| Age | Commit message (Collapse) | Author |
|---|
|
In function t_gen_mov_TN_preg and t_gen_mov_preg_TN, The begin check about the
validity of in-parameter 'r' is useless. We still access cpu_PR[r] in the
follow code if it is invalid. Which will be an out-of-bounds read error.
Fix it by using assert() to ensure it is valid before using it.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
If 'i != index' for all acl->entries, variable
entry leaks the storage it points to.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095
is always false regardless of the values of its operands.
This occurs as the logical second operand of '||'.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
lseek will return -1 on error, g_malloc0(size) and read(,,size)
paramenters cannot be negative. We should add a check for return
value of lseek().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Function send_response(s, &qdict->base) returns a negative number
when any failures occured. But strerror()'s parameter cannot be
negative. Let's change the testing condition and pass '-ret' to
strerr().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
May pass freed pointer filename as an argument to error_report.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
In this false branch, fd will leak when it is zero.
Change the testing condition.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
[Fix net_l2tpv3_cleanup as well. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
In function connect_to_qemu(), getaddrinfo() will allocate memory
that is stored into server, it should be freed by using freeaddrinfo()
before connect_to_qemu() return.
Cc: qemu-stable@nongnu.org
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
x86 and SCSI fixes. I left out the APIC device model
patches, pending confirmation from the submitter that they really
fix QNX.
# gpg: Signature made Thu 13 Nov 2014 15:13:38 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
acpi: accurate overflow check
smbios: change 'ram_addr_t' variables to 'uint64_t'
kvmclock: Add comment explaining why we need cpu_clean_all_dirty()
target-i386: fix Coverity complaints about overflows
apic_common: migrate missing fields
target-i386: eliminate dead code and hoist common code out of "if"
virtio-scsi: Fix comment for VirtIOSCSIReq
virtio-scsi: dataplane: suppress guest notification
esp: Do not overwrite ESP_TCHI after reset
virtio-scsi: dataplane: fix allocation for 'cmd_vrings'
esp: fix coding standards
virtio-scsi: work around bug in old BIOSes
esp-pci: fixup deadlock with linux
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Compare clock in ns, because acpi_pm_tmr_update uses rounded
to ns value instead of ticks.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[This lets Windows boot in icount mode. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
ram_addr_t should not be used except if referring to a RAMBlobk.
Using 'uint64_t' avoids a -Wconstant-conversion warning, which
clang >= 3.4 produces in "smbios_get_tables()".
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Try to explain why commit 317b0a6d8ba44e9bf8f9c3dbd776c4536843d82c
needed a cpu_clean_all_dirty() call just after calling
cpu_synchronize_all_states().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Cc: Andrey Korolyov <andrey@xdel.ru>
Cc: Marcin Gibuła <m.gibula@beyond.pl>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
sipi_vector is an int; it is shifted by 12 and passed as a 64-bit value,
which makes Coverity think that we wanted (uint64_t)sipi_vector << 12.
But actually it must be between 0 and 255. Make this explicit.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
This patch adds missed sipi_vector and wait_for_sipi fields to a new
subsection of the vmstate of the apic_common module. Saving and loading
of these fields makes migration of the apic state deterministic.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[Initialize the field in pre_load and kvm_apic_realize. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
'remotes/kraxel/tags/pull-seabios-1.7.5.1-20141113-1' into staging
update seabios to 1.7.5.1 stable release
# gpg: Signature made Thu 13 Nov 2014 11:03:05 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-seabios-1.7.5.1-20141113-1:
update seabios to 1.7.5.1 stable release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
into staging
QMP/input-send-event: make console parameter optional
# gpg: Signature made Thu 13 Nov 2014 10:07:26 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-input-20141113-1:
QMP/input-send-event: make console parameter optional
QMP/input-send-event: update document of union InputEvent
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
git shortlog since 1.7.5:
Hannes Reinecke (1):
megasas: read addional PCI I/O bar
Kevin O'Connor (5):
boot: Change ":rom%d" boot order rom instance to ":rom%x"
vgabios: Return from handle_1011() if handler found.
