- 14 9月, 2016 40 次提交
-
-
由 Daniel P. Berrange 提交于
The mux chardev was not checking the return value of any qemu_chr_fe_write() call so would silently loose data on EAGAIN. Similarly the qemu_chr_fe_printf method would not check errors and was not in a position to retry even if it could check. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473170165-540-5-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Daniel P. Berrange 提交于
The qemu_chr_fe_write method will return -1 on EAGAIN if the chardev backend write would block. Almost no callers of the qemu_chr_fe_write() method check the return value, instead blindly assuming data was successfully sent. In most cases this will lead to silent data loss on interactive consoles, but in some cases (eg RNG EGD) it'll just cause corruption of the protocol being spoken. We unfortunately can't fix the virtio-console code, due to a bug in the Linux guest drivers, which would cause the entire Linux kernel to hang if we delay processing of the incoming data in any way. Fixing this requires first fixing the guest driver to not hold spinlocks while writing to the hvc device backend. Fixes bug: https://bugs.launchpad.net/qemu/+bug/1586756Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473170165-540-4-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Daniel P. Berrange 提交于
The write_console_data() method in sclpconsole-lm.c checks whether the return value of qemu_chr_fe_write() has the value of -EAGAIN and if so then increments the buffer offset by the value of EAGAIN. Fortunately qemu_chr_fe_write() will never return EAGAIN directly, rather it returns -1 with errno set to EAGAIN, so this broken code path was not reachable. The behaviour on EAGAIN was stil bad though, causing the write_console_data() to busy_wait repeatedly calling qemu_chr_fe_write() with no sleep between iters. Just remove all this loop logic and replace with a call to qemu_chr_fe_write_all(). Acked-by: NCornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473170165-540-3-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Daniel P. Berrange 提交于
The continue_send() method in ipmi_bmc_extern.c directly assigns the return value of qemu_chr_fe_write() to the variable tracking the I/O buffer offset. This ignores the possibility that the return value could be -1 and so will cause I/O go backwards on EAGAIN. Fortunately 'outpos' is unsigned, so can't go negative - it will become MAX_INT which will cause the loop to stop, and avoid an accidental out of bounds array access. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473170165-540-2-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Daniel P. Berrange 提交于
The CONFIG_PIIX_PCI=y setting was added in commit 70615c38 Author: Blue Swirl <blauwirbel@gmail.com> Date: Mon Mar 22 20:18:40 2010 +0000 Compile sound devices only once but nothing in that commit, nor anything pre-existing, ever referenced CONFIG_PIIX_PCI. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473096320-1638-4-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Daniel P. Berrange 提交于
The use of the CONFIG_ISA_MMIO setting was removed in commit 61fcb628 Author: Paolo Bonzini <pbonzini@redhat.com> Date: Mon Jul 22 15:54:24 2013 +0200 isa_mmio: delete but this commit only removed it from some of the default config files. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473096320-1638-3-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Daniel P. Berrange 提交于
The CONFIG_PAM=y setting was added in commit c0907c9e Author: Paolo Bonzini <pbonzini@redhat.com> Date: Tue Feb 5 15:06:20 2013 +0100 hw: move PCI bridges to hw/pci-* or hw/ARCH but nothing in that commit, nor anything pre-existing, ever referenced CONFIG_PAM. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1473096320-1638-2-git-send-email-berrange@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Prasad J Pandit 提交于
In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very long time or go into an infinite loop due to two different bugs: 1) the request descriptor data length is defined to be 64 bit. While building SG list from a request descriptor, it gets truncated to 32bit in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop situation large 'dataLen' values when data_length is cast to uint32_t and chunk_size becomes always zero. Fix this by removing the incorrect cast. 2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the element has a zero length. Get out of the loop early when this happens, by introducing an upper limit on the number of SG list elements. Reported-by: NLi Qiang <liqiang6-s@360.cn> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-Id: <1473108643-12983-1-git-send-email-ppandit@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Thomas Huth 提交于
These header files obviously belong to the PC chipset (since their names match the other .c files in this section). Signed-off-by: NThomas Huth <thuth@redhat.com> Message-Id: <1473111075-25311-1-git-send-email-thuth@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Thomas Huth 提交于
get_maintainer.pl currently thinks that the scsi headers are currrently unmaintained. So let's fix the corresponding wildcard expression. Signed-off-by: NThomas Huth <thuth@redhat.com> Message-Id: <1473106301-23102-1-git-send-email-thuth@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Lin Ma 提交于
Signed-off-by: NLin Ma <lma@suse.com> Message-Id: <20160816171352.17021-1-lma@suse.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Cao jin 提交于
Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1472696479-3619-1-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Eduardo Habkost 提交于
