CVE-2013-6399
vdev->queue_sel is read from the wire, and later used in the
emulation code as an index into vdev->vq[]. If the value of
vdev->queue_sel exceeds the length of vdev->vq[], currently
allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO
operations such as VIRTIO_PCI_QUEUE_PFN c
From: Benoît Canet
In 1.7.1 qcow2_create2 reopen the file for flushing without the
BDRV_O_NO_BACKING
flags.
As a consequence the code would recursively open the whole backing chain.
These three stack arrays would pile up through the recursion and lead to a
coroutine
stack overflow.
Convert t
Ping.
has anyone seen a similar hang on x86?
On 07/07/14 13:58, Christian Borntraeger wrote:
> Folks,
>
> with current 2.1-rc0 (
> + dataplane: do not free VirtQueueElement in vring_push()
> + virtio-blk: avoid dataplane VirtIOBlockReq early free
> + some not-ready yet s390 patches for migra
We haven't been able to reproduce the issues under lab conditions, and
I'm not willing to use our production setup as a guinypig anymore. These
issues have cost me too much credibility already.
We believe #1326367 is causing this, as we've bisected this issue to be
between 3.13.0-27.50 and 3.13.0-
On Fri, Jul 04, 2014 at 12:36:49AM +0200, Marc Marí wrote:
> +static void qvirtio_pci_foreach_callback(
> +QPCIDevice *dev, int devfn, void *data)
> +{
> +QVirtioPCIForeachData *d = data;
> +QVirtioPCIDevice *vpcidev = qpcidevice_to_qvirtiodevice(dev);
> +
> +if
Currently, whenever aio_poll(ctx, true) has completed all pending
work it returns true *and* the next call to aio_poll(ctx, true)
will not block.
This invariant has its roots in qemu_aio_flush()'s implementation
as "while (qemu_aio_wait()) {}". However, qemu_aio_flush() does
not exist anymore and
Anshul Makkar writes:
> Hi,
>
> Yeah, I am aware of this option. But the point where I am concerned is
> that if Windows VM is running in QEMU 1.0 with pc-model 1.0 and then I
> upgrade the QEMU to 2.0 and I specify machine as pc-1.2, then Windows
> will see this as change in hardware and complai
From: Kevin Wolf
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Max Reitz
Signed-off-by: Stefan Hajnoczi
On 08/07/14 12:37, Christian Borntraeger wrote:
> On 08/07/14 12:12, Christian Borntraeger wrote:
>> On 08/07/14 11:09, Christian Borntraeger wrote:
>>> On 08/07/14 09:43, Ming Lei wrote:
On Tue, Jul 8, 2014 at 3:19 PM, Christian Borntraeger
wrote:
> Ping.
>
> has anyone seen
Hi James,
On 08/07/2014 13:44, James Hogan wrote:
> Hi Leon,
>
> On 08/07/14 08:57, Leon Alrae wrote:
>> BadInstr Register (CP0 Register 8, Select 1)
>> The BadInstr register is a read-only register that capture the most recent
>> instruction which caused an exception.
>>
>> BadInstrP Register (C
From: Stefan Hajnoczi
It is not necessary to check errno for EINTR and the block layer does
not produce short reads. Therefore we can drop the loop that attempts
to read a compressed chunk.
The loop is buggy because it incorrectly adds the transferred bytes
twice:
do {
ret = bdrv_pread
On 8 July 2014 18:26, Anderson Sartor wrote:
> Hi all,
> Which method, in fact, executes the TBs (full-system emulation)? Is it
> tcg_qemu_tb_exec() from cpu_exec()?
Yes.
> At this point, is it possible for the execution of the TB to be interrupted
> (it will try to execute this TB again)?
