| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
If a write requests crosses a L2 table boundary and all clusters until the
end of the L2 table are usable for the request, we must not look at the next
L2 entry because we already have arrived at the end of the array.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4805bb66969622f86376191c94c4748bce91e6be)
|
|
Save/restore information necessary to continue in progress PIO/ATAPI CMD
transfers.
This includes the IO buffer.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit ed487bb1d69040b9dac64a4fc076d8dd82b131d6)
|
|
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2583ba97ef1de6040b7d0afd2b66737515de5423)
|
|
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a0104e0ec7939781d79ca4b54ebedd5fd3360151)
|
|
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit efe32fdde15e5764cfbc68cb2d61737681b1e096)
|
|
net_check_clients() prints this when an VLAN has host devices, but no
guest devices. It uses VLANState members nb_guest_devs and
nb_host_devs to keep track of these devices. However, -device does
not update nb_guest_devs, only net_init_nic() does that, for -net nic.
Check the VLAN clients directly, and remove the counters.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 62112d181ca33fea976100c4335dfc3e2f727e6c)
|
|
Call it right after -device devices get created.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 668680f75feea79704c603b96126c0833e1ed9a9)
|
|
Unused since commit 9ad4531e.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7f76abe1c9d880050ba31ff827b3ff5cbc8175a7)
|
|
Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:
block/curl.c
net.c
slirp/misc.c
and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:
assert(commit->path);
The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others). The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL. If there are non-NULL pointers
beyond the first, their buffers would be leaked. This one is admittedly
far-fetched.
The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal. Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with. So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.
If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.
>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup
Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6265eb26a375179f193f792e4f0d49036d2cf052)
|
|
Fix a race condition where qemu finds that there are not enough virtio
ring buffers available and the guest make more buffers available before
qemu can enable notifications.
Signed-off-by: Tom Lendacky <toml@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 06b1297017415ae6a07a0e97ad7d8e90b2d95823)
|
|
OK we are fooled by the json lexer and parser. As we use %I64d to
print 'long long' variables in Win32, but lexer and parser only deal
with %lld but not %I64d, this patch add support for %I64d and solve
'info pci', 'powser_reset' and 'power_powerdown' assert failure in
Win32.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2c0d4b36e7fe28c569c5436f7724735e35d3c493)
|
|
qemu_opt_set wants on/off, not yes/no.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2198a62eb2518b61c3fc7db26515f106e7498932)
|
|
Round robin vcpus in tcg_cpu_next even if the vm stopped. This
allows all cpus to enter stopped state.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c37cc7b072fa4ca8d8d21ac31d26baff5f47f9f9)
|
|
This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.
Signed-off-by: David Ahern <daahern@cisco.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4ab4183d766f10f9fc35cd9ef4acee39f241986f)
|
|
Checking for return codes < 0 isn't really going to work with unsigned
types. Use signed types instead.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f4f0d391b26afcce86df85566788be7170127116)
|
|
In case, when qemu is executed with option like
-serial /dev/ttyS0, report if there are problems with
opening of devices. At now errors are silently ignoring.
Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit afc535acb579a7808d9ff170088c839a29c61dc9)
|
|
- 9fb3f4d Fix PkgLength calculation for the SSDT.
- 6d75be2 Go back to using 0xf0000000 for PCI memory start.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This should explain a lot of the weird breakages of upstream KVM we've
seen recently (actually we should have seen it much earlier):
Stop translating eflags into TCG format when in kvm mode as we never
translate it back and rather sync this broken state into the kernel.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
Backported from HEAD (cc3f20fee2c9bea3793bf873c531ae6baf68df3a)
Signed-off-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
When we signal a CpU exception for coprocessor 0, we should indicate
that it's for coprocessor 0 instead of coprocessor 1.
Signed-off-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 13f160cebd0778113ba8d251aea297286b1666cb)
|
|
The address register is overriden when it corresponds to v0 and the fast
path is taken, which leads to a crash. Fix that by using the a0 register
instead.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit cca1af8c4d2ef6449fd61494ba2cb087b838011c)
|
|
In helper.c AREG0 may not correspond do env, so it's not possible to
call cpu_loop_exit() here. Call it from op_helper.c instead.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit c36bbb28ad62b4b1f494df0b199432d8c79876db)
|
|
If an I/O request fails right away instead of getting an error only in the
callback, we still need to consider rerror/werror.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6c510fbf601fd8c6891b2f1d7165ceb82308a16f)
|
|
Current code assumes that only write requests are ever going to be restarted.
