mirror
/
qemu
mirror of https://gitlab.com/qemu-project/qemu
Code Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
stable-7.2
staging-7.2
stable-10.0
staging-10.0
stable-10.1
staging-10.1
staging
master
tracing
stable-9.2
staging-9.2
staging-8.2
stable-8.2
stable-9.1
staging-9.1
stable-9.0
staging-9.0
stable-8.1
staging-8.1
stable-8.0
staging-8.0
block
stable-6.1
stable-6.0
stable-5.0
stable-4.2
stable-4.1
stable-4.0
stable-3.1
stable-3.0
stable-2.12
stable-2.11
stable-2.10
stable-2.9
stable-2.8
stable-2.7
stable-2.6
stable-2.5
stable-2.4
stable-2.3
stable-2.2
stable-2.1
stable-2.0
stable-1.7
stable-1.6
stable-1.5
stable-1.4
stable-1.3
stable-1.2
stable-1.1
stable-1.0
stable-0.15
stable-0.14
stable-0.13
stable-0.12
stable-0.11
stable-0.10
v7.2.22
v10.0.7
v10.1.3
v10.2.0-rc2
v10.2.0-rc1
v10.0.6
v10.1.2
v7.2.21
v10.1.1
v10.0.5
v7.2.20
v10.0.4
v10.1.0
v10.1.0-rc4
v10.1.0-rc3
v10.1.0-rc2
v10.1.0-rc1
v10.1.0-rc0
v7.2.19
v10.0.3
v10.0.2
v10.0.1
v9.2.4
v7.2.18
v10.0.0
v10.0.0-rc4
v10.0.0-rc3
v10.0.0-rc2
v7.2.17
v8.2.10
v9.2.3
v10.0.0-rc1
v10.0.0-rc0
v9.2.2
v8.2.9
v7.2.16
v9.2.1
v9.1.3
v9.2.0
v9.2.0-rc3
v9.2.0-rc2
v9.1.2
v9.0.4
v8.2.8
v7.2.15
v9.2.0-rc1
v9.2.0-rc0
v9.1.1
v9.0.3
v8.2.7
v7.2.14
v9.1.0
v9.1.0-rc4
v9.1.0-rc3
v9.1.0-rc2
v9.1.0-rc1
v9.1.0-rc0
v9.0.2
v8.2.6
v7.2.13
v9.0.1
v8.2.5
v7.2.12
v8.2.4
v8.2.3
v7.2.11
v9.0.0
v9.0.0-rc4
v9.0.0-rc3
v9.0.0-rc2
v9.0.0-rc1
v9.0.0-rc0
v8.2.2
v7.2.10
v8.2.1
v8.1.5
v7.2.9
v8.1.4
v7.2.8
v8.2.0
v8.2.0-rc4
v8.2.0-rc3
v8.2.0-rc2
v8.2.0-rc1
v7.2.7
v8.1.3
v8.2.0-rc0
v8.1.2
v8.1.1
v7.2.6
v8.0.5
v8.1.0
v8.1.0-rc4
v8.1.0-rc3
v7.2.5
v8.0.4
v8.1.0-rc2
v8.1.0-rc1
v8.1.0-rc0
v8.0.3
v7.2.4
v8.0.2
v8.0.1
v7.2.3
v7.2.2
v8.0.0
v8.0.0-rc4
v8.0.0-rc3
v7.2.1
v8.0.0-rc2
v8.0.0-rc1
v8.0.0-rc0
v7.2.0
v7.2.0-rc4
v7.2.0-rc3
v7.2.0-rc2
v7.2.0-rc1
v7.2.0-rc0
v7.1.0
v7.1.0-rc4
v7.1.0-rc3
v7.1.0-rc2
v7.1.0-rc1
v7.1.0-rc0
v7.0.0
v7.0.0-rc4
v7.0.0-rc3
v7.0.0-rc2
v7.0.0-rc1
v7.0.0-rc0
v6.1.1
v6.2.0
v6.2.0-rc4
v6.2.0-rc3
v6.2.0-rc2
v6.2.0-rc1
v6.2.0-rc0
v6.0.1
v6.1.0
v6.1.0-rc4
v6.1.0-rc3
v6.1.0-rc2
v6.1.0-rc1
v6.1.0-rc0
v6.0.0
v6.0.0-rc5
v6.0.0-rc4
v6.0.0-rc3
v6.0.0-rc2
v6.0.0-rc1
v6.0.0-rc0
v5.2.0
v5.2.0-rc4
v5.2.0-rc3
v5.2.0-rc2
v5.2.0-rc1
v5.2.0-rc0
v5.0.1
v5.1.0
v5.1.0-rc3
v5.1.0-rc2