Depe
From: "Michael S. Tsirkin"
Validate state using VMS_ARRAY with num = 0 and VMS_MUST_EXIST
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Juan Quintela
(cherry picked from commit 4082f0889ba04678fc14816c53e1b9251ea9207e)
Signed-off-by: Michael Roth
---
include/migration/vmstate.h | 8 ++
In general QMP command parameter values are specified by consumers of the
QMP/HMP interface, but in the case of optional parameters these values may
be left uninitialized.
It is considered a bug for code to make use of optional parameters that have
not been flagged as being present by the marshall
From: Kevin Wolf
For the L1 table to loaded for an internal snapshot, the code allocated
only enough memory to hold the currently active L1 table. If the
snapshot's L1 table is actually larger than the current one, this leads
to a buffer overflow.
Signed-off-by: Kevin Wolf
Reviewed-by: Max Reit
Useful for identifying the guest/host uniquely within the
guest. Adding following properties to the guest root node.
vm,uuid - uuid of the guest
host-model - Host model number
host-serial - Host machine serial number
hypervisor type - Tells its "kvm"
Signed-off-by: Nikunj A Dadhania
---
v5:
On (Wed) 09 Jul 2014 [11:28:27], Peter Maydell wrote:
> On 9 July 2014 05:25, Amit Shah wrote:
> > (CC'ing Peter Maydell for his thoughts)
> >
> > On (Tue) 08 Jul 2014 [22:55:42], Peter Lieven wrote:
> >> Hi Juan,
> >>
> >> Am 25.06.2014 um 13:55 schrieb Juan Quintela :
> >>
> >> > Peter Lieven w
On 9 July 2014 11:44, Amit Shah wrote:
> On (Wed) 09 Jul 2014 [11:28:27], Peter Maydell wrote:
>> On 9 July 2014 05:25, Amit Shah wrote:
>> > Juan is away for a couple of weeks. This looks like a good fix to
>> > pull in for 2.1, though. Peter, do you agree? Can you pick this up
>> > if so?
>>
Signed-off-by: Paolo Bonzini
---
aio-win32.c | 17 -
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/aio-win32.c b/aio-win32.c
index 1ec434a..fd52686 100644
--- a/aio-win32.c
+++ b/aio-win32.c
@@ -144,12 +144,25 @@ bool aio_poll(AioContext *ctx, bool blocking)
{
This series simplifies heavily aio_poll by splitting it into three
phases: prepare (aio_compute_timeout), poll, dispatch. The resulting
code shares more logic between aio_poll and the GSource wrappers,
and makes it easier to add Win32 support for sockets.
Win32 support for sockets is a prerequisi
On (Wed) 09 Jul 2014 [11:50:18], Peter Maydell wrote:
> On 9 July 2014 11:44, Amit Shah wrote:
> > On (Wed) 09 Jul 2014 [11:28:27], Peter Maydell wrote:
> >> On 9 July 2014 05:25, Amit Shah wrote:
> >> > Juan is away for a couple of weeks. This looks like a good fix to
> >> > pull in for 2.1, th
From: "Dr. David Alan Gilbert"
Fix comparison of vmstate_info_int32_le so that it succeeds if loaded
value is (l)ess than or (e)qual
When the comparison succeeds, assign the value loaded
This is a change in behaviour but I think the original intent, since
the idea is to check if the version/
On Tue, Jun 10, 2014 at 04:35:36PM -, tal zilcer wrote:
> The following patch solved the issue for me:
> --- a/qemu/libcacard/Makefile
> +++ b/qemu/libcacard/Makefile
> @@ -26,8 +26,8 @@ vscclient$(EXESUF): libcacard/vscclient.o libcacard.la
> libcacard.la: LDFLAGS += -rpath $(libdir) -no-unde
On 9 July 2014 11:56, Amit Shah wrote:
> On (Wed) 09 Jul 2014 [11:50:18], Peter Maydell wrote:
>> OK; we're treating those as bugs so yes, I think this is 2.1
>> material. Has somebody other than the original author tested
>> it? (That's a step that would usually be done by Juan as the
>> maintain
From: Kevin Wolf
A huge image size could cause s->l1_size to overflow. Make sure that
images never require a L1 table larger than what fits in s->l1_size.
