Thanks for reporting this issue.
In fact, branches in a delay slot is "undefined" in the pre-Release 6
architecture.
MIPS architectre release 6 defines to signal Reserved Instruction exceptions
for such cases.
However as it was undefined, it is better to signal RI and carry on rather than
From: Greg Kurz
The local_truncate() callback is vulnerable to symlink attacks because
it calls truncate() which follows symbolic links in all path elements.
This patch converts local_truncate() to rely on open_nofollow() and
ftruncate() instead.
This partly fixes
From: Greg Kurz
The local_readlink() callback is vulnerable to symlink attacks because it
calls:
(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
From: Greg Kurz
The local_symlink() callback is vulnerable to symlink attacks because it
calls:
(1) symlink() which follows symbolic links for all path elements but the
rightmost one
(2) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the
From: Roman Kapl
rcu_read_unlock was not called if the address_space_access_valid result is
negative.
This caused (at least) a problem when qemu on PPC/E500+TAP failed to terminate
properly and instead got stuck in a deadlock.
Signed-off-by: Roman Kapl
From: Greg Kurz
The local_link() callback is vulnerable to symlink attacks because it calls:
(1) link() which follows symbolic links for all path elements but the
rightmost one
(2) local_create_mapped_attr_dir()->mkdir() which follows symbolic links
for all path elements
From: Greg Kurz
When O_PATH is used with O_DIRECTORY, it only acts as an optimization: the
openat() syscall simply finds the name in the VFS, and doesn't trigger the
underlying filesystem.
On systems that don't define O_PATH, because they have glibc version 2.13
or older for
From: "Dr. David Alan Gilbert"
A broken guest can specify physical addresses that correspond
to any memory region, but it shouldn't be able to change ROM.
Signed-off-by: Dr. David Alan Gilbert
Cc: qemu-sta...@nongnu.org
Acked-by: Paolo Bonzini
From: Thomas Huth
If the buffer is not big enough, snprintf() does not return the number
of bytes that have been written to the buffer, but the number of bytes
that would be needed for writing the whole string. By using this value
for the following vnc_write() calls, we send
From: Greg Kurz
When using the passthrough security mode, symbolic links created by the
guest are actual symbolic links on the host file system.
Since the resolution of symbolic links during path walk is supposed to
occur on the client side. The server should hence never receive
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1663287
Title:
Illegal delay slot code causes abort on mips64
Status in QEMU:
Fix Committed
From: Greg Kurz
The local_lremovexattr() callback is vulnerable to symlink attacks because
it calls lremovexattr() which follows symbolic links in all path elements
but the rightmost one.
This patch introduces a helper to emulate the non-existing fremovexattrat()
function: it is
Hi everyone,
The following new patches are queued for QEMU stable v2.8.1:
https://github.com/mdroth/qemu/commits/stable-2.8-staging
The release is planned for 2017-03-30:
http://wiki.qemu.org/Planning/2.8
Please respond here or CC qemu-sta...@nongnu.org on any patches you
think should be
From: Greg Kurz
The local_unlinkat() callback is vulnerable to symlink attacks because it
calls remove() which follows symbolic links in all path elements but the
rightmost one.
This patch converts local_unlinkat() to rely on opendir_nofollow() and
unlinkat() instead.
Most of
From: Greg Kurz
The local_remove() callback is vulnerable to symlink attacks because it
calls:
(1) lstat() which follows symbolic links in all path elements but the
rightmost one
(2) remove() which follows symbolic links in all path elements but the
rightmost one
This
From: Greg Kurz
These functions are always called indirectly. It really doesn't make sense
for them to sit in a header file.
Signed-off-by: Greg Kurz
Reviewed-by: Stefan Hajnoczi
(cherry picked from commit
From: Greg Kurz
We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make
QEMU vulnerable.
While here, we also fix local_unlinkat_common() to use openat_dir() for
the same reasons (it was a leftover in the original patchset actually).
This fixes CVE-2016-9602.
From: Hervé Poussineau
This patch fixes a segfault at QEMU startup, introduced in
a08156321ab9a7d2fed9ee77dbfeea2a61ffd153.
gd_vc_find_current() return NULL, which is dereferenced without checking it.
While at it, disable the whole 'View' menu if no console exists.
