vm_config_groups[] only contains part of the options which have
parameters, and all options which have no parameter aren't added
to vm_config_groups[]. Current query-command-line-options only
checks options from vm_config_groups[], so some options will
be lost.
We have macro in qemu-options.hx to
This patch added a new field to expose implicit parameter name,
we make it optional for compatibility.
Suggested-by: Eric Blake
Signed-off-by: Amos Kong
---
qapi-schema.json | 6 +-
util/qemu-config.c | 24 +++-
2 files changed, 20 insertions(+), 10 deletions(-)
diff
This patchset fixed some issues of query-command-line-options:
* some new options that haven't argument can't be queried. (eg: -enable-fips)
* some legacy options that have argument can't be queried. (eg: -vnc display)
More discussion:
http://marc.info/?l=qemu-devel&m=139081830416684&w=2
https
On Wed, Mar 26, 2014 at 11:08:03PM -0300, Alejandro Comisario wrote:
> Hi List!
> Hope some one can help me, we had a big issue in our cloud the other
> day, a couple of our openstack regions ( +2000 kvm guests with qcow2 )
> went read only filesystem from the guest side because the backing
> files
Hello.
I weren't able to process -trivial patches regularly for a while,
and we are now past 2.0-rc1 schedule, which means hard freeze and
bugfix-only mode, as far as I can see.
Current queue can be seen at
http://git.corpit.ru/?p=qemu.git;a=shortlog;h=refs/heads/trivial-patches-next
(I rebase
On 03/20/2014 09:20 PM, Paolo Bonzini wrote:
> Il 12/03/2014 06:52, Alexey Kardashevskiy ha scritto:
>> From: David Gibson
>>
>> At the moment, most AddressSpace objects last as long as the guest system
>> in practice, but that could well change in future. In addition, for VFIO
>> we will be intr
on latest commit (db237e33), this bug doesn't exit.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1297651
Title:
KVM create a win7 guest with Qemu, it boots up fail
Status in QEMU:
New
Bug desc
On Thu, Mar 20, 2014 at 10:12:43PM +0800, Amos Kong wrote:
> On Tue, Mar 11, 2014 at 10:04:56AM +0100, Markus Armbruster wrote:
> > Eric Blake writes:
> >
> > > On 03/07/2014 02:54 AM, Markus Armbruster wrote:
> > >> Eric Blake writes:
> > >>
> > >>> On 03/05/2014 07:36 PM, Amos Kong wrote:
> >
Best Regards,
Robert Ho
> -Original Message-
> From: Laszlo Ersek [mailto:ler...@redhat.com]
> Sent: Wednesday, March 26, 2014 9:57 PM
> To: Michael S. Tsirkin
> Cc: Bug 1297651; qemu-devel@nongnu.org; ehabk...@redhat.com; Hu, Robert
> Subject: Re: [Bug 1297651] [NEW] KVM create a win7 g
Thanks, applied to -trivial.
/mjt
Thanks, applied to -trivial.
/mjt
> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Wednesday, March 26, 2014 6:31 PM
> To: Bug 1297651
> Cc: qemu-devel@nongnu.org; ehabk...@redhat.com; ler...@redhat.com; Hu,
> Robert
> Subject: Re: [Bug 1297651] [NEW] KVM create a win7 guest with Qemu, it bo
On Wed, Mar 26, 2014 at 02:15:18PM +0100, Markus Armbruster wrote:
> Amos Kong writes:
>
> > On Fri, Mar 07, 2014 at 10:54:09AM +0100, Markus Armbruster wrote:
> >> Eric Blake writes:
> >>
> >> > On 03/05/2014 07:36 PM, Amos Kong wrote:
> >> >> vm_config_groups[] only contains part of the optio
Hi,
RDMA has finally moved out of 'experimental' status,
which is a fundamental part of the FT implementation
that is currently in review.
I can finally proceed to pushing this through the libvirt community
itself, and then finally to the openstack community later.
There still is no storage imp
On Thu, Mar 27, 2014 at 10:16:44AM +0800, Amos Kong wrote:
> On Wed, Mar 26, 2014 at 05:12:08PM +0100, Markus Armbruster wrote:
> > Eric Blake writes:
...
