- 02 5月, 2011 12 次提交
-
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
由 Michael Tokarev 提交于
This change fixes a long-standing immediate crash (memory corruption and abort in glibc malloc code) in migration on 32bits. The bug is present since this commit: commit 692d9aca97b865b0f7903565274a52606910f129 Author: Bruce Rogers <brogers@novell.com> Date: Wed Sep 23 16:13:18 2009 -0600 qemu-kvm: allocate correct size for dirty bitmap The dirty bitmap copied out to userspace is stored in a long array, and gets copied out to userspace accordingly. This patch accounts for that correctly. Currently I'm seeing kvm crashing due to writing beyond the end of the alloc'd dirty bitmap memory, because the buffer has the wrong size. Signed-off-by: Bruce Rogers Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com> --- a/qemu-kvm.c +++ b/qemu-kvm.c @@ int kvm_get_dirty_pages_range(kvm_context_t kvm, unsigned long phys_addr, - buf = qemu_malloc((slots[i].len / 4096 + 7) / 8 + 2); + buf = qemu_malloc(BITMAP_SIZE(slots[i].len)); r = kvm_get_map(kvm, KVM_GET_DIRTY_LOG, i, buf); BITMAP_SIZE is now open-coded in that function, like this: size = ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), HOST_LONG_BITS) / 8; The problem is that HOST_LONG_BITS in 32bit userspace is 32 but it's 64 in 64bit kernel. So userspace aligns this to 32, and kernel to 64, but since no length is passed from userspace to kernel on ioctl, kernel uses its size calculation and copies 4 extra bytes to userspace, corrupting memory. Here's how it looks like during migrate execution: our=20, kern=24 our=4, kern=8 ... our=4, kern=8 our=4064, kern=4064 our=512, kern=512 our=4, kern=8 our=20, kern=24 our=4, kern=8 ... our=4, kern=8 our=4064, kern=4064 *** glibc detected *** ./x86_64-softmmu/qemu-system-x86_64: realloc(): invalid next size: 0x08f20528 *** (our is userspace size above, kern is the size as calculated by the kernel). Fix this by always aligning to 64 in a hope that no platform will have sizeof(long)>8 any time soon, and add a comment describing it all. It's a small price to pay for bad kernel design. Alternatively it's possible to fix that in the kernel by using different size calculation depending on the current process. But this becomes quite ugly. Special thanks goes to Stefan Hajnoczi for spotting the fundamental cause of the issue, and to Alexander Graf for his support in #qemu. Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru> CC: Bruce Rogers <brogers@novell.com> Signed-off-by: NAvi Kivity <avi@redhat.com>
-
由 Jan Kiszka 提交于
KVM only requires to set the raised IRQ in CPUState and to kick the receiving vcpu if it is remote. Installing a specialized handler allows potential future changes to the TCG code path without risking KVM side effects. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
由 Jan Kiszka 提交于
This allows to override the interrupt handling of QEMU in system mode. KVM will make use of it to set a specialized handler. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
由 Jan Kiszka 提交于
Both have only two lines in common, and we will convert the system service into a callback which is of no use for user mode operation. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> CC: Riku Voipio <riku.voipio@iki.fi> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
由 Glauber Costa 提交于
kvmclock presence can be signalled by two different flags. So for device creation, we have to test for both. Signed-off-by: NGlauber Costa <glommer@redhat.com> Signed-off-by: NAvi Kivity <avi@redhat.com>
-
由 Glauber Costa 提交于
We have two bits that can represent kvmclock in cpuid. They signal the guest which msr set to use. When we tweak flags involving this value - specially when we use "-", we have to act on both. Signed-off-by: NGlauber Costa <glommer@redhat.com> Signed-off-by: NAvi Kivity <avi@redhat.com>
-
由 Jan Kiszka 提交于
kvmclock is represented by two feature bits. Therefore, lookup_feature needs to continue its search even after the first match. Enhance it accordingly and switch to a bool return type at this chance. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
-
由 Glauber Costa 提交于
Use the features provided by KVM_GET_SUPPORTED_CPUID directly to mask out features from guest-visible cpuid. The old get_para_features() mechanism is kept for older kernels that do not implement it. Signed-off-by: NGlauber Costa <glommer@redhat.com> Signed-off-by: NAvi Kivity <avi@redhat.com>
-
由 Mike McCormack 提交于
The kernel doesn't fill the buffer provided to sched_getaffinity with zero bytes, so neither should QEMU. Signed-off-by: NMike McCormack <mj.mccormack@samsung.com> Reviewed-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>
