ool get_sample_page_period(int64_t sec)
This function name may confuse people the this will get the period.
But in fact you just check whether the 'period' is valid.
I think it is better to name it to be 'is_sample_period_valid' or
something meaningful.
Thanks,
Li Qiang
> +{
> +
struct DirtyRateConfig config,
> + int *block_index)
> +{
> +struct RamblockDirtyInfo *info = NULL;
> +struct RamblockDirtyInfo *dinfo = NULL;
> +RAMBlock *block = NULL;
> +int index = 0;
> +
> +RAMBLOCK_FO
Pan Nengyuan 于2020年9月10日周四 上午10:39写道:
>
> 'str' is not used in match_interval_mapping_node(), remove it.
>
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> tests/test-vmstate.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/tests/test-vmsta
ink there is a race condition. But I don't find a pattern for
this kind of bug(BH and vcpu thread). I missed anything?
Thanks,
Li Qiang
Gerd Hoffmann 于2020年9月9日周三 下午12:49写道:
>
> On Wed, Sep 09, 2020 at 10:15:47AM +0800, Jason Wang wrote:
> >
> > On 2020/9/9 上午12:41, Li Qiang wrote:
> > > Currently the MR is not explicitly connecting with its device instead of
> > > a opaque. In most
Jason Wang 于2020年9月9日周三 上午10:16写道:
>
>
> On 2020/9/9 上午12:41, Li Qiang wrote:
> > Currently the MR is not explicitly connecting with its device instead of
> > a opaque. In most situation this opaque is the deivce but it is not an
> > enforcement. This patc
Jason Wang 于2020年9月9日周三 上午10:17写道:
>
>
> On 2020/9/9 上午12:41, Li Qiang wrote:
> > Currently the qemu device fuzzer find some DMA to MMIO issue. If the
> > device handling MMIO currently trigger a DMA which the address is MMIO,
> > this will reenter the device MMIO han
this by adding a per-device flag 'in_mmio'.
When the memory core dispatch MMIO it will check/set this flag and when
it leaves it will clean this flag.
Li Qiang (4):
memory: add memory_region_init_io_with_dev interface
memory: avoid reenter the device's MMIO handler while processing MMIO
e1000e: use
This patch adds a 'in_mmio' flag to 'DeviceState' to indicate that the
device is doing MMIO path. This can avoid the malicious guest do
DMA to MMIO and crash the qemu.
Signed-off-by: Li Qiang
---
include/hw/qdev-core.h | 1 +
softmmu/memory.c | 31 ---
2 files
This can avoid the DMA to MMIO issue here:
https://bugs.launchpad.net/qemu/+bug/1891354
Signed-off-by: Li Qiang
---
hw/usb/hcd-xhci.c | 25 +++--
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46a2186d91
This can avoid the DMA to MMIO issue here:
https://bugs.launchpad.net/qemu/+bug/1886362
Signed-off-by: Li Qiang
---
hw/net/e1000e.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index fda34518c9..0aac5cea2e 100644
--- a/hw/net
Currently the MR is not explicitly connecting with its device instead of
a opaque. In most situation this opaque is the deivce but it is not an
enforcement. This patch adds a DeviceState member of to MemoryRegion
we will use it in later patch.
Signed-off-by: Li Qiang
---
include/exec/memory.h
Michael S. Tsirkin 于2020年9月8日周二 下午10:10写道:
>
> For some reason I didn't receive the original email.
> Sorry.
> Queued now.
>
Kindly notice:
Here is another patch for virtio-pmem.
https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg02639.html
Thanks,
Li Qiang
> On Mon,
Ping!
Li Qiang 于2020年9月1日周二 下午6:34写道:
>
> Ping.
>
> Li Qiang 于2020年8月15日周六 下午3:21写道:
> >
> > In 'map_page' we need to check the return value of
> > 'dma_memory_map' to ensure the we actully maped something.
