g++ 4.1.x dies with "cc1plus: error: output filename specified twice"
on the currently used construct. That's apparently due to it converting
the manually specified "c++" into "c++-header", and mis-handling that
(which, when using "c++-header" explicitly btw gets mis-handled even
with 4.9.x and als
Older gcc warns (and due to -Werror fails) on this ASSERT() now that
"node" is of unsigned type. Make it more useful at once.
Signed-off-by: Jan Beulich
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -604,7 +604,7 @@ static struct page_info *alloc_heap_page
}
first_node
On Tue, 2015-04-21 at 11:28 +0100, Ian Campbell wrote:
> On Mon, 2015-04-13 at 17:19 -0400, longtao.pang wrote:
> > 1. Increase disk size to accommodate to nested test requirement.
> > 2. Since 'Debain-xxx-.iso' image will be stored in rootfs of L1 guest,
> > therefore needs more disk capacity, inc
This patch detect and propagate the gic-v2m-frame devicetree sub-node.
This allows Dom0 kernel to setup and intialize GICv2m MSI frame.
Signed-off-by: Suravee Suthikulpanit
---
xen/arch/arm/gic-v2.c | 169 ++
1 file changed, 169 insertions(+)
diff
Since fdt_begin_node() is called by all gicXX_make_dt_node() to create
the interrupt-controller devicetree node, this patch refactors the call
and moves it inside make_gic_node(). This also matches the fdt_end_node()
call at the end of make_gic_node().
This patch also move the call to gic_make_nod
This patch series introduce GICv2m supports in Xen Dom0.
This patch series depend on:
[PATCH v3 0/5] xen: arm: Parse PCI DT nodes' ranges and interrupt-map
http://lists.xen.org/archives/html/xen-devel/2015-04/msg02200.html
This has been tested on AMD Seattle platform with the following k
Hi,
I was looking at using xen-hptool (tool/misc/xen-hptool.c) to make one page
of a guest domain offline.
I created a guest domain on Xen unstable:
# xen-mfndump dump-p2m 1
I have dom1's mfn of pfn (0x1d):
pfn=0x1d ==> mfn=0x14ee17 (type 0x0)
Run `lookup-pte` to find the mfn of the pte of mfn
When resuming, the guest needs to check whether the port has changed. HVM
guests use this parameter to get the port number.
(We can't always use xenstore where this value is also written: for example
on Linux the console is resumed very early, before the store is up).
Signed-off-by: Boris Ostrovs
On Tue, Apr 21, 2015 at 12:11:01PM +0100, Stefano Stabellini wrote:
> Chen,
> could you please try the patch below in your repro scenario?
> I have only build tested it.
>
> ---
>
> xen: Add __GFP_DMA flag when xen_swiotlb_init gets free pages on ARM
>
> From: Chen Baozi
>
> Make sure that xen
> -Original Message-
> From: Ian Jackson [mailto:ian.jack...@eu.citrix.com]
> Sent: Wednesday, April 22, 2015 8:50 PM
> To: Ian Campbell
> Cc: Pang, LongtaoX; xen-devel@lists.xen.org; wei.l...@citrix.com; Hu, Robert
> Subject: Re: [OSSTEST Nested PATCH v8 3/7] Edit some APIs in TestSupport.
On 04/22/2015 04:40 PM, Giuseppe Mazzotta wrote:
> On 04/22/2015 04:21 PM, Ian Campbell wrote:
>> On Fri, 2015-04-17 at 17:36 +0200, Giuseppe Mazzotta wrote:
>> Do you fancy also adding -F to docs/man/xl.pod.1?
>>
> Yes, I will follow-up in a few hours with another patch for that.
>
Please disrega
From: Giuseppe
Document '-F' option. Other options are still missing and not in this patch.
Signed-off-by: Giuseppe Mazzotta
---
docs/man/xl.pod.1 | 7 +++
1 file changed, 7 insertions(+)
diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1
index 16783c8..02bf531 100644
--- a/docs/man/xl.po
Use a better wording about what the -e and -F options do; this is evident by
looking at main_create(), as the only difference is the setting of 'monitor'
variable. The help text for '-e' was possibly a copy-paste artifact.
