On Mon, Apr 01, 2019 at 05:17:11PM -0400, Bandan Das wrote:
> This function is used in the delete path only and can
> be replaced by a call to usb_mtp_object_free.
Queued patch 1+2, leaving 3 for later.
cheers,
Gerd
On Mon, Apr 01, 2019 at 08:59:20PM +0200, Volker Rümelin wrote:
> Currently the default audio timer frequency is 1Hz instead of
> a period of 1us. Also the audiodev timer-period property gets
> converted like a frequency. Only handling of the legacy
> QEMU_AUDIO_TIMER_PERIOD environment
On Mon, 1 Apr 2019 at 21:14, Eric Blake wrote:
>
> The following changes since commit 230ce19814ecc6bff8edac3b5b86e7c82f422c6c:
>
> Merge remote-tracking branch 'remotes/rth/tags/pull-axp-20190325' into
> staging (2019-03-29 19:29:00 +)
>
> are available in the Git repository at:
>
>
On Tue, 2 Apr 2019 at 12:20, Like Xu wrote:
>
> On 2019/4/2 12:45, Peter Maydell wrote:
> > My suggestion would be that we use qdev_get_machine(). I think
> > it would be nice to make the remaining dozen or so uses of
> > the global current_machine outside vl.c use qdev_get_machine()
> > instead,
On 2019/4/2 12:45, Peter Maydell wrote:
On Tue, 2 Apr 2019 at 09:46, Like Xu wrote:
On 2019/4/2 7:38, Eduardo Habkost wrote:
On Mon, Apr 01, 2019 at 10:56:30AM +0800, Like Xu wrote:
On 2019/3/29 17:27, Alex Bennée wrote:
[...]
@@ -1713,6 +1717,9 @@ static void cortex_a9_initfn(Object
On Apr 1, 2019, at 21:28, Richard Henderson
wrote:
> Thanks. We should probably update our submodule to the v4 release as well.
Is that something that you want with this patch?
--
Stephen Checkoway
On 2/6/19 6:11 PM, Igor Mammedov wrote:
On Thu, 31 Jan 2019 15:16:54 +0800
Tao Xu wrote:
From: Liu Jingqi
Add -numa hmat-lb option to provide System Locality Latency and
Bandwidth Information. These memory attributes help to build
System Locality Latency and Bandwidth Information
On Tue, 2 Apr 2019 at 09:46, Like Xu wrote:
>
> On 2019/4/2 7:38, Eduardo Habkost wrote:
> > On Mon, Apr 01, 2019 at 10:56:30AM +0800, Like Xu wrote:
> >> On 2019/3/29 17:27, Alex Bennée wrote:
> > [...]
> @@ -1713,6 +1717,9 @@ static void cortex_a9_initfn(Object *obj)
> #ifndef
Hi all,
I found an insterested issue here besides writting "dtb" rom into ram.
That is, should qemu support incoming from the ignore-shared memory backend
file repeatedly?
After I resolve the issue of writting "dtb" rom into ram, the incoming from
the ignore-shared memory backend file works fine
Stefano Garzarella writes:
> Hi Alex,
> I'm sending you some benchmarks and information about VSOCK CCing qemu-devel
> and linux-netdev (maybe this info could be useful for others :))
>
> One of the VSOCK advantages is the simple configuration: you don't need to set
> up IP addresses for
On Wed, Mar 13, 2019 at 05:09:43PM +0100, Igor Mammedov wrote:
>On Wed, 13 Mar 2019 13:33:59 +
>Wei Yang wrote:
>
>>
>> I am lost at this place.
>>
>> sig is a part of ACPI table header, you mean the sig is not necessary to
>> be set in ACPI table header?
>>
>> "skip table generation"
On Tue, 2 Apr 2019 at 09:57, Catherine Ho wrote:
> The root cause is the used idx is moved forward after 1st time incoming, and
> in 2nd time incoming,
> the last_avail_idx will be incorrectly restored from the saved device state
> file(not in the ram).
