Commit graph

71 commits

Author SHA1 Message Date
Matt Borgerson
ec974f1c7c v9.2.0 release
-----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmdYamYZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3iruD/91YiKIo5HZw7pE7FCtIcWS
 6K2frz/ruujhDYqLclyANppxrypI7JyYF1xw0jWLqZMSP8/qn/YKEdMCNoVnIo7S
 cUg/i+RWsncKPEeCSRLlartsgMHwlyXq8W3YQ7ONkEPUwwODzNKTdyoe+8npRjyf
 TfbQVjNN8Sw11w2aYME+or1nm1XnH8aB7O1sdBxGFy6Z9//2xeMvf/EKEdCbThn/
 sWBGKbgkku5Rjk0E/xE94tVJcuOFJGhzDraLqU0ZMLivQvLPY0hOZLbaK3q1NHm/
 YTrK9S0EwXtfJXG5uAJ+5IXoLnWk7gzqQa70PYYhiXsJYyQk65m6muT47eNNOQRs
 1s8FIV23/zespuaDCc/wvnp/nIkGCYh5DUme8/vgY1gA+YoHavmVJW+72/N6TS+v
 Ym5t9Ud2y/jWKgZgCtdHwGXLvM4e0u0Ou3WGKnLUAmlL82A8Xo9CBE1VjDXaP/WA
 6s2U1UPML/15tjig/pO5YVDO1nXSkKr+yoWL3myUHIDJslIrOJoGQKHLBpeckqL8
 4hhb+jcRRz24PrpqMSOCehnUuUM58b/eFeQQ9mpVnKAC7I5OQTj6QCjreO5gLt0n
 CcuuuQV4VDHwc03hpVuTNuNcXKEDqNfS7AsGDr3ZcFemScRADmcxXLM0YOp8xdTG
 8guHE/F7RYy5mfsD0TF49w==
 =aEmF
 -----END PGP SIGNATURE-----

Merge tag 'v9.2.0'

v9.2.0 release
2025-01-03 22:30:04 -07:00
Matt Borgerson
454668e5b2 qemu/compiler.h: Drop gcc_struct attribute in QEMU_PACKED
This attribute was added in 0f7fdd3 to reverse the effects of
-mms-bitfields, which is enabled by default when building for Windows.
Let's just align with other libraries.

Really all structures using QEMU_PACKED should be audited for bitfield
packing dependency, but it mostly looks to be applied to structs
without bitfields.
2024-12-30 15:36:08 -07:00
Peter Maydell
0554840032 include: Fix typo in name of MAKE_IDENTFIER macro
In commit bb71846325 we added some macro magic to avoid
variable-shadowing when using some of our more complicated
macros. One of the internal components of this is a macro
named MAKE_IDENTFIER. Fix the typo in its name: it should
be MAKE_IDENTIFIER.

Commit created with
 sed -i -e 's/MAKE_IDENTFIER/MAKE_IDENTIFIER/g' include/qemu/*.h include/qapi/qmp/qobject.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240801102516.3843780-1-peter.maydell@linaro.org
2024-08-09 17:37:54 +01:00
Paolo Bonzini
eb350d1d01 include: move typeof_strip_qual to compiler.h, use it in QAPI_LIST_LENGTH()
The typeof_strip_qual() is most useful for the atomic fetch-and-modify
operations in atomic.h, but it can be used elsewhere as well.  For example,
QAPI_LIST_LENGTH() assumes that the argument is not const, which is not a
requirement.

Move the macro to compiler.h and, while at it, move it under #ifndef
__cplusplus to emphasize that it uses C-only constructs.  A C++ version
of typeof_strip_qual() using type traits is possible[1], but beyond the
scope of this patch because the little C++ code that is in QEMU does not
use QAPI.

The patch was tested by changing the declaration of strv_from_str_list()
in qapi/qapi-type-helpers.c to:

    char **strv_from_str_list(const strList *const list)

This is valid C code, and it fails to compile without this change.

[1] https://lore.kernel.org/qemu-devel/20240624205647.112034-1-flwu@google.com/

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Tested-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-06-28 14:44:52 +02:00
Paolo Bonzini
230f6e06b8 meson: do not use set10
Make all items of config-host.h consistent.  To keep the --disable-coroutine-pool
code visible to the compiler, mutuate the IS_ENABLED() macro from Linux.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-10-17 15:20:53 +02:00
Marc-André Lureau
75b773d84c win32: avoid discarding the exception handler
In all likelihood, the compiler with lto doesn't see the function being
used, from assembly macro __try1. Help it by marking the function has
being used.

