- 17 4月, 2014 13 次提交
-
-
由 Richard Henderson 提交于
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Combines 4 other inline functions and tidies the prologue. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
It's obviously call-clobbered, but is otherwise unused. Repurpose it as the TCG temporary. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
A compare and branch against zero happens at the start of every single TB. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Rearrange code to put the compare and branch in the same place. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Loading an qemu pointer as an immediate happens often. E.g. - exit_tb $0x7fa8140013 + exit_tb $0x7f81ee0013 ... - : d2800260 mov x0, #0x13 - : f2b50280 movk x0, #0xa814, lsl #16 - : f2c00fe0 movk x0, #0x7f, lsl #32 + : 90ff1000 adrp x0, 0x7f81ee0000 + : 91004c00 add x0, x0, #0x13 Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
The subset of logical immediates that we support is quite quick to test, and such constants are quite common to want to load. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
When profitable, initialize the register with MOVN instead of MOVZ, before setting the remaining lanes with MOVK. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Rather than raw constants that could mean anything. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
As opposed to tcg_target_long. Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
由 Richard Henderson 提交于
Since the kernel doesn't pass any info on the reason for the fault, disassemble the instruction to detect a store. Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Reviewed-by: NClaudio Fontana <claudio.fontana@huawei.com> Signed-off-by: NRichard Henderson <rth@twiddle.net>
-
- 15 4月, 2014 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 14 4月, 2014 10 次提交
-
-
由 Michael Tokarev 提交于
This reverts commit b533f658. The original code was wrong, because effectively it ignored errors from kernel, because kernel does not return -1 on error case but returns -errno, and does not return -EPERM for this particular ioctl. But in some cases kernel actually returned unsuccessful result, namely, when the dirty bitmap in requested slot does not exist it returns -ENOENT. With new code this condition becomes an error when it shouldn't be. Revert that patch instead of fixing it properly this late in the release process. I disagree with this approach, but let's make things move _somewhere_, instead of arguing endlessly whch of the 2 proposed fixes is better. Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru> Message-id: 1397477644-902-1-git-send-email-mjt@msgid.tls.msk.ru Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
acpi: SSDT update This has a fix by Igor for a regression introduced by bridge hotplug code. Expected test files were updated accordingly. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi-test: update expected files acpi: fix incorrect encoding for 0x{F-1}FFFF Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Benoît Canet 提交于
The SMART self test counter was incorrectly being reset to zero, not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE: * We would write off the beginning of a dynamically allocated buffer * We forgot the SMART history Fix this. Signed-off-by: NBenoit Canet <benoit@irqsave.net> Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Cc: qemu-stable@nongnu.org Acked-by: NKevin Wolf <kwolf@redhat.com> [PMM: tweaked commit message as per suggestions from Markus] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Michael S. Tsirkin 提交于
commit 58b035c7354afc0c5351ea62264c01d74196ec26 acpi: fix incorrect encoding for 0x{F-1}FFFF changes the SSDT, update expected files accordingly. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
Fix typo in build_append_int() which causes integer truncation when it's in range 0x{F-1}FFFF by packing it as WordConst instead of required DWordConst. In partucular this fixes a regression: hotplug in slots 16,17,18 and 19 didn't work, since SSDT had code like this: If (And (Arg0, 0x0000)) { Notify (S80, Arg1) } Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NStefan Weil <sw@weilnetz.de>
-
由 Peter Maydell 提交于
Since we use the -fstack-protector argument at both compile and link time in the build, we must check that it works with both a compile and a link: * MacOSX only fails in the compile step, not linking * some gcc cross environments only fail at the link stage (if they require a libssp and it's not present for some reason) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1397232832-32301-1-git-send-email-peter.maydell@linaro.org Tested-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
-
由 Dmitry Fleytman 提交于
CVE-2013-4544 Signed-off-by: NDmitry Fleytman <dmitry@daynix.com> Reported-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-5-git-send-email-dmitry@daynix.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Dmitry Fleytman 提交于
CVE-2013-4544 Signed-off-by: NDmitry Fleytman <dmitry@daynix.com> Reported-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-4-git-send-email-dmitry@daynix.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Dmitry Fleytman 提交于
CVE-2013-4544 Signed-off-by: NDmitry Fleytman <dmitry@daynix.com> Reported-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-3-git-send-email-dmitry@daynix.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Dmitry Fleytman 提交于
CVE-2013-4544 Signed-off-by: NDmitry Fleytman <dmitry@daynix.com> Reported-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-2-git-send-email-dmitry@daynix.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 12 4月, 2014 1 次提交
-
-
由 Cole Robinson 提交于
