Re: [Qemu-devel] [V15 3/4] hw/i386: Introduce AMD IOMMU

On Tue, Aug 02, 2016 at 11:39:06AM +0300, David Kiarie wrote: [...] > +/* invalidate internal caches for devid */ > +typedef struct QEMU_PACKED { > +#ifdef HOST_WORDS_BIGENDIAN > +uint64_t devid;/* device to invalidate */ > +uint64_t reserved_1:44; > +uint64_t

Re: [Qemu-devel] [PATCH 2/6] target-ppc: Implement darn instruction

David Gibson writes: > [ Unknown signature status ] > On Mon, Aug 08, 2016 at 07:33:37AM +1000, Benjamin Herrenschmidt wrote: >> On Sun, 2016-08-07 at 23:06 +0530, Nikunj A Dadhania wrote: >> > +target_ulong helper_darn(uint32_t l) >> > +{ >> > +    target_ulong r =

Re: [Qemu-devel] [PATCH v7 00/20] block: Image locking series for 2.8

On Mon, 08/08 06:59, no-re...@ec2-52-6-146-230.compute-1.amazonaws.com wrote: > Checking PATCH 3/20: block: Add and parse "lock-mode" option for image > locking... > ERROR: do not use assignment in if condition > #80: FILE: blockdev.c:548: > +if ((buf = qemu_opt_get(opts, BDRV_OPT_LOCK_MODE))

Re: [Qemu-devel] [PATCH for-2.8 00/18] pc: q35: x2APIC support in kvm_apic mode

On Mon, Aug 08, 2016 at 04:57:14PM +0800, Peter Xu wrote: >On Mon, Aug 08, 2016 at 03:41:23PM +0800, Chao Gao wrote: >> HI, everyone. >> >> We have done some tests after merging this patch set into the lastest qemu >> master. In kvm aspect, we use the lastest kvm linux-next branch. Here are >>

Re: [Qemu-devel] [Qemu-ppc] [PATCH] adb: change handler only when recognized

On Tue, 2016-08-09 at 03:31 +0200, BALATON Zoltan wrote: > > > Because PowerBooks do (or rather a PMU-simulation of ADB) and MacOS > > doesn't care. If ADB is in the device-tree, it will use it. It makes > > things easier to support multiple combinations especially when > > "comparing" things for

Re: [Qemu-devel] [PATCH 5/5] ppc: Improve generation of conditional traps

On Tue, 2016-08-09 at 12:07 +1000, David Gibson wrote: > On Sun, Jul 31, 2016 at 03:13:13PM +1000, Benjamin Herrenschmidt > wrote: > > > > Translate most conditions to TCG conditions and avoid the helper > > for most of the common cases. > > > > Signed-off-by: Benjamin Herrenschmidt

[Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite

The .receive callback of xlnx.xps-ethernetlite doesn't check the length of data before calling memcpy. As a result, the NetClientState object in heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite will be affected. Reported-by: chaojianhu

Re: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite

On 2016年08月09日 10:24, chaojianhu wrote: The .receive callback of xlnx.xps-ethernetlite doesn't check the length of data before calling memcpy. As a result, the NetClientState object in heap will be overflowd. All versions of qemu with　xlnx.xps-ethernetlite will be affected. Reported-by:

[Qemu-devel] Fwd: Virtio related trace events.

I am unable to get the virtio related events in either the guest or the host. My understanding is that in the Guest OS, I will have a virtio-blk which is the driver, the device is the virtio-transport or the virtio-queue, then the virtio-queue will raise a kick to then dispatch the block request

[Qemu-devel] Virtio related trace events.

I am unable to get the virtio related events in either the guest or the host. My understanding is that in the Guest OS, I will have a virtio-blk which is the driver, the device is the virtio-transport or the virtio-queue, then the virtio-queue will raise a kick to then dispatch the block request

Re: [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation

On 2016年08月04日 15:35, P J P wrote: Hello Jason, +-- On Thu, 4 Aug 2016, Jason Wang wrote --+ | The patch doesn't apply cleanly on HEAD, we now move this logic to | hw/net/net_tx_pkt.c. Please resend on top of HEAD and cc Dmitry Fleytman | . I see, that explains why

Re: [Qemu-devel] [PATCH] net: vmxnet3: check for device_active before write

On 2016年08月08日 21:08, Dmitry Fleytman wrote: Acked-by: Dmitry Fleytman On 8 Aug 2016, at 15:38 PM, P J P wrote: From: Li Qiang Vmxnet3 device emulator does not check if the device is active, before using it for write. It leads to

