Signed-off-by: Michael Tokarev
Reviewed-by: Andreas Färber
---
util/readline.c |4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/util/readline.c b/util/readline.c
index 8441be4..a3fd2cb 100644
--- a/util/readline.c
+++ b/util/readline.c
@@ -279,9 +279,7 @@ static void rea
From: Stefan Weil
This fixes warnings from the static code analysis (smatch).
Signed-off-by: Stefan Weil
Signed-off-by: Michael Tokarev
---
hw/net/cadence_gem.c |2 +-
hw/net/vmxnet3.c |6 +++---
hw/net/xgmac.c |2 +-
hw/ppc/spapr_iommu.c |2 +-
hw/ppc/spapr_rtas.c
From: Jim Meyering
Reviewed-by: Stefan Weil
Signed-off-by: Jim Meyering
Acked-by: Stefano Stabellini
Signed-off-by: Michael Tokarev
---
hw/xen/xen_backend.c |1 -
1 file changed, 1 deletion(-)
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 197795f..3cd45b4 100644
--- a/h
On 05/05/14 17:10, Cornelia Huck wrote:
> Current css code saves the operation request block (orb) in the
> subchannel structure for later consumption by the start function
> handler. This might make sense for asynchronous execution of the
> start function (which qemu doesn't support), but not in o
On 5 May 2014 16:02, Peter Maydell wrote:
> On 5 May 2014 13:34, wrote:
> > From: Riku Voipio
> >
> > The following changes since commit
> fdaad4715ae9e998fd0595bedfb16fdaf0c68ccc:
> >
> > Merge remote-tracking branch
> 'remotes/pmaydell/tags/pull-target-arm-20140501' into staging (2014-05-0
Invented by Anthony. Maintained through my qom-next tree lately.
Cc: Anthony Liguori
Acked-by: Paolo Bonzini
Acked-by: Peter Maydell
Signed-off-by: Andreas Färber
---
MAINTAINERS | 11 +++
1 file changed, 11 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index b287ef8..c43643c
From: Markus Armbruster
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
Hello Peter,
This is my QOM (devices) patch queue. Please pull.
Note that the MAINTAINERS patch was modified, didn't get a reply on IRC.
Regards,
Andreas
Cc: Peter Maydell
Cc: Anthony Liguori
Cc: Stefan Hajnoczi
Cc: Paolo Bonzini
The following changes since commit fdaad4715ae9e998fd0595be
From: Marcel Apfelbaum
No need to go through qemu_machine field. Use
MachineClass fields directly.
Signed-off-by: Marcel Apfelbaum
Signed-off-by: Andreas Färber
---
device-hotplug.c| 2 +-
hw/ppc/spapr.c | 50 -
include/hw/boards.h | 2 --
qmp.c
From: Marcel Apfelbaum
QEMUMachine's fields are already in MachineClass. We can safely
make the switch because we copy them in machine_class_init() and
spapr_machine_class_init().
Signed-off-by: Marcel Apfelbaum
Signed-off-by: Andreas Färber
---
include/hw/boards.h | 5 +++--
vl.c
From: Amos Kong
QEMU crashed when I try to list device parameters and the driver name is
actually an available bus name.
# qemu -device virtio-pci-bus,?
# qemu -device virtio-bus,?
# qemu -device virtio-serial-bus,?
qdev-monitor.c:212:qdev_device_help: Object 0x7fd932f50620 is not an
instan
From: Marcel Apfelbaum
This minimizes QEMUMachine usage, as part of machine QOM-ification.
Signed-off-by: Marcel Apfelbaum
Signed-off-by: Andreas Färber
---
include/hw/boards.h | 3 +--
include/hw/xen/xen.h| 2 +-
include/qemu/typedefs.h | 1 +
include/sysemu/kvm.h| 2 +-
incl
From: Markus Armbruster
Using error_is_set(ERRP) to find out whether a function failed is
either wrong, fragile, or unnecessarily opaque. It's wrong when ERRP
may be null, because errors go undetected when it is. It's fragile
when proving ERRP non-null involves a non-local argument. Else, it's
Signed-off-by: Andreas Färber
---
MAINTAINERS | 1 +
tests/Makefile | 3 +++
tests/es1370-test.c | 33 +
3 files changed, 37 insertions(+)
create mode 100644 tests/es1370-test.c
diff --git a/MAINTAINERS b/MAINTAINERS
index e81967c..034238c 100644
-
From: Marcel Apfelbaum
In order to eliminate the QEMUMachine indirection,
add its fields directly to MachineClass.
