Re: [Qemu-devel] Towards an ivshmem 2.0?

Jan Kiszka writes: > On 2017-01-27 20:36, Markus Armbruster wrote: >> Jan Kiszka writes: >> >>> On 2017-01-23 15:19, Markus Armbruster wrote: Jan Kiszka writes: > Hi, > > some of you may know that we are using a shared memory device similar to > ivshmem in the partiti

Re: [Qemu-devel] Towards an ivshmem 2.0?

Jan Kiszka writes: > On 2017-01-29 15:00, Marc-André Lureau wrote: >> Hi >> >> On Sun, Jan 29, 2017 at 12:44 PM Jan Kiszka > > wrote: >> >> >> Of course, I'm careful with investing much time into expanding the >> >> existing, for Jailhouse possibly sufficient d

Re: [Qemu-devel] Towards an ivshmem 2.0?

On 2017-01-30 09:02, Markus Armbruster wrote: > Jan Kiszka writes: > >> On 2017-01-29 15:00, Marc-André Lureau wrote: >>> Hi >>> >>> On Sun, Jan 29, 2017 at 12:44 PM Jan Kiszka >> > wrote: >>> >>> >> Of course, I'm careful with investing much time into expanding the

Re: [Qemu-devel] [PATCH v2 8/8] hw: Drop superfluous special checks for orphaned -drive

John Snow writes: > On 01/27/2017 11:04 AM, Markus Armbruster wrote: >> John Snow writes: >> >>> On 01/27/2017 06:51 AM, Markus Armbruster wrote: John Snow writes: > On 01/26/2017 10:09 AM, Markus Armbruster wrote: >> We've traditionally rejected orphans here and there, but n

Re: [Qemu-devel] Towards an ivshmem 2.0?

On 2017-01-30 09:00, Markus Armbruster wrote: > Jan Kiszka writes: > >> On 2017-01-27 20:36, Markus Armbruster wrote: >>> Jan Kiszka writes: >>> On 2017-01-23 15:19, Markus Armbruster wrote: > Jan Kiszka writes: > >> Hi, >> >> some of you may know that we are using a sh

Re: [Qemu-devel] [PATCH RFC] mem-prealloc: Reduce large guest start-up and migration time.

On 1/27/2017 6:23 PM, Juan Quintela wrote: > Jitendra Kolhe wrote: >> Using "-mem-prealloc" option for a very large guest leads to huge guest >> start-up and migration time. This is because with "-mem-prealloc" option >> qemu tries to map every guest page (create address translations), and >> make

Re: [Qemu-devel] [PATCH v2 8/8] hw: Drop superfluous special checks for orphaned -drive

On 01/30/2017 03:10 AM, Markus Armbruster wrote: > John Snow writes: > >> On 01/27/2017 11:04 AM, Markus Armbruster wrote: >>> John Snow writes: >>> On 01/27/2017 06:51 AM, Markus Armbruster wrote: > John Snow writes: > >> On 01/26/2017 10:09 AM, Markus Armbruster wrote:

Re: [Qemu-devel] [PATCH 1/1] block: add missed BDRV_O_NOCACHE when block device is opened without file

On 01/28/2017 07:23 PM, Max Reitz wrote: > On 25.01.2017 20:44, Denis V. Lunev wrote: >> On 01/25/2017 08:59 PM, Max Reitz wrote: >>> [CC-ing John] >>> >>> On 25.01.2017 17:42, Denis V. Lunev wrote: Technically there is a problem when the guest DVD is created by libvirt with AIO mode 'nat

Re: [Qemu-devel] [PATCH RFC] mem-prealloc: Reduce large guest start-up and migration time.

On 1/27/2017 6:33 PM, Dr. David Alan Gilbert wrote: > * Jitendra Kolhe (jitendra.ko...@hpe.com) wrote: >> Using "-mem-prealloc" option for a very large guest leads to huge guest >> start-up and migration time. This is because with "-mem-prealloc" option >> qemu tries to map every guest page (create

Re: [Qemu-devel] [PATCH v3 2/3] xen-platform: add support for unplugging NVMe disks...

