Hi all,
I'm Nathan Gauër, a GSoC 17 student.
My goal was to provide a PoC OpenGL driver for Windows.
Status:
This project contains two main parts: the OpenGL driver (ICD) and the
kernel driver (DOD).
An Escape handler had to be created on the current DOD driver, and is
now merged on the spice re
On Thu, Aug 24, 2017 at 08:27:09PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> Open a userfaultfd (on a postcopy_advise) and send it back in
> the reply to the qemu for it to monitor.
>
> Signed-off-by: Dr. David Alan Gilbert
> ---
> contrib/libvhost-user/li
Signed-off-by: Pranith Kumar
---
tcg/aarch64/tcg-target.h | 2 ++
tcg/arm/tcg-target.h | 2 ++
tcg/ia64/tcg-target.h| 2 ++
tcg/mips/tcg-target.h| 2 ++
tcg/ppc/tcg-target.h | 2 ++
tcg/s390/tcg-target.h| 2 ++
tcg/sparc/tcg-target.h | 2 ++
7 files changed, 14 insertions(+)
This patch increases the number of entries cached in the TLB. I went
over a few architectures to see if increasing it is problematic. Only
armv6 seems to have a limitation that only 8 bits can be used for
indexing these entries. For other architectures, the number of TLB
entries is increased to a 4
Currently, we cannot use mttcg for running strong memory model guests
on weak memory model hosts due to missing ordering semantics.
We implicitly generate fence instructions for stronger guests if an
ordering mismatch is detected. We generate fences only for the orders
for which fence instructions
Update the comment which is not true since MTTCG.
Reviewed-by: Richard Henderson
Signed-off-by: Pranith Kumar
---
target/arm/translate-a64.c | 4
1 file changed, 4 deletions(-)
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 2200e25be0..f42b155d7d 100644
--- a/t
Using heaptrack, I found that quite a few of our temporary allocations
are coming from allocating work items. Instead of doing this
continously, we can cache the allocated items and reuse them instead
of freeing them.
Stats from an ARM64 guest (boot+shutdown):
heaptrack stats(before):
all
Marc-André Lureau writes:
> Hi
>
> On Mon, Aug 28, 2017 at 6:24 PM Markus Armbruster wrote:
>
>> Marc-André Lureau writes:
>>
>> > Hi
>> >
>> > On Mon, Aug 28, 2017 at 1:08 PM Markus Armbruster
>> wrote:
>> >
>> >> Marc-André Lureau writes:
>> >>
>> >> > On Fri, Aug 25, 2017 at 5:33 PM Dr. Da
On Thu, Aug 24, 2017 at 08:27:06PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> Add a vhost feature flag for postcopy support, and
> use the postcopy notifier to check it before allowing postcopy.
>
> Signed-off-by: Dr. David Alan Gilbert
> ---
> contrib/libv
So how to fix this bug? And where should I to report bug?
2017-08-29 13:52 GMT+08:00 Sam :
> I could repeat this several times, I think it's mis-order of qmp in qga
> socket.
>
> 2017-08-25 11:09 GMT+08:00 Sam :
>
>> Also I found:
>>
>> when I use `socat` to take a qga socket, then I use `socat`
On Thu, Aug 24, 2017 at 08:27:05PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> Add a notifier chain for postcopy with a 'reason' flag
> and an opportunity for a notifier member to return an error.
>
> Call it when enabling postcopy.
>
> This will initially us
I could repeat this several times, I think it's mis-order of qmp in qga
socket.
2017-08-25 11:09 GMT+08:00 Sam :
> Also I found:
>
> when I use `socat` to take a qga socket, then I use `socat` to communicate
> it will got error.
> But also SOMETIMES, I will not got error and will communicate OK.
---Steps to Reproduce---
When passed a negative number to 'maxcpus' parameter, Qemu aborts
with a core dump.
Run the following command with maxcpus argument as negative number
ppc64-softmmu/qemu-system-ppc64 --nographic -vga none -machine
pseries,accel=kvm,kvm-type=HV -m size=200g -device virtio
On Thu, Aug 24, 2017 at 08:27:02PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> Utility to give the offset of a host pointer within a RAMBlock
> (assuming we already know it's in that RAMBlock)
>
> Signed-off-by: Dr. David Alan Gilbert
Reviewed-by: Peter Xu
Hi Alistair,
On Tue, Aug 29, 2017 at 3:23 AM, Alistair Francis
wrote:
> On Mon, Aug 28, 2017 at 9:37 AM, Subbaraya Sundeep
> wrote:
> > Modelled System Timer in Microsemi's Smartfusion2 Soc.