Signed-off-by: Giuseppe Mazzotta
---
tools/libxl/xl_cmdtable.c | 4 ++--
From: Giuseppe
While documenting '-F' option, I discovered that not only '-e' was missing
(and hereby added with this patch) but others too. I will eventually submit
other patches for the remaining missing options, as this one focuses only on
'-e' and '-F'.
Signed-off-by: Giuseppe Mazzotta
---
From: "Luis R. Rodriguez"
We are burrying direct access to MTRR code support on
x86 in order to take advantage of PAT. In the future we
also want to make the default behaviour of ioremap_nocache()
to use strong UC, use of mtrr_add() on those systems
would make write-combining void.
In order to h
From: "Luis R. Rodriguez"
We are burrying direct access to MTRR code support on
x86 in order to take advantage of PAT. In the future we
also want to make the default behaviour of ioremap_nocache()
to use strong UC, use of mtrr_add() on those systems
would make write-combining void.
In order to h
From: "Luis R. Rodriguez"
This driver already makes use of ioremap_wc() on PIO buffers,
so convert it to use arch_phys_wc_add().
The qib driver uses a mmap() special case for when PAT is
not used, this behaviour used to be determined with a
module parameter but since we have been asked to just
r
On Wed, Apr 22, 2015 at 01:48:27PM -0400, Doug Ledford wrote:
> On Wed, 2015-04-22 at 19:37 +0200, Luis R. Rodriguez wrote:
> > On Wed, Apr 22, 2015 at 12:57:18PM -0400, Doug Ledford wrote:
> > > On Wed, 2015-04-22 at 17:33 +0200, Luis R. Rodriguez wrote:
> > > > On Wed, Apr 22, 2015 at 09:54:38AM
On Wed, 2015-04-22 at 17:33 +0100, Jan Beulich wrote:
> >>> On 22.04.15 at 17:36, wrote:
> > On Wed, 2015-04-22 at 15:41 +0100, Jan Beulich wrote:
> >> >>> On 22.04.15 at 16:01, wrote:
> >> > On Wed, 2015-04-22 at 13:02 +0100, Jan Beulich wrote:
> >> >> Said commit ("libxl_set_memory_target: reta
On Wed, 2015-04-22 at 19:37 +0200, Luis R. Rodriguez wrote:
> On Wed, Apr 22, 2015 at 12:57:18PM -0400, Doug Ledford wrote:
> > On Wed, 2015-04-22 at 17:33 +0200, Luis R. Rodriguez wrote:
> > > On Wed, Apr 22, 2015 at 09:54:38AM -0400, Doug Ledford wrote:
> > > > On Tue, 2015-04-21 at 14:50 -0700,
On Wed, Apr 22, 2015 at 12:57:18PM -0400, Doug Ledford wrote:
> On Wed, 2015-04-22 at 17:33 +0200, Luis R. Rodriguez wrote:
> > On Wed, Apr 22, 2015 at 09:54:38AM -0400, Doug Ledford wrote:
> > > On Tue, 2015-04-21 at 14:50 -0700, Luis R. Rodriguez wrote:
> > >
> > > This:
> > > > + /* MTRR
On Wed, 2015-04-22 at 17:33 +0200, Luis R. Rodriguez wrote:
> On Wed, Apr 22, 2015 at 09:54:38AM -0400, Doug Ledford wrote:
> > On Tue, 2015-04-21 at 14:50 -0700, Luis R. Rodriguez wrote:
> >
> > This:
> > > + /* MTRR was used if this is non-zero */
> > > + if (!dd->wc_cookie)
> > > vma-
>>> On 22.04.15 at 17:36, wrote:
> On Wed, 2015-04-22 at 15:41 +0100, Jan Beulich wrote:
>> >>> On 22.04.15 at 16:01, wrote:
>> > On Wed, 2015-04-22 at 13:02 +0100, Jan Beulich wrote:
>> >> Said commit ("libxl_set_memory_target: retain the same maxmem offset on
>> >> top of the current target") c
From: Malcolm Crossley
Performance analysis of aggregate network throughput with many VMs
shows that performance is signficantly limited by contention on the
maptrack lock when obtaining/releasing maptrack handles from the free
list.
