Re: [Qemu-devel] [PATCH v3] target-s390x: Implement stfl and stfle

On 26.02.2017 00:38, Michal Marek wrote: > The implementation is partially cargo cult based, but it works for the > linux kernel use case. > > Signed-off-by: Michal Marek > --- > v3: > - Initialize the buffer in do_stfle() > v2: > - STFLE is not a privileged instruction, go through the MMU to s

[Qemu-devel] [Bug 1668041] [NEW] x86 Floating point exceptions - incorrect support?

Public bug reported: It seems that qemu does not correctly emulate the x86 support for optionally causing a floating-point exception (#FP) when, for example, dividing by zero. Reports such as: https://github.com/cloudius-systems/osv/issues/855 http://stackoverflow.com/questions/15134189/qemu-div-

Re: [Qemu-devel] [PULL] target-mips queue

On 24 February 2017 at 11:54, Yongbok Kim wrote: > The following changes since commit 2d896b454a0e19ec4c1ddbb0e0b65b7e54fcedf3: > > Revert "hw/mips: MIPS Boston board support" (2017-02-23 18:04:45 +) > > are available in the git repository at: > > git://github.com/yongbok/upstream-qemu.git

Re: [Qemu-devel] [PULL 0/3] Block patches

On 24 February 2017 at 17:46, Jeff Cody wrote: > The following changes since commit fe8ee082db5038a05dbd8872e946049e9a9c550e: > > Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2017-02-22' > into staging (2017-02-24 15:00:51 +) > > are available in the git repository at: > >

Re: [Qemu-devel] [PATCH v2] linux-user: Add signal handling support for x86_64

Le 26/02/2017 à 00:04, Pranith Kumar a écrit : > Note that x86_64 has only _rt signal handlers. This implementation > attempts to share code with the x86_32 implementation. > > CC: Laurent Vivier > Signed-off-by: Allan Wirth > Reviewed-by: Peter Maydell > Signed-off-by: Pranith Kumar > --- >

Re: [Qemu-devel] [PATCH v2] linux-user: Add signal handling support for x86_64

On 26 February 2017 at 12:29, Laurent Vivier wrote: > Le 26/02/2017 à 00:04, Pranith Kumar a écrit : >> Note that x86_64 has only _rt signal handlers. This implementation >> attempts to share code with the x86_32 implementation. >> +struct target_fpreg st[8]; > > Why don't you keep the origin

Re: [Qemu-devel] [PATCH v2] linux-user: Add signal handling support for x86_64

Le 26/02/2017 à 13:39, Peter Maydell a écrit : > On 26 February 2017 at 12:29, Laurent Vivier wrote: >> Le 26/02/2017 à 00:04, Pranith Kumar a écrit : >>> Note that x86_64 has only _rt signal handlers. This implementation >>> attempts to share code with the x86_32 implementation. > >>> +struc

Re: [Qemu-devel] [PATCH v2] syscall: fixed mincore(2) not failing with ENOMEM

Le 17/02/2017 à 09:58, Franklin Snaipe Mathieu a écrit : > From: "Franklin \"Snaipe\" Mathieu" > > The current implementation of the mincore(2) syscall sets errno to > EFAULT when the region identified by the first two parameters is > invalid. > > This goes against the man page specification, wh

[Qemu-devel] [PULL 2/3] slirp: Convert mbufs to use g_malloc() and g_free()

From: Peter Maydell The mbuf code currently doesn't check the result of doing a malloc() or realloc() of its data (spotted by Coverity, CID 1238946). Since the m_inc() API assumes that extending an mbuf must succeed, just convert to g_malloc() and g_free(). Signed-off-by: Peter Maydell Reviewed

[Qemu-devel] [PULL 0/3] slirp updates

The following changes since commit 6528a4c1f20c1ba5a22ab84bec6788a574ac04c8: Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging (2017-02-26 11:47:00 +) are available in the git repository at: http://people.debian.org/~sthibault/qemu.git tags/samuel-thibault

[Qemu-devel] [PULL 1/3] slirp: Check qemu_socket() return value in udp_listen()

From: Peter Maydell Check the return value from qemu_socket() rather than trying to pass it to bind() as an fd argument even if it's negative. This wouldn't have caused any negative consequences, because it won't be a valid fd number and the bind call will fail; but Coverity complains (CID 100572

[Qemu-devel] [PULL 3/3] slirp: tcp_listen(): Don't try to close() an fd we never opened

From: Peter Maydell Coverity points out (CID 1005725) that an error-exit path in tcp_listen() will try to close(s) even if the reason it got there was that the qemu_socket() failed and s was never opened. Not only that, this isn't even the right function to use, because we need closesocket() to

