- 05 2月, 2016 4 次提交
-
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-4-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-3-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-2-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Update OpenBIOS images # gpg: Signature made Thu 04 Feb 2016 11:18:01 GMT using RSA key ID AE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 04 2月, 2016 36 次提交
-
-
由 Peter Maydell 提交于
# gpg: Signature made Thu 04 Feb 2016 08:26:24 GMT using RSA key ID 398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: net/filter: Fix the output information for command 'info network' net: always walk through filters in reverse if traffic is egress net: netmap: use nm_open() to open netmap ports e1000: eliminate infinite loops on out-of-bounds transfer start slirp: Adding family argument to tcp_fconnect() slirp: Make udp_attach IPv6 compatible slirp: Add sockaddr_equal, make solookup family-agnostic slirp: Factorizing and cleaning solookup() slirp: Factorizing address translation slirp: Make Socket structure IPv6 compatible slirp: Adding address family switch for produced frames slirp: Generalizing and neutralizing ARP code slirp: goto bad in udp_input if sosendto fails cadence_gem: fix buffer overflow net: cadence_gem: check packet size in gem_recieve qemu-doc: Do not promote deprecated -smb and -redir options net/slirp: Tell the users when they are using deprecated options Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
# gpg: Signature made Wed 03 Feb 2016 20:29:54 GMT using RSA key ID AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" * remotes/jnsnow/tags/ide-pull-request: dma: remove now useless DMA_* functions sb16: use IsaDma interface instead of global DMA_* functions gus: use IsaDma interface instead of global DMA_* functions cs4231a: use IsaDma interface instead of global DMA_* functions fdc: use IsaDma interface instead of global DMA_* functions sparc64: disable floppy DMA sparc: disable floppy DMA magnum: disable floppy DMA for now i8257: implement the IsaDma interface isa: add an ISA DMA interface, and store it within the ISA bus i8257: move state definition to new independent header i8257: QOM'ify i8257: add missing const i8257: make the DMA running method per controller i8257: rename functions to start with i8257_ prefix i8257: rename struct dma_regs to I8257Regs i8257: rename struct dma_cont to I8257State i8257: pass ISA bus to DMA_init() function i82374: device only existed as ISA device, so simplify device fdc: fix detection under Linux Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Mark Cave-Ayland 提交于
Update OpenBIOS images to SVN r1378 built from submodule. Signed-off-by: NMark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-
由 Peter Maydell 提交于
target-arm queue: * virt-acpi-build: add always-on property for timer * various fixes for EL2 and EL3 behaviour * arm: virt-acpi: each MADT.GICC entry as enabled unconditionally * target-arm: Don't report presence of EL2 if it doesn't exist * raspi: add raspberry pi 2 machine # gpg: Signature made Wed 03 Feb 2016 18:58:02 GMT using RSA key ID 14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" * remotes/pmaydell/tags/pull-target-arm-20160203: raspi: add raspberry pi 2 machine arm/boot: move highbank secure board setup code to common routine bcm2836: add bcm2836 SoC device bcm2836_control: add bcm2836 ARM control logic bcm2835_peripherals: add rollup device for bcm2835 peripherals bcm2835_ic: add bcm2835 interrupt controller bcm2835_property: add bcm2835 property channel bcm2835_mbox: add BCM2835 mailboxes target-arm: Don't report presence of EL2 if it doesn't exist libvixl: Avoid std::abs() of 64-bit type arm: virt-acpi: each MADT.GICC entry as enabled unconditionally target-arm: Implement the S2 MMU inputsize > pamax check target-arm: Rename check_s2_startlevel to check_s2_mmu_setup target-arm: Apply S2 MMU startlevel table size check to AArch64 hw/arm: Setup EL1 and EL2 in AArch64 mode for 64bit Linux boots target-arm: Make various system registers visible to EL3 virt-acpi-build: add always-on property for timer Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 zhanghailiang 提交于
The properties of netfilter object could be changed by 'qom-set' command, but the output of 'info network' command is not updated, because it got the old information through nf->info_str, it will not be updated while we change the value of netfilter's property. Here we split a helper function that could collect the output information for filter, and also remove the useless member 'info_str' from struct NetFilterState. Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Blake <eblake@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Yang Hongyang <hongyang.yang@easystack.cn> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Li Zhijian 提交于
Previously, if we attach more than one filters for a single netdev, both ingress and egress traffic will go through net filters in same order like: ingress: netdev ->filter1 ->filter2 ->...filter[n] ->emulated device egress: emulated device ->filter1 ->filter2 ->...filter[n] ->netdev. This is against the natural feeling and will complicate filters configuration since in some scenes, we hope filters handle the egress traffic in a reverse order. For example, in colo-proxy (will be implemented later), we have a redirector filter and a colo-rewriter filter, we need the filter behave like: ingress(->)/egress(<-): chardev<->redirector<->colo-rewriter<->emulated device Since both buffer filter and dump do not require strict order of filters, this patch switches to always let egress traffic walk through net filters in reverse to simplify the possible filters configuration in the future. Signed-off-by: NWen Congyang <wency@cn.fujitsu.com> Signed-off-by: NLi Zhijian <lizhijian@cn.fujitsu.com> Reviewed-by: NYang Hongyang <hongyang.yang@easystack.cn> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Vincenzo Maffione 提交于
