From nobody Sat May 30 17:45:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1779722261; cv=none; d=zohomail.com; s=zohoarc; b=L7fvBLzFTKbgFULO2cjN96SSfhOC6eSqZAHVFGfB91a0fvOYI3NrWz0quCe8le1l18PRtG58hpZ/nUpM55zR+f23QRKh4meCkhqzEHG6P2HT8cP27OylGEoMSqyr/T0kwBFm5oj8H+GAWmDhfUCEQodMo/vCkvy87YfGKu94+lI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779722261; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Xb0lwzwT0j8aOb6w9EmhSr1ORdgc3Kl57dK6QxGGC6w=; b=aVs7ApcHTIZnMnd8PiLtH2FG0EZBeTwqSQKg2LRqm1pDQTef5jLe2vPyOuS337+pYilZCBJh6kWJQS9YYavBxhKb4otJLW+CzuKPZsy8BURH/7EbWZfHHvE/OJ4fuNtufJ12+OIoCuOLLYLCJna1Xf2mZynJohvm1xWcK3191Yo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779722261370391.43224081627613; Mon, 25 May 2026 08:17:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRX2p-00061f-Cn; Mon, 25 May 2026 11:16:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2c-0005xr-P6 for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:38 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2a-0007RE-Uz for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:30 -0400 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-41-qOnhLHjPN2OwF9fxB-T1fQ-1; Mon, 25 May 2026 11:16:26 -0400 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48fe24773c8so51053705e9.3 for ; Mon, 25 May 2026 08:16:26 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-490454ea134sm284968585e9.8.2026.05.25.08.16.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 08:16:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1779722188; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xb0lwzwT0j8aOb6w9EmhSr1ORdgc3Kl57dK6QxGGC6w=; b=PCAi+Jg/9+sDgC8tjo3ZgLEBik2nf3srermIpZ84FzyLNwd5J3TYaIwFDNSQatitpbJwtr elwUAPowcGCfRsat6okCeP1+kErazyfFQC0bWwfQTEqKcbSPYroLj6y+eD8BApc54otiCh 1r4YFoD925NK7AUawLkHQEr9h7miSVc= X-MC-Unique: qOnhLHjPN2OwF9fxB-T1fQ-1 X-Mimecast-MFC-AGG-ID: qOnhLHjPN2OwF9fxB-T1fQ_1779722185 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1779722185; x=1780326985; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xb0lwzwT0j8aOb6w9EmhSr1ORdgc3Kl57dK6QxGGC6w=; b=koDB9WQRbBxBPjAWtOLV6Lle2mOS2uWTzSZXd5u9jOklmT4rc3GRQoVM3U8ow/H5vS FMSYKWE08VWMKYusDDCdGjFqCPzDm2EiMpWaaXhBd6uhAD7BDrnoo4bOKD4PqEnCTHfu mD5sqYFF4aaHVltLRLQ3kF/IS82qIiUZEyIRzoIz673YywNQB3e8qf49b9fjkUG5NcrQ UOYiljCg0bIwqBTjmXhz6N5W2Mc2dS7Rm+tW+tQzqUGDF0B8CoVQEoAryrieOqR6wNSc FpIU6ahXms3qq97WeCPIJj+qsQa44gVgw1PP6HrK78kzN2+dWAB6NWAt96AQ55Y+ssSn o9uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779722185; x=1780326985; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Xb0lwzwT0j8aOb6w9EmhSr1ORdgc3Kl57dK6QxGGC6w=; b=bhidBo5rya81D2hMfs70ktM2F8O+9xDF4GGlFt1+76faQaZNIRSy0f3B5lBTY7I7Qt 9EHMVQb9iEoEZtY2/3iGNuMLqe/RliDKaFYtL0mIl8XUdaxwkS5P7L3sVlUx6G2IoKeN Gb/eFhrPqTAEqzvGwuteU37E+RosdeTxS/iaJGhXjIsidxV3ae9LIJ89tn/+X2cKfK1i gJE6Ufi0bmLIreIUzr4+kAV+s24CjWl6DFjsoOVNqLz5nMKb4K6OeRM4dk25K5XMqYct 1e0ofpADoFcj28WEt6USE5GKppFqLnZJKE/C/7zDMjPcTOAnkGycxqBiiooZoMXEd8WW ydFw== X-Gm-Message-State: AOJu0YyyU8oQK0ebQ/jaKREHM6gB9KBd4FmTrR7fg8pHzr7ec71gXtXI EYbGmQ1jqqRBzkUf26d4l/6pYTElBsqhsRkIu0IkhtGbjQwrgiOaVRCgNAiwVcolFPGST3AHJkr v2BO68Y7FerGJR+2yky/+7nKX7vMSDKwA4FKATwjN3McpmBJ0QAEpyUGkUAR0/myUtN/GRFE7y9 gJRXN3BaBsuV47mwCbcG2cXQJNwxwHBaZs5MCgntKi X-Gm-Gg: Acq92OHa30HalhFzGQtnlcVEWkWUXOKnNXVAhfTAmdKT8hTVUjBmcXWUSoI4Z/s0Vek yuYTEQeVYh2Ssu+jxBOMg4QUA2nAGLOQos3Y4FJLNX0xHBfamr575YC4Xu6Q+dF+COuBSdMzVUh G8QAb5YUhZZz4QkDEjAiRwrlqMyFdnj8A4kPvZTE9FOC0eudPFWc/4Sp9qTjYGGuq7nuMlLwCZT dhZasdyP/vJqfxlDpnUmIlIWyKkBbeG7lhR1jMslLWXNsgy1m/eYWQyx0CQlsS8tUJNgM+3vd+n eVdybGKh1I1rgxKoKtIBhItXccaadihdGij4MPwAZx2UIIeJthFXoyKYQ2XGMh6+9aFnUbr+j0F BDB96DcuOICTe2ueZECUzV7dprbBRXnvmgEgs2x0zaZp8nMLG2OO3RmeMZ40R9dWcLTv2YLXV3t esOVW4YNddbKRwuHw91eLIyinyFOTu X-Received: by 2002:a05:600c:4688:b0:48f:e230:80a3 with SMTP id 5b1f17b1804b1-49042ae99afmr240339555e9.33.1779722185316; Mon, 25 May 2026 08:16:25 -0700 (PDT) X-Received: by 2002:a05:600c:4688:b0:48f:e230:80a3 with SMTP id 5b1f17b1804b1-49042ae99afmr240338925e9.33.1779722184742; Mon, 25 May 2026 08:16:24 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Wei Che Kao , qemu-stable@nongnu.org Subject: [PULL 1/6] lsi53c895a: fix use-after-free of cancelled request Date: Mon, 25 May 2026 17:16:16 +0200 Message-ID: <20260525151621.395954-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260525151621.395954-1-pbonzini@redhat.com> References: <20260525151621.395954-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1779722263933154100 Content-Type: text/plain; charset="utf-8" When processing the Message Out phase, the lsi53c895a controller can cancel a request and the continue by processing more messages. When this happens, it is important that a cancelled request is not processed further, because scsi_req_cancel can cause the request to be freed. Right now this is happening in two cases, but not when cancelling the entire queue of requests after an ABORT, CLEAR QUEUE or BUS DEVICE RESET message. In that case, a subsequent ABORT TAG message can use a dangling current_req. There are three possible fixes: - add a missing check inside the loop, clearing current_req if p->req =3D=3D current_req. This is obvious but complicates the code inside the foreach loop. - change the conditional prior to the loop from "if (s->current)" to "if (current_req)". This would work, because s->current !