This cannot only cause unbounded allocations, but also the allocation of
a too small L1 table, resulting in out-of-bounds array accesses (bot
Make the dispatching phase the same before blocking and afterwards.
The next patch will make aio_dispatch public and use it directly
for the GSource case, instead of aio_poll. aio_poll can then be
simplified heavily.
Signed-off-by: Paolo Bonzini
---
aio-posix.c | 4
aio-win32.c | 8 +++
On Tue, 8 Jul 2014, Peter Maydell wrote:
> On 7 July 2014 16:25, Stefano Stabellini
> wrote:
> > Currently the Makefile of disas/libvixl appends
> > -I$(SRC_PATH)/disas/libvixl to QEMU_CFLAGS. As a consequence C++ files
> > that #include "utils.h", such as disas/libvixl/a64/instructions-a64.cc,
>
From: "Michael S. Tsirkin"
CVE-2013-4541
s->setup_len and s->setup_index are fed into usb_packet_copy as
size/offset into s->data_buf, it's possible for invalid state to exploit
this to load arbitrary data.
setup_len and setup_index should be checked to make sure
they are not negative.
Cc: Ger
From: Alexander Graf
The device configuration is set at realize time and never changes. It
should not be migrated as it is done today. For the sake of compatibility,
let's just skip them at load time.
Signed-off-by: Alexander Graf
[ added missing casts to uint16_t *,
added From, SoB and commi
From: Gonglei
token should be closed in all conditions.
So move CloseHandle(token) to "out" branch.
Signed-off-by: Wang Rui
Signed-off-by: Gonglei
Signed-off-by: Michael Roth
(cherry picked from commit 374044f08fe18a18469b981812cd8695f5b3569c)
Signed-off-by: Michael Roth
---
qga/commands-wi
Isn't it fixed yet with latest qemu 2.1 rc?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/955379
Title:
cmake hangs with qemu-arm-static
Status in QEMU:
Confirmed
Status in Linaro QEMU:
Confir
On Tue, Jul 08, 2014 at 11:45:10PM +0800, Ming Lei wrote:
> In the enqueue path, we can't complete request, otherwise
> "Co-routine re-entered recursively" may be caused, so this
> patch fixes the issue with below ideas:
Thi probably happens when the caller is in coroutine context and its
complet
On 09/07/2014 11:46, Alexander Graf wrote:
Am 09.07.2014 um 10:26 schrieb Frederic Konrad :
Hi,
I saw some patches about E6500 cpu on the mailing list.
here:
http://qemu.11.n7.nabble.com/PATCH-1-2-QEMU-PPC-specify-PVRs-for-all-e500-cores-td248146.html
What is the status of E6500 upstream?
The "hotplugged" device property was not reported before commit
f4eb32b590bf58c1c67570775eb78beb09964fad ("qmp: show QOM properties in
device-list-properties"). Fix this difference.
Signed-off-by: Stefan Hajnoczi
---
qmp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/qmp.c b/qmp.c
index
Update -device FOO,help to include QOM properties in addition to qdev
properties. Devices are gradually adding more QOM properties that are
not reflected as qdev properties.
It is important to report all device properties since management tools
like libvirt use this information (and device-list-p
Am 09.07.2014 um 10:05 hat Stefan Hajnoczi geschrieben:
> v3:
> * Add Christian's Tested-by: [Kevin]
> * Resolved merge conflict in Patch 4 with qemu.git/master [Kevin]
>
> This series fixes issues recently introduced when unifying virtio-blk
> dataplane's request handling with non-dataplane vir
On 07/09/2014 02:29 AM, Stefan Hajnoczi wrote:
>> +if (enqueue)
>> +return ret;
>
> Please set up a git hook to run checkpatch.pl. It will alert you when
> you violate QEMU coding style:
> http://blog.vmsplice.net/2011/03/how-to-automatically-run-checkpatchpl.html
>
> I alre
From: Markus Armbruster
blockdev_init() leaks bs_opts when qemu_opts_create() fails, i.e. when
the ID is bad. Missed in commit ec9c10d.
