On 04/04/2014 06:12 AM, Tom Musta wrote:
> On 4/3/2014 8:33 AM, Alexander Graf wrote:
>>
>> On 03.04.14 15:14, Alexey Kardashevskiy wrote:
>>> This enabled KVM and migration support for a number of POWER8 registers:
>
>
>
>>
>> Tom, please have a look through this as well :).
>>
>>> ---
>
>
>
Phys must respond to address 0 by specification. Implement.
Signed-off-by: Nathan Rossi
Signed-off-by: Peter Crosthwaite
---
hw/net/cadence_gem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 92dc2f2..e34b25e 100644
--
On 04.04.2014 02:53, Amos Kong wrote:
We mixedly used "guest time", "system time", "hardware time", "RTC"
in document, it's unclear.
This patch just added two remarks of RTC and replace two "guest time"
by "guest's system time".
Signed-off-by: Amos Kong
Reviewed-by: Michal Privoznik
Michal
> Am 04.04.2014 um 02:26 schrieb Alexey Kardashevskiy :
>
>> On 04/04/2014 05:58 AM, Alexander Graf wrote:
>>
>>> On 03.04.2014, at 20:55, Peter Maydell wrote:
>>>
On 3 April 2014 19:48, Alexander Graf wrote:
We now reset SPRs to their reset values on CPU reset. So if we want
Nikunj A Dadhania writes:
> The following commit caused the regression in qemu-system-ppc64
>
> 7effdaa3: spapr: Fix return value of vga initialization
> d44229c5: Fix vga_interface_type for command line argument '-device VGA'
>
> Even when -nodefaults was provided, USB Keyboard and Mouse was add
On 04/04/2014 12:19 AM, Alexander Graf wrote:
>
> On 03.04.14 15:14, Alexey Kardashevskiy wrote:
>> This advertises Data Address Breakpoint Register Extension (DABRX) to
>> the guest via hyperrtas list and enables it to migrate.
>
> Do all CPUs we support (970 anyone) have DABRX support?
970MP a
what's the address range used by pci in QEMU?
On 03/14/2014 03:18 PM, Alexey Kardashevskiy wrote:
> This initial problem came form libvirt - it does not preserve
> the device order when running QEMU. So it is easy to get source QEMU with:
> -device spapr-vscsi,id=scsi1,reg=0x2000 -device
> spapr-vscsi,id=scsi0,reg=0x3000
> and destination QEM
On Sat, Mar 29, 2014 at 2:10 AM, Peter Maydell wrote:
> The Cortex-A15's CBAR register is actually read-only (unlike that
> of the Cortex-A9). Correct our model to match the hardware.
>
> Signed-off-by: Peter Maydell
Reviewed-by: Peter Crosthwaite
> ---
> target-arm/cpu.c | 2 +-
> 1 file cha
On Sat, Mar 29, 2014 at 2:10 AM, Peter Maydell wrote:
> The Cortex-A57, like most of the other ARM cores, has a CBAR
> register which defines the base address of the per-CPU
> peripherals. However it has a 64-bit view as well as a
> 32-bit view; expand the QOM reset-cbar property from UINT32
> to
On 03/12/2014 06:49 AM, Eric Blake wrote:
On 03/11/2014 04:15 PM, Juan Quintela wrote:
Eric Blake wrote:
On 02/18/2014 01:50 AM, mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
We're building up a LOT of migrate- tunable commands. Maybe it's time
to think about building a more g
Paolo Bonzini writes:
> Il 03/04/2014 21:24, Nikunj A Dadhania ha scritto:
>>> > Does libvirt use "-nodefaults -machine usb=true"? It should create the
>>> > OHCI controller separately instead of using "-machine".
>> I see it creating:
>>
>> -nodefaults -usb -device usb-kbd,id=input0 -device usb
Am 03.04.2014 21:49, schrieb Michael Roth:
> Hello,
>
> On behalf of the QEMU Team, I'd like to announce the availability of the
> second release candidate for the QEMU 2.0 release. This release is meant
> for testing purposes and should not be used in a production environment.
>
> http://wiki.q
On Sat, Mar 29, 2014 at 2:10 AM, Peter Maydell wrote:
> Implement the AArch64 RVBAR register, which indicates the reset
> address. Since the reset address is implementation defined and
> usually configurable by setting config signalso in hardware, we
"signals".
> also provide a QOM property so i
On 03/24/2014 04:28 PM, Alexey Kardashevskiy wrote:
> Currently only migration fails if CPU version is different even a bit.