v5.1.0-rc1
v5.1.0-rc0
v4.2.1
v5.0.0
v5.0.0-rc4
v5.0.0-rc3
v5.0.0-rc2
v5.0.0-rc1
v5.0.0-rc0
v4.2.0
v4.2.0-rc5
v4.2.0-rc4
v4.2.0-rc3
v4.2.0-rc2
v4.1.1
v4.2.0-rc1
v4.2.0-rc0
v4.0.1
v3.1.1.1
v4.1.0
v4.1.0-rc5
v4.1.0-rc4
v3.1.1
v4.1.0-rc3
v4.1.0-rc2
v4.1.0-rc1
v4.1.0-rc0
v4.0.0
v4.0.0-rc4
v3.0.1
v4.0.0-rc3
v4.0.0-rc2
v4.0.0-rc1
v4.0.0-rc0
v3.1.0
v3.1.0-rc5
v3.1.0-rc4
v3.1.0-rc3
v3.1.0-rc2
v3.1.0-rc1
v3.1.0-rc0
v3.0.0
v3.0.0-rc4
v2.12.1
v3.0.0-rc3
v3.0.0-rc2
v3.0.0-rc1
v3.0.0-rc0
v2.11.2
v2.12.0
v2.12.0-rc4
v2.12.0-rc3
v2.12.0-rc2
v2.12.0-rc1
v2.12.0-rc0
v2.11.1
v2.10.2
v2.11.0
v2.11.0-rc5
v2.11.0-rc4
v2.11.0-rc3
v2.11.0-rc2
v2.11.0-rc1
v2.11.0-rc0
v2.10.1
v2.9.1
v2.10.0
v2.10.0-rc4
v2.10.0-rc3
v2.10.0-rc2
v2.10.0-rc1
v2.10.0-rc0
v2.8.1.1
v2.9.0
v2.9.0-rc5
v2.9.0-rc4
v2.9.0-rc3
v2.8.1
v2.9.0-rc2
v2.9.0-rc1
v2.9.0-rc0
v2.7.1
v2.8.0
v2.8.0-rc4
v2.8.0-rc3
v2.8.0-rc2
v2.8.0-rc1
v2.8.0-rc0
v2.6.2
v2.7.0
v2.7.0-rc5
v2.7.0-rc4
v2.6.1
v2.7.0-rc3
v2.7.0-rc2
v2.7.0-rc1
v2.7.0-rc0
v2.6.0
v2.5.1.1
v2.6.0-rc5
v2.6.0-rc4
v2.6.0-rc3
v2.6.0-rc2
v2.6.0-rc1
v2.6.0-rc0
v2.5.1
v2.5.0
v2.5.0-rc4
v2.5.0-rc3
v2.5.0-rc2
v2.5.0-rc1
v2.5.0-rc0
v2.4.1
v2.4.0.1
v2.3.1
v2.4.0
v2.4.0-rc4
v2.4.0-rc3
v2.4.0-rc2
v2.4.0-rc1
v2.4.0-rc0
v2.3.0
v2.3.0-rc4
v2.3.0-rc3
v2.3.0-rc2
v2.3.0-rc1
v2.3.0-rc0
v2.2.1
v2.1.3
v2.2.0
v2.2.0-rc5
v2.2.0-rc4
v2.2.0-rc3
v2.2.0-rc2
v2.2.0-rc1
v2.2.0-rc0
v2.1.2
v2.1.1
v2.1.0
v2.1.0-rc5
v2.1.0-rc4
v2.1.0-rc3
v2.1.0-rc2
v2.1.0-rc1
v2.1.0-rc0
v2.0.0
v2.0.0-rc3
v2.0.0-rc2
v2.0.0-rc1
v2.0.0-rc0
v1.4.0
v1.4.0-rc2
v1.4.0-rc1
v1.4.0-rc0
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.2.0-rc1
v1.0
v1.0-rc4
v0.14.1
initial
release_0_10_0
release_0_10_1
release_0_10_2
release_0_5_1
release_0_6_0
release_0_6_1
release_0_7_0
release_0_7_1
release_0_8_1
release_0_8_2
release_0_9_0
release_0_9_1
v0.1.0
v0.1.1
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.11.0
v0.11.0-rc0
v0.11.0-rc1
v0.11.0-rc2
v0.11.1
v0.12.0
v0.12.0-rc0
v0.12.0-rc1
v0.12.0-rc2
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.13.0
v0.13.0-rc0
v0.13.0-rc1
v0.13.0-rc2
v0.13.0-rc3
v0.14.0
v0.14.0-rc0
v0.14.0-rc1
v0.14.0-rc2
v0.15.0
v0.15.0-rc0
v0.15.0-rc1
v0.15.0-rc2
v0.15.1
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.1
v0.8.2
v0.9.0
