[Qemu-devel] [Bug 1663287] Re: Illegal delay slot code causes abort on mips64

Thanks for reporting this issue. In fact, branches in a delay slot is "undefined" in the pre-Release 6 architecture. MIPS architectre release 6 defines to signal Reserved Instruction exceptions for such cases. However as it was undefined, it is better to signal RI and carry on rather than

[Qemu-devel] [PATCH 15/81] 9pfs: local: truncate: don't follow symlinks

From: Greg Kurz The local_truncate() callback is vulnerable to symlink attacks because it calls truncate() which follows symbolic links in all path elements. This patch converts local_truncate() to rely on open_nofollow() and ftruncate() instead. This partly fixes

[Qemu-devel] [PATCH 16/81] 9pfs: local: readlink: don't follow symlinks

From: Greg Kurz The local_readlink() callback is vulnerable to symlink attacks because it calls: (1) open(O_NOFOLLOW) which follows symbolic links for all path elements but the rightmost one (2) readlink() which follows symbolic links for all path elements but the

[Qemu-devel] [PATCH 24/81] 9pfs: local: symlink: don't follow symlinks

From: Greg Kurz The local_symlink() callback is vulnerable to symlink attacks because it calls: (1) symlink() which follows symbolic links for all path elements but the rightmost one (2) open(O_NOFOLLOW) which follows symbolic links for all path elements but the

[Qemu-devel] [PATCH 46/81] exec: Add missing rcu_read_unlock

From: Roman Kapl rcu_read_unlock was not called if the address_space_access_valid result is negative. This caused (at least) a problem when qemu on PPC/E500+TAP failed to terminate properly and instead got stuck in a deadlock. Signed-off-by: Roman Kapl

[Qemu-devel] [PATCH 21/81] 9pfs: local: link: don't follow symlinks

From: Greg Kurz The local_link() callback is vulnerable to symlink attacks because it calls: (1) link() which follows symbolic links for all path elements but the rightmost one (2) local_create_mapped_attr_dir()->mkdir() which follows symbolic links for all path elements

[Qemu-devel] [PATCH 33/81] 9pfs: fix O_PATH build break with older glibc versions

From: Greg Kurz When O_PATH is used with O_DIRECTORY, it only acts as an optimization: the openat() syscall simply finds the name in the VFS, and doesn't trigger the underlying filesystem. On systems that don't define O_PATH, because they have glibc version 2.13 or older for

[Qemu-devel] [PATCH 36/81] balloon: Don't balloon roms

From: "Dr. David Alan Gilbert" A broken guest can specify physical addresses that correspond to any memory region, but it shouldn't be able to change ROM. Signed-off-by: Dr. David Alan Gilbert Cc: qemu-sta...@nongnu.org Acked-by: Paolo Bonzini

[Qemu-devel] [PATCH 43/81] ui/vnc: Fix problem with sending too many bytes as server name

From: Thomas Huth If the buffer is not big enough, snprintf() does not return the number of bytes that have been written to the buffer, but the number of bytes that would be needed for writing the whole string. By using this value for the following vnc_write() calls, we send

[Qemu-devel] [PATCH 04/81] 9pfs: introduce relative_openat_nofollow() helper

From: Greg Kurz When using the passthrough security mode, symbolic links created by the guest are actual symbolic links on the host file system. Since the resolution of symbolic links during path walk is supposed to occur on the client side. The server should hence never receive

[Qemu-devel] [Bug 1663287] Re: Illegal delay slot code causes abort on mips64

** Changed in: qemu Status: New => Fix Committed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1663287 Title: Illegal delay slot code causes abort on mips64 Status in QEMU: Fix Committed

[Qemu-devel] [PATCH 10/81] 9pfs: local: lremovexattr: don't follow symlinks

From: Greg Kurz The local_lremovexattr() callback is vulnerable to symlink attacks because it calls lremovexattr() which follows symbolic links in all path elements but the rightmost one. This patch introduces a helper to emulate the non-existing fremovexattrat() function: it is

[Qemu-devel] [PATCH 00/81] Patch Round-up for stable 2.8.1, freeze on 2017-03-27

Hi everyone, The following new patches are queued for QEMU stable v2.8.1: https://github.com/mdroth/qemu/commits/stable-2.8-staging The release is planned for 2017-03-30: http://wiki.qemu.org/Planning/2.8 Please respond here or CC qemu-sta...@nongnu.org on any patches you think should be

