John Snow writes:
> On 08/06/2014 07:30 AM, Markus Armbruster wrote:
>> Stefan Hajnoczi writes:
>>
>>> On Mon, Aug 04, 2014 at 05:11:01PM -0400, John Snow wrote:
This patch series introduces a number of small fixes and tweaks to
help support an AHCI test suite that in the future I hope
Serge,
On 7 Aug 2014, at 03:50, Serge Hallyn wrote:
> This worked for me when migrating by hand. I'm trying to make it work
> through libvirt, using the following patch. (So whether to have
> pc-1.0 be treated as qemu's or qemu-kvm's pc-1.0 is specifed using a
> boolean in /etc/libvirt/qemu.co
After ACPI get a signal to eject a vCPU, the vCPU must be
removed from CPU list,before the vCPU really removed, then
release the all related vCPU objects.
But we do not close KVM vcpu fd, just record it into a list, in
order to reuse it.
Signed-off-by: Chen Fan
Signed-off-by: Gu Zheng
---
cpus
From: Chen Fan
When OS ejected a vcpu (like: echo 1 > /sys/bus/acpi/devices/LNXCPUXX/eject),
it would call acpi EJ0 method, the firmware need to write the new cpumap, QEMU
would know which vcpu need to be ejected.
TODO:
-confirm the hotplug result via OST if guest support it.
Signed-off-by: Che
From: Chen Fan
add interface cpu_common_unrealizefn() for emiting vcpu unplug
notifier to ACPI, then ACPI could send sci interrupt
to OS for hot-remove vcpu.
Signed-off-by: Chen Fan
Signed-off-by: Gu Zheng
---
qom/cpu.c | 12
1 files changed, 12 insertions(+), 0 deletions(-)
d
Introduce a common cpu hotplug notifier(CPUNotifier)
to support UNPLUG cpu notify.
Signed-off-by: Gu Zheng
Signed-off-by: Chen Fan
---
hw/acpi/cpu_hotplug.c | 15 +++
hw/acpi/ich9.c|5 -
hw/acpi/piix4.c | 11 +++
include/hw/a
From: Chen Fan
Rename variable 'cpu_added_notifier' to 'cpu_hotplug_notifier' for
adding remove vcpu notifier support.
Signed-off-by: Chen Fan
Signed-off-by: Gu Zheng
---
hw/acpi/ich9.c |8
hw/acpi/piix4.c | 10 +-
hw/i386/pc.c|2 +-
inc
In order to add cpu(i386) device_del support, introduce the cpu hot
unplug hanlde(x86_cpu_unplug) which will trigger the unrealize routine,
and just register it to the cpu class unplug handle.
Signed-off-by: Chen Fan
Signed-off-by: Gu Zheng
---
target-i386/cpu.c | 22 ++
1
From: Chen Fan
Implement x86_cpu_unrealizefn() for corresponding x86_cpu_realizefn(),
which is mostly used to clean the apic related allocation and vmstates
at here.
Signed-off-by: Chen Fan
Signed-off-by: Gu Zheng
---
hw/i386/kvm/apic.c |8 +++
hw/intc/apic.c
From: Chen Fan
Add support to device_add foo-x86_64-cpu, and additional checks of
apic id are added into x86_cpuid_set_apic_id() and x86_cpu_apic_create()
for duplicate. Besides, in order to support "device/device_add foo-x86_64-cpu"
which without specified apic id, we add a new function get_free
Move cpu vmstate register from cpu_exec_init into cpu_common_realizefn,
apic vmstate register into x86_cpu_apic_realize. And use the
cc->get_arch_id as the instance id that suggested by Igor to
fix the migration issue.