Don't enable thread preemption during S3 resume vga option rom execution.
build: Avoid absolute paths during "whole-program" compiling.
ehci: Fix bug in hub port assignment
Marcel Apfelbaum (1):
hw/pci: reserve IO and mem for pci express downstream ports with no devices attached
Markus Armbruster (1):
boot: Fix boot order for SCSI target, lun > 9
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
staging
usb bugfixes for 2.2
# gpg: Signature made Wed 12 Nov 2014 14:35:09 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-20141112-1:
usb-host: fix usb_host_speed_compat tyops
xhci: add sanity checks to xhci_lookup_uport
Provide the missing LIBUSB_LOG_LEVEL_* for older libusb or FreeBSD. Providing just the needed value as a defined.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The 'QemuConsole' is the input source for handler, we share some
input handlers to process the input events from different QemuConsole.
Normally we only have one set of keyboard, mouse, usbtablet, etc.
The devices have different mask, it's fine to just checking mask to
insure that the handler has the ability to process the event.
I saw we try to bind console to handler in usb/dev-hid.c, but display
always isn't available at that time.
If we have multiseat setup (as Gerd said), we only have 'problem' in
this case. Actually event from different devices have the same effect
for system, it's fine to always use the first available handler
without caring about the console.
For send-key command, we just pass a NULL for console parameter in
calling qemu_input_event_send_key(NULL, ..), but 'input-send-event'
needs to care more devices.
Conclusion:
Generally assigning the special console is meanless, and we can't
directly remove the QMP parameter for compatibility.
So we can make the parameter optional. The parameter might be useful
for some special condition: we have multiple devices without binding
console and they all have the ability(mask) to process events, and
we don't want to use the first one.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
|
|
ist != 0 is checked in the first "if", so it cannot be true in
the "else if" part. While at it, simplify the code and move
the ESP alignment out of the conditionals.
Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The cdb is not zeroed by virtio_scsi_init_req, so fix the misleading
comment.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
This patch uses vring_should_notify() to suppress
guest notification, and looks notification frequency
can be decreased from ~33K/sec to ~2K/sec in my test
environment.
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
After a reset ESP_TCHI should contain the unique ID
of the chip. This value will be overwritten with the
current tranfer count if the transfer count has
previously been set.
So we should always return the chip id if ESP_TCHI
has never been written to.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
staging
seccomp branch queue
# gpg: Signature made Tue 11 Nov 2014 16:12:48 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found
* remotes/otubo/tags/pull-seccomp-20141111:
seccomp: change configure to avoid arm 32 to break
seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Current stable version of libseccomp (2.1.1) only supports i386 and
x86_64 archs correctly. This patch limits the usage of the syscall
filter for those archs and updates to the correct last version of
libseccomp.
This patch also fixes the bug:
https://bugs.launchpad.net/qemu/+bug/1363641
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Moore <pmoore@redhat.com>
|
|
inotify_add_watch()
fallocate() is needed for snapshotting. If it isn’t whitelisted
$ qemu-img create -f qcow2 x.qcow 1G
Formatting 'x.qcow', fmt=qcow2 size=1073741824 encryption=off cluster_size=65536 lazy_refcounts=off
$ qemu-kvm -display none -monitor stdio -sandbox on x.qcow
QEMU 2.1.50 monitor - type 'help' for more information
(qemu) savevm foo
(qemu) loadvm foo
will fail, as will subsequent savevm commands on the same image.
fadvise64(), inotify_init1(), inotify_add_watch() are needed by
the SDL display. Without the whitelist entries,
qemu-kvm -sandbox on
fails immediately.
In my tests fadvise64() is called 50--51 times per VM run. That
number seems independent of the duration of the run. fallocate(),
inotify_init1(), inotify_add_watch() are called once each.
Accordingly, they are added to the whitelist at a very low
priority.
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
|
|
'remotes/mjt/tags/pull-trivial-patches-2014-11-11' into staging
trivial patches for 2014-11-11
# gpg: Signature made Tue 11 Nov 2014 14:38:39 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2014-11-11:
block: Fix comment for bdrv_co_get_block_status
sysbus: Correct SYSTEM_BUS(obj) defines
target-i386: cpu: keeping function parameters alignment on new line
xen-hvm: Remove redundant variable 'xstate'
coroutine-sigaltstack: Change jmp_buf to sigjmp_buf
pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'
gdbstub: Add a missing case of signal number translation in gdbstub
numa: make 'info numa' take into account hotplugged memory
slirp/smbd: modify/set several parameters in generated smbd.conf
qemu-doc.texi: fix typos in x509 examples
icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
It returns more information than binary, fix the comment.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
In xen_hvm_change_state_handler(), we can pass 'opaque' with type cast
to xen_main_loop_prepare() directly, there's no need to use additional
variable for it.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
Patches to MAINTAINERS that haven't been picked up
# gpg: Signature made Tue 11 Nov 2014 08:46:55 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/for-upstream:
Add Migration maintainer
MAINTAINERS: add section for QEMU Guest Agent
MAINTAINERS: add myself as bootdevice.c maintainer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The size of each element should be sizeof(VirtIOSCSIVring *).