[Qemu-devel] [PATCH 11/81] 9pfs: local: unlinkat: don't follow symlinks

From: Greg Kurz The local_unlinkat() callback is vulnerable to symlink attacks because it calls remove() which follows symbolic links in all path elements but the rightmost one. This patch converts local_unlinkat() to rely on opendir_nofollow() and unlinkat() instead. Most of

[Qemu-devel] [PATCH 12/81] 9pfs: local: remove: don't follow symlinks

From: Greg Kurz The local_remove() callback is vulnerable to symlink attacks because it calls: (1) lstat() which follows symbolic links in all path elements but the rightmost one (2) remove() which follows symbolic links in all path elements but the rightmost one This

[Qemu-devel] [PATCH 01/81] 9pfs: local: move xattr security ops to 9p-xattr.c

From: Greg Kurz These functions are always called indirectly. It really doesn't make sense for them to sit in a header file. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi (cherry picked from commit

[Qemu-devel] [PATCH 34/81] 9pfs: fix vulnerability in openat_dir() and local_unlinkat_common()

From: Greg Kurz We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make QEMU vulnerable. While here, we also fix local_unlinkat_common() to use openat_dir() for the same reasons (it was a leftover in the original patchset actually). This fixes CVE-2016-9602.

[Qemu-devel] [PATCH 41/81] ui/gtk: fix crash at startup when no console is available

From: Hervé Poussineau This patch fixes a segfault at QEMU startup, introduced in a08156321ab9a7d2fed9ee77dbfeea2a61ffd153. gd_vc_find_current() return NULL, which is dereferenced without checking it. While at it, disable the whole 'View' menu if no console exists.

[Qemu-devel] [PATCH 30/81] 9pfs: fix fd leak in local_opendir()

From: Greg Kurz Coverity issue CID1371731 Signed-off-by: Greg Kurz Reviewed-by: Daniel P. Berrange Reviewed-by: Philippe Mathieu-Daudé (cherry picked from commit faab207f115cf9738f110cb088ab35a4b7aef73a) Signed-off-by:

[Qemu-devel] [PATCH 35/81] machine: Convert abstract typename on compat_props to subclass names

From: Eduardo Habkost Original problem description by Greg Kurz: > Since commit "9a4c0e220d8a hw/virtio-pci: fix virtio > behaviour", passing -device virtio-blk-pci.disable-modern=off > has no effect on 2.6 machine types because the internal > virtio-pci.disable-modern=on

[Qemu-devel] [PATCH 37/81] pci: fix error message for express slots

From: "Michael S. Tsirkin" PCI Express downstream slot has a single PCI slot behind it, using PCI_DEVFN(PCI_SLOT(devfn), 0) does not give you function 0 in cases such as ARI as well as some error cases. This is exactly what we are hitting: $ qemu-system-x86_64 -machine q35

[Qemu-devel] [PATCH 42/81] scsi-block: fix direction of BYTCHK test for VERIFY commands

From: Paolo Bonzini The direction is wrong; scsi_block_is_passthrough returns false for commands that *can* use sglists. Reported-by: Zhang Qian Fixes: 8fdc7839e40f43a426bc7e858cf1dbfe315a3804 Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo

[Qemu-devel] [PATCH 29/81] 9pfs: fix bogus fd check in local_remove()

From: Greg Kurz This was spotted by Coverity as a fd leak. This is certainly true, but also local_remove() would always return without doing anything, unless the fd is zero, which is very unlikely. (Coverity issue CID1371732) Signed-off-by: Greg Kurz

[Qemu-devel] [PATCH 40/81] pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged

From: Igor Mammedov 'hotplugged' propperty is meant to be used on migration side when migrating source with hotplugged devices. However though it not exacly correct usage of 'hotplugged' property it's possible to set generic hotplugged property for CPU using -cpu

[Qemu-devel] [PATCH 31/81] 9pfs: fail local_statfs() earlier

From: Greg Kurz If we cannot open the given path, we can return right away instead of passing -1 to fstatfs() and close(). This will make Coverity happy. (Coverity issue CID1371729) Signed-off-by: Greg Kurz Reviewed-by: Daniel P. berrange

[Qemu-devel] [PATCH 61/81] block/nfs: fix NULL pointer dereference in URI parsing

From: Peter Lieven parse_uint_full wants to put the parsed value into the variable passed via its second argument which is NULL. Fixes: 94d6a7a76e9df9919629428f6c598e2b97d9426c Cc: qemu-sta...@nongnu.org Signed-off-by: Peter Lieven Reviewed-by: Eric Blake

[Qemu-devel] [PATCH 60/81] s390x/kvm: fix small race reboot vs. cmma

From: Christian Borntraeger Right now we reset all devices before we reset the cmma states. This can result in the host kernel discarding guest pages that were previously in the unused state but already contain a bios or a -kernel file before the cmma reset has finished.