Commit 9561fda8 changed the type of 'opaque' for link properties, but missed updating this call site. Reproducer: ./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server & ./scripts/qmp/qmp-shell ./qmp.sock (QEMU) qom-list path=//machine/i440fx/pci.0/child[2] Reported-by: NMarcin Gibuła <m.gibula@beyond.pl> Signed-off-by: NCole Robinson <crobinso@redhat.com> Message-id: 2f8f007ce2152ac3b65f0811199662799c509225.1397155389.git.crobinso@redhat.com Acked-by: NAndreas Färber <afaerber@suse.de> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 11 4月, 2014 12 次提交
-
-
由 Michael S. Tsirkin 提交于
When VM guest programs multicast addresses for a virtio net card, it supplies a 32 bit entries counter for the number of addresses. These addresses are read into tail portion of a fixed macs array which has size MAC_TABLE_ENTRIES, at offset equal to in_use. To avoid overflow of this array by guest, qemu attempts to test the size as follows: - if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) { however, as mac_data.entries is uint32_t, this sum can overflow, e.g. if in_use is 1 and mac_data.entries is 0xffffffff then in_use + mac_data.entries will be 0. Qemu will then read guest supplied buffer into this memory, overflowing buffer on heap. CVE-2014-0150 Cc: qemu-stable@nongnu.org Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com Reviewed-by: NMichael Tokarev <mjt@tls.msk.ru> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Block patches for 2.0.0-rc3 # gpg: Signature made Fri 11 Apr 2014 13:37:34 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: block-commit: speed is an optional parameter iscsi: Remember to set ret for iscsi_open in error case bochs: Fix catalog size check bochs: Fix memory leak in bochs_open() error path Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
sdl2 relative mouse mode fixes. # gpg: Signature made Fri 11 Apr 2014 11:36:46 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-sdl-1: input: sdl2: Fix relative mode to match SDL1 behavior input: sdl2: Fix guest_cursor logic Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Max Reitz 提交于
As speed is an optional parameter for the QMP block-commit command, it should be set to 0 if not given (as it is undefined if has_speed is false), that is, the speed should not be limited. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
Signed-off-by: NFam Zheng <famz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
The old check was off by a factor of 512 and didn't consider cases where we don't get an exact division. This could lead to an out-of-bounds array access in seek_to_sector(). Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
-
由 Kevin Wolf 提交于
Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
-
由 Cole Robinson 提交于
Right now relative mode accelerates too fast, and has the 'invisible wall' problem. SDL2 added an explicit API to handle this use case, so let's use it. Signed-off-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Cole Robinson 提交于
Unbreaks relative mouse mode with sdl2, just like was done with sdl.c in c3aa84b6. Signed-off-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Peter Maydell 提交于
acpi: DSDT update Two fixes here: - Test fix to avoid warning with make check. - Hex file update so people building QEMU without installing iasl get exactly the same ACPI as with. Both should help avoid user confusion. As it's very easy to check that the produced ACPI binary didn't change, I think these are very low risk. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 10 Apr 2014 17:09:43 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi: update generated hex files tests/acpi: update expected DSDT files Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
MacOSX clang silently swallows unrecognized -f options when doing a link with '-framework' also on the command line, so to detect support for the various -fstack-protector options we must do a plain .c to .o compile, not a complete compile-and-link. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1397041487-28477-1-git-send-email-peter.maydell@linaro.org
-
由 Michael S. Tsirkin 提交于
commit f2ccc311 dsdt: tweak ACPI ID for hotplug resource device changes the DSDT, update hex files to match Otherwise the fix is only effective if QEMU is built with iasl. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 09 4月, 2014 3 次提交
-
-
由 Michael S. Tsirkin 提交于
commit f2ccc311 dsdt: tweak ACPI ID for hotplug resource device changes the DSDT, update test expected files to match Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reported-by: NIgor Mammedov <imammedo@redhat.com>
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
The raven_io_read() and raven_io_write() functions pass and return values in little-endian format (since the IO op struct is marked DEVICE_LITTLE_ENDIAN); however they were storing the values in the buffer to pass to address_space_read/write() in host-endian order, which meant that on big-endian hosts the values were inadvertently reversed. Use the *_le_p() accessors instead so that we are consistent regardless of host endianness. Strictly speaking the byte order of the buffer for address_space_rw() is target byte order (which for PPC will be BE) but it doesn't actually matter as long as we are consistent about the marking on the IO op struct and which stl_*_p(). This bug was probably introduced due to confusion caused by the two different versions of ldl_p() and friends: bswap.h defines versions meaning "host endianness access" cpu-all.h defines versions meaning "target endianness access" As a target-independent source file prep.c gets the bswap.h versions; the very similar looking code in ioport.c is compiled per-target and gets the cpu-all.h versions. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1396972271-22660-1-git-send-email-peter.maydell@linaro.org Reviewed-by: NRichard Henderson <rth@twiddle.net>
-