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <1472181025-10889-3-git-send-email-ehabkost@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Eduardo Habkost 提交于
This will be helpful to allow checking of bits that are not in the 'bits' table yet. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <1472181025-10889-2-git-send-email-ehabkost@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
These issues cause respectively a QEMU crash and a leak of 2 bytes of stack. They were discovered by VictorV of 360 Marvel Team. Reported-by: NTom Victor <i-tangtianwen@360.cm> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Prasad J Pandit 提交于
When LSI SAS1068 Host Bus emulator builds configuration page headers, mptsas_config_pack() should assert that the size fits in a byte. However, the size is expressed in 32-bit units, so up to 1020 bytes fit. The assertion was only allowing replies up to 252 bytes, so fix it. Suggested-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-Id: <1472645167-30765-2-git-send-email-ppandit@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Prasad J Pandit 提交于
Vmware Paravirtual SCSI emulation uses command descriptors to process SCSI commands. These descriptors come with their ring buffers. A guest could set the page count for these rings to an arbitrary value, leading to infinite loop or OOB access. Add check to avoid it. Reported-by: NTom Victor <vv474172261@gmail.com> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Message-Id: <1472626169-12989-1-git-send-email-ppandit@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Rony Weng 提交于
Openstack Cinder assigns volume a 36 characters uuid as serial. QEMU will shrinks the uuid to 20 characters, which does not match the original uuid. Note that there is no limit to the length of the serial number in the SCSI spec. 20 was copy-pasted from virtio-blk which in turn was copy-pasted from ATA; 36 is even more arbitrary. However, bumping it up too much might cause issues (e.g. 252 seems to make sense because then the maximum amount of returned data is 256; but who knows there's no off-by-one somewhere for such a nicely rounded number). Signed-off-by: NRony Weng <ronyweng@synology.com> Message-Id: <1472457138-23386-1-git-send-email-ronyweng@synology.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Let's just remove some files from the pool of unmaintained files. I am obviously not going to send pull requests only for stubs/, but I will ack them if maintainers want that. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Hervé Poussineau 提交于
53C895A datasheet says: "This bit (DFE) is a pure status bit and will not cause an interrupt" This bit is already auto-generated in lsi_read_reg when reading the DSTAT register. This fixes IBM RS/6000 7020 firmware, which is: - resetting the adapter - enabling all interrupt sources (including DIP, ie interrupts from DSTAT) - waiting for ISTAT0 to become 0 (including DIP=0, ie no interrupt coming from DSTAT) Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-Id: <1471505489-1221-5-git-send-email-hpoussin@reactos.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
-
由 Hervé Poussineau 提交于
Memory Move instructions can read/write data either from PCI memory or from PCI I/O. Implement second case. Windows 98 now works with LSI 53C810A adapter. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-Id: <1471505489-1221-4-git-send-email-hpoussin@reactos.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
-
由 Hervé Poussineau 提交于
When guest accesses invalid register, return 0xff instead of exiting. Also add a log when reading or writing invalid registers. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-Id: <1471505489-1221-3-git-send-email-hpoussin@reactos.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
-
由 Hervé Poussineau 提交于
Modify lsi_reg_readb function to have a single exit point. Debug print can now contain the returned value. Signed-off-by: NHervé Poussineau <hpoussin@reactos.org> Message-Id: <1471505489-1221-2-git-send-email-hpoussin@reactos.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
-
由 Colin Lord 提交于
Updates the help messages to remove misleading information about SDL being the normal display used. Signed-off-by: NColin Lord <cdlord2@illinois.edu> Message-Id: <1471030248-21637-1-git-send-email-cdlord2@illinois.edu> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Cao jin 提交于
The returned value of cpu_get_clock() is plused with the offset, so it is the time elapsed in virtual machine when vm is active. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc Peter Crosthwaite <crosthwaite.peter@gmail.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1469790338-28990-4-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Cao jin 提交于
The function actually returns monotonic time value in nanosecond, the "ticks" is not suitable. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc Peter Crosthwaite <crosthwaite.peter@gmail.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1469790338-28990-3-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Cao jin 提交于
The comments is outdated. The patch has following changes: 1. tense correction. 2. all clock time value is returned in nanoseconds, so, they are same in precision. 3. virtual clock doesn't use cpu cycles. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1469790338-28990-2-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Fam Zheng 提交于
