From: Kevin Wolf
This avoid unbounded memory allocation and fixes a potential buffer
overflow on 32 bit hosts.
Signed-off-by: Kevin Wolf
Reviewed-by: Max Reitz
Signed-off-by: Stefan Hajnoczi
(cherry picked from commit ce48f2f441ca98885267af6fd636a7cb804ee646)
Signed-off-by: Michael Roth
---
Il 08/07/2014 17:59, Stefan Hajnoczi ha scritto:
> I sent Christian an initial patch to fix this but now both threads are
> stuck in rfifolock_lock() inside cond wait. That's very strange and
> should never happen.
I had this patch pending for 2.2:
commit 6c81e31615c3cda5ea981a998ba8b1b8ed17de6f
From: Stefan Fritsch
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the OpenBSD driver started as a port from NetBSD).
Signed-off-by: Stefan Fritsch
Signe
From: Stefan Hajnoczi
cloop stores the number of compressed blocks in the n_blocks header
field. The file actually contains n_blocks + 1 offsets, where the extra
offset is the end-of-file offset.
The following line in cloop_read_block() results in an out-of-bounds
offsets[] access:
uint32_
From: ChenLiang
version_id is checked twice in the ram_load.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Signed-off-by: Juan Quintela
(cherry picked from commit 21a246a43b606ee833f907d589d8dcbb54a2761e)
*prereq for db80fac backport
Signed-off-by: Michael Roth
---
arch_init.c | 68 +
From: Alexey Kardashevskiy
Current guest kernels try allocating as many vectors as the quota is.
For example, in the case of virtio-net (which has just 3 vectors)
the guest requests 4 vectors (that is the quota in the test) and
the existing ibm,change-msi handler returns 4. But before it returns,
From: Stefan Hajnoczi
The offsets[] array allows efficient seeking and tells us the maximum
compressed data size. If the offsets are bogus the maximum compressed
data size will be unrealistic.
This could cause g_malloc() to abort and bogus offsets mean the image is
broken anyway. Therefore we
From: Peter Maydell
The ARM target-specific code in elfload.c was incorrectly allowing
the 64-bit ARM target to use most of the existing 32-bit definitions:
most noticably this meant that our HWCAP bits passed to the guest
were wrong, and register handling when dumping core was totally
broken. Fi
For each memory region we use qemu_get_ram_fd to get the RAMBlock
associated file descriptor. It uses qemu_get_ram_block to find the proper
structure.
The latter aborts with "Bad ram offset" when the address is not found.
We'll use the new qemu_is_ram_block to indentify non-RAM regions and avoid
From: Jeff Cody
This adds checks to make sure that max_table_entries and block_size
are in sane ranges. Memory is allocated based on max_table_entries,
and block_size is used to calculate indices into that allocated
memory, so if these values are incorrect that can lead to potential
unbounded me
On 07/08/2014 08:43 PM, Chunyan Liu wrote:
> Add nocow info in 'qemu-img info' output to show whether the file
> currently has NOCOW flag set or not.
>
> Signed-off-by: Chunyan Liu
> ---
> Changes:
> - update output info to "NOCOW flag: set"
>
Reviewed-by: Eric Blake
counts as a completion
Add nocow info in 'qemu-img info' output to show whether the file
currently has NOCOW flag set or not.
Signed-off-by: Chunyan Liu
---
Changes:
- update output info to "NOCOW flag: set"
block/qapi.c | 25 +
qapi/block-core.json | 5 -
2 files changed, 29 in
From: Stefan Hajnoczi
When object_property_add_str() and object_property_add_bool() fail, they
leak their internal StringProperty and BoolProperty structs. Remember
to free the structs on error.
Luckily this is a low-impact memory leak since most QOM properties are
static qdev properties that w
From: Stefan Hajnoczi
The net subsystem has a control flow mechanism so peer NetClientStates
can tell each other to stop sending packets. This is used to stop
monitoring the tap file descriptor for incoming packets if the guest rx
ring has no spare buffers.
There is a corner case when tap_can_s
From: Markus Armbruster
Introduced in commit 661a0f7. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit bb9cd2ee99f6537c072d5f4bac441717d3cd2bed)
Signed-off-by: Michael Roth
---
qemu-img.c | 2 +-
1 file cha
From: Stefan Weil
Commit 0f842f8a246f2b5b51a11c13f933bf7a90ae8e96 replaced GETPC_EXT() which
was derived from GETPC() by GETRA_EXT() without fixing cputlb.c. A later
patch replaced GETRA_EXT() by GETRA() in exec/softmmu_template.h which
is included in cputlb.c.