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
into staging
linux-user pull for 2.2
Two last minute fixes uncovered and fixed by Tom Musta
and Alexander Graf, thanks
# gpg: Signature made Tue 11 Nov 2014 06:36:02 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
* remotes/riku/tags/pull-linux-user-20141111:
linux-user: Fix up timer id handling
linux-user: Do not subtract offset from end address
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Signed-off-by: Juan Quintela <quintela@trasno.org>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
bootdevice.c was created by me, and I wrote most of
the code in this file. And now I can maintain it,
I'd hope nobody object this.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
This is a simple patch to change the type of old_env from jmp_buf
to sigjmp_buf. old_env is used by sigsetjmp and as such should be
a sigjmp_buf.
This fixes a stack_chk fail in a OSX 32bit build. Since at least on
OSX sigjmp_buf is four bytes larger then a jmpbuf, resulting in an
overflow in sigsetjmp. Due to variable reordering this overwrites
the stack cookie.
Signed-off-by: Willem Pinckaers <willem_qemu@lekkertech.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter: I think I must have missed this one when I converted
all the jmp_buf to sigjmp_buf in commit 6ab7e546.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
Also catch xhci_lookup_uport failures in post_load.
https://bugzilla.redhat.com/show_bug.cgi?id=1074219
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Providing just the needed value as a defined.
Signed-off-by: Chris Johns <chrisj@rtems.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
When creating a timer handle, we give the timer id a special magic offset
of 0xcafe0000. However, we never mask that offset out of the timer id before
we start using it to dereference our timer array. So we always end up aborting
timer operations because the timer id is out of bounds.
This was not an issue before my patch e52a99f756e ("linux-user: Simplify
timerid checks on g_posix_timers range") because before we would blindly mask
anything above the first 16 bits.
This patch simplifies the code around timer id creation by introducing a proper
target_timer_id typedef that is s32, just like Linux has it. It also changes the
magic offset to a value that makes all timer ids be positive.
Reported-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
|
|
When computing the upper address of a program segment, do not subtract the
offset from the virtual address; instead compute the sum of the virtual address
and the memory size.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
|
|
instead of 'xlnx, xps-ethernetlite-2.00.b'
For Linux upstream kernel (e.g. 3.17-rc7), the related compatible string
'xlnx,xps-ethernetlite-2.00.a' is supported, but 'b' is not supported,
so change qemu dtb file to match kernel driver.
The related operation for qemu (after this patch):
yum install libvirt
yum install tunctl
tunctl -b
ip link set tap0 up
brctl addif virbr0 tap0
./configure
make
./microblaze-softmmu/qemu-system-microblaze -M petalogix-s3adsp1800 \
-kernel ../linux-stable.microblaze/arch/microblaze/boot/linux.bin \
-no-reboot -append "console=ttyUL0,115200 doreboot" -nographic \
-net nic,vlan=0,model=xlnx.xps-ethernetlite,macaddr=00:16:35:AF:94:00 \
-net tap,vlan=0,ifname=tap0,script=no,downscript=no
in microblaze qemu bash (guest machine):
ifconfig eth0 add 192.168.122.2 netmask 255.255.255.0
ifconfig eth0 up
Then can telnet 192.168.122.2 directly without password from the host
machine.
The related operation for generating new dtb:
building Linux kernel firstly, then get dts tool "./scripts/dts/dts".
"./scripts/dtc/dtc -I dtb -O dts -o ../work.dts ../qemu/petalogix-s3adsp1800.dtb"
edit work.dts (replace 'xlnx,xps-ethernetlite-2.00.b')
"./scripts/dtc/dtc -I dts -O dtb -o ..qemu/petalogix-s3adsp1800.dtb ../work.dts"
(Since I am not quite sure whether can read this patch or not, I put the
related dtb file in attachment, please check, thanks).
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
While using qemu with gdb "target remote" to debug an application that uses
fork and exec, the qemu process receives SIGSTOP every time the forked process
terminates (sending SIGCHLD).
This is caused by a missing call to gdb_signal_to_target in gdbstub.c, which
is fixed by this patch:
Signed-off-by: Martin Simmons <martin@lispworks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