> > Otherwise, we will hit an assert in 'address_
Ping!
Li Qiang 于2020年8月28日周五 上午9:21写道:
>
> Kindly ping.
>
> Li Qiang 于2020年8月16日周日 下午10:23写道:
> >
> > If error occurs while processing the virtio request we should call
> > 'virtqueue_detach_element' to detach the element from the virtqueue
> > before free
ping!
Li Qiang 于2020年8月28日周五 上午9:21写道:
>
> Kindly ping.
>
> Li Qiang 于2020年8月14日周五 上午12:52写道:
> >
> > If error occurs while processing the virtio request we should call
> > 'virtqueue_detach_element' to detach the element from the virtqueue
> > before free
AlexChen 于2020年8月26日周三 下午6:16写道:
>
> From: AlexChen
Reviewed-by: Li Qiang
>
> The 'kdgb' is allocating memory in get_kdbg(), but it is not freed
> in both fill_header() and fill_context() failed branches, fix it.
>
> Signed-off-by: AlexChen
> ---
> contrib/elf2dm
t; - dma_memory_read(E1, E2, E3, E4)
> + dma_memory_read(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
> |
> - dma_memory_write(E1, E2, E3, E4)
> + dma_memory_write(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
> )
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by:
3, E4)
> + dma_memory_map(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h| 3 ++-
> include/sysemu/dma.h| 5 +++--
> dma-helpers.c | 3 ++-
> hw/display/vi
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:53写道:
>
> Let devices specify transaction attributes when calling
> dma_memory_rw().
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h | 3 ++-
> include/sysemu/dma.h | 11
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 15 ++-
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
> index d0381f9ae9b..59331ec0bd3 100644
> --- a/i
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:49写道:
>
> Let devices specify transaction attributes when calling
> dma_memory_set().
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/ppc/spapr_vio.h | 3 ++-
> include/sysemu/dma.h
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:48写道:
>
> Let devices specify transaction attributes when calling
> dma_memory_valid().
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/ppc/spapr_vio.h | 2 +-
> include/sysemu/dma.h | 4
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:46写道:
>
> dma_memory_rw_relaxed() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 22 ++
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:50写道:
>
> dma_memory_rw_relaxed() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 21 +
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:46写道:
>
> address_space_rw() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 30 ++-
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:47写道:
>
> address_space_write() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 15 ++-
> d
gt; safe.
>
> Signed-off-by: Klaus Jensen
> Reviewed-by: Philippe Mathieu-Daudé
> Reviewed-by: Michael S. Tsirkin
> Acked-by: Keith Busch
> Message-Id: <20191011070141.188713-2-...@irrelevant.dk>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> --
Philippe Mathieu-Daudé 于2020年9月5日周六 上午12:26写道:
>
> pci_dma_rw() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h | 16 ++--
> 1 file chan
Philippe Mathieu-Daudé 于2020年9月5日周六 上午12:27写道:
>
> pci_dma_rw() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h | 16 ++--
> 1 file chan
DMADirection dir)
> {
> return dma_memory_rw(pci_get_address_space(dev), addr, buf, len,
> dir, MEMTXATTRS_UNSPECIFIED);
Reviewed-by: Li Qiang
> --
> 2.26.2
>
>
der
the no-PCI the qemu_irq cases. I agree to address the PCI cases first.
Thanks,
Li Qiang
> Regards,
>
> Phil.
>
> Klaus Jensen (1):
> pci: pass along the return value of dma_memory_rw
>
> Philippe Mathieu-Daudé (11):
> dma: Let dma_memory_valid() take MemTxAttrs argum
0e_macreg_writeops[] = {
>
> 3102 e1000e_putreg(FLSWDATA),
>
> 3145 e1000e_putreg(FLSWDATA),
>
> To avoid confusion, remove the duplicated initialization.
>
> Fixes: 6f3fbe4ed0 ("net: Introduce e1000e device emulation")
> Signed
ation.