=3D NULL implies current_req !=3D NULL, and would clear current_req correctly. However it is less obvious because the point of the code is to clear the entire queue, which consists of s->current and s->queue; current_req is not special here. - delay the retrieval of current_req until an ABORT TAG message is seen. This is the most correct option, because the SCSI protocol only deals with tags; requests are a QEMU concept that only makes sense for the purpose of calling into the SCSI layer. Reported-by: Wei Che Kao Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 54123f77579..0843d325ab1 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1000,10 +1000,8 @@ static void lsi_do_msgout(LSIState *s) =20 if (s->current) { current_tag =3D s->current->tag; - current_req =3D s->current; } else { current_tag =3D s->select_tag; - current_req =3D lsi_find_by_tag(s, current_tag); } =20 trace_lsi_do_msgout(s->dbc); @@ -1058,9 +1056,13 @@ static void lsi_do_msgout(LSIState *s) case 0x0d: /* The ABORT TAG message clears the current I/O process only. = */ trace_lsi_do_msgout_abort(current_tag); + if (s->current) { + current_req =3D s->current; + } else { + current_req =3D lsi_find_by_tag(s, current_tag); + } if (current_req && current_req->req) { scsi_req_cancel(current_req->req); - current_req =3D NULL; } lsi_disconnect(s); break; @@ -1086,7 +1088,6 @@ static void lsi_do_msgout(LSIState *s) /* clear the current I/O process */ if (s->current) { scsi_req_cancel(s->current->req); - current_req =3D NULL; } =20 /* As the current implemented devices scsi_disk and scsi_gener= ic --=20 2.54.0 From nobody Sat May 30 17:45:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1779722311; cv=none; d=zohomail.com; s=zohoarc; b=PLp1dmuqgF1s2JdWEMzF218Vs69OpFF67TvTCKqzg/ZXDJilJu7b8sabF5kaO5DzAhMqeQ3gv8qqM+w83On6mXMfU/8kHPnt+6sl0Bpd/LpYw0/HJt36cuFMdG5/oWWzY6EcO3mHn90mSxRjJF/5e0/6wsGzoiSRP22FBouE1hI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779722311; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uZoRrPKKW9ueGQMCwPYgUoUbXyUbtgzf4g7LYHgH0Uk=; b=DTva7yM/6fYdcEc4urjZc9H+iaOolzJZ8595HZHL/4bI7p0imxavHWc8qAYtD2fmGhJXcRq1UlNTql/MFf8fS/iOEM5knYiVePgD0c4kEBopgvlJLn64xHK5ERJhjBj9SUiKSlG9GtG8QI/+wn9sDvozxPoQrFqTGoosHTt6PwQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779722311372356.12988351658623; Mon, 25 May 2026 08:18:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRX2q-00066U-Ln; Mon, 25 May 2026 11:16:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2j-0005yY-4k for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:38 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2h-0007Sw-1o for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:36 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-454-KQpcS2SWMlWPnTUogwfyKw-1; Mon, 25 May 2026 11:16:28 -0400 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4903dcb32f8so31594345e9.0 for ; Mon, 25 May 2026 08:16:28 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45eb6d493dfsm28160673f8f.23.2026.05.25.08.16.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 08:16:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1779722190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uZoRrPKKW9ueGQMCwPYgUoUbXyUbtgzf4g7LYHgH0Uk=; b=Y9HTld/915Qa0ib82t/3e5ymxBVAwOSFH6iMPW96sxJcGBqJBxg/wuIZZWdSZnfQFx9Nhr noJwZzCsh+V36B4D75OLDJhA6kKUwiGP5p7SMlY9BVw0kFtww4QR0+4XSpsJzx+qyJ05yg HinDh5oybPQVWJ2n5PZPXlDCwo63HN8= X-MC-Unique: KQpcS2SWMlWPnTUogwfyKw-1 X-Mimecast-MFC-AGG-ID: KQpcS2SWMlWPnTUogwfyKw_1779722187 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1779722187; x=1780326987; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uZoRrPKKW9ueGQMCwPYgUoUbXyUbtgzf4g7LYHgH0Uk=; b=TR4qHsaY9dzavh8aTIL6JcsW3o8suyslhwWRtC+7TiKp+S9eHuEfbgWleHFWzjjnSl nZSbiKsAv4V1Pqk5ZjfOb3p9MFGhMXz4Yrm4wkoNn8odj85X0KVx/Dt5lyf+WiIOv7HN uvsRcZE3d3G+qx9+X9I9wb1l7Qma3J9/MQskkiGThE4PeHJUoM1WXEdc979jcoCYNqkg J2A7hPIqxltvJDsrnJZhSt8PaXBjPTD1yGNuBsUAfCBduycD7zKn0n/RzV+PsP9JeBJA rOMI2+hW55B9gRbdvxsKCkUsLfxaATVvFRKiVurrgEWGX2I0GqRQR5FcNsfo8VdFZSNJ HOQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779722187; x=1780326987; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=uZoRrPKKW9ueGQMCwPYgUoUbXyUbtgzf4g7LYHgH0Uk=; b=gvLCGATjQgyyfMhmxzzGpKaoI1QAnsW5EZQjjnqTwm69QIpPpxjNQ3dxXVAc4iDM9f gzUaYsmi7GiaeOA5U4V3ApzKDxNprlMpb27+wJIaOMSGn8e5jZ20284+EVfTkElY6PH3 OZw1Kr5werqAMJUW4dUoV+v4tx9SPwzCaGjReR4+oJ2Vfx/+dvTEQSI/l/irfkLTAiRt m1rBT6nyQzURmGTOFUqtmlXmYDWt4n5ArUD8ZP/Rq+UaijsK5JAjpltRCXB7EBVg/5TJ vphGmyE8/jynK62mwW2j5OsYfdzKyNzAe5Bh85T58ZroV6Ro+YIC0uRnQm6y20bthgXD eAAw== X-Gm-Message-State: AOJu0Yz/Zv4OpyP97PnEpt2qkc1nFYgjm+44TYpnXX+PBeWI9i8sO03M Ai6B81xW9A4z/ufrCScv+GuafaFm5mcju/Pyqx3YfLHOHA2CKtAfYPhO5mXejBKCPU5I+my/jeV