Signed-off-by: Markus Armbruster
Reviewed-by: Benoit Canet
Signed-off-by: Kevin Wolf
(cherry picked from commit 6376f9522372d589f3efe60001dc0486237dd375)
Si
Am 09.07.2014 um 10:49 hat Paolo Bonzini geschrieben:
> Currently, whenever aio_poll(ctx, true) has completed all pending
> work it returns true *and* the next call to aio_poll(ctx, true)
> will not block.
>
> This invariant has its roots in qemu_aio_flush()'s implementation
> as "while (qemu_aio_
Am 09.07.2014 um 12:28 hat Liu Yuan geschrieben:
> Cc: Kevin Wolf
> Signed-off-by: Liu Yuan
> ---
> configure | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/configure b/configure
> index 7dd43fd..684fcdf 100755
> --- a/configure
> +++ b/configure
> @@ -3996,7 +3996,7 @
From: Kevin Wolf
If lazy refcounts are enabled for a backing file, committing to this
backing file may leave it in a dirty state even if the commit succeeds.
The reason is that the bdrv_flush() call in bdrv_commit() doesn't flush
refcount updates with lazy refcounts enabled, and qcow2_reopen_prep
On 07/09/2014 06:01 AM, Stefan Hajnoczi wrote:
> Update -device FOO,help to include QOM properties in addition to qdev
> properties. Devices are gradually adding more QOM properties that are
> not reflected as qdev properties.
>
> It is important to report all device properties since management t
From: Richard Henderson
Parity should be set for a zero result.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Paolo Bonzini
Reviewed-by: Edgar E. Iglesias
Signed-off-by: Richard Henderson
(cherry picked from commit d2fe51bda8adf33d07c21e034fdc13a1e1fa4e19)
Signed-off-by: Michael Roth
---
target-i
Am 08.07.2014 00:15, schrieb Mark Cave-Ayland:
Sadly sun4u support isn't quite there yet; it's enough to boot Linux
(and with git master you can actually start booting the *BSD kernels and
Solaris) but there are still some issues with the device tree that need
to be resolved in order for this to
03.07.2014 17:57, Chen Gang wrote:
In this case, 'ret' is already '-1', so need not do it again.
It's a very minor thing in an error path, maybe compiler even
eliminates this statement entirely by its own already.
Not sure it is worth the effort but applied to the -trivial tree
anyway, thanks!
From: Hani Benhabiles
Due to an incomplete initialization, adding a usb-bt-dongle device through HMP
or QMP will cause a segmentation fault.
Signed-off-by: Hani Benhabiles
Reviewed-by: Paolo Bonzini
Signed-off-by: Gerd Hoffmann
(cherry picked from commit c340a284f382a5f40774521f41b4bade76ddfa
This will be used to implement socket polling on Windows.
On Windows, select() and g_poll() are completely different;
sockets are polled with select() before calling g_poll,
and the g_poll must be nonblocking if select() says a
socket is ready.
Signed-off-by: Paolo Bonzini
---
aio-posix.c
On 08.07.14 13:04, Nikunj A Dadhania wrote:
Alexander Graf writes:
On 08.07.14 07:00, Nikunj A Dadhania wrote:
Useful for identifying the guest/host uniquely within the
guest. Adding following properties to the guest root node.
vm,uuid - uuid of the guest
host-model - Host model number
host
Il 09/07/2014 17:59, Paolo Bonzini ha scritto:
The following changes since commit 9d9de254c2b81b68cd48f2324cc753a570a4cdd8:
MAINTAINERS: seccomp: change email contact for Eduardo Otubo (2014-07-03
12:36:15 +0100)
are available in the git repository at:
git://github.com/bonzini/qemu.git
f
From: Nikolay Nikolaev
Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
version before 2.26 does not have it. In such case just define it.