This patch simplifies the netmap backend code by means of the nm_open() helper function provided by netmap_user.h, which hides the details of open(), iotcl() and mmap() carried out on the netmap device. Moreover, the semantic of nm_open() makes it possible to open special netmap ports (e.g. pipes, monitors) and use special modes (e.g. host rings only, single queue mode, exclusive access). Signed-off-by: NVincenzo Maffione <v.maffione@gmail.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Laszlo Ersek 提交于
The start_xmit() and e1000_receive_iov() functions implement DMA transfers iterating over a set of descriptors that the guest's e1000 driver prepares: - the TDLEN and RDLEN registers store the total size of the descriptor area, - while the TDH and RDH registers store the offset (in whole tx / rx descriptors) into the area where the transfer is supposed to start. Each time a descriptor is processed, the TDH and RDH register is bumped (as appropriate for the transfer direction). QEMU already contains logic to deal with bogus transfers submitted by the guest: - Normally, the transmit case wants to increase TDH from its initial value to TDT. (TDT is allowed to be numerically smaller than the initial TDH value; wrapping at or above TDLEN bytes to zero is normal.) The failsafe that QEMU currently has here is a check against reaching the original TDH value again -- a complete wraparound, which should never happen. - In the receive case RDH is increased from its initial value until "total_size" bytes have been received; preferably in a single step, or in "s->rxbuf_size" byte steps, if the latter is smaller. However, null RX descriptors are skipped without receiving data, while RDH is incremented just the same. QEMU tries to prevent an infinite loop (processing only null RX descriptors) by detecting whether RDH assumes its original value during the loop. (Again, wrapping from RDLEN to 0 is normal.) What both directions miss is that the guest could program TDLEN and RDLEN so low, and the initial TDH and RDH so high, that these registers will immediately be truncated to zero, and then never reassume their initial values in the loop -- a full wraparound will never occur. The condition that expresses this is: xdh_start >= s->mac_reg[XDLEN] / sizeof(desc) i.e., TDH or RDH start out after the last whole rx or tx descriptor that fits into the TDLEN or RDLEN sized area. This condition could be checked before we enter the loops, but pci_dma_read() / pci_dma_write() knows how to fill in buffers safely for bogus DMA addresses, so we just extend the existing failsafes with the above condition. This is CVE-2016-1981. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Petr Matousek <pmatouse@redhat.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Prasad Pandit <ppandit@redhat.com> Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: Jason Wang <jasowang@redhat.com> Cc: qemu-stable@nongnu.org RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1296044Signed-off-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
This patch simply adds a unsigned short family argument to remove the hardcoded "AF_INET" in the call of qemu_socket(). This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
A unsigned short is now passed in argument to udp_attach instead of using a hardcoded "AF_INET" to call qemu_socket(). This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
This patch makes solookup() compatible with varying address families, by using a new sockaddr_equal() function that compares two sockaddr_storage. This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
solookup() was only compatible with TCP. Having the socket list in argument, it is now compatible with UDP too. Some optimization code is factorized inside the function (the function look at the last returned result before browsing the complete socket list). This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
This patch factorizes some duplicate code into a new function, sotranslate_out(). This function perform the address translation when a packet is transmitted to the host network. If the packet is destinated to the host, the loopback address is used, and if the packet is destinated to the virtual DNS, the real DNS address is used. This code is just a copy of the existent, but factorized and ready to manage the IPv6 case. On the same model, the major part of udp_output() code is moved into a new sotranslate_in(). This function is directly used in sorecvfrom(), like sotranslate_out() in sosendto(). udp_output() becoming useless, it is removed and udp_output2() is renamed into udp_output(). This adds consistency with the udp6_output() function introduced by further patches. Lastly, this factorizes some duplicate code into sotranslate_accept(), which performs the address translation when a connection is established on the host for port forwarding: if it comes from localhost, the host virtual address is used instead. This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
