- 26 3月, 2020 5 次提交
-
-
由 Maxim Levitsky 提交于
Instead of checking the .bdrv_co_create_opts to see if we need the fallback, just implement the .bdrv_co_create_opts in the drivers that need it. This way we don't break various places that need to know if the underlying protocol/format really supports image creation, and this way we still allow some drivers to not support image creation. Fixes: fd17146c Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1816007 Note that technically this driver reverts the image creation fallback for the vxhs driver since I don't have a means to test it, and IMHO it is better to leave it not supported as it was prior to generic image creation patches. Also drop iscsi_create_opts which was left accidentally. Signed-off-by: NMaxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200326011218.29230-3-mlevitsk@redhat.com> Reviewed-by: NDenis V. Lunev <den@openvz.org> [mreitz: Fixed alignment, and moved bdrv_co_create_opts_simple() and bdrv_create_opts_simple from block.h into block_int.h] Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
由 Maxim Levitsky 提交于
This will allow the reuse of a single generic .bdrv_co_create implementation for several drivers. No functional changes. Signed-off-by: NMaxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200326011218.29230-2-mlevitsk@redhat.com> Reviewed-by: NDenis V. Lunev <den@openvz.org> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
local_err is used again in mirror_exit_common() after bdrv_set_backing_hd(), so we must zero it. Otherwise try to set non-NULL local_err will crash. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200324153630.11882-3-vsementsov@virtuozzo.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
由 Peter Maydell 提交于
Combo Migration/HMP/virtiofs pull Small fixes all around. Ones that are noticeable: a) Igor's migration compatibility fix affecting older machine types has been seen in the wild b) Philippe's autconverge fix should fix an intermittently failing migration test. c) Mao's makes a small change to the output of 'info migrate_parameters' for tls-authz. # gpg: Signature made Wed 25 Mar 2020 13:14:48 GMT # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20200325b: migration: use "" instead of (null) for tls-authz migration/ram: fix use after free of local_err migration/colo: fix use after free of local_err vl.c: fix migration failure for 3.1 and older machine types tools/virtiofsd/passthrough_ll: Fix double close() hmp/vnc: Fix info vnc list leak tests/migration: Reduce autoconverge initial bandwidth xbzrle: update xbzrle doc hmp-cmd: fix a missing_break warning Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
fixes: input error handling & audio segfault # gpg: Signature made Wed 25 Mar 2020 10:58:26 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/fixes-20200325-pull-request: hw/audio/fmopl: fix segmentation fault ui/input-linux: Do not ignore ioctl() return value Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 25 3月, 2020 18 次提交
-
-
由 Mao Zhongyi 提交于
run: (qemu) info migrate_parameters announce-initial: 50 ms ... announce-max: 550 ms multifd-compression: none xbzrle-cache-size: 4194304 max-postcopy-bandwidth: 0 tls-authz: '(null)' Migration parameter 'tls-authz' is used to provide the QOM ID of a QAuthZ subclass instance that provides the access control check, default is NULL. But the empty string is not a valid object ID, so use "" instead of the default. Although it will fail when lookup an object with ID "", it is harmless, just consistent with tls_creds. As a bonus, this patch also fixed the bad indentation on the last line and removed 'has_tls_authz' redundant check in 'hmp_info_migrate_parameters'. Signed-off-by: NMao Zhongyi <maozhongyi@cmss.chinamobile.com> Message-Id: <119f539a9f4d198bc3bcced46b8280520d60bc51.1585100802.git.maozhongyi@cmss.chinamobile.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
local_err is used again in migration_bitmap_sync_precopy() after precopy_notify(), so we must zero it. Otherwise try to set non-NULL local_err will crash. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200324153630.11882-6-vsementsov@virtuozzo.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
local_err is used again in secondary_vm_do_failover() after replication_stop_all(), so we must zero it. Otherwise try to set non-NULL local_err will crash. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200324153630.11882-5-vsementsov@virtuozzo.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Igor Mammedov 提交于