>
> I watched this even on x86 for a
Hi Aleksandar,
I understand, Thank you very much for reminding me.
Regards,
Tommy
From: Aleksandar Markovic
Sent: Tuesday, April 2, 2019 10:43 AM
To: Tommy Jin
Cc: Peter Maydell; qemu-devel@nongnu.org; Paul Burton
Subject: Re: [Qemu-devel] [PATCH] Adds
subsection_found is true implies vmdesc is not NULL.
Signed-off-by: Wei Yang
---
migration/vmstate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/vmstate.c b/migration/vmstate.c
index e2bbb7b5f7..8327179eea 100644
--- a/migration/vmstate.c
+++
On Apr 2, 2019 4:29 AM, "Tommy Jin" wrote:
>
> Hi Peter,
>
>
> Thank you very much for you comments,I sent a wrong patch out by mistake.
>
>
>
> If always creating virtio-net-pci device is not a good idea, is it
feasible to make virtio-net-pci as an option for boston without using
libvirt? we can
On Apr 1, 2019 11:26 AM, "Archer Yan" wrote:
>
> Currently boston in QEMU only supports boot with FIT format. Since ELF
file
> can provide symbol infomation in debug, this patch enables Boston boot
from
> vmlinux
>
> Signed-off-by: Archer Yan
> ---
> hw/mips/boston.c | 224
On 2019/4/2 7:38, Eduardo Habkost wrote:
On Mon, Apr 01, 2019 at 10:56:30AM +0800, Like Xu wrote:
On 2019/3/29 17:27, Alex Bennée wrote:
[...]
@@ -1713,6 +1717,9 @@ static void cortex_a9_initfn(Object *obj)
#ifndef CONFIG_USER_ONLY
static uint64_t a15_l2ctlr_read(CPUARMState *env, const
Hi Peter,
Thank you very much for you comments,I sent a wrong patch out by mistake.
If always creating virtio-net-pci device is not a good idea, is it feasible to
make virtio-net-pci as an option for boston without using libvirt? we can only
create this device when the user specify
On Tue, 2 Apr 2019 at 09:29, Tommy Jin wrote:
> If always creating virtio-net-pci device is not a good idea, is it
> feasible to make virtio-net-pci as an option for boston without
> using libvirt?
It's always an option, just specify it on the command line.
> Actually, Botson board can have an
On Apr 1, 2019 11:39 AM, "Peter Maydell" wrote:
>
> On Mon, 1 Apr 2019 at 16:23, Tommy Jin wrote:
> >
> > Boston didn't bring up any netcard by default, this is not so
convenient for users who are verifying network related functionalities on
this board.
> > As the linux kernel has already
On 4/2/19 5:07 AM, Stephen Checkoway wrote:
> Starting with version 4 of capstone, the header files live in the
> `$prefix/include/capstone` directory.
>
> This modifies the configure script to check for if
> cannot be found.
>
> Signed-off-by: Stephen Checkoway
> ---
> configure
MigrationState->bytes_xfer is only set to 0 in migrate_init().
Remove this unnecessary field.
Signed-off-by: Wei Yang
---
migration/migration.c | 1 -
migration/migration.h | 1 -
2 files changed, 2 deletions(-)
diff --git a/migration/migration.c b/migration/migration.c
index
On 4/2/19 2:12 AM, Jonathan Behrens wrote:
> The 'sfence.vma' instruction is privileged, and should only ever be allowed
> when executing in supervisor mode or higher.
>
> Jonathan
>
> Signed-off-by: Jonathan Behrens
> ---
> target/riscv/op_helper.c | 7 ---
> 1 file changed, 4
On Mon, Apr 01, 2019 at 10:56:30AM +0800, Like Xu wrote:
> On 2019/3/29 17:27, Alex Bennée wrote:
[...]
