On Thu, Dec 15, 2016 at 06:35:39AM +0200, Michael S. Tsirkin wrote:
> The problem always reproduces for me:
> - start qemu with -sdl
> - wait for guest to boot
> - click anywhere within guest screen
> - message "press ctrl+alt to exit capture" appears on screen,
> but pressing that immediately re
On Thu, Dec 15, 2016 at 12:49:06AM +0200, Michael S. Tsirkin wrote:
> On Wed, Dec 14, 2016 at 02:25:18PM +, Stefan Hajnoczi wrote:
> > The "Copy" menu item copies VTE terminal text to the clipboard. This
> > only works with VTE terminals, not with graphics consoles.
> >
> > Disable the menu i
On Wed, Dec 14, 2016 at 05:30:35PM +0100, Maxime Coquelin wrote:
> This patch fixes a cross-version migration regression introduced
> by commit d1b4259f ("virtio-bus: Plug devices after features are
> negotiated").
>
> The problem is encountered when host's vhost backend does not support
> VIRTIO_
On Thu, Dec 15, 2016 at 12:49:06AM +0200, Michael S. Tsirkin wrote:
> On Wed, Dec 14, 2016 at 02:25:18PM +, Stefan Hajnoczi wrote:
> > The "Copy" menu item copies VTE terminal text to the clipboard. This
> > only works with VTE terminals, not with graphics consoles.
> >
> > Disable the menu i
On 12/14/2016 09:00 AM, Stefano Stabellini wrote:
On Fri, 9 Dec 2016, Zhang Chen wrote:
Xen doesn't need this.
Could you please elaborate a bit more on what is the problem exactly,
and why we don't have any issues with migration with Xen today (COLO
use-case aside)?
I test COLO without thi
does rollbacking the kernel to previous version fix the problem ?
i'm not sure if "perf" could give you some hints
- Mail original -
De: "Stefan Priebe, Profihost AG"
À: "aderumier"
Cc: "qemu-devel"
Envoyé: Mercredi 14 Décembre 2016 21:36:23
Objet: Re: [Qemu-devel] any known virtio-net
On 12/15/16 01:43, Michael Roth wrote:
Hi everyone,
The following new patches are queued for QEMU stable v2.7.1:
https://github.com/mdroth/qemu/commits/stable-2.7-staging
The release is planned for 2016-12-23:
http://wiki.qemu.org/Planning/2.7
Please respond here or CC qemu-sta...@nongnu
From: Alastair D'Silva
Fix 2 cases of incorrect indentation
Signed-off-by: Alastair D'Silva
---
qtest.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/qtest.c b/qtest.c
index a947892..143077e 100644
--- a/qtest.c
+++ b/qtest.c
@@ -309,7 +309,7 @@ static void qtest_proc
From: Alastair D'Silva
This patch adds support for the Epson RX8900 I2C RTC.
The following chip features are implemented:
- RTC (wallclock based, ptimer 10x oversampling to pick up
wallclock transitions)
- Time update interrupt (per second/minute, wallclock based)
- Alarms (wallclock
From: Alastair D'Silva
Connect an RX8900 RTC to i2c12 of the AST2500 SOC at address 0x32
Signed-off-by: Alastair D'Silva
Signed-off-by: Chris Smart
---
hw/arm/aspeed.c | 29 +
1 file changed, 29 insertions(+)
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 40
From: Alastair D'Silva
Remove unnecessary syntax
Signed-off-by: Alastair D'Silva
---
hw/i2c/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index ae3ca94..e40781e 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -262,9 +262,9 @@ sta
From: Alastair D'Silva
Signed-off-by: Alastair D'Silva
---
tests/Makefile.include | 2 +
tests/rx8900-test.c| 882 +
2 files changed, 884 insertions(+)
create mode 100644 tests/rx8900-test.c
diff --git a/tests/Makefile.include b/tests/Make
From: Alastair D'Silva
The QTest framework cannot check the state of named interrupts. This patch
adds support for them.
Read actions are via callbacks, which allows for pulsed interrupts
to be read (the polled method used for the unnamed interrupts
cannot read pulsed interrupts as the value is
From: Alastair D'Silva
The imx25 chip provides 3 i2c buses, but they have all been named
"i2c", which makes it difficult to predict which bus a device will
be connected to when specified on the command line.