[Qemu-devel] [PATCH 48/81] x86: ioapic: fix fail migration when irqchip=split

From: Peter Xu Split irqchip works based on the fact that we kept the first 24 gsi routing entries inside KVM for userspace ioapic's use. When system boot, we'll reserve these MSI routing entries before hand. However, after migration, we forgot to re-configure it up in the

[Qemu-devel] [PATCH 51/81] tcg/aarch64: Fix tcg_out_movi

From: Richard Henderson There were some patterns, like 0x___00ff, for which we would select to begin a multi-insn sequence with MOVN, but would fail to set the 0x lane back from 0x. Signed-off-by: Richard Henderson Message-Id:

[Qemu-devel] [PATCH 67/81] target/sparc: Restore ldstub of odd asis

From: Richard Henderson Fixes the booting of ss20 roms. Cc: qemu-sta...@nongnu.org Reported-by: Michael Russo Tested-by: Mark Cave-Ayland Signed-off-by: Richard Henderson (cherry picked from commit

[Qemu-devel] [PATCH 68/81] apic: reset apic_delivered global variable on machine reset

From: Pavel Dovgalyuk This patch adds call to apic_reset_irq_delivered when the virtual machine is reset. Signed-off-by: Pavel Dovgalyuk Message-Id: <20170131114054.276.62201.stgit@PASHA-ISP> Cc: qemu-sta...@nongnu.org Signed-off-by: Paolo

[Qemu-devel] [Bug 686613] Re: USB MSD are not marked as removable

Setting status to "Fix released" according to comment #5 (if there is something left to do for libvirt, please consult their bugtracker instead) ** Changed in: qemu Status: Confirmed => Fix Released -- You received this bug notification because you are a member of qemu- devel-ml, which

[Qemu-devel] [PATCH 13/81] 9pfs: local: utimensat: don't follow symlinks

From: Greg Kurz The local_utimensat() callback is vulnerable to symlink attacks because it calls qemu_utimens()->utimensat(AT_SYMLINK_NOFOLLOW) which follows symbolic links in all path elements but the rightmost one or qemu_utimens()->utimes() which follows symbolic links for all

[Qemu-devel] [PATCH 20/81] 9pfs: local: improve error handling in link op

From: Greg Kurz When using the mapped-file security model, we also have to create a link for the metadata file if it exists. In case of failure, we should rollback. That's what this patch does. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi

[Qemu-devel] [PATCH 22/81] 9pfs: local: chmod: don't follow symlinks

From: Greg Kurz The local_chmod() callback is vulnerable to symlink attacks because it calls: (1) chmod() which follows symbolic links for all path elements (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3) local_set_mapped_file_attr()

[Qemu-devel] [PATCH 56/81] cirrus: fix oob access issue (CVE-2017-2615)

From: Li Qiang When doing bitblt copy in backward mode, we should minus the blt width first just like the adding in the forward mode. This can avoid the oob access of the front of vga's vram. Signed-off-by: Li Qiang { kraxel: with backward blits (negative

[Qemu-devel] [PATCH 38/81] virtio: fix vq->inuse recalc after migr

From: Halil Pasic Correct recalculation of vq->inuse after migration for the corner case where the avail_idx has already wrapped but used_idx not yet. Also change the type of the VirtQueue.inuse to unsigned int. This is done to be consistent with other members

[Qemu-devel] [PATCH 53/81] virtio: fix up max size checks

From: "Michael S. Tsirkin" Coverity reports that ARRAY_SIZE(elem->out_sg) (and all the others too) is wrong because elem->out_sg is a pointer. However, the check is not in the right place and the max_size argument of virtqueue_map_iovec can be removed. The check on

[Qemu-devel] [PATCH 03/81] 9pfs: remove side-effects in local_open() and local_opendir()

From: Greg Kurz If these functions fail, they should not change *fs. Let's use local variables to fix this. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi (cherry picked from commit 21328e1e57f526e3f0c2fcd00f10c8aa6e7bc07f)

