- 12 5月, 2016 16 次提交
-
-
由 Kevin Wolf 提交于
This implements .bdrv_co_preadv() for the cloop block driver. While updating the error paths, change -1 to a valid -errno code. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
This implements .bdrv_co_preadv() for the cloop block driver. While updating the error paths, change -1 to a valid -errno code. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
Many parts of the block layer are already byte granularity. The block driver interface, however, was still missing an interface that allows making use of this. This patch introduces a new BlockDriver interface, which is based on coroutines, vectored, has flags and uses a byte granularity. This is now the preferred interface for new drivers. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
It used to be an internal helper function just for implementing bdrv_co_do_readv/writev(), but now that it's a public interface, it deserves a name without "do" in it. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
Instead of registering emulation functions as .bdrv_co_writev, just directly check whether the function is there or not, and use the AIO interface if it isn't. This makes the read/write functions more consistent with how things are done in other places (flush, discard, etc.) Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
This is a function that simply calls into the block driver for doing a write, providing the byte granularity interface we want to eventually have everywhere, and using whatever interface that driver supports. This one is a bit more interesting than the version for reads: It adds support for .bdrv_co_writev_flags() everywhere, so that drivers implementing this function can drop .bdrv_co_writev() now. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Kevin Wolf 提交于
This is a function that simply calls into the block driver for doing a read, providing the byte granularity interface we want to eventually have everywhere, and using whatever interface that driver supports. For now, this is just a wrapper for calling bs->drv->bdrv_co_readv(). Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
由 Paolo Bonzini 提交于
Replace void* with an opaque LinuxAioState type. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
Extract the handling of io_plug "depth" from linux-aio.c and let the main bdrv_drain loop do nothing but wait on I/O. Like the two newly introduced functions, bdrv_io_plug and bdrv_io_unplug now operate on all children. The visit order is now symmetrical between plug and unplug, making it possible for formats to implement plug/unplug. Reviewed-by: NFam Zheng <famz@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
Extract the handling of throttling from bdrv_flush_io_queue. These new functions will soon become BdrvChildRole callbacks, as they can be generalized to "beginning of drain" and "end of drain". Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
Do not call bdrv_drain_recurse twice in bdrv_co_drain. A small tweak to the logic in Fam's patch, which is harmless since no one implements bdrv_drain anyway. But better get it right. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
We want to remove throttled_reqs from block/io.c. This is the easy part---hide the handling of throttled_reqs during disable/enable of throttling within throttle-groups.c. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
The return value is unused and I am not sure why it would be useful. Reviewed-by: NFam Zheng <famz@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
We had to disable I/O throttling with synchronous requests because we didn't use to run timers in nested event loops when the code was introduced. This isn't true any more, and throttling works just fine even when using the synchronous API. The removed code is in fact dead code since commit a8823a3b ('block: Use blk_co_pwritev() for blk_write()') because I/O throttling can only be set on the top layer, but BlockBackend always uses the coroutine interface now instead of using the sync API emulation in block.c. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1458660792-3035-2-git-send-email-kwolf@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 11 5月, 2016 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 09 5月, 2016 2 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
vga security fixes (CVE-2016-3710, CVE-2016-3712) # gpg: Signature made Mon 09 May 2016 13:39:30 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vga-20160509-1: vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). vga: update vga register setup on vbe changes vga: factor out vga register setup vga: add vbe_enabled() helper vga: fix banked access bounds checking (CVE-2016-3710) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 03 5月, 2016 2 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Gerd Hoffmann 提交于
This reverts commit 7070e085. Commit message claims locking is not needed, but that appears to not be true, seabios ehci driver runs into timekeeping problems with this, see https://bugzilla.redhat.com/show_bug.cgi?id=1322713Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1460702609-25971-1-git-send-email-kraxel@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 02 5月, 2016 7 次提交
-
-
由 Gerd Hoffmann 提交于