> -Original Message- > From: Stefano Stabellini [mailto:sstabell...@kernel.org] > Sent: 27 January 2017 23:35 > To: Paul Durrant > Cc: qemu-devel@nongnu.org; xen-de...@lists.xenproject.org; Stefano > Stabellini ; Anthony Perard > ; Michael S. Tsirkin ; Paolo > Bonzini ; Richard Henderson ;

Re: [Qemu-devel] [RFC 3/4] hw/intc/arm_gicv3_its: Implement state save/restore

Eric Auger wrote: > We need to handle both registers and ITS tables. While > register handling is standard, ITS table handling is more > challenging since the kernel API is devised so that the > tables are flushed into guest RAM and not in vmstate buffers. > > Flushing the ITS tables on device pre

Re: [Qemu-devel] [PATCH 1/1] block: add missed BDRV_O_NOCACHE when block device is opened without file

Am 25.01.2017 um 20:44 hat Denis V. Lunev geschrieben: > This is what I have exactly started from: > http://ftp.redhat.com/pub/redhat/linux/enterprise/7Server/en/RHEV/SRPMS/qemu-kvm-rhev-2.6.0-27.el7.src.rpm > > This package starts VM well for the above mentioned configuration: > > >

Re: [Qemu-devel] [PATCH v8 08/25] tcg: drop global lock during TCG code execution

Pranith Kumar writes: > Alex Bennée writes: > >> From: Jan Kiszka >> >> This finally allows TCG to benefit from the iothread introduction: Drop >> the global mutex while running pure TCG CPU code. Reacquire the lock >> when entering MMIO or PIO emulation, or when leaving the TCG loop. >> >> We

Re: [Qemu-devel] [PATCH v8 04/25] tcg: move TCG_MO/BAR types into own file

Pranith Kumar writes: > Alex Bennée writes: > >> We'll be using the memory ordering definitions to define values for >> both the host and guest. To avoid fighting with circular header >> dependencies just move these types into their own minimal header. >> >> Signed-off-by: Alex Bennée >> Review

Re: [Qemu-devel] [PATCH] target/s390x: Fix broken user mode

On 01/28/2017 09:36 AM, Stefan Weil wrote: > Returning NULL from get_max_cpu_model results in a SIGSEGV runtime error. > > Signed-off-by: Stefan Weil > --- > > This is also broken in Debian. > > In addition, there is no default CPU ("any"), so binfmt and related > actions currently don't work.

Re: [Qemu-devel] [PATCH 10/17] migration: create ram_multifd_page

"Dr. David Alan Gilbert" wrote: > * Juan Quintela (quint...@redhat.com) wrote: >> The function still don't use multifd, but we have simplified >> ram_save_page, xbzrle and RDMA stuff is gone. We have added a new >> counter and a new flag for this type of pages. >> >> Signed-off-by: Juan Quintela

[Qemu-devel] [PATCH 1/1] mirror: restore offset after zeroing out the image

If explicit zeroing out before mirroring is required for the target image, it moves the block job offset counter to EOF, then offset and len counters count the image size twice. There is no harm but confusing stats (e.g. for 1G image the completion counter starts from 1G and increases to 2G) The

Re: [Qemu-devel] [PULL 00/22] target-arm queue

On 27 January 2017 at 15:31, Peter Maydell wrote: > ARM queue; the bulk of this is M profile bugfixes. > > thanks > -- PMM Applied, thanks. -- PMM

Re: [Qemu-devel] [PATCH] sd: sdhci: check data length during dma_memory_read

On 30 January 2017 at 06:47, P J P wrote: > From: Prasad J Pandit > > While doing multi block SDMA transfer in routine > 'sdhci_sdma_transfer_multi_blocks', the 's->fifo_buffer' starting > index 'begin' and data length 's->data_count' could end up to be same. > This could lead to an OOB access is

Re: [Qemu-devel] [PATCH 0/2] tcg/i386 guest_base improvements

Richard Henderson writes: > The first change does two things: (1) improve bsd-user so that it > doesn't continually reload guest_base into a temp register and > (2) extract the bulk of the guest_base logic to a routine that > is run once at startup. > > The second change adds segmentation suppor

Re: [Qemu-devel] [RFC 3/4] hw/intc/arm_gicv3_its: Implement state save/restore

Hi Juan, On 30/01/2017 10:15, Juan Quintela wrote: > Eric Auger wrote: >> We need to handle both registers and ITS tables. While >> register handling is standard, ITS table handling is more >> challenging since the kernel API is devised so that the >> tables are flushed into guest RAM and not in