Reported-by: Kevin Wolf
Signed-off-by: Nikolay Nikolaev
Signed-off-by: Paolo Bonzini
---
tests/vhost-user-test.c | 4
1 fil
Am 09.07.2014 13:09, schrieb Anshul Makkar:
> Thanks. I got the point.
And for the record, the point is that the machine version on the
destination side needs to match the source side. So, if the default or
"pc" alias is used in 1.0, which resolves to pc-1.0, then it needs to be
pc-1.0, not pc-1.2
On 9 July 2014 17:20, Richard Henderson wrote:
> We were not representing the IOV (integer overflow) exception at all.
> For ease of implementation, allocate a generic bit in softfloat, even
> though softfloat will never raise the exception itself.
I don't think we should use softfloat flag bits
Am 09.07.2014 um 17:06 hat Nikolay Nikolaev geschrieben:
> Mising G_TIME_SPAN_SECOND definition breaks the RHEL6 compilation as GLib
> version before 2.26 does not have it. In such case just define it.
>
> Reported-by: Kevin Wolf
> Signed-off-by: Nikolay Nikolaev
Thanks, this fixes the build fo
On 9 July 2014 17:20, Richard Henderson wrote:
> The queue consists of Al Viro's recent work looking at the dark
> corner cases of Alpha FPU exception signalling, for which I am
> most grateful.
>
> Please pull for 2.1.
> Richard Henderson (18):
> include/fpu/softfloat.h | 13 ++--
> target-
From: Peter Maydell
The ELF HWCAP bits for ARM features THUMBEE, NEON, VFPv3 and VFPv3D16 are
all off by one compared to the kernel definitions. Fix this discrepancy
and add in the missing CRUNCH bit which was the cause of the off-by-one
error. (We don't emulate any of the CPUs which have that we
From: "Michael S. Tsirkin"
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in
virtio_load@hw/virtio/virtio.c
So we have this code since way back when:
num = qemu_get_be32(f);
for (i = 0; i < num; i++) {
vdev->vq[i].vring.num = qemu_get_be32(f);
array of vqs has size VIRTIO_P
On 07/09/2014 09:30 AM, Peter Maydell wrote:
> My general feeling here is that this is too much code and too late
> for 2.1; can we hold it over to 2.2 ?
Ok then.
r~
On 07/09/2014 09:28 AM, Peter Maydell wrote:
> I don't think we should use softfloat flag bits for keeping
> information which isn't about softfloat's status. Why can't
> you just put this in the per-CPU state?
It is (mostly) being stored in per-CPU state. But for efficiency, the per-CPU
state is
From: Kevin Wolf
len could become negative and would pass the check then. Nothing bad
happened because bdrv_pread() happens to return an error for negative
length values, but make variables for sizes unsigned anyway.
This patch also changes the behaviour to error out on invalid lengths
instead o
When a device model's I/O operation fails, we execute the error
action. This lets layers above QEMU implement thin provisioning, or
attempt to correct errors before they reach the guest. But when the
I/O operation fails because it's invalid, reporting the error to the
guest is the only sensible a
On 07/07/2014 09:08 PM, Chunyan Liu wrote:
> Add nocow info in 'qemu-img info' output to show whether the file
> currently has NOCOW flag set or not.
>
> Signed-off-by: Chunyan Liu
> ---
> Changes:
> - add documentation of "nocow" in qapi/block-core.json.
>
> @@ -625,4 +646,8 @@ void bdrv_ima
If the size of the scatter/gather list isn't a multiple of 512, the
number of sectors for the block layer request is rounded down, resulting
in a qiov that doesn't match the request length. Truncate the qiov to the
new length of the request.
This fixes the IDE qtest case /x86_64/ide/bmdma/short_pr
On 07/09/2014 06:01 AM, Stefan Hajnoczi wrote:
> The "hotplugged" device property was not reported before commit
> f4eb32b590bf58c1c67570775eb78beb09964fad ("qmp: show QOM properties in
> device-list-properties"). Fix this difference.