Call vbe_update_vgaregs() when the guest touches GFX, SEQ or CRT registers, to make sure the vga registers will always have the values needed by vbe mode. This makes sure the sanity checks applied by vbe_fixup_regs() are effective. Without this guests can muck with shift_control, can turn on planar vga modes or text mode emulation while VBE is active, making qemu take code paths meant for CGA compatibility, but with the very large display widths and heigts settable using VBE registers. Which is good for one or another buffer overflow. Not that critical as they typically read overflows happening somewhere in the display code. So guests can DoS by crashing qemu with a segfault, but it is probably not possible to break out of the VM. Fixes: CVE-2016-3712 Reported-by: NZuozhi Fzz <zuozhi.fzz@alibaba-inc.com> Reported-by: NP J P <ppandit@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
Call the new vbe_update_vgaregs() function on vbe configuration changes, to make sure vga registers are up-to-date. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
When enabling vbe mode qemu will setup a bunch of vga registers to make sure the vga emulation operates in correct mode for a linear framebuffer. Move that code to a separate function so we can call it from other places too. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
Makes code a bit easier to read. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
vga allows banked access to video memory using the window at 0xa00000 and it supports a different access modes with different address calculations. The VBE bochs extentions support banked access too, using the VBE_DISPI_INDEX_BANK register. The code tries to take the different address calculations into account and applies different limits to VBE_DISPI_INDEX_BANK depending on the current access mode. Which is probably effective in stopping misprogramming by accident. But from a security point of view completely useless as an attacker can easily change access modes after setting the bank register. Drop the bogus check, add range checks to vga_mem_{readb,writeb} instead. Fixes: CVE-2016-3710 Reported-by: NQinghao Tang <luodalongde@gmail.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Jan Vesely 提交于
Fixes build failure with --enable-xfsctl and new linux headers (>=4.5) and older xfsprogs(<4.5): In file included from /usr/include/xfs/xfs.h:38:0, from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:97: /usr/include/xfs/xfs_fs.h:42:8: error: redefinition of ‘struct fsxattr’ struct fsxattr { ^ In file included from /var/tmp/portage/app-emulation/qemu-2.5.0-r1/work/qemu-2.5.0/block/raw-posix.c:60:0: /usr/include/linux/fs.h:155:8: note: originally defined here struct fsxattr { This is really a bug in the system headers, but we can work around it by defining HAVE_FSXATTR in the QEMU headers if linux/fs.h provides the struct, so that xfs_fs.h doesn't try to define it as well. CC: qemu-trivial@nongnu.org CC: Markus Armbruster <armbru@redhat.com> CC: Peter Maydell <peter.maydell@linaro.org> CC: Stefan Weil <sw@weilnetz.de> Tested-by: NStefan Weil <sw@weilnetz.de> Signed-off-by: NJan Vesely <jano.vesely@gmail.com> [PMM: adjusted commit message, comments] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
acpi: last minute fix for 2.6 Minor, obvious fix only affecting BE hosts. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> # gpg: Signature made Sun 01 May 2016 13:43:28 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi: fix bios linker loadder COMMAND_ALLOCATE on bigendian host Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 01 5月, 2016 1 次提交
-
-
由 Igor Mammedov 提交于
'make check' fails with: ERROR:tests/bios-tables-test.c:493:load_expected_aml: assertion failed: (g_file_test(aml_file, G_FILE_TEST_EXISTS)) since commit: caf50c71 tests: pc: acpi: drop not needed 'expected SSDT' blobs Assert happens because qemu-system-x86_64 generates SSDT table and test looks for a corresponding expected table to compare with. However there is no expected SSDT blob anymore, since QEMU souldn't generate one. As it happens BIOS is not able to read ACPI tables from QEMU and fallbacks to embeded legacy ACPI codepath, which generates SSDT. That happens due to wrongly sized endiannes conversion which makes uint8_t BiosLinkerLoaderEntry.alloc.zone end up with 0 due to truncation of 32 bit integer which on host is 1 or 2. Fix it by dropping invalid cpu_to_le32() as uint8_t doesn't require any conversion. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1330174Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Tested-by: NLaurent Vivier <lvivier@redhat.com> Reviewed-by: NMarcel Apfelbaum <marcel@redhat.com>
-
- 29 4月, 2016 6 次提交
-
-
由 Peter Maydell 提交于
vvfat fixes for 2.6.0-rc4 # gpg: Signature made Fri 29 Apr 2016 10:52:13 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: vvfat: Fix default volume label vvfat: Fix volume name assertion Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
QAPI patches for 2016-04-29 # gpg: Signature made Fri 29 Apr 2016 10:13:08 BST using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-qapi-2016-04-29: qapi: Don't pass NULL to printf in string input visitor Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Kevin Wolf 提交于
Commit d5941dda documented that it leaves the default volume name as it was ("QEMU VVFAT"), but it doesn't actually implement this. You get an empty name (eleven space characters) instead. This fixes the implementation to apply the advertised default. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Kevin Wolf 提交于
