On Thu, Mar 03, 2011 at 08:46:40AM -0800, Nathan Froyd wrote:
> On Thu, Mar 03, 2011 at 06:15:49PM +0200, Riku Voipio wrote:
> > QEMU linux-user calls glibc functions which, while usually very conservative
> > with memory usage, are not guaranteed not take less than 10KB (at do_syscall
> > we are a
>>
>> bytes = zstream->total_out - previous_out;
Good catch
> total_out isn't used by zlib internally, so if the resulting
> "total" counter is not needed in qemu, we can just zero-out
> the total_out in this function before calling zlib, and
> use the resulting value directly as "bytes", wit
On Thu, Mar 3, 2011 at 9:37 PM, Stefan Weil wrote:
> Commit bc2429b9174ac2d3c56b7fd35884b0d89ec7fb02 introduced
> a severe bug (stack corruption).
>
> bitmap_clear was called with a wrong argument
> which caused out-of-bound writes to the local variable width_mask.
>
> This bug was detected with Q
In passthrough security model, following symbolic links in the server
side could result in TOCTTOU vulnerabilities.
This patchset resolves this issue by creating a dedicated process which
chroots into the share path and all file object access is done in the
chroot environment.
This patchset imple
9p Chroot environment needs APIs defined in qemu-thread.c, so enable
CONFIG_THREAD if virtfs is enabled
Signed-off-by: M. Mohan Kumar
---
configure |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/configure b/configure
index 2560357..9eddd38 100755
--- a/configure
+++ b/c
Add qemu_read_full function
Signed-off-by: M. Mohan Kumar
---
osdep.c | 32
qemu-common.h |2 ++
2 files changed, 34 insertions(+), 0 deletions(-)
diff --git a/osdep.c b/osdep.c
index 327583b..8d84a88 100644
--- a/osdep.c
+++ b/osdep.c
@@ -127,6 +127
Implement chroot worker side interfaces like sending the file
descriptor to qemu process, reading the object request from socket etc.
Also add chroot main function and other helper routines.
Signed-off-by: M. Mohan Kumar
---
Makefile.objs |1 +
hw/9pfs/virtio-9p-chroot-wo
This patch adds both chroot worker and qemu side support to open a file/
directory in the chroot environment
Signed-off-by: M. Mohan Kumar
---
hw/9pfs/virtio-9p-chroot.c | 28 ++-
hw/9pfs/virtio-9p-chroot.h |2 +-
hw/9pfs/virtio-9p-local.c | 62 ++
QEMU side interfaces to communicate with chroot worker process.
Signed-off-by: M. Mohan Kumar
---
Makefile.objs |2 +-
hw/9pfs/virtio-9p-chroot.c | 92
hw/9pfs/virtio-9p-chroot.h |1 +
3 files changed, 94 insertions(+), 1 deleti
After creating a file object, its permission and ownership details are updated
as per 9p client's request for both passthrough and none security model.
But with chrooted environment its not required for passthrough security model.
Move all post file creation changes to none security model.
Signed-
Add both chroot worker & qemu side interfaces to create regular files in
chroot environment
Signed-off-by: M. Mohan Kumar
---
hw/9pfs/virtio-9p-chroot-worker.c | 36
hw/9pfs/virtio-9p-local.c | 26 --
2 files changed, 60 in
Add both chroot worker and qemu side interfaces to create special files
(directory, device nodes, links and symbolic links)
Signed-off-by: M. Mohan Kumar
---
hw/9pfs/virtio-9p-chroot-worker.c | 52
hw/9pfs/virtio-9p-chroot.c| 23 +
hw/9pfs/virtio-9p-chroo
Add chroot functionality for systemcalls that can operate on a file
using relative directory file descriptor.
Signed-off-by: M. Mohan Kumar
---
hw/9pfs/virtio-9p-local.c | 229 +++--
1 files changed, 199 insertions(+), 30 deletions(-)
diff --git a/hw/9pf
Signed-off-by: Jan Kiszka
---
target-i386/machine.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/target-i386/machine.c b/target-i386/machine.c
index d78eceb..6384f54 100644
--- a/target-i386/machine.c
+++ b/target-i386/machine.c
@@ -491,6 +491,8 @@ static const VMStat
Conforming to the Intel spec, set the power-on value of PAT also on
reset, but save it across INIT.
Signed-off-by: Jan Kiszka
---
target-i386/cpu.h|4 ++--
target-i386/cpuid.c |1 -
target-i386/helper.c |5 +
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/tar
This series catches "all the rest" to prepare QEMU's KVM support for
merging with qemu-kvm. IOW, once these bits here are applied, qemu-kvm
can switch its infrastructure to upstream and is effectively only adding
own bits for in-kernel irqchip and device assignment support.