[Qemu-devel] [PATCH] spice: wakeup QXL worker to pick up mouse changes

Without it, server-mode mouse is "slow" to update position: QXL will wait until new display commands come. This is very visible with virtio-gpu. Signed-off-by: Marc-André Lureau --- ui/spice-display.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ui/spice-display.c b/ui/spice-display.c i

[Qemu-devel] [PATCH] io: fix decoding when multiple websockets frames arrive at once

The qio_channel_websock_read_wire() method will read upto 4096 bytes off the socket and then decode the websockets header and payload. The code was only decoding a single websockets frame, even if the buffered data contained multiple frames. This meant that decoding of subsequent frames was delayed

Re: [Qemu-devel] QEMU websockets support is laggy?

On Fri, Jan 27, 2017 at 06:08:20PM +, Daniel P. Berrange wrote: > On Fri, Jan 27, 2017 at 09:35:38AM +, Daniel P. Berrange wrote: > > On Tue, Jan 24, 2017 at 05:02:25PM -0500, Brian Rak wrote: > > > We've been considering switching over to using qemu's built in websockets > > > support (to

Re: [Qemu-devel] Towards an ivshmem 2.0?

On Sun, Jan 29, 2017 at 12:56:23PM +0100, msuchanek wrote: > On 2017-01-17 10:59, Stefan Hajnoczi wrote: > > On Mon, Jan 16, 2017 at 02:10:17PM +0100, Jan Kiszka wrote: > > > On 2017-01-16 13:41, Marc-André Lureau wrote: > > > > On Mon, Jan 16, 2017 at 12:37 PM Jan Kiszka > > >

Re: [Qemu-devel] [PATCH Risu 1/2] risu_ppc64: Fix Risu to run under qemu linux user

Jose Ricardo Ziviani writes: > Qemu linux-user doesn't fill uc_mcontext completely like full emul. > does. Are you going to submit a fix for QEMU for this? Is there a reason it doesn't do it correctly? > For instance, uc->uc_mcontext.regs->nip is an invalid so this > commit replaces it by uc->

Re: [Qemu-devel] [PATCH Risu 1/2] risu_ppc64: Fix Risu to run under qemu linux user

On 30 January 2017 at 02:47, Jose Ricardo Ziviani wrote: > Qemu linux-user doesn't fill uc_mcontext completely like full emul. does. > For instance, uc->uc_mcontext.regs->nip is an invalid so this > commit replaces it by uc->uc_mcontext.gp_regs[PT_NIP] It's not clear to me from this commit messag

Re: [Qemu-devel] [PULL 15/18] spapr: CPU hot unplug support

On Thu, 26 Jan 2017 19:56:35 +0530 Bharata B Rao wrote: > On Thu, Jan 26, 2017 at 12:32:58PM +0100, Igor Mammedov wrote: > > On Fri, 17 Jun 2016 16:36:36 +1000 > > David Gibson wrote: > > > > > From: Bharata B Rao > > > > > > Remove the CPU core device by removing the underlying CPU thread de

[Qemu-devel] [PATCH v3 2/3] qemu-io: Add regression tests

From: Nir Soffer Add regression tests checking that qemu-io fail with non-zero exit code when reading non-existing file or using the wrong format. Signed-off-by: Nir Soffer --- tests/qemu-iotests/173 | 59 ++ tests/qemu-iotests/173.out | 9 +

[Qemu-devel] [PATCH v3 1/3] qemu-io: Return non-zero exit code on failure

From: Nir Soffer The result of openfile was not checked, leading to failure deep in the actual command with confusing error message, and exiting with exit code 0. Here is a simple example - trying to read with the wrong format: $ touch file $ qemu-io -f qcow2 -c 'read -P 1 0 1024' file;

[Qemu-devel] [PATCH v3 3/3] qemu-io: Fix tests expecting the wrong output

From: Nir Soffer Many tests expected the wrong behavior when qemu-io call into the command with after failing to open the file, writing this error: no file open, try 'help open' Now that we fail immediately when opening a file fails, this error does not exist in the output; remove it from t

Re: [Qemu-devel] [PATCH v4 1/9] ACPI: Add a function for building named qword entries