Migration from QEMU(v4.0) fails when using 3.1 or older machine type. For example if one attempts to migrate QEMU-2.12 started as qemu-system-ppc64 -nodefaults -M pseries-2.12 -m 4096 -mem-path /tmp/ to current master, it will fail with qemu-system-ppc64: Unknown ramblock "ppc_spapr.ram", cannot accept migration qemu-system-ppc64: error while loading state for instance 0x0 of device 'ram' qemu-system-ppc64: load of migration failed: Invalid argument Caused by 900c0ba3 commit which switches main RAM allocation to memory backends and the fact in 3.1 and older QEMU, backends used full[***] QOM path as memory region name instead of backend's name. That was changed after 3.1 to use prefix-less names by default (fa0cb34d) for new machine types. *** effectively makes main RAM memory region names defined by MachineClass::default_ram_id being altered with '/objects/' prefix and therefore migration fails as old QEMU sends prefix-less name while new QEMU expects name with prefix when using 3.1 and older machine types. Fix it by forcing implicit[1] memory backend to always use prefix-less names for its memory region by setting 'x-use-canonical-path-for-ramblock-id' property to false. 1) i.e. memory backend created by compat glue which maps -m/-mem-path/-mem-prealloc/default RAM size into appropriate backend type/options to match old CLI format. Fixes: 900c0ba3Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reported-by: NLukáš Doktor <ldoktor@redhat.com> Message-Id: <20200304172748.15338-1-imammedo@redhat.com> Tested-by: NLukáš Doktor <ldoktor@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
On success, the fdopendir() call closes fd. Later on the error path we try to close an already-closed fd. This can lead to use-after-free. Fix by only closing the fd if the fdopendir() call failed. Cc: qemu-stable@nongnu.org Fixes: b39bce12 (add dirp_map to hide lo_dirp pointers) Reported-by: Coverity (CID 1421933 USE_AFTER_FREE) Suggested-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200321120654.7985-1-philmd@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Dr. David Alan Gilbert 提交于
We're iterating the list, and then freeing the iteration pointer rather than the list head. Fixes: 0a9667ec ("hmp: Update info vnc") Reported-by: Coverity (CID 1421932) Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20200323120822.51266-1-dgilbert@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
When using max-bandwidth=~100Mb/s, this test fails on Travis-CI s390x when configured with --disable-tcg: $ make check-qtest TEST check-qtest-s390x: tests/qtest/boot-serial-test qemu-system-s390x: -accel tcg: invalid accelerator tcg qemu-system-s390x: falling back to KVM TEST check-qtest-s390x: tests/qtest/pxe-test TEST check-qtest-s390x: tests/qtest/test-netfilter TEST check-qtest-s390x: tests/qtest/test-filter-mirror TEST check-qtest-s390x: tests/qtest/test-filter-redirector TEST check-qtest-s390x: tests/qtest/drive_del-test TEST check-qtest-s390x: tests/qtest/device-plug-test TEST check-qtest-s390x: tests/qtest/virtio-ccw-test TEST check-qtest-s390x: tests/qtest/cpu-plug-test TEST check-qtest-s390x: tests/qtest/migration-test ** ERROR:tests/qtest/migration-test.c:1229:test_migrate_auto_converge: 'got_stop' should be FALSE ERROR - Bail out! ERROR:tests/qtest/migration-test.c:1229:test_migrate_auto_converge: 'got_stop' should be FALSE make: *** [tests/Makefile.include:633: check-qtest-s390x] Error 1 Per David Gilbert, "it could just be the writing is slow on s390 and the migration thread fast; in which case the autocomplete wouldn't be needed. Perhaps we just need to reduce the bandwidth limit." Tuning the threshold by reducing the initial bandwidth makes the autoconverge test pass. Suggested-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200323184015.11565-1-philmd@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Tested-by: NAlex Bennée <alex.bennee@linaro.org> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Mao Zhongyi 提交于
Add new parameter description, also: 1. Remove unsociable space. 2. Nit picking: s/two/2 in report Signed-off-by: NMao Zhongyi <maozhongyi@cmss.chinamobile.com> Message-Id: <20200320143216.423374-1-maozhongyi@cmss.chinamobile.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Pan Nengyuan 提交于
This fix coverity issues 94417686: 1260 break; CID 94417686: (MISSING_BREAK) 1261. unterminated_case: The case for value "MIGRATION_PARAMETER_THROTTLE_TRIGGER_THRESHOLD" is not terminated by a 'break' statement. 1261 case MIGRATION_PARAMETER_THROTTLE_TRIGGER_THRESHOLD: 1262 p->has_throttle_trigger_threshold = true; 1263 visit_type_int(v, param, &p->throttle_trigger_threshold, &err); 1264 case MIGRATION_PARAMETER_CPU_THROTTLE_INITIAL: Fixes: dc14a470 Fixes: Coverity (CID 1421950) Reported-by: NEuler Robot <euler.robot@huawei.com> Signed-off-by: NPan Nengyuan <pannengyuan@huawei.com> Message-Id: <20200318071620.59748-1-pannengyuan@huawei.com> Reviewed-by: NKeqian Zhu <zhukeqian1@huawei.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