D7LhEcxz5IpNx80ONb3P5oW/htAN67i+YLrwzEAxN/gckPBlHWjT9OAQOB5iWK4W/XjXF6b59SZ HDQaAQjuNai9MbK/+6bZvB7TwZfYwJaFjk4XufjioD X-Gm-Gg: Acq92OFEXQT8OYMY4tjXumQjrOcwMCu0qYIx5gYYQt6Iv/qgA0GyktV4FTE0eYSuXdl /0TDeRr8V7I/I9BJQ9/F0EoPyUU9DBo0jyuHDPWb44RCNgdWHE7i2Z+c+HLLN4Bd3rmR1qGV3oq n9Mf+ysuDwsHV43g/BWNmy7PirJn9VqIaBdWzJmLzRRtQtc7ckC/PE7hLHDGNl6FGzfab/xNzus jM5eL5iFn4qByEgvjiQrGfR5lmizlYyT19DWqWYdx77klWpE5MvPVdRbeNo2b/36bxPINi6mny9 ZJYF2zpGUJUEbTx68FJbMvs8JISBzLX5Migr57CECMVBENGUBCUqqm4whocu+cj+FlUKBEyXuJH 89EpGr6vyjp/2HLcMmU74+H1zwmAqyKMgcUAYREZlINyDQc8sSalkDpJPCr1v1uj4Ii7lgU9yuJ vOrKNM6QbO1cufMztB9I93s4nyTLgy X-Received: by 2002:a05:6000:2889:b0:44e:902f:e341 with SMTP id ffacd0b85a97d-45eb38c522bmr25297111f8f.20.1779722187267; Mon, 25 May 2026 08:16:27 -0700 (PDT) X-Received: by 2002:a05:6000:2889:b0:44e:902f:e341 with SMTP id ffacd0b85a97d-45eb38c522bmr25297067f8f.20.1779722186753; Mon, 25 May 2026 08:16:26 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PULL 2/6] lsi53c895a: clear tag byte when processing messages Date: Mon, 25 May 2026 17:16:17 +0200 Message-ID: <20260525151621.395954-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260525151621.395954-1-pbonzini@redhat.com> References: <20260525151621.395954-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1779722314970154100 Content-Type: text/plain; charset="utf-8" Instead of simply ORing the message byte, clear what was there before. Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 0843d325ab1..1b7f02fc7c9 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1041,16 +1041,19 @@ static void lsi_do_msgout(LSIState *s) } break; case 0x20: /* SIMPLE queue */ + s->select_tag &=3D ~0xff; s->select_tag |=3D lsi_get_msgbyte(s) | LSI_TAG_VALID; trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); break; case 0x21: /* HEAD of queue */ qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented= \n"); + s->select_tag &=3D ~0xff; s->select_tag |=3D lsi_get_msgbyte(s) | LSI_TAG_VALID; break; case 0x22: /* ORDERED queue */ qemu_log_mask(LOG_UNIMP, "lsi_scsi: ORDERED queue not implemented\n"); + s->select_tag &=3D ~0xff; s->select_tag |=3D lsi_get_msgbyte(s) | LSI_TAG_VALID; break; case 0x0d: --=20 2.54.0 From nobody Sat May 30 17:45:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1779722318; cv=none; d=zohomail.com; s=zohoarc; b=F2yqDeqSpaEHPjU9Ylgi8pr9slgGkCQ0+b7J7WN1S2ThIPlOJxUHrP7z4QgPCadv2Vy8pvRU2dAc8PbnjKUbUB76f7f1DlWaEizNF2wc1Oj7pJOZXhHAqAFW0ZYYFT9B+Pweim8dVUCmxXSBdIEcpt1xhJ5powWaNRYG5Fv2LJU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779722318; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GpfDVA7DkFEEKD0uoA21t8IvgHUFiH16OkT5AHytVXI=; b=mr5N0bqZLN7symfQhRIFVH58khWDiQGXzulpNS/mJQC5AAGkbiL4a2wlFIpMDCe7kxuG/VRcwkXQlvVp2Is4UA6laE/Br2FWcZK2joQ5d1cPlDnU0eT3UCWq517B2miyHqiKrjVT6R3CvHn9Rp1d7WVZkuOgl4nX/eZUFAYMpDU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779722318775113.25000816287525; Mon, 25 May 2026 08:18:38 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRX2t-00069h-OB; Mon, 25 May 2026 11:16:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2j-0005yZ-5g for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:38 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2h-0007Tb-2x for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:36 -0400 Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-610-4NAv5A77M3SZovkF_8iQCQ-1; Mon, 25 May 2026 11:16:31 -0400 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-490479c2911so33489695e9.2 for ; Mon, 25 May 2026 08:16:31 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4904333146bsm149273425e9.0.2026.05.25.08.16.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 08:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1779722193; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GpfDVA7DkFEEKD0uoA21t8IvgHUFiH16OkT5AHytVXI=; b=AUFPtATD8TpoSKIsac3qDfrun6PI6eUM3PqHu/V/2gV4fF3gWWG9MvQh9KDE936vOiNrED aDDZyy8S+kGeHRtJGAFY4fjKK1eC3kMMCRYluvgKnbkY7exQAKV28eJMVTr8YM/RfDIdlB OB6wyWghWx+me6yg2KXCL4buK21ylXc= X-MC-Unique: 4NAv5A77M3SZovkF_8iQCQ-1 X-Mimecast-MFC-AGG-ID: 4NAv5A77M3SZovkF_8iQCQ_1779722190 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1779722190; x=1780326990; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GpfDVA7DkFEEKD0uoA21t8IvgHUFiH16OkT5AHytVXI=; b=X/XkbwfmOfTPuVgDcKK+B+JNCiKgbm4sPB0dMxbIdz1b6XDM5A7kyuZaKngpoGPkSv 0fQ5lRveRukGSu4cKSHm0i3EWCWkdYoziNsd9zMm6lSfMGI9pjBemh1dGLlFW4Wgv1pH mvmWAwxqO1FKwl8C4q5QvUrjOiDpg0N1wcVK/7/P7+hlzEzVJcKEe962d0G03KAivlQW ri7V7XUxgdbbAMzz2Zl9h+ViZz0HmF2v/RG2ez9R2fogbP14wUMdt2TGRj3ywvAjzo9H ximz3Cp5Z0nKypzUQ8olb3wP0+P2yyKph3rft67ZbauItdxwxo37sU4Zt840YiLeL0GI sHLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779722190; x=1780326990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=GpfDVA7DkFEEKD0uoA21t8IvgHUFiH16OkT5AHytVXI=; b=Sb8lSz1GnIpDluryxRi17KlYUP+goMXKAt6BA7APAbtDRgpC6kLxW3V353Tlv6kPzP /w1saRCE4qcsztXsJecxUqOmotx/EXFLRUAW0ICyHvBiH+pgdKTasltSZNHW9xvNZLOV EaC7q/4Nn2pHW44r+bfeTYF5ZPA5e7+NTBkj+cuNIFnttO8Bk84PvtoyqZtzYsNCgkBz Qkrt1kl+GzSpB863mDLNmpWddXqfhQqqDhyZ01aP3hDC7MOEiKnvTJp2SlBdQ16ojSyr