Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200414' into staging

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

patch queue:
* Fix some problems that trip up Coverity's scanner
* run-coverity-scan: New script automating the scan-and-upload process
* docs: Improve our gdbstub documentation
* configure: Honour --disable-werror for Sphinx
* docs: Fix errors produced when building with Sphinx 3.0
* docs: Require Sphinx 1.6 or better
* Add deprecation notice for KVM support on AArch32 hosts

# gpg: Signature made Tue 14 Apr 2020 17:25:22 BST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200414:
Deprecate KVM support for AArch32
docs: Require Sphinx 1.6 or better
kernel-doc: Use c:struct for Sphinx 3.0 and later
scripts/kernel-doc: Add missing close-paren in c:function directives
configure: Honour --disable-werror for Sphinx
docs: Improve our gdbstub documentation
scripts/coverity-scan: Add Docker support
scripts/run-coverity-scan: Script to run Coverity Scan build
linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock() etc
thread.h: Fix Coverity version of qemu_cond_timedwait()
osdep.h: Drop no-longer-needed Coverity workarounds

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Peter Maydell 6 years ago a457215e 14e5526b

+615 -40

14 changed files

expand all

MAINTAINERS

Makefile

configure

docs

conf.py

sphinx

kerneldoc.py

system

deprecated.rst

gdb.rst

include

qemu

osdep.h

thread.h

linux-user

flatload.c

qemu-options.hx

scripts

coverity-scan

coverity-scan.docker

run-coverity-scan

kernel-doc

MAINTAINERS

··· 2038 2038 S: Supported 2039 2039 F: scripts/coverity-model.c 2040 2040 2041 + Coverity Scan integration 2042 + M: Peter Maydell <peter.maydell@linaro.org> 2043 + S: Maintained 2044 + F: scripts/coverity-scan/ 2045 + 2041 2046 Device Tree 2042 2047 M: Alistair Francis <alistair.francis@wdc.com> 2043 2048 R: David Gibson <david@gibson.dropbear.id.au>

+1 -1

Makefile

··· 1076 1076 # Note the use of different doctree for each (manual, builder) tuple; 1077 1077 # this works around Sphinx not handling parallel invocation on 1078 1078 # a single doctree: https://github.com/sphinx-doc/sphinx/issues/2946 1079 - build-manual = $(call quiet-command,CONFDIR="$(qemu_confdir)" $(SPHINX_BUILD) $(if $(V),,-q) -W -b $2 -D version=$(VERSION) -D release="$(FULL_VERSION)" -d .doctrees/$1-$2 $(SRC_PATH)/docs/$1 $(MANUAL_BUILDDIR)/$1 ,"SPHINX","$(MANUAL_BUILDDIR)/$1") 1079 + build-manual = $(call quiet-command,CONFDIR="$(qemu_confdir)" $(SPHINX_BUILD) $(if $(V),,-q) $(SPHINX_WERROR) -b $2 -D version=$(VERSION) -D release="$(FULL_VERSION)" -d .doctrees/$1-$2 $(SRC_PATH)/docs/$1 $(MANUAL_BUILDDIR)/$1 ,"SPHINX","$(MANUAL_BUILDDIR)/$1") 1080 1080 # We assume all RST files in the manual's directory are used in it 1081 1081 manual-deps = $(wildcard $(SRC_PATH)/docs/$1/*.rst $(SRC_PATH)/docs/$1/*/*.rst) \ 1082 1082 $(SRC_PATH)/docs/defs.rst.inc \

+8 -1

configure

··· 4928 4928 kcov=yes 4929 4929 fi 4930 4930 4931 + # If we're making warnings fatal, apply this to Sphinx runs as well 4932 + sphinx_werror="" 4933 + if test "$werror" = "yes"; then 4934 + sphinx_werror="-W" 4935 + fi 4936 + 4931 4937 # Check we have a new enough version of sphinx-build 4932 4938 has_sphinx_build() { 4933 4939 # This is a bit awkward but works: create a trivial document and ··· 4936 4942 # sphinx-build doesn't exist at all or if it is too old. 4937 4943 mkdir -p "$TMPDIR1/sphinx" 4938 4944 touch "$TMPDIR1/sphinx/index.rst" 4939 - "$sphinx_build" -c "$source_path/docs" -b html "$TMPDIR1/sphinx" "$TMPDIR1/sphinx/out" >/dev/null 2>&1 4945 + "$sphinx_build" $sphinx_werror -c "$source_path/docs" -b html "$TMPDIR1/sphinx" "$TMPDIR1/sphinx/out" >/dev/null 2>&1 4940 4946 } 4941 4947 4942 4948 # Check if tools are available to build documentation. ··· 7631 7637 echo "INSTALL_LIB=$install -c -m 0644" >> $config_host_mak 7632 7638 echo "PYTHON=$python" >> $config_host_mak 7633 7639 echo "SPHINX_BUILD=$sphinx_build" >> $config_host_mak 7640 + echo "SPHINX_WERROR=$sphinx_werror" >> $config_host_mak 7634 7641 echo "GENISOIMAGE=$genisoimage" >> $config_host_mak 7635 7642 echo "CC=$cc" >> $config_host_mak 7636 7643 if $iasl -h > /dev/null 2>&1; then