> For example, migration from POWER7 v2.0 to POWER7 v2.1 fails because of
> that. Since there is no difference between CPU versions which could
> affect migration stream, we
On 04/03/2014 09:38 PM, Michael R. Hines wrote:
>>> +# @rdma-keepalive: RDMA connections do not timeout by themselves if
>>> a peer
>>> +# has disconnected prematurely or failed. User-level keepalives
>>> +# allow the migration to abort cleanly if there is a problem
>>> with the
>>
On 04/03/2014 09:15 PM, Michael R. Hines wrote:
>>> #
>>> +# @mc: #options @MCStats containing details Micro-Checkpointing
>>> statistics
>> s/options/optional/ - I'm assuming it is optional because it only
>> appears when MC is in use.
>>
>> 'mc' is a rather short name, maybe 'micro-checkpoint'
On 03/12/2014 06:07 AM, Eric Blake wrote:
On 03/11/2014 04:02 PM, Juan Quintela wrote:
mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
+# @mc-net-disable: Deactivate network buffering against outbound network
+# traffic while Micro-Checkpointing (@mc) is active.
+#
On 03/12/2014 06:02 AM, Juan Quintela wrote:
mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
New capabilities include the use of RDMA acceleration,
use of network buffering, and keepalive support, as documented
in patch #1.
Signed-off-by: Michael R. Hines
---
qapi-schema.json |
On 03/12/2014 05:59 AM, Juan Quintela wrote:
mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
MC provides a lot of new information, including the same RAM statistics
that ordinary migration does, so we centralize a lot of that printing
code into a common function so that the QMP prin
On 03/12/2014 05:57 AM, Juan Quintela wrote:
mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
This patch sets up the initial changes to the migration state
machine and prototypes to be used by the checkpointing code
to interact with the state machine so that we can later handle
failu
** Changed in: qemu
Status: New => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1297651
Title:
KVM create a win7 guest with Qemu, it boots up fail
Status in QEMU:
Fix Releas
On 03/12/2014 05:57 AM, Eric Blake wrote:
---
qapi-schema.json | 36 +++-
1 file changed, 35 insertions(+), 1 deletion(-)
+# Only for performance testing. (Since 2.x)
+#
+# @mc-rdma-copy: MC requires creating a local-memory checkpoint before
+#
On 03/12/2014 05:49 AM, Eric Blake wrote:
diff --git a/hmp-commands.hx b/hmp-commands.hx
index f3fc514..2066c76 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -888,7 +888,7 @@ ETEXI
"\n\t\t\t -b for migration without shared storage with"
" full c
On 03/12/2014 05:45 AM, Eric Blake wrote:
+++ b/qapi-schema.json
@@ -603,6 +603,36 @@
'cache-miss': 'int', 'overflow': 'int' } }
##
+# @MCStats
+#
+# Detailed Micro Checkpointing (MC) statistics
+#
+# @mbps: throughput of transmitting last MC
+#
+# @xmit-time: milliseconds to t
On 03/12/2014 05:40 AM, Eric Blake wrote:
+++ b/qapi-schema.json
@@ -169,6 +169,8 @@
#
# @save-vm: guest is paused to save the VM state
#
+# @checkpoint-vm: guest is paused to checkpoint the VM state
+#
It would be nice to mention '(since 2.1)'.
Acknowledged.
# @shutdown: guest is sh
On 03/12/2014 05:36 AM, Juan Quintela wrote:
mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
During micro-checkpointing, the VCPUs get repeatedly paused and
resumed. We need to not freak out when the VM begins micro-checkpointing.
Signed-off-by: Michael R. Hines
diff --git a/inclu
On 03/12/2014 05:31 AM, Juan Quintela wrote:
mrhi...@linux.vnet.ibm.com wrote:
From: "Michael R. Hines"
We also later export these statistics over QMP for better
monitoring of micro-checkpointing as the workload changes.
Signed-off-by: Michael R. Hines
---
arch_init.c | 34
The smlald (and probably smlsld) instruction was doing incorrect sign
extensions of the operands amongst 64bit result calculation. The
instruction psuedo-code is:
operand2 = if m_swap then ROR(R[m],16) else R[m];
product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>);
product2 = SInt(R[n]<31:16>) *
libvirt need set QEMU_CAPS_PCI_MULTIBUS for PowerPC for QEMU>=2.0.
if (qemuCaps->arch == VIR_ARCH_PPC || qemuCaps->arch == VIR_ARCH_PPC64)
virQEMUCapsSet(qemuCaps, QEMU_CAPS_PCI_MULTIBUS);
But for QEMU <2.0, how should we judge the machines with different PCI bus name?