Do not yet remove qemu_machine field because it is
still in use by sPAPR.
Signed-off-by: Marcel Apfelbaum
[AF: Copied fields for sPAPR, too]
Signed-off-by: Andreas Färber
---
hw/
From: Markus Armbruster
Signed-off-by: Markus Armbruster
Signed-off-by: Andreas Färber
---
hw/core/qdev.c | 20 ++--
hw/intc/i8259.c | 4 ++--
hw/timer/i8254.c | 4 ++--
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index
Signed-off-by: Andreas Färber
---
tests/Makefile | 3 +++
tests/ioh3420-test.c | 34 ++
2 files changed, 37 insertions(+)
create mode 100644 tests/ioh3420-test.c
diff --git a/tests/Makefile b/tests/Makefile
index c926c60..5935e8a 100644
--- a/tests/Makefil
From: Markus Armbruster
Signed-off-by: Markus Armbruster
Signed-off-by: Andreas Färber
---
hw/core/qdev-properties-system.c | 10 +-
hw/dma/xilinx_axidma.c | 16
hw/net/xilinx_axienet.c | 16
3 files changed, 21 insertions(+), 21 del
Signed-off-by: Andreas Färber
---
MAINTAINERS | 1 +
tests/Makefile| 3 +++
tests/ac97-test.c | 33 +
3 files changed, 37 insertions(+)
create mode 100644 tests/ac97-test.c
diff --git a/MAINTAINERS b/MAINTAINERS
index c43643c..e81967c 100644
--- a/MAI
Signed-off-by: Andreas Färber
---
MAINTAINERS | 1 +
tests/Makefile| 4
tests/usb-hcd-ehci-test.c | 40
3 files changed, 45 insertions(+)
create mode 100644 tests/usb-hcd-ehci-test.c
diff --git a/MAINTAINERS b/MAINTAINERS
Test both the ich6 and the ich9 version (cf. q35 config) and all the
codecs.
Cc: Gerd Hoffmann
Signed-off-by: Andreas Färber
---
MAINTAINERS| 1 +
tests/Makefile | 3 +++
tests/intel-hda-test.c | 45 +
3 files changed, 49 inserti
From: Kirill Batuzov
PortioList is an abstraction used for construction of MemoryRegionPortioList
from MemoryRegionPortio. It can be used later to unmap created memory regions.
It also requires proper cleanup because some of the memory inside is allocated
dynamically.
By moving PortioList ot dev
We're not using the GLib infrastructure here, to allow cleaning up the
sockets. Still, knowing why a certain test run failed can be valuable.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Andreas Färber
---
tests/libqtest.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tests/libqtest.c b
On Sun, 27 Apr 2014 17:00:03 +0100
Hani Benhabiles wrote:
> Signed-off-by: Hani Benhabiles
> ---
> hmp-commands.hx | 1 +
> hmp.h | 1 +
> monitor.c | 24 +---
> 3 files changed, 19 insertions(+), 7 deletions(-)
>
> diff --git a/hmp-commands.hx b/hmp-comma
On Sun, 27 Apr 2014 17:00:01 +0100
Hani Benhabiles wrote:
> Compared to the larger series sent before:
> * Patches 01-03 are already in qmp branch.
> * Added patches to convert sendkey, help/? to use new completion callback.
> * Dropped patch 06 (cpu index completion) as deemed not useful enough.
From: Marcel Apfelbaum
This field shouldn't be used any more since we
adopted the QOM way of iterating over the types.
The commit that obsoleted it is:
commit 261747f176f6f2d88f8268aaebfdd1a1afe887e2
vl: Use MachineClass instead of global QEMUMachine list
The machine registration flow i
The current version of raw-posix always uses ioctl(FS_IOC_FIEMAP) if
FIEMAP is available; lseek with SEEK_HOLE/SEEK_DATA are not even
compiled in in this case. However, there may be implementations which
support the latter but not the former (e.g., NFSv4.2). In this case,
raw-posix should fall back
Le lun. 05 mai 2014 10:01:10 CEST, Michael S. Tsirkin a écrit :
On Sat, May 03, 2014 at 10:39:37PM +0200, Hervé Poussineau wrote:
Ping.