Re: [Qemu-devel] [PULL 00/19] Block layer patches

On 24 February 2017 at 18:16, Kevin Wolf wrote: > The following changes since commit 63f495beb4007de5444614125fd6fd178ca6e2b1: > > Merge remote-tracking branch > 'remotes/kraxel/tags/pull-cve-2017-2620-20170224-1' into staging (2017-02-24 > 13:55:26 +) > > are available in the git reposito

[Qemu-devel] [PATCH] nios2: iic: Convert CPU prop to qom link

Add a const qom link between the CPU and the IIC instead of passing the CPU link through a qom property. Signed-off-by: Marek Vasut Cc: Alexander Graf Cc: Chris Wulff Cc: Jeff Da Silva Cc: Ley Foon Tan Cc: Markus Armbruster Cc: Richard Henderson Cc: Sandra Loosemore Cc: Yves Vandervennet

Re: [Qemu-devel] [PATCH V5 4/7] nios2: Add IIC interrupt controller emulation

On 02/22/2017 07:31 PM, Markus Armbruster wrote: > Marek Vasut writes: > >> On 02/22/2017 07:31 AM, Markus Armbruster wrote: >>> I know this has been committed already, but here goes anyway: >>> >>> Marek Vasut writes: >>> From: Chris Wulff Add the Altera Nios2 internal interrupt

Re: [Qemu-devel] [PATCH v2] linux-user: Add signal handling support for x86_64

On Sun, Feb 26, 2017 at 7:29 AM, Laurent Vivier wrote: >> @@ -6421,11 +6597,13 @@ static void handle_pending_signal(CPUArchState >> *cpu_env, int sig, >> || defined(TARGET_NIOS2) >> /* These targets do not have traditional signals. */ >> setup_rt_frame(sig, sa, &k->inf

[Qemu-devel] [PATCH v3] linux-user: Add signal handling support for x86_64

Note that x86_64 has only _rt signal handlers. This implementation attempts to share code with the x86_32 implementation. CC: Laurent Vivier Signed-off-by: Allan Wirth Reviewed-by: Peter Maydell Signed-off-by: Pranith Kumar --- linux-user/signal.c | 278 ++

Re: [Qemu-devel] [PATCH v3] linux-user: Add signal handling support for x86_64

Le 26/02/2017 à 17:53, Pranith Kumar a écrit : > Note that x86_64 has only _rt signal handlers. This implementation > attempts to share code with the x86_32 implementation. > > CC: Laurent Vivier > Signed-off-by: Allan Wirth > Reviewed-by: Peter Maydell > Signed-off-by: Pranith Kumar > --- >

Re: [Qemu-devel] [PULL 0/3] slirp updates

On 26 February 2017 at 14:43, Samuel Thibault wrote: > The following changes since commit 6528a4c1f20c1ba5a22ab84bec6788a574ac04c8: > > Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into > staging (2017-02-26 11:47:00 +) > > are available in the git repository at: > >

Re: [Qemu-devel] [PATCH v3] target-s390x: Implement stfl and stfle

Dne 26.2.2017 v 12:22 Thomas Huth napsal(a): > On 26.02.2017 00:38, Michal Marek wrote: >> The implementation is partially cargo cult based, but it works for the >> linux kernel use case. >> >> Signed-off-by: Michal Marek >> --- >> v3: >> - Initialize the buffer in do_stfle() >> v2: >> - STFLE i

Re: [Qemu-devel] [PATCH] Adding support for LPD and LPDG instructions

Le samedi 25 février 2017, 10:42:43 CET Richard Henderson a écrit : > On 02/23/2017 10:58 PM, Eric Bischoff wrote: > > +/* LOAD PAIR DISJOINT */ > > +C(0xc804, LPD, SSF, ILA, m1_32s, m2_32s, 0, r3_P32, movx, 0) > > +C(0xc805, LPDG,SSF, ILA, m1_64, m2_64, 0, r3_P64, movx, 0) > >

Re: [Qemu-devel] [PATCH v3 16/16] postcopy: Add extra check for COPY function

On 24/02/2017 19:28, Dr. David Alan Gilbert (git) wrote: > From: "Dr. David Alan Gilbert" > > As an extra sanity check, make sure the region we're registering > can perform UFFDIO_COPY; the COPY will fail later but this > gives a cleaner failure. > > Signed-off-by: Dr. David Alan Gilbert > ---

Re: [Qemu-devel] [PATCH for-2.8] dma/rc4030: translate memory accesses only when they occur