[Qemu-devel] [PATCH 02/81] 9pfs: remove side-effects in local_init()

From: Greg Kurz If this function fails, it should not modify *ctx. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi (cherry picked from commit 00c90bd1c2ff6aabb9ca948a254ba044a403e399) Signed-off-by: Greg Kurz

[Qemu-devel] [PATCH 49/81] char: fix ctrl-a b not working

From: Marc-André Lureau CharDriverState.be should be updated to point to the current associated backend. Fix the regression introduced in the "mux" chardev from commit a4afa548fc6dd9842ed86639b4d37d4d1c4ad480. https://bugs.launchpad.net/bugs/1654137 Signed-off-by:

[Qemu-devel] [PATCH 09/81] 9pfs: local: lsetxattr: don't follow symlinks

From: Greg Kurz The local_lsetxattr() callback is vulnerable to symlink attacks because it calls lsetxattr() which follows symbolic links in all path elements but the rightmost one. This patch introduces a helper to emulate the non-existing fsetxattrat() function: it is

[Qemu-devel] [PATCH 14/81] 9pfs: local: statfs: don't follow symlinks

From: Greg Kurz The local_statfs() callback is vulnerable to symlink attacks because it calls statfs() which follows symbolic links in all path elements. This patch converts local_statfs() to rely on open_nofollow() and fstatfs() instead. This partly fixes CVE-2016-9602.

[Qemu-devel] [PATCH 18/81] 9pfs: local: renameat: don't follow symlinks

From: Greg Kurz The local_renameat() callback is currently a wrapper around local_rename() which is vulnerable to symlink attacks. This patch rewrites local_renameat() to have its own implementation, based on local_opendir_nofollow() and renameat(). This partly fixes

[Qemu-devel] [PATCH 25/81] 9pfs: local: mknod: don't follow symlinks

From: Greg Kurz The local_mknod() callback is vulnerable to symlink attacks because it calls: (1) mknod() which follows symbolic links for all path elements but the rightmost one (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3)

[Qemu-devel] [PATCH 19/81] 9pfs: local: rename: use renameat

From: Greg Kurz The local_rename() callback is vulnerable to symlink attacks because it uses rename() which follows symbolic links in all path elements but the rightmost one. This patch simply transforms local_rename() into a wrapper around local_renameat() which is

[Qemu-devel] [PATCH 17/81] 9pfs: local: lstat: don't follow symlinks

From: Greg Kurz The local_lstat() callback is vulnerable to symlink attacks because it calls: (1) lstat() which follows symbolic links in all path elements but the rightmost one (2) getxattr() which follows symbolic links in all path elements (3)

[Qemu-devel] [PATCH 27/81] 9pfs: local: open2: don't follow symlinks

From: Greg Kurz The local_open2() callback is vulnerable to symlink attacks because it calls: (1) open() which follows symbolic links for all path elements but the rightmost one (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3)

[Qemu-devel] [PATCH 23/81] 9pfs: local: chown: don't follow symlinks

From: Greg Kurz The local_chown() callback is vulnerable to symlink attacks because it calls: (1) lchown() which follows symbolic links for all path elements but the rightmost one (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3)

[Qemu-devel] [PATCH 50/81] tcg/aarch64: Fix addsub2 for 0+C

From: Richard Henderson When al == xzr, we cannot use addi/subi because that encodes xsp. Force a zero into the temp register for that (rare) case. Signed-off-by: Richard Henderson Message-Id: <20161207180727.6286-2-...@twiddle.net> (cherry picked from

[Qemu-devel] [PATCH 32/81] 9pfs: don't use AT_EMPTY_PATH in local_set_cred_passthrough()

From: Greg Kurz The name argument can never be an empty string, and dirfd always point to the containing directory of the file name. AT_EMPTY_PATH is hence useless here. Also it breaks build with glibc version 2.13 and older. It is actually an oversight of a previous tentative

[Qemu-devel] [PATCH 26/81] 9pfs: local: mkdir: don't follow symlinks

From: Greg Kurz The local_mkdir() callback is vulnerable to symlink attacks because it calls: (1) mkdir() which follows symbolic links for all path elements but the rightmost one (2) local_set_xattr()->setxattr() which follows symbolic links for all path elements (3)

[Qemu-devel] [PATCH 47/81] display: cirrus: ignore source pitch value as needed in blit_is_unsafe