On 01/27/17 19:19, Ben Warren wrote: > >> On Jan 27, 2017, at 8:12 AM, Laszlo Ersek > > wrote: >> >> On 01/27/17 16:43, Kevin O'Connor wrote: >>> On Fri, Jan 27, 2017 at 03:46:33PM +0100, Laszlo Ersek wrote: On 01/27/17 15:18, Kevin O'Connor wrote: > If an offset

[Qemu-devel] [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks

This series tries to fix CVE-2016-9602. This vulnerability affects all accesses to the underlying filesystem in the "local" backend code. If QEMU is started with: -fsdev local,security_model=,path=/foo/bar then the guest can cause QEMU to create symlinks in /foo/bar. This causes accesses to any

[Qemu-devel] [PATCH RFC 04/36] 9pfs: local: split mkdir operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/

[Qemu-devel] [PATCH RFC 01/36] 9pfs: local: move xattr security ops to 9p-xattr.c

These functions are always called indirectly. It really doesn't make sense for them to sit in a header file. Signed-off-by: Greg Kurz --- hw/9pfs/9p-xattr.c | 61 hw/9pfs/9p-xattr.h | 80 +--- 2 files ch

[Qemu-devel] [PATCH RFC 09/36] 9pfs: local: post link operation for mapped-file security

The link operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/9pfs/9

[Qemu-devel] [PATCH RFC 02/36] 9pfs: local: split chmod operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/

[Qemu-devel] [PATCH RFC 03/36] 9pfs: local: split mknod operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/

[Qemu-devel] [PATCH RFC 05/36] 9pfs: local: split open2 operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/

[Qemu-devel] [PATCH RFC 12/36] 9pfs: local: pre remove operation for mapped-file security

The remove operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/9pfs

[Qemu-devel] [PATCH RFC 11/36] 9pfs: local: post rename operation for mapped-file security

The rename operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/9pfs

[Qemu-devel] [PATCH RFC 08/36] 9pfs: local: improve error handling in link op

When using the mapped-file security model, we also have to create a link for the metadata file if it exists. In case of failuire, we should rollback. That's what this patch does. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 26 +++--- 1 file changed, 19 insertions(+),

[Qemu-devel] [PATCH RFC 07/36] 9pfs: local: split mkdir operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/

[Qemu-devel] [PATCH RFC 13/36] 9pfs: local: pre unlikat operation for mapped-file security

The unlinkat operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/9p

[Qemu-devel] [PATCH RFC 15/36] 9pfs: remove side-effects in local_open() and local_opendir()

If these functions fail, they should not change *fs. Let's use local variables to fix this. While here, let's also do some cosmetic fixes on the function args. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 21 ++---

[Qemu-devel] [PATCH RFC 20/36] 9pfs: local: readlink: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 37 +++-- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index a1fff04c3219..1f9239de07e5 100644 --- a/hw

[Qemu-devel] [PATCH RFC 10/36] v9fs: local: improve error handling in rename op

When using the mapped-file security model, we also have to rename the metadata file if it exists. In case of failure, we should rollback. To achieve that, this patch moves the renaming of the main file before the renaming of the metadata file. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c |

[Qemu-devel] [PATCH RFC 17/36] 9pfs: local: keep a file descriptor on the shared folder

This patch opens the shared folder and caches the file descriptor, so that it can be used to do symlink-safe path walk. Since nothing prevents several QEMU instances to pass overlapping export paths to -fsdev, we also make sure that the export path doesn't traverse a symlink either. Signed-off-by:

[Qemu-devel] [PATCH RFC 16/36] 9pfs: introduce openat_nofollow() helper

When using the passthrough security mode, symbolic links created by the guest are actual symbolic links on the host file system. Since the resolution of symbolic links during path walk is supposed to occur on the client side. The server should never have to follow them. The current code hence reli

[Qemu-devel] [PATCH RFC 06/36] 9pfs: local: split symlink operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/

[Qemu-devel] [PATCH RFC 21/36] 9pfs: local: truncate: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 15 --- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 1f9239de07e5..4377aa6524c2 100644 --- a/hw/9pfs/9p-local.c +++ b/h

[Qemu-devel] [PATCH RFC 22/36] 9pfs: local: statfs: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 4377aa6524c2..dbc56b16979c 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/

[Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 40 ++-- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 5e320917c484

[Qemu-devel] [PATCH RFC 24/36] 9pfs: local: chmod: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 48d46b6abd28..9dfa3e306245 100644 --- a/hw/9pfs/9p-loca