> > > Reviewed-by: Eric Blake
> >
> > I'm not thrilled about the ABI break, but avoiding it would probably
> > take too much code for too li
The only differences were in the bswap insns emitted.
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 61 ---
1 file changed, 24 insertions(+), 37 deletions(-)
diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
index 802ec33..
The address_space_translate() function cuts the returned plen (page size)
to hardcoded TARGET_PAGE_SIZE. This function can be used on pages bigger
than that so this limiting should not be used on such pages.
Since originally the limiting was introduced for XEN, we can safely
limit this piece of co
Still inline, but updated to the new routines. Always use the LE
helpers, reusing the bswap between the fast and slot paths.
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 142 --
1 file changed, 80 insertions(+), 62 deletions(-)
di
> > arch_init.c | 25 +
> > 1 file changed, 13 insertions(+), 12 deletions(-)
>
> Should this patch be included in 2.0 as a bug fix? The rest of the
> series is probably better off in 2.1.
>
Yes, it should be, but I am not so clear how to do it.
Eric, Could you give me
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 176 --
1 file changed, 114 insertions(+), 62 deletions(-)
diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
index 3000a6b..76abb46 100644
--- a/tcg/ia64/tcg-target.c
+++ b/tcg/i
Saving at least two cycles per store, and cleaning up the code.
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 94 +--
1 file changed, 31 insertions(+), 63 deletions(-)
diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
index
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 100 +-
tcg/ia64/tcg-target.h | 2 +-
2 files changed, 35 insertions(+), 67 deletions(-)
diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
index 76abb46..afcfd36 100644
--- a/t
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 24
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
index cdc7487..802ec33 100644
--- a/tcg/ia64/tcg-target.c
+++ b/tcg/ia64/tcg-target.c
@@ -1569,7
This sequencing requires 5 stop bits instead of 6, and has room left
over to pre-load the tlb addend, and bswap data prior to being stored.
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 77 ---
1 file changed, 54 insertions(+), 23 de
Saves one bundle for the common case of exit_tb 0.
Signed-off-by: Richard Henderson
---
tcg/ia64/tcg-target.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
index 2d8e00c..7407011 100644
--- a/tcg/ia64/tcg-target.c
+
The bug that Aurelien found has been fixed. Please review.
r~
Richard Henderson (8):
tcg-ia64: Optimize small arguments to exit_tb
tcg-ia64: Re-bundle the tlb load
tcg-ia64: Move bswap for store into tlb load
tcg-ia64: Move tlb addend load into tlb read
tcg-ia64: Reduce code duplicat
The existing timeout is 30ms which on 100MB/s (1Gbit) gives us
3MB/s rate maximum. If we put some load on the guest, it is easy to
get page dirtying rate too big so live migration will never complete.
In the case of libvirt that means that the guest will be stopped
anyway after a timeout specified
From: ChenLiang
Avoid hot pages being replaced by others to remarkably decrease cache
misses
Sample results with the test program which quote from xbzrle.txt ran in
vm:(migrate bandwidth:1GE and xbzrle cache size 8MB)
the test program:
include
include
int main()
{
char *buf = (char
On 03/12/2014 06:36 AM, Juan Quintela wrote:
> Alexey Kardashevskiy wrote:
>> This adds a helper to format ethernet MAC address.
>>
>> Signed-off-by: Alexey Kardashevskiy
>
> Reviewed-by: Juan Quintela
Did it go anywhere? Cannot find it in upstream. Thanks!
--
Alexey
On 03/26/2014 09:18 PM, arei.gong...@huawei.com wrote:
> From: ChenLiang
>
> expose xbzrle cache miss rate
>
> Signed-off-by: ChenLiang
> Signed-off-by: Gonglei
> ---
> arch_init.c | 18 ++
> hmp.c | 2 ++
> include/migration/migratio
On 03/26/2014 09:18 PM, arei.gong...@huawei.com wrote:
> From: ChenLiang
>
> expose the count that logs the times of updating the dirty bitmap to
> end user.
>
> Signed-off-by: ChenLiang
> Signed-off-by: Gonglei
> ---
> arch_init.c | 1 +
> hmp.c |
On 03/26/2014 09:18 PM, arei.gong...@huawei.com wrote:
> From: ChenLiang
>
> The page may not be inserted into cache after executing save_xbzrle_page.