This is wrong since rerror=stop exists. Instead of directly starting writes,
use the same request processing as used for new requests.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f1b5286803ee66f73034f1f5e0e1cf14f4415f94)
|
|
We need a function that handles a single request. Create one by splitting out
code from virtio_blk_handle_output.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bc6694d43a68baa864dba7742354a379a3347f33)
|
|
This fixes CONFIG_FB_CIRRUS for Linux guests and probably much more:
When switching away from linearly mapped vram, we also have to restore
the I/O handlers for the LFB.
This regression was once introduced by commit 2bec46dc97.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4516e45f82b7ee0cedce875477e785989a719b67)
|
|
Now that qcow2_alloc_clusters can return error codes, we must handle them in
the callers of qcow2_alloc_clusters.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 5d757b563d59142ca81e1073a8e8396750a0ad1a)
|
|
update_refcount can return errors that need to be handled by the callers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit db3a964fb6d66bd50faca76968479bb62ed25330)
|
|
There's absolutely no problem with updating the refcounts of 0 clusters.
At least snapshot code is doing this and would fail once the result of
update_refcount isn't ignored any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7322afe7eaa7211285a38ccfb754a0a52911e394)
|
|
If update_refcount fails, try to undo any changes made so far to avoid
inconsistencies in the image file.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 09508d13f3874d07bf25f8dd9f5303cbd8139d1b)
|
|
Return the appropriate error code instead of -EIO.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f2b7c8b37045e0e030ef027cfb6d574558fb732a)
|
|
Don't assume -EIO but return the real error.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 9a8c4cceaf670193270995b95378faa3867db999)
|
|
Returning 0/-errno allows it to distingush different errors classes. The
cluster offset of newly allocated clusters is now returned in the QCowL2Meta
struct.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 148da7ea9d66bad0d5b6512074fbedc4e2640e8f)
|
|
Switching to 0/-errno allows it to distinguish different error cases.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1e3e8f1a437cafa3b23486aea36be3c9c0bd4e28)
|
|
Don't assume success but pass the bdrv_pwrite return value on.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1d36e3aae338a71ba449f561b6343bb313f70968)
|
|
Return the appropriate error value instead of always using EIO. Don't free the
L1 table on errors, we still need it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fb8fa77ce143b0911658b4bcbe641c869e26ceee)
|
|
Toggle full screen on Win32/SDL 1.2.13 was broken by commit
c18a2c360e3100bbd71162cf922dcd8c429a8b71. Re-add the call to
do_sdl_resize() which was removed in this revision
Signed-off-by: Herve Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a35aed57bf47584b5f55b71acf8daba19decf12a)
|
|
Win32 suffers from a very big memory leak when dealing with SCSI devices.
Each read/write request allocates memory with qemu_memalign (ie
VirtualAlloc) but frees it with qemu_free (ie free).
Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks.
Signed-off-by: Herve Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f8a83245d9ec685bc6aa6173d6765fe03e20688f)
|
|
Hi all,
this patch fixes another bug in vnc_refresh: calling vnc_update_client
might cause vs to be free()ed, in this case we cannot access vs->next
right after to examine the next item on the list.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6185c5783c50ab5bb4bcdc317772848278cb9bc1)
|
|
Commit 930c86820e introduced a regression to eth_send: eth_tx_desc_put
manipulates the host's tx descriptor copy before writing it back, but
two lines down the descriptor is evaluated again, leaving us with an
invalid next address if host and guest endianness differ. So this was
the actual issue commit 2e87c5b937 tried to paper over.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 07b064e9de65a26a4cb36dfb37c7506ef17407fd)
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Commit b3a219883e uncovered that we attached the Wolfson with an I2C
address shifted left by one. Fixing this makes sound work again for
the Musicpal.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 642582296479eabded45f262acbfea5121d2fbf8)
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
savevm without id or tag segfaults in:
(gdb) bt
#0 0x00007f600a83bf8a in __strcmp_sse42 () from /lib64/libc.so.6
#1 0x00000000004745b6 in bdrv_snapshot_find (bs=<value optimized out>,
sn_info=0x7fff996be280, name=0x0) at savevm.c:1631
#2 0x0000000000475c80 in del_existing_snapshots (name=<value optimized out>,
mon=<value optimized out>) at savevm.c:1654
#3 do_savevm (name=<value optimized out>, mon=<value optimized out>)
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f139a4125682ecd45d96c2d1523443d1be65405c)
|
|
Windows 7 BSODs under load with HAL_RTC_IRQF_WILL_NOT_CLEAR error.