> > Timer has two 32bit down counters and two interrupts.
> >
> > Signed-off-by: Subbaraya Sundeep
>
>
Hi~ Jason.
Have any comments for this series?
Thanks
Zhang Chen
On 08/21/2017 04:55 PM, Zhang Chen wrote:
In this serise, we do a lot of job to optimize COLO net performance.
Mainly focus on TCP protocol.
V4:
- Remove the old patch1.
V3:
- Rebase on upstream.
- Remove origin p2.
-
On Thu, Aug 24, 2017 at 08:27:01PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> The choice of call to discard a block is getting more complicated
> for other cases. We use fallocate PUNCH_HOLE in any file cases;
> it works for both hugepage and for tmpfs.
> We
Hi~
No news for long time.
Ping...
Thanks
Zhang Chen
On 08/23/2017 04:51 PM, Zhang Chen wrote:
My Fujitsu mail account will be disabled soon, update the mail info
to my private mail.
Signed-off-by: Zhang Chen
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
在 2017/8/28 下午11:57, Cornelia Huck 写道:
On Mon, 28 Aug 2017 10:04:47 +0200
Yi Min Zhao wrote:
Let's introduce iommu replay callback for s390 pci iommu memory region.
Currently we don't need any dma mapping replay. So let it return
directly. This implementation will avoid meaningless loops cal
Weird. I managed to run the test on a POWER9 box today, too, and it
works for me:
TEST: tests/prom-env-test... (pid=18912)
/ppc64/prom-env/mac99: OK
/ppc64/prom-env/g3beige: OK
/ppc64/prom-env/pseries:
在 2017/8/28 下午11:33, Cornelia Huck 写道:
On Mon, 28 Aug 2017 10:04:46 +0200
Yi Min Zhao wrote:
The aibvo of zpci device should be constant after issued mpcifc
registering irqs instruction. Each msix vector should offset from the
aibvo. But for flic adapter interrupt, we should use the absolute
在 2017/8/28 下午11:04, Cornelia Huck 写道:
On Mon, 28 Aug 2017 10:04:45 +0200
Yi Min Zhao wrote:
PCIDevcie pointer has been a parameter of kvm_arch_fixup_msi_route().
s/PCIDevcie/PCIDevice
Thanks!
So we don't need to store zpci idx in msix message data to find out the
specific zpci device.
在 2017/8/28 下午10:51, Cornelia Huck 写道:
On Mon, 28 Aug 2017 10:04:44 +0200
Yi Min Zhao wrote:
The function trap_msix() is to check if pcistg instruction would access
msix table entries. The correct boundary condition should be
[table_offset, table_offset+entries*entry_size). But the current
c
TEST: tests/prom-env-test... (pid=9915)
/ppc64/prom-env/mac99: OK
/ppc64/prom-env/g3beige: OK
/ppc64/prom-env/pseries: **
ERROR:tests/prom-env-test.c:42:check_
On Mon, Aug 28, 2017 at 06:58:37PM -0400, John Snow wrote:
>
>
> On 08/25/2017 03:39 PM, Eduardo Habkost wrote:
> > CCing maintainers of affected devices (sorry for not CCing you
> > before).
> >
> > On Wed, Aug 23, 2017 at 07:14:44PM -0300, Eduardo Habkost wrote:
> >> Add INTERFACE_LEGACY_PCI_D
On Mon, Aug 28, 2017 at 10:50:11AM -0700, Ram Pai wrote:
> On Fri, Aug 25, 2017 at 02:23:13PM +1000, David Gibson wrote:
> > On Thu, Aug 24, 2017 at 11:11:22AM -0700, Ram Pai wrote:
> > > On Thu, Aug 24, 2017 at 12:54:48PM +1000, Paul Mackerras wrote:
> > > > On Mon, Aug 21, 2017 at 05:00:36PM -030
On 08/28/2017 09:33 PM, Michal Hocko wrote:
On Mon 28-08-17 18:08:32, Wei Wang wrote:
This patch adds support to walk through the free page blocks in the
system and report them via a callback function. Some page blocks may
leave the free list after zone->lock is released, so it is the caller's
r
On 08/29/2017 02:03 AM, Michael S. Tsirkin wrote:
On Mon, Aug 28, 2017 at 06:08:31PM +0800, Wei Wang wrote:
Add a new feature, VIRTIO_BALLOON_F_SG, which enables the transfer
of balloon (i.e. inflated/deflated) pages using scatter-gather lists
to the host.