+4 -2

docs/conf.py

··· 59 59 60 60 # If your documentation needs a minimal Sphinx version, state it here. 61 61 # 62 - # 1.3 is where the 'alabaster' theme was shipped with Sphinx. 63 - needs_sphinx = '1.3' 62 + # Sphinx 1.5 and earlier can't build our docs because they are too 63 + # picky about the syntax of the argument to the option:: directive 64 + # (see Sphinx bugs #646, #3366). 65 + needs_sphinx = '1.6' 64 66 65 67 # Add any Sphinx extension module names here, as strings. They can be 66 68 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom

docs/sphinx/kerneldoc.py

··· 99 99 env.note_dependency(os.path.abspath(f)) 100 100 cmd += ['-export-file', f] 101 101 102 + cmd += ['-sphinx-version', sphinx.__version__] 102 103 cmd += [filename] 103 104 104 105 try:

docs/system/deprecated.rst

··· 336 336 the processor has been deprecated. The ``max-cpu-compat`` property of 337 337 the ``pseries`` machine type should be used instead. 338 338 339 + KVM guest support on 32-bit Arm hosts (since 5.0) 340 + ''''''''''''''''''''''''''''''''''''''''''''''''' 341 + 342 + The Linux kernel has dropped support for allowing 32-bit Arm systems 343 + to host KVM guests as of the 5.7 kernel. Accordingly, QEMU is deprecating 344 + its support for this configuration and will remove it in a future version. 345 + Running 32-bit guests on a 64-bit Arm host remains supported. 346 + 339 347 System emulator devices 340 348 ----------------------- 341 349

+15 -7

docs/system/gdb.rst

··· 3 3 GDB usage 4 4 --------- 5 5 6 - QEMU has a primitive support to work with gdb, so that you can do 7 - 'Ctrl-C' while the virtual machine is running and inspect its state. 6 + QEMU supports working with gdb via gdb's remote-connection facility 7 + (the "gdbstub"). This allows you to debug guest code in the same 8 + way that you might with a low-level debug facility like JTAG 9 + on real hardware. You can stop and start the virtual machine, 10 + examine state like registers and memory, and set breakpoints and 11 + watchpoints. 8 12 9 - In order to use gdb, launch QEMU with the '-s' option. It will wait for 10 - a gdb connection: 13 + In order to use gdb, launch QEMU with the ``-s`` and ``-S`` options. 14 + The ``-s`` option will make QEMU listen for an incoming connection 15 + from gdb on TCP port 1234, and ``-S`` will make QEMU not start the 16 + guest until you tell it to from gdb. (If you want to specify which 17 + TCP port to use or to use something other than TCP for the gdbstub 18 + connection, use the ``-gdb dev`` option instead of ``-s``.) 11 19 12 20 .. parsed-literal:: 13 21 14 - |qemu_system| -s -kernel bzImage -hda rootdisk.img -append "root=/dev/hda" 15 - Connected to host network interface: tun0 16 - Waiting gdb connection on port 1234 22 + |qemu_system| -s -S -kernel bzImage -hda rootdisk.img -append "root=/dev/hda" 23 + 24 + QEMU will launch but will silently wait for gdb to connect. 17 25 18 26 Then launch gdb on the 'vmlinux' executable:: 19 27

-14

include/qemu/osdep.h

··· 33 33 #else 34 34 #include "exec/poison.h" 35 35 #endif 36 - #ifdef __COVERITY__ 37 - /* Coverity does not like the new _Float* types that are used by 38 - * recent glibc, and croaks on every single file that includes 39 - * stdlib.h. These typedefs are enough to please it. 40 - * 41 - * Note that these fix parse errors so they cannot be placed in 42 - * scripts/coverity-model.c. 43 - */ 44 - typedef float _Float32; 45 - typedef double _Float32x; 46 - typedef double _Float64; 47 - typedef __float80 _Float64x; 48 - typedef __float128 _Float128; 49 - #endif 50 36 51 37 #include "qemu/compiler.h" 52 38