Ping again. Le 22/02/2017 à 07:19, Hervé Poussineau a écrit : Ping? Le 18/11/2016 à 23:43, Hervé Poussineau a écrit : This simplifies the code a lot, and this fixes big memory leaks introduced in a3d586f704609a45b6037534cb2f34da5dfd8895 Windows NT is now able to boot without using gigabytes o

Re: [Qemu-devel] [PATCH v3 04/16] exec: ram_block_discard_range

On 24/02/2017 19:28, Dr. David Alan Gilbert (git) wrote: > From: "Dr. David Alan Gilbert" > > Create ram_block_discard_range in exec.c to replace > postcopy_ram_discard_range and most of ram_discard_range. > > Those two routines are a bit of a weird combination, and > ram_discard_range is about

[Qemu-devel] [PULL 3/5] slirp: Common lhost/fhost union

From: "Dr. David Alan Gilbert" The socket structure has a pair of unions for lhost and fhost addresses; the unions are identical so split them out into a separate union declaration. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Juan Quintela Signed-off

[Qemu-devel] [PULL 0/5] slirp updates

The following changes since commit 685783c5b69c83c942d1fc21679311eeb8f79ab9: Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging (2017-02-26 16:38:40 +) are available in the git repository at: http://people.debian.org/~sthibault/qemu.git tags/samuel-thibaul

[Qemu-devel] [PULL 2/5] slirp: VMStatify sbuf

From: "Dr. David Alan Gilbert" Convert the sbuf structure to a VMStateDescription. Note this uses the VMSTATE_WITH_TMP mechanism to calculate and reload the offsets based on the pointers. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: David Gibson Reviewed-by: Juan Quintela Signed-off-by:

[Qemu-devel] [PULL 5/5] slirp: VMStatify remaining except for loop

From: "Dr. David Alan Gilbert" This converts the remaining components, except for the top level loop, to VMState. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Juan Quintela Signed-off-by: Samuel Thibault --- slirp/slirp.c | 48 +++- 1 file ch

[Qemu-devel] [PULL 4/5] slirp: VMStatify socket level

From: "Dr. David Alan Gilbert" Working up the stack, this replaces the slirp_socket_load/save with VMState definitions. A place holder for IPv6 support is added as a comment; it needs testing once the rest of the IPv6 code is there. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Juan Quint

[Qemu-devel] [PULL 1/5] slirp: VMState conversion; tcpcb

From: "Dr. David Alan Gilbert" Convert the migration of the struct tcpcb to use a VMStateDescription, the rest of it will come later. Mostly mechanical, except for conversion of some 'char' to uint8_t to ensure portability. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Samuel Thibault Re

Re: [Qemu-devel] [PATCH v4 4/5] slirp: VMStatify socket level

Hello, Dr. David Alan Gilbert, on jeu. 23 févr. 2017 11:40:45 +, wrote: > * Daniel P. Berrange (berra...@redhat.com) wrote: > > IOW if we transmit this data on the wire, we've effectively said that > > our migration data format is *not* portable across different host OS > > platforms. At that

Re: [Qemu-devel] [PULL 0/5] slirp updates

Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 20170226202709.2114-1-samuel.thiba...@ens-lyon.org Type: series Subject: [Qemu-devel] [PULL 0/5] slirp updates === TEST SCRIPT BEGIN === #!/bin/bash BASE=base n=1 total=$(git log --oneli

Re: [Qemu-devel] Qemu and Changed Block Tracking

> Am 24.02.2017 um 22:44 schrieb Eric Blake : > > On 02/24/2017 03:31 PM, John Snow wrote: >>> >>> But the Backup Server could instead connect to the NAS directly avoiding >>> load on the frontent LAN >>> and the Qemu Node. >>> >> >> In a live backup I don't see how you will be removing QEMU f

[Qemu-devel] [Bug 1668103] [NEW] Possible off-by-one error in priority handling of hw/PL190.c

Public bug reported: I have a problem when reading back VECTADDR in my proprietary OS's interrupt handler. Example client code: 1) Write INTENCLEAR to clear all interrupt enable bits 2) Set all 16 vector control registers to zero 3) Set vector address #2 to value 2 4) Set vector control #2 t

[Qemu-devel] [Bug 1455475] Re: Block Commit: [100 %]error: failed to pivot job for disk vda

*** This bug is a duplicate of bug 1317491 *** https://bugs.launchpad.net/bugs/1317491 ** Bug watch removed: Red Hat Bugzilla #1197592 https://bugzilla.redhat.com/show_bug.cgi?id=1197592 ** Bug watch removed: Red Hat Bugzilla #1210903 https://bugzilla.redhat.com/show_bug.cgi?id=1210903

[Qemu-devel] [Bug 1668103] Re: Possible off-by-one error in priority handling of hw/PL190.c

** Changed in: qemu Assignee: (unassigned) => Marc Bommert (brightwise) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1668103 Title: Possible off-by-one error in priority handling of hw/PL190.