BTW, libvirt maint
We mixedly used "guest time", "system time", "hardware time", "RTC"
in document, it's unclear.
This patch just added two remarks of RTC and replace two "guest time"
by "guest's system time".
Signed-off-by: Amos Kong
---
qga/commands-posix.c | 2 +-
qga/qapi-schema.json | 14 +++---
2 f
On 04/04/2014 05:42 AM, Tom Musta wrote:
> On 4/3/2014 8:14 AM, Alexey Kardashevskiy wrote:
>> This advertises Data Address Breakpoint Register Extension (DABRX) to
>> the guest via hyperrtas list and enables it to migrate.
>>
>> Signed-off-by: Alexey Kardashevskiy
>> ---
>> hw/ppc/spapr.c
On Thu, 04/03 07:28, Jun Lee wrote:
> > @@ -66,7 +63,18 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t
> > min_size,
> >
> > new_l1_size2 = sizeof(uint64_t) * new_l1_size;
> > new_l1_table = g_malloc0(align_offset(new_l1_size2, 512));
> > -memcpy(new_l1_table, s->l1_tabl
On 04/04/2014 05:58 AM, Alexander Graf wrote:
>
> On 03.04.2014, at 20:55, Peter Maydell wrote:
>
>> On 3 April 2014 19:48, Alexander Graf wrote:
>>> We now reset SPRs to their reset values on CPU reset. So if we want
>>> to have an SPR persistently changed, we need to change its default
>>> re
On 3 April 2014 20:38, Andrei E. Warkentin wrote:
> Hiya,
>
> Cool. Definitely more compact and less intrusive, and definitely
> should catch more issues than the original page->flags check. The only
> possible cost is maintenance and debugging (implicit state and all
> that)... so... How about ad
Rearrange code to put the compare and branch in the same place.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 34 ++
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarc
Loading an qemu pointer as an immediate happens often. E.g.
- exit_tb $0x7fa8140013
+ exit_tb $0x7f81ee0013
...
- : d2800260mov x0, #0x13
- : f2b50280movkx0, #0xa814, lsl #16
- : f2c00fe0movkx0, #0x7f, lsl #32
+ : 90ff1000adrpx0, 0x7f81ee
+
Combines 4 other inline functions and tidies the prologue.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 100 ---
1 file changed, 33 insertions(+), 67 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
inde
A compare and branch against zero happens at the start of
every single TB.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 26 --
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aa
Since the kernel doesn't pass any info on the reason for the fault,
disassemble the instruction to detect a store.
Signed-off-by: Richard Henderson
---
user-exec.c | 29 +++--
1 file changed, 23 insertions(+), 6 deletions(-)
diff --git a/user-exec.c b/user-exec.c
index b
In some cases, a direct branch will be in range.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 5186311..4729d11 100644
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 115 +--
1 file changed, 32 insertions(+), 83 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index de7490d..5ecc20c 100644
--- a/tcg/aarch64/tcg-target.c
+++
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 84 +++-
1 file changed, 69 insertions(+), 15 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 5cffe50..4414bd1 100644
--- a/tcg/aarch64/tcg-target.c
+++
On 3 April 2014 20:49, Michael Roth wrote:
> Hello,
>
> On behalf of the QEMU Team, I'd like to announce the availability of the
> second release candidate for the QEMU 2.0 release. This release is meant
> for testing purposes and should not be used in a production environment.
>
> http://wiki.qe
Cleaning up the implementation of REV and REV16 at the same time.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 22 ++
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-tar
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index c1d9895..a08f6c7 100644
--- a/tcg/aarch64/tcg-target.c
+++ b/tcg/aarch64/tcg-target
Quoting Peter Maydell (2014-04-03 15:02:36)
> On 3 April 2014 20:49, Michael Roth wrote:
> > Hello,
> >
> > On behalf of the QEMU Team, I'd like to announce the availability of the
> > second release candidate for the QEMU 2.0 release. This release is meant
> > for testing purposes and should not
The assembler seems to prefer them, perhaps we should too.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index a538a87..58597e7 100644
--- a/tcg/aarc
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 35 +++
1 file changed, 19 insertions(+), 16 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 34e477d..caaf8a2 100644
--- a/tcg/aarch64/tcg-target.c
+++ b/tcg/aarch6
Making the bswap conditional on the memop instead of a compile-time test.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 131 +++
1 file changed, 63 insertions(+), 68 deletions(-)
diff --git a/tcg/aarch64
The definition of op_data included opcode bits, not just
the size field of the various ldst instructions.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 111 +--
1 file changed, 49 insertions(+), 62 deletions(-)
diff --git a/tcg/aarch
Some guest env are small enough to reach the tlb with only a 12-bit addition.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 28 +++-
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/t
Instead of passing them the "args" array.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 49 +---
1 file changed, 17 insertions(+), 32 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 68305ea..3a2955
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 89
tcg/aarch64/tcg-target.h | 2 +-
2 files changed, 31 insertions(+), 60 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 4729d11..5d19e27 100644
--- a/tcg/aarch64/tcg-target.c
+++ b/tcg/aa
It's the more canonical interface.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 16 +++-
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 58597e7..ab4cd25 100644
--- a/tcg/aarch64/tcg-target.c
+
It's obviously call-clobbered, but is otherwise unused.