J84ekdTjqna11R/0np9yA6PR9udc2s6X1XUHmb33PWsxv/csi3FTA7+OvrUC4WwdJgUq qxoQ== X-Gm-Message-State: AOJu0Ywq5FM1GkKQ+/H8wzqYn3uO0XhSTj+ij0r3Rjx1ZeDS0RlPSGQ8 KGAN8CbW2pOjoHWXrEpy6Wng0JnplrIaZP+rDn3pRrwR+Ug3da4/GRLP2U8G65HSHUPliaaimOB BWRQSUj+NXS60QumsRFbxN37lSgDiaz9sBUIVEpaaVi5u5CjixytowowD2qy3zzm5bkQXXZrp2w dWz8PyCnE5BIxt+T4tPsxFi0ACC4p3HP17K6IfmuOt X-Gm-Gg: Acq92OGx1qC1upd6Fz+mpZLg1UBEzDCFdEAHwBhwPLNg3uCij3EZmjAANXWP67/Ufcn 91m7L5P0tSDlSDoVBmoPNRbbjzq5Z6aR6OYB2f0NlFJ5DpgCbwpzpsss65q/rLXBqOye+S691Nv CDjXhc5ttyLw6g8G85ZRgPNaRBcKwnxmZc83mrqWvzzgy+BcHKEBcHaikI4ZI3uMlf3vqBgl+NI mse3Gp/PNWRIx8NY5rU8C7aXX00AG2ltG+4Kw0GhCE6CZ4lIcNm19arY/xYdxxs3vlzr4nyLDen r6SbK4ZxtOCK37/zMVy3PIKGJTyvG4Xr8x3PkDQEHYai7jEwGtx5mZzZGZ/+nOM/XSq9UWvnRnS zOxhYBSKTtFM+ItNJgdI8OgVvJhUQz9Hr/Aqazf8a2VaZNF8G4Em8cuSst4qfx2p0ZP6d8jfJ6B VoAUgRFiLl29BbwT9OGxd86v08gL6J X-Received: by 2002:a05:600c:c4a1:b0:490:1640:8269 with SMTP id 5b1f17b1804b1-490426d1a16mr254875085e9.18.1779722190410; Mon, 25 May 2026 08:16:30 -0700 (PDT) X-Received: by 2002:a05:600c:c4a1:b0:490:1640:8269 with SMTP id 5b1f17b1804b1-490426d1a16mr254874375e9.18.1779722189847; Mon, 25 May 2026 08:16:29 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Wei Che Kao , qemu-stable@nongnu.org Subject: [PULL 3/6] apic: fix delivery bitmask with modified xAPIC ids Date: Mon, 25 May 2026 17:16:18 +0200 Message-ID: <20260525151621.395954-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260525151621.395954-1-pbonzini@redhat.com> References: <20260525151621.395954-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1779722320930154100 Content-Type: text/plain; charset="utf-8" Self-IPIs (or all-but-self IPIs) in QEMU can cause a out-of-bounds access to deliver_bitmask, because the access uses the APIC ID register which is writable by the guest. However, foreach_apic uses the delivery bitmask indexes to look up the local_apics[] array, which is indexed by *initial* APIC id. Using the right id fixes both a possible heap write overflow if the modified APIC id is too large for max_apic_words, and a mis-delivery of both self and all-but-self IPIs. Reported-by: Wei Che Kao Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/intc/apic.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/hw/intc/apic.c b/hw/intc/apic.c index e5ea8312617..0e8932005fa 100644 --- a/hw/intc/apic.c +++ b/hw/intc/apic.c @@ -648,13 +648,6 @@ static void apic_deliver(APICCommonState *s, uint32_t = dest, uint8_t dest_mode, APICCommonState *apic_iter; uint32_t deliver_bitmask_size =3D max_apic_words * sizeof(uint32_t); g_autofree uint32_t *deliver_bitmask =3D g_new(uint32_t, max_apic_word= s); - uint32_t current_apic_id; - - if (is_x2apic_mode(s)) { - current_apic_id =3D s->initial_apic_id; - } else { - current_apic_id =3D s->id; - } =20 switch (dest_shorthand) { case 0: @@ -662,14 +655,20 @@ static void apic_deliver(APICCommonState *s, uint32_t= dest, uint8_t dest_mode, break; case 1: memset(deliver_bitmask, 0x00, deliver_bitmask_size); - apic_set_bit(deliver_bitmask, current_apic_id); + /* + * The self and all-but-self cases do not use apic_match_dest() and + * directly fill in deliver_bitmask; the bitmask's indexes in turn + * map to local_apics[] slots which are never changed even if the + * xAPIC id is modified. So use s->initial_apic_id instead of s->= id. + */ + apic_set_bit(deliver_bitmask, s->initial_apic_id); break; case 2: memset(deliver_bitmask, 0xff, deliver_bitmask_size); break; case 3: memset(deliver_bitmask, 0xff, deliver_bitmask_size); - apic_reset_bit(deliver_bitmask, current_apic_id); + apic_reset_bit(deliver_bitmask, s->initial_apic_id); break; } =20 --=20 2.54.0 From nobody Sat May 30 17:45:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1779722210; cv=none; d=zohomail.com; s=zohoarc; b=UuhYgBW7slr4PnSI2p2eVbcpYqArWgBOeko57wf9Ha+fIbB339a5h/elQpOK1Yr9ZpAMzhQezDqZBxxQS/FS7J1CwbaOStFIxVp0IgOKjiHFdqfkaaGVndvQNXaB+Kuc8g1HtnJ0/mFA5mRlwa9t1gSJv+n5/6f1bV5ugYEHyYg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779722210; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=OKOkFCCWCPnSIN8b+3A7vXAmBTMZOV+rT3knUHlWwdQ=; b=keui4o0POwrAI0UImVIRv5ES8jjBuIqv2KD0RG+Vi93GdEC2+M/V3Elm9If2ug1FxBB4qqZnF0K7w61CoAZTi73G+uqSEKc/tuwr4Qj4qotVuPK2tIwk4Ao8PU5+HkFHp0mXGH1JX9chW63qXa5fHn/70OUFd6+FnuA6+cVSp70= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779722210041285.50673500965365; Mon, 25 May 2026 08:16:50 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRX2p-000636-MH; Mon, 25 May 2026 11:16:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2k-0005yd-DR for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:38 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2h-0007Ti-DO for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:37 -0400 Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-693-hQvyRzXTN6WNYKH2QDwswQ-1; Mon, 25 May 2026 11:16:33 -0400 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-44ffa15dc8cso6002393f8f.1 for ; Mon, 25 May 2026 08:16:32 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45eb6d5e363sm28709822f8f.28.2026.05.25.08.16.