Signed-off-by: Gu Zheng
---
exec.c | 32 ++
From: Chen Fan
Reviewed-by: Eduardo Habkost
Signed-off-by: Chen Fan
Signed-off-by: Gu Zheng
---
target-i386/topology.h | 33 +
1 files changed, 17 insertions(+), 16 deletions(-)
diff --git a/target-i386/topology.h b/target-i386/topology.h
index 07a6c5f..e9ff
This series is based on the previous patchset from Chen Fan:
https://lists.nongnu.org/archive/html/qemu-devel/2014-05/msg02360.html
https://lists.nongnu.org/archive/html/qemu-devel/2013-12/msg04266.html
Patch 1~3: add device_add foo-x86_64-cpu support
These three patches try to make cpu hotplug wi
Hi Anshul,
I rebased these two parts on latest QEMU tree (no functional change), and
will send out later.
So if you like, please refer to the new one, it will be easy for you to
review and test.
Thanks,
Gu
On 08/01/2014 11:34 PM, Anshul Makkar wrote:
> Hi Gu,
>
> Thanks for clarifying.
>
> Ah
This worked for me when migrating by hand. I'm trying to make it work
through libvirt, using the following patch. (So whether to have
pc-1.0 be treated as qemu's or qemu-kvm's pc-1.0 is specifed using a
boolean in /etc/libvirt/qemu.conf) Qemu starts with decent
looking args, but for some reason
These three objects are repeated in multiple times in Makefiles. Let's
just add them to libqemuutil.a, and don't list explicitly elsewhere.
Signed-off-by: Fam Zheng
---
Makefile | 2 +-
Makefile.objs | 10 ++
tests/Makefile | 2 +-
3 files changed, 4 insertions(+), 10 deletions(
On Wed, Aug 06, 2014 at 03:18:21PM -0300, Eduardo Habkost wrote:
> Reviewed-by: Markus Armbruster
> Reviewed-by: Marcel Apfelbaum
> Signed-off-by: Eduardo Habkost
Reviewed-by: Amos Kong
> ---
> hw/core/machine.c | 8
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/core/machi
On Wed, Aug 06, 2014 at 03:18:20PM -0300, Eduardo Habkost wrote:
> Reviewed-by: Markus Armbruster
> Signed-off-by: Eduardo Habkost
> ---
> backends/rng-egd.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/backends/rng-egd.c b/backends/rng-egd.c
> index 25bb3b4..2962795 100644
> --- a/
On Mon, Jun 02, 2014 at 01:38:52PM +0200, Markus Armbruster wrote:
> Eduardo Habkost writes:
>
> > g_free() is NULL-safe.
> >
> > Signed-off-by: Eduardo Habkost
> > ---
> > Cc: Anthony Liguori
> > Cc: Luiz Capitulino
> > ---
> > backends/rng-random.c | 5 +
> > 1 file changed, 1 insertion
On 2014/8/6 20:30, Levente Kurusa wrote:
The function fstat() may fail, so check its return value.
Signed-off-by: zhanghailiang
---
hw/misc/ivshmem.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 768e528..5d939d2 100644
--
On 2014/8/7 5:04, Michael S. Tsirkin wrote:
On Wed, Aug 06, 2014 at 05:47:12PM +0800, Chen, Tiejun wrote:
On 2014/8/6 17:42, Michael S. Tsirkin wrote:
On Wed, Aug 06, 2014 at 02:50:34PM +0800, Tiejun Chen wrote:
Implement a pci host bridge specific to passthrough. Actually
this just inherits
On 2014/8/7 5:07, Michael S. Tsirkin wrote:
On Wed, Aug 06, 2014 at 06:17:02PM +0800, Chen, Tiejun wrote:
On 2014/8/6 17:45, Michael S. Tsirkin wrote:
On Wed, Aug 06, 2014 at 02:50:33PM +0800, Tiejun Chen wrote:
We need to use this index to reuse this macro later
Signed-off-by: Tiejun Chen
I think one of those gtk patches broke mouse/keyboard grab for my
Windows 8 vfio/vga-passthrough setup in 2.1.0 and I was instructed on
IRC to report that here.
With 2.0.0 I got a black qemu window with "This VM has no graphic
display device", which I could click on to get a mouse grab.