Instead of a single free list use a per-VCPU list. This avoids
On Thu, Mar 26, 2015 at 9:48 AM, Justin T. Weaver wrote:
[snip]
> Added a function to determine the number of soft cpus gained (or lost) by a
> given vcpu if it is migrated from a given source run queue to a given
> destination run queue.
>
> Modified algorithm in balance_load and consider...
> *
From: Matt Wilson
The grant table locking is becomes more fine-grained in subsequent
commits. Describe how it will work.
Signed-off-by: Matt Wilson
Signed-off-by: David Vrabel
---
docs/misc/grant-tables.txt | 35 ++-
1 file changed, 34 insertions(+), 1 delet
From: Malcolm Crossley
The grant table lock is not required to protect reads of the
table version, the active entry array, or the map track array.
This is safe because: a) the grant table version only changes once
from 0 to 1 or 2; b) the active entry array only grows; and c) the map
track array
From: Matt Wilson
Instead of protecting the state of a grant table active entry with the
grant table lock, use per active entry locks.
Active entries must be acquired with active_entry_acquire() and
released with active_entry_release() which lock and unlock the entry's
spinlock.
This is the fir
The series makes the grant table locking for fine-grained and add
per-VCPU maptrack free lists, which greatly improves scalability.
The series builds on the original series by Matt Wilson and Christoph
Egger from Amazon.
The per-VCPU maptrack free lists makes one of our aggregate intrahost
networ
From: Matt Wilson
The maptrack lock protects the maptrack state only.
Signed-off-by: Matt Wilson
Signed-off-by: David Vrabel
---
Subsequent changes make both these locks uncontented. Is this patch
really necessary? -- dvrabel
---
xen/common/grant_table.c | 33 +
Ping on the patches themselves?
On 13/04/15 17:37, Andrew Cooper wrote:
> On 13/04/15 17:33, Ian Jackson wrote:
>> Andrew Cooper writes ("[Xen-devel] [PATCH] tools/libxc: Fix build of 32bit
>> toolstacks on CentOS 5.x following XSA-125"):
>>> gcc 4.1 of CentOS 5.x era does not like the typecheck
From: Chunjie Zhu
The following 2 cases should be avoided:
1. DMAAIOCB has been released but continue_after_map_failure
schedules a bh for it.
2. Multiple bh calls are schduled on the same DMAAIOCB.
Signed-off-by: Chunjie Zhu
Reviewed-by: Andrew Cooper
---
dma-helpers.c | 16 +
From: Yunlei Ding
Signed-off-by: Yunlei Ding
Coverity-IDs: 1005339 1005340
Reviewed-by: Andrew Cooper
---
net.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net.c b/net.c
index 33460d8..8aba3c2 100644
--- a/net.c
+++ b/net.c
@@ -1316,9 +1316,11 @@ static NetSocketS
From: Kaifeng Zhu
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1056200
Reviewed-by: Andrew Cooper
---
block-cow.c |1 -
1 file changed, 1 deletion(-)
diff --git a/block-cow.c b/block-cow.c
index 777d8a5..9ad0a32 100644
--- a/block-cow.c
+++ b/block-cow.c
@@ -224,7 +224,6 @@ static int cow_crea
On Wed, 2015-04-22 at 15:41 +0100, Jan Beulich wrote:
> >>> On 22.04.15 at 16:01, wrote:
> > On Wed, 2015-04-22 at 13:02 +0100, Jan Beulich wrote:
> >> Said commit ("libxl_set_memory_target: retain the same maxmem offset on
> >> top of the current target") caused a regression for "xl mem-set"
> >>
From: Yunlei Ding
s->rq should be set with req instead of req-next.