Resolves:
https://gitlab.com/qemu-project/qemu/-/issues/1904

Fixes: commit d89f30b4df ("win32: wrap socket close() with an exception handler")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2023-10-03 15:05:20 +04:00
Markus Armbruster
bb71846325 qobject atomics osdep: Make a few macros more hygienic
Variables declared in macros can shadow other variables.  Much of the
time, this is harmless, e.g.:

    #define _FDT(exp)                                                  \
        do {                                                           \
            int ret = (exp);                                           \
            if (ret < 0) {                                             \
                error_report("error creating device tree: %s: %s",   \
                        #exp, fdt_strerror(ret));                      \
                exit(1);                                               \
            }                                                          \
        } while (0)

Harmless shadowing in h_client_architecture_support():

        target_ulong ret;

        [...]

        ret = do_client_architecture_support(cpu, spapr, vec, fdt_bufsize);
        if (ret == H_SUCCESS) {
            _FDT((fdt_pack(spapr->fdt_blob)));
            [...]
        }

        return ret;

However, we can get in trouble when the shadowed variable is used in a
macro argument:

    #define QOBJECT(obj) ({                                 \
        typeof(obj) o = (obj);                              \
        o ? container_of(&(o)->base, QObject, base) : NULL; \
     })

QOBJECT(o) expands into

    ({
--->    typeof(o) o = (o);
        o ? container_of(&(o)->base, QObject, base) : NULL;
    })

Unintended variable name capture at --->.  We'd be saved by
-Winit-self.  But I could certainly construct more elaborate death
traps that don't trigger it.

To reduce the risk of trapping ourselves, we use variable names in
macros that no sane person would use elsewhere.  Here's our actual
definition of QOBJECT():

    #define QOBJECT(obj) ({                                         \
        typeof(obj) _obj = (obj);                                   \
        _obj ? container_of(&(_obj)->base, QObject, base) : NULL;   \
    })

Works well enough until we nest macro calls.  For instance, with

    #define qobject_ref(obj) ({                     \
        typeof(obj) _obj = (obj);                   \
        qobject_ref_impl(QOBJECT(_obj));            \
        _obj;                                       \
    })

the expression qobject_ref(obj) expands into

    ({
        typeof(obj) _obj = (obj);
        qobject_ref_impl(
            ({
--->            typeof(_obj) _obj = (_obj);
                _obj ? container_of(&(_obj)->base, QObject, base) : NULL;
            }));
        _obj;
    })

Unintended variable name capture at --->.

The only reliable way to prevent unintended variable name capture is
-Wshadow.

One blocker for enabling it is shadowing hiding in function-like
macros like

     qdict_put(dict, "name", qobject_ref(...))

qdict_put() wraps its last argument in QOBJECT(), and the last
argument here contains another QOBJECT().

Use dark preprocessor sorcery to make the macros that give us this
problem use different variable names on every call.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230921121312.1301864-8-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-09-29 08:13:57 +02:00
Paolo Bonzini
d79b9202e4 compiler: introduce QEMU_ANNOTATE
Allow a more shorter syntax when defining wrapper macros for
__attribute__((annotate(...))).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-09-26 18:09:08 +02:00
Warner Losh
8a45962be3 bsd-user: Move PRAGMA_DISABLE_PACKED_WARNING etc to qemu.h
For the moment, move PRAGMA_DISABLE_PACKED_WARNING and
PRAGMA_ENABLE_PACKED_WARNING back to bsd-user/qemu.h.

Of course, these should be in compiler.h, but that interferes with too
many things at the moment, so take one step back to unbreak clang
linux-user builds first. Use the exact same version that's in
linux-user/qemu.h since that's what should be in compiler.h.

Signed-off-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2023-08-30 08:57:08 -06:00
Kyle Evans
15b950ecd1 bsd-user: Disable clang warnings
Implement PRAGMA_DISABLE_PACKED_WARNING and
PRAGMA_REENABLE_PACKED_WARNING macros in include/qemu/compiler.h.