With 2.1.0
On 06/08/14 14:51, Andrew Fish wrote:
> How you write a GPL licensed FAT driver seems like a legal quagmire. Probably
> something better discussed with a lawyer. From the outside looking in it
> seems like the IP rights are enforced by charging licensing fees to devices
> that support FAT. So f
On 08/06/2014 02:38 PM, Michael Roth wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.0.1:
>
> https://github.com/mdroth/qemu/commits/stable-2.0-staging
>
> The release is planned for 2014-08-15:
>
> http://wiki.qemu.org/Planning/2.0
>
> Please respond here
On 08/06/2014 02:46 PM, Jaume Martí wrote:
> Hello,
>
> I submit a patch to fix bugs 661696 and 1248376.
> I already submitted a previous version of this patch, this version requires
> less TCG operations to execute.
If this is a second version of the patch, then you should have v2 in the
subject
From: Paolo Bonzini
Commit 884f17c (aio / timers: Convert rtc_clock to be a QEMUClockType,
2013-08-21) erroneously changed an occurrence of rtc_clock to
QEMU_CLOCK_REALTIME, which broke the RTC reset notifier in
mc146818rtc. Fix this.
I redid the patch myself since the original reporter did not
On Wed, Aug 06, 2014 at 02:07:09PM -0400, Gabriel L. Somlo wrote:
> Michael,
>
> As discussed earlier here are my e1000 phy_ctrl and phy_status
> cleanup patches we decided to delay until after the 2.1 release.
>
> Thanks,
> Gabriel
Applied, thanks!
> Gabriel L. Somlo (2):
> e1000: correctl
VMDK's streamOptimized format is different from regular sparse format.
L1(GD) and L2(GT) tables are not predefined but rather generated and
written during image creation mainly because there is no way to tell
how much space data will occupy once they are compressed. Also the
location of header, L1
From: Peter Maydell
The VMStateDescription for the imx_ccm device was missing its
terminator. Found by static search of the codebase using
a regex based on one suggested by Ian Jackson:
pcregrep -rMi '(?s)VMStateField(?:(?!END_OF_LIST).)*?;' $(git grep -l
'VMStateField\[\]')
Signed-off-by: Pe
From: Chen Gang
If kvm_arch_remove_sw_breakpoint() in CPU_FOREACH() always be fail, it
will let 'cpu' NULL. And the next kvm_arch_remove_sw_breakpoint() in
QTAILQ_FOREACH_SAFE() will get NULL parameter for 'cpu'.
And kvm_arch_remove_sw_breakpoint() can assumes 'cpu' must never be NULL,
so need d
VMDK's streamOptimized format is different from regular sparse format.
L1(GD) and L2(GT) tables are not predefined but rather generated and
written during image creation mainly because there is no way to tell
how much space data will occupy once they are compressed. Also the
location of header, L1
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1353545
Title:
QED does not deliver flush on synchronized write
Status in QEMU:
Invalid
Bug descr
Public bug reported:
At least one flush method should be provided by qed driver
(common/co/aio).
I was doing "sync write" benchmarking on varies qemu supported formats
(on ssd). I was surprised that QED shows significant high performance
over several other formats (qcow2/vmdk/vdi..). In some test
Hello,
This patch contains changes in target-i386/translate.c file to include a
new parameter in some functions containing one byte of the instruction that
together with the modrm value is used to identify the non control x87
instructions. This set of instructions are the ones that update the x87
Hello,
This patch just removes an unnecessary parameter.
Best regards,
Jaume
Signed-off-by: Jaume Marti Farriol (jaume.mar...@gmail.com)
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 1141054..73f8f6b 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -865,7 +865,7 @@ st
From: Andreas Färber
It does a g_free() on the pointer, so don't pass a local &foo reference.