This patch addresses the issue by naming the buses uniquely:
i2c-bus.0 i2c-bus.1 i2c-b
From: Alastair D'Silva
This patch series adds support for the Epson RX8900 RTC to the
Aspeed board.
The tests use the existing imx25 infrastructure, and some minor
changes have been made to uniquely identify the I2C buses.
Support for named interrupts has been implemented in qtest to
facilitate
From: Alastair D'Silva
Some devices change their behaviour based on the state of their input GPIO
lines.
This patch allows testing of the variable behaviour by providing facilities
for the test to set the state of these GPIO lines.
Signed-off-by: Alastair D'Silva
---
qtest.c | 42 +++
BTW, do we have an example to show users how to config following
virtio-blk dataplane commands into XML configuration file?
qemu -object iothread,id=iothread0 \
-drive if=none,id=drive0,file=test.img,format=raw,cache=none \
-device virtio-blk-pci,iothread=iothread0,drive=drive0
Thank
The problem always reproduces for me:
- start qemu with -sdl
- wait for guest to boot
- click anywhere within guest screen
- message "press ctrl+alt to exit capture" appears on screen,
but pressing that immediately restarts capture again
Note:
- had to exit to another VT and kill qemu
- why was
Hey QEMU dev group,
I have a few questions related to nesting QEMU processes, but first here is
my system setup:
- *HOST MACHINE:* GNU/Linux release 4.5.5 (KVM version follows), Distro
Fedora 24, x86_64 arch, supports Intel VT-x, QEMU 2.6.2, libvirt 1.3.3
- *GUEST ISO:* GNU/Linux rel
From: Li Qiang
Currently the ac97 device emulation doesn't have a exit function,
hot unplug this device will leak some memory. Add a exit function to
avoid this.
Signed-off-by: Li Qiang
---
Changes since the v2:
take out of the null check
Changes since the v1:
close the streams
hw/audio/ac9
From: Li Qiang
Currently the es1370 device emulation doesn't have a exit function,
hot unplug this device will leak some memory. Add a exit function to
avoid this.
Signed-off-by: Li Qiang
---
Changes since the v2:
take out of the null check
Changes since the v1:
close the streams
hw/audio/e
v8:
- use per virtqueue lock instead of a whole device lock
for data virtuqueue. [Halil & Xin]
v7:
- fix "BUG: smp_processor_id() in preemptible [] code" reported by
Halil,
using get_cpu/put_cpu instead of calling smp_processor_id() directly.
- fix a possible spinlock recursion i
On Wed, Dec 14, 2016 at 04:30:57PM +1100, Suraj Jitindar Singh wrote:
> On Mon, 2016-12-12 at 15:06 +1100, David Gibson wrote:
> > This patch implements hypercalls allowing a PAPR guest to resize its
> > own
> > hash page table. This will eventually allow for more flexible memory
> > hotplug.
> >
On Wed, Dec 14, 2016 at 04:35:56PM +1100, Suraj Jitindar Singh wrote:
> On Mon, 2016-12-12 at 15:06 +1100, David Gibson wrote:
> > This patch implements hypercalls allowing a PAPR guest to resize its
> > own
> > hash page table. This will eventually allow for more flexible memory
> > hotplug.
> >
On Wed, Dec 14, 2016 at 04:22:19PM +1100, Suraj Jitindar Singh wrote:
> On Mon, 2016-12-12 at 15:06 +1100, David Gibson wrote:
> > This introduces stub implementations of the H_RESIZE_HPT_PREPARE and
> > H_RESIZE_HPT_COMMIT hypercalls which we hope to add in a PAPR
> > extension to allow run time r
On Thursday, December 15, 2016 8:45 AM, Gonglei (Arei) Wrote:
< > > diff --git a/drivers/crypto/virtio/virtio_crypto_core.c
< > b/drivers/crypto/virtio/virtio_crypto_core.c
< > > new file mode 100644
< > > index 000..c0854a1
< > > --- /dev/null
< > > +++ b/drivers/crypto/virtio/virtio_crypto_co
This patch introduces virtio-crypto driver for Linux Kernel.
The virtio crypto device is a virtual cryptography device
as well as a kind of virtual hardware accelerator for
virtual machines. The encryption anddecryption requests
are placed in the data queue and are ultimately handled by
thebackend
On Wed, 2016-12-14 at 18:02 +, Peter Maydell wrote:
> On 2 December 2016 at 05:46, Alastair D'Silva
> wrote:
> > From: Alastair D'Silva
> >
> > This patch adds support for the Epson RX8900 I2C RTC.