The TCG interpreter failed because
On Mon, Jul 07, 2014 at 01:58:01PM +0200, Christian Borntraeger wrote:
> Now. If aio_poll never returns, we have a deadlock here.
> To me it looks like, that aio_poll could be called from iothread_run, even if
> there are no outstanding request.
> Opinions?
Christian pointed out that iothread_ru
From: Marcelo Tosatti
Ensure proper env->tsc value for kvmclock_current_nsec calculation.
Reported-by: Marcin Gibuła
Cc: qemu-sta...@nongnu.org
Signed-off-by: Marcelo Tosatti
Signed-off-by: Paolo Bonzini
(cherry picked from commit 9b1786829aefb83f37a8f3135e3ea91c56001b56)
Signed-off-by: Micha
From: Kevin Wolf
This avoids an unbounded allocation.
Signed-off-by: Kevin Wolf
Reviewed-by: Max Reitz
Signed-off-by: Stefan Hajnoczi
(cherry picked from commit 2d51c32c4b511db8bb9e58208f1e2c25e4c06c85)
Signed-off-by: Michael Roth
---
block/qcow2.c | 16
tests/
From: Stefan Hajnoczi
Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value. Also enforce the
assumption that the value is a non-zero multiple of 512.
These constraints conform to cloop 2.639's code so we accept existing
imag
From: Stefan Hajnoczi
The DMG metadata is stored as uint64_t, so use the same type for
sector_num. int was a particularly poor choice since it is only 32-bit
and would truncate large values.
Signed-off-by: Stefan Hajnoczi
Signed-off-by: Kevin Wolf
Reviewed-by: Max Reitz
Signed-off-by: Stefan
From: Andreas Färber
It does a g_free() on the pointer, so don't pass a local &foo reference.
Reviewed-by: Peter Crosthwaite
Reviewed-by: Peter Maydell
Cc: qemu-sta...@nongnu.org
Signed-off-by: Andreas Färber
(cherry picked from commit 127a4e1a51c038ec9167083b65d376dddcc64530)
Signed-off-by:
On 07/08/2014 07:14 AM, Kevin Wolf wrote:
> If a QED image has a shorter backing file and a read request to
> unallocated clusters goes across EOF of the backing file, the backing
> file sees a shortened request and the rest is filled with zeros.
> However, the original too long qiov was used with
Hi everyone,
The following new patches are queued for QEMU stable v1.7.2:
https://github.com/mdroth/qemu/commits/stable-1.7-staging
The release is planned for 2014-07-21:
http://wiki.qemu.org/Planning/1.7
Please respond here or CC qemu-sta...@nongnu.org on any patches
you think should be i
If a QED image has a shorter backing file and a read request to
unallocated clusters goes across EOF of the backing file, the backing
file sees a shortened request and the rest is filled with zeros.
However, the original too long qiov was used with the shortened request.
This patch makes the qiov
From: Dmitry Fleytman
CVE-2013-4544
Signed-off-by: Dmitry Fleytman
Reported-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Dr. David Alan Gilbert
Message-id: 1396604722-11902-5-git-send-email-dmi...@daynix.com
Signed-off-by: Peter Maydell
(cherry picked from commit f1
KScratch Registers (CP0 Register 31, Selects 2 to 7)
The KScratch registers are read/write registers available for scratch pad
storage by kernel mode software. They are 32-bits in width for 32-bit
processors and 64-bits for 64-bit processors.
CP0Config4.KScrExist[2:7] bits indicate presence of CP
CVE-2013-4534
opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.
Fix this by failing migration if the value read from the w
On Wed, Jul 9, 2014 at 1:41 AM, Paolo Bonzini wrote:
> Il 08/07/2014 17:45, Ming Lei ha scritto:
>
>>
>> -/* empty io queue */
>> -s->io_q.idx = 0;
>> +ret = io_submit(s->ctx, len, s->io_q.iocbs);
>> +if (ret == -EAGAIN) {
>> +event_notifier_set(&s->retry);
>> +retu
From: Eduardo Habkost
The TCG_7_0_EBX_FEATURES macro was defined but never used (it even had a
typo that was never noticed). Make the existing TCG feature filtering
code use it.