Signed-off-by: Yunlei Ding
Coverity-ID: 1055910
Reviewed-by: Andrew Cooper
---
hw/virtio-blk.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index fcf893a..f3a81e3 10
On Wed, 2015-04-22 at 15:49 +0100, Stefano Stabellini wrote:
> On Wed, 22 Apr 2015, George Dunlap wrote:
> > Re stubdoms, I think that we should let the xen component do it until
> > it's possible to do it out of tree (i.e., no regression in functionality).
>
> On the other hands current stubdoms
smbus_eeprom_device_init() has been disabled since 2007. The #define turns
the actual function call into a comma expression with no effect.
Removing the leaked allocation also makes Valgrind happier.
Signed-off-by: Andrew Cooper
Coverity-ID: 1090387
---
hw/pc.c | 12 +---
1 file chan
From: Kaifeng Zhu
qemu_allocate_irqs would return an array of irqs, not store the allocated
array pointer, and subsequently leak it.
Signed-off-by: Kaifeng Zhu
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
hw/ide.c |2 +-
hw/irq.c | 18 +-
hw/i
On Wed, 2015-04-22 at 15:43 +0100, George Dunlap wrote:
> > Also wouldn't it be possible to achieve the same goal with the GIT
> > environmental variable?
>
> A brief scan of the git man page, combined with a brief survey of
> Google, didn't turn up anything...
It's not an env variable, but in ~/
From: Kaifeng Zhu
idx can be down to 0, so TERM_MAX_CMDS-idx+1 could be TERM_MAX_CMDS+1, which
exceeds the size of term_history.
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055739
Reviewed-by: Andrew Cooper
---
readline.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rea
On Mon, 2015-04-20 at 14:15 +0100, Andrew Cooper wrote:
> On 15/04/15 11:55, Ian Campbell wrote:
> > On Fri, 2015-04-10 at 18:15 +0100, Andrew Cooper wrote:
> >> Not everything which needs reporting as progress comes with a range.
> >> Extend
> >> the interface to allow reporting of a single stat
On Wed, 22 Apr 2015, George Dunlap wrote:
> On Wed, Apr 22, 2015 at 3:49 PM, Stefano Stabellini
> wrote:
> >> Re stubdoms, I think that we should let the xen component do it until
> >> it's possible to do it out of tree (i.e., no regression in functionality).
> >
> > On the other hands current stu
On Wed, Apr 22, 2015 at 09:54:38AM -0400, Doug Ledford wrote:
> On Tue, 2015-04-21 at 14:50 -0700, Luis R. Rodriguez wrote:
>
> This:
> > + /* MTRR was used if this is non-zero */
> > + if (!dd->wc_cookie)
> > vma->vm_page_prot = pgprot_writecombine(vma->vm_page_prot);
>
> And thi
On Wed, Apr 22, 2015 at 3:49 PM, Stefano Stabellini
wrote:
>> Re stubdoms, I think that we should let the xen component do it until
>> it's possible to do it out of tree (i.e., no regression in functionality).
>
> On the other hands current stubdoms are not even tested in osstest, so
> we might as
On Wed, 2015-04-01 at 14:41 +0800, Yang Hongyang wrote:
> From: Wen Congyang
I think this is just tidying up after the previous automatic renaming,
if that is the case please can you say so.
>
> Signed-off-by: Wen Congyang
> ---
> tools/libxl/libxl_checkpoint_device.c | 23 ---
From: Yunlei Ding
s->rq should be set with req instead of req-next.
Signed-off-by: Yunlei Ding
Coverity-ID: 1055910
Reviewed-by: Andrew Cooper
---
hw/virtio-blk.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index fcf893a..f3a81e3 10
From: Kaifeng Zhu
The momery pointed by s and chr could be leaked if openpty return a value
less then 0.
Signed-off-by: Kaifeng Zhu
Coverity-IDs: 1055926 1055927
Reviewed-by: Andrew Cooper
---
qemu-char.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/qemu-char.c b/qemu-char.c
index
smbus_eeprom_device_init() has been disabled since 2007. The #define turns
the actual function call into a comma expression with no effect.