+6 -6

include/qemu/thread.h

··· 57 57 * hide them. 58 58 */ 59 59 #define qemu_mutex_lock(m) \ 60 - qemu_mutex_lock_impl(m, __FILE__, __LINE__); 60 + qemu_mutex_lock_impl(m, __FILE__, __LINE__) 61 61 #define qemu_mutex_trylock(m) \ 62 - qemu_mutex_trylock_impl(m, __FILE__, __LINE__); 62 + qemu_mutex_trylock_impl(m, __FILE__, __LINE__) 63 63 #define qemu_rec_mutex_lock(m) \ 64 - qemu_rec_mutex_lock_impl(m, __FILE__, __LINE__); 64 + qemu_rec_mutex_lock_impl(m, __FILE__, __LINE__) 65 65 #define qemu_rec_mutex_trylock(m) \ 66 - qemu_rec_mutex_trylock_impl(m, __FILE__, __LINE__); 66 + qemu_rec_mutex_trylock_impl(m, __FILE__, __LINE__) 67 67 #define qemu_cond_wait(c, m) \ 68 - qemu_cond_wait_impl(c, m, __FILE__, __LINE__); 68 + qemu_cond_wait_impl(c, m, __FILE__, __LINE__) 69 69 #define qemu_cond_timedwait(c, m, ms) \ 70 - qemu_cond_wait_impl(c, m, ms, __FILE__, __LINE__); 70 + qemu_cond_timedwait_impl(c, m, ms, __FILE__, __LINE__) 71 71 #else 72 72 #define qemu_mutex_lock(m) ({ \ 73 73 QemuMutexLockFunc _f = atomic_read(&qemu_mutex_lock_func); \

+1 -1

linux-user/flatload.c

··· 37 37 38 38 #include "qemu.h" 39 39 #include "flat.h" 40 - #include <target_flat.h> 40 + #include "target_flat.h" 41 41 42 42 //#define DEBUG 43 43

+18 -6

qemu-options.hx

··· 3680 3680 ERST 3681 3681 3682 3682 DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \ 3683 - "-gdb dev wait for gdb connection on 'dev'\n", QEMU_ARCH_ALL) 3683 + "-gdb dev accept gdb connection on 'dev'. (QEMU defaults to starting\n" 3684 + " the guest without waiting for gdb to connect; use -S too\n" 3685 + " if you want it to not start execution.)\n", 3686 + QEMU_ARCH_ALL) 3684 3687 SRST 3685 3688 ``-gdb dev`` 3686 - Wait for gdb connection on device dev (see 3687 - :ref:`gdb_005fusage`). Typical connections will likely be 3688 - TCP-based, but also UDP, pseudo TTY, or even stdio are reasonable 3689 - use case. The latter is allowing to start QEMU from within gdb and 3690 - establish the connection via a pipe: 3689 + Accept a gdb connection on device dev (see 3690 + :ref:`gdb_005fusage`). Note that this option does not pause QEMU 3691 + execution -- if you want QEMU to not start the guest until you 3692 + connect with gdb and issue a ``continue`` command, you will need to 3693 + also pass the ``-S`` option to QEMU. 3694 + 3695 + The most usual configuration is to listen on a local TCP socket:: 3696 + 3697 + -gdb tcp::3117 3698 + 3699 + but you can specify other backends; UDP, pseudo TTY, or even stdio 3700 + are all reasonable use cases. For example, a stdio connection 3701 + allows you to start QEMU from within gdb and establish the 3702 + connection via a pipe: 3691 3703 3692 3704 .. parsed-literal:: 3693 3705