> >
> > The following chip features are implemented:
> > - RTC (wallclock based, ptimer 10x
Regards,
-Gonglei
> -Original Message-
> From: Zeng, Xin [mailto:xin.z...@intel.com]
> Sent: Thursday, December 15, 2016 8:59 AM
> To: Gonglei (Arei); Halil Pasic; linux-ker...@vger.kernel.org;
> qemu-devel@nongnu.org; virtio-...@lists.oasis-open.org;
> virtualizat...@lists.linux-foun
From: Lin Ma
Segfault happens when leaving qemu with msmouse backend:
#0 0x7fa8526ac975 in raise () at /lib64/libc.so.6
#1 0x7fa8526add8a in abort () at /lib64/libc.so.6
#2 0x558be78846ab in error_exit (err=16, msg=0x558be799da10 ...
#3 0x558be7884717 in qemu_mutex_destro
>
> Subject: Re: [PATCH v2] egl-helpers: Change file licensing to LGPLv2
>
> On 8 December 2016 at 10:45, Frediano Ziglio wrote:
> > The relicense permits sharing the code with Spice which
> > is LGPL.
> >
> > All people listed below have agreed to the
> > relicense:
> > - Arei Gonglei;
> > - Col
From: Ladi Prosek
The one pending element is being freed but not discarded on device
reset, which causes svq->inuse to creep up, eventually hitting the
"Virtqueue size exceeded" error.
Properly discarding the element on device reset makes sure that its
buffers are unmapped and the inuse counter
From: Thorsten Kohfeldt
Introductory comment for rtl8168 VFIO MSI-X quirk states:
At BAR2 offset 0x70 there is a dword data register,
offset 0x74 is a dword address register.
vfio: vfio_bar_read(:05:00.0:BAR2+0x70, 4) = 0xfee00398 // read data
Thus, correct offset for data read is 0
From: Paolo Bonzini
This reverts commit 8cc46787b5b58f01a11c919c7ff939ed009e27fc.
It turns out that cmd->frame can be NULL and thus the commit
can cause a SIGSEGV
Reported-by: Holger Schranz
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
(cherry picked from commit 421cc3e7e89cb807d3c5
From: Peter Xu
"mask" needs to be inverted before use.
Signed-off-by: Peter Xu
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit 6cb99acc2808cc41e2d772a23e9cc564515535cc)
Signed-off-by: Michael Roth
---
hw/i386/intel_iommu.c | 1 +
1 file changed,
From: Eduardo Habkost
vhost-user-test relies on iPXE just to initialize the virtio-net
device, and doesn't do any actual packet tx/rx testing.
In addition to that, the test relies on TCG, which is
imcompatible with vhost. The test only worked by accident: a bug
the memory backend initialization
From: Stefan Hajnoczi
vq->inuse must be zeroed upon device reset like most other virtqueue
fields.
In theory, virtio_reset() just needs assert(vq->inuse == 0) since
devices must clean up in-flight requests during reset (requests cannot
not be leaked!).
In practice, it is difficult to achieve vq
From: Zhuang Yanying
Device ivshmem property use64=0 is designed to make the device
expose a 32 bit shared memory BAR instead of 64 bit one. The
default is a 64 bit BAR, except pc-1.2 and older retain a 32 bit
BAR. A 32 bit BAR can support only up to 1 GiB of shared memory.
This worked as desi
On 16-12-14 13:17:12, Paolo Bonzini wrote:
>
>
> On 14/12/2016 03:50, Yi Sun wrote:
> > Add SHA_NI feature bit. Its spec can be found at:
> > https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf
> >
> > Signed-off-by: Yi Sun
> > ---
> > target-i386/cpu.
From: Greg Kurz
The legacy vring layout is not used anymore as we use the separate
mappings even for legacy devices.
This patch simply removes it.
This also fixes a bug with virtio 1 devices when the vring descriptor table
is mapped at a higher address than the used vring because the following
f
From: Peter Xu
Since commit e1d4fb2d ("kvm-irqchip: x86: add msi route notify fn"),
kvm_irqchip_add_msi_route() starts to use pci_get_msi_message() to fetch
MSI info. This requires that we setup MSI related fields in PCIDevice.
For most devices, that won't be a problem, as long as we are using
ge
Hi Stefan,
Thanks for your reply. Please see the inline replies.