Removing the leaked allocation also makes Valgrind happier.
Signed-off-by: Andrew Cooper
Coverity-ID: 1090387
---
hw/pc.c | 12 +---
1 file chan
From: Yunlei Ding
Close sock handle before return.
Signed-off-by: Yunlei Ding
Coverity-ID: 1055914
Reviewed-by: Andrew Cooper
---
block-nbd.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/block-nbd.c b/block-nbd.c
index dc63183..e2c90eb 100644
--- a/block-nbd.c
+++ b/block-nbd.c
@
From: Kaifeng Zhu
fd and s could be leaked in case bind/listen failed.
Signed-off-by: Kaifeng Zhu
Coverity-IDs: 1055923 1055924
Reviewed-by: Andrew Cooper
---
net.c |5 +
1 file changed, 5 insertions(+)
diff --git a/net.c b/net.c
index f3887a7..33460d8 100644
--- a/net.c
+++ b/net.c
From: Kaifeng Zhu
The valide range of font_data should be [0, 0xFF].
Signed-off-by: Kaifeng Zhu
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
console.c |9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/console.c b/console.c
index 9984d6
From: Kaifeng Zhu
fd will be leaked if launch_script failed.
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055925
Reviewed-by: Andrew Cooper
---
net.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net.c b/net.c
index 720027c..f3887a7 100644
--- a/net.c
+++ b/net.c
@@ -1
From: Kaifeng Zhu
qemu_allocate_irqs would return an array of irqs, not store the allocated
array pointer, and subsequently leak it.
Signed-off-by: Kaifeng Zhu
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
hw/ide.c |2 +-
hw/irq.c | 18 +-
hw/i
From: Kaifeng Zhu
Memory pointed by cluster leaks in error handling code.
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055917
Reviewed-by: Andrew Cooper
---
block-vvfat.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block-vvfat.c b/block-vvfat.c
index ec3363c..6cd57a2 10
From: Yunlei Ding
Signed-off-by: Yunlei Ding
Coverity-IDs: 1055920 1055921
Reviewed-by: Andrew Cooper
---
block-vvfat.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/block-vvfat.c b/block-vvfat.c
index 6cd57a2..ff5c8bf 100644
--- a/block-vvfat.c
+++ b/block-vvfat.c
@@ -760,6 +760,7
From: Yunlei Ding
Free allocated memory s before return.
Signed-off-by: Yunlei Ding
Coverity-ID: 1055915
Reviewed-by: Andrew Cooper
---
block-raw-posix.c |1 +
1 file changed, 1 insertion(+)
diff --git a/block-raw-posix.c b/block-raw-posix.c
index 795cd5b..8a1baa8 100644
--- a/block-raw-
From: Kaifeng Zhu
Signed-off-by: Kaifeng Zhu
Reviewed-by: Andrew Cooper
---
vl.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/vl.c b/vl.c
index d21c3aa..67d9d86 100644
--- a/vl.c
+++ b/vl.c
@@ -5952,6 +5952,15 @@ int main(int argc, char **argv, char
From: Yunlei Ding
msmouse_chr_close is only pointed by chr->chr_close in qemu_chr_close
function. After calling chr->chr_close, chr will be freed. So we don't
need to free it again here.
Signed-off-by: Yunlei Ding
(defect not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
hw/msmo
In 64bit builds, setting sival_int to 0 doesn't clear the upper half of the
sival_ptr pointer. Valgrind does not like this.
Signed-off-by: Andrew Cooper
---
vl.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/vl.c b/vl.c
index 67d9d86..c864e7d 100644
--- a/vl.c
+++ b/v
From: Kaifeng Zhu
fd will be leaked if launch_script failed.
