- 18 12月, 2018 2 次提交
-
-
由 Daniel Henrique Barboza 提交于
When issuing the qmp/hmp 'system_wakeup' command, what happens in a nutshell is: - qmp_system_wakeup_request set runstate to RUNNING, sets a wakeup_reason and notify the event - in the main_loop, all vcpus are paused, a system reset is issued, all subscribers of wakeup_notifiers receives a notification, vcpus are then resumed and the wake up QAPI event is fired Note that this procedure alone doesn't ensure that the guest will awake from SUSPENDED state - the subscribers of the wake up event must take action to resume the guest, otherwise the guest will simply reboot. At this moment, only the ACPI machines via acpi_pm1_cnt_init and xen_hvm_init have wake-up from suspend support. However, only the presence of 'system_wakeup' is required for QGA to support 'guest-suspend-ram' and 'guest-suspend-hybrid' at this moment. This means that the user/management will expect to suspend the guest using one of those suspend commands and then resume execution using system_wakeup, regardless of the support offered in system_wakeup in the first place. This patch creates a new API called query-current-machine [1], that holds a new flag called 'wakeup-suspend-support' that indicates if the guest supports wake up from suspend via system_wakeup. The machine is considered to implement wake-up support if a call to a new 'qemu_register_wakeup_support' is made during its init, as it is now being done inside acpi_pm1_cnt_init and xen_hvm_init. This allows for any other machine type to declare wake-up support regardless of ACPI state or wakeup_notifiers subscription, making easier for newer implementations that might have their own mechanisms in the future. This is the expected output of query-current-machine when running a x86 guest: {"execute" : "query-current-machine"} {"return": {"wakeup-suspend-support": true}} Running the same x86 guest, but with the --no-acpi option: {"execute" : "query-current-machine"} {"return": {"wakeup-suspend-support": false}} This is the output when running a pseries guest: {"execute" : "query-current-machine"} {"return": {"wakeup-suspend-support": false}} With this extra tool, management can avoid situations where a guest that does not have proper suspend/wake capabilities ends up in inconsistent state (e.g. https://github.com/open-power-host-os/qemu/issues/31). [1] the decision of creating the query-current-machine API is based on discussions in the QEMU mailing list where it was decided that query-target wasn't a proper place to store the wake-up flag, neither was query-machines because this isn't a static property of the machine object. This new API can then be used to store other dynamic machine properties that are scattered around the code ATM. More info at: https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04235.htmlReported-by: NBalamuruhan S <bala24@linux.vnet.ibm.com> Signed-off-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20181205194701.17836-2-danielhb413@gmail.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Acked-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Dominik Csapak 提交于
Needed so the patch after next can add ShutdownCause to QMP events SHUTDOWN and RESET. Signed-off-by: NDominik Csapak <d.csapak@proxmox.com> Message-Id: <20181205110131.23049-2-d.csapak@proxmox.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
- 17 12月, 2018 3 次提交
-
-
由 Emilio G. Cota 提交于
Change the order in which we extract a/b and c/d to match the output of the upstream xxhash32. Tested with: https://github.com/cota/xxhash/tree/qemuReviewed-by: NAlex Bennée <alex.bennee@linaro.org> Tested-by: NAlex Bennée <alex.bennee@linaro.org> Signed-off-by: NEmilio G. Cota <cota@braap.org> Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Emilio G. Cota 提交于
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Signed-off-by: NEmilio G. Cota <cota@braap.org> Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
-
由 Emilio G. Cota 提交于
Before moving them all to include/qemu/xxhash.h. Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Signed-off-by: NEmilio G. Cota <cota@braap.org> Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
-
- 14 12月, 2018 12 次提交
-
-
由 Peter Maydell 提交于
Add a documentation comment for load_image_size(). Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 20181130151712.2312-11-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
The load_image() function is now no longer used anywhere, so we can remove it completely. (Use load_image_size() or g_file_get_contents() instead.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 20181130151712.2312-10-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Currently the load_elf function in elf_ops.h uses cpu_physical_memory_write() to write the ELF file to memory if it is not handling it as a ROM blob. This means we ignore the AddressSpace that the function is passed to define where it should be loaded. Use address_space_write() instead. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181122172653.3413-4-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
The API of cpu_physical_memory_write_rom() is odd, because it takes an AddressSpace, unlike all the other cpu_physical_memory_* access functions. Rename it to address_space_write_rom(), and bring its API into line with address_space_write(). Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 20181122133507.30950-3-peter.maydell@linaro.org
-
由 Alberto Garcia 提交于
Now that all callers are passing all flag changes as QDict options, the flags parameter is no longer necessary, so we can get rid of it. Signed-off-by: NAlberto Garcia <berto@igalia.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Alberto Garcia 提交于