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Warner Losh <imp@bsdimp.com>
2023-08-28 12:16:18 -06:00
Matt Borgerson
0f27526006 v7.2.4 release
-----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmSp1ksPHG1qdEB0bHMu
 bXNrLnJ1AAoJEHAbT2saaT5ZaU4IAKVA9cUkF8IORzcZ8iXy6kTjLNYXd458nURO
 PkrZ0DZfnUJTmyUDoR5gjZrZhRvvHGSyAnwBvd1WLeFZgD2yD2i2ZZczfI3uc3ov
 LkW6mMJRVEWFlszA6SCbFtZ+Z9hgbJidQmb+SxxxnCmrnQF48ysQ0Feg/B4TObMt
 Ej/xMEF52Ujr4VDe3Iq6dXp/AT8NwShEEc1VWFXbNJCNp2BM31FC21cFENPiv2y3
 2E8n+wOGxSSayArOEkgov55Mre9M7L79hOhRXgp0EmJP/nxmm9GTv5rETrT5USr7
 rZzDrsfS3muSArsGd7J4NkvyrParNmIBjSrOK0zX5p8pg9pVJ7U=
 =o+if
 -----END PGP SIGNATURE-----

Merge tag 'v7.2.4' into sync/qemu-7.2.0

v7.2.4 release
2023-07-17 03:29:42 -07:00
Peter Maydell
29191ea6a5 host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
We use __builtin_subcll() to do a 64-bit subtract with borrow-in and
borrow-out when the host compiler supports it.  Unfortunately some
versions of Apple Clang have a bug in their implementation of this
intrinsic which means it returns the wrong value.  The effect is that
a QEMU built with the affected compiler will hang when emulating x86
or m68k float80 division.

The upstream LLVM issue is:
https://github.com/llvm/llvm-project/issues/55253

The commit that introduced the bug apparently never made it into an
upstream LLVM release without the subsequent fix
fffb6e6afd
but unfortunately it did make it into Apple Clang 14.0, as shipped
in Xcode 14.3 (14.2 is reported to be OK). The Apple bug number is
FB12210478.

Add ifdefs to avoid use of __builtin_subcll() on Apple Clang version
14 or greater.  There is not currently a version of Apple Clang which
has the bug fix -- when one appears we should be able to add an upper
bound to the ifdef condition so we can start using the builtin again.
We make the lower bound a conservative "any Apple clang with major
version 14 or greater" because the consequences of incorrectly
disabling the builtin when it would work are pretty small and the
consequences of not disabling it when we should are pretty bad.

Many thanks to those users who both reported this bug and also
did a lot of work in identifying the root cause; in particular
to Daniel Bertalan and osy.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1631
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1659
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Daniel Bertalan <dani@danielbertalan.dev>
Tested-by: Tested-By: Solra Bizna <solra@bizna.name>
Message-id: 20230622130823.1631719-1-peter.maydell@linaro.org
(cherry picked from commit b0438861ef)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-06-26 01:31:07 +03:00
Peter Maydell
b0438861ef host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
We use __builtin_subcll() to do a 64-bit subtract with borrow-in and
borrow-out when the host compiler supports it.  Unfortunately some
versions of Apple Clang have a bug in their implementation of this
intrinsic which means it returns the wrong value.  The effect is that
a QEMU built with the affected compiler will hang when emulating x86
or m68k float80 division.

The upstream LLVM issue is:
https://github.com/llvm/llvm-project/issues/55253

The commit that introduced the bug apparently never made it into an
upstream LLVM release without the subsequent fix
fffb6e6afd
but unfortunately it did make it into Apple Clang 14.0, as shipped
in Xcode 14.3 (14.2 is reported to be OK). The Apple bug number is
FB12210478.

Add ifdefs to avoid use of __builtin_subcll() on Apple Clang version
14 or greater.  There is not currently a version of Apple Clang which
has the bug fix -- when one appears we should be able to add an upper
bound to the ifdef condition so we can start using the builtin again.
We make the lower bound a conservative "any Apple clang with major
version 14 or greater" because the consequences of incorrectly
disabling the builtin when it would work are pretty small and the
consequences of not disabling it when we should are pretty bad.