Re: [Qemu-devel] [PATCH v1 1/5] target-ppc: add vector insert instructions

On Thu, Aug 04, 2016 at 10:08:17PM +0530, Richard Henderson wrote: > On 08/04/2016 06:33 PM, Rajalakshmi Srinivasaraghavan wrote: > > +#if defined(HOST_WORDS_BIGENDIAN) > > +#define VINSERT(suffix, element, index) > > \ > > +void

Re: [Qemu-devel] [PATCH v1 0/5] POWER9 TCG enablement - part3

On Thu, Aug 04, 2016 at 06:33:45PM +0530, Rajalakshmi Srinivasaraghavan wrote: > This series contains 14 new instructions for POWER9 described in ISA3.0. > > Patches: > 01: Adds vector insert instructions. > vinsertb - Vector Insert Byte > vinserth - Vector Insert

Re: [Qemu-devel] [PATCH v2] ppc64: fix compressed dump with pseries kernel

On Mon, Aug 08, 2016 at 03:08:53PM +0200, Laurent Vivier wrote: > If we don't provide the page size in target-ppc:cpu_get_dump_info(), > the default one (TARGET_PAGE_SIZE, 4KB) is used to create > the compressed dump. It works fine with Macintosh, but not with > pseries as the kernel default page

Re: [Qemu-devel] [PATCH 0/6] POWER9 TCG enablements - part4

On Sun, Aug 07, 2016 at 11:06:49PM +0530, Nikunj A Dadhania wrote: > This series contains 10 new instructions for POWER9 ISA3.0. > > Patches: > 01: xxspltib: VSX Vector Splat Immediate Byte > 02: darn: Deliver A Random Number > 03: lxsibzx - Load VSX Scalar as Integer Byte & Zero

Re: [Qemu-devel] [PATCH 2/6] target-ppc: Implement darn instruction

On Mon, Aug 08, 2016 at 07:33:37AM +1000, Benjamin Herrenschmidt wrote: > On Sun, 2016-08-07 at 23:06 +0530, Nikunj A Dadhania wrote: > > +target_ulong helper_darn(uint32_t l) > > +{ > > +    target_ulong r = UINT64_MAX; > > + > > +    if (l <= 2) { > > +    do { > > +    r = random()

Re: [Qemu-devel] [PATCH for-2.8 00/18] pc: q35: x2APIC support in kvm_apic mode

On Mon, Aug 08, 2016 at 11:18:20AM +0200, Igor Mammedov wrote: >On Mon, 8 Aug 2016 15:41:23 +0800 >Chao Gao wrote: > >> HI, everyone. >> >> We have done some tests after merging this patch set into the lastest qemu >> master. In kvm aspect, we use the lastest kvm linux-next

Re: [Qemu-devel] [PATCH v3 kernel 0/7] Extend virtio-balloon for fast (de)inflating & fast live migration

> Subject: Re: [PATCH v3 kernel 0/7] Extend virtio-balloon for fast > (de)inflating > & fast live migration > > On 08/07/2016 11:35 PM, Liang Li wrote: > > Dave Hansen suggested a new scheme to encode the data structure, > > because of additional complexity, it's not implemented in v3. > >

Re: [Qemu-devel] [PATCH v2 1/8] util: Add UUID API

On Mon, 08/08 15:51, Jeff Cody wrote: > > > +typedef unsigned char QemuUUID[16]; > > > > I'm afraid this typedef is problematic. Consider: > > > > void use_uuid(QemuUUID uuid) > > { > > printf("sizeof(uuid) %zd\n", sizeof(uuid)); > > uuid[0]++; > > } > > > >

Re: [Qemu-devel] [PATCH v2 5/8] vpc: Use QEMU UUID API

On Mon, 08/08 16:49, Jeff Cody wrote: > On Mon, Aug 08, 2016 at 02:09:25PM +0800, Fam Zheng wrote: > > Previously we conditionally generate if footer->uuid, when libuuid is > > s/generate if/generated/ > > s/is/was/ Fixing, thanks! Fam

Re: [Qemu-devel] [PATCH v2 8/8] configure: Remove detection code for UUID

On Mon, 08/08 16:52, Jeff Cody wrote: > > @@ -1096,6 +1091,9 @@ for opt do > >--enable-vhdx|--disable-vhdx) > >echo "$0: $opt is obsolete, VHDX driver is always built" > >;; > > + --enable-uuid|--disable-uuid) > > + echo "$0: $opt is obsolete, UUID support is always built" >

[Qemu-devel] [PATCH] clang: Disable warning about expansion to 'defined'