The implementation of the previous vir
On Mon, Aug 28, 2017 at 05:40:48PM -0400, John Snow wrote:
>
>
> On 08/28/2017 01:56 AM, Liu Qing wrote:
> > Dear list,
> > Recently I used fio to test qcow2 driver in the guest os, and found out
> > that when a new cluster is allocated the 4K IO will occupy 64K(default
> > cluster
> > size)
On Mon, Aug 28, 2017 at 10:46:34AM -0500, Eric Blake wrote:
> [adding qemu-block]
>
> On 08/28/2017 12:56 AM, Liu Qing wrote:
> > Dear list,
> > Recently I used fio to test qcow2 driver in the guest os, and found out
> > that when a new cluster is allocated the 4K IO will occupy 64K(default
>
On 29.08.2017 02:13, Michael Roth wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.9.1:
>
> https://github.com/mdroth/qemu/commits/stable-2.9-staging
>
> The release is planned for 2017-09-07:
>
> http://wiki.qemu.org/Planning/2.9
>
> Please respond here or
On Mon, Aug 28, 2017 at 10:53:56AM -0700, Ram Pai wrote:
> On Thu, Aug 24, 2017 at 12:54:48PM +1000, Paul Mackerras wrote:
> >
> > We could either have two u16 fields for the number of keys for data
> > and instruction, or we could have a u32 field for the number of keys
> > and a separate bit in
Quoting Michael Roth (2017-08-28 19:13:35)
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.9.1:
>
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mdroth_qemu_commits_stable-2D2.9-2Dstaging&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=sThPI1c0u5x-3sg5Nw8wNq
On 08/25/2017 10:00 AM, Philippe Mathieu-Daudé wrote:
> Hi John,
>
> On 08/08/2017 03:33 PM, John Snow wrote:
>> Create a new enum so that we can name the IRQ bits, which will make
>> debugging
>> them a little nicer if we can print them out. Not handled in this
>> patch, but
>> this will make i
On 2017/8/28 19:37, Philippe Mathieu-Daudé wrote:
> $ make check-speed
> tests/benchmark-crypto-hash.c: In function 'test_hash_speed':
> tests/benchmark-crypto-hash.c:44:5: error: format '%ld' expects argument of
> type 'long int', but argument 2 has type 'size_t' [-Werror=format=]
>
On 08/25/2017 09:46 AM, Philippe Mathieu-Daudé wrote:
> Hi John,
>
> On 08/08/2017 03:33 PM, John Snow wrote:
>> Signed-off-by: John Snow
>> ---
>> hw/ide/atapi.c| 5 +
>> hw/ide/core.c | 17 ++---
>> hw/ide/trace-events | 3 +++
>> include/h
From: Max Reitz
Signed-off-by: Max Reitz
Reviewed-by: Eric Blake
Reviewed-by: Fam Zheng
Signed-off-by: Kevin Wolf
(cherry picked from commit 42dc10f17a7f1754d419e715114c37f5c5fde12f)
Signed-off-by: Michael Roth
---
tests/qemu-iotests/051| 1 +
tests/qemu-iotests/051.out| 3 +++
On 2017/8/29 8:21, Longpeng (Mike) wrote:
>
>
> On 2017/8/28 19:37, Philippe Mathieu-Daudé wrote:
>
>> $ make check-speed
>> tests/benchmark-crypto-hash.c: In function 'test_hash_speed':
>> tests/benchmark-crypto-hash.c:44:5: error: format '%ld' expects argument
>> of type 'long int',
On 08/25/2017 09:44 AM, Max Reitz wrote:
> On 2017-08-25 02:55, John Snow wrote:
>> Sorry in advance for :words: ...
>>
>> On 08/23/2017 02:04 PM, Vladimir Sementsov-Ogievskiy wrote:
>>> 23.08.2017 11:59, Vladimir Sementsov-Ogievskiy wrote:
22.08.2017 22:07, John Snow wrote:
[snip]
>>
From: Aleksandr Bezzubikov
Unmask previously masked SHPC feature in _OSC method.
