: store valid mode pages in a table")
> Fixes: #546

https://gitlab.com/qemu-project/qemu/-/issues/546

> Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/scsi/scsi-disk.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
> index e8a547dbb7..d4914178ea 100644
> --- a/hw/scsi/scsi-disk.c
> +++ b/hw/scsi/scsi-disk.c
> @@ -1087,6 +1087,7 @@ static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
>      uint8_t *p = *p_outbuf + 2;
>      int length;
>  
> +    assert(page < ARRAY_SIZE(mode_sense_valid));
>      if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
>          return -1;
>      }
> @@ -1428,6 +1429,11 @@ static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
>          return -1;
>      }
>  
> +    /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */
> +    if (page == MODE_PAGE_ALLS) {
> +        return -1;
> +    }
> +
>      p = mode_current;
>      memset(mode_current, 0, inlen + 2);
>      len = mode_sense_page(s, page, &p, 0);
> 

Re: [PULL 00/10] Misc QEMU bugfixes for 6.2 hard freeze

[Richard Henderson]

On 11/8/21 3:36 PM, Paolo Bonzini wrote:
> The following changes since commit 63ed851de474b1e2458cb9b4ba6e02a88f72c25c:
> 
>    Merge remote-tracking branch 'remotes/juanquintela/tags/migration-20211106-pull-request' into staging (2021-11-06 19:43:42 -0400)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/bonzini/qemu.git tags/for-upstream
> 
> for you to fetch changes up to 8b4ed0dabae559ebe1fd6f8eb54e1ec6000a0a7a:
> 
>    ui/gtk-egl: Fix build failure when libgbm is not available (2021-11-08 12:20:13 +0100)
> 
> ----------------------------------------------------------------
> * Fix off-by-one in MODE SELECT commands
> * extend --extra-*flags behavior to meson-based tests
> * allow using snappy in static builds
> * i386 TCG fixes
> * fix build failure when libgbm is not available
> 
> ----------------------------------------------------------------
> Mauro Matteo Cascella (1):
>        hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands
> 
> Paolo Bonzini (8):
>        target-i386: mmu: use pg_mode instead of HF_LMA_MASK
>        target-i386: mmu: fix handling of noncanonical virtual addresses
>        meson: perform snappy test with the C++ compiler if used
>        docs: adjust for demise of scripts/create_config
>        configure: simplify calls to meson_quote
>        configure: preserve CFLAGS, CXXFLAGS and LDFLAGS in config.status
>        configure: propagate --extra-cflags and --extra-ldflags to meson compile tests
>        configure: ignore preexisting QEMU_*FLAGS envvars
> 
> Philippe Mathieu-Daudé (1):
>        ui/gtk-egl: Fix build failure when libgbm is not available
> 
>   configure                            | 46 ++++++++++++++++++++++--------------
>   docs/devel/build-system.rst          |  9 ++++---
>   hw/scsi/scsi-disk.c                  |  6 +++++
>   meson.build                          |  6 ++++-
>   target/i386/tcg/sysemu/excp_helper.c | 25 +++++++++++---------
>   ui/gtk-egl.c                         |  2 ++
>   6 files changed, 59 insertions(+), 35 deletions(-)

Applied, thanks.

r~