Le 22/04/2014 23:00, Hervé Poussineau a écrit :
This is a guest-triggerable error, as seen when using Xenix 2.3.4.
Replace hw_error by LOG_UNIMPL, so that gue
On Mon, May 05, 2014 at 10:02:55PM +0200, Hervé Poussineau wrote:
> Le lun. 05 mai 2014 10:01:10 CEST, Michael S. Tsirkin a écrit :
> >On Sat, May 03, 2014 at 10:39:37PM +0200, Hervé Poussineau wrote:
> >>Ping.
> >>
> >>Le 22/04/2014 23:00, Hervé Poussineau a écrit :
> >>>This is a guest-triggerabl
POSIX specifies that address_len shall on output specify the length of
the stored address; it does not however specify whether it may get
updated on failure as well to, e.g., zero.
In case EINTR occurs, re-initialize the variable to the desired value.
Reviewed-by: Eric Blake
Signed-off-by: Andre
/migration/20140505
for you to fetch changes up to 8bc3923343e91902ca541112b3bdb5448f8d288e:
migration: expose xbzrle cache miss rate (2014-05-05 22:15:03 +0200)
migration/next fo
From: "Michael S. Tsirkin"
CVE-2013-4526
Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So
we use the old version of ports to read the array but then allow any
value for ports. This can cause the code to overflow.
There's no reason to migrate ports - it never changes.
So j
From: "Michael S. Tsirkin"
CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
This code is in hw/net/virtio-net.c:
if (n->max_queues > 1) {
if (n->max_queues != qemu_get_be16(f)) {
error_report("virtio-net: different max_queues "
From: "Michael S. Tsirkin"
CVE-2013-4531
cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
cpreg_vmstate_array_len will cause a buffer overflow.
VMSTATE_INT32_LE was supposed to protect against this
but doesn't because it doesn't validate that input is
non-negative.
Fix this macro
From: "Michael S. Tsirkin"
CVE-2013-4148 QEMU 1.0 integer conversion in
virtio_net_load()@hw/net/virtio-net.c
Deals with loading a corrupted savevm image.
> n->mac_table.in_use = qemu_get_be32(f);
in_use is int so it can get negative when assigned 32bit unsigned value.
> /* MA
From: "Michael S. Tsirkin"
As the macro verifies the value is positive, rename it
to make the function clearer.
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Quintela
---
hw/pci/pci.c| 4 ++--
include/migration/vmstate.h | 2 +-
target-arm/machine.c| 2 +-
3 fi
From: "Michael S. Tsirkin"
4) CVE-2013-4529
hw/pci/pcie_aer.cpcie aer log can overrun the buffer if log_num is
too large
There are two issues in this file:
1. log_max from remote can be larger than on local
then buffer will overrun with data coming from state file.
2. lo
From: "Michael S. Tsirkin"
CVE-2013-4538
s->cmd_len used as index in ssd0323_transfer() to store 32-bit field.
Possible this field might then be supplied by guest to overwrite a
return addr somewhere. Same for row/col fields, which are indicies into
framebuffer array.
To fix validate after load
From: "Dr. David Alan Gilbert"
Initialising the XBZRLE.lock earlier simplifies the lock use.
Based on Markus's patch in:
http://lists.gnu.org/archive/html/qemu-devel/2014-03/msg03879.html
Signed-off-by: Dr. David Alan Gilbert
Reviewed-by: Gonglei
Reviewed-by: Markus Armbruster
Signed-off-by:
In practice this seems very unlikely, so cleanup is neglected, as done
for bind().
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Andreas Färber
---
tests/libqtest.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/libqtest.c b/tests/libqtest.c
index 8155695..232f781 100
From: "Michael S. Tsirkin"
CVE-2013-4540
Within scoop_gpio_handler_update, if prev_level has a high bit set, then
we get bit > 16 and that causes a buffer overrun.
Since prev_level comes from wire indirectly, this can
happen on invalid state load.
Similarly for gpio_level and gpio_dir.
To fix
From: "Michael S. Tsirkin"
CVE-2013-4530
pl022.c did not bounds check tx_fifo_head and
rx_fifo_head after loading them from file and
before they are used to dereference array.