> > > @@ -1713,6 +1717,9 @@ static void cortex_a9_initfn(Object *obj)
> > > #ifndef CONFIG_USER_ONLY
> > > static uint64_t a15_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo
> > > *ri)
>
On Mon, Apr 1, 2019 at 4:28 PM Michael Roth wrote:
> > I'm curious why this change was picked for stable, it wasn't marked for it.
> Looks like an earlier patch was tagged for stable:
...
> Since patches are often referred to qemu-stable via actual email Cc: and
> often don't get tagged in the
Quoting Max Filippov (2019-04-01 16:19:59)
> Hi Michael,
>
> On Mon, Apr 1, 2019 at 2:04 PM Michael Roth wrote:
> > From: Max Filippov
> >
> > Now that xtensa_count_regs does the right thing, remove manual
> > initialization of these fields from the affected configurations and let
> >
On 2019-04-01 20:59, Volker Rümelin wrote:
> Currently the default audio timer frequency is 1Hz instead of
> a period of 1us. Also the audiodev timer-period property gets
> converted like a frequency. Only handling of the legacy
> QEMU_AUDIO_TIMER_PERIOD environment variable is correct
On Mon, Apr 01, 2019 at 07:54:57PM +0200, Greg Kurz wrote:
> Recent commit c2077e2ca0da7 added stricter checks that now prevent
> a guest to access the extended config space of a PCIe device connected
> attached to a PHB on a pseries machine.
>
> PAPR compatible PHBs act like legacy PCI busses,
Patchew URL:
https://patchew.org/QEMU/20190401214847.27600-1-wall...@linux.ibm.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Message-id: 20190401214847.27600-1-wall...@linux.ibm.com
Subject: [Qemu-devel] [PATCH v3] s390: diagnose 318
There's no functional change but the flow is (hopefully)
more consistent for both file and folder object types.
Signed-off-by: Bandan Das
---
hw/usb/dev-mtp.c | 57 +---
1 file changed, 30 insertions(+), 27 deletions(-)
diff --git a/hw/usb/dev-mtp.c
v4:
Added 1/3:
v3:
2/2: Fix indentation
Add back sending RES_OK for success
v2:
1/2: Add Reviewed-by tag
2/2: remove extra vars and directly call usb_mtp_queue_result
The first patch removes a unnecessary function
and the second is just a code reorg of usb_mtp_write_data
to
This is needed to build skiboot from tarball-distributed sources
since the git data the make_release.sh script relies on to generate
it is not available.
Cc: qemu-sta...@nongnu.org
Reported-by: Michael Tokarev
Signed-off-by: Michael Roth
Reviewed-by: Philippe Mathieu-Daudé
Message-id:
Gerd Hoffmann writes:
> On Thu, Mar 28, 2019 at 01:37:21PM -0400, Bandan Das wrote:
>> This function is used in the delete path only and can
>> be replaced by a call to usb_mtp_object_free.
>>
>> Reviewed-by: Peter Maydell
>> Signed-off-by: Bandan Das
>
> Tried to cherry-pick this one for 4.0
Spotted by Coverity: CID 1399414
mtp delete allows the return status of delete succeeded,
partial_delete or readonly - when none of the objects could be
deleted. Give more meaningful names to return values of the
delete function.
Some initiators recurse over the objects themselves. In that case,
From: Richard Henderson
Cc: qemu-sta...@nongnu.org (3.0.1)
Signed-off-by: Richard Henderson
Reviewed-by: Alex Bennée
Signed-off-by: Peter Maydell
(cherry picked from commit 573ec0fe40b9a412085ac7dfb41975a0fc2b28dd)
Signed-off-by: Michael Roth
---
target/arm/sve_helper.c | 2 +-
1 file
Starting with version 4 of capstone, the header files live in the
`$prefix/include/capstone` directory.
This modifies the configure script to check for if
cannot be found.