Many thanks to those users who both reported this bug and also
did a lot of work in identifying the root cause; in particular
to Daniel Bertalan and osy.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1631
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1659
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Daniel Bertalan <dani@danielbertalan.dev>
Tested-by: Tested-By: Solra Bizna <solra@bizna.name>
Message-id: 20230622130823.1631719-1-peter.maydell@linaro.org
2023-06-23 11:21:43 +01:00
Yeqi Fu
48805df9c2 replace TABs with spaces
Bring the files in line with the QEMU coding style, with spaces
for indentation.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/378
Signed-off-by: Yeqi Fu <fufuyqqqqqq@gmail.com>
Message-Id: <20230315032649.57568-1-fufuyqqqqqq@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-03-20 12:43:50 +01:00
Matt Borgerson
6ea11938b2 v7.2.0 release
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmOY5qgACgkQnKSrs4Gr
 c8is4ggAuXF4kEk+y8fUw60ykKytM5XeU3emNUw9EPoULhQgEbL+Zc+hH6ZCpn0b
 Pv+Vb4WjkxvY7dEDwvnsfA0Mu3Othy4B+ON4FebQzEhU3fedTD1owGnLlxBIphFv
 0aURRbhC865PUk3BwHef/Ic06QQNSVL6fOqyqFuQ+bVgktXIMk4VjYofCJ39S6TP
 bc8kWNBKrkxQUWaLH5BF4RSFV4/ghvWO5wjvsF0pbxMtkR3lotR9FHQ+S4UbWGee
 b7mUoPB/qlCWMDRCTZujSmP90mYzZamOS+VbpEJwUDhX1g7ScHu94CMjROuX2l2w
 MWkWVu+92QUUTcNbDrUO9Cun61gkFg==
 =Px/i
 -----END PGP SIGNATURE-----

Merge tag 'v7.2.0' into sync/qemu-7.2.0

v7.2.0 release
2023-01-22 13:17:37 -07:00
Marc-André Lureau
c213ef9a66 compiler.h: add QEMU_SANITIZE_{ADDRESS,THREAD}
Simplify a bit pre-compiler conditions.

For TSAN, QEMU already has CONFIG_TSAN, but it is only set when the
fiber API is present. (I wonder whether supporting TSAN without the
fiber API is really relevant)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220420132624.2439741-27-marcandre.lureau@redhat.com>
2022-04-21 17:08:52 +04:00
Marc-André Lureau
8905770b27 compiler.h: replace QEMU_NORETURN with G_NORETURN
G_NORETURN was introduced in glib 2.68, fallback to G_GNUC_NORETURN in
glib-compat.

Note that this attribute must be placed before the function declaration
(bringing a bit of consistency in qemu codebase usage).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20220420132624.2439741-20-marcandre.lureau@redhat.com>
2022-04-21 17:03:51 +04:00
Marc-André Lureau
94ae6b579d osdep.h: move qemu_build_not_reached()
Move the macro and declaration so it can use glib in the following
patch (it already depends on glib anyway for !optimize)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220420132624.2439741-19-marcandre.lureau@redhat.com>
2022-04-21 17:03:51 +04:00
Marc-André Lureau
519655970e Move HOST_LONG_BITS to compiler.h
This will help to make common code independent.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-22 14:46:11 +04:00
Marc-André Lureau
887ce500ef compiler.h: replace QEMU_SENTINEL with G_GNUC_NULL_TERMINATED
One less qemu-specific macro. It also helps to make some headers/units
only depend on glib, and thus moved in standalone projects eventually.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-22 14:40:51 +04:00
Marc-André Lureau
c08401793a compiler.h: replace QEMU_WARN_UNUSED_RESULT with G_GNUC_WARN_UNUSED_RESULT
One less qemu-specific macro. It also helps to make some headers/units
only depend on glib, and thus moved in standalone projects eventually.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-22 14:40:51 +04:00
Marc-André Lureau
9edc6313da Replace GCC_FMT_ATTR with G_GNUC_PRINTF
One less qemu-specific macro. It also helps to make some headers/units
only depend on glib, and thus moved in standalone projects eventually.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
2022-03-22 14:40:51 +04:00
Matt Borgerson
758e36d398 qemu/compiler.h: Assert in unreachable check in debug builds 2022-02-02 01:05:47 -07:00
Matt Borgerson
0e63232072 v6.1.0 release
-----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmElJYgZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3hUEEACqIL6/qyHjqKVX5+0zgJpo
 0iMVUjKGtQhHFdgZi/JI/uUcT6FsClGqx+XRtxWUP10kGV6iPF+GVlnXSx+iZCui
 +Is1p9ajLuDcrTj+nOOI9r9Km05C25Ub0A3YropzHMTKx64M3CwXJKvSz42lFHur
 A1qx1BefzC0JzVv8fa8TAca0JKGC+Hv/2Lstw/ctxdKIG94mcFjlQrzK4DZxsu/g
 QC3kZ7ABJu8UJTzB0KgtD2krsnnO5smePkS9WVlnyK86KWtp99U/T7HyCmRsbxy0
 EhPzK61bumMynFZaqOsoj+ppE0ued6hEHdKASCXGa/GEa/RE2YbW/gq9nJ1OR/ii
 EPYljNR6Jv5NfO79zDC+jW9EOk1JnP1A4x95WVSJSaJr+OEKgocxouI2IV1o0epf
 1xHI1aBJauIZ7mklGaCWJ/uvMoxcH+ngqbVDCX9jnzYYKadoWu8Tv5Zyam6bOhKC
 Y4FOfnp/a+wjS8eMNmn+ios/WjTss9AILyn6GaTVLSxJ278Iqz28nlRAVjiKDiTS
 KQYX9mp0ScpUzZBhES4mzlPpCyRc0fC1vM1jfRwn+N8cPslBLOEDB6gLnwpRmadO
 26CRiuA8d3qu3Efkdqz6xRcnIM9opPG/4Gj/SZw4V0kS87z/Y5o1nQiZgaU1tZ8q
 tOXcPDnMXJbCly7veMRfLQ==
 =XneO
 -----END PGP SIGNATURE-----