>
> Signed-off-by: Stefan Hajnoczi
> ---
> qmp.c | 1 +
> 1
* Michael Roth (mdr...@linux.vnet.ibm.com) wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v1.7.2:
>
> https://github.com/mdroth/qemu/commits/stable-1.7-staging
>
> The release is planned for 2014-07-21:
>
> http://wiki.qemu.org/Planning/1.7
>
> Please respon
Signed-off-by: Paolo Bonzini
---
nbd.c | 2 +-
qemu-coroutine-io.c | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/nbd.c b/nbd.c
index e7d1cee..5c28f71 100644
--- a/nbd.c
+++ b/nbd.c
@@ -156,7 +156,7 @@ ssize_t nbd_wr_sync(int fd, void *buffer, size_t size,
From: "Michael S. Tsirkin"
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so
it's OK if the value read is VIRTQUEUE_MAX_SIZE.
Not a big problem in practice as people don't use
such big queues, but it's inelegant.
Reported-by: "Dr. David Alan Gilbert"
Cc: qemu-sta...@nongnu.
Use EventNotifier instead of a pipe, which makes it trivial to test
timers on Windows.
Signed-off-by: Paolo Bonzini
---
tests/test-aio.c | 48 +++-
1 file changed, 11 insertions(+), 37 deletions(-)
diff --git a/tests/test-aio.c b/tests/test-aio.c
inde
The block layer fails such reads and writes just fine. However, they
then get treated like valid operations that fail: the error action
gets executed. Unwanted; reporting the error to the guest is the only
sensible action.
Reject them before passing them to the block layer. This bypasses the
er
On 08.07.14 17:02, Peter Maydell wrote:
Fix a typo in the names of a couple of functions
(s/resouce/resource/).
Signed-off-by: Peter Maydell
Thanks, applied to ppc-next-2.2.
Alex
From: James Hogan
KVM doesn't yet support the MIPS FPU, or writing to the guest's Config1
register which contains the FPU implemented bit. Clear QEMU's version of
that bit on reset and display a warning that the FPU has been disabled.
The previous incorrect Config1 CP0 register value wasn't bein
Am 29.06.2014 19:00, schrieb Michael S. Tsirkin:
> From: Hu Tao
>
> Signed-off-by: Hu Tao
> Acked-by: Michael S. Tsirkin
> Signed-off-by: Michael S. Tsirkin
> ---
> tests/test-string-output-visitor.c | 109
> ++---
> 1 file changed, 90 insertions(+), 19 deleti
From: Kevin Wolf
The end of the refcount table must not exceed INT64_MAX so that integer
overflows are avoided.
Also check for misaligned refcount table. Such images are invalid and
probably the result of data corruption. Error out to avoid further
corruption.
Signed-off-by: Kevin Wolf
Reviewe
On Tue, 8 Jul 2014, Stefano Stabellini wrote:
> On Tue, 8 Jul 2014, Peter Maydell wrote:
> > On 8 July 2014 12:55, Stefano Stabellini
> > wrote:
> > > Are you going to pick it up or do you want me to send a pull request?
> >
> > I'm going to put it in the target-arm pullreq I'm currently testing.
On 07.07.2014 20:53, Eric Blake wrote:
On 07/05/2014 11:47 AM, Max Reitz wrote:
When a block job signals readiness, this is currently reported only
through QMP. If qemu wants to use block jobs for internal tasks, there
needs to be another way to correctly detect when a block job may be
completed
The buffer was being allocated of size string length plus two.
Around the string two quotes were being added, but no terminating NUL.