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055925
Reviewed-by: Andrew Cooper
---
net.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net.c b/net.c
index 720027c..f3887a7 100644
--- a/net.c
+++ b/net.c
@@ -1
From: Yunlei Ding
Signed-off-by: Yunlei Ding
Coverity-IDs: 1055920 1055921
Reviewed-by: Andrew Cooper
---
block-vvfat.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/block-vvfat.c b/block-vvfat.c
index 6cd57a2..ff5c8bf 100644
--- a/block-vvfat.c
+++ b/block-vvfat.c
@@ -760,6 +760,7
In 64bit builds, setting sival_int to 0 doesn't clear the upper half of the
sival_ptr pointer. Valgrind does not like this.
Signed-off-by: Andrew Cooper
---
vl.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/vl.c b/vl.c
index 67d9d86..c864e7d 100644
--- a/vl.c
+++ b/v
From: Yunlei Ding
Call qemu_allocate_irq() twice instead of qemu_allocate_irqs to
allocate memory.
Signed-off-by: Yunlei Ding
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
hw/ide.c |6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/ide.c
From: Yunlei Ding
Signed-off-by: Yunlei Ding
Coverity-IDs: 1005339 1005340
Reviewed-by: Andrew Cooper
---
net.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net.c b/net.c
index 33460d8..8aba3c2 100644
--- a/net.c
+++ b/net.c
@@ -1316,9 +1316,11 @@ static NetSocketS
From: Kaifeng Zhu
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1056200
Reviewed-by: Andrew Cooper
---
block-cow.c |1 -
1 file changed, 1 deletion(-)
diff --git a/block-cow.c b/block-cow.c
index 777d8a5..9ad0a32 100644
--- a/block-cow.c
+++ b/block-cow.c
@@ -224,7 +224,6 @@ static int cow_crea
i8259_init() doesn't inspect its argument at all, causing the allocation to
be leaked and never used.
Signed-off-by: Andrew Cooper
---
hw/pc.c |4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/pc.c b/hw/pc.c
index 7359338..09b4af4 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@
From: Yunlei Ding
Free allocated memory s before return.
Signed-off-by: Yunlei Ding
Coverity-ID: 1055915
Reviewed-by: Andrew Cooper
---
block-raw-posix.c |1 +
1 file changed, 1 insertion(+)
diff --git a/block-raw-posix.c b/block-raw-posix.c
index 795cd5b..8a1baa8 100644
--- a/block-raw-
From: Kaifeng Zhu
The valide range of font_data should be [0, 0xFF].
Signed-off-by: Kaifeng Zhu
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
console.c |9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/console.c b/console.c
index 9984d6
From: Kaifeng Zhu
Some handles and memory in commit_one_file are going to be leaked if
certain function calls failed.
Signed-off-by: Kaifeng Zhu
Coverity-IDs: 1055918 1055919
Reviewed-by: Andrew Cooper
---
block-vvfat.c | 17 ++---
1 file changed, 14 insertions(+), 3 deletions(-
From: Kaifeng Zhu
The momery pointed by s and chr could be leaked if openpty return a value
less then 0.
Signed-off-by: Kaifeng Zhu
Coverity-IDs: 1055926 1055927
Reviewed-by: Andrew Cooper
---
qemu-char.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/qemu-char.c b/qemu-char.c
index
From: Chunjie Zhu
The following 2 cases should be avoided:
1. DMAAIOCB has been released but continue_after_map_failure
schedules a bh for it.
2. Multiple bh calls are schduled on the same DMAAIOCB.
Signed-off-by: Chunjie Zhu
Reviewed-by: Andrew Cooper
---
dma-helpers.c | 16 +
From: Yunlei Ding
Call qemu_allocate_irq() twice instead of qemu_allocate_irqs to
allocate memory.
Signed-off-by: Yunlei Ding
(defects not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
hw/ide.c |6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/ide.c
From: Kaifeng Zhu
drive_opt_idx could be -1 in case error occurs inside drive_add, so the error
check should be "if (drive_opt_idx < 0)" instead of original
"if (!drive_opt_idx)".
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055574
Reviewed-by: Andrew Cooper
---
hw/device-hotplug.c |2 +-
1 f
From: Kaifeng Zhu
Memory pointed by cluster leaks in error handling code.