Reported-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Quintela
---
hw/ssi/pl022.c |
On Fri, 2 May 2014 15:52:41 +0200
Lluís Vilanova wrote:
> --- a/scripts/qapi.py
> +++ b/scripts/qapi.py
> @@ -11,6 +11,8 @@
> # This work is licensed under the terms of the GNU GPL, version 2.
> # See the COPYING file in the top-level directory.
>
> +import os
> +import re
> from ordereddic
From: "Dr. David Alan Gilbert"
QEMU will assert if you attempt to start an outgoing migration on
a QEMU that's sitting waiting for an incoming migration (started
with -incoming), so disallow it with a proper error.
(This is a fix for https://bugzilla.redhat.com/show_bug.cgi?id=1086987 )
Signed-
From: "Michael S. Tsirkin"
CVE-2013-4535
CVE-2013-4536
Both virtio-block and virtio-serial read,
VirtQueueElements are read in as buffers, and passed to
virtqueue_map_sg(), where num_sg is taken from the wire and can force
writes to indicies beyond VIRTQUEUE_MAX_SIZE.
To fix, validate num_sg.
From: ChenLiang
expose xbzrle cache miss rate
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Eric Blake
Signed-off-by: Juan Quintela
---
arch_init.c | 18 ++
hmp.c | 2 ++
include/migration/migration.h | 1 +
migratio
From: "Michael S. Tsirkin"
move size offset and number of elements math out
to functions, to reduce code duplication.
Signed-off-by: Michael S. Tsirkin
Cc: "Dr. David Alan Gilbert"
Signed-off-by: Juan Quintela
---
vmstate.c | 100 --
From: "Michael S. Tsirkin"
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in
virtio_load@hw/virtio/virtio.c
So we have this code since way back when:
num = qemu_get_be32(f);
for (i = 0; i < num; i++) {
vdev->vq[i].vring.num = qemu_get_be32(f);
array of vqs has size VIRTIO_P
From: Michael Roth
CVE-2013-4534
opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.
Fix this by failing migration if the
On 5/2/2014 11:43 AM, Richard Henderson wrote:
> On 05/02/2014 09:30 AM, Ulrich Weigand wrote:
>> Richard Henderson wrote on 01.05.2014 17:44:21:
>>
>>> Please review, and if you've got an ELFv2 system (nudge nudge), please
>>> give it a try and make sure it works.
>>
>> I ran into illegal instruc
From: "Michael S. Tsirkin"
CVE-2013-4541
s->setup_len and s->setup_index are fed into usb_packet_copy as
size/offset into s->data_buf, it's possible for invalid state to exploit
this to load arbitrary data.
setup_len and setup_index should be checked to make sure
they are not negative.
Cc: Ger
From: ChenLiang
Add counts to log the times of updating the dirty bitmap.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Eric Blake
Signed-off-by: Juan Quintela
---
arch_init.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch_init.c b/arch_init.c
index 0ffecee..c0
On 05.05.14 20:08, Gabriel L. Somlo wrote:
On Mon, May 05, 2014 at 07:38:58PM +0200, Andreas F?rber wrote:
Yes, with that patch it's okay, you just forgot to mention that
dependency in your cover letter - also a change log from v1 is missing.
Instead of quoting Alex in the cover letter, you sho
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> By un-inlining the visit of nested complex types.
>
> Signed-off-by: Markus Armbruster
> ---
> scripts/qapi-visit.py | 20 +---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> @@ -106,8 +122,6 @@ if (!error_is_set(errp))
From: "Dr. David Alan Gilbert"
Make qemu_peek_buffer repeatedly call fill_buffer until it gets
all the data it requires, or until there is an error.
At the moment, qemu_peek_buffer will try one qemu_fill_buffer if there
isn't enough data waiting, however the kernel is entitled to return
ju
From: ChenLiang
version_id is checked twice in the ram_load.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Signed-off-by: Juan Quintela
---
arch_init.c | 68 ++---
1 file changed, 33 insertions(+), 35 deletions(-)
diff --git a/arch_i
From: "Michael S. Tsirkin"
CVE-2013-4527 hw/timer/hpet.c buffer overrun
hpet is a VARRAY with a uint8 size but static array of 32
To fix, make sure num_timers is valid using VMSTATE_VALID hook.