From: Bruce Rogers Commit 4299b90 added a check which is too broad, given that the source pitch value is not required to be initialized for solid fill operations. This patch refines the blit_is_unsafe() check to ignore source pitch in that case. After applying the above commit

[Qemu-devel] [PATCH 44/81] qemu-thread: fix qemu_thread_set_name() race in qemu_thread_create()

From: Caoxinhua QEMU will crash with the follow backtrace if the new created thread exited before we call qemu_thread_set_name() for it. (gdb) bt #0 0x7f9a68b095d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1

[Qemu-devel] [PATCH 28/81] 9pfs: local: drop unused code

From: Greg Kurz Now that the all callbacks have been converted to use "at" syscalls, we can drop this code. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi (cherry picked from commit c23d5f1d5bc0e23aeb845b1af8f996f16783ce98)

[Qemu-devel] [PATCH 62/81] block/nfs: fix naming of runtime opts

From: Peter Lieven commit 94d6a7a accidentally left the naming of runtime opts and QAPI scheme inconsistent. As one consequence passing of parameters in the URI is broken. Sync the naming of the runtime opts to the QAPI scheme. Please note that this is technically backwards

[Qemu-devel] [PATCH 58/81] ahci: advertise HOST_CAP_64

From: Ladi Prosek The AHCI emulation code supports 64-bit addressing and should advertise this fact in the Host Capabilities register. Both Linux and Windows drivers test this bit to decide if the upper 32 bits of various registers may be written to, and at least some

[Qemu-devel] [PATCH 39/81] 9pfs: fix crash when fsdev is missing

From: Greg Kurz If the user passes -device virtio-9p without the corresponding -fsdev, QEMU dereferences a NULL pointer and crashes. This is a 2.8 regression introduced by commit 702dbcc274e2c. Signed-off-by: Greg Kurz Reviewed-by: Li Qiang

[Qemu-devel] [PATCH 05/81] 9pfs: local: keep a file descriptor on the shared folder

From: Greg Kurz This patch opens the shared folder and caches the file descriptor, so that it can be used to do symlink-safe path walk. Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi (cherry picked from commit

Re: [Qemu-devel] [PATCHv2 for-2.10 2/5] pseries: Implement HPT resizing

On Wed, Mar 15, 2017 at 12:44:18PM +0530, Bharata B Rao wrote: > On Tue, Mar 14, 2017 at 11:04 AM, David Gibson > wrote: > > > This patch implements hypercalls allowing a PAPR guest to resize its own > > hash page table. This will eventually allow for more flexible

[Qemu-devel] [PATCH v2] ui/egl-helpers: fix egl 1.5 display init

Unfortunaly switching to getPlatformDisplayEXT isn't as easy as implemented by 0ea1523fb6703aa0dcd65e66b59e96fec028e60a. See the longish comment for the complete story. Cc: Frediano Ziglio Suggested-by: Hans de Goede Signed-off-by: Gerd Hoffmann

Re: [Qemu-devel] [PATCH fixup 1/2] intel_iommu: use the correct memory region for device IOTLB notification

On Mon, Mar 20, 2017 at 11:36:38AM +0800, Jason Wang wrote: > We have a specific memory region for DMAR now, so it's wrong to > trigger the notifier with the root region. > > Cc: Michael S. Tsirkin > Cc: Paolo Bonzini > Cc: Richard Henderson

Re: [Qemu-devel] [PATCH 02/31] ram: Add dirty_rate_high_cnt to RAMState

"Dr. David Alan Gilbert" wrote: > * Juan Quintela (quint...@redhat.com) wrote: >> We need to add a parameter to several functions to make this work. >> >> Signed-off-by: Juan Quintela [...] > Is that undoing false spaces from the previous patch? Yes

Re: [Qemu-devel] [PATCH 23/31] ram: Move migration_bitmap_rcu into RAMState

"Dr. David Alan Gilbert" wrote: > * Juan Quintela (quint...@redhat.com) wrote: >> Once there, rename the type to be shorter. >> >> Signed-off-by: Juan Quintela >> --- >> migration/ram.c | 79 >> ++---

Re: [Qemu-devel] [PATCH v1 1/3] cputlb: ensure tbl_set_dirty1 updates addr_write atomically

On 03/21/2017 01:34 AM, Alex Bennée wrote: This was an oversight when the rest of cputlb was being updated. As before it falls back to the non-atomic version when the host can't support wider-than-bus atomics. Signed-off-by: Alex Bennée --- cputlb.c | 8 1