This patch replaces foreign and local address/port couples in Socket structure by 2 sockaddr_storage which can be casted in sockaddr_in. Direct access to address and port is still possible thanks to some \#define, so retrocompatibility of the existing code is assured. The ss_family field of sockaddr_storage is declared after each socket creation. The whole structure is also saved/restored when a Qemu session is saved/restored. This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
In if_encap, a switch is added to prepare for the IPv6 case. Some code is factorized. This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com>
-
由 Guillaume Subiron 提交于
Basically, this patch replaces "arp" by "resolution" every time "arp" means "mac resolution" and not specifically ARP. This prepares for IPv6 support. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Guillaume Subiron 提交于
Before this patch, if sosendto fails, udp_input is executed as if the packet was sent, recording the packet for icmp errors, which does not makes sense since the packet was not actually sent, errors would be related to a previous packet. This patch adds a goto bad to cut the execution of this function. Signed-off-by: NGuillaume Subiron <maethor@subiron.org> Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Michael S. Tsirkin 提交于
gem_transmit copies a packet from guest into an tx_packet[2048] array on stack, with size limited by descriptor length set by guest. If guest is malicious and specifies a descriptor length that is too large, and should packet size exceed array size, this results in a buffer overflow. Reported-by: N刘令 <liuling-it@360.cn> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Prasad J Pandit 提交于
While receiving packets in 'gem_receive' routine, if Frame Check Sequence(FCS) is enabled, it copies the packet into a local buffer without checking its size. Add check to validate packet length against the buffer size to avoid buffer overflow. Reported-by: NLing Liu <liuling-it@360.cn> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Thomas Huth 提交于
Since -smb and -redir are deprecated options, we should not use them as examples in the documentation anymore. Signed-off-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Thomas Huth 提交于
We don't want to support the legacy -tftp, -bootp, -smb and -net channel options forever. So let's start telling the users that they are deprecated and what option should be used instead. Signed-off-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com>
-
由 Peter Maydell 提交于
# gpg: Signature made Wed 03 Feb 2016 15:47:34 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/tracing-pull-request: log: add "-d trace:PATTERN" trace: switch default backend to "log" trace: convert stderr backend to log log: move qemu-log.c into util/ directory log: do not unnecessarily include qom/cpu.h trace: add "-trace help" trace: add "-trace enable=..." trace: no need to call trace_backend_init in different branches now trace: split trace_init_file out of trace_init_backends trace: split trace_init_events out of trace_init_backends trace: fix documentation trace: track enabled events in a separate array trace: count number of enabled events Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Hervé Poussineau 提交于
Keep only DMA_init function as a wrapper around DMA controllers creation. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-20-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-19-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-18-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-17-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-16-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
All functions relative to DMA (DMA_*() functions) are stubs on sparc64 platform. Disable the DMA of the floppy controller, instead of calling these stubs. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-15-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
All functions relative to DMA (DMA_*() functions) are stubs on sparc platform. Disable the DMA in the floppy controller, instead of calling these stubs. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-14-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Floppy uses the DMA controller in rc4030 chipset, and not the i8259 from the ISA bus. It's better to disable DMA than to call the wrong DMA controller. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-13-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Rewrite the global DMA_*() functions to use the IsaDma interface. Note that these functions will be deleted in a few commits. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-12-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
This will permit to deprecate global DMA_*() functions. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-11-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
We will now be able to embed the i8257 interrupt controller in another object. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-10-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-9-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-8-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Hervé Poussineau 提交于
This removes some static/global variables, and we're now running only the required controller (master or slave) Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-id: 1453843944-26833-7-git-send-email-hpoussin@reactos.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-