From: Greg Kurz
Coverity issue CID1371731
Signed-off-by: Greg Kurz
Reviewed-by: Daniel P. Berrange
Reviewed-by: Philippe Mathieu-Daudé
(cherry picked from commit faab207f115cf9738f110cb088ab35a4b7aef73a)
Signed-off-by:
From: Eduardo Habkost
Original problem description by Greg Kurz:
> Since commit "9a4c0e220d8a hw/virtio-pci: fix virtio
> behaviour", passing -device virtio-blk-pci.disable-modern=off
> has no effect on 2.6 machine types because the internal
> virtio-pci.disable-modern=on
From: "Michael S. Tsirkin"
PCI Express downstream slot has a single PCI slot
behind it, using PCI_DEVFN(PCI_SLOT(devfn), 0)
does not give you function 0 in cases such as ARI
as well as some error cases.
This is exactly what we are hitting:
$ qemu-system-x86_64 -machine q35
From: Paolo Bonzini
The direction is wrong; scsi_block_is_passthrough returns
false for commands that *can* use sglists.
Reported-by: Zhang Qian
Fixes: 8fdc7839e40f43a426bc7e858cf1dbfe315a3804
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo
From: Greg Kurz
This was spotted by Coverity as a fd leak. This is certainly true, but also
local_remove() would always return without doing anything, unless the fd is
zero, which is very unlikely.
(Coverity issue CID1371732)
Signed-off-by: Greg Kurz
From: Igor Mammedov
'hotplugged' propperty is meant to be used on migration side when migrating
source with hotplugged devices.
However though it not exacly correct usage of 'hotplugged' property
it's possible to set generic hotplugged property for CPU using
-cpu
From: Greg Kurz
If we cannot open the given path, we can return right away instead of
passing -1 to fstatfs() and close(). This will make Coverity happy.
(Coverity issue CID1371729)
Signed-off-by: Greg Kurz
Reviewed-by: Daniel P. berrange
From: Peter Lieven
parse_uint_full wants to put the parsed value into the
variable passed via its second argument which is NULL.
Fixes: 94d6a7a76e9df9919629428f6c598e2b97d9426c
Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Lieven
Reviewed-by: Eric Blake
From: Christian Borntraeger
Right now we reset all devices before we reset the cmma states. This
can result in the host kernel discarding guest pages that were
previously in the unused state but already contain a bios or a -kernel
file before the cmma reset has finished.
From: Peter Xu
Split irqchip works based on the fact that we kept the first 24 gsi
routing entries inside KVM for userspace ioapic's use. When system
boot, we'll reserve these MSI routing entries before hand. However,
after migration, we forgot to re-configure it up in the
From: Richard Henderson
There were some patterns, like 0x___00ff, for which we
would select to begin a multi-insn sequence with MOVN, but would
fail to set the 0x lane back from 0x.
Signed-off-by: Richard Henderson
Message-Id:
From: Richard Henderson
Fixes the booting of ss20 roms.
Cc: qemu-sta...@nongnu.org
Reported-by: Michael Russo
Tested-by: Mark Cave-Ayland
Signed-off-by: Richard Henderson
(cherry picked from commit
From: Pavel Dovgalyuk
This patch adds call to apic_reset_irq_delivered when the virtual
machine is reset.
Signed-off-by: Pavel Dovgalyuk
Message-Id: <20170131114054.276.62201.stgit@PASHA-ISP>
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo
Setting status to "Fix released" according to comment #5 (if there is
something left to do for libvirt, please consult their bugtracker
instead)
** Changed in: qemu
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which
From: Greg Kurz
The local_utimensat() callback is vulnerable to symlink attacks because it
calls qemu_utimens()->utimensat(AT_SYMLINK_NOFOLLOW) which follows symbolic
links in all path elements but the rightmost one or qemu_utimens()->utimes()
which follows symbolic links for all
From: Greg Kurz
When using the mapped-file security model, we also have to create a link
for the metadata file if it exists. In case of failure, we should rollback.
That's what this patch does.