On Wed, Dec 14, 2016 at 2:31 PM, Stefan Hajnoczi wrote:
> On Wed, Dec 14, 2016 at 12:58:11AM -0500, Weiwei Jia wrote:
>> I find the timeslice of vCPU thread in QEMU/KVM is unstable when there
>> are lots of read requests (for examp
From: Eric Blake
Right now, the block layer rounds discard requests, so that
individual drivers are able to assert that discard requests
will never be unaligned. But there are some ISCSI devices
that track and coalesce multiple unaligned requests, turning it
into an actual discard if the request
From: Max Reitz
libcurl will only give us as much data as there is, not more. The block
layer will deny requests beyond the end of file for us; but since this
block driver is still using a sector-based interface, we can still get
in trouble if the file size is not a multiple of 512.
While we hav
From: Gonglei
The backtrace is:
0x7f0b75cdf880 in pixman_image_get_stride () from /lib64/libpixman-1.so.0
0x7f0b77bcb3cf in vnc_server_fb_stride (vd=0x7f0b7a1a2bb0) at ui/vnc.c:680
vnc_dpy_copy (dcl=0x7f0b7a1a2c00, src_x=224, src_y=263, dst_x=319, dst_y=363,
w=1, h=1) at ui/vnc.c:915
0x
From: "Michael S. Tsirkin"
virtio 1.0 spec says this is a legacy feature bit,
hide it from guests in modern mode.
Note: for cross-version migration compatibility,
we keep the bit set in host_features.
The result will be that a guest migrating cross-version
will see host features change under it.
From: Eric Blake
At the qcow2 layer, discard is only possible on a per-cluster
basis; at the moment, qcow2 silently rounds any unaligned
requests to this granularity. However, an upcoming patch will
fix a regression in the block layer ignoring too much of an
unaligned discard request, by changin
From: Eduardo Habkost
Initialization of memory backends may take a while when
prealloc=yes is used, depending on their size. Initializing
memory backends before chardevs may delay the creation of monitor
sockets, and trigger timeouts on management software that waits
until the monitor socket is c
From: "Michael S. Tsirkin"
Legacy features are those that transitional devices only
expose on the legacy interface.
Allow different ones per device class.
Cc: qemu-sta...@nongnu.org # dependency for the next patch
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Cornelia Huck
(cherry picked from
From: Greg Kurz
If the call to fid_to_qid() returns an error, we will call v9fs_path_free()
on uninitialized paths.
It is a regression introduced by the following commit:
56f101ecce0e 9pfs: handle walk of ".." in the root directory
Let's fix this by initializing dpath and path before calling f
From: David Gibson
When migration for target-ppc was converted to vmstate, several
VMSTATE_EQUAL() checks were foolishly included of things that really
should be internal state. Specifically we verified equality of the
insns_flags and insns_flags2 fields, which are used within TCG to
determine w
>
>
> On 12/14/2016 12:50 PM, Gonglei wrote:
> > diff --git a/drivers/crypto/virtio/virtio_crypto_core.c
> b/drivers/crypto/virtio/virtio_crypto_core.c
> > new file mode 100644
> > index 000..c0854a1
> > --- /dev/null
> > +++ b/drivers/crypto/virtio/virtio_crypto_core.c
> > @@ -0,0 +1,474 @@
From: Markus Armbruster
These tests would have caught the bug fixed by the previous commit.
Signed-off-by: Markus Armbruster
Message-Id: <1475594630-24758-1-git-send-email-arm...@redhat.com>
(cherry picked from commit bce3035a44c40bd3ec29d3162025fd350f2d8dbf)
Signed-off-by: Michael Roth
---
t
From: Adrian Bunk
Building qemu fails in distributions where gcc enables PIE by default
(e.g. Debian unstable) with:
/usr/bin/ld: -r and -pie may not be used together
Use -r instead of -Wl,-r to avoid gcc passing -pie to the linker
when PIE is enabled and a relocatable object is passed.
Signed
From: "Daniel P. Berrange"
The use of -net socket,listen was broken in the following
commit
commit 16a3df403b10c4ac347159e39005fd520b2648bb
Author: Zhang Chen
Date: Fri May 13 15:35:19 2016 +0800
net/net: Add SocketReadState for reuse codes
This function is from net/socket.c,
From: Max Reitz
For some connection types (like FTP, generally), more than one socket
may be used (in FTP's case: control vs. data stream). As of commit
838ef602498b8d1985a231a06f5e328e2946a81d ("curl: Eliminate unnecessary
use of curl_multi_socket_all"), we have to remember all of the sockets
us
From: Paolo Bonzini
Otherwise, reads of more than 2GB fail. Until commit
7bbca9e290a9c7c217b5a24fc6094e91e54bd05d, reads of 2^41
bytes succeeded at least theoretically.