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055917
Reviewed-by: Andrew Cooper
---
block-vvfat.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block-vvfat.c b/block-vvfat.c
index ec3363c..6cd57a2 10
From: Kaifeng Zhu
idx can be down to 0, so TERM_MAX_CMDS-idx+1 could be TERM_MAX_CMDS+1, which
exceeds the size of term_history.
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055739
Reviewed-by: Andrew Cooper
---
readline.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rea
i8259_init() doesn't inspect its argument at all, causing the allocation to
be leaked and never used.
Signed-off-by: Andrew Cooper
---
hw/pc.c |4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/pc.c b/hw/pc.c
index 7359338..09b4af4 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@
From: Yunlei Ding
msmouse_chr_close is only pointed by chr->chr_close in qemu_chr_close
function. After calling chr->chr_close, chr will be freed. So we don't
need to free it again here.
Signed-off-by: Yunlei Ding
(defect not identified by Coverity Scan)
Reviewed-by: Andrew Cooper
---
hw/msmo
From: Kaifeng Zhu
Signed-off-by: Kaifeng Zhu
Reviewed-by: Andrew Cooper
---
vl.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/vl.c b/vl.c
index d21c3aa..67d9d86 100644
--- a/vl.c
+++ b/vl.c
@@ -5952,6 +5952,15 @@ int main(int argc, char **argv, char
From: Kaifeng Zhu
drive_opt_idx could be -1 in case error occurs inside drive_add, so the error
check should be "if (drive_opt_idx < 0)" instead of original
"if (!drive_opt_idx)".
Signed-off-by: Kaifeng Zhu
Coverity-ID: 1055574
Reviewed-by: Andrew Cooper
---
hw/device-hotplug.c |2 +-
1 f
From: Yunlei Ding
Close sock handle before return.
Signed-off-by: Yunlei Ding
Coverity-ID: 1055914
Reviewed-by: Andrew Cooper
---
block-nbd.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/block-nbd.c b/block-nbd.c
index dc63183..e2c90eb 100644
--- a/block-nbd.c
+++ b/block-nbd.c
@
From: Kaifeng Zhu
fd and s could be leaked in case bind/listen failed.
Signed-off-by: Kaifeng Zhu
Coverity-IDs: 1055923 1055924
Reviewed-by: Andrew Cooper
---
net.c |5 +
1 file changed, 5 insertions(+)
diff --git a/net.c b/net.c
index f3887a7..33460d8 100644
--- a/net.c
+++ b/net.c
From: Kaifeng Zhu
Some handles and memory in commit_one_file are going to be leaked if
certain function calls failed.
Signed-off-by: Kaifeng Zhu
Coverity-IDs: 1055918 1055919
Reviewed-by: Andrew Cooper
---
block-vvfat.c | 17 ++---
1 file changed, 14 insertions(+), 3 deletions(-
From: Jim Paris
In usb-linux.c:usb_host_handle_control, we pass a 1024-byte buffer and
length to the kernel. However, the length was provided by the caller
of dev->handle_packet, and is not checked, so the kernel might provide
too much data and overflow our buffer.
For example, hw/usb-uhci.c co
Some error paths in vga_ioport_read() would return undefined values.
Always default the result to 0xff.
Signed-off-by: Andrew Cooper
---
hw/cirrus_vga.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index a26b051..11ce212 100644
--- a/hw
Newer GCC versions raise an undefined behaviour warning in
fat_chksum() because it overruns the name buffer. However, this is
intentional behaviour because the extension array immediately follows.
Refactor this function to avoid the warning and make it clear it's
checksumming both parts.
Signed-
On Wed, 22 Apr 2015, George Dunlap wrote:
> On 04/22/2015 03:54 PM, Stefano Stabellini wrote:
> > On Wed, 22 Apr 2015, George Dunlap wrote:
> >> On 04/22/2015 03:11 PM, Stefano Stabellini wrote:
> >>> On Tue, 21 Apr 2015, George Dunlap wrote:
> 1. Switch local variables to lower-case and decla
On Wed, 22 Apr 2015, Jan Beulich wrote:
> >>> On 22.04.15 at 15:57, wrote:
> > From the description of the problem above, we have two issues:
> >
> > 1) we don't detect that maxmem is already UINT_MAX*4, so we shouldn't try
> >to increase it
> >
> > 2) unsigned int / uint64_t mismatch
> >
>
Saving and restoring an lm832x record would overrun the pwm.file array
since pwm.file is uint16_t elements and sizeof(pwm.file) twice as many
elements.