Merge tag 'v6.1.0' into merge/qemu-v6.1.0

v6.1.0 release
2021-09-04 15:11:03 -07:00
Richard Henderson
c7a7cb5692 configure: Remove probe for _Static_assert
_Static_assert is part of C11, which is now required.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210614233143.1221879-9-richard.henderson@linaro.org>
2021-06-15 18:31:00 -07:00
Richard Henderson
8bae43fa1a qemu/compiler: Remove QEMU_GENERIC
All previous users now use C11 _Generic.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210614233143.1221879-8-richard.henderson@linaro.org>
2021-06-15 18:31:00 -07:00
Matt Borgerson
8acac97625 v6.0.0-rc4 release
-----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmB+83kZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3twZEACoMkaKItD8i2XMOI25T+rf
 bITEs+qYRCaD1zvJIdltsByJ1HItiDyZNnRSfIXev5ggReoPdoWeWm4eqZoo20Va
 Yod+4z2EZDOQtbVu0hKBNz5njenqEZsuSkBOiTteUzMjjFEoOX7MAIrULx5CVw3h
 2fIfZnqansrINM8Pnvphp5WwNVPHOK1sVGBJPfG+lU279iWphIS4KHc0t9Ru8LVz
 gEcoG0FGZyy96Ibmz2UxWvUdTN+CljN2J7ImnjWJsrued3GMXFcGJWrwY2sa/LX6
 zcyzO1HFHVXxljUSYLr417bxaFgKQCgsn9ADQ65z3/j08WfnjMp33RUsxK0MadCS
 54aLoxxOCm0xfwBunpDm0RATRgdQXEQvGvPDzoomcuhEIrcUBSuQ7x0AJAL+0F5k
 fCqeb5z2vGu2eZG54dViHchr7ugv8SdtKlOYyHfZquFVtrj6yfslaws7Mr0682ic
 ux7u6V+KQFWqyL761aNPu5xqI3BP3AHaDJFp6gmDKD3NDXT6WiIU+r4W0BPoy8SQ
 41KPnjhjytJtC/5u0iABP2eTKr3L9cC+H9q9NOvzHLjHiImxnf0VTDus8mLDF0Bn
 xPvy/mzIOejr01t5Gy5hKLpunvuVLc0/kUqlD1yP+Xozg7bafv25EfDGmE8qMI0S
 RQSKJKWgTJS/HJ76iK4+8Q==
 =Vm6Q
 -----END PGP SIGNATURE-----