No one is using this function anymore, so we can safely remove it. Signed-off-by: NAlberto Garcia <berto@igalia.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Alberto Garcia 提交于
Most callers of bdrv_reopen() only use it to switch a BlockDriverState between read-only and read-write, so this patch adds a new function that does just that. We also want to get rid of the flags parameter in the bdrv_reopen() API, so this function sets the "read-only" option and passes the original flags (which will then be updated in bdrv_reopen_prepare()). Signed-off-by: NAlberto Garcia <berto@igalia.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
No real reason to keep using the callback based mechanism here when the rest of the file-posix driver is coroutine based. Changing it brings ioctls more in line with how other request types work. Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 David Hildenbrand 提交于
The input visitor has some problems right now, especially - unsigned type "Range" is used to process signed ranges, resulting in inconsistent behavior and ugly/magical code - uint64_t are parsed like int64_t, so big uint64_t values are not supported and error messages are misleading - lists/ranges of int64_t are accepted although no list is parsed and we should rather report an error - lists/ranges are preparsed using int64_t, making it hard to implement uint64_t values or uint64_t lists - types that don't support lists don't bail out - visiting beyond the end of a list is not handled properly - we don't actually parse lists, we parse *sets*: members are sorted, and duplicates eliminated So let's rewrite it by getting rid of usage of the type "Range" and properly supporting lists of int64_t and uint64_t (including ranges of both types), fixing the above mentioned issues. Lists of other types are not supported and will properly report an error. Virtual walks are now supported. Tests have to be fixed up: - Two BUGs were hardcoded that are fixed now - The string-input-visitor now actually returns a parsed list and not an ordered set. Please note that no users/callers have to be fixed up. Candidates using visit_type_uint16List() and friends are: - backends/hostmem.c:host_memory_backend_set_host_nodes() -- Code can deal with duplicates/unsorted lists - numa.c::query_memdev() -- via object_property_get_uint16List(), the list will still be sorted and without duplicates (via host_memory_backend_get_host_nodes()) - qapi-visit.c::visit_type_Memdev_members() - qapi-visit.c::visit_type_NumaNodeOptions_members() - qapi-visit.c::visit_type_RockerOfDpaGroup_members - qapi-visit.c::visit_type_RxFilterInfo_members() -- Not used with string-input-visitor. Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181121164421.20780-7-david@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 David Hildenbrand 提交于
qemu_strtosz() & friends reject NaNs, but happily accept infinities. They shouldn't. Fix that. The fix makes use of qemu_strtod_finite(). To avoid ugly casts, change the @end parameter of qemu_strtosz() & friends from char ** to const char **. Also, add two test cases, testing that "inf" and "NaN" are properly rejected. While at it, also fixup the function documentation. Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181121164421.20780-3-david@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 David Hildenbrand 提交于
Let's provide a wrapper for strtod(). Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181121164421.20780-2-david@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
- 13 12月, 2018 3 次提交
-
-
由 Edgar E. Iglesias 提交于
Correct the nr of IRQs to 192. Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: NAlistair Francis <alistair.francis@wdc.com> Message-id: 20181129163655.20370-5-edgar.iglesias@gmail.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Edgar E. Iglesias 提交于
Use IRQs 111 - 118 for virtio-mmio. The interrupts we're currently using 160+ are not available in the Versal GIC. Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: NAlistair Francis <alistair.francis@wdc.com> Message-id: 20181129163655.20370-4-edgar.iglesias@gmail.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Mao Zhongyi 提交于
Currently, all sysbus devices have been converted to realize(), so remove this path. Cc: ehabkost@redhat.com Cc: thuth@redhat.com Cc: pbonzini@redhat.com Cc: armbru@redhat.com Cc: peter.maydell@linaro.org Cc: richard.henderson@linaro.org Cc: alistair.francis@wdc.com Signed-off-by: NMao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: NZhang Shengju <zhangshengju@cmss.chinamobile.com> Message-id: 20181130093852.20739-22-maozhongyi@cmss.chinamobile.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 12 12月, 2018 19 次提交
-
-
The two thing that should be handled are cipher and ivgen. For ivgen the solution is just mutex, as iv calculations should not be long in comparison with encryption/decryption. And for cipher let's just keep per-thread ciphers. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 David Hildenbrand 提交于