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 08:16:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1779722194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OKOkFCCWCPnSIN8b+3A7vXAmBTMZOV+rT3knUHlWwdQ=; b=Lh07mLtnqYhDg+iaKwnQJEMP9OL4YFBQnEpRPXn1P493yyswaxjCNkl7PEnjqsep+u7KLh CV9lKhk1iy8/duFGXHtyc+TVnc37cWWRPkO587JCKpXPQnctJ/U1EJ3FkUNKH0kolt/sfO qUmfBRBK07wKXZVXCgwo6DPC3sxwU+M= X-MC-Unique: hQvyRzXTN6WNYKH2QDwswQ-1 X-Mimecast-MFC-AGG-ID: hQvyRzXTN6WNYKH2QDwswQ_1779722192 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1779722192; x=1780326992; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OKOkFCCWCPnSIN8b+3A7vXAmBTMZOV+rT3knUHlWwdQ=; b=bdZCZPIQtbJaowNFO7SXFkpAr0eOIlI/Y53vHKRfzATjgkOUxRGVAyzTrbpfGYcazk FlrrFXHg67rVYj94bKYvyIeVTP19Tg32jVfvz3EGfTQ3h9SdaYucSS8m2ufqWn9dG+qF sEqouVWJtOITXHHVnXTodrF/ISQ8OjPOl7n+CLD2QUg8rScCVn0t2vkJK0NtJ1PKCEcT yDGeWIqL6uTyq3I2qmCWCGeXN0XINFP2ROU+eW4wlfxniIXTRrbPJQWvfQNt9nkEl4uB E6PSvLNh2sqXjr66nNacM+6Iuf7RvIbowDU+3J1ZuKxWK5y78FcNxQ7888R6G+ex5TFH 7WBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779722192; x=1780326992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=OKOkFCCWCPnSIN8b+3A7vXAmBTMZOV+rT3knUHlWwdQ=; b=L5S3BB8s5+3C6b5oxQIwUTGGyXi2fbjGER50PS6Gl41paHjtoGTRx4oqhpkAkb3CQw 3KCPS2lmwsso8HZTGqvb4RBP73KTJlO+QshIXaF1kbUiAx5P1EMNT3I9SvN2g1oJxt6R ZPaAdx3pWC9QqeZ9sIjF8AHB1EbjQ3xOCawRo5YISs8U2mEDx+5rub6oyr58OFPoNp6a 0VdwWOebb+DUlZ+IRGowznBQk0uWlatUJeSm+xKp3azOb42fwa2cPUk6Ex30oM7qK+Zv Qd40NLVMJVqnhGv8uV5+mAkvfnm3OA2TklH3dogJ5OiUDUOYtEzRZfhJN0aQ98BTComi Xvlw== X-Gm-Message-State: AOJu0YwAdYoOH9i80JtO3t4jo+j4PDe/1UBAsjwrU+ZQoGpmnbYtlMZq SCWKGWZW+S/mQI2p4K/yAiR1ydIpilDKyZq5HUySnZkaBsAPl7OWlce5P46DbkUEdOaSc2yd0kf kwOq63jb14H73D5cm+cBHw6fsGDwKIBnzcNoCIN7acXI8+mVw3mjUCTEdln0CZWTEryq6IubQnF zrhuM+tfxzjViLmrWZsPUqq/7bCcfUTgbBU+wSSOAa X-Gm-Gg: Acq92OEMqIX5jBdXP0beKPrXpDJg5jFetRPwlONof4UhDY/eQPojma51d8NV9BaRxDA q9EFTZHAfFGM8O8v+8aNR7ncVd9gae+q0+G9fsjkBl8CoNOq2OyVvusuSC1BsM0gA2bpkrqbMua 2TjjE/MOw0YUWDro+TmrWQk2JhpTjiL0mg6viJXH4oqHc7r8ZaW2l5DIvj3+pW7Qw0mRJ1AmO5j Kr5mkfmed24tmiI3597VjvvyJiut6kbcuaZ/Sw2l6FIU/zzf7KoKgm29zmO7NDGa+sruoAi17t/ 8FN7jDXucXAuVkF5knJBe2EyvZ9U2Dd/rmlhMi1kMA/nnNOCxZPnU8ZDTIqCIDf3efcMTfTYGaV F2kzww//Ea1TNoq2NoofMp5lMgtSdRQgX8+APFLutN9pbsUhY9OCTtS8qyR/82p2nOMqzgJJN4l QD1Vf+xx+icQhynCXJX7KkjNrbHeka X-Received: by 2002:a05:6000:4310:b0:45e:73b9:fdeb with SMTP id ffacd0b85a97d-45eb367fa36mr25503544f8f.8.1779722191942; Mon, 25 May 2026 08:16:31 -0700 (PDT) X-Received: by 2002:a05:6000:4310:b0:45e:73b9:fdeb with SMTP id ffacd0b85a97d-45eb367fa36mr25503480f8f.8.1779722191454; Mon, 25 May 2026 08:16:31 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Magnus Kulke , Mohamed Mediouni Subject: [PULL 4/6] accel/mshv: implement cpu_thread_is_idle() hook Date: Mon, 25 May 2026 17:16:19 +0200 Message-ID: <20260525151621.395954-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260525151621.395954-1-pbonzini@redhat.com> References: <20260525151621.395954-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1779722211621154100 Content-Type: text/plain; charset="utf-8" From: Magnus Kulke In MSHV the hypervisor APIC is always used, so we to implement this hook to make sure the AP's vcpu thread is not blocked waiting for an INIT SIPI by the BSP. Without this change soft reboots with -smp cpus>=3D2 will hang. Signed-off-by: Magnus Kulke Reviewed-by: Mohamed Mediouni Link: https://lore.kernel.org/r/20260421-mshv_accel_arm64_supp-v3-9-469f544= 778ba@linux.microsoft.com [Make comment not x86 specific. - Paolo] Signed-off-by: Paolo Bonzini --- accel/mshv/mshv-all.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/accel/mshv/mshv-all.c b/accel/mshv/mshv-all.c index 58af674bd99..58d8638c0c1 100644 --- a/accel/mshv/mshv-all.c +++ b/accel/mshv/mshv-all.c @@ -714,11 +714,23 @@ static const TypeInfo mshv_accel_type =3D { .instance_size =3D sizeof(MshvState), }; =20 +/* + * MSHV manages secondary processors in the hypervisor. SIPI for x86 and + * PSCI for Arm are handled internally. Halted vCPUs must still enter + * mshv_cpu_exec() so that MSHV_RUN_VP is called and the hypervisor will + * wake APs. + */ +static bool mshv_vcpu_thread_is_idle(CPUState *cpu) +{ + return false; +} + static void mshv_accel_ops_class_init(ObjectClass *oc, const void *data) { AccelOpsClass *ops =3D ACCEL_OPS_CLASS(oc); =20 ops->create_vcpu_thread =3D mshv_start_vcpu_thread; + ops->cpu_thread_is_idle =3D mshv_vcpu_thread_is_idle; ops->synchronize_post_init =3D mshv_cpu_synchronize_post_init; ops->synchronize_post_reset =3D mshv_cpu_synchronize_post_reset; ops->synchronize_state =3D mshv_cpu_synchronize; --=20 2.54.0 From nobody Sat May 30 