Reviewed-by: Peter Crosthwaite
Reviewed-by: Peter Maydell
Cc: qemu-sta...@nongnu.org
Signed-off-by: Andreas Färber
(cherry picked from commit 127a4e1a51c038ec9167083b65d376dddcc64530)
Signed-off-by:
From: KONRAD Frederic
This checks that s->chr is not NULL before using it.
Signed-off-by: KONRAD Frederic
Reviewed-by: Peter Crosthwaite
Signed-off-by: Peter Maydell
(cherry picked from commit af52fe862fba686713044efdf9158195f84535ab)
Signed-off-by: Michael Roth
---
hw/char/cadence_uart.c |
From: Don Slutz
QEMU 2.0 changed memory layout for isapc and pc-0.10 to pc-0.13.
This prevents migration from QEMU 1.7.0 for these
machine types when -m 3.5G is specified.
Paolo Bonzini asked that:
smbios_legacy_mode = true;
has_reserved_memory = false;
option_rom_has_mr = true;
From: Hani Benhabiles
These values aren't used in this case.
Currently, the from field in the request sent by the nbd kernel module leading
to a false error message when ending the connection with the client.
$ qemu-nbd some.img -v
// After nbd-client -d /dev/nbd0
nbd.c:nbd_trip():L1031: From:
On Wed, Aug 06, 2014 at 06:17:02PM +0800, Chen, Tiejun wrote:
> On 2014/8/6 17:45, Michael S. Tsirkin wrote:
> >On Wed, Aug 06, 2014 at 02:50:33PM +0800, Tiejun Chen wrote:
> >>We need to use this index to reuse this macro later
> >>
> >>Signed-off-by: Tiejun Chen
> >
> >Which index?
> >Most users
On Aug 6, 2014, at 6:44 AM, Paolo Bonzini wrote:
> Il 06/08/2014 12:34, Laszlo Ersek ha scritto:
>> So no, you can't ship an OVMF binary (or source tarball) that contains
>> the FAT driver, bundled as part of the GPLv2 (+compatible) QEMU
>> distribution, either in source or in binary form.
>
>
From: Markus Armbruster
Signed-off-by: Markus Armbruster
Signed-off-by: Andreas Färber
(cherry picked from commit a7737e4496aa3c1c8c3a4b4b9d5e44875fe21e12)
Signed-off-by: Michael Roth
---
hw/core/qdev.c | 20 ++--
hw/intc/i8259.c | 4 ++--
hw/timer/i8254.c | 4 ++--
3 fil
Hello,
This patch contains the main changes. It contains modifcations to the
target-i386/translate.c file.
Those modifications are meant to generate TCG instructions to maintain the
correct value for the variables fpop, fpip, fpdp, fpds and fpcs in the cpu
state.
Best regards,
Jaume
Signed-off-b
From: Hani Benhabiles
The device is exported with erroneous values and can't be read.
Before the patch:
$ sudo nbd-client localhost -p 10809 /dev/nbd0 -name floppy0
Negotiation: ..size = 17592186044415MB
bs=1024, sz=18446744073709547520 bytes
$ sudo mount /dev/nbd0 /mnt/tmp/
mount: block device
From: Cédric Le Goater
TCP connectivity fails when the guest has a different endianness.
The packets are silently dropped on the host by the tap backend
when they are read from user space because the endianness of the
virtio-net header is in the wrong order. These lines may appear
in the guest co
Hello,
This patch includes changes in the helper parameters, for the instructions
involved in saving to memory and restoring the x87 exception pointers.
The changes are to include a new parameter to indicate if the processor is
running in protected more.
Best regards,
Jaume
Signed-off-by: Jaume
From: Alexander Graf
The device configuration is set at realize time and never changes. It
should not be migrated as it is done today. For the sake of compatibility,
let's just skip them at load time.
Signed-off-by: Alexander Graf
[ added missing casts to uint16_t *,
added From, SoB and commi
From: "Dr. David Alan Gilbert"
Commit 'virtio: validate config_len on load' restricted config_len
loaded from the wire to match the config_len that the device had.