Just like on other architectures, we should stop the clock while the guest is not running. This is already properly done for TCG. Right now, doing an offline migration (stop, migrate, cont) can easily trigger stalls in the guest. Even doing a (hmp) stop ... wait 2 minutes ... (hmp) cont will already trigger stalls. So whenever the guest stops, backup the KVM TOD. When continuing to run the guest, restore the KVM TOD. One special case is starting a simple VM: Reading the TOD from KVM to stop it right away until the guest is actually started means that the time of any simple VM will already differ to the host time. We can simply leave the TOD running and the guest won't be able to recognize it. For migration, we actually want to keep the TOD stopped until really starting the guest. To be able to catch most errors, we should however try to set the TOD in addition to simply storing it. So we can still catch basic migration problems. If anything goes wrong while backing up/restoring the TOD, we have to ignore it (but print a warning). This is then basically a fallback to old behavior (TOD remains running). I tested this very basically with an initrd: 1. Start a simple VM. Observed that the TOD is kept running. Old behavior. 2. Ordinary live migration. Observed that the TOD is temporarily stopped on the destination when setting the new value and correctly started when finally starting the guest. 3. Offline live migration. (stop, migrate, cont). Observed that the TOD will be stopped on the source with the "stop" command. On the destination, the TOD is temporarily stopped when setting the new value and correctly started when finally starting the guest via "cont". 4. Simple stop/cont correctly stops/starts the TOD. (multiple stops or conts in a row have no effect, so works as expected) In the future, we might want to send the guest a special kind of time sync interrupt under some conditions, so it can synchronize its tod to the host tod. This is interesting for migration scenarios but also when we get time sync interrupts ourselves. This however will most probably have to be handled in KVM (e.g. when the tods differ too much) and is not desired e.g. when debugging the guest (single stepping should not result in permanent time syncs). I consider something like that an add-on on top of this basic "don't break the guest" handling. Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181130094957.4121-1-david@redhat.com> Acked-by: NChristian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NCornelia Huck <cohuck@redhat.com>
-
由 Peter Xu 提交于
Out-of-band command execution was introduced in commit cf869d53. Unfortunately, we ran into a regression, and had to turn it into an experimental option for 2.12 (commit be933ffc). http://lists.gnu.org/archive/html/qemu-devel/2018-03/msg06231.html The regression has since been fixed (commit 951702f3 "monitor: bind dispatch bh to iohandler context"). A thorough re-review of OOB commands led to a few more issues, which have also been addressed. This patch partly reverts be933ffc (monitor: new parameter "x-oob"), and makes QMP monitors again offer capability "oob" whenever they can provide it, i.e. when the monitor's character device is capable of running in an I/O thread. Some trivial touch-up in the test code is required to make sure qmp-test won't break. Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-4-peterx@redhat.com> [Conflict with "monitor: check if chardev can switch gcontext for OOB" resolved, commit message updated] Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 BALATON Zoltan 提交于
Clang 3.4 considers duplicate typedef in ppc4xx_i2c.h and bitbang_i2c.h an error even if they are identical. Move it to a common place to allow building with this clang version. Reported-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NBALATON Zoltan <balaton@eik.bme.hu> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
The code that used it has already been removed a while ago with commit dc41aa7d ("tcg: Remove GET_TCGV_* and MAKE_TCGV_*"). Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Thomas Huth 提交于
Since we require GCC version 4.8 or newer now, we can be sure that the builtin functions are always available on GCC. And for Clang, we can check the availablility with __has_builtin instead. Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Signed-off-by: NThomas Huth <thuth@redhat.com>
-
由 Peter Xu 提交于
When a QMP client sends in-band commands more quickly that we can process them, we can either queue them without limit (QUEUE), drop commands when the queue is full (DROP), or suspend receiving commands when the queue is full (SUSPEND). None of them is ideal: * QUEUE lets a misbehaving client make QEMU eat memory without bounds. Not such a hot idea. * With DROP, the client has to cope with dropped in-band commands. To inform the client, we send a COMMAND_DROPPED event then. The event is flawed by design in two ways: it's ambiguous (see commit d621cfe0), and it brings back the "eat memory without bounds" problem. * With SUSPEND, the client has to manage the flow of in-band commands to keep the monitor available for out-of-band commands. We currently DROP. Switch to SUSPEND. Managing the flow of in-band commands to keep the monitor available for out-of-band commands isn't really hard: just count the number of "outstanding" in-band commands (commands sent minus replies received), and if it exceeds the limit, hold back additional ones until it drops below the limit again. Note that we need to be careful pairing the suspend with a resume, or else the monitor will hang, possibly forever. And here since we need to make sure both: (1) popping request from the req queue, and (2) reading length of the req queue will be in the same critical section, we let the pop function take the corresponding queue lock when there is a request, then we release the lock from the caller. Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-2-peterx@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