Signed-off-by: Stephen Checkoway
---
configure| 9 +
include/disas/capstone.h | 4
2 files
From: Stefan Berger
This is a backport of rev 24cf5413aa0 to 3.0.x and 3.1.x.
This patch makes the a TPM 2.0 with TIS interface available under the
HID 'MSF0101'. This is supported by Linux and also Windows now
recognizes the TPM 2.0 with TIS interface. Leave the TPM 1.2 as before.
From: Mark Cave-Ayland
Commit c8a35f1cf0f "fdc: use IsaDma interface instead of global DMA_*
functions" accidentally introduced a segfault in fdctrl_stop_transfer() for
non-DMA transfers.
If fdctrl->dma_chann has not been configured then the fdctrl->dma interface
reference isn't initialised
From: Stefan Berger
Zero-init the ptm_loc structure so that we don't have fields that
are not initialised.
Signed-off-by: Stefan Berger
Reviewed-by: Philippe Mathieu-Daudé
(cherry picked from commit eff1fe9fd0cebe2293eea9597616f792b6b5ad18)
Signed-off-by: Michael Roth
---
From: Corey Minyard
Otherwise it won't be set up correctly and won't work after
miigration.
Signed-off-by: Corey Minyard
Cc: Igor Mammedov
Cc: qemu-sta...@nongnu.org
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit
From: Richard Henderson
Reported-by: Laurent Desnogues
Signed-off-by: Richard Henderson
Reviewed-by: Laurent Desnogues
Reviewed-by: Alex Bennée
Reviewed-by: Philippe Mathieu-Daudé
Tested-by: Alex Bennée
Tested-by: Laurent Desnogues
Message-id:
DIAGNOSE 0x318 (diag318) is a privileged s390x instruction that must
be intercepted by SIE and handled via KVM. Let's introduce some
functions to communicate between QEMU and KVM via ioctls. These
will be used to get/set the diag318 related information (also known
as the "Control Program Code" or
From: Paolo Bonzini
The address of a packed member is not packed, which may cause accesses
to unaligned pointers. Avoid this by reading the packed value before
passing it to another function.
Cc: Jason Wang
Cc: Peter Maydell
Signed-off-by: Paolo Bonzini
(cherry picked from commit
This function is used in the delete path only and can
be replaced by a call to usb_mtp_object_free.
Reviewed-by: Peter Maydell
Signed-off-by: Bandan Das
---
hw/usb/dev-mtp.c | 14 ++
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
From: Richard Henderson
The normal vector element is sign-extended before
comparing with the wide vector element.
Reported-by: Laurent Desnogues
Signed-off-by: Richard Henderson
Reviewed-by: Laurent Desnogues
Reviewed-by: Alex Bennée
Tested-by: Alex Bennée
Tested-by: Laurent Desnogues
From: Max Reitz
Fixes: d402b6a21a825a5c07aac9251990860723d49f5d
Reported-by: Kevin Wolf
Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Reitz
Reviewed-by: John Snow
Signed-off-by: Kevin Wolf
(cherry picked from commit f0998879e049dad19beed881a1c56643ce536384)
Signed-off-by: Michael Roth
---
Hi Michael,
On Mon, Apr 1, 2019 at 2:04 PM Michael Roth wrote:
> From: Max Filippov
>
> Now that xtensa_count_regs does the right thing, remove manual
> initialization of these fields from the affected configurations and let
> xtensa_finalize_config initialize them. Add XTREG_END to terminate
>
From: Stefan Berger
Make sure that the locality passed from the backend to
tpm_tis_request_completed() is valid.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
(cherry picked from commit a639f96111eadb3b8e3021fd3f27e2948ad1c640)
Signed-off-by: Michael Roth
---
hw/tpm/tpm_tis.c
From: Jeff Cody
Code movement to pull the conversion from Qdict to BlockdevOptionsRbd
into a helper function.