Unfortunately, there are cases where this isn't true, the one
we found it on was the wce addition in virtio-blk.
Allow mismatched c
Hello,
This patch contains a required modification due to the change of the size
from 16 bits to 32 bits of the fpop variable in the CPUX86State struct.
Best regards,
Jaume
Signed-off-by: Jaume Marti Farriol (jaume.mar...@gmail.com)
diff --git a/target-i386/machine.c b/target-i386/machine.c
inde
From: Peter Maydell
A gcc codegen bug in x86_64-w64-mingw32-gcc (GCC) 4.6.3 means that
non-debug builds of QEMU for Windows tend to assert when using
coroutines. Work around this by marking qemu_coroutine_switch
as noinline.
If we allow gcc to inline qemu_coroutine_switch into
coroutine_trampoli
From: "Michael S. Tsirkin"
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in
virtio_load@hw/virtio/virtio.c
So we have this code since way back when:
num = qemu_get_be32(f);
for (i = 0; i < num; i++) {
vdev->vq[i].vring.num = qemu_get_be32(f);
array of vqs has size VIRTIO_P
On Wed, Aug 6, 2014 at 4:57 PM, Milos Vyletel wrote:
> VMDK's streamOptimized format is different from regular sparse format.
> L1(GD) and L2(GT) tables are not predefined but rather generated and
> written during image creation mainly because there is no way to tell
> how much space data will occ
From: Ulrich Obergfell
This patch fixes a bug in scsi_block_new_request() that was introduced
by commit 137745c5c60f083ec982fe9e861e8c16ebca1ba8. If the host cache
is used - i.e. if BDRV_O_NOCACHE is _not_ set - the 'break' statement
needs to be executed to 'fall back' to SG_IO.
Cc: qemu-sta...@
From: Andreas Färber
Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).
This avoids leaking the dereferenced qemu_irq *.
Cc: Markus Armbruster
Reviewed-by: Peter Crosthwaite
Reviewed-by: Peter Maydell
Signed-off-by: Andreas Färber
[PC Changes:
* Applied change
From: Stefano Stabellini
Currently the Makefile of disas/libvixl appends
-I$(SRC_PATH)/disas/libvixl to QEMU_CFLAGS. As a consequence C++ files
that #include "utils.h", such as disas/libvixl/a64/instructions-a64.cc,
are going to look for utils.h on all the other include paths first.
When buildin
From: "Michael S. Tsirkin"
vhost_verify_ring_mappings leaks mappings on error.
Fix this up.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit 8617343faae6ba7e916137c6c9e3ef22c00565d8)
Signed-off-by: Michael Roth
---
hw/virtio/vhost.c | 10 ++
1 f
From: "Jason J. Herne"
Add code to kvm_arch_get_registers and kvm_arch_put_registers to
save/restore floating point registers. This missing sync was
unnoticed until migration of userspace that uses fprs.
Signed-off-by: Jason J. Herne
Signed-off-by: Christian Borntraeger
[Update patch to latest
From: Hani Benhabiles
This forces finishing data sending to client before closing the socket like in
exports listing or replying with NBD_REP_ERR_UNSUP cases.
Signed-off-by: Hani Benhabiles
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
(cherry picked from commit 27e5eae4577316f7e86a5
From: Chen Gang
When DPRINTF() has effect, the original author wants to print all
ram_load() calling results. So need use 'goto' instead of 'return'
within ram_load(), just like other areas have done.
Signed-off-by: Chen Gang
Signed-off-by: Michael Tokarev
(cherry picked from commit 4798fe55c4
From: Laszlo Ersek
"vmstate_xhci_event" was introduced in commit 37352df3 ("xhci: add live
migration support"), and first released in v1.6.0. The field list in this
VMSD is not terminated with the VMSTATE_END_OF_LIST() macro.