Signed-off-by: Aleksandr Bezzubikov
Reviewed-by: Marcel Apfelbaum
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit a41c78c135eb1850826e96b2154690323ff66719)
Signed-off
From: Jeff Cody
Commit c096358e747e88fc7364e40e3c354ee0bb683960 introduced assertion
checks for when qemu_mutex() functions are called without the
corresponding qemu_mutex_init() having initialized the mutex.
This uncovered a latent bug in qemu's nfs driver - in
nfs_client_close(), the NFSClient
From: "Daniel P. Berrange"
Historically the migration data channel has only needed to be
unidirectional. Thus the 'exec:' protocol was requesting an
I/O channel with O_RDONLY on incoming side, and O_WRONLY on
the outgoing side.
This is fine for classic migration, but if you then try to run
TLS o
From: Kevin Wolf
Commits 0db832f and 6cdbceb introduced the automatic insertion of filter
nodes above the top layer of mirror and commit block jobs. The
assumption made there was that since libvirt doesn't do node-level
management of the block layer yet, it shouldn't be affected by added
nodes.
On 08/25/2017 09:48 AM, Philippe Mathieu-Daudé wrote:
> On 08/08/2017 03:33 PM, John Snow wrote:
>> Signed-off-by: John Snow
>
> Reviewed-by: Philippe Mathieu-Daudé
>
:)
I'll wait on V2 to hear back. Thank you for your feedback so far.
From: Laurent Vivier
With pseries machine type a negative core-id is not managed properly:
-1 gives an inaccurate error message ("core -1 already populated"),
-2 crashes QEMU (core dump)
As it seems a negative value is invalid for any architecture,
instead of checking this in spapr_core_pre_plug
From: Kevin Wolf
Signed-off-by: Kevin Wolf
Reviewed-by: John Snow
(cherry picked from commit c3971b883a596abc6af45f53d2f43fb2f59ccd3b)
*prereq for d3c8c674
Signed-off-by: Michael Roth
---
tests/qemu-iotests/040 | 35 +--
tests/qemu-iotests/040.out | 4 ++--
From: Max Reitz
Reproducer:
$ ./qemu-img info ''
qemu-img: ./block.c:1008: bdrv_open_driver: Assertion
`!drv->bdrv_needs_filename || bs->filename[0]' failed.
[1]26105 abort (core dumped) ./qemu-img info ''
This patch fixes this to be:
$ ./qemu-img info ''
qemu-im
From: Greg Kurz
This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
it doesn't. There was a tentative to implement a new fchm
From: Jason Wang
Spec said offloads should be le64, so use virtio_ldq_p() to guarantee
valid endian.
Fixes: 644c98587d4c ("virtio-net: dynamic network offloads configuration")
Cc: qemu-sta...@nongnu.org
Cc: Dmitry Fleytman
Signed-off-by: Jason Wang
(cherry picked from commit 189ae6bb5ce1f5a322
From: Gerd Hoffmann
Apply a limit to the number of items we accept into the keyboard queue.
Impact: Without this limit vnc clients can exhaust host memory by
sending keyboard events faster than qemu feeds them to the guest.
Fixes: CVE-2017-8379
Cc: P J P
Cc: Huawei PSIRT
Reported-by: jiangx..
From: Max Reitz
The bs->exact_filename field may not be sufficient to store the full
blkverify node filename. In this case, we should not generate a filename
at all instead of an unusable one.
Cc: qemu-sta...@nongnu.org
Reported-by: Qu Wenruo
Signed-off-by: Max Reitz
Message-id: 20170613172006
From: Alexander Graf
Delays in the input layer are special cased input events. Every input
event is accounted for in a global intput queue count. The special cased
delays however did not get removed from the queue, leading to queue overruns
and thus silent key drops after typing quite a few chara
From: Greg Kurz
In case of error, we must ensure the dynamically allocated base_core_type
is freed, like it is done everywhere else in this function.
This is a regression introduced in QEMU 2.9 by commit 8149e2992f78.
Signed-off-by: Greg Kurz
Signed-off-by: David Gibson
(cherry picked from co
From: Jason Wang
After converting to use DMA api for virtio devices, we should use
dma_as instead of address_space_memory. Otherwise it won't work if
IOMMU is enabled.