Re: [Qemu-devel] [PATCH 01/31] ram: move more fields into RAMState

"Dr. David Alan Gilbert" wrote: > * Juan Quintela (quint...@redhat.com) wrote: >> last_seen_block, last_sent_block, last_offset, last_version and >> ram_bulk_stage are globals that are really related together. >> >> Signed-off-by: Juan Quintela >> ---

Re: [Qemu-devel] [RFC PATCH 1/4] I440: Allow adding sysbus devices with -device on I440

On Fri, Mar 17, 2017 at 07:29:14PM +0800, Lan Tianyu wrote: > From: Chao Gao > > xen-viommu will be a sysbus device and the device model will > be enabled via "-device" parameter. > > Signed-off-by: Chao Gao > Signed-off-by: Lan Tianyu

Re: [Qemu-devel] [PATCH] Add page-size to output in 'info migrate'

On 03/16/2017 03:42 AM, Chao Fan wrote: > The number of dirty pages outputed in 'pages' in the command > 'info migrate', so add page-size to calculate the number of dirty > pages in bytes. > > Signed-off-by: Chao Fan > Signed-off-by: Li Zhijian

Re: [Qemu-devel] [PATCH for-2.9 0/2] Fix string input visitor and "info memdev" regression

On 03/20/2017 11:13 AM, Markus Armbruster wrote: > Markus Armbruster (2): > qapi: Fix string input visitor regression for empty lists > Revert "hostmem: fix QEMU crash by 'info memdev'" Reviewed-by: Eric Blake > > backends/hostmem.c| 22

Re: [Qemu-devel] [PATCH for-2.9 4/5] keyval: Document issues with 'any' and alternate types

On 03/20/2017 07:55 AM, Markus Armbruster wrote: > Signed-off-by: Markus Armbruster > --- > util/keyval.c | 10 ++ > 1 file changed, 10 insertions(+) > > diff --git a/util/keyval.c b/util/keyval.c > index 46cd540..93d5db6 100644 > --- a/util/keyval.c > +++

Re: [Qemu-devel] [PATCH for-2.9 1/2] qapi: Fix string input visitor regression for empty lists

Quoting Markus Armbruster (2017-03-20 11:13:43) > Visiting a list when input is the empty string should result in an > empty list, not an error. Noticed when commit 3d089ce belatedly added > tests, but simply accepted as weird then. It's actually a regression: > broken in commit 74f24cb, v2.7.0.

Re: [Qemu-devel] [PATCH v1 2/3] user-exec: handle synchronous signals from QEMU gracefully

On 03/21/2017 01:34 AM, Alex Bennée wrote: When "tcg: enable thread-per-vCPU" (commit 3725794) was merged the lifetime of current_cpu was changed. Previously a broken linux-user call might abort() which can eventually escalate into a SIGSEGV which would then crash qemu as it attempted to deref a

Re: [Qemu-devel] [PATCH for-2.9 5/5] MAINTAINERS: Add myself for files I touched recently

On 03/20/2017 07:55 AM, Markus Armbruster wrote: > Signed-off-by: Markus Armbruster > --- > MAINTAINERS | 11 +++ > 1 file changed, 11 insertions(+) Reviewed-by: Eric Blake By the way, where do we stand on the idea of having checkpatch.pl reject

Re: [Qemu-devel] [PATCH 27/31] ram: Move last_req_rb to RAMState

"Dr. David Alan Gilbert" wrote: > * Juan Quintela (quint...@redhat.com) wrote: >> It was on MigrationState when it is only used inside ram.c for >> postcopy. Problem is that we need to access it without being able to >> pass it RAMState directly. >> >> Signed-off-by: Juan

Re: [Qemu-devel] [PATCH for-2.9 1/5] test-keyval: Tweaks to improve list coverage

On 03/20/2017 07:55 AM, Markus Armbruster wrote: > We have a negative test case for a list index with leading zero. Add > positive ones. > > Tweak the test case for list index greater or equal the number of > elements: test "equal" instead of "greater" to guard against > off-by-one mistakes. >

Re: [Qemu-devel] Assertion failure taking external snapshot with virtio drive + iothread

On Fri, Mar 17, 2017 at 12:27 PM, Paolo Bonzini wrote: > And this is a fix, but I have no idea why/how it works and what else it > may break. > > Patches 1 and 2 are pretty obvious and would be the first step towards > eliminating aio_disable/enable_external altogether. > >