Signed-off-by: Greg Kurz
Reviewed-by: Stefan Hajnoczi
From: Greg Kurz
The local_chmod() callback is vulnerable to symlink attacks because it
calls:
(1) chmod() which follows symbolic links for all path elements
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3) local_set_mapped_file_attr()
From: Li Qiang
When doing bitblt copy in backward mode, we should minus the
blt width first just like the adding in the forward mode. This
can avoid the oob access of the front of vga's vram.
Signed-off-by: Li Qiang
{ kraxel: with backward blits (negative
From: Halil Pasic
Correct recalculation of vq->inuse after migration for the corner case
where the avail_idx has already wrapped but used_idx not yet.
Also change the type of the VirtQueue.inuse to unsigned int. This is
done to be consistent with other members
From: "Michael S. Tsirkin"
Coverity reports that ARRAY_SIZE(elem->out_sg) (and all the others too)
is wrong because elem->out_sg is a pointer.
However, the check is not in the right place and the max_size argument
of virtqueue_map_iovec can be removed. The check on
From: Greg Kurz
If these functions fail, they should not change *fs. Let's use local
variables to fix this.
Signed-off-by: Greg Kurz
Reviewed-by: Stefan Hajnoczi
(cherry picked from commit 21328e1e57f526e3f0c2fcd00f10c8aa6e7bc07f)
From: Greg Kurz
If this function fails, it should not modify *ctx.
Signed-off-by: Greg Kurz
Reviewed-by: Stefan Hajnoczi
(cherry picked from commit 00c90bd1c2ff6aabb9ca948a254ba044a403e399)
Signed-off-by: Greg Kurz
From: Marc-André Lureau
CharDriverState.be should be updated to point to the current
associated backend.
Fix the regression introduced in the "mux" chardev from commit
a4afa548fc6dd9842ed86639b4d37d4d1c4ad480.
https://bugs.launchpad.net/bugs/1654137
Signed-off-by:
From: Greg Kurz
The local_lsetxattr() callback is vulnerable to symlink attacks because
it calls lsetxattr() which follows symbolic links in all path elements but
the rightmost one.
This patch introduces a helper to emulate the non-existing fsetxattrat()
function: it is
From: Greg Kurz
The local_statfs() callback is vulnerable to symlink attacks because it
calls statfs() which follows symbolic links in all path elements.
This patch converts local_statfs() to rely on open_nofollow() and fstatfs()
instead.
This partly fixes CVE-2016-9602.
From: Greg Kurz
The local_renameat() callback is currently a wrapper around local_rename()
which is vulnerable to symlink attacks.
This patch rewrites local_renameat() to have its own implementation, based
on local_opendir_nofollow() and renameat().
This partly fixes
From: Greg Kurz
The local_mknod() callback is vulnerable to symlink attacks because it
calls:
(1) mknod() which follows symbolic links for all path elements but the
rightmost one
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3)
From: Greg Kurz
The local_rename() callback is vulnerable to symlink attacks because it
uses rename() which follows symbolic links in all path elements but the
rightmost one.
This patch simply transforms local_rename() into a wrapper around
local_renameat() which is
From: Greg Kurz
The local_lstat() callback is vulnerable to symlink attacks because it
calls:
(1) lstat() which follows symbolic links in all path elements but the
rightmost one
(2) getxattr() which follows symbolic links in all path elements
(3)
From: Greg Kurz
The local_open2() callback is vulnerable to symlink attacks because it
calls:
(1) open() which follows symbolic links for all path elements but the
rightmost one
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3)
From: Greg Kurz
The local_chown() callback is vulnerable to symlink attacks because it
calls:
(1) lchown() which follows symbolic links for all path elements but the
rightmost one
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3)
From: Richard Henderson
When al == xzr, we cannot use addi/subi because that encodes xsp.
Force a zero into the temp register for that (rare) case.
Signed-off-by: Richard Henderson
Message-Id: <20161207180727.6286-2-...@twiddle.net>
(cherry picked from
From: Greg Kurz
The name argument can never be an empty string, and dirfd always point to
the containing directory of the file name. AT_EMPTY_PATH is hence useless
here. Also it breaks build with glibc version 2.13 and older.
It is actually an oversight of a previous tentative
From: Greg Kurz
The local_mkdir() callback is vulnerable to symlink attacks because it
calls:
(1) mkdir() which follows symbolic links for all path elements but the
rightmost one
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3)
From: Bruce Rogers
Commit 4299b90 added a check which is too broad, given that the source
pitch value is not required to be initialized for solid fill operations.