> In case of failure to insert, the original page should be sent rather
> than the page in the cache.
>
> Signed-off-by: ChenLiang
> Signed-off-
From: ChenLiang
The page may not be inserted into cache after executing save_xbzrle_page.
In case of failure to insert, the original page should be sent rather
than the page in the cache.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Juan Quintela
---
arch_init.c | 25
From: ChenLiang
V3-->V4
* Excluding auto convergence changes, modify it later.
V2-->V3
* rename the bitmap_sync_cnt to bitmap_sync_counter
* expose xbzrle cache miss rate
V1-->V2
* expose the counter that logs the times of updating the dirty
bitmap to end user.
a. Optimization the xbzrle rem
From: ChenLiang
Rebuild the cache_is_cached function by cache_get_by_addr. And
drops the asserts because the caller is also asserting the same
thing.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Dr. David Alan Gilbert
---
page_cache.c | 38
From: ChenLiang
expose the count that logs the times of updating the dirty bitmap to
end user.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
---
arch_init.c | 1 +
hmp.c | 2 ++
include/migration/migration.h | 1 +
migration.c |
From: ChenLiang
expose xbzrle cache miss rate
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
---
arch_init.c | 18 ++
hmp.c | 2 ++
include/migration/migration.h | 1 +
migration.c | 1 +
qapi-schema.json
From: ChenLiang
clear the dead code
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Juan Quintela
---
arch_init.c | 13 -
page_cache.c | 58 --
2 files changed, 71 deletions(-)
diff --git a/arch_init.c b/arch_
From: ChenLiang
Reducing data copy can reduce cpu overhead.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Juan Quintela
---
arch_init.c | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch_init.c b/arch_init.c
index 84a4bd3..94b62e2 100644
--- a/arc
From: ChenLiang
Add counts to log the times of updating the dirty bitmap.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Eric Blake
---
arch_init.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch_init.c b/arch_init.c
index 2ac68c2..200af0e 100644
--- a/arch_init.c
On 02/27/2014 11:49 PM, Michael Roth wrote:
Quoting mrhi...@linux.vnet.ibm.com (2014-02-17 20:34:06)
From: "Michael R. Hines"
1. Fix small memory leak in parsing inet address from command line in
data_init()
2. Fix ibv_post_send() return value check and pass error code back up correctly.
3. F
On 03/26/2014 07:49 PM, Wenchao Xia wrote:
> Just saw the discuss of Lluís's patch, either
> { 'include': './include/include.json' }
> or
> include("include-cycle-b.json")
> is OK to me, but hope only one way is kepted in the end.
We already had this discussion; we want the { 'include':
'path/to/f
On 03/21/2014 10:01 AM, Benoît Canet wrote:
> The new directive in the form { 'include': 'path/to/file.json' } will trigger
> the
> parsing of path/to/file.json.
> The directive will be replaced by the result of the parsing.
>
> This will allow for easy modularisation of qapi JSON descriptions fi
On 03/21/2014 10:01 AM, Benoît Canet wrote:
> In case of exception str(e) with e being the exception is more detailled.
>
> Signed-off-by: Benoit Canet
> ---
> tests/qapi-schema/test-qapi.py | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Eric Blake
--
Eric Blake
On Wed, Mar 26, 2014 at 03:58:50PM -0400, Gabriel L. Somlo wrote:
> On Tue, Mar 18, 2014 at 07:23:17PM -0400, Gabriel L. Somlo wrote:
> > At this point, can anyone with access to a real, physical, NUMA
> > system dump the smbios tables with dmidecode and post them here?
> > I think that would be ve
This should prevent the destination guest from misbehaving when
the threads number is different in "-smp" command.
Signed-off-by: Alexey Kardashevskiy
---
target-ppc/cpu-qom.h | 2 +-
target-ppc/machine.c | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/target-ppc/cpu-qom
We want to establish a mapping between option name and option table,
then we can search related option table by option name.
This patch makes all the member name of QemuOptsList to match with
actual command-line spelling(option name).
[ Important Note ]
The QemuOptsList member name values are AB
All the options are defined in qemu-options.hx. If we can't find a
matched option definition by group name of option table, then the
group name doesn't match with defined option name, it's not allowed
from 2.0
Signed-off-by: Amos Kong
---
qemu-options.h | 12
util/qemu-config.c
This patchset changes group names of option tables to match with option name,
this breakes ABI, release note was updated.