Clang produces the following warning. The warning is detailed here: https://reviews.llvm.org/D15866. Disable the warning. /home/pranith/devops/code/qemu/hw/display/qxl.c:507:5: warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined] #if

Re: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite

Hi, Your series seems to have some coding style problems. See output below for more information: Message-id: blu437-smtp43591ada801e900d4bce81db...@phx.gbl Type: series Subject: [Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite === TEST SCRIPT BEGIN === #!/bin/bash

[Qemu-devel] [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite

The .receive callback of xlnx.xps-ethernetlite doesn't check the length of data before calling memcpy. As a result, the NetClientState object in heap will be overflowd. All versions of qemu with　xlnx.xps-ethernetlite will be affected. Reported-by: chaojianhu ---

[Qemu-devel] [PATCH] docker: Add a glib2-2.22 image

It's a variation of our existing centos6, plus two more lines to downgrade glib2 to version 2.22 which we download from vault.centos.org. Suggested-by: Paolo Bonzini Signed-off-by: Fam Zheng --- tests/docker/dockerfiles/min-glib.docker | 8 1 file

Re: [Qemu-devel] [PATCH 5/5] ppc: Improve generation of conditional traps

On Sun, Jul 31, 2016 at 03:13:13PM +1000, Benjamin Herrenschmidt wrote: > Translate most conditions to TCG conditions and avoid the helper > for most of the common cases. > > Signed-off-by: Benjamin Herrenschmidt > --- > target-ppc/translate.c | 168 >

Re: [Qemu-devel] [Qemu-ppc] [PATCH] adb: change handler only when recognized

On Tue, 9 Aug 2016, Benjamin Herrenschmidt wrote: On Tue, 2016-08-09 at 02:11 +0200, BALATON Zoltan wrote: I don't know much about this but I've read here  that there are three  different kind of chips: CUDA, PMU99 and PMU. Confusingly both

Re: [Qemu-devel] [PATCH] spapr: Correctly set query_hotpluggable_cpus hook based on machine version

On Mon, Aug 08, 2016 at 10:46:37AM +0200, Igor Mammedov wrote: > On Fri, 5 Aug 2016 20:21:59 +0530 > Bharata B Rao wrote: > > > On Fri, Aug 05, 2016 at 05:50:29PM +1000, David Gibson wrote: > > > Prior to c8721d3 "spapr: Error out when CPU hotplug is attempted on

Re: [Qemu-devel] [PATCH] docs: add cpu-hotplug.txt

On Mon, Aug 08, 2016 at 02:18:05PM +0200, Igor Mammedov wrote: > On Mon, 8 Aug 2016 10:28:02 +0800 > Dou Liyang wrote: > > > This document describes how to use cpu hotplug in QEMU. > > > > Signed-off-by: Dou Liyang > > --- > >

Re: [Qemu-devel] [Patch v2 00/29] s390x CPU models: exposing features

On Mon, 08/08 14:27, Eduardo Habkost wrote: > On Mon, Aug 08, 2016 at 09:45:04AM -0700, > no-re...@ec2-52-6-146-230.compute-1.amazonaws.com wrote: > > Hi, > > > > Your series seems to have some coding style problems. See output below for > > more information: > [...] > > Does anybody know who

[Qemu-devel] [PATCH repost] virtio-balloon: Remove needless precompiled directive

Since there in wrapper around madvise(), the virtio-balloon code is able to work without the precompiled directive, the directive can be removed. Signed-off-by: Liang Li Suggested-by: Thomas Huth Reviewd-by: Dr. David Alan Gilbert

[Qemu-devel] [PATCH] migration: fix live migration failure with compression

Because of commit 11808bb0c422, which remove some condition checks of 'f->ops->writev_buffer', 'qemu_put_qemu_file' should be enhanced to clear the 'f_src->iovcnt', or 'f_src->iovcnt' may exceed the MAX_IOV_SIZE which will break live migration. This should be fixed. Signed-off-by: Liang Li

Re: [Qemu-devel] [Qemu-ppc] [PATCH] adb: change handler only when recognized

On Tue, 2016-08-09 at 02:11 +0200, BALATON Zoltan wrote: > I don't know much about this but I've read here  > > that there are three  > different kind of chips: CUDA, PMU99 and PMU. Confusingly both PMU-s are  > > called via-pmu by Apple. And

Re: [Qemu-devel] [Qemu-ppc] [PATCH] adb: change handler only when recognized

On Tue, 9 Aug 2016, Benjamin Herrenschmidt wrote: On Sat, 2016-03-12 at 14:38 +0100, Hervé Poussineau wrote: ADB devices must take new handler into account only when they recognize it. This lets operating systems probe for valid/invalid handles, to know device capabilities. Add a FIXME in