+131

scripts/coverity-scan/coverity-scan.docker

··· 1 + # syntax=docker/dockerfile:1.0.0-experimental 2 + # 3 + # Docker setup for running the "Coverity Scan" tools over the source 4 + # tree and uploading them to the website, as per 5 + # https://scan.coverity.com/projects/qemu/builds/new 6 + # We do this on a fixed config (currently Fedora 30 with a known 7 + # set of dependencies and a configure command that enables a specific 8 + # set of options) so that random changes don't result in our accidentally 9 + # dropping some files from the scan. 10 + # 11 + # We don't build on top of the fedora.docker file because we don't 12 + # want to accidentally change or break the scan config when that 13 + # is updated. 14 + 15 + # The work of actually doing the build is handled by the 16 + # run-coverity-scan script. 17 + 18 + FROM fedora:30 19 + ENV PACKAGES \ 20 + alsa-lib-devel \ 21 + bc \ 22 + bison \ 23 + brlapi-devel \ 24 + bzip2 \ 25 + bzip2-devel \ 26 + ccache \ 27 + clang \ 28 + curl \ 29 + cyrus-sasl-devel \ 30 + dbus-daemon \ 31 + device-mapper-multipath-devel \ 32 + findutils \ 33 + flex \ 34 + gcc \ 35 + gcc-c++ \ 36 + gettext \ 37 + git \ 38 + glib2-devel \ 39 + glusterfs-api-devel \ 40 + gnutls-devel \ 41 + gtk3-devel \ 42 + hostname \ 43 + libaio-devel \ 44 + libasan \ 45 + libattr-devel \ 46 + libblockdev-mpath-devel \ 47 + libcap-devel \ 48 + libcap-ng-devel \ 49 + libcurl-devel \ 50 + libepoxy-devel \ 51 + libfdt-devel \ 52 + libgbm-devel \ 53 + libiscsi-devel \ 54 + libjpeg-devel \ 55 + libpmem-devel \ 56 + libnfs-devel \ 57 + libpng-devel \ 58 + librbd-devel \ 59 + libseccomp-devel \ 60 + libssh-devel \ 61 + libubsan \ 62 + libudev-devel \ 63 + libusbx-devel \ 64 + libxml2-devel \ 65 + libzstd-devel \ 66 + llvm \ 67 + lzo-devel \ 68 + make \ 69 + mingw32-bzip2 \ 70 + mingw32-curl \ 71 + mingw32-glib2 \ 72 + mingw32-gmp \ 73 + mingw32-gnutls \ 74 + mingw32-gtk3 \ 75 + mingw32-libjpeg-turbo \ 76 + mingw32-libpng \ 77 + mingw32-libtasn1 \ 78 + mingw32-nettle \ 79 + mingw32-nsis \ 80 + mingw32-pixman \ 81 + mingw32-pkg-config \ 82 + mingw32-SDL2 \ 83 + mingw64-bzip2 \ 84 + mingw64-curl \ 85 + mingw64-glib2 \ 86 + mingw64-gmp \ 87 + mingw64-gnutls \ 88 + mingw64-gtk3 \ 89 + mingw64-libjpeg-turbo \ 90 + mingw64-libpng \ 91 + mingw64-libtasn1 \ 92 + mingw64-nettle \ 93 + mingw64-pixman \ 94 + mingw64-pkg-config \ 95 + mingw64-SDL2 \ 96 + ncurses-devel \ 97 + nettle-devel \ 98 + nss-devel \ 99 + numactl-devel \ 100 + perl \ 101 + perl-Test-Harness \ 102 + pixman-devel \ 103 + pulseaudio-libs-devel \ 104 + python3 \ 105 + python3-sphinx \ 106 + PyYAML \ 107 + rdma-core-devel \ 108 + SDL2-devel \ 109 + snappy-devel \ 110 + sparse \ 111 + spice-server-devel \ 112 + systemd-devel \ 113 + systemtap-sdt-devel \ 114 + tar \ 115 + texinfo \ 116 + usbredir-devel \ 117 + virglrenderer-devel \ 118 + vte291-devel \ 119 + wget \ 120 + which \ 121 + xen-devel \ 122 + xfsprogs-devel \ 123 + zlib-devel 124 + ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3 125 + 126 + RUN dnf install -y $PACKAGES 127 + RUN rpm -q $PACKAGES | sort > /packages.txt 128 + ENV PATH $PATH:/usr/libexec/python3-sphinx/ 129 + ENV COVERITY_TOOL_BASE=/coverity-tools 130 + COPY run-coverity-scan run-coverity-scan 131 + RUN --mount=type=secret,id=coverity.token,required ./run-coverity-scan --update-tools-only --tokenfile /run/secrets/coverity.token