It happens here:
hal!HalpRtcUnmaskClock:
8281b93a 8bff mov edi,edi
8281b93c 56 push esi
8281b93d 33f6 xor esi,esi
8281b93f 6a0c push 0Ch
8281b941 e8b2ffffff call hal!CMOS_READ (8281b8f8)
8281b946 84c0 test al,al
8281b948 7920 jns hal!HalpRtcUnmaskClock+0x30 (8281b96a)
8281b94a 6a0a push 0Ah
8281b94c 46 inc esi
8281b94d e854c8ffff call hal!KeStallExecutionProcessor (828181a6)
8281b952 83fe64 cmp esi,64h
8281b955 72e8 jb hal!HalpRtcUnmaskClock+0x5 (8281b93f)
8281b957 6a00 push 0
8281b959 6a00 push 0
8281b95b 6a00 push 0
8281b95d 680a010000 push 10Ah
8281b962 6a5c push 5Ch
8281b964 ff1500c38082 call dword ptr [hal!_imp__KeBugCheckEx (8280c300)]
8281b96a 5e pop esi
8281b96b c3 ret
So it loops for 100(64h) times reading register C before BSOD. Lets
reduce number of immediate reinjection well under this limit.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit dd17765b5f77ca02b4aeaf9e42de8dd7513a0611)
|
|
Commit f039a563f200beee80cc10fd70b21ea396979dab introduces
a regression as monitor_protocol_event() will return in
the first user Monitor it finds in the QLIST_FOREACH()
loop.
The right thing to do is to only delivery an asynchronous
event if the 'mon' is a QMP Monitor.
The aforementioned commit was an early version, if it was
applied to stable (it should) this one has to be applied
there too.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 23fabed13645fdf66473e458f318baa63be56b22)
|
|
The command line options -device, -nodefaults, -readconfig,
-writeconfig had entries for command line help, but
documentation for texi and derived formats (man, html, info)
was missing.
This also required moving "@end table" to the end of
qemu-options.hx again.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 3dbf2c7fc5682827be6fa436362fb5db221bd210)
|
|
This patch adds compat property entries for ide-disk.ver and
scsi-disk.ver to pc-0.10 and pc-0.11. With this patch applied
the scsi and ide disks report "0.10" and "0.11" as version when
you start qemu with "-M pc-0.10" or "-M pc-0.11".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 374ef70452452fb729c45dcf1a73a1bd1396cfda)
|
|
This patch adds a new property named 'ver' to scsi-disk which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
-drive if=none,id=disk,file=...
-device lsi
-device scsi-disk,drive=disk,bus=scsi.0,unit=0,ver=42
You can also switch the version for all scsi drives using:
-global scsi-disk.ver=42
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 383b4d9b79e3a71b1d5cadd34989b1c0e2a05832)
|
|
This patch adds a new property named 'ver' to ide-drive which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
-drive if=none,id=disk,file=...
-device ide-drive,bus=ide.0,unit=0,drive=disk,ver=42
You can also switch the version for all ide drives using:
-global ide-drive.ver=42
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 47c063403065793ad6e1d2fdde27d69a00880752)
|
|
When using a control/QMP monitor in tandem with a regular monitor, asynchronous
messages can get lost depending on the order of the QEMU program arguments.
QEMU events issued by monitor_protocol_event() always go to cur_mon. If the
user monitor was specified on the command line first (or it has ,default), the
message will be directed to the user monitor (not the QMP monitor).
Additionally, only one QMP session is currently able to receive async messages.
To avoid this confusion, scan through the list of monitors and emit the message
on each QMP monitor.
Signed-off-by: Adam Litke <agl@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f039a563f200beee80cc10fd70b21ea396979dab)
|