>
> 6f3fbe4ed0 ("net: Introduce e1000e device emulation")
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> hw/net/e1000e_core.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
>
Pan Nengyuan 于2020年9月4日周五 下午3:23写道:
>
> s->connection_track_table forgot to destroy in colo_rewriter_cleanup. Fix it.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> net/filter-rewriter.c | 2 ++
> 1 file changed, 2 inserti
Peter Maydell 于2020年9月3日周四 下午7:19写道:
>
> On Thu, 3 Sep 2020 at 12:11, Li Qiang wrote:
> >
> > Peter Maydell 于2020年9月3日周四 下午6:53写道:
> > >
> > > On Thu, 3 Sep 2020 at 04:55, Jason Wang wrote:
> > > > I think we still need to seek a way to address
?
This is special case I think.
> Now we have reentered into device A's code
>
> That is to say, the problem is general to "device A does
> something that affects device B" links of all kinds, which
As the P2P is a normal behavior, we can't just prevent this.
Thanks,
Li Qiang
Michael Tokarev 于2020年9月3日周四 下午1:12写道:
>
> 02.09.2020 19:22, Li Qiang wrote:
> ..
> > @@ -809,6 +809,10 @@ void virtio_gpu_process_cmdq(VirtIOGPU *g)
> > {
> > struct virtio_gpu_ctrl_command *cmd;
> >
> > +if (atomic_read(>in_io)) {
> >
Jason Wang 于2020年9月3日周四 下午2:16写道:
>
>
> On 2020/9/3 下午12:50, Li Qiang wrote:
> > Jason Wang 于2020年9月3日周四 下午12:24写道:
> >>
> >> On 2020/9/3 下午12:06, Alexander Bulekov wrote:
> >>> On 200903 1154, Jason Wang wrote:
> >>>> On 2020/9/3 上午12:
Jason Wang 于2020年9月3日周四 下午12:24写道:
>
>
> On 2020/9/3 下午12:06, Alexander Bulekov wrote:
> > On 200903 1154, Jason Wang wrote:
> >> On 2020/9/3 上午12:22, Li Qiang wrote:
> >>> The qemu device fuzzer has found several DMA to MMIO issue.
> >>> The
t/qemu/+bug/1886362
Reported-by: Alexander Bulekov
Signed-off-by: Li Qiang
---
hw/net/e1000e.c | 35 ++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index fda34518c9..eb6b34b7f3 100644
--- a/hw/net/e1000e.c
++
891354
Reported-by: Alexander Bulekov
Signed-off-by: Li Qiang
---
hw/usb/hcd-xhci.c | 60 +++
hw/usb/hcd-xhci.h | 1 +
2 files changed, 61 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46a2186d91..06cd235123 100644
--- a/hw/u
n a BH which in the
main thread
and 'virtio_gpu_reset' is run in the vcpu thread and both of them access the
'g->cmdq'.
Buglink: https://bugs.launchpad.net/qemu/+bug/1888606
Reported-by: Alexander Bulekov
Signed-off-by: Li Qiang
---
hw/display/virtio-gpu.c| 10 ++
include/
/clean according the per-device's
IO emulation.
The second issue which itself suffers a race condition so I uses a
atomic.
Li Qiang (3):
e1000e: make the IO handler reentrant
xhci: make the IO handler reentrant
virtio-gpu: make the IO handler reentrant
hw/display/virtio-gpu.c| 10
g/1880189
> Cc: Li Qiang
> Reported-by: Philippe Mathieu-Daudé
> Signed-off-by: Gerd Hoffmann
> Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> hw/display/cirrus_vga.c | 12 +---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff
gt; Reviewed-by: Stefano Garzarella
Reviewed-by: Li Qiang
> ---
> Cc: Kevin Wolf
> Cc: Max Reitz
> Cc: Aarushi Mehta
> Cc: qemu-bl...@nongnu.org
> ---
> - V2: no changes in v2.