-
由 Mike McCormack 提交于
Zeroing of the cpu array should start from &cpus[kernel_ret] not &cpus[num_zeros_to_fill]. This fixes a crash in EFL's edje_cc running under qemu-arm. Signed-off-by: NMike McCormack <mj.mccormack@samsung.com> Reviewed-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: NMike Frysinger <vapier@gentoo.org> Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>
-
由 Stefan Weil 提交于
Debian Lenny and other installations with older linux versions failed to compile linux-user because some CLONE_xxx macros are undefined. Signed-off-by: NStefan Weil <weil@mail.berlios.de> Signed-off-by: NRiku Voipio <riku.voipio@iki.fi>
-
- 30 4月, 2011 1 次提交
-
-
git://qemu.weilnetz.de/git/qemu由 Blue Swirl 提交于
* 'patches' of git://qemu.weilnetz.de/git/qemu: qemu-timer: Fix timers for w32 qemu-timer: Avoid type casts qemu-timer: Remove unneeded include statement (w32) qemu-timer: Add and use new function qemu_timer_expired_ns
-
- 29 4月, 2011 1 次提交
-
-
由 Anthony Liguori 提交于
The latest virtfs pull broke the cris-softmmu target. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
- 28 4月, 2011 11 次提交
-
-
由 Anthony Liguori 提交于
-
由 Anthony Liguori 提交于
-
由 Alexey Kardashevskiy 提交于
The virtio serial specification requres that the values in the config space are encoded in native endian of the guest. The qemu virtio-serial code did not do conversion to the guest endian format what caused problems when host and guest use different format. This patch corrects the qemu side, correctly doing host-native <-> guest-native conversions when accessing the config space. This won't break any setups that aren't already broken, and fixes the case of different host and guest endianness. Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NJuan Quintela <quintela@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Amit Shah 提交于
Juan says he prefers these extra checks to ensure a user of a chardev is releasing it. Requested-by: NJuan Quintela <quintela@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Kusanagi Kouichi 提交于
This fixes regression caused by commit 2d6c1ef4 ("char: Prevent multiple devices opening same chardev"): -nodefaults -nographic -chardev stdio,id=stdio,mux=on,signal=off \ -mon stdio -device virtio-serial-pci \ -device virtconsole,chardev=stdio -device isa-serial,chardev=stdio fails with: qemu-system-x86_64: -device isa-serial,chardev=stdio: Property 'isa-serial.chardev' can't take value 'stdio', it's in use Signed-off-by: NKusanagi Kouichi <slash@ac.auone-net.jp> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Hans de Goede 提交于
Note the vmc_register_interface() in spice_chr_write is left in place in case someone uses spice-chardev with a frontend which does not have guest open / close notification. Signed-off-by: NHans de Goede <hdegoede@redhat.com> Reviewed-by: NAlon Levy <alevy@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Hans de Goede 提交于
Signed-off-by: NHans de Goede <hdegoede@redhat.com> Reviewed-by: NAlon Levy <alevy@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Hans de Goede 提交于
Some frontends know when the guest has opened the "channel" and is actively listening to it, for example virtio-serial. This patch adds 2 new qemu-chardev functions which can be used by frontends to signal guest open / close, and allows interested backends to listen to this. Signed-off-by: NHans de Goede <hdegoede@redhat.com> Reviewed-by: NAlon Levy <alevy@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Peter Maydell 提交于
Make sure the base register isn't updated if it is in the load list for a Thumb LDM (T1 encoding) which aborts partway through the load. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
由 YuYeon Oh 提交于
target-arm: fix LDMIA bug on page boundary When consecutive memory locations are on page boundary, a base register may be loaded before page fault occurs. After page fault handling, it losts the memory location information. To solve this problem, loading a base register has to put back. Signed-off-by: NYuyeon Oh <yuyeon.oh@samsung.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
由 Jan Kiszka 提交于
So far we set IRR for edge IRQs even if the pin is masked. If the guest later on unmasks and switches the pin to level-triggered mode, irr will remain set, causing an IRQ storm. The point is that setting IRR is not correct in this case according to the spec, and avoiding this resolves the issue. Reported-and-tested-by: NIsaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
- 27 4月, 2011 15 次提交
-
-
由 Stefan Hajnoczi 提交于