17:45:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1779722233; cv=none; d=zohomail.com; s=zohoarc; b=b0rcGl8OR9EJ2wU86btidcffAZg7rK4VUQNMN6E8N0x8D1isDV02We2tAodxE5Vvrz4b8HgrTBkUGlI+cJArLkRTtBPh/uSZ2fwEKhK7Gj0oBHSjPH99nykq+pSyEG6gK3+kU0p/mwlHXIRPCmRTfoQ0P7HPHG4vEP8Ly5IGV14= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779722233; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=pUP3DOSZXs62VtQk1fVchKzZIjmgpgHq+9XvtsuO+Dg=; b=lhKyP+02AzBxL81tUFxoTriRlyIY0hwX8CD7gW5zuW0O+QTtmHnMmm5iZ5JjUIkXrSnMx3x6htTI8if46H6tF9v/U36bN6P3k2C3ainM9q3aiXO5ioyGVe8WujDgeCdK9k/Phc9HOmviL32RzsAZDuNJVGPJbvDui4TBNW+2xms= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779722233727248.38923555877398; Mon, 25 May 2026 08:17:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRX2v-0006CJ-Sl; Mon, 25 May 2026 11:16:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2o-00061u-Hq for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:43 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2m-0007Up-ED for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:42 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-510-E0KFfki8NRehT9EJkc5Clg-1; Mon, 25 May 2026 11:16:37 -0400 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-49047e9ca88so24504515e9.3 for ; Mon, 25 May 2026 08:16:37 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4904561f2dfsm241323135e9.12.2026.05.25.08.16.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 08:16:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1779722199; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pUP3DOSZXs62VtQk1fVchKzZIjmgpgHq+9XvtsuO+Dg=; b=GhA3uVZ0okLPJWfOxU4fyeHs1SgRxHpQnQ/u32rJC3ItvlhTLdwUOBGxHJWRdwMN+zKX4w ZxXT92efiRIOLXNIjKr3GQ+NTzaitCeiXWcsfIgmNqWL47cE3Q/OhTasKUX6wdFDX3LWzO iUIpyxAlbDbuiEDyBaEeXlwPy4I+sVo= X-MC-Unique: E0KFfki8NRehT9EJkc5Clg-1 X-Mimecast-MFC-AGG-ID: E0KFfki8NRehT9EJkc5Clg_1779722196 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1779722196; x=1780326996; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pUP3DOSZXs62VtQk1fVchKzZIjmgpgHq+9XvtsuO+Dg=; b=U2o1wu5RJq2yWSA4lkz8tUSaFPgBokYyo+9QkNxqeeyBbBhYgqpwsnG88ZPlUBxDua uMTztMpQwxEiokFbAdTlJRPAC/FUBX+5jRC3lzFLsJpjvAselaqL1i8Fxr5xUDV7iovm 5eFLR5azx5cDWVp7GYGSffmbweegW1oFQvcAhhBAXQFtetIzqBGIp0E4OjdqdVqTECFI HqbfgaFbY/njxFlpaH4RkrcuRNWtFcfHC/PtmgqbTQBIsvzFYvE4D7/hW7T4/Wkayvyp BP/msLda/5QO6050LSbXLiLUjqYyhMGcG3W958lC4ZT+Sg9rXex4hSsafVT78GH+JHaX fXgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779722196; x=1780326996; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=pUP3DOSZXs62VtQk1fVchKzZIjmgpgHq+9XvtsuO+Dg=; b=enhXUmRuZbVZQu1w2rgzEqvHPySkSo5dIm+axFzKbFmYIEzklf7OQgRtGrmRt0m5zT ub1my0S3n94J4FrOKEPgqFU+XvY/bI13/opljspHa/r4AnjUuXbR7/SANp8YgVuKsZw4 Bn4chjErW90HfGnSG10WVScS4c+ckJ/deByJ275oyhHbWUNaSb4zx4OLU9K11PVniDGb AuaDNXNS8BceruTJx0BaWtzeARJAqlhAGHXT9SYOPuxWvzjqJ6IaWMe9Mk4wFlKJMhYf 7Ltr8SevTKnfUbTK5SxNXPH40ufBWlEYw8RfYR3sNPN3T2BD3X7AwvISvWBNNsWSRBhI vGBA== X-Gm-Message-State: AOJu0YwJEuSftYGJLDMTi9IHKDyz+ZdCx7tZwUUh1+ovI7s3FWzjI8Jd i0bOva/7Gr+r/y5cjRKoaRTonQcnXziQvUGU7myyCRN8L3DYyiFTDhLeqDbv5oMs0jnIevuoBnx UsXv3gEXDwqVAavPiRw4kS3bqJ/UyDZFOqdEcxyDM1zUfK/XRtFyCqPTYYrapdgz0tdmqoWxIsK g8fJ7LT93QCkjYVgZHrFZgqapCF55W4pCaoCL0x6Gr X-Gm-Gg: Acq92OGC6r+mkG2vx/5fZ2SZLuQQWzOt/ZPu1SeyzRSd4vYwzEc7suHomWCDrTjrshf rsHwXFf9HifhoMeMGCJZrcZiNb63DbsY7rSL+OzizJPETgikJd4KQRr31lXJg2NeigIj3L+8l3v PSEdzNRR7O6pFZllLrIco847mb+y1KKqQIYc4mlhsDnT+jgWhQ6JU3mDcRjp1Uc6zlMUJMTj/i+ iQ+vI4hiUzDOgPR5jSJZDUmy6lPybwjNQbedKvTthokm0HkRtZ1oMHUbKap/2aNKWL5qnaJh3Mj 3/TeCzpSNspB5LeE+M6N7+sAZMZn5xCX2twVv6ddXu+ZBWDmE/2qvo0QqjNiIovOYBVN11WD4Ae Zgy3YhSL+1zGHk1oc1+h11jyPSkOhFHBSnlqnPezAEHEq02Ynf1acTfAYz0Nm5xq+1kaYgAmEPa Gct7Tj2MCUBd0h+Ro4gAeswifLamo4 X-Received: by 2002:a05:600c:a011:b0:490:50ff:7943 with SMTP id 5b1f17b1804b1-49050ff7b15mr170411715e9.5.1779722196260; Mon, 25 May 2026 08:16:36 -0700 (PDT) X-Received: by 2002:a05:600c:a011:b0:490:50ff:7943 with SMTP id 5b1f17b1804b1-49050ff7b15mr170411125e9.5.1779722195731; Mon, 25 May 2026 08:16:35 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Jinjie Ruan , qemu-stable@nongnu.org Subject: [PULL 5/6] mc146818rtc: Fix get_guest_rtc_ns() overflow bug Date: Mon, 25 May 2026 17:16:20 +0200 Message-ID: <20260525151621.395954-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260525151621.395954-1-pbonzini@redhat.com> References: <20260525151621.395954-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1779722235751158500 Content-Type: text/plain; charset="utf-8" From: Jinjie Ruan In get_guest_rtc_ns(), "s->base_rtc" is uint64_t, which multiplied by "NANOSECONDS_PER_SECOND" may overflow the uint64_t type, which will cause the QEMU Linux Virtual Machine's RTC time to jump and in turn triggers a kernel Soft Lockup and ultimately leads to a crash. Fix it by avoiding adding s->base_rtc in get_guest_rtc_ns_offset(), because get_guest_rtc_ns() is used either take the remainder of NANOSECONDS_PER_SECOND or take the quotient of NANOSECONDS_PER_SECOND. Fixes: 56038ef6234e ("RTC: Update the RTC clock only when reading it") Signed-off-by: Jinjie Ruan Link: https://lore.kernel.org/r/20260114013257.3500578-1-ruanjinjie@huawei.= com Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/rtc/mc146818rtc.