> ---
> block/file-posix.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
&g
Pan Nengyuan 于2020年8月31日周一 下午3:17写道:
>
> 'local_err' forgot to free in colo_process_incoming_thread error path.
> Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Hailiang Zhang
> Cc: Juan Quintela
&g
Ping.
Li Qiang 于2020年8月15日周六 下午3:21写道:
>
> In 'map_page' we need to check the return value of
> 'dma_memory_map' to ensure the we actully maped something.
> Otherwise, we will hit an assert in 'address_space_unmap'.
> This is because we can't find the MR with the NULL buffer.
&
!= 0);
Hi Gerd,
’usb_packet_setup‘ doesn't modify the 'iov' and other resources.
'usb_packet_cleanup' is paired with 'usb_packet_init' which I think should be
processed in the more up layer.
If 'usb_packet_map' fails, we need to clean the 'iov' in
'usb_packet_map' itself.
:
> >
> > "off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;"
>
> > This addition '1' is what I think should be substracted in wrapped cases.
>
> The +1 balances the -1 done before ...
Then the second set size is ok.
Thanks,
Li Qiang
>
> take care,
> Gerd
>
irty(>vga.vram, 0, off_cur_end);
For the 'off_cur_end' here, why we add 1 at the first?:
"off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;"
This addition '1' is what I think should be substracted in wrapped cases.
Thanks,
Li Qiang
+}
off_begin += off_pitch;
}
}
>
> take care,
> Gerd
>
es.
In fact we need to set 0x1000 bytes.
>
> > > +memory_region_set_dirty(>vga.vram, 0, off_cur_end);
> >
> > And here be 'off_cur_end -1'
>
> --verbose please. I think this one is correct.
Here the 'off_cur_end' is size.
In this second set we actually sets 'off_cur_end+1' size bytes.
In a word, I think the first lost a byte and the second added a more byte .
Thank,s
Li Qiang
>
> take care,
> Gerd
>
00
> temporary 0 iova (nil)
> qemu_vfio_find_mapping s 0xf1c60d90 host 0x2bc0
> qemu_vfio_new_mapping s 0xf1c60d90 host 0x2bc0 size 0x400
> index 4 iova 0x114000
> qemu_vfio_do_mapping s 0xf1c60d90 host 0x2bc0 size 0x400
> iova
hieu-Daudé
Reviewed-by: Li Qiang
> ---
> Since v1:
> - renamed argument 'bufptr' (Peter Maydell)
> ---
> include/qemu-common.h| 3 ++-
> hw/dma/xlnx_dpdma.c | 2 +-
> hw/net/fsl_etsec/etsec.c | 2 +-
> hw/sd/sd.c | 2 +-
> hw/usb/redirect.c
Kindly ping.
Li Qiang 于2020年8月14日周五 上午12:52写道:
>
> If error occurs while processing the virtio request we should call
> 'virtqueue_detach_element' to detach the element from the virtqueue
> before free the elem.
>
> Signed-off-by: Li Qiang
> ---
> hw/virtio/virti
Kindly ping.
Li Qiang 于2020年8月16日周日 下午10:23写道:
>
> If error occurs while processing the virtio request we should call
> 'virtqueue_detach_element' to detach the element from the virtqueue
> before free the elem.
>
> Signed-off-by: Li Qiang
> ---
> Change since v1:
>
Pan Nengyuan 于2020年8月27日周四 下午3:06写道:
>
>
>
> On 2020/8/26 20:20, Li Qiang wrote:
> > Pan Nengyuan 于2020年8月14日周五 下午6:15写道:
> >>
> >> Receiving error in local variable err, and forgot to free it.
> >> Considering that there is no place to deal with it.