[Qemu-devel] [Bug 1609968] Re: "cannot set up guest memory" b/c no automatic clearing of Linux' cache

@dgilbert-h / Dr. David Alan Gilbert Thanks for your answer. b) Mounted/used block devices: NAMEMOUNTPOINT TYPE FSTYPE sdadisk crypto_LUKS └─Data1crypt zfs_member ├─sdb5 / part ext4 └─sdb6 /boot part vfat sdddisk crypto_LUKS

Re: [Qemu-devel] [Qemu-stable] [PATCH 00/56] Patch Round-up for stable 2.6.1, freeze on 2016-08-12

On 08/08/2016 05:03 PM, Michael Roth wrote: > Hi everyone, > > The following new patches are queued for QEMU stable v2.6.1: > > https://github.com/mdroth/qemu/commits/stable-2.6-staging > > The release is planned for 2016-08-17: > > http://wiki.qemu.org/Planning/2.6 > > Please respond

Re: [Qemu-devel] [Qemu-ppc] [PATCH] adb: change handler only when recognized

On Sat, 2016-03-12 at 14:38 +0100, Hervé Poussineau wrote: > ADB devices must take new handler into account only when they > recognize it. > This lets operating systems probe for valid/invalid handles, to know > device capabilities. > > Add a FIXME in keyboard handler, which should use a

[Qemu-devel] [PATCH 07/56] target-mips: fix call to memset in soft reset code

From: Aurelien Jarno Recent versions of GCC report the following error when compiling target-mips/helper.c: qemu/target-mips/helper.c:542:9: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]

[Qemu-devel] [PATCH 56/56] ide: fix halted IO segfault at reset

From: John Snow If one attempts to perform a system_reset after a failed IO request that causes the VM to enter a paused state, QEMU will segfault trying to free up the pending IO requests. These requests have already been completed and freed, though, so all we need to do is

[Qemu-devel] [PATCH 05/56] exec.c: Ensure right alignment also for file backed ram

From: Dominik Dingel While in the anonymous ram case we already take care of the right alignment such an alignment gurantee does not exist for file backed ram allocation. Instead, pagesize is used for alignment. On s390 this is not enough for gmap, as we need to

Re: [Qemu-devel] [PATCH 3/5] blockjob: refactor backup_start as backup_job_create

On 08/08/2016 03:09 PM, John Snow wrote: Refactor backup_start as backup_job_create, which only creates the job, but does not automatically start it. The old interface, 'backup_start', is not kept in favor of limiting the number of nearly-identical iterfaces that would have to be edited to

[Qemu-devel] [PATCH 06/56] usb:xhci: no DMA on HC reset

From: Roman Kagan This patch is a rough fix to a memory corruption we are observing when running VMs with xhci USB controller and OVMF firmware. Specifically, on the following call chain xhci_reset xhci_disable_slot xhci_disable_ep xhci_set_ep_state QEMU

[Qemu-devel] [PATCH 04/56] tools: kvm_stat: Powerpc related fixes

From: Hemant Kumar kvm_stat script is failing to execute on powerpc : # ./kvm_stat Traceback (most recent call last): File "./kvm_stat", line 825, in main() File "./kvm_stat", line 813, in main providers = get_providers(options) File "./kvm_stat", line

[Qemu-devel] [PATCH 08/56] target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2

From: Paolo Bonzini sfence was introduced before lfence and mfence. This fixes Linux 2.4's measurement of checksumming speeds for the pIII_sse algorithm: md: linear personality registered as nr 1 md: raid0 personality registered as nr 2 md: raid1 personality registered as

[Qemu-devel] [PATCH 55/56] virtio: error out if guest exceeds virtqueue size

From: Stefan Hajnoczi A broken or malicious guest can submit more requests than the virtqueue size permits, causing unbounded memory allocation in QEMU. The guest can submit requests without bothering to wait for completion and is therefore not bound by virtqueue size.