+401

scripts/coverity-scan/run-coverity-scan

··· 1 + #!/bin/sh -e 2 + 3 + # Upload a created tarball to Coverity Scan, as per 4 + # https://scan.coverity.com/projects/qemu/builds/new 5 + 6 + # This work is licensed under the terms of the GNU GPL version 2, 7 + # or (at your option) any later version. 8 + # See the COPYING file in the top-level directory. 9 + # 10 + # Copyright (c) 2017-2020 Linaro Limited 11 + # Written by Peter Maydell 12 + 13 + # Note that this script will automatically download and 14 + # run the (closed-source) coverity build tools, so don't 15 + # use it if you don't trust them! 16 + 17 + # This script assumes that you're running it from a QEMU source 18 + # tree, and that tree is a fresh clean one, because we do an in-tree 19 + # build. (This is necessary so that the filenames that the Coverity 20 + # Scan server sees are relative paths that match up with the component 21 + # regular expressions it uses; an out-of-tree build won't work for this.) 22 + # The host machine should have as many of QEMU's dependencies 23 + # installed as possible, for maximum coverity coverage. 24 + 25 + # To do an upload you need to be a maintainer in the Coverity online 26 + # service, and you will need to know the "Coverity token", which is a 27 + # secret 8 digit hex string. You can find that from the web UI in the 28 + # project settings, if you have maintainer access there. 29 + 30 + # Command line options: 31 + # --dry-run : run the tools, but don't actually do the upload 32 + # --docker : create and work inside a docker container 33 + # --update-tools-only : update the cached copy of the tools, but don't run them 34 + # --tokenfile : file to read Coverity token from 35 + # --version ver : specify version being analyzed (default: ask git) 36 + # --description desc : specify description of this version (default: ask git) 37 + # --srcdir : QEMU source tree to analyze (default: current working dir) 38 + # --results-tarball : path to copy the results tarball to (default: don't 39 + # copy it anywhere, just upload it) 40 + # --src-tarball : tarball to untar into src dir (default: none); this 41 + # is intended mainly for internal use by the Docker support 42 + # 43 + # User-specifiable environment variables: 44 + # COVERITY_TOKEN -- Coverity token 45 + # COVERITY_EMAIL -- the email address to use for uploads (default: 46 + # looks at your git user.email config) 47 + # COVERITY_BUILD_CMD -- make command (default: 'make -jN' where N is 48 + # number of CPUs as determined by 'nproc') 49 + # COVERITY_TOOL_BASE -- set to directory to put coverity tools 50 + # (default: /tmp/coverity-tools) 51 + # 52 + # You must specify the token, either by environment variable or by 53 + # putting it in a file and using --tokenfile. Everything else has 54 + # a reasonable default if this is run from a git tree. 55 + 56 + check_upload_permissions() { 57 + # Check whether we can do an upload to the server; will exit the script 58 + # with status 1 if the check failed (usually a bad token); 59 + # will exit the script with status 0 if the check indicated that we 60 + # can't upload yet (ie we are at quota) 61 + # Assumes that PROJTOKEN, PROJNAME and DRYRUN have been initialized. 62 + 63 + echo "Checking upload permissions..." 64 + 65 + if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$PROJTOKEN&project=$PROJNAME" -q -O -)"; then 66 + echo "Coverity Scan API access denied: bad token?" 67 + exit 1 68 + fi 69 + 70 + # Really up_perm is a JSON response with either 71 + # {upload_permitted:true} or {next_upload_permitted_at:<date>} 72 + # We do some hacky string parsing instead of properly parsing it. 73 + case "$up_perm" in 74 + *upload_permitted*true*) 75 + echo "Coverity Scan: upload permitted" 76 + ;; 77 + *next_upload_permitted_at*) 78 + if [ "$DRYRUN" = yes ]; then 79 + echo "Coverity Scan: upload quota reached, continuing dry run" 80 + else 81 + echo "Coverity Scan: upload quota reached; stopping here" 82 + # Exit success as this isn't a build error. 83 + exit 0 84 + fi 85 + ;; 86 + *) 87 + echo "Coverity Scan upload check: unexpected result $up_perm" 88 + exit 1 89 + ;; 90 + esac 91 + } 92 + 93 + 94 + update_coverity_tools () { 95 + # Check for whether we need to download the Coverity tools 96 + # (either because we don't have a copy, or because it's out of date) 97 + # Assumes that COVERITY_TOOL_BASE, PROJTOKEN and PROJNAME are set. 98 + 99 + mkdir -p "$COVERITY_TOOL_BASE" 100 + cd "$COVERITY_TOOL_BASE" 101 + 102 + echo "Checking for new version of coverity build tools..." 