Reviewed-by: Richard Henderson
Signed-off-by: Eduardo Habkost
Cc: qemu-sta...@nongnu.org
Signed-off-by: Andreas Färb
From: Ulrich Obergfell
This patch fixes a bug in scsi_block_new_request() that was introduced
by commit 137745c5c60f083ec982fe9e861e8c16ebca1ba8. If the host cache
is used - i.e. if BDRV_O_NOCACHE is _not_ set - the 'break' statement
needs to be executed to 'fall back' to SG_IO.
Cc: qemu-sta...@
From: Richard Henderson
We were loading 16 bytes for both single and double-precision
scalar comparisons.
Reported-by: Alexander Bluhm
Signed-off-by: Richard Henderson
(cherry picked from commit cb48da7f8140b5cbb648d990876720da9cd04d8f)
Conflicts:
target-i386/translate.c
*removed dep
From: Richard Henderson
The default, 970fx, doesn't support MSR_LE. So even though we set LE in
ppc_cpu_reset, it gets cleared again in hreg_store_msr. Error out if a
user-selected cpu model doesn't support LE.
Signed-off-by: Richard Henderson
[agraf: switch to POWER7 as default for BE and LE
From: Jeff Cody
Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.
The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB.
(Resending for correct email addresses via MAINTAINERS ...)
In the GTK UI, after changing focus to the qemu monitor Notebook Page,
when restoring focus to the virtual machine page, the keyboard focus is lost
to a hidden GTK widget. Focus can only be restored to the virtual machine by
pressing "tab
From: Jeff Cody
The maximum blocks_in_image is 0x / 4, which also limits the
maximum disk_size for a VDI image to 1024TB. Note that this is the maximum
size that QEMU will currently support with this driver, not necessarily the
maximum size allowed by the image format.
This also fixes a
From: Kevin Wolf
If you open an image temporarily just because you want to check its size
or get it flushed, there's no real reason to open the whole backing file
chain.
This is a backport of c9fbb99d41b05acf0d7b93deb2fcdbf9047c238e to
qemu 1.7.1.
The backport was done to fix a bug where QEMU 1
> -Original Message-
> From: Amos Kong [mailto:ak...@redhat.com]
> Sent: Tuesday, July 08, 2014 10:55 PM
> To: Gonglei (Arei)
> Cc: chenliang (T); qemu-devel@nongnu.org; afaer...@suse.de;
> ag...@suse.de; stefa...@redhat.com; a...@ozlabs.ru;
> alex.william...@redhat.com; arm...@redhat.com
From: Alexey Kardashevskiy
So far it was enough to have a base PVR value and mask per CPU
family such as POWER7 or POWER8. However there CPUs which are
completely architecturally compatible but have different PVRs such
as POWER7/POWER7+ and POWER8/POWER8E. For these CPUs, top 16 bits
are CPU fami
From: "Michael S. Tsirkin"
CVE-2013-4530
pl022.c did not bounds check tx_fifo_head and
rx_fifo_head after loading them from file and
before they are used to dereference array.
Reported-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Quintela
(cherry picked from c
On Tue, Jul 08, 2014 at 12:04:10PM -0700, Richard Henderson wrote:
> > Just one thing - 0x1f will make 32bit hosts whine about integer
> > constant being too large. So will 0x1ful, unfortunately - it
> > really ought to be ull.
> >
>
> I did use ull on the branch.
Aha..
Markus Armbruster writes:
> Please send topics.
No topics, no call today. Happy hacking!
[...]
From: Stefan Hajnoczi
Use the right types instead of signed int:
size_t new_size;
This is a byte count for g_realloc() that is calculated from uint32_t
and size_t values.
uint32_t chunk_count;
Use the same type as s->n_chunks, which is used together with
chunk_count.
This patch i
Am 07.07.2014 um 17:37 hat Kevin Wolf geschrieben:
> bdrv_is_allocated() should return either 0 or 1 in successful cases.