[Qemu-devel] [PATCH 50/56] nbd: More debug typo fixes, use correct formats

From: Eric Blake Clean up some debug message oddities missed earlier; this includes some typos, and recognizing that %d is not necessarily compatible with uint32_t. Also add a couple messages that I found useful while debugging things. Signed-off-by: Eric Blake

[Qemu-devel] [PATCH 53/56] pcie: fix link active status bit migration

From: "Michael S. Tsirkin" We changed link status register in pci express endpoint capability over time. Specifically, commit b2101eae63ea57b571cee4a9075a4287d24ba4a4 ("pcie: Set the "link active" in the link status register") set data link layer link active bit in this

[Qemu-devel] [PATCH 54/56] target-i386: fix typo in xsetbv implementation

From: Dave Hansen QEMU 2.6 added support for the XSAVE family of instructions, which includes the XSETBV instruction which allows setting the XCR0 register. But, when booting Linux kernels with XSAVE support enabled, I was getting very early crashes where the

[Qemu-devel] [PATCH 47/56] util: Fix MIN_NON_ZERO

From: Fam Zheng MIN_NON_ZERO(1, 0) is evaluated to 0. Rewrite the macro to fix it. Reported-by: Miroslav Rezanina Signed-off-by: Fam Zheng Message-Id: <1468306113-847-1-git-send-email-f...@redhat.com> Reviewed-by: Eric Blake

[Qemu-devel] [PATCH 49/56] Fix some typos found by codespell

From: Stefan Weil Signed-off-by: Stefan Weil Reviewed-by: Peter Maydell Signed-off-by: Michael Tokarev (cherry picked from commit cb8d4c8f54b8271f642f02382eec29d468bb1c77) * context prereq for 2cb34749

[Qemu-devel] [PATCH 52/56] nbd: Limit nbdflags to 16 bits

From: Eric Blake Rather than asserting that nbdflags is within range, just give it the correct type to begin with :) nbdflags corresponds to the per-export portion of NBD Protocol "transmission flags", which is 16 bits in response to NBD_OPT_EXPORT_NAME and NBD_OPT_GO.

[Qemu-devel] [PATCH 43/56] Revert "virtio-net: unbreak self announcement and guest offloads after migration"

From: "Michael S. Tsirkin" This reverts commit 1f8828ef573c83365b4a87a776daf8bcef1caa21. Cc: qemu-sta...@nongnu.org Reported-by: Robin Geuze Tested-by: Robin Geuze Signed-off-by: Michael S. Tsirkin (cherry picked from

[Qemu-devel] [PATCH 48/56] block/iscsi: fix rounding in iscsi_allocationmap_set

From: Peter Lieven when setting clusters as alloacted the boundaries have to be expanded. As Paolo pointed out the calculation of the number of clusters is wrong: Suppose cluster_sectors is 2, sector_num = 1, nb_sectors = 6: In the "mark allocated" case, you want to set 0..8,

[Qemu-devel] [PATCH 45/56] blockdev: Fix regression with the default naming of throttling groups

From: Alberto Garcia When I/O limits are set for a block device, the name of the throttling group is taken from the BlockBackend if the user doesn't specify one. Commit efaa7c4eeb7490c6f37f3 moved the naming of the BlockBackend in blockdev_init() to the end of the function,

[Qemu-devel] [PATCH 46/56] qemu-iotests: Test naming of throttling groups

From: Alberto Garcia Throttling groups are named using the 'group' parameter of the block_set_io_throttle command and the throttling.group command-line option. If that parameter is unspecified the groups get the name of the block device. This patch adds a new test to check the

[Qemu-devel] [PATCH 42/56] virtio: set low features early on load

From: "Michael S. Tsirkin" virtio migrates the low 32 feature bits twice, the first copy is there for compatibility but ever since 019a3edbb25f1571e876f8af1ce4c55412939e5d: ("virtio: make features 64bit wide") it's ignored on load. This is wrong since virtio_net_load tests self

[Qemu-devel] [PATCH 39/56] scsi-generic: Merge block max xfer len in INQUIRY response

From: Fam Zheng The rationale is similar to the above mode sense response interception: this is practically the only channel to communicate restraints from elsewhere such as host and block driver. The scsi bus we attach onto can have a larger max xfer len than what is accepted

[Qemu-devel] [PATCH 02/56] spice/gl: add & use qemu_spice_gl_monitor_config

From: Gerd Hoffmann Cc: qemu-sta...@nongnu.org Signed-off-by: Gerd Hoffmann Reviewed-by: Marc-André Lureau (cherry picked from commit 39414ef4e93db9041e463a097084a407d0d374f0) Signed-off-by: Michael Roth

[Qemu-devel] [PATCH 35/56] qapi: Fix crash on missing alternate member of QAPI struct

From: Eric Blake If a QAPI struct has a mandatory alternate member which is not present on input, the input visitor reports an error for the missing alternate without setting the discriminator, but the cleanup code for the struct still tries to use the dealloc visitor to clean