103 + wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME&md5=1" -O coverity_tool.md5.new 104 + 105 + if ! cmp -s coverity_tool.md5 coverity_tool.md5.new; then 106 + # out of date md5 or no md5: download new build tool 107 + # blow away the old build tool 108 + echo "Downloading coverity build tools..." 109 + rm -rf coverity_tool coverity_tool.tgz 110 + wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME" -O coverity_tool.tgz 111 + if ! (cat coverity_tool.md5.new; echo " coverity_tool.tgz") | md5sum -c --status; then 112 + echo "Downloaded tarball didn't match md5sum!" 113 + exit 1 114 + fi 115 + # extract the new one, keeping it corralled in a 'coverity_tool' directory 116 + echo "Unpacking coverity build tools..." 117 + mkdir -p coverity_tool 118 + cd coverity_tool 119 + tar xf ../coverity_tool.tgz 120 + cd .. 121 + mv coverity_tool.md5.new coverity_tool.md5 122 + fi 123 + 124 + rm -f coverity_tool.md5.new 125 + } 126 + 127 + 128 + # Check user-provided environment variables and arguments 129 + DRYRUN=no 130 + UPDATE_ONLY=no 131 + DOCKER=no 132 + 133 + while [ "$#" -ge 1 ]; do 134 + case "$1" in 135 + --dry-run) 136 + shift 137 + DRYRUN=yes 138 + ;; 139 + --update-tools-only) 140 + shift 141 + UPDATE_ONLY=yes 142 + ;; 143 + --version) 144 + shift 145 + if [ $# -eq 0 ]; then 146 + echo "--version needs an argument" 147 + exit 1 148 + fi 149 + VERSION="$1" 150 + shift 151 + ;; 152 + --description) 153 + shift 154 + if [ $# -eq 0 ]; then 155 + echo "--description needs an argument" 156 + exit 1 157 + fi 158 + DESCRIPTION="$1" 159 + shift 160 + ;; 161 + --tokenfile) 162 + shift 163 + if [ $# -eq 0 ]; then 164 + echo "--tokenfile needs an argument" 165 + exit 1 166 + fi 167 + COVERITY_TOKEN="$(cat "$1")" 168 + shift 169 + ;; 170 + --srcdir) 171 + shift 172 + if [ $# -eq 0 ]; then 173 + echo "--srcdir needs an argument" 174 + exit 1 175 + fi 176 + SRCDIR="$1" 177 + shift 178 + ;; 179 + --results-tarball) 180 + shift 181 + if [ $# -eq 0 ]; then 182 + echo "--results-tarball needs an argument" 183 + exit 1 184 + fi 185 + RESULTSTARBALL="$1" 186 + shift 187 + ;; 188 + --src-tarball) 189 + shift 190 + if [ $# -eq 0 ]; then 191 + echo "--src-tarball needs an argument" 192 + exit 1 193 + fi 194 + SRCTARBALL="$1" 195 + shift 196 + ;; 197 + --docker) 198 + DOCKER=yes 199 + shift 200 + ;; 201 + *) 202 + echo "Unexpected argument '$1'" 203 + exit 1 204 + ;; 205 + esac 206 + done 207 + 208 + if [ -z "$COVERITY_TOKEN" ]; then 209 + echo "COVERITY_TOKEN environment variable not set" 210 + exit 1 211 + fi 212 + 213 + if [ -z "$COVERITY_BUILD_CMD" ]; then 214 + NPROC=$(nproc) 215 + COVERITY_BUILD_CMD="make -j$NPROC" 216 + echo "COVERITY_BUILD_CMD: using default '$COVERITY_BUILD_CMD'" 217 + fi 218 + 219 + if [ -z "$COVERITY_TOOL_BASE" ]; then 220 + echo "COVERITY_TOOL_BASE: using default /tmp/coverity-tools" 221 + COVERITY_TOOL_BASE=/tmp/coverity-tools 222 + fi 223 + 224 + if [ -z "$SRCDIR" ]; then 225 + SRCDIR="$PWD" 226 + fi 227 + 228 + PROJTOKEN="$COVERITY_TOKEN" 229 + PROJNAME=QEMU 230 + TARBALL=cov-int.tar.xz 231 + 232 + if [ "$UPDATE_ONLY" = yes ] && [ "$DOCKER" = yes ]; then 233 + echo "Combining --docker and --update-only is not supported" 234 + exit 1 235 + fi 236 + 237 + if [ "$UPDATE_ONLY" = yes ]; then 238 + # Just do the tools update; we don't need to check whether 239 + # we are in a source tree or have upload rights for this, 240 + # so do it before some of the command line and source tree checks. 241 + update_coverity_tools 242 + exit 0 243 + fi 244 + 245 + if [ ! -e "$SRCDIR" ]; then 246 + mkdir "$SRCDIR" 247 + fi 248 + 249 + cd "$SRCDIR" 250 + 251 + if [ ! -z "$SRCTARBALL" ]; then 252 + echo "Untarring source tarball into $SRCDIR..." 253 + tar xvf "$SRCTARBALL" 254 + fi 255 + 256 + echo "Checking this is a QEMU source tree..." 257 + if ! [ -e "$SRCDIR/VERSION" ]; then 258 + echo "Not in a QEMU source tree?" 259 + exit 1 260 + fi 261 + 262 + # Fill in defaults used by the non-update-only process 263 + if [ -z "$VERSION" ]; then 264 + VERSION="$(git describe --always HEAD)" 265 + fi 266 + 267 + if [ -z "$DESCRIPTION" ]; then 268 + DESCRIPTION="$(git rev-parse HEAD)" 269 + fi 270 + 271 + if [ -z "$COVERITY_EMAIL" ]; then 272 + COVERITY_EMAIL="$(git config user.email)" 273 + fi 274 + 275 + # Run ourselves inside docker if that's what the user wants 276 + if [ "$DOCKER" = yes ]; then 277 + # build docker container including the coverity-scan tools 278 + # Put the Coverity token into a temporary file that only 279 + # we have read access to, and then pass it to docker build 280 + # using --secret. This requires at least Docker 18.09. 281 + # Mostly what we are trying to do here is ensure we don't leak 282 + # the token into the Docker image. 