Fixes: commit 8607f5c3072c ("virtio: convert to use DMA api")
Cc: qemu-sta...@nongnu.org
Signed-off-by: Jason Wang
Message-Id:
From: Kevin Wolf
I can't see how overlay_bs could become NULL with the current code, but
other code in this function already checks it and we can make Coverity
happy with this check, so let's add it.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
(cherry pick
From: Bruce Rogers
Commit a0e640a8 introduced a path processing error.
Pass fstatat the dirpath based path component instead
of the entire path.
Signed-off-by: Bruce Rogers
Signed-off-by: Greg Kurz
(cherry picked from commit 790db7efdbe1536acf1c4f4f95a0316dbda59433)
Signed-off-by: Michael Roth
From: Kevin Wolf
commit_complete() can't assume that after its block_job_completed() the
job is actually immediately freed; someone else may still be holding
references. In this case, the op blockers on the intermediate nodes make
the graph reconfiguration in the completion code fail.
Call block
From: Max Reitz
The bs->exact_filename field may not be sufficient to store the full
blkdebug node filename. In this case, we should not generate a filename
at all instead of an unusable one.
Cc: qemu-sta...@nongnu.org
Reported-by: Qu Wenruo
Signed-off-by: Max Reitz
Message-id: 20170613172006.
From: Max Reitz
uri_parse(...)->scheme may be NULL. In fact, probably every field may be
NULL, and the callers do test this for all of the other fields but not
for scheme (except for block/gluster.c; block/vxhs.c does not access
that field at all).
We can easily fix this by using g_strcmp0() ins
From: Alexander Graf
When resetting the keyboard, we need to reset not just the pending keystrokes,
but also any pending modifiers. Otherwise there's a race when we're getting
reset while running an escape sequence (modifier 0x100).
Cc: qemu-sta...@nongnu.org
Signed-off-by: Alexander Graf
Messa
From: Eric Blake
We document that *file is valid if the return is not an error and
includes BDRV_BLOCK_OFFSET_VALID, but forgot to obey this contract
when a driver (such as blkdebug) lacks a callback. Messed up in
commit 67a0fd2 (v2.6), when we added the file parameter.
Enhance qemu-iotest 177
From: Eric Blake
If a non-NBD client connects to qemu-nbd, we would end up with
a SIGSEGV in nbd_client_put() because we were trying to
unregister the client's association to the export, even though
we skipped inserting the client into that list. Easy trigger
in two terminals:
$ qemu-nbd -p 300
From: Laurent Vivier
since commit 5c4537bd ("spapr: Fix 2.7<->2.8 migration of PCI host bridge"),
some migration fields are forged from the new ones in spapr_pci_pre_save().
It works well, except when the number of MSI devices is 0,
because in this case the function exits immediately.
This fix
From: Max Reitz
It does not make much sense to use a backing image for the target when
you concatenate multiple images (because then there is no correspondence
between the source images' backing files and the target's); but it was
still possible to give one by using -o backing_file=X instead of -
From: Eric Blake
In order to test the effects of artificial geometry constraints
on operations like write zero or discard, we first need blkdebug
to manage these actions. It also allows us to inject errors on
those operations, just like we can for read/write/flush.
We can also test the contract
From: Laurent Vivier
This allows to manage errors before the memory
has started to be hotplugged. We already have
the function for the CPU cores.
Signed-off-by: Laurent Vivier
Reviewed-by: Greg Kurz
[dwg: Fixed a couple of style nits]
Signed-off-by: David Gibson
(cherry picked from commit c8
From: Paolo Bonzini
When attaching the NBD QIOChannel to an AioContext, the TLS channel should
be used, not the underlying socket channel. This is because, trivially,
the TLS channel will be the one that we read/write to and thus the one
that will get the qio_channel_yield() call.
Fixes: ff8291
From: Max Filippov
Xtensa cores may have registers of types/sizes not supported by the
gdbstub accessors. Ignore writes to such registers and return zero on
read, but always return correct register size, so that gdb on the other
side is able to access all registers in the packet holding unsupport
From: Eric Blake
Commits 04ed95f4 and 1a62d0ac updated the block layer to auto-fragment
any I/O to fit within device boundaries. Additionally, when using a
minimum alignment of 4k, we want to ensure the block layer does proper
read-modify-write rather than requesting I/O on a slice of a sector.