[Qemu-devel] [PATCH 38/56] nbd: Allow larger requests

From: Eric Blake The NBD layer was breaking up request at a limit of 2040 sectors (just under 1M) to cater to old qemu-nbd. But the server limit was raised to 32M in commit 2d8214885 to match the kernel, more than three years ago; and the upstream NBD Protocol is proposing

[Qemu-devel] [PATCH 44/56] s390x/ipl: fix reboots for migration from different bios

From: David Hildenbrand When migrating from a different QEMU version, the start_address and bios_start_address may differ. During migration these values are migrated and overwrite the values that were detected by QEMU itself. On a reboot, QEMU will reload its own BIOS,

[Qemu-devel] [PATCH 37/56] vfio/pci: Fix VGA quirks

From: Alex Williamson Commit 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic alloc and consistent functions") converted VFIOPCIDevice.vga to be dynamically allocted, negating the need for VFIOPCIDevice.has_vga. Unfortunately not all of the has_vga users

[Qemu-devel] [PATCH 41/56] target-sparc: fix register corruption in ldstub if there is no write permission

From: Artyom Tarasenko Signed-off-by: Artyom Tarasenko Reviewed-by: Richard Henderson Signed-off-by: Mark Cave-Ayland (cherry picked from commit b64d2e57e704edbb56ae969de864292dd38379bf) Signed-off-by:

[Qemu-devel] [PATCH 36/56] pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c

From: Lin Ma In function pci_assign_dev_load_option_rom, For those pci devices don't have 'rom' file under sysfs or if loading ROM from external file, The function returns NULL, and won't set the passed 'size' variable. In these 2 cases, qemu still reports "Invalid ROM" error

[Qemu-devel] [PATCH 30/56] io: remove mistaken call to object_ref on QTask

From: "Daniel P. Berrange" The QTask struct is just a standalone struct, not a QOM Object, so calling object_ref() on it is not appropriate. This results in mangling the 'destroy' field in the QTask struct, causing the later call to qtask_free() to try to call the function

[Qemu-devel] [PATCH 51/56] nbd: Don't use *_to_cpup() functions

From: Peter Maydell The *_to_cpup() functions are not very useful, as they simply do a pointer dereference and then a *_to_cpu(). Instead use either: * ld*_*_p(), if the data is at an address that might not be correctly aligned for the load * a local dereference

[Qemu-devel] [PATCH 40/56] scsi: Advertise limits by blocksize, not 512

From: Eric Blake s->blocksize may be larger than 512, in which case our tweaks to max_xfer_len and opt_xfer_len must be scaled appropriately. CC: qemu-sta...@nongnu.org Reported-by: Fam Zheng Signed-off-by: Eric Blake Reviewed-by: Fam

[Qemu-devel] [PATCH 26/56] vmsvga: move fifo sanity checks to vmsvga_fifo_length

From: Gerd Hoffmann Sanity checks are applied when the fifo is enabled by the guest (SVGA_REG_CONFIG_DONE write). Which doesn't help much if the guest changes the fifo registers afterwards. Move the checks to vmsvga_fifo_length so they are done each time qemu is about to

[Qemu-devel] [PATCH 31/56] ui: fix regression in printing VNC host/port on startup

From: "Daniel P. Berrange" If VNC is chosen as the compile time default display backend, QEMU will print the host/port it listens on at startup. Previously this would look like VNC server running on '::1:5900' but in 04d2529da27db512dcbd5e99d0e26d333f16efcc the ':' was

[Qemu-devel] [PATCH 03/56] vl: change runstate only if new state is different from current state

From: Li Zhijian Previously, qemu will abort at following scenario: (qemu) stop (qemu) system_reset (qemu) system_reset (qemu) 2016-04-13T20:54:38.979158Z qemu-system-x86_64: invalid runstate transition: 'prelaunch' -> 'prelaunch' Signed-off-by: Li Zhijian

[Qemu-devel] [PATCH 32/56] net: fix qemu_announce_self not emitting packets

From: Peter Lieven commit fefe2a78 accidently dropped the code path for injecting raw packets. This feature is needed for sending gratuitous ARPs after an incoming migration has completed. The result is increased network downtime for vservers where the network card is not

[Qemu-devel] [PATCH 25/56] block: Drop bdrv_ioctl_bh_cb

From: Fam Zheng Similar to the "!drv || !drv->bdrv_aio_ioctl" case above, here it is okay to set co.ret and return. As pointed out by Paolo, a BH will be created as necessary by the caller (bdrv_co_maybe_schedule_bh). Besides, as pointed out by Kevin, "data" was leaked before.