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/hw/rtc/mc146818rtc.c b/hw/rtc/mc146818rtc.c index ccbb2797169..bcab018c7cd 100644 --- a/hw/rtc/mc146818rtc.c +++ b/hw/rtc/mc146818rtc.c @@ -77,12 +77,13 @@ static inline bool rtc_running(MC146818RtcState *s) (s->cmos_data[RTC_REG_A] & 0x70) <=3D 0x20); } =20 -static uint64_t get_guest_rtc_ns(MC146818RtcState *s) +/* + * Note: get_rtc_ns_since_last_update() does not include the base_rtc seco= nds + * value. This does not matter if the caller only needs the nanoseconds p= art. + */ +static uint64_t get_rtc_ns_since_last_update(MC146818RtcState *s) { - uint64_t guest_clock =3D qemu_clock_get_ns(rtc_clock); - - return s->base_rtc * NANOSECONDS_PER_SECOND + - guest_clock - s->last_update + s->offset; + return qemu_clock_get_ns(rtc_clock) - s->last_update + s->offset; } =20 static void rtc_coalesced_timer_update(MC146818RtcState *s) @@ -258,7 +259,7 @@ static void check_update_timer(MC146818RtcState *s) return; } =20 - guest_nsec =3D get_guest_rtc_ns(s) % NANOSECONDS_PER_SECOND; + guest_nsec =3D get_rtc_ns_since_last_update(s) % NANOSECONDS_PER_SECON= D; next_update_time =3D qemu_clock_get_ns(rtc_clock) + NANOSECONDS_PER_SECOND - guest_nsec; =20 @@ -510,7 +511,7 @@ static void cmos_ioport_write(void *opaque, hwaddr addr, /* if disabling set mode, update the time */ if ((s->cmos_data[RTC_REG_B] & REG_B_SET) && (s->cmos_data[RTC_REG_A] & 0x70) <=3D 0x20) { - s->offset =3D get_guest_rtc_ns(s) % NANOSECONDS_PER_SE= COND; + s->offset =3D get_rtc_ns_since_last_update(s) % NANOSE= CONDS_PER_SECOND; rtc_set_time(s); } } @@ -623,10 +624,8 @@ static void rtc_update_time(MC146818RtcState *s) { struct tm ret; time_t guest_sec; - int64_t guest_nsec; =20 - guest_nsec =3D get_guest_rtc_ns(s); - guest_sec =3D guest_nsec / NANOSECONDS_PER_SECOND; + guest_sec =3D s->base_rtc + get_rtc_ns_since_last_update(s) / NANOSECO= NDS_PER_SECOND; gmtime_r(&guest_sec, &ret); =20 /* Is SET flag of Register B disabled? */ @@ -637,7 +636,7 @@ static void rtc_update_time(MC146818RtcState *s) =20 static int update_in_progress(MC146818RtcState *s) { - int64_t guest_nsec; + uint64_t guest_nsec; =20 if (!rtc_running(s)) { return 0; @@ -652,7 +651,7 @@ static int update_in_progress(MC146818RtcState *s) } } =20 - guest_nsec =3D get_guest_rtc_ns(s); + guest_nsec =3D get_rtc_ns_since_last_update(s); /* UIP bit will be set at last 244us of every second. */ if ((guest_nsec % NANOSECONDS_PER_SECOND) >=3D (NANOSECONDS_PER_SECOND - UIP_HOLD_LENGTH)) { --=20 2.54.0 From nobody Sat May 30 17:45:06 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1779722260; cv=none; d=zohomail.com; s=zohoarc; b=ErZeO9pSUDEonOprGpKNjMXKQ0ZuerQYF2GywtI9o4r1SLlNQHQCF/VgpabLTni4INLY6noYmD2orUq274EJSjRwDxrYIpLyHo5s0LMRTdIldcSkz7vmS9JDZsUkcDxMgpwMMU5I5BdS4bbc5xsHLbE2gq3oAZrN6f1Y4IkvKc4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779722260; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=seRe1ZqQqT3HIB24WiVLXa3WLn+CdJlH2m0bpSi8QME=; b=XPBd5qDBnougwGIW9MDxI7laj5Xutuhsib7rMkXPTsgSpqakTjGtRDLh8DRaN5s1rvpJGidvPtp0qoTw3qf7yOzihJoMW3bBbxsNbOvW7rVLVJvtHWOnW8c77v6ntsnv5FTBO3MIVCrS8BsHpvSzQrGlYqkwVlQ/yyJXaaJQimY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779722260302387.6647528229281; Mon, 25 May 2026 08:17:40 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRX2r-00068J-EH; Mon, 25 May 2026 11:16:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2p-00064b-Tv for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRX2o-0007XU-8z for qemu-devel@nongnu.org; Mon, 25 May 2026 11:16:43 -0400 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-34-ZCnK8RhzMfWD-YyfNbAn9A-1; Mon, 25 May 2026 11:16:39 -0400 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48fe24773c8so51055555e9.3 for ; Mon, 25 May 2026 08:16:39 -0700 (PDT) Received: from [192.168.10.48] ([176.206.106.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-49044f2bad3sm274395015e9.0.2026.05.25.08.16.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 08:16:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1779722200; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=seRe1ZqQqT3HIB24WiVLXa3WLn+CdJlH2m0bpSi8QME=; b=gLylFw0bgDmpe7gDDaF+JpZxz6BmrW4T7ixw+xFyoqBiIo1yRHpJ3v5G1scFGKWHAeKKhI onX/+b5k6VtqLsYODPZwfMUeCSF44aESa8Te5MexPdVWiGRw3E2+3DmV91HuwYKjPTpBpS 3jaZFpG5CYNy7AHlb6Fbl5S8woxjfUQ= X-MC-Unique: ZCnK8RhzMfWD-YyfNbAn9A-1 X-Mimecast-MFC-AGG-ID: ZCnK8RhzMfWD-YyfNbAn9A_1779722198 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1779722198; x=1780326998; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=seRe1ZqQqT3HIB24WiVLXa3WLn+CdJlH2m0bpSi8QME=; b=puIPqvy2+zoGUDbiAWTi0oS6VQ1pjf7EOaMGYWiiYZn5K8dMXt2/iidpMfHhZZSsCf UPzVaqD/J4FQew4Ai+A/thgnvRXFLSXoQNz5T6q67d+Aerdq+YRBmiTsNZE/gXVwNljA aw5oz+WllnlwNXnHPtGZgY/2g5FLfGpETb2gBqLBH8BXLKJ0cU2+dl27P7PSReiFxfrd ds5K4IFxMCoo1sGAZZ2iE3rBMNZiSdKtGaqQDO8HqWLgdLdqkmVj3682dknu/0P4NuQ6 2rDT0aXZjpSsTxkEG0V5l6XDaCWA2cIV21pbc4ZU5mm3sBAKbQRgeo8xUJxfpZ2NdHJC 9NLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779722198; x=1780326998; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=seRe1ZqQqT3HIB24WiVLXa3WLn+CdJlH2m0bpSi8QME=; b=gFZeOTEMsdIwdN9GOyU5cc6mVxQTE7pOaowF3aF6FgJpUiFlLv+gim2R9EAwhbbVoO