Repurpose it as the TCG temporary.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 34 --
tcg/aarch64/tcg-target.h | 32 +---
2 files changed, 33 insertions(+), 33
The definition of op_type wasn't encoded for the proper shift for
the field, making the implementations confusing.
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 42 +-
1 file changed, 17 insertions(+), 25 deletions(-)
diff --git a/tcg/aa
As opposed to tcg_target_long.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 661a5af..6938248 100644
--- a/tcg/aa
The subset of logical immediates that we support is quite quick to test,
and such constants are quite common to want to load.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 70 +++-
1 file changed, 39 inse
When profitable, initialize the register with MOVN instead of MOVZ,
before setting the remaining lanes with MOVK.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 63 ++--
1 file changed, 50 insertions(+), 1
Rather than raw constants that could mean anything.
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 73 +---
1 file changed, 38 insertions(+), 35 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aa
Reviewed-by: Claudio Fontana
Signed-off-by: Richard Henderson
---
tcg/aarch64/tcg-target.c | 74
1 file changed, 43 insertions(+), 31 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 1337a13..8b15d3b 100644
---
Changes from v1:
* Frame pointer backtrace linkage retained. Not that gdb seems to
use this at all; the tcg_register_jit patch is still required in
order to get a proper backtrace.
* Several patches re-ordered in order to reduce churn. Especially
the qemu_ld/st related patches.
Hello,
On behalf of the QEMU Team, I'd like to announce the availability of the
second release candidate for the QEMU 2.0 release. This release is meant
for testing purposes and should not be used in a production environment.
http://wiki.qemu.org/download/qemu-2.0.0-rc1.tar.bz2
You can help imp
Hiya,
Cool. Definitely more compact and less intrusive, and definitely
should catch more issues than the original page->flags check. The only
possible cost is maintenance and debugging (implicit state and all
that)... so... How about adding a comment around the "if
(have_tb_lock)" to explain how w
Il 03/04/2014 21:24, Nikunj A Dadhania ha scritto:
> Does libvirt use "-nodefaults -machine usb=true"? It should create the
> OHCI controller separately instead of using "-machine".
I see it creating:
-nodefaults -usb -device usb-kbd,id=input0 -device usb-mouse,id=input1
And -usb is translate
Paolo Bonzini writes:
> Il 03/04/2014 18:56, Nikunj A Dadhania ha scritto:
>> The following commit caused the regression in qemu-system-ppc64
>>
>> 7effdaa3: spapr: Fix return value of vga initialization
>> d44229c5: Fix vga_interface_type for command line argument '-device VGA'
>>
>> Even when -
On 4/3/2014 8:33 AM, Alexander Graf wrote:
>
> On 03.04.14 15:14, Alexey Kardashevskiy wrote:
>> This enabled KVM and migration support for a number of POWER8 registers:
>
> Tom, please have a look through this as well :).
>
>> ---
>> --- a/target-ppc/cpu.h
>> +++ b/target-ppc/cpu.h
>> @@
On 03.04.2014, at 20:55, Peter Maydell wrote:
> On 3 April 2014 19:48, Alexander Graf wrote:
>> We now reset SPRs to their reset values on CPU reset. So if we want
>> to have an SPR persistently changed, we need to change its default
>> reset value rather than the value itself manually.
>>
>>
On 3 April 2014 19:48, Alexander Graf wrote:
> We now reset SPRs to their reset values on CPU reset. So if we want
> to have an SPR persistently changed, we need to change its default
> reset value rather than the value itself manually.
>
> Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot.