To ensure compatibility, padding bytes are added to the record.
Signed-off-by: Andrew Cooper
Coverity-IDs: 1055728 1055729
---
hw/lm832x.c |
Backport of qemu-upstream:
* e6908bfe8e07f2b452e78e677da1b45b1c0f6829
Signed-off-by: Andrew Cooper
---
vnc.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/vnc.c b/vnc.c
index 7629dfa..7006a34 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1616,6 +1616,16 @@ static void set_pixel_format(
Some error paths in vga_ioport_read() would return undefined values.
Always default the result to 0xff.
Signed-off-by: Andrew Cooper
---
hw/cirrus_vga.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index a26b051..11ce212 100644
--- a/hw
On Wed, 2015-04-01 at 14:41 +0800, Yang Hongyang wrote:
> From: Wen Congyang
>
> This is the same set used by libxc.
What is this for?
libxl already exposes a fairly complete libxl_bitmap type and helpers
for use in its own interfaces and by its users.
For libxl's internal purposes (i.e. to in
From: Chunjie Zhu
Otherwise, a guest can cause Qemu to reuse an active aio structure.
Signed-off-by: Chunjie Zhu
Reviewed-by: Andrew Cooper
---
hw/ide.c |7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hw/ide.c b/hw/ide.c
index 791666b..83e3c70 100644
--- a/hw/ide
From: Aurelien Jarno
Commit d85d0d3883f5a567fa2969a0396e42e0a662b3fa introduces a regression
with Windows ME that leads to a division by 0 and a crash.
It uses the color expansion rop with the source pitch set to 0. This is
something allowed, as the manual explicitely says "When the source of
co
From: Yunlei Ding
Newer GCC warns about memcpy()ing uninitialised data.
Signed-off-by: Yunlei Ding
Coverity-ID: 1056088
Reviewed-by: Andrew Cooper
---
hw/virtio-blk.c |1 +
1 file changed, 1 insertion(+)
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 520ad1b..fcf893a 100644
--- a/h
Backport of qemu-upstream:
* e6908bfe8e07f2b452e78e677da1b45b1c0f6829
Signed-off-by: Andrew Cooper
---
vnc.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/vnc.c b/vnc.c
index 7629dfa..7006a34 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1616,6 +1616,16 @@ static void set_pixel_format(
From: Jim Paris
In usb-linux.c:usb_host_handle_control, we pass a 1024-byte buffer and
length to the kernel. However, the length was provided by the caller
of dev->handle_packet, and is not checked, so the kernel might provide
too much data and overflow our buffer.
For example, hw/usb-uhci.c co
Backport of qemu-upstream:
* c1b886c45dc70f247300f549dce9833f3fa2def5
Signed-off-by: Andrew Cooper
---
hw/vga.c | 154 ++
1 file changed, 95 insertions(+), 59 deletions(-)
diff --git a/hw/vga.c b/hw/vga.c
index d0c12aa..e8b1ce0 10064
Backport of qemu-upstream:
* bf25983345ca44aec3dd92c57142be45452bd38a
* d3532a0db02296e687711b8cdc7791924efccea0
Signed-off-by: Andrew Cooper
---
hw/cirrus_vga.c | 66 +--
1 file changed, 49 insertions(+), 17 deletions(-)
diff --git a/hw/c
From: Aurelien Jarno
Commit d85d0d3883f5a567fa2969a0396e42e0a662b3fa introduces a regression
with Windows ME that leads to a division by 0 and a crash.
It uses the color expansion rop with the source pitch set to 0. This is
something allowed, as the manual explicitely says "When the source of
co
1 - 100 of 158 matches
Mail list logo