Reviewed-by: Eric Blake
Reviewed-by: John Snow
Signed-off-by: Jeff Cody
Message-id:
5b49a980f2cde6610ab1df41bb0277d00b5db893.1536704901.git.jc...@redhat.com
Signed-off-by: Jeff Cody
From: Liam Merwick
In tpm_tis_mmio_write() if the requesting locality is seizing
access, any seizure by a lower locality is cancelled. However the
loop doing the seizure had an off-by-one error and the locality
immediately preceding the requesting locality was not being cleared.
This is fixed
From: Richard Henderson
Used the wrong temporary in the computation of subtractive overflow.
Reported-by: Laurent Desnogues
Signed-off-by: Richard Henderson
Reviewed-by: Laurent Desnogues
Tested-by: Alex Bennée
Tested-by: Laurent Desnogues
Message-id:
From: yuchenlin
There are 3 virtqueues (ctrl, event and cmd) for virtio scsi device,
but seabios will only set the physical address for the 3rd one (cmd).
Then in vhost_virtqueue_start(), virtio_queue_get_desc_addr()
will be 0 for ctrl and event vq.
In this case, ctrl and event vq are not
From: Peter Maydell
Linux returns success if pwrite64() or pread64() are called with a
zero length NULL buffer, but QEMU was returning -TARGET_EFAULT.
This is the same bug that we fixed in commit 58cfa6c2e6eb51b23cc9
for the write syscall, and long before that in 38d840e6790c29f59
for the read
From: Paolo Bonzini
Because the CMB BAR has a min_access_size of 2, if you read the last
byte it will try to memcpy *2* bytes from n->cmbuf, causing an off-by-one
error. This is CVE-2018-16847.
Another way to fix this might be to register the CMB as a RAM memory
region, which would also be
From: Jeff Cody
When we converted rbd to get rid of the older key/value-centric
encoding format, we broke compatibility with image files with backing
file strings encoded in the old format.
This leaves a bit of an ugly conundrum, and a hacky solution.
If the initial attempt to parse the
From: Max Reitz
create_opts was leaked here. This is not too bad since the process is
about to exit anyway, but relying on that does not make the code nicer
to read.
Fixes: d402b6a21a825a5c07aac9251990860723d49f5d
Reported-by: Kevin Wolf
Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Reitz
From: Tony Garnock-Jones
Bring linux-user write(2) handling into line with linux for the case
of a 0-byte write with a NULL buffer. Based on a patch originally
written by Zhuowei Zhang.
Addresses https://bugs.launchpad.net/qemu/+bug/1716292.
>From Zhuowei Zhang's patch
From: Jason Wang
There should not be a reason for passing a packet size greater than
INT_MAX. It's usually a hint of bug somewhere, so ignore packet size
greater than INT_MAX in qemu_deliver_packet_iov()
CC: qemu-sta...@nongnu.org
Reported-by: Daniel Shapira
Reviewed-by: Michael S. Tsirkin
From: Janosch Frank
The architecture specifies specification exceptions for all
unavailable subcodes.
The presence of subcodes is indicated by checking some query subcode.
For example 6 will indicate that 3-6 are available. So future systems
might call new subcodes to check for new features.
From: Daniel Henrique Barboza
Commit 067927d62e ("qga: systemd hibernate/suspend/hybrid-sleep
support") failed to update qapi-schema.json after adding systemd
hibernate/suspend/hybrid-sleep capabilities to guest-suspend-* QGA
commands.
Signed-off-by: Daniel Henrique Barboza
Reviewed-by: Eric
From: Richard Henderson
Not only are the sve-related tb_flags fields unused when SVE is
disabled, but not all of the cpu registers are initialized properly
for computing same. This can corrupt other fields by ORing in -1,
which might result in QEMU crashing.