> We're lucky that currently, the callers that rely on this (e.g. because
> they check for ret == 1) don't seem to break badly. They just might skip
> some optimisation or in th
From: Max Reitz
As speed is an optional parameter for the QMP block-commit command, it
should be set to 0 if not given (as it is undefined if has_speed is
false), that is, the speed should not be limited.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Reitz
Reviewed-by: Eric Blake
Reviewed-by:
From: Markus Armbruster
Introduced in commit a8d8ecb. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit f25391c2a6ef1674384204265429520ea50e82bc)
Signed-off-by: Michael Roth
---
block/qapi.c | 1 +
1 file ch
From: Laurent Dufour
During KVMPPC_H_CAS processing, the cpu-version updated value is stored
without taking care of the current endianess. As a consequence, the guest
may not switch to the right CPU model, leading to unexpected results.
If needed, the value is now converted.
Fixes: 6d9412ea8132
From: "Michael S. Tsirkin"
CVE-2013-4527 hw/timer/hpet.c buffer overrun
hpet is a VARRAY with a uint8 size but static array of 32
To fix, make sure num_timers is valid using VMSTATE_VALID hook.
Reported-by: Anthony Liguori
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Dr. David Alan Gilbert
From: Richard Henderson
The first non-register argument isn't placed at offset 0.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Stefan Weil
Signed-off-by: Richard Henderson
(cherry picked from commit 0b919667302aa395bfde0328749dc21a0b123c44)
Signed-off-by: Michael Roth
---
tcg/i386/tcg-target.c |
On 29/05/14 20:48, Olivier Danet wrote:
Hello Mark
- Don't you like green ?
It looks fine for me : http://temlib.org/pub/boot_netbsd6.jpg
- "checkpatch.pl" did not find anything wrong with this patch. I will adjust
style and spacings anyway.
- AFAIU, it is impossible to implement exactly thi
From: Gal Hammer
Fix a bug that was introduced in commit 386a5a1e. A removal of a device
set the chr handlers to NULL. However when the device is plugged back,
its read callback is not restored so data can't be transferred from the
host to the guest (e.g. via the virtio-serial port).
https://bug
From: Paolo Bonzini
BND0-3, BNDCFGU, BNDCFGS, BNDSTATUS were not zeroed on reset, but they
should be (Intel Instruction Set Extensions Programming Reference
319433-015, pages 9-4 and 9-6). Same for YMM.
XCR0 should be reset to 1.
TSC and TSC_RESET were zeroed already by the memset, remove the
On 07/08/2014 12:02 PM, Al Viro wrote:
> On Tue, Jul 08, 2014 at 11:12:20AM -0700, Richard Henderson wrote:
>> On 07/08/2014 09:13 AM, Al Viro wrote:
>>> Frankly, I suspect that it's better to have qemu-system-alpha behave like
>>> the actual hardware does (including "FPCR.DNOD can't be set") and k
On Tue, Jul 08, 2014 at 11:12:20AM -0700, Richard Henderson wrote:
> On 07/08/2014 09:13 AM, Al Viro wrote:
> > Frankly, I suspect that it's better to have qemu-system-alpha behave like
> > the actual hardware does (including "FPCR.DNOD can't be set") and keep the
> > linux-user behaviour as is, fo
From: Le Tan
In function do_pci_register_device() in file hw/pci/pci.c, move the assignment
of pci_dev->devfn to the position before the call to
pci_device_iommu_address_space(pci_dev) which will use the value of
pci_dev->devfn.
Fixes: 9eda7d373e9c691c070eddcbe3467b991f67f6bd
pci: Introduce
From: Kevin Wolf
bs->total_sectors is not the highest possible sector number that could
be involved in a copy on write operation: VM state is after the end of
the virtual disk. This resulted in wrong values for the number of
sectors to be copied (n).
The code that checks for the end of the image
From: Markus Armbruster
bs_opts is leaked on all paths from its qdev_new() that don't got
through blockdev_init(). Add the missing QDECREF(), and zap bs_opts
after blockdev_init(), so the new QDECREF() does nothing when we go
through blockdev_init().
Leak introduced in commit f298d07. Spotted
From: Kevin Wolf
This fixes two possible division by zero crashes: In bochs_open() and in
seek_to_sector().
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Max Reitz
Signed-off-by: Stefan Hajnoczi
(cherry picked from commit 8e53abbc20d08ae3ec30c2054e1161314ad9501d)
Signed
In the GTK UI, after changing focus to the qemu monitor Notebook Page,
when restoring focus to the virtual machine page, the keyboard focus is lost
to a hidden GTK widget. Focus can only be restored to the virtual machine by
pressing "tab" or any of the four directional arrow keys.