Amos Kong (3):
only add qemu_tpmdev_opts when CONFIG_TPM is defined
abort QEMU if group name in option table doesn't match with defined
option name
update names in op
Signed-off-by: Amos Kong
---
vl.c | 4
1 file changed, 4 insertions(+)
diff --git a/vl.c b/vl.c
index 2355227..596ecfa 100644
--- a/vl.c
+++ b/vl.c
@@ -449,6 +449,7 @@ static QemuOptsList qemu_object_opts = {
},
};
+#ifdef CONFIG_TPM
static QemuOptsList qemu_tpmdev_opts = {
.n
This adds machine-specific NMI handlers support. This QOM approach
was copied from FWPathProvider.
Few questions so far.
Should deliver_nmi() accept a CPU? A comment in hmp-commands.hx says
"Inject an NMI (x86), RESTART (s390x) on the given CPU" but in fact
qmp_inject_nmi() delivers NMI to every
This introduces an NMI (non maskable interrupt) interface which
QMP's "nmi" command may use to issue NMI on a CPU. A machine class
is expected to implement it.
This adds a helper to obtain the interface pointer and call
the deliver_nmi handler.
Signed-off-by: Alexey Kardashevskiy
---
cpus.c
This defines and makes use of an NMI interface in order to support
the "nmi" command.
Signed-off-by: Alexey Kardashevskiy
---
hw/ppc/spapr.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 62ddb4d..495fa88 100644
--- a/hw/ppc/
On Wed, Mar 26, 2014 at 05:12:08PM +0100, Markus Armbruster wrote:
> Eric Blake writes:
>
> > On 03/20/2014 07:07 AM, Amos Kong wrote:
> >> We want to establish a mapping between option name and option table,
> >> then we can search related option table by option name.
> >>
> >> This patch makes
Just saw the discuss of Lluís's patch, either
{ 'include': './include/include.json' }
or
include("include-cycle-b.json")
is OK to me, but hope only one way is kepted in the end.
On 03/27/2014 01:04 AM, Markus Armbruster wrote:
> So something like adding
>
> dump_guest_memory_set_format
>
> would be the only possible solution with the hmp code as is.
> Correct?
>>>
>>> Yes, one possibility would be to make the d
At present, each 'opt_name' of 'accel_list' is uniq with each other, so
'buf' can only match one 'opt_name'.
When drop into the matching code block, can 'break' outside related
'for' looping after finish processing it (just like the other 'break'
within the matching block).
After print "... not s
Public bug reported:
I know this used to work but it doesnt work any more using qemu 1.4.2 on
fedora 19 everything works fine
except when i add a NIC sharing the main interface from the host (not the
virtual network)
the hosts ip is 10.0.0.4, the router is 10.0.0.1 so when i boot my virtual
m
Hi Waldemar,
Apologies for the delay in the reply! A few more questions for you:
- Do you still see the same issue with qemu git master? (soon to be 2.0)
- Can you use gdb or similar to get a backtrace from one of the deadlocked
processes?
- Does the extraction always freeze at the same place, o
Hi Joe,
Thanks for confirming that you still see the issue with the ISO above.
>From what you're saying, it seems that the problem is apparent on OS X
which means I am definitely unable to recreate it here. Since other OS X
QEMU users would likely have noticed the bug, I think it may be
something
Marking as "Fix released" as qemu 1.7.1 with the updated OpenBIOS images
is now available.
ATB,
Mark.
** Changed in: qemu
Status: New => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.n
Hi Peter,
This pull request contains Olivier's patch to prevent a guest 32bit integer
division overflow from crashing the host. Please apply for 2.0.
Many thanks,
Mark.
The following changes since commit db237e33c08a279f0179f8f5128a6d10d9adc38a:
Merge remote-tracking branch 'remotes/riku/
On Wed, Mar 26, 2014 at 03:58:50PM -0400, Gabriel L. Somlo wrote:
> - SeaBIOS is still in charge of providing the smbios_entry_point
> structure, and it's unlikely we can reasonably expect it to
> bump the version to 2.5 (not that it seems to matter, if my
> tests are to be believed)
This is
* Fix wrong error message (copy+paste bug from commit
5b7aa9b56d1bfc79916262f380c3fc7961becb50).