During normal use (ie. migration), the issue is practically invisible,
From: Peter Maydell
The PADEN bit in the transmit control register enables padding of short
data packets out to the required minimum length. However a typo here
meant we were adjusting tx_fifo_len rather than tx_frame_len, so the
padding didn't actually happen. Fix this bug.
Signed-off-by: Peter
From: Peter Maydell
The code in do_cpu_reset() correctly handled AArch64 CPUs
when running Linux kernels, but was missing code in the
branch of the if() that deals with loading ELF files.
Correctly jump to the ELF entry point on reset rather than
leaving the reset PC at zero.
Reported-by: Christ
From: Eduardo Habkost
Instead of an #ifdef in the middle of the code, just set
TCG_EXT2_FEATURES to a different value depending on TARGET_X86_64.
Reviewed-by: Richard Henderson
Signed-off-by: Eduardo Habkost
Signed-off-by: Andreas Färber
(cherry picked from commit a42d9938a162c3e3c9e441d1927d
From: Le Tan
In function do_pci_register_device() in file hw/pci/pci.c, move the assignment
of pci_dev->devfn to the position before the call to
pci_device_iommu_address_space(pci_dev) which will use the value of
pci_dev->devfn.
Fixes: 9eda7d373e9c691c070eddcbe3467b991f67f6bd
pci: Introduce
From: Stefan Hajnoczi
qemu_bh_schedule() is supposed to be thread-safe at least the first time
it is called. Unfortunately this is not quite true:
bh->scheduled = 1;
aio_notify(bh->ctx);
Since another thread may run the BH callback once it has been scheduled,
there is a race condition if t
Hello,
This patch modifies the helpers for the fpu instructions involved in saving
to memory and restoring the x87 exception pointers.
Best regards,
Jaume
Signed-off-by: Jaume Marti Farriol (jaume.mar...@gmail.com)
diff --git a/target-i386/fpu_helper.c b/target-i386/fpu_helper.c
index 1b2900d..
From: Eduardo Habkost
The TCG_7_0_EBX_FEATURES macro was defined but never used (it even had a
typo that was never noticed). Make the existing TCG feature filtering
code use it.
Reviewed-by: Richard Henderson
Signed-off-by: Eduardo Habkost
Cc: qemu-sta...@nongnu.org
Signed-off-by: Andreas Färb
From: Cornelia Huck
We should not try to store the emw portion of the irb if extended
measurements are not applicable. In particular, we should not surprise
the guest by storing a larger irb if it did not enable extended
measurements.
Cc: qemu-sta...@nongnu.org
Reviewed-by: David Hildenbrand
Te
On Wed, Aug 06, 2014 at 05:47:12PM +0800, Chen, Tiejun wrote:
> On 2014/8/6 17:42, Michael S. Tsirkin wrote:
> >On Wed, Aug 06, 2014 at 02:50:34PM +0800, Tiejun Chen wrote:
> >>Implement a pci host bridge specific to passthrough. Actually
> >>this just inherits the standard one.
> >>
> >>This is ba
Hello,
I submit a patch to fix bugs 661696 and 1248376.
I already submitted a previous version of this patch, this version requires
less TCG operations to execute.
As mentioned in a previous email, the patch implements, for TCG, the
specifications provided in Intel and AMD programmer's manuals reg
From: "Michael R. Hines"
1. Fix small memory leak in parsing inet address from command line in
data_init()
2. Fix ibv_post_send() return value check and pass error code back up correctly.
3. Fix rdma_destroy_qp() segfault after failure to connect to destination.
Reported-by: frank.yang...@gmail
From: Markus Armbruster
Introduced in commit 5a8a30d. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit a1904e48c4a9fb114d155419700bfb7d760273b9)
Signed-off-by: Michael Roth
---
block/qcow2.c | 3 +--
1 file
From: Alexander Graf
KVM tells us the number of GSIs it can handle inside the kernel. That value is
basically KVM_MAX_IRQ_ROUTES. However when we try to set the GSI mapping table,
it checks for
r = -EINVAL;
if (routing.nr >= KVM_MAX_IRQ_ROUTES)
goto out;
erroring out even when w
Hello,
This patch contains changes to the tests/tcg/test-i386.c file to test the
storage of the x87 exception pointers by instructions fnstenv and fxsave.