[Qemu-devel] [PATCH RFC 14/36] 9pfs: remove side-effects in local_init()

If this function fails, it should not modify *ctx. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 37 +++-- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs

[Qemu-devel] [PATCH RFC 29/36] 9pfs: local: remove: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 28 +++- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 364da435350b..573852a55a0

[Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 26 ++ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 9dfa3e306245..bbc08184564f 100644 --- a/

[Qemu-devel] [PATCH RFC 18/36] 9pfs: local: open/opendir: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 31 +-- hw/9pfs/9p-local.h | 20 2 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 hw/9pfs/9p-local.h diff --git a/hw/9pf

[Qemu-devel] [PATCH RFC 30/36] 9pfs: local: unlinkat: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 18 -- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 573852a55a00..60edfb25f8a5 100644 -

[Qemu-devel] [PATCH RFC 28/36] 9pfs: local: rename: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 44 +++- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index de860db3

[Qemu-devel] [PATCH RFC 19/36] 9pfs: local: utimensat: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 37 ++--- hw/9pfs/9p-local.h |2 ++ 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 783b4006ffd4

[Qemu-devel] [PATCH RFC 33/36] 9pfs: local: lgetxattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-posix-acl.c | 16 ++-- hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 4 insertions(+), 28 deletions(-) diff --git a/hw/9pfs/9p-posix-acl.c

Re: [Qemu-devel] Towards an ivshmem 2.0?

Jan Kiszka writes: > On 2017-01-30 09:00, Markus Armbruster wrote: >> Jan Kiszka writes: >> >>> On 2017-01-27 20:36, Markus Armbruster wrote: Jan Kiszka writes: > On 2017-01-23 15:19, Markus Armbruster wrote: >> Jan Kiszka writes: >> >>> Hi, >>> >>> some of y

[Qemu-devel] [PATCH RFC 23/36] 9pfs: local: mknod/mkdir/open2: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 128 1 file changed, 59 insertions(+), 69 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index dbc56b16979c..

[Qemu-devel] [PATCH RFC 35/36] 9pfs: local: lsetxattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-posix-acl.c | 18 -- hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 6 insertions(+), 28 deletions(-) diff --git a/hw/9pfs/9p-posix-acl

[Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 20 ++-- 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index bbc08184564f..5e320917c484 100644 --- a/hw/9pfs

[Qemu-devel] [PATCH RFC 36/36] 9pfs: local: lremovexattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-posix-acl.c | 14 -- hw/9pfs/9p-xattr-user.c | 12 +++- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 8 insertions(+), 26 deletions(-) diff --git a/hw/9pfs/9p-posix-acl

[Qemu-devel] [PATCH RFC 32/36] 9pfs: local: lstat: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 36 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 60edfb25f8a5..b4

[Qemu-devel] [PATCH v2] hw/core/register: Mark the device with cannot_instantiate_with_device_add_yet

The "qemu,register" device needs to be wired up in source code, there is no way the user can add this device with the "-device" parameter or the "device_add" monitor command yet. Signed-off-by: Thomas Huth --- v2: Changed patch description and comment hw/core/register.c | 9 + 1 file c

[Qemu-devel] [PATCH RFC 34/36] 9pfs: local: llistxattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz --- hw/9pfs/9p-xattr.c | 30 -- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c index 29f4f940a23f..08df02e0bab2 100644 --- a/hw/9pfs/9p

Re: [Qemu-devel] [PULL v2 00/41] Misc patches for 2017-01-27

Peter, On 01/27/17 20:35, Paolo Bonzini wrote: > The following changes since commit 29ba0cdc1fd1300f910d150c03a0f74236083bf7: > > Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-01-27' > into staging (2017-01-27 15:20:08 +) > > are available in the git repository at: > >

[Qemu-devel] [PATCH RFC 31/36] 9pfs: local: introduce symlink-attack safe xattr helpers

There are no "at" variants for xattr syscalls. This patch implement them using a separate process. Signed-off-by: Greg Kurz --- hw/9pfs/9p-xattr.c | 156 hw/9pfs/9p-xattr.h | 11 2 files changed, 167 insertions(+) diff --git a/hw/9pfs