Topics of this series a
KVM only requires to set the raised IRQ in CPUState and, if the user
space irqchip is used, to kick the receiving vcpu if it is remote.
Signed-off-by: Jan Kiszka
---
kvm-all.c | 17 +
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/kvm-all.c b/kvm-all.c
index 22
Based on patch by Glauber Costa:
To allow management applications like libvirt to apply CPU affinities to
the VCPU threads, expose their ID via info cpus. This patch provides the
pre-existing and used interface from qemu-kvm.
Signed-off-by: Jan Kiszka
---
cpu-defs.h |1 +
cpus.c
When an external interrupt is pending but IF is cleared, we must not
leave the halt state prematurely.
Signed-off-by: Jan Kiszka
---
target-i386/kvm.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 7b7105d..6efa491 100644
-
This avoids that early cpu_synchronize_state calls try to retrieve an
uninitialized state from the kernel. That even causes a deadlock if
io-thread is enabled.
Signed-off-by: Jan Kiszka
---
kvm-all.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/kvm-all.c b/kvm-all.c
i
Both have only two lines in common, and we will convert the system
service into a callback which is of no use for user mode operation.
Signed-off-by: Jan Kiszka
CC: Riku Voipio
---
exec.c | 14 ++
1 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/exec.c b/exec.c
inde
Required for next patch which will access guest debug services from
kvm_arch_handle_exit. No functional changes.
Signed-off-by: Jan Kiszka
---
target-i386/kvm.c | 108 ++--
1 files changed, 54 insertions(+), 54 deletions(-)
diff --git a/target-i3
Without KVM_CAP_SET_GUEST_DEBUG, we neither motivate the kernel to
report KVM_EXIT_DEBUG nor do we expect such exits. So fall through to
the arch code which will simply report an unknown exit reason.
Signed-off-by: Jan Kiszka
---
kvm-all.c |4 ++--
1 files changed, 2 insertions(+), 2 deletio
Let kvm_cpu_exec return EXCP_* values consistently and generate those
codes already inside its inner loop. This means we will now re-enter the
kernel while ret == 0.
Update kvm_handle_internal_error accordingly, but keep
kvm_arch_handle_exit untouched, it will be converted in a separate step.
Sig
On Fri, Mar 4, 2011 at 9:25 AM, M. Mohan Kumar wrote:
> +static int passthrough_create(FsContext *fs_ctx, const char *path, int flags,
> + FsCred *credp)
> +{
> + V9fsFileObjectRequest request;
> + int fd;
> +
> + fd = fill_fileobjectrequest(&request, path, credp);
> +
Make the return code of kvm_arch_handle_exit directly usable for
kvm_cpu_exec. This is straightforward for x86 and ppc, just s390
would require more work. Avoid this for now by pushing the return code
translation logic into s390's kvm_arch_handle_exit.
Signed-off-by: Jan Kiszka
CC: Alexander Graf
There are no generic bits remaining in the handling of KVM_EXIT_DEBUG.
So push its logic completely into arch hands, i.e. only x86 so far.
Signed-off-by: Jan Kiszka
---
kvm-all.c | 11 ---
kvm.h |2 --
target-i386/kvm.c | 25 -
3 files
With in-kernel irqchip support enabled, the vcpu threads sleep in kernel
space while halted. Account for this difference in cpu_thread_is_idle.
Signed-off-by: Jan Kiszka
---
cpus.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/cpus.c b/cpus.c
index 0f33945..66f6b5a 1
Signed-off-by: Jan Kiszka
---
target-i386/kvm.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 6efa491..bfc8d66 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -861,6 +861,7 @@ static int kvm_put_msrs(CPUState *en
This allows to override the interrupt handling of QEMU in system mode.
KVM will make use of it to set optimized handlers.
Signed-off-by: Jan Kiszka
---
cpu-all.h | 14 +-
exec.c|4 +++-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/cpu-all.h b/cpu-all.h
in
On Fri, Mar 4, 2011 at 9:25 AM, M. Mohan Kumar wrote:
> +static int chroot_do_open(V9fsFileObjectRequest *request)
> +{
> + int fd;
> + fd = open(request->path.path, request->data.flags);
> + if (fd < 0) {
> + fd = -errno;
> + }
> + return fd;
> +}
How do access checks work
On Fri, Mar 4, 2011 at 9:25 AM, M. Mohan Kumar wrote:
> +static int chroot_do_create_special(V9fsFileObjectRequest *request)
> +{
> + int cur_uid, cur_gid;
> + int retval = -1;
> +
> + cur_uid = geteuid();
> + cur_gid = getegid();
> +
> + if (setfsuid(request->data.uid) < 0) {
> +
04.03.2011 11:56, Corentin Chary wrote:
>>>
>>> bytes = zstream->total_out - previous_out;
>
> Good catch
>
>> total_out isn't used by zlib internally, so if the resulting
>> "total" counter is not needed in qemu, we can just zero-out
>> the total_out in this function before calling zlib, and
On Fri, Mar 4, 2011 at 9:25 AM, M. Mohan Kumar wrote:
> Add chroot functionality for systemcalls that can operate on a file
> using relative directory file descriptor.