For module build, .mo objects are passed to LINK and consumed in process-archive-undefs. The reason behind that is documented in the comment above process-archive-undefs. Similarly, extract-libs should be called with .mo filtered out too. Otherwise, the .mo-libs are added to the link command incorrectly, spoiling the purpose of modularization. Currently we don't have any .mo-libs usage, but it will be used soon when we modularize more multi-source objects, like sdl and gtk. Reported-by: NColin Lord <clord@redhat.com> Signed-off-by: NFam Zheng <famz@redhat.com> Message-Id: <1469600777-30413-2-git-send-email-famz@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Sergey Fedorov 提交于
In fact, this function does not exactly perform a lookup by physical address as it is descibed for comment on get_page_addr_code(). Thus it may be a bit confusing to have "physical" in it's name. So rename it to tb_htable_lookup() to better reflect its actual functionality. Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Message-Id: <20160715175852.30749-13-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Sergey Fedorov 提交于
These functions are not too big and can be merged together. This makes locking scheme more clear and easier to follow. Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Message-Id: <20160715175852.30749-12-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Sergey Fedorov 提交于
Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Message-Id: <20160715175852.30749-11-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Alex Bennée 提交于
Lock contention in the hot path of moving between existing patched TranslationBlocks is the main drag in multithreaded performance. This patch pushes the tb_lock() usage down to the two places that really need it: - code generation (tb_gen_code) - jump patching (tb_add_jump) The rest of the code doesn't really need to hold a lock as it is either using per-CPU structures, atomically updated or designed to be used in concurrent read situations (qht_lookup). To keep things simple I removed the #ifdef CONFIG_USER_ONLY stuff as the locks become NOPs anyway until the MTTCG work is completed. Signed-off-by: NAlex Bennée <alex.bennee@linaro.org> Reviewed-by: NRichard Henderson <rth@twiddle.net> Reviewed-by: NSergey Fedorov <sergey.fedorov@linaro.org> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Message-Id: <20160715175852.30749-10-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Alex Bennée 提交于
This ensures that if we find the TB on the slow path that tb->page_addr is correctly set before being tested. Signed-off-by: NAlex Bennée <alex.bennee@linaro.org> Reviewed-by: NSergey Fedorov <sergey.fedorov@linaro.org> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Message-Id: <20160715175852.30749-9-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
When invalidating a translation block, set an invalid flag into the TranslationBlock structure first. It is also necessary to check whether the target TB is still valid after acquiring 'tb_lock' but before calling tb_add_jump() since TB lookup is to be performed out of 'tb_lock' in future. Note that we don't have to check 'last_tb'; an already invalidated TB will not be executed anyway and it is thus safe to patch it. Suggested-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Sergey Fedorov 提交于
Ensure atomicity and ordering of CPU's 'tb_flushed' access for future translation block lookup out of 'tb_lock'. This field can only be touched from another thread by tb_flush() in user mode emulation. So the only access to be sequential atomic is: * a single write in tb_flush(); * reads/writes out of 'tb_lock'. In future, before enabling MTTCG in system mode, tb_flush() must be safe and this field becomes unnecessary. Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Message-Id: <20160715175852.30749-5-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Sergey Fedorov 提交于
Ensure atomicity of CPU's 'tb_jmp_cache' access for future translation block lookup out of 'tb_lock'. Note that this patch does *not* make CPU's TLB invalidation safe if it is done from some other thread while the CPU is in its execution loop. Signed-off-by: NAlex Bennée <alex.bennee@linaro.org> Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Reviewed-by: NAlex Bennée <alex.bennee@linaro.org> Message-Id: <20160715175852.30749-4-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Sergey Fedorov 提交于
This is a small clean up. tb_find_fast() is a final consumer of this variable so no need to pass it by reference. 'last_tb' is always updated by subsequent cpu_loop_exec_tb() in cpu_exec(). This change also simplifies calling cpu_exec_nocache() in cpu_handle_exception(). Signed-off-by: NSergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: NSergey Fedorov <sergey.fedorov@linaro.org> Message-Id: <20160715175852.30749-3-sergey.fedorov@linaro.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Cao jin 提交于
Fix some coding style issues found in removing NonBlockingConnectHandler. Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Reviwed-by: NDaniel P. Berrange <berrange@redhat.com> Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1469696074-12744-3-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Cao jin 提交于
Follow CODING_STYLE Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NCao jin <caoj.fnst@cn.fujitsu.com> Message-Id: <1469703004-14800-1-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Igor Mammedov 提交于
instead of accessing tqe_prev field dircetly outside of queue.h use macros to check if element is in list and make sure that afer element is removed from list tqe_prev field could be used to do the same check. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Message-Id: <1469450832-84343-1-git-send-email-imammedo@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-