Eduardo Habkost 于2020年8月27日周四 上午2:44写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Paolo Bonzini
> Cc: Fam Zheng
> Cc: qemu-devel@nongnu.org
> ---
> hw/scsi/esp-pci
Eduardo Habkost 于2020年8月27日周四 上午2:50写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Andrzej Zaborowski
> Cc: Peter Maydell
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel
Eduardo Habkost 于2020年8月27日周四 上午2:51写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: David Gibson
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
> hw/pci-h
Eduardo Habkost 于2020年8月27日周四 上午2:48写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: "Michael S. Tsirkin"
> Cc: Marcel Apfelbaum
> Cc: Paolo Bonzini
> Cc: Ric
Eduardo Habkost 于2020年8月27日周四 上午2:47写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Alistair Francis
> Cc: "Edgar E. Iglesias"
> Cc: Peter Maydell
> Cc:
Eduardo Habkost 于2020年8月27日周四 上午2:46写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: David Gibson
> Cc: Jason Wang
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.or
Eduardo Habkost 于2020年8月27日周四 上午2:45写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Cornelia Huck
> Cc: Halil Pasic
> Cc: Christian Borntraeger
> Cc: Thomas Huth
>
Eduardo Habkost 于2020年8月27日周四 上午2:44写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Chris Wulff
> Cc: Marek Vasut
> Cc: qemu-devel@nongnu.org
> ---
> hw/intc/nios2_iic
ase) {
> +i++; /* cleanup the 'i'th map */
Should we also reset (*iov)[i].iov_len to 'len' so the
dma_memory_unmap has the right size?
Thanks,
Li Qiang
> +}
> virtio_gpu_cleanup_mapping_iov(g, *iov, i);
> g_free(ents);
> *iov = NULL;
> --
> 2.17.1
>
>
>
>
read(void *opaque)
> colo_send_message(mis->to_src_file, COLO_MESSAGE_CHECKPOINT_READY,
>_err);
> if (local_err) {
> +error_report_err(local_err);
> goto out;
> }
>
Could we arrange 'error_report_err' in 'out' label?
Like this:
if (local_err) {
error_report_err(local_err);
}
Thanks,
Li Qiang
> --
> 2.18.2
>
>
Pan Nengyuan 于2020年8月14日周五 下午6:38写道:
>
> 'err' forgot to free in x86_cpu_class_check_missing_features error path.
> Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Paolo Bonzini
> Cc: Richard Hende
> params->minor_ver);
> -gdk_gl_context_realize(ctx, );
> +gdk_gl_context_realize(ctx, NULL);
> return ctx;
> }
Maybe we should check the return value of 'gdk_window_create_gl_context'
and 'gdk_gl_context_realize' instead of omitting it?
Thanks,
Li Qiang
>
> --
> 2.18.2
>
>
Pan Nengyuan 于2020年8月14日周五 下午6:30写道:
>
> Missing g_error_free on error path in ga_channel_write_all(). Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Michael Roth
> ---
> qga/channel-posix.c | 6 +-
>
Cornelia Huck 于2020年8月26日周三 下午7:41写道:
>
> On Wed, 26 Aug 2020 19:03:37 +0800
> Li Qiang wrote:
>
> > Pan Nengyuan 于2020年8月14日周五 下午6:29写道:
> > >
> > > Missing g_error_free() in vfio_ap_get_group() error path. Fix that.
> > >
> > > Repor
Pan Nengyuan 于2020年8月14日周五 下午6:29写道:
>
> Missing g_error_free() in vfio_ap_get_group() error path. Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
I see Cornelia Huck has merged this in his tree.
Don't know whether this series w
Pan Nengyuan 于2020年8月14日周五 下午6:28写道:
>
> Missing g_error_free in QEMU_Elf_init() error path. Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Viktor Prutyanov
> ---
> contrib/elf2dmp/qemu_elf.c | 1 +
>
Pan Nengyuan 于2020年8月14日周五 下午6:37写道:
>
> Missing g_error_free() in sev_read_file_base64() error path.
> Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Paolo Bonzini
> Cc: Richard Henderson
> Cc: Eduardo
Pan Nengyuan 于2020年8月14日周五 下午6:51写道:
>
> Missing g_error_free in pdb_init_from_file() error path. Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Viktor Prutyanov
> ---
> contrib/elf2dmp/pdb.c | 1 +
>
Pan Nengyuan 于2020年8月14日周五 下午6:54写道:
>
> 'local_err' seems forgot to propagate in error path, it'll cause
> a memleak. Fix it.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Kevin Wolf
> Cc: Max Reitz
> Cc: Ma
Pan Nengyuan 于2020年8月14日周五 下午6:32写道:
>
> local_err is not initialized to NULL, it will cause a assert error as below:
> qemu/util/error.c:59: error_setv: Assertion `*errp == NULL' failed.
>
> Fixes: c6447510690
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Pan Nengyuan 于2020年8月14日周五 下午6:40写道:
>
> 'addr' forgot to free in vnc_socket_ip_addr_string error path. Fix that.
s/forgot/is forgot, I think the maintainer will do this minor adjustment.
.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
&
;userspace_addr, , );
> ^~
>
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Raphael Norwitz
Reviewed-by: Li Qiang
> ---
> Cc: "Michael S. Tsirkin"
> Cc: Raphael Norwitz
> ---
> hw/virtio/vhost-user.c | 2 +-
> 1 file changed, 1 insertion(+),
o/platform.c
> > > +++ b/hw/vfio/platform.c
> > > @@ -236,7 +236,7 @@ static void vfio_intp_interrupt(VFIOINTp *intp)
> > > trace_vfio_intp_interrupt_set_pending(intp->pin);
> > > QSIMPLEQ_INSERT_TAIL(>pending_intp_queue,
> > >
Qun
> Reviewed-by: Gerd Hoffmann
Reviewed-by: Li Qiang
> ---
> Cc: Gerd Hoffmann
> ---
> hw/display/vga.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/display/vga.c b/hw/display/vga.c
> index 061fd9ab8f..836ad50c7b 100644
> --- a/hw/display/vga.c
> +
_INSERT_TAIL(>pending_intp_queue,
> intp, pqnext);
> -ret = event_notifier_test_and_clear(intp->interrupt);
Shouldn't we check the 'ret' like the other place in this function?
Thanks,
Li Qiang
> +event_notifier_test_and_clear(intp->interrupt);
> return;
> }
>
> --
> 2.23.0
>
>
0x3F'. The last ‘tcp_flag’ assignment statement
> is
> the same as that of the first two statements.
>
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> Cc: "Michael S. Tsirkin"
> Cc: Ja
obot
> Signed-off-by: Chen Qun
Reviewed-by: Li Qiang
> ---
> Cc: Peter Maydell
> Cc: qemu-...@nongnu.org
> ---
> hw/arm/omap1.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
> index 6ba0df6b6d..02c0f66431 100644
> ---
orted-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Igor Mammedov
Reviewed-by: Li Qiang
> ---
> Cc: Shannon Zhao
> Cc: Peter Maydell
> Cc: "Michael S. Tsirkin"
> Cc: Igor Mammedov
> Cc: qemu-...@nongnu.org
> ---
> hw/arm/virt-acpi-b
rom working with invalid USBDevice->setup_len values and overrunning
> the USBDevice->setup_buf[] buffer.
>
> Fixes: CVE-2020-14364
> Signed-off-by: Gerd Hoffmann
> Tested-by: Gonglei
Reviewed-by: Li Qiang
Just see the page.