>
> Re
Am 03.04.2014 20:48, schrieb Alexander Graf:
> We now reset SPRs to their reset values on CPU reset. So if we want
> to have an SPR persistently changed, we need to change its default
> reset value rather than the value itself manually.
>
> Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot.
>
> R
We now reset SPRs to their reset values on CPU reset. So if we want
to have an SPR persistently changed, we need to change its default
reset value rather than the value itself manually.
Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot.
Reported-by: Frederic Konrad
Signed-off-by: Alexander Graf
On 4/3/2014 8:14 AM, Alexey Kardashevskiy wrote:
> This advertises Data Address Breakpoint Register Extension (DABRX) to
> the guest via hyperrtas list and enables it to migrate.
>
> Signed-off-by: Alexey Kardashevskiy
> ---
> hw/ppc/spapr.c | 1 +
> target-ppc/translate_init.c | 4
Am 03.04.2014 20:26, schrieb Alexander Graf:
>
> On 03.04.2014, at 19:00, Frederic Konrad wrote:
>
>> On 03/04/2014 17:29, Andreas Färber wrote:
>>> Hi Fred,
>>>
>>> Am 03.04.2014 17:19, schrieb Frederic Konrad:
I tried to boot a mpc85xx smp image with a new platform inside qemu.
On 04/03/2014 12:01 PM, Paolo Bonzini wrote:
> Il 03/04/2014 18:56, Nikunj A Dadhania ha scritto:
>> The following commit caused the regression in qemu-system-ppc64
>>
>> 7effdaa3: spapr: Fix return value of vga initialization
>> d44229c5: Fix vga_interface_type for command line argument '-device V
On 03.04.2014, at 19:00, Frederic Konrad wrote:
> On 03/04/2014 17:29, Andreas Färber wrote:
>> Hi Fred,
>>
>> Am 03.04.2014 17:19, schrieb Frederic Konrad:
>>> I tried to boot a mpc85xx smp image with a new platform inside qemu.
>>>
>>> This command line reproduce the issue:
>>> ./ppc-softmmu
On 04/03/2014 09:45 AM, Peter Maydell wrote:
> From: Andrei Warkentin
>
> When checking a page range, if we found that a page was
> made read-only by QEMU because it contained translated code,
> we were incorrectly returning immediately after unprotecting
> that page, rather than continuing to ch
CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
This code is in hw/net/virtio-net.c:
if (n->max_queues > 1) {
if (n->max_queues != qemu_get_be16(f)) {
error_report("virtio-net: different max_queues ");
return -1;
On Thu, 2014-04-03 at 19:57 +0200, Andreas Färber wrote:
> Am 03.04.2014 19:46, schrieb Marcel Apfelbaum:
> > On Thu, 2014-04-03 at 19:25 +0200, Andreas Färber wrote:
> >> Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
> >>> No need for QEMUMachine anymore because
> >>> its fields are passed to Mac
Am 03.04.2014 19:46, schrieb Marcel Apfelbaum:
> On Thu, 2014-04-03 at 19:25 +0200, Andreas Färber wrote:
>> Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
>>> No need for QEMUMachine anymore because
>>> its fields are passed to MachineClass.
>>
>> QEMUMachineInitArgs still has a QEMUMachine field
On 03.04.2014, at 18:51, Michael S. Tsirkin wrote:
> From: Michael Roth
>
> CVE-2013-4534
>
> opp->nb_cpus is read from the wire and used to determine how many
> IRQDest elements to read into opp->dst[]. If the value exceeds the
> length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with
Il 03/04/2014 18:56, Nikunj A Dadhania ha scritto:
The following commit caused the regression in qemu-system-ppc64
7effdaa3: spapr: Fix return value of vga initialization
d44229c5: Fix vga_interface_type for command line argument '-device VGA'
Even when -nodefaults was provided, USB Keyboard an
From: Michael Roth
CVE-2013-4534
opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.
Fix this by failing migration if the
CVE-2013-4530
pl022.c did not bounds check tx_fifo_head and
rx_fifo_head after loading them from file and
before they are used to dereference array.
Reported-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
---
hw/ssi/pl022.c | 14 ++
1 file changed, 14 insertions(+)
diff
On Thu, Apr 03, 2014 at 06:05:03PM +0100, Peter Maydell wrote:
> On 3 April 2014 17:52, Michael S. Tsirkin wrote:
> > CVE-2013-4537
> >
> > s->arglen is taken from wire and used as idx
> > in ssi_sd_transfer().
> >
> > Validate it before access.