Re: [Qemu-devel] [Bug 1668103] Re: Possible off-by-one error in priority handling of hw/PL190.c

>From 0cd0c1346f9adb7b90df3e4e30a5904eeda33bfa Mon Sep 17 00:00:00 2001 From: Marc Bommert Date: Sun, 26 Feb 2017 22:08:49 +0100 Subject: [PATCH] Fix off-by-one error in priority handling when reading VECTADDR: Also, if enabled, have the "current" priority bit (1

[Qemu-devel] [Bug 1668103] Re: Possible off-by-one error in priority handling of hw/PL190.c

** Changed in: qemu Status: New => Fix Committed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1668103 Title: Possible off-by-one error in priority handling of hw/PL190.c Status in QEMU:

[Qemu-devel] [PATCH v2 08/26] qmp: Improve QMP dispatch error messages

Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- qapi/qmp-dispatch.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c index 377ebb5..4610b6d 100644 --- a/qapi/qmp-dispatch.c +++ b/qapi/qmp-dispatch.c @@ -30,7

[Qemu-devel] [PATCH v2 11/26] qapi: Make QObject input visitor set *list reliably

qobject_input_start_struct() sets *list, except when it fails because qobject_input_get_object() fails, i.e. the input object doesn't exist. All the other input visitor start_struct(), start_list(), start_alternate() always set *obj / *list. Change qobject_input_start_struct() to match. Signed-o

[Qemu-devel] [PATCH v2 22/26] test-qobject-input-visitor: Cover missing nested struct member

Signed-off-by: Markus Armbruster --- tests/test-qobject-input-visitor.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/test-qobject-input-visitor.c b/tests/test-qobject-input-visitor.c index 10c15c4..6e04736 100644 --- a/tests/test-qobject-input-visitor.c +++ b/t

[Qemu-devel] [PATCH v2 01/26] qga: Fix crash on non-dictionary QMP argument

The value of key 'arguments' must be a JSON object. qemu-ga neglects to check, and crashes. To reproduce, send { 'execute': 'guest-sync', 'arguments': [] } to qemu-ga. do_qmp_dispatch() uses qdict_get_qdict() to get the arguments. When not a JSON object, this gets a null pointer, which fl

[Qemu-devel] [PATCH v2 13/26] qapi: Drop string input visitor method optional()

visit_optional() is to be called only between visit_start_struct() and visit_end_struct(). Visitors that don't support struct visits, i.e. don't implement start_struct(), end_struct(), have no use for it. Clarify documentation. The string input visitor doesn't support struct visits. Its parse_op

[Qemu-devel] [PATCH v2 00/26] qapi: QMP dispatch and input visitor work

v2: * PATCH 19-20+22+24-25: New * PATCH 03: Update MAINTAINERS new file * PATCH 21+23: New test_visitor_in_fail_list_nested(), string visitor patch tweaked, comments polished * PATCH 23: full_name() bugs fixed Markus Armbruster (26): qga: Fix crash on non-dictionary QMP argument libqtest: Wo

[Qemu-devel] [PATCH v2 09/26] qapi: Improve a QObject input visitor error message

The QObject input visitor has three error message formats: * Parameter '%s' is missing * "Invalid parameter type for '%s', expected: %s" * "QMP input object member '%s' is unexpected" The '%s' are member names (or "null", but I'll fix that later). The last error message calls the thing "QMP inpu

[Qemu-devel] [PATCH v2 02/26] libqtest: Work around a "QMP wants a newline" bug

The next commit is going to add a test that calls qmp("null"). Curiously, this hangs. Here's why. qmp_fd_sendv() doesn't send newlines. Not even when @fmt contains some. At first glance, the QMP parser seems to be fine with that. However, it turns out that it fails to react to input until it se

[Qemu-devel] [PATCH v2 10/26] qapi: Clean up after commit 3d344c2

Drop unused QIV_STACK_SIZE and unused qobject_input_start_struct() parameter errp. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- qapi/qobject-input-visitor.c | 14 +++--- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/qapi/qobject-input-visitor.c b/qapi/qo

[Qemu-devel] [PATCH v2 05/26] qmp: Clean up how we enforce capability negotiation

To enforce capability negotiation before normal operation, handle_qmp_command() inspects every command before it's handed off to qmp_dispatch(). This is a bit of a layering violation, and results in duplicated code. Before capability negotiation (!cur_mon->in_command_mode), we fail commands other