Best regards,
Jaume
Signed-off-by: Jaume Marti Farriol (jaume.mar...@gmail.com)
diff --git a/tests/tcg/test-i386.c b/tests/tcg/test-i386.c
in
From: Markus Armbruster
bs_opts is leaked on all paths from its qdev_new() that don't got
through blockdev_init(). Add the missing QDECREF(), and zap bs_opts
after blockdev_init(), so the new QDECREF() does nothing when we go
through blockdev_init().
Leak introduced in commit f298d07. Spotted
On Wed, Aug 6, 2014 at 12:43 PM, William Dauchy wrote:
> this make it incompatible with -daemonize option.
> there should be a possibility to detach the process and also redirect
> stderr somewhere.
I have done a quick and dirty patch for my own qemu binary so I can
use daemonize and also redirec
From: "Michael S. Tsirkin"
Malformed input can have config_len in migration stream
exceed the array size allocated on destination, the
result will be heap overflow.
To fix, that config_len matches on both sides.
CVE-2014-0182
Reported-by: "Dr. David Alan Gilbert"
Signed-off-by: Michael S. Tsi
From: "Gabriel L. Somlo"
Rename the following symbols:
- smbios_set_type1_defaults() to the more general smbios_set_defaults();
- bool smbios_type1_defaults to the more general smbios_defaults;
- smbios_get_table() to smbios_get_table_legacy();
This patch contains no functional changes.
From: Markus Armbruster
Has always been leaky. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit b122c3b6d020e529b203836efb8f611ece787293)
Signed-off-by: Michael Roth
---
block/vvfat.c | 4 +++-
1 file chang
From: Markus Armbruster
blockdev_init() leaks bs_opts when qemu_opts_create() fails, i.e. when
the ID is bad. Missed in commit ec9c10d.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit 6376f9522372d589f3efe60001dc0486237dd375)
Si
From: Max Filippov
On KC705 bootloader area is located at FLASH offset 0x0600, not 0 as
on older xtfpga boards.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Filippov
(cherry picked from commit 37ed7c4b24f265c2a8c7248666544c9755514ec2)
Signed-off-by: Michael Roth
---
hw/xtensa/xtensa_lx60
From: Markus Armbruster
Introduced in commit 661a0f7. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit bb9cd2ee99f6537c072d5f4bac441717d3cd2bed)
Signed-off-by: Michael Roth
---
qemu-img.c | 2 +-
1 file cha
From: Markus Armbruster
Introduced in commit a8d8ecb. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit f25391c2a6ef1674384204265429520ea50e82bc)
Signed-off-by: Michael Roth
---
block/qapi.c | 1 +
1 file ch
From: Hani Benhabiles
Otherwise, the nbd client may hang waiting for the server response.
Signed-off-by: Hani Benhabiles
Acked-by: Paolo Bonzini
Signed-off-by: Michael Tokarev
(cherry picked from commit 36af599417dde11747a27dc8550ff2281657a8ff)
Signed-off-by: Michael Roth
---
blockdev-nbd.c
From: Andrew Oates
Without the mask, control bits are passed on in the keycode, generating
incorrect PS/2 sequences when SHIFT, ALT, etc are held down.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Andrew Oates
Signed-off-by: Gerd Hoffmann
(cherry picked from commit f5c0ab131265270c1e7852ec0d4e284
From: Markus Armbruster
Has always been leaky. Spotted by Coverity.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit 2df5fee2dbd56a9c34afd6d7df6744da2d951ccb)
Signed-off-by: Michael Roth
---
block/sheepdog.c | 4 ++--
1 file ch
From: Hani Benhabiles
Due to an incomplete initialization, adding a usb-bt-dongle device through HMP
or QMP will cause a segmentation fault.