This patch refines the blit_is_unsafe() check to ignore source pitch in
that case. After applying the above commit
From: Caoxinhua
QEMU will crash with the follow backtrace if the new created thread exited
before
we call qemu_thread_set_name() for it.
(gdb) bt
#0 0x7f9a68b095d7 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1
From: Greg Kurz
Now that the all callbacks have been converted to use "at" syscalls, we
can drop this code.
Signed-off-by: Greg Kurz
Reviewed-by: Stefan Hajnoczi
(cherry picked from commit c23d5f1d5bc0e23aeb845b1af8f996f16783ce98)
From: Peter Lieven
commit 94d6a7a accidentally left the naming of runtime opts and QAPI
scheme inconsistent. As one consequence passing of parameters in the
URI is broken. Sync the naming of the runtime opts to the QAPI
scheme.
Please note that this is technically backwards
From: Ladi Prosek
The AHCI emulation code supports 64-bit addressing and should advertise this
fact in the Host Capabilities register. Both Linux and Windows drivers test
this bit to decide if the upper 32 bits of various registers may be written
to, and at least some
From: Greg Kurz
If the user passes -device virtio-9p without the corresponding -fsdev, QEMU
dereferences a NULL pointer and crashes.
This is a 2.8 regression introduced by commit 702dbcc274e2c.
Signed-off-by: Greg Kurz
Reviewed-by: Li Qiang
From: Greg Kurz
This patch opens the shared folder and caches the file descriptor, so that
it can be used to do symlink-safe path walk.
Signed-off-by: Greg Kurz
Reviewed-by: Stefan Hajnoczi
(cherry picked from commit
On Wed, Mar 15, 2017 at 12:44:18PM +0530, Bharata B Rao wrote:
> On Tue, Mar 14, 2017 at 11:04 AM, David Gibson
> wrote:
>
> > This patch implements hypercalls allowing a PAPR guest to resize its own
> > hash page table. This will eventually allow for more flexible
Unfortunaly switching to getPlatformDisplayEXT isn't as easy as
implemented by 0ea1523fb6703aa0dcd65e66b59e96fec028e60a. See the
longish comment for the complete story.
Cc: Frediano Ziglio
Suggested-by: Hans de Goede
Signed-off-by: Gerd Hoffmann
On Mon, Mar 20, 2017 at 11:36:38AM +0800, Jason Wang wrote:
> We have a specific memory region for DMAR now, so it's wrong to
> trigger the notifier with the root region.
>
> Cc: Michael S. Tsirkin
> Cc: Paolo Bonzini
> Cc: Richard Henderson
"Dr. David Alan Gilbert" wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> We need to add a parameter to several functions to make this work.
>>
>> Signed-off-by: Juan Quintela
[...]
> Is that undoing false spaces from the previous patch?
Yes
"Dr. David Alan Gilbert" wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> Once there, rename the type to be shorter.
>>
>> Signed-off-by: Juan Quintela
>> ---
>> migration/ram.c | 79
>> ++---
On 03/21/2017 01:34 AM, Alex Bennée wrote:
This was an oversight when the rest of cputlb was being updated. As
before it falls back to the non-atomic version when the host can't
support wider-than-bus atomics.
Signed-off-by: Alex Bennée
---
cputlb.c | 8
1
"Dr. David Alan Gilbert" wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> last_seen_block, last_sent_block, last_offset, last_version and
>> ram_bulk_stage are globals that are really related together.
>>
>> Signed-off-by: Juan Quintela
>> ---
On Fri, Mar 17, 2017 at 07:29:14PM +0800, Lan Tianyu wrote:
> From: Chao Gao
>
> xen-viommu will be a sysbus device and the device model will
> be enabled via "-device" parameter.
>
> Signed-off-by: Chao Gao
> Signed-off-by: Lan Tianyu
On 03/16/2017 03:42 AM, Chao Fan wrote:
> The number of dirty pages outputed in 'pages' in the command
> 'info migrate', so add page-size to calculate the number of dirty
> pages in bytes.