This bug was not present in 3.0,
From: "Michael S. Tsirkin"
Fixes: dbb6da8ba7e ("pc: acpi: revert back to 1 SRAT entry for hotpluggable
area")
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit d2a1b1d602986a5f02658f6d4fc9ed422f8ddebf)
Signed-off-by: Michael Roth
---
tests/acpi-test-data/pc/DSDT | Bin
From: Max Filippov
- FPU2000 defines rfr and wfr opcodes, not rfr.s and wfr.s;
- movcond.s uses incorrect operand in tcg_gen_movcond: in case the
condition is not satisfied it must not change its argument 0.
Fixes: c04e1692e3aa ("target/xtensa: extract FPU2000 opcode
translators")
Cc:
From: Max Filippov
Now that xtensa_count_regs does the right thing, remove manual
initialization of these fields from the affected configurations and let
xtensa_finalize_config initialize them. Add XTREG_END to terminate
register lists.
Signed-off-by: Max Filippov
(cherry picked from commit
From: Zheng Xiang
When VM boots from the latest version of linux kernel, after
hot-unpluging virtio-blk disks which are hotplugged into
pcie-root-port, the VM's dmesg log shows:
[ 151.046242] pciehp :00:05.0:pcie004: pending interrupts 0x0001 from Slot
Status
[ 151.046365] pciehp
From: William Bowling
When emulating ident in tcp_emu, if the strchr checks passed but the
sscanf check failed, two uninitialized variables would be copied and
sent in the reply, so move this code inside the if(sscanf()) clause.
Signed-off-by: William Bowling
Cc: qemu-sta...@nongnu.org
Cc:
From: Prasad Singamsetty
qemu command fails to process -overcommit option. Add the missing
call to qemu_add_opts() in vl.c.
Signed-off-by: Prasad Singamsetty
Message-Id: <20180815175704.105902-1-prasad.singamse...@oracle.com>
Reviewed-by: Mark Kanda
Signed-off-by: Paolo Bonzini
(cherry
From: Eric Blake
The NBD spec, and even our code comment, says that if the client
asks for NBD_OPT_LIST_META_CONTEXT with 0 queries, then we should
reply with (a possibly-compressed representation of) ALL contexts
that we are willing to let them try. But commit 3d068aff forgot
to advertise
From: Eric Blake
If nbd_client_init() fails after we are already connected,
then the server will spam logs with:
Disconnect client, due to: Unexpected end-of-file before all bytes were read
unless we gracefully disconnect before closing the connection.
Ways to trigger this:
$
From: Richard Henderson
This makes float16_muladd correctly use FZ16 not FZ.
Fixes: 6ceabaad110
Cc: qemu-sta...@nongnu.org (3.0.1)
Reported-by: Laurent Desnogues
Signed-off-by: Richard Henderson
Reviewed-by: Laurent Desnogues
Tested-by: Laurent Desnogues
Message-id:
From: Igor Mammedov
Commit
10efd7e108 "pc: acpi: fix memory hotplug regression by reducing stub SRAT
entry size"
attemped to fix hotplug regression introduced by
848a1cc1e "hw/acpi-build: build SRAT memory affinity structures for DIMM
devices"
fixed issue for Windows/3.0+ linux kernels,
From: Fam Zheng
The same logic exists in fd polling. This change is especially important
to avoid busy loop once we limit aio_notify_accept() to blocking
aio_poll().
Cc: qemu-sta...@nongnu.org
Signed-off-by: Fam Zheng
Message-Id: <20180809132259.18402-2-f...@redhat.com>
Signed-off-by: Fam
From: Richard Henderson
The immediate should be scaled by the size of the memory reference,
not the size of the elements into which it is loaded.
Cc: qemu-sta...@nongnu.org (3.0.1)
Reported-by: Laurent Desnogues
Signed-off-by: Richard Henderson
Tested-by: Laurent Desnogues
Reviewed-by:
From: Marc-André Lureau
Spotted by ASAN, during make check...