[Qemu-devel] [PATCH v2 16/26] test-qobject-input-visitor: Use strict visitor

The qobject input visitor comes in a strict and a non-strict variant. This test is the non-strict variant's last user. Turns out it relies on non-strict only in test_visitor_in_null(), and just out of laziness. We don't actually test the non-strict behavior. Clean up test_visitor_in_null(), and

[Qemu-devel] [PATCH v2 25/26] qapi: Fix object input visit beyond end of list

Signed-off-by: Markus Armbruster --- qapi/qobject-input-visitor.c | 11 --- tests/test-qobject-input-visitor.c | 2 -- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/qapi/qobject-input-visitor.c b/qapi/qobject-input-visitor.c index 47e546e..6bb5a80 100644 --- a/qapi

[Qemu-devel] [PATCH v2 15/26] qom: Make object_property_set_qobject()'s input visitor strict

Commit 240f64b made all qobject input visitors created outside tests strict, except for the one in object_property_set_qobject(). That one was left behind only because Eric couldn't spare the time to figure out whether making it strict would break anything, with a TODO comment. Time to resolve it

[Qemu-devel] [PATCH v2 03/26] qmp-test: New, covering basic QMP protocol

Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- MAINTAINERS| 1 + tests/Makefile.include | 5 +- tests/libqtest.c | 17 -- tests/libqtest.h | 8 +++ tests/qmp-test.c | 139 + 5 files changed, 16

[Qemu-devel] [PATCH v2 04/26] qmp: Dumb down how we run QMP command registration

The way we get QMP commands registered is high tech: * qapi-commands.py generates qmp_init_marshal() that does the actual work * it also generates the magic to register it as a MODULE_INIT_QAPI function, so it runs when someone calls module_call_init(MODULE_INIT_QAPI) * main() calls module_c

[Qemu-devel] [PATCH v2 24/26] tests: Cover input visit beyond end of list

When you try to visit beyond the end of a list, the qobject input visitor crashes, and the string visitor screws returns garbage. The generated list visits never go beyond the list end, but manual visits could. Signed-off-by: Markus Armbruster --- tests/test-opts-visitor.c | 39 +++

[Qemu-devel] [PATCH v2 06/26] qmp: Drop duplicated QMP command object checks

qmp_check_input_obj() duplicates qmp_dispatch_check_obj(), except the latter screws up an error message. handle_qmp_command() runs first the former, then the latter via qmp_dispatch(), masking the screwup. qemu-ga also masks the screwup, because it also duplicates checks, just differently. qmp_c

[Qemu-devel] [PATCH v2 20/26] test-string-input-visitor: Improve list coverage

Lists with elements above INT64_MAX don't work (known bug). Empty lists don't work (weird). Signed-off-by: Markus Armbruster --- tests/test-string-input-visitor.c | 85 +-- 1 file changed, 72 insertions(+), 13 deletions(-) diff --git a/tests/test-string-inpu

[Qemu-devel] [PATCH v2 14/26] qapi: Make string input and opts visitor require non-null input

The string input visitor tries to cope with null input. Null input isn't used anywhere, and isn't covered by tests. Unsurprisingly, it doesn't fully work: start_list() crashes because it passes the input via parse_str() to strtoll() unchecked. Make string_input_visitor_new() assert its argument

[Qemu-devel] [PATCH v2 07/26] qmp: Eliminate silly QERR_QMP_* macros

The QERR_ macros are leftovers from the days of "rich" error objects. QERR_QMP_BAD_INPUT_OBJECT, QERR_QMP_BAD_INPUT_OBJECT_MEMBER, QERR_QMP_EXTRA_MEMBER are used in just one place now, except for one use that has crept into qobject-input-visitor.c. Drop these macros, to make the (bad) error messa

[Qemu-devel] [PATCH v2 19/26] test-string-input-visitor: Tear down existing test automatically

Call visitor_input_teardown() from visitor_input_test_init(), so you don't have to call it from the actial tests. Signed-off-by: Markus Armbruster --- tests/test-string-input-visitor.c | 19 ++- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/tests/test-string-inpu

[Qemu-devel] [PATCH v2 21/26] tests: Cover partial input visit of list

Demonstrates a design flaw: there is no way to for input visitors to report that a list visit didn't visit the complete input list. The generated list visits always do, but manual visits needn't. Signed-off-by: Markus Armbruster --- tests/test-opts-visitor.c | 41 ++

Re: [Qemu-devel] [PATCH 1/2] hw/arm/exynos: Fix Linux kernel division by zero for PLLs