[Qemu-devel] [Bug 665743] Re: Cocoa video corruption when guest uses RGB565 mode

[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/665743 Title: Cocoa video

[Qemu-devel] [Bug 618533] Re: OpenSolaris guest fails to see the Solaris partitions of a physical disk in qemu-kvm-9999 (GIT)

[Expired for QEMU because there has been no activity for 60 days.] ** Changed in: qemu Status: Incomplete => Expired -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/618533 Title: OpenSolaris

Re: [Qemu-devel] [PATCH 1/2] tests: Expose regression in QemuOpts visitor

Quoting Eric Blake (2017-03-20 22:17:04) > Commit 15c2f669e broke the ability of the QemuOpts visitor to > flag extra input parameters, but the regression went unnoticed > because of missing testsuite coverage. Add a test to cover this. > > Signed-off-by: Eric Blake

Re: [Qemu-devel] [PATCH 2/2] configure: use pkg-config for obtaining xen version

On 17/03/17 19:33, Stefano Stabellini wrote: > On Fri, 17 Mar 2017, Juergen Gross wrote: >> On 16/03/17 21:20, Stefano Stabellini wrote: >>> On Thu, 16 Mar 2017, Juergen Gross wrote: Instead of trying to guess the Xen version to use by compiling various test programs first just ask the

[Qemu-devel] [PATCH 73/81] eth: Extend vlan stripping functions

From: Dmitry Fleytman Make VLAN stripping functions return number of bytes copied to given Ethernet header buffer. This information should be used to re-compose packet IOV after VLAN stripping. Cc: qemu-sta...@nongnu.org Signed-off-by: Dmitry Fleytman

[Qemu-devel] [PATCH 77/81] e1000e: correctly tear down MSI-X memory regions

From: Paolo Bonzini MSI-X has been disabled by the time the e1000e device is unrealized, hence msix_uninit is never called. This causes the object to be leaked, which shows up as a RAMBlock with empty name when attempting migration. Reported-by: Dr. David Alan Gilbert

[Qemu-devel] [PATCH 64/81] vnc: do not disconnect on EAGAIN

From: Michael Tokarev When qemu vnc server is trying to send large update to clients, there might be a situation when system responds with something like EAGAIN, indicating that there's no system memory to send that much data (depending on the network speed, client and server

[Qemu-devel] [PATCH 72/81] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)

From: Gerd Hoffmann CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination and blit width, at all. Oops. Fix it. Security impact: high. The missing blit destination check allows to write to host memory. Basically same as CVE-2014-8106 for the other blit variants.

[Qemu-devel] [PATCH 71/81] hmp: fix block_set_io_throttle

From: Eric Blake Commit 7a9877a made the 'device' parameter to BlockIOThrottle optional, favoring 'id' instead. But it forgot to update the HMP usage to set has_device, which makes all attempts to change throttling via HMP fail with "Need exactly one of 'device' and 'id'"

[Qemu-devel] [PATCH 81/81] thread-pool: add missing qemu_bh_cancel in completion function

From: Peter Lieven commit 3c80ca15 fixed a deadlock scenarion with nested aio_poll invocations. However, the rescheduling of the completion BH introcuded unnecessary spinning in the main-loop. On very fast file backends this can even lead to the "WARNING: I/O thread spun for 1000

Re: [Qemu-devel] [PATCH v4]COLO:Fix Colo doc, secondeary should be secondary

Subject: [PATCH] Fix Colo doc secondeary should be secondary This is an error in COLO-FT.txt. secondeary-disk0 should be secondary-disk0. Signed-off-by: Guang Wang --- docs/COLO-FT.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/COLO-FT.txt

Re: [Qemu-devel] [PATCH 00/81] Patch Round-up for stable 2.8.1, freeze on 2017-03-27

On 03/20/2017 06:07 PM, Michael Roth wrote: > Hi everyone, > > The following new patches are queued for QEMU stable v2.8.1: > > https://github.com/mdroth/qemu/commits/stable-2.8-staging > > The release is planned for 2017-03-30: > > http://wiki.qemu.org/Planning/2.8 > > Please respond

Re: [Qemu-devel] [PATCH 00/81] Patch Round-up for stable 2.8.1, freeze on 2017-03-27