Reported-by: Anthony Liguori
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Dr. David Alan Gilbert
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> generate_visit_struct_fields() generates the base type's struct member
> name both with and without the field prefix. Harmless, because the
> field prefix is always empty there: only unboxed complex members have
> a prefix, and those can't have a
From: ChenLiang
The page may not be inserted into cache after executing save_xbzrle_page.
In case of failure to insert, the original page should be sent rather
than the page in the cache.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Juan Quintela
Signed-off-by: Juan Quintela
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> In preparation of error handling changes. Bonus: generates less
> duplicated code.
>
> Signed-off-by: Markus Armbruster
> ---
> scripts/qapi-visit.py | 48 ++--
> 1 file changed, 34 insertions(+), 14
From: ChenLiang
expose the count that logs the times of updating the dirty bitmap to
end user.
Signed-off-by: ChenLiang
Signed-off-by: Gonglei
Reviewed-by: Eric Blake
Signed-off-by: Juan Quintela
---
arch_init.c | 1 +
hmp.c | 2 ++
include/migrat
From: Michael Roth
CVE-2013-6399
vdev->queue_sel is read from the wire, and later used in the
emulation code as an index into vdev->vq[]. If the value of
vdev->queue_sel exceeds the length of vdev->vq[], currently
allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO
operations such as V
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> When visit_start_struct() succeeds, visit_end_struct() must be called.
> hmp_object_add() doesn't when a member visit fails. As far as I can
> tell, the opts visitor copes okay with the misuse. Fix it anyway.
>
> Signed-off-by: Markus Armbruster
On Mon, 28 Apr 2014 15:02:35 +0800
Amos Kong wrote:
> Not a serious issue, but it's helpful if we can fix it.
>
> V2: split change of scripts/qapi-visit.py to a split patch,
> eat space by using a special char as Markus suggested
> V3: update commitlog, update special string, fix of adding
>
Both systems I mentioned above were upgraded from precise to trusty.
After reinstalling them with clean install issue disappear and VMs are
not crashing anymore.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.n
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> When visit_start_struct() succeeds, visit_end_struct() must not be
s/succeeds/fails/ (this really confused me on my first read, until I saw
the code and the subject line and determined the typo)
> called. rtc_get_date() and balloon_stats_all() c
On Mon, 5 May 2014 16:51:04 -0400
Luiz Capitulino wrote:
> On Mon, 28 Apr 2014 15:02:35 +0800
> Amos Kong wrote:
>
> > Not a serious issue, but it's helpful if we can fix it.
> >
> > V2: split change of scripts/qapi-visit.py to a split patch,
> > eat space by using a special char as Markus
On Mon, 28 Apr 2014 13:53:49 +0800
Amos Kong wrote:
> strtosz_suffix() might return negative error, this patch fixes
> the error handling.
>
> This patch also changes to handle error in the if statement
> rather than handle success specially, this will make this use
> of strtosz_suffix consisten
From: "Dr. David Alan Gilbert"
Provide ram_mig_init (like blk_mig_init) for vl.c to initialise stuff
to do with ram migration (currently in arch_init.c).
Signed-off-by: Dr. David Alan Gilbert
Reviewed-by: Gonglei
Reviewed-by: Markus Armbruster
Signed-off-by: Juan Quintela
---
arch_init.c
From: "Michael S. Tsirkin"
Malformed input can have config_len in migration stream
exceed the array size allocated on destination, the
result will be heap overflow.
To fix, that config_len matches on both sides.
CVE-2014-0182
Reported-by: "Dr. David Alan Gilbert"
Signed-off-by: Michael S. Tsi
From: "Michael S. Tsirkin"
CVE-2013-4533
s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.
Fix this by validating rx_level
From: "Michael S. Tsirkin"
CVE-2013-4537
s->arglen is taken from wire and used as idx
in ssi_sd_transfer().
Validate it before access.
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Quintela
---
hw/sd/ssi-sd.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/hw/sd/ssi-sd.