In fact, pdiscard ought to receive a 64-bit integer as the
count for the same reason.
Reported by Coverity.
Fixes: 7bbca9e29
From: Max Reitz
While commit 38bbc0a580f9f10570b1d1b5d3e92f0e6feb2970 is correct in that
the callback is supposed to return the number of bytes handled; what it
does not mention is that libcurl will throw an error if the callback did
not "handle" all of the data passed to it.
Therefore, if the c
From: Thomas Huth
The current code uses pa_features_206 for POWERPC_MMU_2_06, and
for everything else, it uses pa_features_207. This is bad in some
cases because there is also a "degraded" MMU version of ISA 2.06,
called POWERPC_MMU_2_06a, which should of course use the flags for
2.06 instead. An
From: Samuel Thibault
if_start() goes through the slirp->if_fastq and slirp->if_batchq
list of pending messages, and accesses ifm->ifq_so->so_nqueued of its
elements if ifm->ifq_so != NULL. When freeing a socket, we thus need
to make sure that any pending message for this socket does not refer
t
From: "Emilio G. Cota"
The old map's bucket locks are being unlocked *after*
that same old map has been passed to RCU for destruction.
This is a bug that can cause a segfault, since there's
no guarantee that the deletion will be deferred (e.g.
there may be no concurrent readers).
The segfault is
From: Max Reitz
Currently, curl defines its own constant SECTOR_SIZE. There is no
advantage over using the global BDRV_SECTOR_SIZE, so drop it.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Reitz
Reviewed-by: Eric Blake
Message-id: 20161025025431.24714-2-mre...@redhat.com
Signed-off-by: Jeff C
From: Alberto Garcia
iotest 093 contains a test that creates a throttling group with
several drives and performs I/O in all of them. This patch adds a new
test that creates a similar setup but only performs I/O in one of the
drives at the same time.
This is useful to test that the round robin al
From: Greg Kurz
With virtio 1, the vring layout is split in 3 separate regions of
contiguous memory for the descriptor table, the available ring and the
used ring, as opposed with legacy virtio which uses a single region.
In case of memory re-mapping, the code ensures it doesn't affect the
vring
From: Eric Blake
Commit 69ef1f3 accidentally broke migrate_set_parameter's ability
to set the cpu-throttle-increment to anything other than the
default, because it forgot to parse the user's string into an
integer.
CC: qemu-sta...@nongnu.org
Signed-off-by: Eric Blake
Reviewed-by: Marc-André Lur
From: Eric Blake
Discard is advisory, so rounding the requests to alignment
boundaries is never semantically wrong from the data that
the guest sees. But at least the Dell Equallogic iSCSI SANs
has an interesting property that its advertised discard
alignment is 15M, yet documents that discardin
From: "Daniel P. Berrange"
If the qio_channel_tls_new_(server|client) methods fail,
we disconnect the client. Unfortunately a missing return
means we then go on to try and run the TLS handshake on
a NULL I/O channel. This gives predictably segfaulty
results.
The main way to trigger this is to re
From: Kevin Wolf
Commit 3ff2f67a changed bdrv_co_flush() so that no flush is issues if
the image hasn't been dirtied since the last flush. This is not quite
correct: The condition should be that the image hasn't been dirtied
since the last _successful_ flush. This patch changes the logic
accordin
From: Eric Blake
When qemu uses iscsi devices in sg mode, iscsilun->block_size
is left at 0. Prior to commits cf081fca and similar, when
block limits were tracked in sectors, this did not matter:
various block limits were just left at 0. But when we started
scaling by block size, this caused SI
From: Thomas Huth
KVM-PR currently does not support transactional memory, and the
implementation in TCG is just a fake. We should not announce TM
support in the ibm,pa-features property when running on such a
system, so disable it by default and only enable it if the KVM
implementation supports i
From: "Daniel P. Berrange"
Broken in previous commit:
commit aaa4d20b4972bb1a811ce929502e6741835d584e
Author: Kevin Wolf
Date: Wed Jun 1 15:21:05 2016 +0200
qcow2: Make copy_sectors() byte based
The copy_sectors() code was originally using the 'sector'
parameter for encryption,
From: John Snow
We can teach Xen to drain and flush each device as it needs to, instead
of trying to flush ALL devices. This removes the last user of
blk_flush_all.