* Replace the default cluster size of 1 * MiB by DEFAULT_CLUSTER_SIZE.
* Don't check for the default cluster size if we support other sizes, too.
Cc: Kevin Wolf
Cc: Stefan Hajnoczi
Signed-off-by:
(1) block_size must not be null.
(2) blocks_in_image * 4 must fit into a size_t.
(3) blocks_in_image * block_size must fit into a uint64_t.
Header field disk_size already has a bounds check which now works
because of modification (1) and (3).
This patch was inspired by Jeff Cody's patch for the
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
This fixes an unbounded allocation for s->unknown_header_fields.
Signed-off-by: Kevin Wolf
---
block/qcow2.c | 34 +++---
tests/qemu-iotests/080 | 61 ++
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
This avoid unbounded memory allocation and fixes a potential buffer
overflow on 32 bit hosts.
Signed-off-by: Kevin Wolf
---
block/qcow2-snapshot.c | 29 -
block/qcow2.c | 15 ++
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
Limit the in-memory reference count table size to 8 MB, it's enough in
practice. This fixes an unbounded allocation as well as a buffer
overflow in qcow2_refcount_init().
Signed-off-by: Kevin Wolf
---
block/qcow2-refcount.c |
This patch corrects the VSX integer to floating point conversion instructions
by using the endian correct accessors. The auxiliary "j" index used by the
existing macros is now obsolete and is removed. The JOFFSET preprocessor
macro is also obsolete and removed.
Signed-off-by: Tom Musta
Tested-b
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
The end of the refcount table must not exceed INT64_MAX so that integer
overflows are avoided.
Also check for misaligned refcount table. Such images are invalid and
probably the result of data corruption. Error out to avoid further
c
A common pattern in the VSX helper code macros is the use of "x.fld[i]" where
"x" is a VSR and "fld" is an argument to a macro ("f64" or "f32" is passed).
This is not always correct on LE hosts.
This change addresses all instances of this pattern to be "x.fld" where "fld"
is:
- "VsrD(0)" for s
This change corrects the VSX double precision to single precision and
single precision to double precisions conversion routines. The endian
correct accessors are now used. The auxiliary "j" index is no longer
necessary and is eliminated.
Signed-off-by: Tom Musta
Tested-by: Tom Musta
---
targe
This change defines accessors for VSR doubleword and word fields that
are correct from a host Endian perspective. This allows code to
use the Power ISA indexing numbers in code.
For example, the xscvdpsxws instruction has a target VSR that looks
like this:
0 32 64
This change fixes the VSX scalar compare instructions. The existing usage of
"x.f64[0]"
is changed to "x.VsrD(0)".
Signed-off-by: Tom Musta
Tested-by: Tom Musta
---
target-ppc/fpu_helper.c | 13 +++--
1 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/target-ppc/fpu_help
This change properly orders the doublewords of the VSRs 0-31. Because these
registers are constructed from separate doublewords, they must be inverted
on Little Endian hosts. The inversion is performed both when the VSR is read
and when it is written.
Signed-off-by: Tom Musta
Tested-by: Tom Mus
The various VSX Convert to Integer instructions should truncate the
floating point number to an integer value, which is equivalent to
a round-to-zero rounding mode. The existing VSX floating point to
integer conversion helpers are erroneously using the rounding mode set
int the PowerPC Floating Po
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation)
This patch series addresses bugs in the recently added VSX instructions. Two
general
defects are fixed:
(1) The VSX Convert to Integer instructions truncate the source floating point
number to an integer value and hence should use a round-to-zero rounding
algorithm. The existing i
This patch corrects the VSX floating point to integer conversion
instructions by using the endian correct accessors. The auxiliary
"j" index used by the existing macros is now obsolete and is removed.
Signed-off-by: Tom Musta
Tested-by: Tom Musta
---
target-ppc/fpu_helper.c | 36
This change adds the float32_to_uint64_round_to_zero function to the softfloat
library. This function fills out the complement of float32 to INT round-to-zero
conversion rountines, where INT is {int32_t, uint32_t, int64_t, uint64_t}.