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f8e27262c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7f8e26a5f3c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5)
#2 0x555ab67078a8 in qstring_from_str
Hi everyone,
The following new patches are queued for QEMU stable v3.0.1:
https://github.com/mdroth/qemu/commits/stable-3.0-staging
The release is planned for 2019-04-11:
From: Richard Henderson
The pseudocode for this operation is an increment + compare loop,
so comparing <= the maximum integer produces an all-true predicate.
Rather than bound in both the inline code and the helper, pass the
helper the number of predicate bits to set instead of the number
of
From: Kevin Wolf
Currently, the default values for werror and rerror have to be set
explicitly with blk_set_on_error() by the callers of blk_new(). The only
caller actually doing this is blockdev_init(), which is called for
BlockBackends created using -drive.
In particular, anonymous
From: Stefan Berger
Make sure that the new locality passed to tpm_tis_prep_abort()
is valid.
Add a comment to aborting_locty that it may be any locality, including
TPM_TIS_NO_LOCALITY.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
(cherry picked from commit
From: Greg Kurz
When using the 9P2000.u version of the protocol, the following shell
command line in the guest can cause QEMU to crash:
while true; do rm -rf aa; mkdir -p a/b & touch a/b/c & mv a aa; done
With 9P2000.u, file renaming is handled by the WSTAT command. The
v9fs_wstat()
From: Peter Maydell
The tcg_register_iommu_notifier() code has a GArray of
TCGIOMMUNotifier structs which it has registered by passing
memory_region_register_iommu_notifier() a pointer to the embedded
IOMMUNotifier field. Unfortunately, if we need to enlarge the
array via g_array_set_size() this
From: Gerd Hoffmann
Open files and directories with O_NOFOLLOW to avoid symlinks attacks.
While being at it also add O_CLOEXEC.
usb-mtp only handles regular files and directories and ignores
everything else, so users should not see a difference.
Because qemu ignores symlinks, carrying out a
From: Christian Borntraeger
"-machine pc" will not work all architectures. Lets fall back to the
default machine by not specifying it.
In addition we also need to specify -no-shutdown on s390 as qemu will
exit otherwise.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Christian Borntraeger
From: Richard Henderson
The expression (int) imm + (uint32_t) len_align turns into uint32_t
and thus with negative imm produces a memory operation at the wrong
offset. None of the numbers involved are particularly large, so
change everything to use int.
Cc: qemu-sta...@nongnu.org (3.0.1)
From: Marcel Apfelbaum
Configuring QEMU with:
configure --target-list="x86_64-softmmu" --cc=clang --enable-pvrdma
Results in:
qemu/hw/rdma/rdma_rm_defs.h:108:3: error: redefinition of typedef
'RdmaDeviceResources' is a C11 feature [-Werror,-Wtypedef-redefinition]
} RdmaDeviceResources;
From: Eric Blake
We need an accurate count of the number of bits set in a bitmap
after a merge. In particular, since the merge operation short-circuits
a merge from an empty source, if you have bitmaps A, B, and C where
B started empty, then merge C into B, and B into A, an inaccurate
count
From: Fam Zheng
An aio_notify() pairs with an aio_notify_accept(). The former should
happen in the main thread or a vCPU thread, and the latter should be
done in the IOThread.
There is one rare case that the main thread or vCPU thread may "steal"
the aio_notify() event just raised by itself, in
From: Alberto Garcia
When a block device is opened with BDRV_O_SNAPSHOT and the
bdrv_append_temp_snapshot() call fails then the error code path tries
to unref the already destroyed 'options' QDict.
This can be reproduced easily by setting TMPDIR to a location where
the QEMU process can't write:
From: Prasad J Pandit
When TIS request is done, set 'sts' data field across all localities.