283 + umask 077 284 + SECRETDIR=$(mktemp -d) 285 + if [ -z "$SECRETDIR" ]; then 286 + echo "Failed to create temporary directory" 287 + exit 1 288 + fi 289 + trap 'rm -rf "$SECRETDIR"' INT TERM EXIT 290 + echo "Created temporary directory $SECRETDIR" 291 + SECRET="$SECRETDIR/token" 292 + echo "$COVERITY_TOKEN" > "$SECRET" 293 + echo "Building docker container..." 294 + # TODO: This re-downloads the tools every time, rather than 295 + # caching and reusing the image produced with the downloaded tools. 296 + # Not sure why. 297 + # TODO: how do you get 'docker build' to print the output of the 298 + # commands it is running to its stdout? This would be useful for debug. 299 + DOCKER_BUILDKIT=1 docker build -t coverity-scanner \ 300 + --secret id=coverity.token,src="$SECRET" \ 301 + -f scripts/coverity-scan/coverity-scan.docker \ 302 + scripts/coverity-scan 303 + echo "Archiving sources to be analyzed..." 304 + ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" 305 + if [ "$DRYRUN" = yes ]; then 306 + DRYRUNARG=--dry-run 307 + fi 308 + echo "Running scanner..." 309 + # If we need to capture the output tarball, get the inner run to 310 + # save it to the secrets directory so we can copy it out before the 311 + # directory is cleaned up. 312 + if [ ! -z "$RESULTSTARBALL" ]; then 313 + RTARGS="--results-tarball /work/cov-int.tar.xz" 314 + else 315 + RTARGS="" 316 + fi 317 + # Arrange for this docker run to get access to the sources with -v. 318 + # We pass through all the configuration from the outer script to the inner. 319 + export COVERITY_EMAIL COVERITY_BUILD_CMD 320 + docker run -it --env COVERITY_EMAIL --env COVERITY_BUILD_CMD \ 321 + -v "$SECRETDIR:/work" coverity-scanner \ 322 + ./run-coverity-scan --version "$VERSION" \ 323 + --description "$DESCRIPTION" $DRYRUNARG --tokenfile /work/token \ 324 + --srcdir /qemu --src-tarball /work/qemu-sources.tgz $RTARGS 325 + if [ ! -z "$RESULTSTARBALL" ]; then 326 + echo "Copying results tarball to $RESULTSTARBALL..." 327 + cp "$SECRETDIR/cov-int.tar.xz" "$RESULTSTARBALL" 328 + fi 329 + echo "Docker work complete." 330 + exit 0 331 + fi 332 + 333 + # Otherwise, continue with the full build and upload process. 334 + 335 + check_upload_permissions 336 + 337 + update_coverity_tools 338 + 339 + TOOLBIN="$(cd "$COVERITY_TOOL_BASE" && echo $PWD/coverity_tool/cov-analysis-*/bin)" 340 + 341 + if ! test -x "$TOOLBIN/cov-build"; then 342 + echo "Couldn't find cov-build in the coverity build-tool directory??" 343 + exit 1 344 + fi 345 + 346 + export PATH="$TOOLBIN:$PATH" 347 + 348 + cd "$SRCDIR" 349 + 350 + echo "Doing make distclean..." 351 + make distclean 352 + 353 + echo "Configuring..." 354 + # We configure with a fixed set of enables here to ensure that we don't 355 + # accidentally reduce the scope of the analysis by doing the build on 356 + # the system that's missing a dependency that we need to build part of 357 + # the codebase. 358 + ./configure --disable-modules --enable-sdl --enable-gtk \ 359 + --enable-opengl --enable-vte --enable-gnutls \ 360 + --enable-nettle --enable-curses --enable-curl \ 361 + --audio-drv-list=oss,alsa,sdl,pa --enable-virtfs \ 362 + --enable-vnc --enable-vnc-sasl --enable-vnc-jpeg --enable-vnc-png \ 363 + --enable-xen --enable-brlapi \ 364 + --enable-linux-aio --enable-attr \ 365 + --enable-cap-ng --enable-trace-backends=log --enable-spice --enable-rbd \ 366 + --enable-xfsctl --enable-libusb --enable-usb-redir \ 367 + --enable-libiscsi --enable-libnfs --enable-seccomp \ 368 + --enable-tpm --enable-libssh --enable-lzo --enable-snappy --enable-bzip2 \ 369 + --enable-numa --enable-rdma --enable-smartcard --enable-virglrenderer \ 370 + --enable-mpath --enable-libxml2 --enable-glusterfs \ 371 + --enable-virtfs --enable-zstd 372 + 373 + echo "Making libqemustub.a..." 374 + make libqemustub.a 375 + 376 + echo "Running cov-build..." 377 + rm -rf cov-int 378 + mkdir cov-int 379 + cov-build --dir cov-int $COVERITY_BUILD_CMD 380 + 381 + echo "Creating results tarball..." 382 + tar cvf - cov-int | xz > "$TARBALL" 383 + 384 + if [ ! -z "$RESULTSTARBALL" ]; then 385 + echo "Copying results tarball to $RESULTSTARBALL..." 386 + cp "$TARBALL" "$RESULTSTARBALL" 387 + fi 388 + 389 + echo "Uploading results tarball..." 390 + 391 + if [ "$DRYRUN" = yes ]; then 392 + echo "Dry run only, not uploading $TARBALL" 393 + exit 0 394 + fi 395 + 396 + curl --form token="$PROJTOKEN" --form email="$COVERITY_EMAIL" \ 397 + --form file=@"$TARBALL" --form version="$VERSION" \ 398 + --form description="$DESCRIPTION" \ 399 + https://scan.coverity.com/builds?project="$PROJNAME" 400 + 401 + echo "Done."