L
From: Eduardo Habkost
Since the automatic cpuid-level code was introduced in commit
c39c0edf9bb3b968ba95484465a50c7b19f4aa3a ("target-i386: Automatically
set level/xlevel/xlevel2 when needed"), the CPU model tables just define
the default CPUID level code (set using "min-level"). Setting
"[x]lev
From: Eric Blake
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
server would not quit, regardless of how many probe connections
came and went, until a connection actually negotiated). But we
broke that in commit ee7d7aa when removing the return value to
nbd_client_new(), altho
From: Greg Kurz
The string returned by object_property_get_str() is dynamically allocated.
(Spotted by Coverity, CID 1375942)
Signed-off-by: Greg Kurz
Signed-off-by: David Gibson
(cherry picked from commit 8a9e0e7b890b2598da94646bf6a7272f3d3924de)
Signed-off-by: Michael Roth
---
hw/ppc/spap
From: Kevin Wolf
The final bdrv_set_backing_hd() could be working on already freed nodes
because the commit job drops its references (through BlockBackends) to
both overlay_bs and top already a bit earlier.
One way to trigger the bug is hot unplugging a disk for which
blockdev_mark_auto_del() ca
From: Halil Pasic
Prior to the virtio-ccw-2.7 machine (and commit 2a79eb1a), our virtio
devices residing under the virtual-css bus do not have qdev_path based
migration stream identifiers (because their qdev_path is NULL). The ids
are instead generated when the device is registered as a compositi
From: Eric Blake
Use blkdebug's new geometry constraints to emulate setups that
have needed past regression fixes: write zeroes asserting
when running through a loopback block device with max-transfer
smaller than cluster size, and discard rounding away portions
of requests not aligned to preferr
From: Greg Kurz
The string returned by object_property_get_str() is dynamically allocated.
Signed-off-by: Greg Kurz
Reviewed-by: Thomas Huth
Signed-off-by: David Gibson
(cherry picked from commit 2d3e302ec2246d703ffa8d8f8769a3fa448d8145)
Signed-off-by: Michael Roth
---
target/ppc/kvm.c | 1
From: Greg Kurz
This function has three implementations. Two are stubs that do nothing
and the third one only passes the obj_path argument to:
Object *object_resolve_path(const char *path, bool *ambiguous);
Signed-off-by: Greg Kurz
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Thomas Huth
From: Fam Zheng
This matches the qbus_set_hotplug_handler in realize, and it releases
the final reference to the embedded VirtIODevice so that it is
properly finalized.
A use-after-free is fixed with this patch, indirectly:
virtio_device_instance_finalize wasn't called at hot-unplug, and the
vde
From: Max Reitz
Otherwise the qemu-img process will exit with EXIT_SUCCESS instead of
EXIT_FAILURE.
Cc: qemu-stable
Signed-off-by: Max Reitz
Reviewed-by: Eric Blake
Reviewed-by: Philippe Mathieu-Daudé
* applied directly to stable, upstream code has issue fixed via a
refactoring introduced
From: Max Reitz
After storing the creation options for the new image into @opts, we
fetch some things for our own information, like the backing file name,
or whether to use encryption or preallocation.
With the -n parameter, there will not be any creation options; this is
not too bad because thi
Currently objects specified on the command-line are only partially
cleaned up when 'object_del' is issued in either HMP or QMP: the
object itself is fully finalized, but the QemuOpts are not removed.
This results in the following behavior:
x86_64-softmmu/qemu-system-x86_64 -monitor stdio \
-
From: Hervé Poussineau
- bs->total_sectors is the number of sectors of the whole disk
- s->sector_count is the number of sectors of the FAT partition
This fixes the following assert in qemu-img map:
qemu-img.c:2641: get_block_status: Assertion `nb_sectors' failed.
This also fixes an infinite lo
From: Sameeh Jubran
This commit fixes a bug which causes the guest to hang. The bug was
observed upon a "receive overrun" (bit #6 of the ICR register)
interrupt which could be triggered post migration in a heavy traffic
environment. Even though the "receive overrun" bit (#6) is masked out
by the
check-qom-proplist originally added tests for verifying that
object-creation helpers object_new_with_{props,propv} behaved in
similar fashion to the "traditional" method involving setting each
individual property separately after object creation rather than
via a single call.
Another similar "help
From: Paolo Bonzini
The curl driver has a ugly hack where, if it cannot find an empty CURLState,
it just uses aio_poll to wait for one to be empty. This is probably
buggy when used together with dataplane, and the simplest way to fix it
is to use coroutines instead.