Re: [Qemu-devel] [PULL v2 00/41] Misc patches for 2017-01-27

On 30 January 2017 at 12:33, Laszlo Ersek wrote: > Peter, > > On 01/27/17 20:35, Paolo Bonzini wrote: >> The following changes since commit 29ba0cdc1fd1300f910d150c03a0f74236083bf7: >> >> Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-01-27' >> into staging (2017-01-27 15:20:0

[Qemu-devel] [PATCH v2] hw/core/or-irq: Mark the device with cannot_instantiate_with_device_add_yet

The "or-irq" device needs to be wired up in source code, there is no way the user can add this device with the "-device" parameter or the "device_add" monitor command yet. Signed-off-by: Thomas Huth --- v2: Changed patch description and comment hw/core/or-irq.c | 3 +++ 1 file changed, 3 inser

Re: [Qemu-devel] [PATCH v2 10/11] aspeed: use first FMC flash as a boot ROM

On 9 January 2017 at 16:24, Cédric Le Goater wrote: > Create a ROM region, using the default size of the mapping window for > the CE0 FMC flash module, and fill it with the flash content. > > This is a little hacky but until we can boot from a MMIO region, it > seems difficult to do anything else.

Re: [Qemu-devel] [PATCH 2/2] migration: discard non-dirty ram pages after the start of postcopy

On 27.01.2017 14:39, Dr. David Alan Gilbert wrote: * Pavel Butsykin (pbutsy...@virtuozzo.com) wrote: After the start of postcopy migration there are some non-dirty pages which have already been migrated. These pages are no longer needed on the source vm so that we can free them and it doen't hur

[Qemu-devel] [PATCH v2] target/s390x: Fix broken user mode

Returning NULL from get_max_cpu_model results in a SIGSEGV runtime error. Signed-off-by: Stefan Weil --- v2: Re-sent as v1 was damaged by my mailer. This is also broken in Debian. In addition, there is no default CPU ("any"), so binfmt and related actions currently don't work. I hacked my loca

Re: [Qemu-devel] [PATCH] target/s390x: Fix broken user mode

Am 30.01.2017 um 11:01 schrieb Christian Borntraeger: > I have for whatever reasons problems with this patch. Looks like you > pasted > it into thunderbird or something like that and the whitespaces look mangled, > e.g. look at the indentation of static vs {. The original e-mail was not delivered

Re: [Qemu-devel] [PATCH 1/2] add 'discard-ram' migrate capability

On 27.01.2017 14:01, Dr. David Alan Gilbert wrote: * Pavel Butsykin (pbutsy...@virtuozzo.com) wrote: This feature frees the migrated memory on the source during postcopy-ram migration. In the second step of postcopy-ram migration when the source vm is put on pause we can free unnecessary memory.

[Qemu-devel] [PATCH 1/1] io: ignore case in WebSocket HTTP header #PSBM-57554

From: Anton Nefedov According to RFC7230 Section 3.2, header field name is case-insensitive. The haystack string length is limited by 4096 bytes by qio_channel_websock_handshake_read(). Further, handshake_process() dups and NULL-terminates the string so it is safe to call non length-limited fun

Re: [Qemu-devel] [PULL v2 00/41] Misc patches for 2017-01-27

On 27 January 2017 at 19:35, Paolo Bonzini wrote: > The following changes since commit 29ba0cdc1fd1300f910d150c03a0f74236083bf7: > > Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-01-27' > into staging (2017-01-27 15:20:08 +) > > are available in the git repository at: > >

Re: [Qemu-devel] [PULL v2 00/41] Misc patches for 2017-01-27

On 01/30/17 13:57, Peter Maydell wrote: > On 30 January 2017 at 12:33, Laszlo Ersek wrote: >> Peter, >> >> On 01/27/17 20:35, Paolo Bonzini wrote: >>> The following changes since commit 29ba0cdc1fd1300f910d150c03a0f74236083bf7: >>> >>> Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-

Re: [Qemu-devel] [PULL v2 00/41] Misc patches for 2017-01-27

On 30 January 2017 at 13:29, Laszlo Ersek wrote: > Yeah I was conflicted whether I should ping you or not... The very first > version of the patches goes back to October 2015; I may have gotten > over-enthusiastic about the feature being finally merged, and possibly > made the wrong call. Sorry.