From: Peter Maydell
At the moment we require vmstate definitions to set minimum_version_id_old
to the same value as minimum_version_id if they do not provide a
load_state_old handler. Since the load_state_old functionality is
required only for a handful of devices that need to retain migration
co
From: "Michael S. Tsirkin"
CVE-2013-4542
hw/scsi/scsi-bus.c invokes load_request.
virtio_scsi_load_request does:
qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
this probably can make elem invalid, for example,
make in_num or out_num huge, then:
virtio_scsi_parse_
From: "Michael S. Tsirkin"
CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
> } else if (n->mac_table.in_use) {
> uint8_t *buf = g_malloc0(n->mac_table.in_use);
We are allocating buffer of size n->mac_table.in_use
> qe
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> When visit_start_struct() succeeds, visit_end_struct() must not be
As in 10/13, s/succeeds/fails/
> called. Three out of four visit_type_TestStruct() call it anyway. As
> far as I can tell, visit_start_struct() doesn't actually fail there.
> Fi
From: "Michael S. Tsirkin"
Validate state using VMS_ARRAY with num = 0 and VMS_MUST_EXIST
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Quintela
---
include/migration/vmstate.h | 8
1 file changed, 8 insertions(+)
diff --git a/include/migration/vmstate.h b/include/migration/
Luiz Capitulino writes:
> On Fri, 2 May 2014 15:52:41 +0200
> Lluís Vilanova wrote:
>> --- a/scripts/qapi.py
>> +++ b/scripts/qapi.py
>> @@ -11,6 +11,8 @@
>> # This work is licensed under the terms of the GNU GPL, version 2.
>> # See the COPYING file in the top-level directory.
>>
>> +import o
From: "Michael S. Tsirkin"
Can be used to verify a required field exists or validate
state in some other way.
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Dr. David Alan Gilbert
Signed-off-by: Juan Quintela
---
include/migration/vmstate.h | 1 +
vmstate.c | 10 ++
From: "Dr. David Alan Gilbert"
Coverity defects 1005733 & 1005734 complain about passing a negative
value to closesocket in the error paths on incoming migration.
Stash the error value and print it in the message (previously we gave
no indication of the reason for the failure)
Use error_report
From: "Michael S. Tsirkin"
CVE-2013-4539
s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.
Validate after load to avoid buffer overrun.
Cc: Andreas Färber
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Qu
Il 05/05/2014 22:51, Luiz Capitulino ha scritto:
On Mon, 28 Apr 2014 15:02:35 +0800
Amos Kong wrote:
Not a serious issue, but it's helpful if we can fix it.
V2: split change of scripts/qapi-visit.py to a split patch,
eat space by using a special char as Markus suggested
V3: update commitl
From: "Dr. David Alan Gilbert"
This is a fix for a bug* triggered by a migration after hot unplugging
a few virtio-net NICs, that caused migration never to converge, because
'migration_dirty_pages' is incorrectly initialised.
'migration_dirty_pages' is used as a tally of the number of outstandin
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> We commonly use the error API like this:
>
> However, mixing the two techniques is confusing. You can't use the
> "accumulate" technique with functions designed for the "check
> separately" technique. You can use the "check separately" techniqu
On 05/02/2014 06:44 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster
> ---
> include/qapi/error.h | 6 --
> util/error.c | 5 -
> 2 files changed, 11 deletions(-)
Of course, depends on several in-flight series. But assuming that all
works out,
Reviewed-by: Eric B
On 05/05/2014 11:34 AM, Markus Armbruster wrote:
>>
>> Or, putting the question in reverse, you are asking if:
>>
>> data: { '*foo': 'str' }
>>
>> can blindly be rewritten into:
>>
>> data: { 'foo': { 'type': 'str', 'default': null } }
>>
>> and the rest of the introspection use the fact that 'defa
On 04/29/2014 03:10 AM, Chunyan Liu wrote:
> One extra change is to define QED_DEFAULT_CLUSTER_SIZE = 65536 instead
> of 64 * 1024; because:
> according to existing create_options, "cluster size" has default value =
> QED_DEFAULT_CLUSTER_SIZE, after switching to create_opts, this has to be
> string
Hi Alexander,
On Mon, May 05, 2014 at 03:51:22PM +0200, Alexander Graf wrote:
> When we migrate we ask the kernel about its current belief on what the guest
> time would be.
KVM_GET_CLOCK which returns the time in "struct kvm_clock_data".
> However, I've seen cases where the kvmclock guest stru
On Mon, May 05, 2014 at 08:26:04PM +0200, Marcin Gibuła wrote:
> >>is it possible to have kvmclock jumping forward?