A more immediate effect of t
From: Kevin Wolf
This fixes an assertion failure that was triggered by qemu-iotests 129
on some CI host, while the same test case didn't seem to fail on other
hosts.
Essentially the problem is that the blk_unref(s->target) in
mirror_exit() doesn't necessarily mean that the BlockBackend goes away
From: Paolo Bonzini
The ROM uses the cmovne instruction, which is new in Pentium Pro and does not
work when running QEMU with "-cpu 486". Avoid producing that instruction.
Suggested-by: Richard W.M. Jones
Suggested-by: Thomas Huth
Reported-by: Rob Landley
Cc: qemu-sta...@nongnu.org
Signed-of
From: Alberto Garcia
The code that tries to reopen a BlockDriverState in stream_start()
when the creation of a new block job fails crashes because it attempts
to dereference a pointer that is known to be NULL.
This is a regression introduced in a170a91fd3eab6155da39e740381867e,
likely because th
From: Eric Blake
Rather than store into a local variable, then copy to the struct
if the value is valid, then reporting errors otherwise, it is
simpler to just store into the struct and report errors if the
value is invalid. This however requires that the struct store
a 64-bit number, rather tha
From: Paolo Bonzini
curl_clean_state should only be called after all AIOCBs have been
completed. This is not so obvious for the call from curl_detach_aio_context,
so assert that.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Jeff Cody
Signed-off-by: Paolo Bonzini
Reviewed-by: Max Reitz
Message-id:
From: Ladi Prosek
Virtio serial device controls the lifetime of virtio-serial-bus and
virtio-serial-bus links back to the device via its hotplug-handler
property. This extra ref-count prevents the device from getting
finalized, leaving the VirtIODevice memory listener registered and
leading to us
From: Paolo Bonzini
All curl callbacks go through curl_multi_do, and hence are called with
s->mutex held. Note that with comments, and make curl_read_cb drop the
lock before invoking the callback.
Likewise for curl_find_buf, where the callback can be invoked by the
caller.
Cc: qemu-sta...@nong
From: Max Filippov
Return value of read/write simcalls is not calculated correctly in case
of operations crossing page boundary and in case of short reads/writes.
Read and write simcalls should return the size of data actually
read/written or -1 in case of error.
Cc: qemu-sta...@nongnu.org
Signe
From: Eric Blake
Make it easier to simulate various unusual hardware setups (for
example, recent commits 3482b9b and b8d0a98 affect the Dell
Equallogic iSCSI with its 15M preferred and maximum unmap and
write zero sizing, or b2f95fe deals with the Linux loopback
block device having a max_transfer
From: Eric Blake
Since we are already in coroutine context during the body of
bdrv_co_get_block_status(), we can shave off a few layers of
wrappers when recursing to query the protocol when a format driver
returned BDRV_BLOCK_RAW.
Note that we are already using the correct recursion later on in
From: John Snow
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1447551
If one tries to issue a block_resize while a guest is busy
accessing the disk, it is possible that qemu may deadlock
when invoking aio_poll from both the main loop and the iothread.
Replace another instance of bdrv_drain
From: Max Reitz
For one thing, this allows us to drop the error message generation from
qemu-img.c and blockdev.c and instead have it unified in
bdrv_truncate().
Signed-off-by: Max Reitz
Message-id: 20170328205129.15138-3-mre...@redhat.com
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Max Reitz
From: Yunjian Wang
The tx_bh or tx_timer will free in virtio_net_del_queue() function, when
removing virtio-net queues if the guest doesn't support multiqueue. But
it might be still referenced by virtio_net_set_status(), which needs to
be set NULL. And also the tx_waiting needs to be set zero to
From: Stefan Hajnoczi
The main loop uses aio_disable_external()/aio_enable_external() to
temporarily disable processing of external AioContext clients like
device emulation.
This allows monitor commands to quiesce I/O and prevent the guest from
submitting new requests while a monitor command is
From: Eric Blake
We now have macros in place to make it less verbose to add a scalar
to QDict and QList, so use them.
Patch created mechanically via:
spatch --sp-file scripts/coccinelle/qobject.cocci \
--macro-file scripts/cocci-macro-file.h --dir . --in-place
then touched up manually to f
1 - 100 of 302 matches
Mail list logo