It was then compared using g_assert_cmpstr(), resulting in fairly random
assertion failures:
ERROR:tests/test-string-output-visitor.c:213:test_visitor_out_enum: as
From: James Hogan
The EBase CP0 register is initialised to 0x8000, however with KVM
the guest's KSEG0 is at 0x4000. The incorrect value doesn't get
passed to KVM yet as KVM doesn't implement the EBase register, however
we should set it correctly now so as not to break migration/loadvm to
On 07/09/2014 02:28 PM, Andreas Färber wrote:
> The buffer was being allocated of size string length plus two.
> Around the string two quotes were being added, but no terminating NUL.
> It was then compared using g_assert_cmpstr(), resulting in fairly random
> assertion failures:
>
> ERROR:tests/
VirtIOBlockReq is freed later by virtio_blk_free_request() in
hw/block/virtio-blk.c. Remove this extraneous g_slice_free().
This patch fixes the following segfault:
0x556373af in virtio_blk_rw_complete (opaque=0x565ff5e0, ret=0)
at hw/block/virtio-blk.c:99
99 bdrv_acct_
On 9 July 2014 05:25, Amit Shah wrote:
> (CC'ing Peter Maydell for his thoughts)
>
> On (Tue) 08 Jul 2014 [22:55:42], Peter Lieven wrote:
>> Hi Juan,
>>
>> Am 25.06.2014 um 13:55 schrieb Juan Quintela :
>>
>> > Peter Lieven wrote:
>> >> this patch extends commit db80fac by not only checking
>> >>
The following commit:
commit 834fb1b269f4c9eb0ffc058fd6ab5a018c3bce1f
Author: Stefano Stabellini
Date: Mon Jul 7 16:25:07 2014 +0100
disas/libvixl: prepend the include path of libvixl header files
moves -Idisas/libvixl at the beginning of QEMU_CFLAGS.
QEMU 2.0 needs one more fix to disas/
Kirill - thank you for looking into the problem. I reran the test of "Method 1"
with your patch, and it is still failing, but the blocks of missing data
seem to be smaller than before.
Here is an extract from the output of the "Method 1" test without your patch.
In this case, the test failed beca
Am 27.05.2014 um 14:07 hat Nikolay Nikolaev geschrieben:
> This test creates a 'server' chardev to listen for vhost-user messages.
> Once VHOST_USER_SET_MEM_TABLE is received it mmaps each received region,
> and read 1k bytes from it. The read data is compared to data from readl.
>
> The test requ
Il 09/07/2014 22:34, Stefano Stabellini ha scritto:
rules.mak adds cflags specific to the target source file ($($@-cflags))
for last on the compiler command line.
As a consequence when compiling arm-a64.o, g++ might end up picking the
wrong utils.h header file, because it looks for utils.h on al
Am 04.07.2014 um 15:32 hat Markus Armbruster geschrieben:
> The block layer fails such reads and writes just fine. However, they
> then get treated like valid operations that fail: the error action
> gets executed. Unwanted; reporting the error to the guest is the only
> sensible action.
>
> Rej
The following changes since commit 9d9de254c2b81b68cd48f2324cc753a570a4cdd8:
MAINTAINERS: seccomp: change email contact for Eduardo Otubo (2014-07-03
12:36:15 +0100)
are available in the git repository at:
git://github.com/bonzini/qemu.git
for you to fetch changes up to 8bf3cc8370059a0899
Backward compatible cache insn introduced for EV7.
Reported-by: Al Viro
Signed-off-by: Richard Henderson
---
target-alpha/translate.c | 4
1 file changed, 4 insertions(+)
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 6ea33f3..e0fc0a3 100644
--- a/target-alpha/tran
From: Peter Maydell
The current tx_fifo code has a corner case where the guest can overrun
the fifo buffer: if automatic CRCs are disabled we allow the guest to write
the CRC word even if there isn't actually space for it in the FIFO.