> >>
> >>Because I've reproducible case when at about 1 per 20 vm restores, VM
> >>freezes for couple of hours and then resumes with date few hundreds years
> >>ahead. Happens only
Marcin,
Can you provide detailed instructions on how to reproduce the problem?
Thanks
On Mon, May 05, 2014 at 08:27:10PM -0300, Marcelo Tosatti wrote:
> On Mon, May 05, 2014 at 08:26:04PM +0200, Marcin Gibuła wrote:
> > >>is it possible to have kvmclock jumping forward?
> > >>
> > >>Because I'v
On Mon, May 05, 2014 at 08:23:43PM -0300, Marcelo Tosatti wrote:
> Hi Alexander,
>
> On Mon, May 05, 2014 at 03:51:22PM +0200, Alexander Graf wrote:
> > When we migrate we ask the kernel about its current belief on what the guest
> > time would be.
>
> KVM_GET_CLOCK which returns the time in "st
On Wed, Apr 30, 2014 at 1:20 AM, Juan Quintela wrote:
>
>
> 2014-04-29
> --
>
> - security (CVE)
> New group to handle that issues responsible.
> Mail is still not encrypted, wolud be.
> mst writing a wiki page about it
> what is the criteria to request (not) for a CVE number
> L
Ping^2!
On Thu, Apr 24, 2014 at 9:09 AM, Peter Crosthwaite
wrote:
> Ping!
>
> On Wed, Apr 9, 2014 at 5:15 PM, Peter Crosthwaite
> wrote:
>> Hi All. This is a new scheme i've come up with handling device registers in a
>> data driven way. My motivation for this is to factor out a lot of the acces
On Tue, Apr 29, 2014 at 2:57 AM, Peter Maydell wrote:
> On 15 April 2014 04:18, Peter Crosthwaite
> wrote:
>> Add support for 16, 32 and 64 bit width FIFOs. The push and pop
>> functions are replicated to accept all four different integer types.
>> The element width of the FIFO is set at creatio
On Mon, 05/05 17:32, Kevin Wolf wrote:
> Am 05.05.2014 um 17:21 hat Stefan Hajnoczi geschrieben:
> > On Wed, Apr 30, 2014 at 10:55:07AM -0400, Jeff Cody wrote:
> > > This adds some common functionality to control QEMU for qemu-iotests.
> > >
> > > Additionally, test 085 is updated to use this new
On Mon, 05/05 08:45, Eric Blake wrote:
> On 05/05/2014 01:17 AM, Fam Zheng wrote:
> > Signed-off-by: Fam Zheng
> > ---
> > docs/qapi-code-gen.txt | 6 --
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
> > index d78921f
On Mon, May 05, 2014 at 05:59:15PM +0200, Vasilis Liaskovitis wrote:
> Hi,
>
> On Mon, Apr 14, 2014 at 06:44:42PM +0200, Igor Mammedov wrote:
> > On Mon, 14 Apr 2014 15:25:01 +0800
> > Hu Tao wrote:
> >
> > > On Fri, Apr 04, 2014 at 03:36:58PM +0200, Igor Mammedov wrote:
> > Could you be more sp
On Tue, Apr 29, 2014 at 8:52 AM, Peter Crosthwaite
wrote:
> On Tue, Apr 29, 2014 at 12:54 AM, Peter Maydell
> wrote:
>> On 28 April 2014 01:45, Peter Crosthwaite
>> wrote:
>>> Implement named GPIOs on the Device layer. Listifies the existing GPIOs
>>> stuff using string keys. Legacy un-named GP
Signed-off-by: Fam Zheng
---
v2: Employ the text suggested by Eric. (Thanks!)
Signed-off-by: Fam Zheng
---
docs/qapi-code-gen.txt | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index d78921f..3e5cf
On Mon, 05/05 13:06, Markus Armbruster wrote:
> Fam Zheng writes:
> > An example command is:
> >
> > { 'command': 'my-command',
> > - 'data': { 'arg1': 'str', '*arg2': 'str' },
> > + 'data': { 'arg1': 'str', '*arg2': 'str', '*arg3': 'int' },
> > + 'defaults': { 'arg2': 'default value fo
201 - 300 of 330 matches
Mail list logo