-
由 Volker Rümelin 提交于
Current code allocates the memory for ENV_CURVE too late. Move allocation to OPLOpenTable() and deallocation to OPLCloseTable(). To reproduce the bug start qemu with -soundhw adlib. Fixes 2eea51bd "hw/audio/fmopl: Move ENV_CURVE to .heap to save 32KiB of .bss" Signed-off-by: NVolker Rümelin <vr_qemu@t-online.de> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200324061855.5951-1-vr_qemu@t-online.de Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
Fix warnings reported by Clang static code analyzer: CC ui/input-linux.o ui/input-linux.c:343:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGBIT(EV_REL, sizeof(relmap)), &relmap); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:351:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGBIT(EV_ABS, sizeof(absmap)), &absmap); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:354:13: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGABS(ABS_X), &absinfo); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:357:13: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGABS(ABS_Y), &absinfo); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:365:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGBIT(EV_KEY, sizeof(keymap)), keymap); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ui/input-linux.c:366:9: warning: Value stored to 'rc' is never read rc = ioctl(il->fd, EVIOCGKEY(sizeof(keystate)), keystate); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reported-by: Clang Static Analyzer Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NDarren Kenny <darren.kenny@oracle.com> Message-id: 20200322161219.17757-1-philmd@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
qemu-ga patch queue for hard-freeze * fix undefined C behavior with guest-file-* interfaces * fix w32 installer issues * fix crash for large file reads via guest-file-read on windows * add missing man page documentation for virtio-vsock # gpg: Signature made Tue 24 Mar 2020 16:45:24 GMT # gpg: using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584 # gpg: issuer "mdroth@linux.vnet.ibm.com" # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full] # gpg: aka "Michael Roth <mdroth@utexas.edu>" [full] # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full] # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2020-03-24-tag0: qemu-ga: document vsock-listen in the man page qga: Fix undefined C behavior qga-win: prevent crash when executing guest-file-read with large count qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error qga: Installer: Wait for installation to finish Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Stefan Hajnoczi 提交于
Although qemu-ga has supported vsock since 2016 it was not documented on the man page. Also add the socket address representation to the qga --help output. Fixes: 586ef5de ("qga: add vsock-listen method") Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NStefano Garzarella <sgarzare@redhat.com> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Eric Blake 提交于
The QAPI struct GuestFileWhence has a comment about how we are exploiting equivalent values between two different integer types shared in a union. But C says behavior is undefined on assignments to overlapping storage when the two types are not the same width, and indeed, 'int64_t value' and 'enum QGASeek name' are very likely to be different in width. Utilize a temporary variable to fix things. Reported-by: NPeter Maydell <peter.maydell@linaro.org> Fixes: 0b4b4938 Fixes: Coverity CID 1421990 Signed-off-by: NEric Blake <eblake@redhat.com> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Basil Salman 提交于
guest-file-read command is currently implemented to read from a file handle count number of bytes. when executed with a very large count number qemu-ga crashes. after some digging turns out that qemu-ga crashes after trying to allocate a buffer large enough to save the data read in it, the buffer was allocated using g_malloc0 which is not fail safe, and results a crash in case of failure. g_malloc0 was replaced with g_try_malloc0() which returns NULL on failure, A check was added for that case in order to prevent qemu-ga from crashing and to send a response to the qemu-ga client accordingly. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054Signed-off-by: NBasil Salman <basil@daynix.com> Reported-by: NFakhri Zulkifli <mohdfakhrizulkifli@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Sameeh Jubran 提交于