The function is therefore removed under the premise that any new uses
of blk_flush_all would be the wrong paradigm: either flush th
From: Eric Blake
Commit 443668ca rewrote the write_zeroes logic to guarantee that
an unaligned request never crosses a cluster boundary. But
in the rewrite, the new code assumed that at most one iteration
would be needed to get to an alignment boundary.
However, it is easy to trigger an asserti
From: Alex Williamson
With a vfio assigned device we lay down a base MemoryRegion registered
as an IO region, giving us read & write accessors. If the region
supports mmap, we lay down a higher priority sub-region MemoryRegion
on top of the base layer initialized as a RAM device pointer to the
m
From: John Snow
Commit fe1a9cbc moved the flush_all routine from the bdrv layer to the
block-backend layer. In doing so, however, the semantics of the routine
changed slightly such that flush_all now used blk_flush instead of
bdrv_flush.
blk_flush can fail if the attached device model reports th
From: Alex Williamson
Setting skip_dump on a MemoryRegion allows us to modify one specific
code path, but the restriction we're trying to address encompasses
more than that. If we have a RAM MemoryRegion backed by a physical
device, it not only restricts our ability to dump that region, but
also
From: Cornelia Huck
Update headers against 4.8-rc2.
Signed-off-by: Cornelia Huck
---
include/standard-headers/linux/input-event-codes.h | 32
include/standard-headers/linux/input.h | 1 +
include/standard-headers/linux/virtio_config.h | 10 ++-
include/standard-header
From: Corey Minyard
The initialization was missed before, resulting in some
bad data in the smbus case.
Signed-off-by: Corey Minyard
Cc: qemu-sta...@nongnu.org
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit 698ae42b9124dce23e03d0fea2e635b70540ef13
From: David Gibson
d1f6af6 "kvm-irqchip: simplify kvm_irqchip_add_msi_route" was a cleanup
of kvmchip routing configuration, that was mostly intended for x86.
However, it also contains a subtle change in behaviour which breaks EEH[1]
error recovery on certain VFIO passthrough devices on spapr gue
From: Prasad J Pandit
RTL8139 ethernet controller in C+ mode supports multiple
descriptor rings, each with maximum of 64 descriptors. While
processing transmit descriptor ring in 'rtl8139_cplus_transmit',
it does not limit the descriptor count and runs forever. Add
check to avoid it.
Reported-by
From: Fam Zheng
With an ejected block backend, blk_get_aio_context() would return
qemu_aio_context. In this case don't assert.
Signed-off-by: Fam Zheng
Message-Id: <1473848224-24809-3-git-send-email-f...@redhat.com>
Signed-off-by: Paolo Bonzini
(cherry picked from commit 2a2d69f490c1b1dc6b6d2a
From: Thomas Huth
QEMU currently refuses to start with KVM-PR and only prints out
qemu: fatal: Unknown MMU model 851972
when being started there. This is because commit 4322e8ced5aaac719
("ppc: Fix 64K pages support in full emulation") introduced a new
POWERPC_MMU_64K bit to indicate su
From: Cornelia Huck
The cssid 255 is reserved but still valid from an architectural
point of view. However, feeding a bogus schid of 0x into
the virtio hypercall will lead to a crash:
Stack trace of thread 138363:
#0 0x100d168c css_find_subch (qemu-system-s390x)
From: Alberto Garcia
In 27ccdd52598290f0f8b58be56e235aff7aebfaf3 the throttling fields were
moved from BlockDriverState to BlockBackend. However in a few cases
the code started using throttling fields from the active BlockBackend
instead of the round-robin token, making the algorithm behave
incor
From: "Daniel P. Berrange"
The XTS cipher mode needs to be used with a cipher which has
a block size of 16 bytes. If a mis-matching block size is used,
the code will either corrupt memory beyond the IV array, or
not fully encrypt/decrypt the IV.