[Qemu-devel] [PATCH 34/56] qcow2: Avoid making the L1 table too big

From: Max Reitz We refuse to open images whose L1 table we deem "too big". Consequently, we should not produce such images ourselves. Cc: qemu-sta...@nongnu.org Signed-off-by: Max Reitz Message-id: 20160615153630.2116-3-mre...@redhat.com Reviewed-by: Eric

[Qemu-devel] [PATCH 23/56] scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)

From: Prasad J Pandit Vmware Paravirtual SCSI emulation uses command descriptors to process SCSI commands. These descriptors come with their ring buffers. A guest could set the ring buffer size to an arbitrary value leading to OOB access issue. Add check to avoid it.

[Qemu-devel] [PATCH 33/56] backup: Don't leak BackupBlockJob in error path

From: Kevin Wolf Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia (cherry picked from commit 91ab68837933232bcef99da7c968e6d41900419b) Signed-off-by: Michael Roth

[Qemu-devel] [PATCH 27/56] vmsvga: add more fifo checks

From: Gerd Hoffmann Make sure all fifo ptrs are within range. Fixes: CVE-2016-4454 Cc: qemu-sta...@nongnu.org Cc: P J P Reported-by: 李强 Signed-off-by: Gerd Hoffmann Message-id:

[Qemu-devel] [PATCH 24/56] scsi: mptsas: infinite loop while fetching requests

From: Prasad J Pandit The LSI SAS1068 Host Bus Adapter emulator in Qemu, periodically looks for requests and fetches them. A loop doing that in mptsas_fetch_requests() could run infinitely if 's->state' was not operational. Move check to avoid such a loop. Reported-by:

[Qemu-devel] [PATCH 28/56] vmsvga: shadow fifo registers

From: Gerd Hoffmann The fifo is normal ram. So kvm vcpu threads and qemu iothread can access the fifo in parallel without syncronization. Which in turn implies we can't use the fifo pointers in-place because the guest can try changing them underneath us. So add shadows for

[Qemu-devel] [PATCH 21/56] savevm: fail if migration blockers are present

From: Greg Kurz QEMU has currently two ways to prevent migration to occur: - migration blocker when it depends on runtime state - VMStateDescription.unmigratable when migration is not supported at all This patch gathers all the logic into a single function to be called

[Qemu-devel] [PATCH 20/56] nbd: Don't trim unrequested bytes

From: Eric Blake Similar to commit df7b97ff, we are mishandling clients that give an unaligned NBD_CMD_TRIM request, and potentially trimming bytes that occur before their request; which in turn can cause potential unintended data loss (unlikely in practice, since most clients

[Qemu-devel] [PATCH 01/56] i386: kvmvapic: initialise imm32 variable

From: Prasad J Pandit When processing Task Priorty Register(TPR) access, it could leak automatic stack variable 'imm32' in patch_instruction(). Initialise the variable to avoid it. Reported by: Donghai Zdh Cc: qemu-sta...@nongnu.org

[Qemu-devel] [PATCH 29/56] vmsvga: don't process more than 1024 fifo commands at once

From: Gerd Hoffmann vmsvga_fifo_run is called in regular intervals (on each display update) and will resume where it left off. So we can simply exit the loop, without having to worry about how processing will continue. Fixes: CVE-2016-4453 Cc: qemu-sta...@nongnu.org Cc: P J

[Qemu-devel] [PATCH 22/56] Fix configure test for PBKDF2 in nettle

From: Steven Luo On my Debian jessie system, including nettle/pbkdf2.h does not cause NULL to be defined, which causes the test to fail to compile. Include stddef.h to bring in a definition of NULL. Cc: qemu-triv...@nongnu.org Cc: qemu-sta...@nongnu.org

[Qemu-devel] [PATCH 18/56] vfio: Fix broken EEH

From: Gavin Shan vfio_eeh_container_op() is the backend that communicates with host kernel to support EEH functionality in QEMU. However, the functon should return the value from host kernel instead of 0 unconditionally. dwg: Specifically the problem occurs for the

[Qemu-devel] [PATCH 14/56] esp: check dma length before reading scsi command(CVE-2016-4441)

From: Prasad J Pandit The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer. Routine get_cmd() uses DMA to read scsi commands into this buffer. Add check to validate DMA length against buffer size to

[Qemu-devel] [PATCH 19/56] block/iscsi: avoid potential overflow of acb->task->cdb

From: Peter Lieven at least in the path via virtio-blk the maximum size is not restricted. Cc: qemu-sta...@nongnu.org Signed-off-by: Peter Lieven Message-Id: <1464080368-29584-1-git-send-email...@kamp.de> Signed-off-by: Paolo Bonzini (cherry