This patch handles the case where VSS Provider is already registered, where in such case qga uninstalls the provider and registers it again. Signed-off-by: NSameeh Jubran <sjubran@redhat.com> Signed-off-by: NBasil Salman <basil@daynix.com> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Basil Salman 提交于
Installation might fail if we don't wait for the provider unregisteration process to finish. Signed-off-by: NSameeh Jubran <sjubran@redhat.com> Signed-off-by: NBasil Salman <basil@daynix.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
- 24 3月, 2020 17 次提交
-
-
由 Peter Maydell 提交于
Block patches for 5.0-rc0: - Use-after-free fix - Fix for a memleak in an error path - Preventative measures against other potential use-after-frees, and against NULL deferences at runtime - iotest fixes # gpg: Signature made Tue 24 Mar 2020 12:19:09 GMT # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-03-24: iotests/026: Move v3-exclusive test to new file iotests: Fix cleanup path in some tests block/qcow2: zero data_file child after free block: bdrv_set_backing_bs: fix use-after-free block: Assert BlockDriver::format_name is not NULL block: Avoid memleak on qcow2 image info failure Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Max Reitz 提交于
data_file does not work with v2, and we probably want 026 to keep working for v2 images. Thus, open a new file for v3-exclusive error path test cases. Fixes: 81311255 (“iotests/026: Test EIO on allocation in a data-file”) Signed-off-by: NMax Reitz <mreitz@redhat.com> Message-Id: <20200311140707.1243218-1-mreitz@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Tested-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
由 Max Reitz 提交于
Some iotests leave behind some external data file when run for qcow2 with -o data_file. Fix that. Signed-off-by: NMax Reitz <mreitz@redhat.com> Message-Id: <20200224171631.384314-1-mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
data_file being NULL doesn't seem to be a correct state, but it's better than dead pointer and simpler to debug. Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200316060631.30052-3-vsementsov@virtuozzo.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
There is a use-after-free possible: bdrv_unref_child() leaves bs->backing freed but not NULL. bdrv_attach_child may produce nested polling loop due to drain, than access of freed pointer is possible. I've produced the following crash on 30 iotest with modified code. It does not reproduce on master, but still seems possible: #0 __strcmp_avx2 () at /lib64/libc.so.6 #1 bdrv_backing_overridden (bs=0x55c9d3cc2060) at block.c:6350 #2 bdrv_refresh_filename (bs=0x55c9d3cc2060) at block.c:6404 #3 bdrv_backing_attach (c=0x55c9d48e5520) at block.c:1063 #4 bdrv_replace_child_noperm (child=child@entry=0x55c9d48e5520, new_bs=new_bs@entry=0x55c9d3cc2060) at block.c:2290 #5 bdrv_replace_child (child=child@entry=0x55c9d48e5520, new_bs=new_bs@entry=0x55c9d3cc2060) at block.c:2320 #6 bdrv_root_attach_child (child_bs=child_bs@entry=0x55c9d3cc2060, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, ctx=<optimized out>, perm=<optimized out>, shared_perm=21, opaque=0x55c9d3c5a3d0, errp=0x7ffd117108e0) at block.c:2424 #7 bdrv_attach_child (parent_bs=parent_bs@entry=0x55c9d3c5a3d0, child_bs=child_bs@entry=0x55c9d3cc2060, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, errp=errp@entry=0x7ffd117108e0) at block.c:5876 #8 in bdrv_set_backing_hd (bs=bs@entry=0x55c9d3c5a3d0, backing_hd=backing_hd@entry=0x55c9d3cc2060, errp=errp@entry=0x7ffd117108e0) at block.c:2576 #9 stream_prepare (job=0x55c9d49d84a0) at block/stream.c:150 #10 job_prepare (job=0x55c9d49d84a0) at job.c:761 #11 job_txn_apply (txn=<optimized out>, fn=<optimized out>) at job.c:145 #12 job_do_finalize (job=0x55c9d49d84a0) at job.c:778 #13 job_completed_txn_success (job=0x55c9d49d84a0) at job.c:832 #14 job_completed (job=0x55c9d49d84a0) at job.c:845 #15 job_completed (job=0x55c9d49d84a0) at job.c:836 #16 job_exit (opaque=0x55c9d49d84a0) at job.c:864 #17 aio_bh_call (bh=0x55c9d471a160) at util/async.c:117 #18 aio_bh_poll (ctx=ctx@entry=0x55c9d3c46720) at util/async.c:117 #19 aio_poll (ctx=ctx@entry=0x55c9d3c46720, blocking=blocking@entry=true) at util/aio-posix.c:728 #20 bdrv_parent_drained_begin_single (poll=true, c=0x55c9d3d558f0) at block/io.c:121 #21 bdrv_parent_drained_begin_single (c=c@entry=0x55c9d3d558f0, poll=poll@entry=true) at block/io.c:114 #22 