v0.9.1
v1.0-rc0
v1.0-rc1
v1.0-rc2
v1.0-rc3
v1.0.1
v1.1-rc0
v1.1-rc1
v1.1-rc2
v1.1.0
v1.1.0-rc2
v1.1.0-rc3
v1.1.0-rc4
v1.1.1
v1.1.2
v1.2.0-rc0
v1.2.1
v1.2.2
v1.3.0
v1.3.0-rc0
v1.3.0-rc1
v1.3.0-rc2
v1.3.1
v1.4.1
v1.4.2
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.5.0-rc2
v1.5.0-rc3
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.2
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.0-rc2
v1.7.1
v1.7.2
v2.0.1
v2.0.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
qemu/include/hw
History
Peter Maydell ef44cc0a76 hw/pci: Make msix_init take a uint32_t for nentries 
msix_init() and msix_init_exclusive_bar() take an "unsigned short"
argument for the number of MSI-X vectors to try to use.  This is big
enough for the maximum permitted number of vectors, which is 2048.
Unfortunately, we have several devices (most notably virtio) which
allow the user to specify the desired number of vectors, and which
use uint32_t properties for this.  If the user sets the property to a
value that is too big for a uint16_t, the value will be truncated
when it is passed to msix_init(), and msix_init() may then return
success if the truncated value is a valid one.

The resulting mismatch between the number of vectors the msix code
thinks the device has and the number of vectors the device itself
thinks it has can cause assertions, such as the one in issue 2631,
where "-device virtio-mouse-pci,vectors=19923041" is interpreted by
msix as "97 vectors" and by the virtio-pci layer as "19923041
vectors"; a guest attempt to access vector 97 thus passes the
virtio-pci bounds checking and hits an essertion in
msix_vector_use().

Avoid this by making msix_init() and its wrapper function
msix_init_exclusive_bar() take the number of vectors as a uint32_t.
The erroneous command line will now produce the warning

 qemu-system-i386: -device virtio-mouse-pci,vectors=19923041:
   warning: unable to init msix vectors to 19923041

and proceed without crashing.  (The virtio device warns and falls
back to not using MSIX, rather than complaining that the option is
not a valid value this is the same as the existing behaviour for
values that are beyond the MSI-X maximum possible value but fit into
a 16-bit integer, like 2049.)