Commit d5941dda made the volume name configurable, but it didn't consider that the rw code compares the volume name string to assert that the first directory entry is the volume name. This made vvfat crash in rw mode. This fixes the assertion to compare with the configured volume name instead of a literal string. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Make sure the error message for visit_type_uint64() gracefully handles a NULL 'name' when called from the top level or a list context, as not all the world behaves like glibc in allowing NULL through a printf-family %s. Signed-off-by: NEric Blake <eblake@redhat.com> Message-Id: <1461879932-9020-21-git-send-email-eblake@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Samuel Thibault 提交于
On Darwin, connect, sendto and friends want the exact size of the sockaddr, not more (and in particular, not sizeof(struct sockaddr_storaget)) This commit adds the sockaddr_size helper to be used when passing a sockaddr size to such function, and makes use of it int sendto and connect calls. Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: NJohn Arbuckle <programmingkidx@gmail.com> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 28 4月, 2016 5 次提交
-
-
由 Peter Maydell 提交于
MIPS patches 2016-04-28 Changes: * fixed RDHWR exception host PC # gpg: Signature made Thu 28 Apr 2016 10:11:18 BST using RSA key ID 0B29DA6B # gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>" * remotes/lalrae/tags/mips-20160428: target-mips: Fix RDHWR exception host PC Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Fix dangling pointers and error message regressions # gpg: Signature made Thu 28 Apr 2016 07:25:51 BST using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-error-2016-04-28: qom: -object error messages lost location, restore it replay: Fix dangling location bug in replay_configure() QemuOpts: Fix qemu_opts_foreach() dangling location regression Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
ppc patch queue for 2016-04-26 (last minute qemu-2.6 fix) This just has one, last-minute, fix for a serious regression of memory hotplug. Patch author's comment: Really sorry for the way last-minute fix, but without this memory hotplug is totally broken :( Hoping to get this in for Wednesday's RC4, which I think will be the final before release. # gpg: Signature made Tue 26 Apr 2016 03:52:20 BST using RSA key ID 20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.6-20160426: spapr_drc: fix aborts during DRC-count based hotplug Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 James Hogan 提交于
Commit b00c7218 ("target-mips: add PC, XNP reg numbers to RDHWR") changed the rdhwr helpers to use check_hwrena() to check the register being accessed is enabled in CP0_HWREna when used from user mode. If that check fails an EXCP_RI exception is raised at the host PC calculated with GETPC(). However check_hwrena() may not be fully inlined as the do_raise_exception() part of it is common regardless of the arguments. This causes GETPC() to calculate the address in the call in the helper instead of the generated code calling the helper. No TB will be found and the EPC reported with the resulting guest RI exception points to the beginning of the TB instead of the RDHWR instruction. We can't reliably force check_hwrena() to be inlined, and converting it to a macro would be ugly, so instead pass the host PC in as an argument, with each rdhwr helper passing GETPC(). This should avoid any dependence on compiler behaviour, and in practice seems to ensure the full inlining of check_hwrena() on x86_64. This issue causes failures when running a MIPS KVM (trap & emulate) guest in a MIPS QEMU TCG guest, as the inner guest kernel will do a RDHWR of counter, which is disabled in the outer guest's CP0_HWREna by KVM so it can emulate the inner guest's counter. The emulation fails and the RI exception is passed to the inner guest. Fixes: b00c7218 ("target-mips: add PC, XNP reg numbers to RDHWR") Signed-off-by: NJames Hogan <james.hogan@imgtec.com> Cc: Leon Alrae <leon.alrae@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: NAurelien Jarno <aurelien@aurel32.net> Reviewed-by: NLeon Alrae <leon.alrae@imgtec.com> Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>
-
由 Markus Armbruster 提交于
qemu_opts_foreach() runs its callback with the error location set to the option's location. Any errors the callback reports use the option's location automatically. Commit 90998d58 moved the actual error reporting from "inside" qemu_opts_foreach() to after it. Here's a typical hunk: if (qemu_opts_foreach(qemu_find_opts("object"), - object_create, - object_create_initial, NULL)) { + user_creatable_add_opts_foreach, + object_create_initial, &err)) { + error_report_err(err); exit(1); } Before, object_create() reports from within qemu_opts_foreach(), using the option's location. Afterwards, we do it after qemu_opts_foreach(), using whatever location happens to be current there. Commonly a "none" location. This is because Error objects don't have location information. Problematic. Reproducer: $ qemu-system-x86_64 -nodefaults -display none -object secret,id=foo,foo=bar qemu-system-x86_64: Property '.foo' not found Note no location. This commit restores it: qemu-system-x86_64: -object secret,id=foo,foo=bar: Property '.foo' not found Note that the qemu_opts_foreach() bug just fixed could mask the bug here: if the location it leaves dangling hasn't been clobbered, yet, it's the correct one. Reported-by: NEric Blake <eblake@redhat.com> Cc: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <1461767349-15329-4-git-send-email-armbru@redhat.com> Reviewed-by: NDaniel P. Berrange <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> [Paragraph on Error added to commit message]
-