Merge tag 'v6.0.0-rc4' into merge/qemu-v6.0.0

v6.0.0-rc4 release
2021-04-20 10:22:42 -07:00
Matt Borgerson
d1d32026f8 v6.0.0-rc3 release
-----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmB3WUoZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3jEMD/46lT/PC77XxfNfzjpFhjBH
 XIGxr+zIAN2FvxH8ILaoPZn+1jhiS4FVqpq5aKyoaK61f3ZRsulO02Qb9QRHoy+P
 GOmunAAKN0lIbbvsLHQc9N1ndiSZ3uIhf1WlDvXVomBqDxhKDJY60pHrtGBnTyEe
 BdS7H41WIWWorrMdK/sHxudCsZkaQEwJu5pfIvqbNg4tH5AIaQabGak5tOWuKJ7m
 AFFCTp0g+g5ibWl9mx1sbNbE5WRzjSN6MepCz/OLZYGxYQ9Q/1xxrq/e3rpHblkh
 TWR5iWxrsEU9iIhr5AOQl5ISuMLO1lVJjDudej0zAaf3D9ekJ7a6TD5tAfSTYm4z
 lpcVk5PGJntHdnZ3rHfnlLpTKUfTifzCkfm8sxgqP/5Jyty/8b0s8FU0RVspJdPF
 Fa+axpcQnRP7D+MAB1d5sPXWsrf1KO5FBohsbBWAgZIw28qg7Q59iuSXntpTbr09
 QgeohMKqITJ41ADzAq0K8JEBCzwH9JkbfFYsISd6OoEvB77PdM4XB7npRUNG9LP9
 9lZLFqY0VPAdDkDwzJEZS45vUjKIeHLK9XR5Slz6feKG29P69L4L6Owd250m5NRP
 FwslKSjJwLY4PcHgcMytk7V8Yur536I43m4VFwTtHFQz1SBjkAAsUDP+Q+MHsYr0
 eVVycmRz7bOdgWDZadJpqQ==
 =zM6v
 -----END PGP SIGNATURE-----

Merge tag 'v6.0.0-rc3' into merge/qemu-v6.0.0

Merge v6.0.0-rc3 release
2021-04-18 16:33:47 -07:00
Paolo Bonzini
875df03b22 osdep: protect qemu/osdep.h with extern "C"
System headers may include templates if compiled with a C++ compiler,
which cause the compiler to complain if qemu/osdep.h is included
within a C++ source file's 'extern "C"' block.  Add
an 'extern "C"' block directly to qemu/osdep.h, so that
system headers can be kept out of it.

There is a stray declaration early in qemu/osdep.h, which needs
to be special cased.  Add a definition in qemu/compiler.h to
make it look nice.

config-host.h, CONFIG_TARGET, exec/poison.h and qemu/compiler.h
are included outside the 'extern "C"' block; that is not
an issue because they consist entirely of preprocessor directives.

This allows us to move the include of osdep.h in our two C++
source files outside the extern "C" block they were previously
using for it, which in turn means that they compile successfully
against newer versions of glib which insist that glib.h is
*not* inside an extern "C" block.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210416135543.20382-3-peter.maydell@linaro.org
[PMM: Moved disas/arm-a64.cc osdep.h include out of its extern "C" block;
 explained in commit message why we're doing this]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-17 18:44:30 +01:00
Richard Henderson
c52ea111e0 qemu/compiler: Split out qemu_build_not_reached_always
Provide a symbol that can always be used to signal an error,
regardless of optimization.  Usage of this should be protected
by e.g. __builtin_constant_p, which guards for optimization.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-01-22 12:48:01 -10:00
Daniele Buono
c905a3680d cfi: Initial support for cfi-icall in QEMU
LLVM/Clang, supports runtime checks for forward-edge Control-Flow
Integrity (CFI).

CFI on indirect function calls (cfi-icall) ensures that, in indirect
function calls, the function called is of the right signature for the
pointer type defined at compile time.

For this check to work, the code must always respect the function
signature when using function pointer, the function must be defined
at compile time, and be compiled with link-time optimization.

This rules out, for example, shared libraries that are dynamically loaded
(given that functions are not known at compile time), and code that is
dynamically generated at run-time.

This patch:

1) Introduces the CONFIG_CFI flag to support cfi in QEMU

2) Introduces a decorator to allow the definition of "sensitive"
functions, where a non-instrumented function may be called at runtime
through a pointer. The decorator will take care of disabling cfi-icall
checks on such functions, when cfi is enabled.