SKW2PHsFQGr4QYffQXWC606FBaL9g1ehf+u+VLXd7RzPttjKKT4IzeaTyeFlkZknHI8s oAs5rS+bA/TeEAbBlhTh/sFImHool1vBSPFJ9o/kyS6Lc6Ew+LpdjxfCTfH8nYtj8alD djXL6z8xvHxXhDwJlGAEh7C9meh9kDIBZ9tzsujj77cPb3kx1MypDgsu4AU1YCei0hWJ gNQx9xE2w78F3q6qXLhd2dLA2Gtw+7+XOTcP/TG2WKUY6uWksbV59h5mncbTq1ah+Zw+ Nxig== X-Gm-Message-State: AOJu0YwlRV6qwzcpBhXUh6C8y7OmgZZ+j57C9elRSrd5QkHh9MmgC+iB QU5kP3AU17e/Sr7SaiULMsd1SccDiXLWFaJWw1qrQKuYGByDhQ91bnIOC4erB2BU7a9Bp50bvWP 7Q08bTEXrgsNa0DHmlD5iJzez7stObrH0/QtBh2fSmfcZN4wEBwucPTpWTiPeUnJJYUITDVtDmW /DJE7z0dxo5hu5t53K1/FtDm579e9epN/mQ0SAdguh X-Gm-Gg: Acq92OFhz3pkNVZan/a4ITnTiV/TrZwZl8XCyrB4j4GE4bUSy8mlTGVuGlAK7ZWUHVQ 0GygvGAjkxft9R+jja6Z1Fpkn9JZdQokf5MteHNpMEBZqUH1C/T1TV4sJ95UfyDllBV8AvTHDP3 kshPMIa0WVxy4hd32ufOTXGmASiVOTM+SvY9IXgaqgruE1YBO9PCjkKfFyAgsKAv+iYoOke/dwE hfBSmMghRijEHzodd67o+4Ipnp/eyjfn9U20QXrj90qnQ4YxHVk9uXnD1C7AbwhzqmEqmTUkr8T 8TBmL2xN0xHB7xMGsCwFgv+D0Yu9KHAP6g+gwpratMdMgexDbFX70JL6NXg72BNAAJLQvTJXOcm Qp9yoP0MwWigiM72A5qEjozx784RhMWm/pBtKRO0pjLVWRQjTvNV5Gdv9tgBeA/hAnHKT24bx6B /0hJDkLyndTBwV2j68iTnVCX3AC0qq X-Received: by 2002:a05:600c:4ecc:b0:489:2005:b36e with SMTP id 5b1f17b1804b1-490428c9564mr238084275e9.19.1779722198079; Mon, 25 May 2026 08:16:38 -0700 (PDT) X-Received: by 2002:a05:600c:4ecc:b0:489:2005:b36e with SMTP id 5b1f17b1804b1-490428c9564mr238083745e9.19.1779722197525; Mon, 25 May 2026 08:16:37 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PULL 6/6] json-parser: constify JSONToken Date: Mon, 25 May 2026 17:16:21 +0200 Message-ID: <20260525151621.395954-7-pbonzini@redhat.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260525151621.395954-1-pbonzini@redhat.com> References: <20260525151621.395954-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1779722261851154100 Content-Type: text/plain; charset="utf-8" Signed-off-by: Paolo Bonzini --- qobject/json-parser.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/qobject/json-parser.c b/qobject/json-parser.c index 7483e582fea..f6622b82b0a 100644 --- a/qobject/json-parser.c +++ b/qobject/json-parser.c @@ -55,7 +55,8 @@ static QObject *parse_value(JSONParserContext *ctxt); * Error handler */ static void G_GNUC_PRINTF(3, 4) parse_error(JSONParserContext *ctxt, - JSONToken *token, const char *m= sg, ...) + const JSONToken *token, + const char *msg, ...) { va_list ap; char message[1024]; @@ -126,7 +127,7 @@ static int cvt4hex(const char *s) * - Invalid Unicode characters are rejected. * - Control characters \x00..\x1F are rejected by the lexer. */ -static QString *parse_string(JSONParserContext *ctxt, JSONToken *token) +static QString *parse_string(JSONParserContext *ctxt, const JSONToken *tok= en) { const char *ptr =3D token->str; GString *str; @@ -239,14 +240,14 @@ out: * parser_context_pop_token is deleted as soon as parser_context_pop_token * is called again. */ -static JSONToken *parser_context_pop_token(JSONParserContext *ctxt) +static const JSONToken *parser_context_pop_token(JSONParserContext *ctxt) { g_free(ctxt->current); ctxt->current =3D g_queue_pop_head(ctxt->buf); return ctxt->current; } =20 -static JSONToken *parser_context_peek_token(JSONParserContext *ctxt) +static const JSONToken *parser_context_peek_token(JSONParserContext *ctxt) { return g_queue_peek_head(ctxt->buf); } @@ -259,7 +260,7 @@ static int parse_pair(JSONParserContext *ctxt, QDict *d= ict) QObject *key_obj =3D NULL; QString *key; QObject *value; - JSONToken *peek, *token; + const JSONToken *peek, *token; =20 peek =3D parser_context_peek_token(ctxt); if (peek =3D=3D NULL) { @@ -309,7 +310,7 @@ out: static QObject *parse_object(JSONParserContext *ctxt) { QDict *dict =3D NULL; - JSONToken *token, *peek; + const JSONToken *token, *peek; =20 token =3D parser_context_pop_token(ctxt); assert(token && token->type =3D=3D JSON_LCURLY); @@ -363,7 +364,7 @@ out: static QObject *parse_array(JSONParserContext *ctxt) { QList *list =3D NULL; - JSONToken *token, *peek; + const JSONToken *token, *peek; =20 token =3D parser_context_pop_token(ctxt); assert(token && token->type =3D=3D JSON_LSQUARE); @@ -426,7 +427,7 @@ out: =20 static QObject *parse_keyword(JSONParserContext *ctxt) { - JSONToken *token; + const JSONToken *token; =20 token =3D parser_context_pop_token(ctxt); assert(token && token->type =3D=3D JSON_KEYWORD); @@ -444,7 +445,7 @@ static QObject *parse_keyword(JSONParserContext *ctxt) =20 static QObject *parse_interpolation(JSONParserContext *ctxt) { - JSONToken *token; + const JSONToken *token; =20 token =3D parser_context_pop_token(ctxt); assert(token && token->type =3D=3D JSON_INTERP); @@ -480,7 +481,7 @@ static QObject *parse_interpolation(JSONParserContext *= ctxt) =20 static QObject *parse_literal(JSONParserContext *ctxt) { - JSONToken *token; + const JSONToken *token; =20 token =3D parser_context_pop_token(ctxt); assert(token); @@ -532,7 +533,7 @@ static QObject *parse_literal(JSONParserContext *ctxt) =20 static QObject *parse_value(JSONParserContext *ctxt) { - JSONToken *token; + const JSONToken *token; =20 token =3D parser_context_peek_token(ctxt); if (token =3D=3D NULL) { --=20 2.54.0