Clicking in the
From: Peter Maydell
A gcc codegen bug in x86_64-w64-mingw32-gcc (GCC) 4.6.3 means that
non-debug builds of QEMU for Windows tend to assert when using
coroutines. Work around this by marking qemu_coroutine_switch
as noinline.
If we allow gcc to inline qemu_coroutine_switch into
coroutine_trampoli
From: Markus Armbruster
VncTight member uint8_t quality is either (uint8_t)-1 for lossless or
less than 10 for lossy.
tight_detect_smooth_image() first promotes it to int, then compares
with -1. Always unequal, so we always execute the lossy code. Reads
beyond tight_conf[] and returns crap whe
From: Stefan Hajnoczi
The following integer overflow in offsets_size can lead to out-of-bounds
memory stores when n_blocks has a huge value:
uint32_t n_blocks, offsets_size;
[...]
ret = bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4);
[...]
s->n_blocks = be32_to_cpu(s->n_block
From: Peter Lieven
the retry logic was broken because the complete status
of the task structure was not reset. this resulted in
an infinite loop retrying the command over and over.
CC: qemu-sta...@nongnu.org
Signed-off-by: Peter Lieven
Signed-off-by: Paolo Bonzini
(cherry picked from commit 83
From: Dmitry Fleytman
CVE-2013-4544
Signed-off-by: Dmitry Fleytman
Reported-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Dr. David Alan Gilbert
Message-id: 1396604722-11902-3-git-send-email-dmi...@daynix.com
Signed-off-by: Peter Maydell
(cherry picked from commit 98
From: Dmitry Fleytman
CVE-2013-4544
Signed-off-by: Dmitry Fleytman
Reported-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Dr. David Alan Gilbert
Message-id: 1396604722-11902-4-git-send-email-dmi...@daynix.com
Signed-off-by: Peter Maydell
(cherry picked from commit 3c
From: "Edgar E. Iglesias"
Signed-off-by: Edgar E. Iglesias
Reviewed-by: Alex Bennée
Message-id: 1398926097-28097-2-git-send-email-edgar.igles...@gmail.com
Signed-off-by: Peter Maydell
(cherry picked from commit fed3ffb9f157f33bc9b2b1c3ef68e710ee6b7b4b)
Conflicts:
target-arm/helper.c
From: Thomas Huth
With the EDAT-1 facility, the MMU translation can stop at the
segment table already, pointing to a 1 MB block. And while we're
at it, move the page table entry handling to a separate function,
too, as suggested by Alexander Graf.
Acked-by: Alexander Graf
Signed-off-by: Thomas
From: "Michael S. Tsirkin"
CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
This code is in hw/net/virtio-net.c:
if (n->max_queues > 1) {
if (n->max_queues != qemu_get_be16(f)) {
error_report("virtio-net: different max_queues "
From: Stefan Hajnoczi
The mirror blockjob coroutine rate-limits itself by sleeping. The
coroutine also performs I/O asynchronously so it's important that the
aio callback doesn't wake the coroutine early as that breaks
rate-limiting.
Reported-by: Joaquim Barrera
Signed-off-by: Stefan Hajnoczi
From: David Hildenbrand
This patch creates empty function stubs (used by the gdbserver) in preparation
for the hw debugging support by kvm on s390, which will enable the
__KVM_HAVE_GUEST_DEBUG define in the linux headers and require these methods on
the qemu side.
Signed-off-by: David Hildenbran
From: Peter Crosthwaite
The smlald (and probably smlsld) instruction was doing incorrect sign
extensions of the operands amongst 64bit result calculation. The
instruction psuedo-code is:
operand2 = if m_swap then ROR(R[m],16) else R[m];
product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>);
prod
From: "Michael S. Tsirkin"
CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
> } else if (n->mac_table.in_use) {
> uint8_t *buf = g_malloc0(n->mac_table.in_use);
We are allocating buffer of size n->mac_table.in_use
> qe
From: Cole Robinson
Signed-off-by: Cole Robinson
Signed-off-by: Alexander Graf
---
Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 1eea0c4..d6b9dc1 100644
--- a/Makefile
+++ b/Makefile
@@ -344,7 +344,8 @@ multiboot.bin linuxboot.bin kvmv
From: Richard Henderson
The bswap that's needed for system mode isn't required for
user mode, and in fact breaks debugging.