Signed-off-by: Hani Benhabiles
Reviewed-by: Paolo Bonzini
Signed-off-by: Gerd Hoffmann
(cherry picked from commit c340a284f382a5f40774521f41b4bade76ddfa
From: Eduardo Habkost
pc-q35-1.4 was incorrectly using PC_COMPAT_1_4 instead of
PC_Q35_COMPAT_1_4.
The only side-effect was that the hpet compat property (inherited from
PC_Q35_COMPAT_1_7) was missing.
Without this patch, pc-q35-1.4 inicorrectly initializes hpet-intcap to
0xff0104 (behavior int
From: Markus Armbruster
Spotted by Coverity.
Signed-off-by: Markus Armbruster
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
(cherry picked from commit 91e7fcca4743cf694eb0c8e7a8d938cf359b5bd8)
Signed-off-by: Michael Roth
---
hw/scsi/virtio-scsi.c | 3 ++-
1 file changed, 2 insertio
From: Paolo Bonzini
When the patch was posted that became 5c21ce7 (qdev: Realize buses
on device realization, 2014-03-12), it included recursive realization
and unrealization of devices when the bus's "realized" property
was toggled.
However, due to the same old worries about recursive realizati
From: Kevin Wolf
Like qcow2 since commit 6d33e8e7, error out on invalid lengths instead
of silently truncating them to 1023.
Also don't rely on bdrv_pread() catching integer overflows that make len
negative, but use unsigned variables in the first place.
Cc: qemu-sta...@nongnu.org
Signed-off-by
From: Ming Lei
vhost userspace needn't to handle vq's notification from guest,
so define dummy handle_output callback for all vqs of vhost-scsi.
In some corner cases(such as when handling vq's reset from VM), virtio-pci
still trys to handle pending virtio-scsi events, then object check failure
i
From: Kevin Wolf
A huge image size could cause s->l1_size to overflow. Make sure that
images never require a L1 table larger than what fits in s->l1_size.
This cannot only cause unbounded allocations, but also the allocation of
a too small L1 table, resulting in out-of-bounds array accesses (bot
From: Paolo Bonzini
No semantic change.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
Tested-by: Michael S. Tsirkin
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Andreas Färber
(cherry picked from commit b7b34d055d82abaa511b35c9fc24efbb63dca0b1)
Si
From: "Michael S. Tsirkin"
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so
it's OK if the value read is VIRTQUEUE_MAX_SIZE.
Not a big problem in practice as people don't use
such big queues, but it's inelegant.
Reported-by: "Dr. David Alan Gilbert"
Cc: qemu-sta...@nongnu.
From: Peter Lieven
if a saved vm has unknown flags in the memory data qemu
currently simply ignores this flag and continues which
yields in an unpredictable result.
This patch catches all unknown flags and aborts the
loading of the vm. Additionally error reports are thrown
if the migration abort
From: Kevin Wolf
Too large L2 table sizes cause unbounded allocations. Images actually
created by qemu-img only have 512 byte or 4k L2 tables.
To keep things consistent with cluster sizes, allow ranges between 512
bytes and 64k (in fact, down to 1 entry = 8 bytes is technically
working, but L2 t
From: Peter Maydell
The ARM target-specific code in elfload.c was incorrectly allowing
the 64-bit ARM target to use most of the existing 32-bit definitions:
most noticably this meant that our HWCAP bits passed to the guest
were wrong, and register handling when dumping core was totally
broken. Fi
From: Gonglei
token should be closed in all conditions.
So move CloseHandle(token) to "out" branch.
Signed-off-by: Wang Rui
Signed-off-by: Gonglei
Signed-off-by: Michael Roth
(cherry picked from commit 374044f08fe18a18469b981812cd8695f5b3569c)
Signed-off-by: Michael Roth
---
qga/commands-wi
1 - 100 of 268 matches
Mail list logo