3) Marks functions currently in QEMU that exhibit such behavior,
in particular:
- The function in TCG that calls pre-compiled TBs
- The function in TCI that interprets instructions
- Functions in the plugin infrastructures that jump to callbacks
- Functions in util that directly call a signal handler

Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org
Message-Id: <20201204230615.2392-3-dbuono@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-02 21:03:35 +01:00
Thomas Huth
d84568b773 tcg/optimize: Add fallthrough annotations
To be able to compile this file with -Werror=implicit-fallthrough,
we need to add some fallthrough annotations to the case statements
that might fall through. Unfortunately, the typical "/* fallthrough */"
comments do not work here as expected since some case labels are
wrapped in macros and the compiler fails to match the comments in
this case. But using __attribute__((fallthrough)) seems to work fine,
so let's use that instead (by introducing a new QEMU_FALLTHROUGH
macro in our compiler.h header file).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20201211152426.350966-11-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-12-18 09:14:23 +01:00
Marc-André Lureau
07b35a23c3 compiler.h: remove QEMU_GNUC_PREREQ
When needed, the G_GNUC_CHECK_VERSION() glib macro can be used instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201210134752.780923-14-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-15 12:53:15 -05:00
Marc-André Lureau
4e063f7b29 compiler: remove GNUC check
QEMU requires Clang or GCC, that define and support __GNUC__ extensions.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201210134752.780923-12-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-15 12:53:14 -05:00
Marc-André Lureau
28f86163a4 compiler.h: explicit case for Clang printf attribute
Since commit efc6c07 ("configure: Add a test for the minimum compiler
version"), QEMU explicitely depends on GCC >= 4.8, we could thus drop
earlier version checks. Except clang advertizes itself as GCC 4.2.1.

Since clang doesn't support gnu_printf, make that case explicitely and
drop GCC version check.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201210134752.780923-8-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-15 12:52:11 -05:00
Marc-André Lureau
44cb2c9fe5 compiler.h: remove GCC < 3 __builtin_expect fallback
Since commit efc6c07 ("configure: Add a test for the minimum compiler
version"), QEMU explicitely depends on GCC >= 4.8.

(clang >= 3.4 advertizes itself as GCC >= 4.2 compatible and supports
__builtin_expect too)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20201210134752.780923-4-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-15 12:52:09 -05:00
Matt Borgerson
64cacd4564 includes: Resolve some minor C++ incompatibilties 2020-05-04 07:20:05 -07:00
Zenghui Yu
b59ea3640c compiler.h: Don't use compile-time assert when __NO_INLINE__ is defined
Our robot reported the following compile-time warning while compiling
Qemu with -fno-inline cflags:

In function 'load_memop',
    inlined from 'load_helper' at /qemu/accel/tcg/cputlb.c:1578:20,
    inlined from 'full_ldub_mmu' at /qemu/accel/tcg/cputlb.c:1624:12:
/qemu/accel/tcg/cputlb.c:1502:9: error: call to 'qemu_build_not_reached' declared with attribute error: code path is reachable
         qemu_build_not_reached();
         ^~~~~~~~~~~~~~~~~~~~~~~~
    [...]

It looks like a false-positive because only (MO_UB ^ MO_BSWAP) will
hit the default case in load_memop() while need_swap (size > 1) has
already ensured that MO_UB is not involved.

So the thing is that compilers get confused by the -fno-inline and
just can't accurately evaluate memop_size(op) at compile time, and
then the qemu_build_not_reached() is wrongly triggered by (MO_UB ^
MO_BSWAP).  Let's carefully don't use the compile-time assert when
no functions will be inlined into their callers.

Reported-by: Euler Robot <euler.robot@huawei.com>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-Id: <20200205141545.180-1-yuzenghui@huawei.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-02-28 10:58:41 -08:00
Max Reitz
5d5b33c080 include: Move endof() up from hw/virtio/virtio.h
endof() is a useful macro, we can make use of it outside of virtio.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20191011152814.14791-2-mreitz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-10-28 11:51:07 +01:00
Richard Henderson
560e36d5a4 qemu/compiler.h: Add qemu_build_not_reached
Use this as a compile-time assert that a particular
code path is not reachable.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-09-25 10:19:57 -07:00
Richard Henderson
c6b716cdc0 cputlb: Disable __always_inline__ without optimization
This forced inlining can result in missing symbols,
which makes a debugging build harder to follow.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-09-25 10:12:33 -07:00
Cao Jiaxi
48bb55bfaa QEMU_PACKED: Remove gcc_struct attribute in Windows non x86 targets
gcc_struct is for x86 only, and it generates an warning on ARM64 Clang/MinGW targets.