>
> Signed-off-by: M. Mohan Kumar
> ---
> hw/9pfs/virtio-9p-local.c | 229
> +++--
> 1
lucid-updates and lucid-proposed ship the same package and from the
changelog I cannot see what change would be related to this big.
I've just confirmed by testing that the bug still applies to the most
uptodate packages that are available for lucid.
** Changed in: qemu-kvm (Ubuntu)
Status
On Thu, Mar 3, 2011 at 11:34 PM, Michael Tokarev wrote:
>> The fix for this is simple: keep previous_out as a uLong too, which
>> avoids any problems with sign conversion or truncation.
>
> This looks wrong to me. On 32bit x86 uLong is 32bits. Yes
> it's unsigned there, but it's still 32bits. A
Am 04.03.2011 10:02, schrieb Corentin Chary:
On Thu, Mar 3, 2011 at 9:37 PM, Stefan Weil wrote:
Commit bc2429b9174ac2d3c56b7fd35884b0d89ec7fb02 introduced
a severe bug (stack corruption).
bitmap_clear was called with a wrong argument
which caused out-of-bound writes to the local variable width
Fedora 14
- We have 90 open bugs, 9 of which have fixes in awaiting updates.
- 4 bugs have been closed in the last week
Fedora 15
- Upcoming Deadlines:
2011-03-15 Software Translation Deadline
2011-03-22 Beta Change Deadline Features 100% Complete
2011-04-05 Beta Release
2011-04-25 Fin
On Fri, Mar 4, 2011 at 8:59 AM, Roland Dreier wrote:
> Actually there is no problem with overflow of unsigned long.
> The C standard says that unsigned arithmetic is simply done
> modulo the size of the integer, so when total_out reaches
> 4GB, things will just wrap around (and the difference
> be
On Fri, Mar 04, 2011 at 12:45:54PM -0600, Justin M. Forbes wrote:
> F15:
> - qemu-0.14.0-2.fc15
> Updated to 0.14.0 final release and re-enabled cris and sparc emulation
A change in the command-line parsing code in qemu-img causes
virt-make-fs to break (because of a latent bug in virt-make
This patchset adds support for the ARM Versatile Express board
with Cortex-A9 daughterboard. It's based on some vexpress modelling
work done by Bahadir Balban and Amit Mahajan at B Labs, overhauled
and cleaned up by me (thanks to them for making that work available).
The patchset depends on the MM
Add support for the Versatile Express SYS_CFG registers, which provide
a generic means of reading or writing configuration information from
various parts of the board. We only implement shutdown and reset.
Also make the RESETCTL register RAZ/WI on Versatile Express rather
than reset the board. Oth
Add a model of the ARM Versatile Express board (with A9MPx4
daughterboard).
Signed-off-by: Peter Maydell
---
Makefile.target |1 +
hw/vexpress.c | 238 +++
2 files changed, 239 insertions(+), 0 deletions(-)
create mode 100644 hw/vexpres
On Fri, Mar 4, 2011 at 12:46 PM, Michael Tokarev wrote:
> 04.03.2011 11:56, Corentin Chary wrote:
bytes = zstream->total_out - previous_out;
>>
>> Good catch
>>
>>> total_out isn't used by zlib internally, so if the resulting
>>> "total" counter is not needed in qemu, we can just zer
05.03.2011 00:08, Corentin Chary wrote:
> On Fri, Mar 4, 2011 at 12:46 PM, Michael Tokarev wrote:
[]
>> The attached slightly different patch fixes both places and fixes
>> them for good (hopefully anyway). Runtime-tested for the tight
>> case, but honestly, I didn't wait for 2G of output ;)
>>
>
Hello,
I am new to qemu, but have a specific application in mind.
I want to use a qemu emulated knopix system on a usb key to do diagnostics on a
running windows system.
Is there a way for me to access things like the host system's memory to get a
dump of it, host system hardware configuration
46 matches
Mail list logo