Signed-off-by: Richard Henderson
[agraf: fix apple gdbstub implementation]
Signed-off-by: Alexander Graf
---
target-ppc/gdbstub.c | 34 +++---
In Revision 3 of the architecture, the RI and XI bits were added to the TLB
to enable more secure access of memory pages. These bits (along with the Dirty
bit) allow the implementation of read-only, write-only, no-execute access
policies for mapped pages.
Signed-off-by: Leon Alrae
---
target-mip
Hi Peter,
This is my latest bugfix queue for ppc for the 2.1 release. Please pull.
Alex
The following changes since commit 128f0e66149afb2dfc325dfd183aac345f417763:
Merge remote-tracking branch 'remotes/afaerber/tags/prep-for-2.1' into
staging (2014-07-07 19:06:55 +0100)
are available in
On 08/07/14 11:09, Christian Borntraeger wrote:
> On 08/07/14 09:43, Ming Lei wrote:
>> On Tue, Jul 8, 2014 at 3:19 PM, Christian Borntraeger
>> wrote:
>>> Ping.
>>>
>>> has anyone seen a similar hang on x86?
>
> The problem seems to be, that for managedsave, we do a VM stop before we call
> the
On 8 July 2014 17:13, Al Viro wrote:
> On Tue, Jul 08, 2014 at 09:05:10AM +0100, Peter Maydell wrote:
>
>> The code we have currently may well be buggy, but the correct
>
> It is ;-/ We set TARGET_FPE_FLTINV unconditionally there. BTW, what's
> the reason why all these cpu_loop() instances can't
Hi,
Am 08.07.2014 17:24, schrieb Anshul Makkar:
> In our data center we are using qemu 1.0/ 1.2 and we need to do a live
> migration to qemu 2.0.
>
> One of the main hindrance that we are facing is that QEMU 1.0 uses old
> PC model so if a user using Windows on the VM running on QEMU 1.0 does
> a
On 8 July 2014 17:08, Leon Alrae wrote:
> I intentionally skipped this here to focus this patchset on the new
> features only. I also think that eventually we will have to update the
> prototypes and go through all the targets.
Yeah, that's reasonable. If you make this a typedef then we
can updat
Hi Peter,
On 08/07/2014 14:00, Peter Maydell wrote:
> On 8 July 2014 08:57, Leon Alrae wrote:
>> New MIPS features depend on the access type and enum is more convenient than
>> using the numbers directly.
>>
> Mmm, I've thought for a while it would be better to have this
> be an enum, but never g
PageGrain needs rw bitmask which differs between MIPS architectures.
In pre-R6 if RIXI is supported, PageGrain.XIE and PageGrain.RIE are writeable,
whereas in R6 they are read-only 1.
Signed-off-by: Leon Alrae
---
target-mips/cpu.h|4
target-mips/helper.h |5
On 08.07.14 17:01, Peter Maydell wrote:
Add ULL suffix to 64 bit constant to prevent compiler warnings
on some 32 bit platforms.
Signed-off-by: Peter Maydell
Reviewed-by: Alexander Graf
Alex
On 07/07/2014 11:13 AM, Bastian Koppelmann wrote:
> +env->active_tc.ICR |= (const9 & 0xff); /* ICR.CCPN = const9[7: 0];*/
There's no reason not to perform this AND at translation time.
r~
Am 05.07.2014 um 22:06 hat Max Reitz geschrieben:
> On 04.07.2014 17:55, Kevin Wolf wrote:
> >If a QED image has a shorter backing file and a read request to
> >unallocated clusters goes across EOF of the backing file, the backing
> >file sees a shortened request and the rest is filled with zeros.
On Tue, Jul 8, 2014 at 3:19 PM, Christian Borntraeger
wrote:
> Ping.
>
> has anyone seen a similar hang on x86?