+16 -2

scripts/kernel-doc

··· 71 71 DOC: sections. May be specified multiple times. 72 72 73 73 Output selection modifiers: 74 + -sphinx-version VER Generate rST syntax for the specified Sphinx version. 75 + Only works with reStructuredTextFormat. 74 76 -no-doc-sections Do not output DOC: sections. 75 77 -enable-lineno Enable output of #define LINENO lines. Only works with 76 78 reStructuredText format. ··· 286 288 }; 287 289 my $output_selection = OUTPUT_ALL; 288 290 my $show_not_found = 0; # No longer used 291 + my $sphinx_version = "0.0"; # if not specified, assume old 289 292 290 293 my @export_file_list; 291 294 ··· 436 439 $enable_lineno = 1; 437 440 } elsif ($cmd eq 'show-not-found') { 438 441 $show_not_found = 1; # A no-op but don't fail 442 + } elsif ($cmd eq 'sphinx-version') { 443 + $sphinx_version = shift @ARGV; 439 444 } else { 440 445 # Unknown argument 441 446 usage(); ··· 853 858 854 859 if ($type =~ m/([^$]*\(\*)\s*$\s*$([^$]*)\)/) { 855 860 # pointer-to-function 856 - print $1 . $parameter . ") (" . $2; 861 + print $1 . $parameter . ") (" . $2 . ")"; 857 862 } else { 858 863 print $type . " " . $parameter; 859 864 } ··· 963 968 my $oldprefix = $lineprefix; 964 969 my $name = $args{'type'} . " " . $args{'struct'}; 965 970 966 - print "\n\n.. c:type:: " . $name . "\n\n"; 971 + # Sphinx 3.0 and up will emit warnings for "c:type:: struct Foo". 972 + # It wants to see "c:struct:: Foo" (and will add the word 'struct' in 973 + # the rendered output). 974 + if ((split(/\./, $sphinx_version))[0] >= 3) { 975 + my $sname = $name; 976 + $sname =~ s/^struct //; 977 + print "\n\n.. c:struct:: " . $sname . "\n\n"; 978 + } else { 979 + print "\n\n.. c:type:: " . $name . "\n\n"; 980 + } 967 981 print_lineno($declaration_start_line); 968 982 $lineprefix = " "; 969 983 output_highlight_rst($args{'purpose'});