bdrv_replace_child_noperm (child=child@entry=0x55c9d3d558f0, new_bs=new_bs@entry=0x55c9d3d27300) at block.c:2258 #23 bdrv_replace_child (child=child@entry=0x55c9d3d558f0, new_bs=new_bs@entry=0x55c9d3d27300) at block.c:2320 #24 bdrv_root_attach_child (child_bs=child_bs@entry=0x55c9d3d27300, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, ctx=<optimized out>, perm=<optimized out>, shared_perm=21, opaque=0x55c9d3cc2060, errp=0x7ffd11710c60) at block.c:2424 #25 bdrv_attach_child (parent_bs=parent_bs@entry=0x55c9d3cc2060, child_bs=child_bs@entry=0x55c9d3d27300, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, errp=errp@entry=0x7ffd11710c60) at block.c:5876 #26 bdrv_set_backing_hd (bs=bs@entry=0x55c9d3cc2060, backing_hd=backing_hd@entry=0x55c9d3d27300, errp=errp@entry=0x7ffd11710c60) at block.c:2576 #27 stream_prepare (job=0x55c9d495ead0) at block/stream.c:150 ... Signed-off-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200316060631.30052-2-vsementsov@virtuozzo.com> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
由 Philippe Mathieu-Daudé 提交于
bdrv_do_find_format() calls strcmp() using BlockDriver::format_name as argument, which must not be NULL. Assert this field is not null when we register a block driver in bdrv_register(). Reported-by: NMansour Ahmadi <ManSoSec@gmail.com> Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200318222235.23856-1-philmd@redhat.com> Reviewed-by: NAlberto Garcia <berto@igalia.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
由 Eric Blake 提交于
If we fail to get bitmap info, we must not leak the encryption info. Fixes: b8968c87 Fixes: Coverity CID 1421894 Signed-off-by: NEric Blake <eblake@redhat.com> Message-Id: <20200320183620.1112123-1-eblake@redhat.com> Reviewed-by: NVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: NAndrey Shinkevich <andrey.shinkevich@virtuozzo.com> Tested-by: NAndrey Shinkevich <andrey.shinkevich@virtuozzo.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-
由 Peter Maydell 提交于
ppc patch queue for 2020-03-24 Here's a final pull request before the qemu-5.0 hard freeze. We have an implementation of the POWER9 forms of the slbia instruction, a small cleanup and a handful of assorted fixes. # gpg: Signature made Tue 24 Mar 2020 05:12:30 GMT # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-5.0-20200324: ppc/ppc405_boards: Remove unnecessary NULL check hw/ppc: Take QEMU lock when calling ppc_dcr_read/write() spapr: Fix memory leak in h_client_architecture_support() target/ppc: don't byte swap ELFv2 signal handler target/ppc: Fix ISA v3.0 (POWER9) slbia implementation target/ppc: Fix slbia TLB invalidation gap ppc/spapr: Set the effective address provided flag in mc error log. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Philippe Mathieu-Daudé 提交于
This code is inside the "if (dinfo)" condition, so testing again here whether it is NULL is unnecessary. Fixes: dd59bcae (Don't size flash memory to match backing image) Reported-by: Coverity (CID 1421917) Suggested-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200320155740.5342-1-philmd@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Peter Maydell 提交于
The ppc_dcr_read() and ppc_dcr_write() functions call into callbacks in device code, so we need to hold the QEMU iothread lock while calling them. This is the case already for the callsites in kvmppc_handle_dcr_read/write(), but we must also take the lock when calling the helpers from TCG. This fixes a bug where attempting to initialise the PPC405EP SDRAM will cause an assertion when sdram_map_bcr() attempts to remap memory regions. Reported-by: NAmit Lazar <abasarlaz@hotmail.com> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-Id: <20200322192258.14039-1-peter.maydell@linaro.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Greg Kurz 提交于
This is the only error path that needs to free the previously allocated ov1. Reported-by: Coverity (CID 1421924) Fixes: cbd0d7f3 "spapr: Fail CAS if option vector table cannot be parsed" Signed-off-by: NGreg Kurz <groug@kaod.org> Message-Id: <158481206205.336182.16106097429336044843.stgit@bahia.lan> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
-
由 Vincent Fazio 提交于