Signed-off-by: Cao Jiaxi <driver1998@foxmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20190503003618.10089-1-driver1998@foxmail.com
[PMM: dropped the slirp change as slirp is now a submodule]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-05-07 12:55:02 +01:00
Thomas Huth
798b858130 linux-user: Fix compilation with clang 3.4
Clang version 3.4.2 does not know the -Wpragmas option yet and bails
out with an error when we try to disable it in linux-user/qemu.h.
Fortunately, clang has a __has_warning() macro which allows us to add
an explicit check for the option that we want to ignore. With that we
can check for the availability of "-Waddress-of-packed-member" properly
and do not need the "-Wpragmas" at all here.

Fixes: 850d5e330a
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2019-01-22 06:26:31 +01:00
Philippe Mathieu-Daudé
1daff2f819 qemu/compiler: Define QEMU_NONSTRING
GCC 8 introduced the -Wstringop-truncation checker to detect truncation by
the strncat and strncpy functions (closely related to -Wstringop-overflow,
which detect buffer overflow by string-modifying functions declared in
<string.h>).

In tandem of -Wstringop-truncation, the "nonstring" attribute was added:

  The nonstring variable attribute specifies that an object or member
  declaration with type array of char, signed char, or unsigned char,
  or pointer to such a type is intended to store character arrays that
  do not necessarily contain a terminating NUL. This is useful in detecting
  uses of such arrays or pointers with functions that expect NUL-terminated
  strings, and to avoid warnings when such an array or pointer is used as
  an argument to a bounded string manipulation function such as strncpy.

  From the GCC manual: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute

Add the QEMU_NONSTRING macro which checks if the compiler supports this
attribute.

Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-01-17 21:10:57 -05:00
Thomas Huth
78751ea855 Remove QEMU_ARTIFICIAL macro
The code that used it has already been removed a while ago with commit
dc41aa7d34 ("tcg: Remove GET_TCGV_* and MAKE_TCGV_*").

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-12-12 10:01:13 +01:00
Thomas Huth
f773b423cc includes: Replace QEMU_GNUC_PREREQ with "__has_builtin || !defined(__clang__)"
Since we require GCC version 4.8 or newer now, we can be sure that
the builtin functions are always available on GCC. And for Clang,
we can check the availablility with __has_builtin instead.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-12-12 10:01:13 +01:00
Richard Henderson
e6cd4bb59b tcg: Split CONFIG_ATOMIC128
GCC7+ will no longer advertise support for 16-byte __atomic operations
if only cmpxchg is supported, as for x86_64.  Fortunately, x86_64 still
has support for __sync_compare_and_swap_16 and we can make use of that.
AArch64 does not have, nor ever has had such support, so open-code it.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-18 19:46:36 -07:00
Thomas Huth
97ff87c0ed qemu/compiler: Wrap __attribute__((flatten)) in a macro
Older versions of Clang (before 3.5) and GCC (before 4.1) do not
support the "__attribute__((flatten))" yet. We don't care about
such old versions of GCC anymore, but since Clang 3.4 is still
used in EPEL for RHEL7 / CentOS 7, we should not use this attribute
directly but with a wrapper macro instead.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2018-10-17 08:36:28 +02:00
Peter Maydell
5a358b39f5 hw/display/qxl: Suppress clang-7 warning about misaligned atomic operation
If QEMU is compiled with clang-7 it results in the warning:

hw/display/qxl.c:1884:19: error: misaligned or large atomic operation
may incur significant performance penalty [-Werror,-Watomic-alignment]
    old_pending = atomic_fetch_or(&d->ram->int_pending, le_events);
                  ^

This is because the Spice headers forgot to define the QXLRam struct
with the '__aligned__(4)' attribute.  clang 7 and newer will thus
warn that the access here to int_pending might not be 4-aligned
(because the QXLRam object d->ram points at might start at a
misaligned address).  In fact we set up d->ram in init_qxl_ram() so
it always starts at a 4K boundary, so we know the atomic access here
is OK.

Newer Spice versions (with Spice commit
beda5ec7a6848be20c0cac2a9a8ef2a41e8069c1) will fix the bug;
for older Spice versions, work around it by telling the compiler
explicitly that the alignment is OK using __builtin_assume_aligned().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180927155538.699-1-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-05 11:21:17 +02:00
Stefan Hajnoczi
f18793b096 compiler: add a sizeof_field() macro
Determining the size of a field is useful when you don't have a struct
variable handy.  Open-coding this is ugly.

This patch adds the sizeof_field() macro, which is similar to
typeof_field().  Existing instances are updated to use the macro.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 20180614164431.29305-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-06-27 13:01:40 +01:00