>
>
>
> On 07/07/14 13:58, Christian Borntraeger wrote:
>> Folks,
>>
>> with current 2.1-rc0 (
>> + dataplane: do not free VirtQueueElement in vring_push()
>> + virtio-blk: avoid datap
On 07.07.14 09:08, Eric Auger wrote:
Allows sysbus devices to be instantiated from command line by
using -device option
---
Inspired from what Alex Graf did in ppc e500
https://lists.gnu.org/archive/html/qemu-ppc/2014-07/msg00012.html
Signed-off-by: Alexander Graf
Signed-off-by: Eric Auger
Signed-off-by: Leon Alrae
---
target-mips/helper.c | 21 ++---
1 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/target-mips/helper.c b/target-mips/helper.c
index 8a997e4..9871273 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -87,7 +87,7 @@ int
In the enqueue path, we can't complete request, otherwise
"Co-routine re-entered recursively" may be caused, so this
patch fixes the issue with below ideas:
- for -EAGAIN, retry the submission in an introduced event handler
- for part of completion, just update the io queue, since
On 07.07.14 09:08, Eric Auger wrote:
This method is meant to be called on sysbus device dynamic
instantiation (-device option). Devices that support this
kind of instantiation must implement this method.
Signed-off-by: Eric Auger
For the reason I stated earlier, I don't think it's a good ide
We were truncating physical addresses to 32bit when using qemu-system-ppc
with a booke206 TLB implementation. This patch fixes that and makes the full
address space available.
Signed-off-by: Alexander Graf
---
target-ppc/mmu_helper.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
d
On 07/07/2014 11:13 AM, Bastian Koppelmann wrote:
> Add instructions of SBR opcode format.
> Add gen_loop micro-op generator function.
>
> Signed-off-by: Bastian Koppelmann
> ---
> target-tricore/translate.c | 69
> ++
> 1 file changed, 69 insertions(
I'm not confident yet we're seeing the exact same problem, but it is
pretty close. We're running a somewhat wide range of hyperisor kernels,
these are our observations so far.
node-1-1 3.13.0-24-generic is affected for 0% of vms
node-1-3 3.13.0-24-generic is affected for 0% of vms
node-1-5 3.
From: Alexey Kardashevskiy
POWER8E is architecturally equal to POWER8 and POWER7+ is equal to
POWER7. Also no user space tool makes any difference for CPU node name
in the device tree (such as PowerPC,POWER7@0 vs. PowerPC,POWER7+@0).
So there is no point in emulating POWER7+ and POWER8E apart fro
> -Original Message-
> From: chenliang (T)
> Sent: Tuesday, July 08, 2014 7:03 PM
> To: Amos Kong
> Cc: Gonglei (Arei); qemu-devel@nongnu.org; afaer...@suse.de;
> ag...@suse.de; stefa...@redhat.com; a...@ozlabs.ru;
> alex.william...@redhat.com; arm...@redhat.com; ebl...@redhat.com;
> kw...@
Hi,
In our data center we are using qemu 1.0/ 1.2 and we need to do a live
migration to qemu 2.0.
One of the main hindrance that we are facing is that QEMU 1.0 uses old
PC model so if a user using Windows on the VM running on QEMU 1.0 does
a live migrate to QEMU 2.0 , he will see a licensing issu
If machine doesn't support memory hotplug then staring QEMU
with initial memory less than default will make QEMU exit with
following error message:
$QEMU -m 16 -M isapc
qemu-system-i386: "-memory 'slots|maxmem'" is not supported by: isapc
Set maxram_size to initial memory value before parsing
'm
Implement kvm_arm_vcpu_init() as a simple call to arm_arm_vcpu_init()
(which uses the KVM_ARM_VCPU_INIT vcpu ioctl to tell the kernel
to re-initialize the vCPU), rather than via the complicated code
which saves a copy of the register state on first init and then
writes it back to the kernel. This i
Hi,
Was tracing the buffer handling code flow after the kick has been
initiated from the guest in case of virtio.
Found this function
cpu_physical_memory_map->address_space_map->address_space_translate
which calls address_space_translate_internal and iommu->translate (get
the translation from TLB
Am 08.07.2014 um 16:43 hat Stefan Hajnoczi geschrieben:
> On Tue, Jul 1, 2014 at 5:25 PM, Stefan Hajnoczi wrote:
> > This series fixes issues recently introduced when unifying virtio-blk
> > dataplane's request handling with non-dataplane virtio-blk.
> >
> > The problems include broken memory allo
1 - 100 of 154 matches
Mail list logo