QEMU_CHAR_FEATURE_GCONTEXT declares the character device can switch GMainContext. Assert we don't switch context when the character device doesn't provide this feature. Character device users must not violate this restriction. In particular, user configurations that violate them must be rejected. Existing frontend that rely on context switching would now assert() if the backend doesn't allow it (instead of silently producing undesired events in the default context). Following patches improve the situation by reporting an error earlier instead, on the frontend side. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181205203737.9011-4-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
Instead of trying to implement something that isn't well specified, remove it. (it would be tricky to implement, since a class struct is memcpy on children types...) Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-7-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
The function is only used by a test, move it there. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20181204142023.15982-6-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
global_props is only used for Xen xen_compat_props. It's a static array of GlobalProperty, like machine globals in SET_MACHINE_COMPAT(). Let's register the globals the same way, without extra copy allocation. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Message-Id: <20181204142023.15982-5-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
Instead of accepting any Object*, change user_creatable_complete() to require a UserCreatable*. Modify the callers to pass the appropriate argument, removing redundant dynamic cast checks in object creation. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-4-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
Interfaces don't have instance, let's make the interface type really abstract to avoid confusion. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-3-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Alex Williamson 提交于
Including all machine types that might have a pcie-root-port. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com> Message-Id: <154394083644.28192.8501647946108201466.stgit@gimli.home> Reviewed-by: NEric Auger <eric.auger@redhat.com> [ehabkost: fixed accidental recursion at spapr_machine_3_1_class_options()] Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eric Blake 提交于
There's no reason to violate our naming conventions by having a struct with a different name than its typedef. Messed up since its introduction in commit 8c85901e, but made more obvious when commit 3bfe5716 promoted it to typedefs.h. Signed-off-by: NEric Blake <eblake@redhat.com> Message-Id: <20181115211752.1295571-3-eblake@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Corey Minyard 提交于
This makes their function more clear and prevents conflicts when adding the actual devices to the machine state, if necessary. Signed-off-by: NCorey Minyard <cminyard@mvista.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20181107152434.22219-1-minyard@acm.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-Id: <20181106102335.20027-2-kraxel@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 David Hildenbrand 提交于
If there are no changes, let's use a const pointer. Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181023152306.3123-4-david@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Li Qiang 提交于
Cc: qemu-trivial@nongnu.org Signed-off-by: NLi Qiang <liq3ea@163.com> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Message-Id: <20181030151637.37207-1-liq3ea@163.com> Signed-off-by: NLaurent Vivier <laurent@vivier.eu>
-
- 04 12月, 2018 1 次提交
-
-
由 Jason Wang 提交于
We try to detect and drop too large packet (>INT_MAX) in 1592a994 ("net: ignore packet size greater than INT_MAX") during packet delivering. Unfortunately, this is not sufficient as we may hit another integer overflow when trying to queue such large packet in qemu_net_queue_append_iov(): - size of the allocation may overflow on 32bit - packet->size is integer which may overflow even on 64bit Fixing this by moving the check to qemu_sendv_packet_async() which is the entrance of all networking codes and reduce the limit to NET_BUFSIZE to be more conservative. This works since: - For the callers that call qemu_sendv_packet_async() directly, they only care about if zero is returned to determine whether to prevent the source from producing more packets. A callback will be triggered if peer can accept more then source could be enabled. This is usually used by high speed networking implementation like virtio-net or netmap. - For the callers that call qemu_sendv_packet() that calls qemu_sendv_packet_async() indirectly, they often ignore the return value. In this case qemu will just the drop packets if peer can't receive. Qemu will copy the packet if it was queued. So it was safe for both kinds of the callers to assume the packet was sent. Since we move the check from qemu_deliver_packet_iov() to qemu_sendv_packet_async(), it would be safer to make qemu_deliver_packet_iov() static to prevent any external user in the future. This is a revised patch of CVE-2018-17963. Cc: qemu-stable@nongnu.org Cc: Li Qiang <liq3ea@163.com> Fixes: 1592a994 ("net: ignore packet size greater than INT_MAX") Reported-by: NLi Qiang <liq3ea@gmail.com> Reviewed-by: NLi Qiang <liq3ea@gmail.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NThomas Huth <thuth@redhat.com> Message-id: 20181204035347.6148-2-jasowang@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-