>
> Signed-off-by: Chao Fan
> Signed-off-by: Li Zhijian
On 03/20/2017 11:13 AM, Markus Armbruster wrote:
> Markus Armbruster (2):
> qapi: Fix string input visitor regression for empty lists
> Revert "hostmem: fix QEMU crash by 'info memdev'"
Reviewed-by: Eric Blake
>
> backends/hostmem.c| 22
On 03/20/2017 07:55 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster
> ---
> util/keyval.c | 10 ++
> 1 file changed, 10 insertions(+)
>
> diff --git a/util/keyval.c b/util/keyval.c
> index 46cd540..93d5db6 100644
> --- a/util/keyval.c
> +++
Quoting Markus Armbruster (2017-03-20 11:13:43)
> Visiting a list when input is the empty string should result in an
> empty list, not an error. Noticed when commit 3d089ce belatedly added
> tests, but simply accepted as weird then. It's actually a regression:
> broken in commit 74f24cb, v2.7.0.
On 03/21/2017 01:34 AM, Alex Bennée wrote:
When "tcg: enable thread-per-vCPU" (commit 3725794) was merged the
lifetime of current_cpu was changed. Previously a broken linux-user
call might abort() which can eventually escalate into a SIGSEGV which
would then crash qemu as it attempted to deref a
On 03/20/2017 07:55 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster
> ---
> MAINTAINERS | 11 +++
> 1 file changed, 11 insertions(+)
Reviewed-by: Eric Blake
By the way, where do we stand on the idea of having checkpatch.pl reject
"Dr. David Alan Gilbert" wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> It was on MigrationState when it is only used inside ram.c for
>> postcopy. Problem is that we need to access it without being able to
>> pass it RAMState directly.
>>
>> Signed-off-by: Juan
On 03/20/2017 07:55 AM, Markus Armbruster wrote:
> We have a negative test case for a list index with leading zero. Add
> positive ones.
>
> Tweak the test case for list index greater or equal the number of
> elements: test "equal" instead of "greater" to guard against
> off-by-one mistakes.
>
On Fri, Mar 17, 2017 at 12:27 PM, Paolo Bonzini wrote:
> And this is a fix, but I have no idea why/how it works and what else it
> may break.
>
> Patches 1 and 2 are pretty obvious and would be the first step towards
> eliminating aio_disable/enable_external altogether.
>
>
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/665743
Title:
Cocoa video
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/618533
Title:
OpenSolaris
Quoting Eric Blake (2017-03-20 22:17:04)
> Commit 15c2f669e broke the ability of the QemuOpts visitor to
> flag extra input parameters, but the regression went unnoticed
> because of missing testsuite coverage. Add a test to cover this.
>
> Signed-off-by: Eric Blake
On 17/03/17 19:33, Stefano Stabellini wrote:
> On Fri, 17 Mar 2017, Juergen Gross wrote:
>> On 16/03/17 21:20, Stefano Stabellini wrote:
>>> On Thu, 16 Mar 2017, Juergen Gross wrote:
Instead of trying to guess the Xen version to use by compiling various
test programs first just ask the
From: Dmitry Fleytman
Make VLAN stripping functions return number of bytes
copied to given Ethernet header buffer.
This information should be used to re-compose
packet IOV after VLAN stripping.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Dmitry Fleytman
From: Paolo Bonzini
MSI-X has been disabled by the time the e1000e device is unrealized, hence
msix_uninit is never called. This causes the object to be leaked, which
shows up as a RAMBlock with empty name when attempting migration.
Reported-by: Dr. David Alan Gilbert
From: Michael Tokarev
When qemu vnc server is trying to send large update to clients,
there might be a situation when system responds with something
like EAGAIN, indicating that there's no system memory to send
that much data (depending on the network speed, client and server
From: Gerd Hoffmann
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
and blit width, at all. Oops. Fix it.
Security impact: high.
The missing blit destination check allows to write to host memory.
Basically same as CVE-2014-8106 for the other blit variants.
From: Eric Blake
Commit 7a9877a made the 'device' parameter to BlockIOThrottle
optional, favoring 'id' instead. But it forgot to update the
HMP usage to set has_device, which makes all attempts to change
throttling via HMP fail with "Need exactly one of 'device' and 'id'"
From: Peter Lieven
commit 3c80ca15 fixed a deadlock scenarion with nested aio_poll invocations.