This fixes a memory corruption crash when attempti
From: Marc-André Lureau
Unlike the other visit methods, visit_type_any() and visit_type_null()
neglect to check whether qmp_input_get_object() succeeded. They crash
when it fails. Reproducer:
{ "execute": "qom-set",
"arguments": { "path": "/machine", "property": "rtc-time" } }
Will crash wi
From: John Snow
Similar to existing fixes for IDE (87ac25fd) and ATAPI (7f951b2d), the
AIOCB must be cleared in the callback. Otherwise, we may accidentally
try to reset a dangling pointer in bdrv_aio_cancel() from a port reset.
Signed-off-by: John Snow
Reviewed-by: Stefan Hajnoczi
Message-id:
From: "Emilio G. Cota"
Sometimes gcc doesn't pick up the fact that 'new' is properly
set if 'resize == true', which may generate an unnecessary
build warning.
Fix it by removing 'resize' and directly checking that 'new'
is non-NULL.
Signed-off-by: Emilio G. Cota
Message-Id: <1475706880-10667-2
From: Prasad J Pandit
When LSI SAS1068 Host Bus emulator builds configuration page
headers, mptsas_config_pack() should assert that the size
fits in a byte. However, the size is expressed in 32-bit
units, so up to 1020 bytes fit. The assertion was only
allowing replies up to 252 bytes, so fix i
From: Marc-André Lureau
Since commit ad739706bbadee49, user_creatable_add_type() expects to be
given a qdict. However, if object-add is called without props, you reach
the assert: "qemu/qom/object_interfaces.c:115: user_creatable_add_type:
Assertion `qdict' failed.", because the qdict isn't creat
From: Paolo Bonzini
These issues cause respectively a QEMU crash and a leak of 2 bytes of
stack. They were discovered by VictorV of 360 Marvel Team.
Reported-by: Tom Victor
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
(cherry picked from commit 65a8e1f6413a0f6f79894da710b5d6d43361d
From: Thomas Huth
The function spapr_populate_cpu_dt() has become quite big
already, and since we likely have to extend the pa-features
property for every new processor generation, it is nicer
if we put the related code into a separate function.
Signed-off-by: Thomas Huth
Reviewed-by: Cédric Le
From: Prasad J Pandit
Vmware Paravirtual SCSI emulation uses command descriptors to
process SCSI commands. These descriptors come with their ring
buffers. A guest could set the page count for these rings to
an arbitrary value, leading to infinite loop or OOB access.
Add check to avoid it.
Report
From: John Snow
Reimplement bdrv_flush_all for vm_stop. In contrast to blk_flush_all,
bdrv_flush_all does not have device model restrictions. This allows
us to flush and halt unconditionally without error.
This allows us to do things like migrate when we have a device with
an open tray, but has
From: Lin Ma
Function qemu_chr_alloc returns NULL if it failed to open logfile by any reason,
says no write permission. For backends tty, stdio and msmouse, They need to
check this return value to avoid segfault in this case.
Signed-off-by: Lin Ma
Cc: qemu-stable
Message-Id: <20160914062250.22
Hi everyone,
The following new patches are queued for QEMU stable v2.7.1:
https://github.com/mdroth/qemu/commits/stable-2.7-staging
The release is planned for 2016-12-23:
http://wiki.qemu.org/Planning/2.7
Please respond here or CC qemu-sta...@nongnu.org on any patches you
think should be i
From: Fam Zheng
Right after main_loop ends, we release various things but keep iothread
alive. The latter is not prepared to the sudden change of resources.
Specifically, after bdrv_close_all(), virtio-scsi dataplane get a
surprise at the empty BlockBackend:
(gdb) bt
at /usr/src/debug/qemu-
From: Fam Zheng
Even if tray is not open, it can be empty (blk_is_inserted() == false).
Handle both cases correctly by replacing the s->tray_open checks with
blk_is_available(), which is an AND of the two.
Also simplify successive checks of them into blk_is_available(), in a
couple cases.
Signe
From: Prasad J Pandit
Vmware Paravirtual SCSI emulator while processing IO requests
could run into an infinite loop if 'pvscsi_ring_pop_req_descr'
always returned positive value. Limit IO loop to the ring size.
Cc: qemu-sta...@nongnu.org
Reported-by: Li Qiang
Signed-off-by: Prasad J Pandit
Mes
From: Rony Weng
Openstack Cinder assigns volume a 36 characters uuid as serial.
QEMU will shrinks the uuid to 20 characters, which does not match
the original uuid.
Note that there is no limit to the length of the serial number in
the SCSI spec. 20 was copy-pasted from virtio-blk which in turn
1 - 100 of 289 matches
Mail list logo