Signed-off-by: Prasad J Pandit
Reviewed-by: Stefan Berger
Signed-off-by: Stefan Berger
(cherry picked from commit 6a50bb98f24929c9fc69e9197eb21c142e061fbd)
Signed-off-by: Michael Roth
---
From: "Paul A. Clarke"
Changes requirement for "vsubsbs" instruction, which has been supported
since ISA 2.03. (Please see section 5.9.1.2 of ISA 2.03)
Reported-by: Paul A. Clarke
Signed-off-by: Paul A. Clarke
Signed-off-by: Leonardo Bras
Signed-off-by: David Gibson
(cherry picked from
From: Jason Wang
We try to detect and drop too large packet (>INT_MAX) in 1592a9947036
("net: ignore packet size greater than INT_MAX") during packet
delivering. Unfortunately, this is not sufficient as we may hit
another integer overflow when trying to queue such large packet in
From: Yury Kotov
virtio_queue_get_desc_addr returns 64-bit hwaddr while int is usually 32-bit.
If returned hwaddr is not equal to 0 but least-significant 32 bits are
equal to 0 then this code will not actually stop running queue.
Signed-off-by: Yury Kotov
Acked-by: Jia He
Cc:
From: Thomas Huth
Since "s390x/tcg: avoid overflows in time2tod/tod2time", the
time2tod() function tries to deal with the 9 uppermost bits in the
time value, but uses the wrong mask for this: 0xff80 should
be used instead of 0xff10 here.
Fixes:
From: Ilya Maximets
POSTCOPY_NOTIFY_INBOUND_END handlers will remove userfault fds
from the postcopy_remote_fds array which could be still in
use by the fault thread. Let's stop the thread before
notification to avoid possible accessing wrong memory.
Fixes: 46343570c06e ("vhost+postcopy: Wire
From: BALATON Zoltan
Clang 3.4 considers duplicate typedef in ppc4xx_i2c.h and
bitbang_i2c.h an error even if they are identical. Move it to a common
place to allow building with this clang version.
Reported-by: Thomas Huth
Signed-off-by: BALATON Zoltan
Acked-by: David Gibson
Reviewed-by:
From: Corey Minyard
Avoid an overflow.
Signed-off-by: Corey Minyard
Reviewed-by: Peter Maydell
Reviewed-by: Philippe Mathieu-Daudé
Tested-by: Philippe Mathieu-Daudé
Cc: QEMU Stable
Signed-off-by: Peter Maydell
(cherry picked from commit 629457a13080052c575779e1fd9f5eb5ee6b8ad9)
From: Peter Maydell
In commit c79c0a314c43b78 we enabled emulation of external aborts
when the guest attempts to access a physical address with no
mapped device. In commit 4672cbd7bed88dc6 we suppress this for
most legacy boards to prevent breakage of previously working
guests, but we didn't
From: Markus Armbruster
qemu_vfio_open_common() initializes s->lock only after passing s to
qemu_vfio_dma_map() via qemu_vfio_init_ramblock().
qemu_vfio_dma_map() tries to lock the uninitialized lock and crashes.
Fix by initializing s->lock first.
RHBZ:
From: Peter Xu
Provide the function and use it in vtd_init(). Used to reset both
context entry cache and iotlb cache for the whole IOMMU unit.
Signed-off-by: Peter Xu
Reviewed-by: Eric Auger
Reviewed-by: Jason Wang
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
(cherry
From: Vladimir Sementsov-Ogievskiy
This test is broken without previous commit fixing dead-lock in mirror.
Signed-off-by: Vladimir Sementsov-Ogievskiy
Signed-off-by: Max Reitz
Acked-by: Vladimir Sementsov-Ogievskiy
Signed-off-by: Kevin Wolf
(cherry picked from commit
From: Gerd Hoffmann
Cc: P J P
Reported-by: Wangjunqing
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Gerd Hoffmann
Message-id: 20181030082340.17170-1-kra...@redhat.com
Suggested-by: Paolo Bonzini
Signed-off-by: Gerd Hoffmann
(cherry picked from commit
1 - 100 of 351 matches
Mail list logo