The datasheet is unclear about exactly how the hardware deals
Il 05/07/2014 19:47, Max Reitz ha scritto:
bdrv_make_empty() is currently only called if the current image
represents an external snapshot that has been committed to its base
image; it is therefore unlikely to have internal snapshots. In this
case, bdrv_make_empty() can be greatly sped up by crea
Il 07/07/2014 21:13, Eric Blake ha scritto:
On 07/05/2014 11:47 AM, Max Reitz wrote:
Instead of taking the total length of the block device as the block
job's length, use the number of dirty sectors. The progress is now the
number of sectors mirrored to the target block device. Note that this
ma
Right now, QEMU invokes aio_bh_poll before the "poll" phase
of aio_poll. It is simpler to do it afterwards and skip the
"poll" phase altogether when the OS-dependent parts of AioContext
are invoked from GSource. This way, AioContext behaves more
similarly when used as a GSource vs. when used as s
On 07/09/2014 03:24 PM, Paolo Bonzini wrote:
> Il 07/07/2014 21:13, Eric Blake ha scritto:
>> On 07/05/2014 11:47 AM, Max Reitz wrote:
>>> Instead of taking the total length of the block device as the block
>>> job's length, use the number of dirty sectors. The progress is now the
>>> number of sec
From: Max Filippov
Use tb->pc instead of dc->pc to check for cross-page jumps.
When TB translation stops at the page boundary dc->pc points to the next
page allowing chaining to TBs in it, which is wrong.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Filippov
(cherry picked from commit 433d33c5
On 09.07.2014 23:22, Paolo Bonzini wrote:
Il 05/07/2014 19:47, Max Reitz ha scritto:
bdrv_make_empty() is currently only called if the current image
represents an external snapshot that has been committed to its base
image; it is therefore unlikely to have internal snapshots. In this
case, bdrv_
From: Kevin Wolf
Gets us rid of integer overflows resulting in negative sizes which
aren't correctly checked.
Signed-off-by: Kevin Wolf
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Max Reitz
Signed-off-by: Stefan Hajnoczi
(cherry picked from commit 246f65838d19db6db55bfb41117c35645a2c4789)
Sign
>>> On 7/9/2014 at 09:08 AM, in message <53bc9606.50...@redhat.com>, Eric Blake
wrote:
> On 07/07/2014 09:08 PM, Chunyan Liu wrote:
> > Add nocow info in 'qemu-img info' output to show whether the file
> > currently has NOCOW flag set or not.
> >
> > Signed-off-by: Chunyan Liu
> > ---
>
From: Kevin Wolf
In order to avoid integer overflows.
Signed-off-by: Kevin Wolf
Reviewed-by: Max Reitz
Signed-off-by: Stefan Hajnoczi
(cherry picked from commit bb572aefbdac290363bfa5ca0e810ccce0a14ed6)
Signed-off-by: Michael Roth
---
block/qcow2-refcount.c | 11 ++-
block/qcow2.h
Hi Juan,
Am 25.06.2014 um 13:55 schrieb Juan Quintela :
> Peter Lieven wrote:
>> this patch extends commit db80fac by not only checking
>> for unknown flags, but also filtering out unknown flag
>> combinations.
>>
>> Suggested-by: Eric Blake
>> Signed-off-by: Peter Lieven
>
> Reviewed-by: Ju
07.07.2014 21:00, Stefan Weil пишет:
arbitary -> arbitrary
basicly -> basically
Thanks, applied to the -trivial branch.
/mjt
From: James Hogan
Add error reporting if the wrong type of kernel is provided for the
current mode of acceleration.
Currently a KVM kernel linked at 0x4000 can't be used with TCG, and
a normal kernel linked at 0x8000 can't be used with KVM.
Cc: Aurelien Jarno
Cc: Paolo Bonzini
Signed-
From: Markus Armbruster
Spotted by Coverity.
Signed-off-by: Markus Armbruster
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini
(cherry picked from commit 91e7fcca4743cf694eb0c8e7a8d938cf359b5bd8)
Signed-off-by: Michael Roth
---
hw/scsi/virtio-scsi.c | 3 ++-
1 file changed, 2 insertio
1 - 100 of 237 matches
Mail list logo