On Sun, Feb 26, 2017 at 09:51:14PM +0200, Krzysztof Kozlowski wrote: > Without any clock controller, the Linux kernel was hitting division by > zero during boot or with clk_summary: > [0.00] [] (unwind_backtrace) from [] > (show_stack+0x10/0x14) > [0.00] [] (show_stack) from [] >

[Qemu-devel] [PATCH 1/2] hw/arm/exynos: Fix Linux kernel division by zero for PLLs

Without any clock controller, the Linux kernel was hitting division by zero during boot or with clk_summary: [0.00] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [0.00] [] (show_stack) from [] (dump_stack+0x88/0x9c) [0.00] [] (dump_stack) from [] (Ldiv0+0x8/0x10) [

[Qemu-devel] [PATCH v2 12/26] qapi: Improve qobject input visitor error reporting

Error messages refer to nodes of the QObject being visited by name. Trouble is the names are sometimes less than helpful: * The name of the root QObject is whatever @name argument got passed to the visitor, except NULL gets mapped to "null". We commonly pass NULL. Not good. Avoiding error

[Qemu-devel] [PATCH v2 26/26] qapi: Improve qobject visitor documentation

Signed-off-by: Markus Armbruster --- include/qapi/qobject-input-visitor.h | 37 ++- include/qapi/qobject-output-visitor.h | 35 + 2 files changed, 67 insertions(+), 5 deletions(-) diff --git a/include/qapi/qobject-input-visitor.h

[Qemu-devel] [PATCH v2 2/2] hw/arm/exynos: Fix proper mapping of CPUs by providing real cluster ID

The Exynos4210 has cluster ID 0x9 in its MPIDR register (raw value 0x890x). If this cluster ID is not provided, then Linux kernel cannot map DeviceTree nodes to MPIDR values resulting in kernel warning and lack of any secondary CPUs: DT missing boot CPU MPIDR[23:0], fall back to default c

[Qemu-devel] [PATCH v2 17/26] qapi: Drop unused non-strict qobject input visitor

The split between tests/test-qobject-input-visitor.c and tests/test-qobject-input-strict.c now makes less sense than ever. The next commit will take care of that. Signed-off-by: Markus Armbruster --- block/nbd.c | 2 +- block/nfs.c | 2 +- blo

[Qemu-devel] [PATCH v2 18/26] tests-qobject-input-strict: Merge into test-qobject-input-visitor

Much test-qobject-input-strict.c duplicates test-qobject-input-strict.c less assertions on expected output: * test_validate_struct() duplicates test_visitor_in_struct() * test_validate_struct_nested() duplicates test_visitor_in_struct_nested() * test_validate_list() duplicates the first half o

[Qemu-devel] [PATCH v2 1/2] hw/arm/exynos: Fix Linux kernel division by zero for PLLs

Without any clock controller, the Linux kernel was hitting division by zero during boot or with clk_summary: [0.00] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [0.00] [] (show_stack) from [] (dump_stack+0x88/0x9c) [0.00] [] (dump_stack) from [] (Ldiv0+0x8/0x10) [

[Qemu-devel] [PATCH v2 23/26] qapi: Make input visitors detect unvisited list tails

Fix the design flaw demonstrated in the previous commit: new method check_list() lets input visitors report that unvisited input remains for a list, exactly like check_struct() lets them report that unvisited input remains for a struct or union. Implement the method for the qobject input visitor (

[Qemu-devel] [PATCH 2/2] hw/arm/exynos: Fix proper mapping of CPUs by providing real cluster ID

The Exynos4210 has cluster ID 0x9 in its MPIDR register (raw value 0x890x). If this cluster ID is not provided, then Linux kernel cannot map DeviceTree nodes to MPIDR values resulting in kernel warning and lack of any secondary CPUs: DT missing boot CPU MPIDR[23:0], fall back to default c

Re: [Qemu-devel] [PATCH v2 00/26] qapi: QMP dispatch and input visitor work

Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 1488145424-14974-1-git-send-email-arm...@redhat.com Type: series Subject: [Qemu-devel] [PATCH v2 00/26] qapi: QMP dispatch and input visitor work === TEST SCRIPT BEGIN === #!/bin/bash BA

[Qemu-devel] [PULL 0/2] sun4v queue

pull-sun4v-20170226 for you to fetch changes up to a5a08302d44a8b1a8c5819b1411002f85bb5f847: niagara: check if a serial port is available (2017-02-26 22:46:08 +0100) Pull request for Niagara patches

[Qemu-devel] [PULL 1/2] niagara: fail if a firmware file is missing

fail if a firmware file is missing and not qtest_enabled(), the later is necessary to allow some basic tests if firmware is not available Suggested-by: Peter Maydell Signed-off-by: Artyom Tarasenko --- hw/sparc64/niagara.c | 26 +++--- 1 file changed, 19 insertions(+), 7 del