Re: [Qemu-devel] [PATCH v2 10/11] aspeed: use first FMC flash as a boot ROM

>> +#define FIRMWARE_ADDR 0x0 >> + >> +static void write_boot_rom(DriveInfo *dinfo, hwaddr addr, size_t rom_size, >> + Error **errp) >> +{ >> +BlockBackend *blk = blk_by_legacy_dinfo(dinfo); >> +uint8_t *storage; >> + >> +if (rom_size > blk_getlength(blk)) { >>

[Qemu-devel] [PATCH v2 00/41] chardev: qom clean-up and split in various backend files

Finish qom-ification by using instance finalizers and split the big qemu-char.c file in many backend-specific units. This is part of a larger refactoring series that I try to keep up to date here: https://github.com/elmarco/qemu/commits/chrfe v2: (after Eric's review) - replace win32 BOOL with bo

[Qemu-devel] [PATCH v2 01/41] MAINTAINERS: add myself to qemu-char.c

I consider to have enough experience with qemu-char to propose myself as maintainer. This will allow me to send pull request without waiting for Paolo. Signed-off-by: Marc-André Lureau --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index e0be7bc0d4.

[Qemu-devel] [PATCH v2 04/41] msmouse: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- backends/msmouse.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backends/msmouse.c b/backends/msmouse.c index 936a5476d5..55c344f0e1 100644 --- a/backends/msmouse.c +++ b/backends/msmouse.c @@ -139,9 +139,9

[Qemu-devel] [PATCH v2 02/41] spice-qemu-char: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- spice-qemu-char.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spice-qemu-char.c b/spice-qemu-char.c index dd97c17fca..3902202a35 100644 --- a/spice-qemu-char.c +++ b/spice-qemu-char.c @@ -210,9 +210,9 @@ s

[Qemu-devel] [PATCH v2 03/41] baum: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- backends/baum.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backends/baum.c b/backends/baum.c index 0f418ed358..39c9365024 100644 --- a/backends/baum.c +++ b/backends/baum.c @@ -616,9 +616,9 @@ static void

[Qemu-devel] [PATCH v2 09/41] char-ringbuf: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index fecebde87a..74e78b56d1 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -3550,9 +3550,9 @@ static int ringbuf_chr_read(C

[Qemu-devel] [PATCH v2 07/41] char-socket: convert to finalize

Notice that finalize() will be run after a failure to open(), so cleanup code must be adjusted. Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 1c4fcf3a6e..a

[Qemu-devel] [PATCH v2 05/41] mux: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 6b4a299702..91ca4cb083 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -859,9 +859,9 @@ static GSource *mux_chr_add_wat

[Qemu-devel] [PATCH v2 13/41] char-win: do not override chr_free

For some unclear reason to me, char-file does not have chr_free on win32. Since we want to switch to instance finalizer instead of class chr_free, we should be able to run the base WinChardev class finalizer in any case. Use a boolean to skip free to ease the transition to instance finalizer. Sign

[Qemu-devel] [PATCH v2 10/41] char-parallel: convert parallel to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 30 +- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 74e78b56d1..1981058f45 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2025,17 +2025,6 @@ s

[Qemu-devel] [PATCH v2 06/41] char-udp: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 91ca4cb083..1c4fcf3a6e 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2779,9 +2779,10 @@ static void udp_chr_update_

[Qemu-devel] [PATCH v2 11/41] char-stdio: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 1981058f45..390e6a99de 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -1422,10 +1422,10 @@ static void qemu_chr_set_ec

[Qemu-devel] [PATCH v2 12/41] char-win-stdio: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 390e6a99de..d92642735e 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2594,9 +2594,9 @@ static void qemu_chr_set_echo

[Qemu-devel] [PATCH v2 08/41] char-pty: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index a00bbb0a1c..fecebde87a 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -1659,9 +1659,10 @@ static void pty_chr_state(C

[Qemu-devel] [PATCH v2 14/41] char-win: convert to finalize

Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- qemu-char.c | 10 +++--- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index 83636d76c0..0cece8a34f 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2150,8 +2150,9 @@ typedef struct { static

[Qemu-devel] [PATCH v2 16/41] char: remove chr_free

Now it uses Object instance_finalize instead. Signed-off-by: Marc-André Lureau Reviewed-by: Eric Blake --- include/sysemu/char.h | 8 qemu-char.c | 10 +- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/include/sysemu/char.h b/include/sysemu/char.h ind

  1   2   3   >