[Qemu-devel] [PATCH 12/56] json-streamer: fix double-free on exiting during a parse

From: Paolo Bonzini Now that json-streamer tries not to leak tokens on incomplete parse, the tokens can be freed twice if QEMU destroys the json-streamer object during the parser->emit call. To fix this, create the new empty GQueue earlier, so that it is already in place

[Qemu-devel] [PATCH 17/56] vga: add sr_vbe register set

From: Gerd Hoffmann Commit "fd3c136 vga: make sure vga register setup for vbe stays intact (CVE-2016-3712)." causes a regression. The win7 installer is unhappy because it can't freely modify vga registers any more while in vbe mode. This patch introduces a new sr_vbe

[Qemu-devel] [PATCH 11/56] json-streamer: Don't leak tokens on incomplete parse

From: Eric Blake Valgrind complained about a number of leaks in tests/check-qobject-json: ==12657==definitely lost: 17,247 bytes in 1,234 blocks All of which had the same root cause: on an incomplete parse, we were abandoning the token queue without cleaning up the

[Qemu-devel] [PATCH 00/56] Patch Round-up for stable 2.6.1, freeze on 2016-08-12

Hi everyone, The following new patches are queued for QEMU stable v2.6.1: https://github.com/mdroth/qemu/commits/stable-2.6-staging The release is planned for 2016-08-17: http://wiki.qemu.org/Planning/2.6 Please respond here or CC qemu-sta...@nongnu.org on any patches you think should be

[Qemu-devel] [PATCH 15/56] block/nfs: refuse readahead if cache.direct is on

From: Peter Lieven if we open a NFS export with disabled cache we should refuse the readahead feature as it will cache data inside libnfs. If a export was opened with readahead enabled it should futher not be allowed to disable the cache while running. Cc: qemu-sta...@nongnu.org

[Qemu-devel] [PATCH 16/56] usb/ohci: Fix crash with when specifying too many num-ports

From: Thomas Huth QEMU currently crashes when an OHCI controller is instantiated with too many ports, e.g. "-device pci-ohci,num-ports=100,masterbus=1". Thus add a proper check in usb_ohci_init() to make sure that we do not use more than OHCI_MAX_PORTS = 15 ports here. Ticket:

[Qemu-devel] [PATCH 10/56] migration: regain control of images when migration fails to complete

From: Greg Kurz We currently have an error path during migration that can cause the source QEMU to abort: migration_thread() migration_completion() runstate_is_running() > true if guest is running bdrv_inactivate_all() >

[Qemu-devel] [PATCH 09/56] configure: Allow builds with extra warnings

From: Stefan Weil The clang compiler supports a useful compiler option -Weverything, and GCC also has other warnings not enabled by -Wall. If glib header files trigger a warning, however, testing glib with -Werror will always fail. A size mismatch is also detected without

[Qemu-devel] [PATCH 13/56] esp: check command buffer length before write(CVE-2016-4439)

From: Prasad J Pandit The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer. While writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check was missing to validate input length. Add check to

[Qemu-devel] Abort with qemu-aarch64(latest git master)

I am seeing an abort when I run qemu-aarch64 on a multi-threaded ARM64 executable. Is this a valid use case or is multi-threading still not supported? The back trace is as follows. You can find it as a paste for easier reading here: http://paste.ubuntu.com/22734688/ #0 0x7684c418 in

Re: [Qemu-devel] [PATCH v2 8/8] configure: Remove detection code for UUID

On Mon, Aug 08, 2016 at 02:09:28PM +0800, Fam Zheng wrote: > All code now uses built-in UUID implementation. Remove the code of > libuuid and make --enable-uuid and --disable-uuid only print a message. > > Signed-off-by: Fam Zheng > --- > configure | 43

Re: [Qemu-devel] [PATCH v2 5/8] vpc: Use QEMU UUID API

On Mon, Aug 08, 2016 at 02:09:25PM +0800, Fam Zheng wrote: > Previously we conditionally generate if footer->uuid, when libuuid is s/generate if/generated/ s/is/was/ > available. Now that we have a built-in implementation, we can switch to > it. > > Signed-off-by: Fam Zheng >

[Qemu-devel] [ANNOUNCE] QEMU 2.7.0-rc2 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the third release candidate for the QEMU 2.7 release. This release is meant for testing purposes and should not be used in a production environment. http://wiki.qemu.org/download/qemu-2.7.0-rc2.tar.bz2 Known issues

  1   2   3   4   >