[Qemu-devel] [PULL 2/2] niagara: check if a serial port is available

Reported-by: Markus Armbruster Reviewed-by: Markus Armbruster Signed-off-by: Artyom Tarasenko --- hw/sparc64/niagara.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c index edde86e..9a8d610 100644 --- a/hw/sparc64/niagara.c

Re: [Qemu-devel] [PULL 0/5] slirp updates

On 26 February 2017 at 20:27, Samuel Thibault wrote: > The following changes since commit 685783c5b69c83c942d1fc21679311eeb8f79ab9: > > Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into > staging (2017-02-26 16:38:40 +) > > are available in the git repository at: > >

[Qemu-devel] [PATCH v2 01/28] 9pfs: local: move xattr security ops to 9p-xattr.c

These functions are always called indirectly. It really doesn't make sense for them to sit in a header file. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi --- hw/9pfs/9p-xattr.c | 61 hw/9pfs/9p-xattr.h | 80 +-

[Qemu-devel] [PATCH v2 00/28] Series short description

This series tries to fix CVE-2016-9602 reported by Jann Horn of Google Project Zero: https://bugzilla.redhat.com/show_bug.cgi?id=1413929 This vulnerability affects all accesses to the underlying filesystem in the "local" backend code. If QEMU is started with: -fsdev local,security_model=,path=/

[Qemu-devel] [PATCH v2 05/28] 9pfs: local: keep a file descriptor on the shared folder

This patch opens the shared folder and caches the file descriptor, so that it can be used to do symlink-safe path walk. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi --- v2: - introduce LocalData type --- hw/9pfs/9p-local.c | 30 -- 1 file changed, 28 inser

[Qemu-devel] [PATCH v2 04/28] 9pfs: introduce openat_nofollow() helper

When using the passthrough security mode, symbolic links created by the guest are actual symbolic links on the host file system. Since the resolution of symbolic links during path walk is supposed to occur on the client side. The server should hence never receive any path pointing to an actual sym

[Qemu-devel] [PATCH v2 03/28] 9pfs: remove side-effects in local_open() and local_opendir()

If these functions fail, they should not change *fs. Let's use local variables to fix this. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi --- hw/9pfs/9p-local.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c i

[Qemu-devel] [PATCH v2 02/28] 9pfs: remove side-effects in local_init()

If this function fails, it should not modify *ctx. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi --- v2: - s/iocl/ioctl in comment --- hw/9pfs/9p-local.c | 37 +++-- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw

[Qemu-devel] [PATCH v2 07/28] 9pfs: local: lgetxattr: don't follow symlinks

The local_lgetxattr() callback is vulnerable to symlink attacks because it calls lgetxattr() which follows symbolic links in all path elements but the rightmost one. This patch introduces a helper to emulate the non-existing fgetxattrat() function: it is implemented with /proc/self/fd which provid

[Qemu-devel] [PATCH v2 17/28] 9pfs: local: lstat: don't follow symlinks

The local_lstat() callback is vulnerable to symlink attacks because it calls: (1) lstat() which follows symbolic links in all path elements but the rightmost one (2) getxattr() which follows symbolic links in all path elements (3) local_mapped_file_attr()->local_fopen()->openat(O_NOFOLLOW) whi

[Qemu-devel] [PATCH v2 06/28] 9pfs: local: open/opendir: don't follow symlinks

The local_open() and local_opendir() callbacks are vulnerable to symlink attacks because they call: (1) open(O_NOFOLLOW) which follows symbolic links in all path elements but the rightmost one (2) opendir() which follows symbolic links in all path elements This patch converts both callbacks t

[Qemu-devel] [PATCH v2 14/28] 9pfs: local: statfs: don't follow symlinks

The local_statfs() callback is vulnerable to symlink attacks because it calls statfs() which follows symbolic links in all path elements. This patch converts local_statfs() to rely on open_nofollow() and fstatfs() instead. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz Reviewed-by: S

[Qemu-devel] [PATCH v2 08/28] 9pfs: local: llistxattr: don't follow symlinks

The local_llistxattr() callback is vulnerable to symlink attacks because it calls llistxattr() which follows symbolic links in all path elements but the rightmost one. This patch introduces a helper to emulate the non-existing flistxattrat() function: it is implemented with /proc/self/fd which pro

[Qemu-devel] [PATCH v2 22/28] 9pfs: local: chmod: don't follow symlinks

The local_chmod() callback is vulnerable to symlink attacks because it calls: (1) chmod() which follows symbolic links for all path elements (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3) local_set_mapped_file_attr() which calls in turn local_fopen() a