This contribution can be licensed under either the softfloat-2a
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Fam Zheng
curl_read_cb is callback function for libcurl when data arrives. The
data size passed in here is not guaranteed to be within the range of
request we submitted, so we may overflow the guest IO buffer. Check the
real size we have before
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Jeff Cody
Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.
The 1.00 VHDX spe
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
This fixes some cases of division by zero crashes.
Signed-off-by: Kevin Wolf
---
block/vpc.c| 5
tests/qemu-iotests/088 | 64 ++
tests/qemu-iotests/088.out |
On 02/22/2014 02:01 AM, Paolo Bonzini wrote:
> Il 22/02/2014 05:37, Matt Lupfer ha scritto:
>> A HPET timer can be started when HPET is not yet
>> enabled. This will not generate an interrupt
>> to the guest, but causes problems when HPET is later
>> enabled.
>>
>> A timer that is created and expir
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Jeff Cody
This adds checks to make sure that max_table_entries and block_size
are in sane ranges. Memory is allocated based on max_table_entries,
and block_size is used to calculate indices into that allocated
memory, so if these values are inc
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
32 bit truncation could let us access the wrong offset in the image.
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
---
block/bochs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Reviewed-by: Max Reitz
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
This fixes two possible division by zero crashes: In bochs_open() and in
seek_to_sector().
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
---
block/bochs.c | 8
tests/qemu-iotests/078 | 13
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
---
bl
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
Gets us rid of integer overflows resulting in negative sizes which
aren't correctly checked.
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
---
block/bochs.c | 16
tests/qemu-iotests/078
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
This is an on-disk structure, so offsets must be accurate.
Before this patch, sizeof(bochs) != sizeof(header_v1), which makes the
memcpy() between both invalid. We're lucky enough that the destination
buffer happened to be the larger
On Tue, Mar 18, 2014 at 07:23:17PM -0400, Gabriel L. Somlo wrote:
> At this point, can anyone with access to a real, physical, NUMA
> system dump the smbios tables with dmidecode and post them here?
> I think that would be very informative.
So I thrashed around a bit trying to find a real NUMA box
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
From: Kevin Wolf
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
---
tests/qemu-iotests/078 | 53 +++
tests/qemu-iotests/078.out | 6 +++
tests/qemu-iotests/common
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
cloop stores the number of compressed blocks in the n_blocks header
field. The file actually contains n_blocks + 1 offsets, where the extra
offset is the end-of-file offset.
The following line in cloop_read_block() results in an out-of-bounds
offsets[
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
The offsets[] array allows efficient seeking and tells us the maximum
compressed data size. If the offsets are bogus the maximum compressed
data size will be unrealistic.
This could cause g_malloc() to abort and bogus offsets mean the image is
broken
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
Limit offsets_size to 512 MB so that:
1. g_malloc() does not abort due to an unreasonable size argument.
2. offsets_size does not overflow the bdrv_pread() int size argument.
This limit imposes a maximum image size of 16 TB at 256 KB block size.
Sig
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
The following integer overflow in offsets_size can lead to out-of-bounds
memory stores when n_blocks has a huge value:
uint32_t n_blocks, offsets_size;
[...]
ret = bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4);
[...]
s->n_bloc
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value. Also enforce the
assumption that the value is a non-zero multiple of 512.
These constraints conform to cloop 2.639's code so w
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
Add a cloop format-specific test case. Later patches add tests for
input validation to the script.
Signed-off-by: Stefan Hajnoczi
Signed-off-by: Kevin Wolf
---
tests/qemu-iotests/075 | 53 +
tests/
On 26.03.2014 13:05, Stefan Hajnoczi wrote:
Add the cloop block driver to qemu-iotests.
Signed-off-by: Stefan Hajnoczi
Signed-off-by: Kevin Wolf
---
tests/qemu-iotests/common| 7 +++
tests/qemu-iotests/common.rc | 3 +++
2 files changed, 10 insertions(+)
Reviewed-by: Max Reitz
On Tue, 2014-03-25 at 19:26 +, Peter Maydell wrote:
> Improve the clarity of the message QEMU prints when the user
> doesn't specify a machine model to use and there is no default.
>
> Signed-off-by: Peter Maydell
> ---
> vl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> di
1 - 100 of 305 matches
Mail list logo