Previously, the signal handler would be byte swapped if the target and host CPU used different endianness. This would cause a SIGSEGV when attempting to translate the opcode pointed to by the swapped address. Thread 1 "qemu-ppc64" received signal SIGSEGV, Segmentation fault. 0x00000000600a9257 in ldl_he_p (ptr=0x4c2c061000000000) at qemu/include/qemu/bswap.h:351 351 __builtin_memcpy(&r, ptr, sizeof(r)); #0 0x00000000600a9257 in ldl_he_p (ptr=0x4c2c061000000000) at qemu/include/qemu/bswap.h:351 #1 0x00000000600a92fe in ldl_be_p (ptr=0x4c2c061000000000) at qemu/include/qemu/bswap.h:449 #2 0x00000000600c0790 in translator_ldl_swap at qemu/include/exec/translator.h:201 #3 0x000000006011c1ab in ppc_tr_translate_insn at qemu/target/ppc/translate.c:7856 #4 0x000000006005ae70 in translator_loop at qemu/accel/tcg/translator.c:102 The signal handler will be byte swapped as a result of the __get_user() call in sigaction() if it is necessary, no additional swap is required. Signed-off-by: NVincent Fazio <vfazio@gmail.com> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Reviewed-by: NRichard Henderson <richard.henderson@linaro.org> Message-Id: <20200319133244.8818-1-vfazio@xes-inc.com> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Nicholas Piggin 提交于
The new ISA v3.0 slbia variants have not been implemented for TCG, which can lead to crashing when a POWER9 machine boots Linux using the hash MMU, for example ("disable_radix" kernel command line). Add them. Signed-off-by: NNicholas Piggin <npiggin@gmail.com> Message-Id: <20200319064439.1020571-1-npiggin@gmail.com> Reviewed-by: NCédric Le Goater <clg@kaod.org> [dwg: Fixed compile error for USER_ONLY builds] Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Nicholas Piggin 提交于
slbia must invalidate TLBs even if it does not remove a valid SLB entry, because slbmte can overwrite valid entries without removing their TLBs. As the architecture says, slbia invalidates all lookaside information, not conditionally based on if it removed valid entries. It does not seem possible for POWER8 or earlier Linux kernels to hit this bug because it never changes its kernel SLB translations, and it should always have valid entries if any accesses are made to userspace regions. However other operating systems which may modify SLB entry 0 or do more fancy things with segments might be affected. When POWER9 slbia support is added in the next patch, this becomes a real problem because some new slbia variants don't invalidate all non-zero entries. Signed-off-by: NNicholas Piggin <npiggin@gmail.com> Message-Id: <20200318044135.851716-1-npiggin@gmail.com> Reviewed-by: NCédric Le Goater <clg@kaod.org> Reviewed-by: NGreg Kurz <groug@kaod.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Mahesh Salgaonkar 提交于
Per PAPR, it is expected to set effective address provided flag in sub_err_type member of mc extended error log (i.e rtas_event_log_v6_mc.sub_err_type). This somehow got missed in original fwnmi-mce patch series. The current code just updates the effective address but does not set the flag to indicate that it is available. Hence guest fails to extract effective address from mce rtas log. This patch fixes that. Without this patch guest MCE logs fails print DAR value: [ 11.933608] Disabling lock debugging due to kernel taint [ 11.933773] MCE: CPU0: machine check (Severe) Host TLB Multihit [Recovered] [ 11.933979] MCE: CPU0: NIP: [c000000000090b34] radix__flush_tlb_range_psize+0x194/0xf00 [ 11.934223] MCE: CPU0: Initiator CPU [ 11.934341] MCE: CPU0: Unknown After the change: [ 22.454149] Disabling lock debugging due to kernel taint [ 22.454316] MCE: CPU0: machine check (Severe) Host TLB Multihit DAR: deadbeefdeadbeef [Recovered] [ 22.454605] MCE: CPU0: NIP: [c0000000003e5804] kmem_cache_alloc+0x84/0x330 [ 22.454820] MCE: CPU0: Initiator CPU [ 22.454944] MCE: CPU0: Unknown Signed-off-by: NMahesh Salgaonkar <mahesh@linux.ibm.com> Message-Id: <158451653844.22972.17999316676230071087.stgit@jupiter> Reviewed-by: NNicholas Piggin <npiggin@gmail.com> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>
-
由 Peter Maydell 提交于
Pull request # gpg: Signature made Mon 23 Mar 2020 19:24:02 GMT # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: aio-posix: fix io_uring with external events Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
target-arm queue: * target/arm: avoid undefined behaviour shift in watchpoint code * target/arm: avoid undefined behaviour shift in handle_simd_dupe() * target/arm: add assert that immh != 0 in disas_simd_shift_imm() * aspeed/smc: Fix DMA support for AST2600 * hw/arm/bcm283x: Correct the license text ('and' vs 'or') # gpg: Signature made Mon 23 Mar 2020 17:38:59 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200323: target/arm: Move computation of index in handle_simd_dupe target/arm: Assert immh != 0 in disas_simd_shift_imm target/arm: Rearrange disabled check for watchpoints aspeed/smc: Fix DMA support for AST2600 hw/arm/bcm283x: Correct the license text Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-