To ensure this doesn't result in potential overflows in calculation
of the BAR size in msix_init_exclusive_bar(), we duplicate the
nentries error-check from msix_init() at the top of
msix_init_exclusive_bar(), so we know nentries is sane before we
start using it.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2631
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251107131044.1321637-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 		1 week ago
..
acpi qapi/acpi-hest: add an interface to do generic CPER error injection 2 months ago
adc
arm hw/arm/aspeed: Rename and export connect_serial_hds_to_uarts() as aspeed_connect_serial_hds_to_uarts() 1 month ago
audio audio: move audio.h under include/qemu/ 1 month ago
block block: enable stats-intervals for storage devices 1 month ago
char * char: rename CharBackend->CharFrontend 1 month ago
core exec/cpu: Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document 1 month ago
cpu
cxl hw/cxl: mailbox-utils: 0x5604 - FMAPI Initiate DC Add 5 months ago
display audio: move audio.h under include/qemu/ 1 month ago
dma
firmware hw/smbios: allow clearing the VM bit in SMBIOS table 0 2 months ago
fsi
gpio
hyperv include/hw/hyperv: Add MSHV ABI header definitions 2 months ago
i2c
i386 intel_iommu: Handle PASID cache invalidation 4 weeks ago
ide
input qom: remove redundant typedef when use OBJECT_DECLARE_SIMPLE_TYPE 1 month ago
intc hw/int/loongarch: Include missing 'system/memory.h' header 1 month ago
ipack
ipmi
isa audio: move audio.h under include/qemu/ 1 month ago
loongarch hw/loongarch/virt: Sort order by hardware device base address 2 months ago
m68k
mem
mips
misc hw/southbridge/lasi: Correct LasiState parent 2 weeks ago
net hw/hppa: Enable LASI i82596 network on 715 machine 1 month ago
nubus
nvram hw/core/register: remove the calls to `register_finalize_block' 1 month ago
openrisc
pci hw/pci: Make msix_init take a uint32_t for nentries 1 week ago
pci-bridge
pci-host qom: remove redundant typedef when use OBJECT_DECLARE_SIMPLE_TYPE 1 month ago
ppc ppc/spapr: Cleanup MSI IRQ number handling 1 month ago
remote
riscv hw/riscv: Widen OpenSBI dynamic info struct 1 month ago
rtc
rx
s390x hw/s390x/ccw: Remove SCLPDevice::increment_size field 1 month ago
scsi qom: remove redundant typedef when use OBJECT_DECLARE_SIMPLE_TYPE 1 month ago
sd hw/sd/sdcard: Remove support for spec v1.10 3 months ago
sensor
sh4
southbridge x86: ich9: fix default value of 'No Reboot' bit in GCS 2 months ago
sparc
ssi hw/ssi: Document ssi_transfer() method 3 months ago
timer hw/pcspk: use explicitly the required PIT types 1 month ago
tricore
uefi hw/uefi: Include missing 'system/memory.h' header 1 month ago
usb
vfio qom: remove redundant typedef when use OBJECT_DECLARE_SIMPLE_TYPE 1 month ago
virtio * char: rename CharBackend->CharFrontend 1 month ago
vmapple
watchdog
xen hw/xen: Avoid non-inclusive language in params.h 1 month ago
xtensa
boards.h hw/boards: Introduce DEFINE_MACHINE_WITH_INTERFACE_ARRAY() macro 1 month ago
clock.h
elf_ops.h.inc
fw-path-provider.h
hotplug.h
hw.h
irq.h hw/irq: New qemu_init_irq_child() function 3 months ago
loader-fit.h
loader.h hw/core/loader: capture Error from load_image_targphys 1 month ago
nmi.h
or-irq.h
platform-bus.h
ptimer.h
qdev-clock.h
qdev-core.h hw/qdev: Have qdev_get_gpio_out_connector() take const DeviceState arg 1 month ago
qdev-dma.h
qdev-properties-system.h audio: remove QEMUSoundCard 1 month ago
qdev-properties.h qdev: Change PropertyInfo method print() to return malloc'ed string 1 month ago
register.h hw/core/register: remove the `register_finalize_block' function 1 month ago
registerfields.h
resettable.h
stream.h
sysbus.h hw/sysbus: Have various helpers take a const SysBusDevice argument 1 month ago
usb.h
vmstate-if.h