[Qemu-devel] [PATCH v2 10/28] 9pfs: local: lremovexattr: don't follow symlinks

The local_lremovexattr() callback is vulnerable to symlink attacks because it calls lremovexattr() which follows symbolic links in all path elements but the rightmost one. This patch introduces a helper to emulate the non-existing fremovexattrat() function: it is implemented with /proc/self/fd whi

[Qemu-devel] [PATCH v2 24/28] 9pfs: local: symlink: don't follow symlinks

The local_symlink() callback is vulnerable to symlink attacks because it calls: (1) symlink() which follows symbolic links for all path elements but the rightmost one (2) open(O_NOFOLLOW) which follows symbolic links for all path elements but the rightmost one (3) local_set_xattr()->setxat

[Qemu-devel] [PATCH v2 09/28] 9pfs: local: lsetxattr: don't follow symlinks

The local_lsetxattr() callback is vulnerable to symlink attacks because it calls lsetxattr() which follows symbolic links in all path elements but the rightmost one. This patch introduces a helper to emulate the non-existing fsetxattrat() function: it is implemented with /proc/self/fd which provid

[Qemu-devel] [PATCH v2 11/28] 9pfs: local: unlinkat: don't follow symlinks

The local_unlinkat() callback is vulnerable to symlink attacks because it calls remove() which follows symbolic links in all path elements but the rightmost one. This patch converts local_unlinkat() to rely on opendir_nofollow() and unlinkat() instead. Most of the code is moved to a separate loca

[Qemu-devel] [PATCH v2 12/28] 9pfs: local: remove: don't follow symlinks

The local_remove() callback is vulnerable to symlink attacks because it calls: (1) lstat() which follows symbolic links in all path elements but the rightmost one (2) remove() which follows symbolic links in all path elements but the rightmost one This patch converts local_remove() to rel

[Qemu-devel] [PATCH v2 15/28] 9pfs: local: truncate: don't follow symlinks

The local_truncate() callback is vulnerable to symlink attacks because it calls truncate() which follows symbolic links in all path elements. This patch converts local_truncate() to rely on open_nofollow() and ftruncate() instead. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz Review

Re: [Qemu-devel] [PATCH v4 4/5] slirp: VMStatify socket level

Samuel Thibault, on dim. 26 févr. 2017 21:34:27 +0100, wrote: > since we'll want to change the size of the field Ah, no, sorry, it was forced to be 16bit, so at least the size is fine. But I guess we don't want to change the values to have cross-OS compatibility without changing the version. Sam

[Qemu-devel] [PATCH v2 16/28] 9pfs: local: readlink: don't follow symlinks

The local_readlink() callback is vulnerable to symlink attacks because it calls: (1) open(O_NOFOLLOW) which follows symbolic links for all path elements but the rightmost one (2) readlink() which follows symbolic links for all path elements but the rightmost one This patch converts local_

[Qemu-devel] [PATCH v2 13/28] 9pfs: local: utimensat: don't follow symlinks

The local_utimensat() callback is vulnerable to symlink attacks because it calls qemu_utimens()->utimensat(AT_SYMLINK_NOFOLLOW) which follows symbolic links in all path elements but the rightmost one or qemu_utimens()->utimes() which follows symbolic links for all path elements. This patch convert

[Qemu-devel] [PATCH v2 21/28] 9pfs: local: link: don't follow symlinks

The local_link() callback is vulnerable to symlink attacks because it calls: (1) link() which follows symbolic links for all path elements but the rightmost one (2) local_create_mapped_attr_dir()->mkdir() which follows symbolic links for all path elements but the rightmost one This patch

[Qemu-devel] [PATCH v2 18/28] 9pfs: local: renameat: don't follow symlinks

The local_renameat() callback is currently a wrapper around local_rename() which is vulnerable to symlink attacks. This patch rewrites local_renameat() to have its own implementation, based on local_opendir_nofollow() and renameat(). This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz Rev

[Qemu-devel] [PATCH v2 25/28] 9pfs: local: mknod: don't follow symlinks

The local_mknod() callback is vulnerable to symlink attacks because it calls: (1) mknod() which follows symbolic links for all path elements but the rightmost one (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3) local_set_mapped_file_attr() which cal

[Qemu-devel] [PATCH v2 19/28] 9pfs: local: rename: use renameat

The local_rename() callback is vulnerable to symlink attacks because it uses rename() which follows symbolic links in all path elements but the rightmost one. This patch simply transforms local_rename() into a wrapper around local_renameat() which is symlink-attack safe. This partly fixes CVE-201

  1   2   >