> >
> > Signed-off-by: Michael S. Tsirkin
> > ---
>
From: Michael Roth
CVE-2013-6399
vdev->queue_sel is read from the wire, and later used in the
emulation code as an index into vdev->vq[]. If the value of
vdev->queue_sel exceeds the length of vdev->vq[], currently
allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO
operations such as V
On Thu, 2014-04-03 at 19:25 +0200, Andreas Färber wrote:
> Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
> > No need for QEMUMachine anymore because
> > its fields are passed to MachineClass.
>
> QEMUMachineInitArgs still has a QEMUMachine field that now becomes NULL?
No...
It is properly initia
On 3 April 2014 17:51, Richard Henderson wrote:
> On 04/03/2014 09:45 AM, Peter Maydell wrote:
>> +if (have_tb_lock) {
>> +spin_unlock(&tcg_ctx.tb_ctx.tb_lock);
>> +}
>
> It ought not matter, since we ought to exit the loop on the
> next round, but i have a
Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
> No need to go through qemu_machine field. Use
> MachineClass fields directly.
>
> Signed-off-by: Marcel Apfelbaum
> ---
> device-hotplug.c | 2 +-
> qmp.c| 4 +--
> vl.c | 103
>
On Thu, 2014-04-03 at 19:36 +0200, Andreas Färber wrote:
> Am 03.04.2014 19:11, schrieb Marcel Apfelbaum:
> > On Thu, 2014-04-03 at 18:59 +0200, Andreas Färber wrote:
> >> Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
> >>> diff --git a/vl.c b/vl.c
> >>> index 9975e5a..96155ca 100644
> >>> --- a/v
On 04/03/2014 09:45 AM, Peter Maydell wrote:
> +if (have_tb_lock) {
> +spin_unlock(&tcg_ctx.tb_ctx.tb_lock);
> +}
It ought not matter, since we ought to exit the loop on the next round, but i
have a strong preference for resetting have_tb_lock here.
Otherwi
Am 03.04.2014 19:11, schrieb Marcel Apfelbaum:
> On Thu, 2014-04-03 at 18:59 +0200, Andreas Färber wrote:
>> Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
>>> diff --git a/vl.c b/vl.c
>>> index 9975e5a..96155ca 100644
>>> --- a/vl.c
>>> +++ b/vl.c
>>> @@ -1583,8 +1583,29 @@ MachineState *current_m
Validate state using VMS_ARRAY with num = 0 and VMS_MUST_EXIST
Signed-off-by: Michael S. Tsirkin
---
include/migration/vmstate.h | 8
1 file changed, 8 insertions(+)
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index de970ab..5b71370 100644
--- a/include/migra
On 3 April 2014 17:50, Michael S. Tsirkin wrote:
> CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in
> virtio_net_load()@hw/net/virtio-net.c
>
>> } else if (n->mac_table.in_use) {
>> uint8_t *buf = g_malloc0(n->mac_table.in_use);
>
> We are allocating buffer of size n->mac
Am 31.03.2014 11:26, schrieb Marcel Apfelbaum:
> No need for QEMUMachine anymore because
> its fields are passed to MachineClass.
QEMUMachineInitArgs still has a QEMUMachine field that now becomes NULL?
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, J
CVE-2013-4148 QEMU 1.0 integer conversion in
virtio_net_load()@hw/net/virtio-net.c
Deals with loading a corrupted savevm image.
> n->mac_table.in_use = qemu_get_be32(f);
in_use is int so it can get negative when assigned 32bit unsigned value.
> /* MAC_TABLE_ENTRIES may be differ
Am 03.04.2014 19:06, schrieb Nikunj A Dadhania:
>
> The following commit caused the regression in qemu-system-ppc64
>
> 7effdaa3: spapr: Fix return value of vga initialization
> d44229c5: Fix vga_interface_type for command line argument '-device VGA'
>
> Even when -nodefaults was provided, USB K
CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
> } else if (n->mac_table.in_use) {
> uint8_t *buf = g_malloc0(n->mac_table.in_use);
We are allocating buffer of size n->mac_table.in_use
> qemu_get_buffer(f, buf, n->mac_
On 3 April 2014 17:52, Michael S. Tsirkin wrote:
> CVE-2013-4538
>
> s->cmd_len used as index in ssd0323_transfer() to store 32-bit field.
> Possible this field might then be supplied by guest to overwrite a
> return addr somewhere. Same for row/col fields, which are indicies into
> framebuffer ar
1 - 100 of 239 matches
Mail list logo