The -virtfs option creates an fsdev representing the pass-through file system and a guest-visible virtio-9p-pci device that can access this file system. This patch replaces the string manipulation used to build and reparse option lists with direct QemuOpts calls. Removing the string manipulation code makes it easier to maintain and less error prone. An error message is also updated to use "mount_tag" instead of "mnt_tag". Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 Harsh Prateek Bora 提交于
The nwnames field in TWALK message is assumed to be >=0 and <= MAXWELEM which is defined as macro P9_MAXWELEM (16) in virtio-9p.h as per 9p2000 RFC. Appropriate changes are required in V9fsWalkState and v9fs_walk. Signed-off-by: NHarsh Prateek Bora <harsh@linux.vnet.ibm.com> Reviewed-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 Harsh Prateek Bora 提交于
This patch removes the addition of null char in symlink file which is being appended to file in case of mapped security model. Without this patch, the extra null char causes LTP testcase lstat03 to fail and hence this fix is required. Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 M. Mohan Kumar 提交于
LCREATE function packs address of iounit in the pdu, fix that to send actual iounit itself. Signed-off-by: NM. Mohan Kumar <mohan@in.ibm.com> Acked-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 Aneesh Kumar K.V 提交于
If we don't have default acl, removexattr on default acl should return 0 Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 Aneesh Kumar K.V 提交于
Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 Aneesh Kumar K.V 提交于
Now that we start adding more files related to 9pfs it make sense to move them to a separate directory Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
-
由 Jan Kiszka 提交于
Commit 5145b3d1 revealed a bug in the lazy ROMD switch-back logic, but resolved it by breaking that feature. This approach addresses the issue by switching back to ROMD after a certain amount of read accesses without further unlock sequences. Signed-off-by: NJan Kiszka <jan.kiszka@web.de> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
由 Stefan Weil 提交于
cppcheck reports this error: commpage.c:223: error: Possible null pointer dereference: value - otherwise it is redundant to check if value is null at line 214 The null pointer check in line 214 is indeed not needed. If value were null, the code would crash in line 223. See do_compare_and_swap64 were for a reference. Signed-off-by: NStefan Weil <weil@mail.berlios.de> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
git://repo.or.cz/qemu/kevin由 Aurelien Jarno 提交于
* 'for-anthony' of git://repo.or.cz/qemu/kevin: Remove obsolete 'enabled' variable from progress state Add dd-style SIGUSR1 progress reporting qed: Fix consistency check on 32-bit hosts ide/atapi: Introduce CHECK_READY flag for commands ide/atapi: Replace bdrv_get_geometry calls by s->nb_sectors ide/atapi: Use table instead of switch for commands ide/atapi: Factor commands out ide: Split atapi.c out Improve accuracy of block migration bandwidth calculation atapi: Add 'medium ready' to 'medium not ready' transition on cd change qemu-img: allow rebase to a NULL backing file when unsafe
-
由 Stefan Weil 提交于
Compilation for Windows needs a different declaration for the printf format attribute, so use the macro which was defined for this purpose. Cc: Benjamin Poirier <benjamin.poirier@gmail.com> Signed-off-by: NStefan Weil <weil@mail.berlios.de> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
由 Jes Sorensen 提交于
Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Jes Sorensen 提交于
This introduces support for dd-style progress reporting on POSIX systems, if the user hasn't specified -p to report progress. If sent a SIGUSR1, qemu-img will report current progress for commands that support progress reporting. Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Hajnoczi 提交于
The qed_bytes_to_clusters() function is normally used with size_t lengths. Consistency check used it with file size length and therefore failed on 32-bit hosts when the image file is 4 GB or more. Make qed_bytes_to_clusters() explicitly 64-bit and update consistency check to keep 64-bit cluster counts. Reported-by: NMichael Tokarev <mjt@tls.msk.ru> Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
Some commands are supposed to report a Not Ready Condition (i.e. they require a medium to be present in order to execute successfully). Instead of duplicating the check in each command implementation, let's add a flag and check it before calling the command. This patch only converts existing checks, it does not introduce new checks for any of the other commands that can/should report a Not Ready Condition. Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-