-->https://access.redhat.com/security/cve/CVE-2
k - off_cur);
Should here be 's->cirrus_addr_mask + 1 - off_cur'
> +memory_region_set_dirty(>vga.vram, 0, off_cur_end);
And here be 'off_cur_end -1'
Thanks,
Li Qiang
> +}
> off_begin += off_pitch;
> }
> }
> --
> 2.27.0
>
>
Thomas Huth 于2020年8月20日周四 下午10:24写道:
>
> On 19/08/2020 16.15, Li Qiang wrote:
> > Currently the device fuzzer find a more and more issues.
> > For every fuzz case, we need not only the fixes but also
> > the coressponding test case. We can analysis the reproducer
> >
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0x1021f40e
EOF
This patch fixes this.
Buglink: https://bugs.launchpad.net/qemu/+bug/1880189
Reported-by: Alexander Bulekov
Signed-off-by: Li Qiang
---
Philippe Mathieu-Daudé 于2020年8月19日周三 下午11:07写道:
>
> On 8/19/20 4:43 PM, Li Qiang wrote:
> > If g_malloc fails, the application will be terminated.
>
> Which we don't want... better to use g_try_malloc() instead?
I don't think so. If g_malloc return NULL it means a critical
Alexander Bulekov 于2020年8月20日周四 上午12:23写道:
>
> On 200819 2250, Li Qiang wrote:
> > Philippe Mathieu-Daudé 于2020年8月19日周三 下午10:38写道:
> >
> > > On 8/19/20 4:15 PM, Li Qiang wrote:
> > > > Currently the device fuzzer find a more and more issues.
> &
Philippe Mathieu-Daudé 于2020年8月19日周三 下午10:38写道:
> On 8/19/20 4:15 PM, Li Qiang wrote:
> > Currently the device fuzzer find a more and more issues.
> > For every fuzz case, we need not only the fixes but also
> > the coressponding test case. We can analysis the reproducer
&g
If g_malloc fails, the application will be terminated.
No need to check the return value of g_malloc.
Signed-off-by: Li Qiang
---
hw/virtio/vhost-vdpa.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 4580f3efd8
the issue LP#1878263 test case.
Signed-off-by: Li Qiang
---
tests/qtest/Makefile.include | 2 ++
tests/qtest/fuzz-test.c | 45
2 files changed, 47 insertions(+)
create mode 100644 tests/qtest/fuzz-test.c
diff --git a/tests/qtest/Makefile.include b/tests
Paolo Bonzini 于2020年8月18日周二 上午1:05写道:
> On 15/08/20 16:19, Li Qiang wrote:
> > Currently in 'megasas_map_sgl' when 'iov_count=0' will just return
> > success however the 'cmd' doens't contain any iov. This will cause
> > the assert in 'scsi_dma_complete' fa
If error occurs while processing the virtio request we should call
'virtqueue_detach_element' to detach the element from the virtqueue
before free the elem.
Signed-off-by: Li Qiang
---
Change since v1:
Change the subject
Avoid using the goto label
hw/virtio/virtio-mem.c | 3 +++
1 file changed
API could be used instead (with better
> performance) but requires careful auditing of the code, so do the simple
> thing instead.
>
> Signed-off-by: Stefan Hajnoczi
>
virtio-net also uses this method.
Reviewed-by: Li Qiang
> ---
> hw/virtio/virtio-crypto.c | 17 ++---
*undo->modified_iov = undo->orig;
> +}
> +}
> +
> +size_t iov_discard_front_undoable(struct iovec **iov,
> + unsigned int *iov_cnt,
> + size_t bytes,
> + IOVDisca
Philippe Mathieu-Daudé 于2020年8月14日周五 下午4:33写道:
>
> Use self-explicit definitions instead of magic '512' value.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> hw/ide/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --
Philippe Mathieu-Daudé 于2020年8月14日周五 下午4:29写道:
>
> As it is not obvious the default size for the null block driver
> is 1 GiB, replace the obfuscated '1 << 30' magic value by a
> definition using IEC binary prefixes.
>
> Signed-off-by: Philippe Mathieu-Daudé
101 - 200 of 832 matches
Mail list logo