However, the rescheduling of the completion BH introcuded unnecessary spinning
in the main-loop. On very fast file backends this can even lead to the
"WARNING: I/O thread spun for 1000
Subject: [PATCH] Fix Colo doc secondeary should be secondary This is an error
in COLO-FT.txt. secondeary-disk0 should be secondary-disk0. Signed-off-by:
Guang Wang --- docs/COLO-FT.txt | 2 +- 1 file
changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/COLO-FT.txt
On 03/20/2017 06:07 PM, Michael Roth wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.8.1:
>
> https://github.com/mdroth/qemu/commits/stable-2.8-staging
>
> The release is planned for 2017-03-30:
>
> http://wiki.qemu.org/Planning/2.8
>
> Please respond
On 03/21/2017 09:07 AM, Michael Roth wrote:
Hi everyone,
The following new patches are queued for QEMU stable v2.8.1:
https://github.com/mdroth/qemu/commits/stable-2.8-staging
The release is planned for 2017-03-30:
http://wiki.qemu.org/Planning/2.8
Please respond here or CC
On 03/21/2017 11:05 AM, Eric Blake wrote:
On 03/20/2017 07:26 PM, wangguang wrote:
Subject: [PATCH] Fix Colo doc secondeary should be secondary This is an error
in COLO-FT.txt. secondeary-disk0 should be secondary-disk0. Signed-off-by:
--
View this message in context:
An off-by-one in commit 15c2f669e meant that we were failing to
check for unparsed input in all QemuOpts visitors. Recent testsuite
additions show that fixing the obvious bug with bogus fields will
also fix the case of an incomplete list visit; update the tests to
match the new behavior.
Simple
Reported to me off-list by Laurent Vivier, who found the
problem while working on https://bugzilla.redhat.com/1433193
Broken since 2.7, but the fix is a one-liner (pointing out my
embarrassing mistake of mis-converting a pre-decrement operator);
as a bug fix, it still qualifies for 2.9 in spite of
From: Dmitry Fleytman
In case of VLAN stripping ETH header is stored in a
separate chunk and length of IOV should take this into
account.
This patch fixes checksum validation for RX packets
with VLAN header.
Devices affected by this problem: e1000e and vmxnet3.
Cc:
From: QingFeng Hao
The problem was triggered by qemu-iotests case 055. It failed when it
was comparing the compressed vmdk image with original test.img.
The cause is that buf_len in vmdk_write_extent wasn't converted to
little-endian before it was stored to disk. But
From: Paolo Bonzini
Commit 2afbdf8 ("target-i386: exception handling for memory helpers",
2015-09-15) changed tlb_fill's cpu_restore_state+raise_exception_err
to raise_exception_err_ra. After this change, the cpu_restore_state
and raise_exception_err's cpu_loop_exit are
From: Dong Jia Shi
The subchannel is a means to access a device. While the device number is
assigned by the administrator, the subchannel number is assigned by
the channel subsystem in an ascending order on cold and hot plug.
When doing unplug and replug operations,
On Mon, Mar 20, 2017 at 01:02:10PM +0100, Philipp Hahn wrote:
> Hello Marcelo, cc:qemu,
>
> Sorry for re-using this old thread, but I have a problem loading some
> saved state from qemu-kvm-1.1.2, which fails for piix4_pm.
>
> You following patch was committed as
>
QEMU 0.12 is pretty much outdated ... can you still reproduce this issue
with the latest version of QEMU, or can we close this bug nowadays?
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed
On Fri, Mar 17, 2017 at 12:27 PM, Paolo Bonzini wrote:
> And this is a fix, but I have no idea why/how it works and what else it
> may break.
>
> Patches 1 and 2 are pretty obvious and would be the first step towards
> eliminating aio_disable/enable_external altogether.
>
>
On 03/20/2017 07:26 PM, wangguang wrote:
> Subject: [PATCH] Fix Colo doc secondeary should be secondary This is an error
> in COLO-FT.txt. secondeary-disk0 should be secondary-disk0. Signed-off-by:
> --
> View this message in context: http://qemu.11.n7.nabble.com/
Nabble may be a fine platform
1 - 100 of 386 matches
Mail list logo