On 03/21/2017 09:07 AM, Michael Roth wrote: Hi everyone, The following new patches are queued for QEMU stable v2.8.1: https://github.com/mdroth/qemu/commits/stable-2.8-staging The release is planned for 2017-03-30: http://wiki.qemu.org/Planning/2.8 Please respond here or CC

Re: [Qemu-devel] [PATCH v4]COLO:Fix Colo doc, secondeary should be secondary

On 03/21/2017 11:05 AM, Eric Blake wrote: On 03/20/2017 07:26 PM, wangguang wrote: Subject: [PATCH] Fix Colo doc secondeary should be secondary This is an error in COLO-FT.txt. secondeary-disk0 should be secondary-disk0. Signed-off-by: -- View this message in context:

[Qemu-devel] [PATCH 2/2] qapi: Fix QemuOpts visitor regression on unvisited input

An off-by-one in commit 15c2f669e meant that we were failing to check for unparsed input in all QemuOpts visitors. Recent testsuite additions show that fixing the obvious bug with bogus fields will also fix the case of an incomplete list visit; update the tests to match the new behavior. Simple

[Qemu-devel] [PATCH for-2.9 0/2] Fix QemuOpts regression on bogus keys

Reported to me off-list by Laurent Vivier, who found the problem while working on https://bugzilla.redhat.com/1433193 Broken since 2.7, but the fix is a one-liner (pointing out my embarrassing mistake of mis-converting a pre-decrement operator); as a bug fix, it still qualifies for 2.9 in spite of

[Qemu-devel] [PATCH 76/81] NetRxPkt: Account buffer with ETH header in IOV length

From: Dmitry Fleytman In case of VLAN stripping ETH header is stored in a separate chunk and length of IOV should take this into account. This patch fixes checksum validation for RX packets with VLAN header. Devices affected by this problem: e1000e and vmxnet3. Cc:

[Qemu-devel] [PATCH 66/81] block/vmdk: Fix the endian problem of buf_len and lba

From: QingFeng Hao The problem was triggered by qemu-iotests case 055. It failed when it was comparing the compressed vmdk image with original test.img. The cause is that buf_len in vmdk_write_extent wasn't converted to little-endian before it was stored to disk. But

[Qemu-devel] [PATCH 69/81] target-i386: correctly propagate retaddr into SVM helpers

From: Paolo Bonzini Commit 2afbdf8 ("target-i386: exception handling for memory helpers", 2015-09-15) changed tlb_fill's cpu_restore_state+raise_exception_err to raise_exception_err_ra. After this change, the cpu_restore_state and raise_exception_err's cpu_loop_exit are

[Qemu-devel] [PATCH 80/81] s390x/css: reassign subchannel if schid is changed after migration

From: Dong Jia Shi The subchannel is a means to access a device. While the device number is assigned by the administrator, the subchannel number is assigned by the channel subsystem in an ascending order on cold and hot plug. When doing unplug and replug operations,

Re: [Qemu-devel] [PATCH 1/2] acpi_piix4: fix migration of gpe fields

On Mon, Mar 20, 2017 at 01:02:10PM +0100, Philipp Hahn wrote: > Hello Marcelo, cc:qemu, > > Sorry for re-using this old thread, but I have a problem loading some > saved state from qemu-kvm-1.1.2, which fails for piix4_pm. > > You following patch was committed as >

[Qemu-devel] [Bug 877498] Re: qemu does not pass sector size from physical devices to virtual devices

QEMU 0.12 is pretty much outdated ... can you still reproduce this issue with the latest version of QEMU, or can we close this bug nowadays? ** Changed in: qemu Status: New => Incomplete -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed

Re: [Qemu-devel] Assertion failure taking external snapshot with virtio drive + iothread

On Fri, Mar 17, 2017 at 12:27 PM, Paolo Bonzini wrote: > And this is a fix, but I have no idea why/how it works and what else it > may break. > > Patches 1 and 2 are pretty obvious and would be the first step towards > eliminating aio_disable/enable_external altogether. > >

Re: [Qemu-devel] [PATCH v4]COLO:Fix Colo doc, secondeary should be secondary

On 03/20/2017 07:26 PM, wangguang wrote: > Subject: [PATCH] Fix Colo doc secondeary should be secondary This is an error > in COLO-FT.txt. secondeary-disk0 should be secondary-disk0. Signed-off-by: > -- > View this message in context: http://qemu.11.n7.nabble.com/ Nabble may be a fine platform

  1   2   3   4   >