- 03 11月, 2014 23 次提交
-
-
由 Max Reitz 提交于
bdrv_make_empty() is currently only called if the current image represents an external snapshot that has been committed to its base image; it is therefore unlikely to have internal snapshots. In this case, bdrv_make_empty() can be greatly sped up by emptying the L1 and refcount table (while having the dirty flag set, which only works for compat=1.1) and creating a trivial refcount structure. If there are snapshots or for compat=0.10, fall back to the simple implementation (discard all clusters). [Applied s/clusters/cluster/ typo fix suggested by Eric Blake --Stefan] Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1414159063-25977-4-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Max Reitz 提交于
Implement this function by making all clusters in the image file fall through to the backing file (by using the recently extended discard). Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-id: 1414159063-25977-3-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Max Reitz 提交于
Normally, discarded sectors should read back as zero. However, there are cases in which a sector (or rather cluster) should be discarded as if they were never written in the first place, that is, reading them should fall through to the backing file again. Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-id: 1414159063-25977-2-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Max Reitz 提交于
It should not be happening, but it is possible to truncate an image outside of qemu while qemu is running (or any of the qemu tools using the block layer. raw_co_get_block_status() should not break then. While touching this test, replace the existing "truncate" invocation by "$QEMU_IMG convert -f raw". Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1414148280-17949-4-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Max Reitz 提交于
Instead of generating the full return value thrice in try_fiemap(), try_seek_hole() and as a fall-back in raw_co_get_block_status() itself, generate the value only in raw_co_get_block_status(). While at it, also remove the pnum parameter from try_fiemap() and try_seek_hole(). Suggested-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-id: 1414148280-17949-3-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Max Reitz 提交于
As its comment states, raw_co_get_block_status() should unconditionally return 0 and set *pnum to 0 for after EOF. An assertion after lseek(..., SEEK_HOLE) tried to catch this case by asserting that errno != -ENXIO (which would indicate a position after the EOF); but it should be errno != ENXIO instead. Regardless of that, there should be no such assertion at all. If bdrv_getlength() returned an outdated value and the image has been resized outside of qemu, lseek() will return with errno == ENXIO. Just return that value as an error then. Setting *pnum to 0 and returning 0 should not be done here, as in that case we should update the device length as well. So, from qemu's perspective, the file has not been resized; it's just that there was an error querying sectors beyond a certain point (the actual file size). Additionally, nb_sectors should be clamped against the image end. This was probably not an issue if FIEMAP or SEEK_HOLE/SEEK_DATA worked, but the fallback did not take this case into account. Reported-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-id: 1414148280-17949-2-git-send-email-mreitz@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Richard W.M. Jones 提交于
qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a long (not an int). There is no warning about the latter type error because curl_easy_setopt uses a varargs argument. Store the timeout (which is a positive number of seconds) as a uint64_t. Check that the number given by the user is reasonable. Zero is permissible (meaning no timeout is enforced by cURL). Cast it to long before calling curl_easy_setopt to fix the type error. Example error message after this change has been applied: $ ./qemu-img create -f qcow2 /tmp/test.qcow2 \ -b 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }' qemu-img: /tmp/test.qcow2: Could not open 'json: { "file.driver":"https", "file.url":"https://foo/bar", "file.timeout":-1 }': timeout parameter is too large or negative: Invalid argument Signed-off-by: NRichard W.M. Jones <rjones@redhat.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Zhang Haoyu 提交于
If there are still pending i/o while deleting snapshot, because deleting snapshot is done in non-coroutine context, and the pending i/o read/write (bdrv_co_do_rw) is done in coroutine context, so it's possible to cause concurrency problem between above two operations. Add bdrv_drain_all() to bdrv_snapshot_delete() to avoid this problem. Signed-off-by: NZhang Haoyu <zhanghy@sangfor.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 201410211637596311287@sangfor.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Maydell 提交于
The local variable 'ac' in send_qmp_error_event() is declared with the wrong type, which causes clang to complain when it is initialized and again when it is used: block.c:3655:20: warning: implicit conversion from enumeration type 'enum IoOperationType' to different enumeration type 'BlockErrorAction' (aka 'enum BlockErrorAction') [-Wenum-conversion] ac = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE; ~ ^~~~~~~~~~~~~~~~~~~~~~ block.c:3655:45: warning: implicit conversion from enumeration type 'enum IoOperationType' to different enumeration type 'BlockErrorAction' (aka 'enum BlockErrorAction') [-Wenum-conversion] ac = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE; ~ ^~~~~~~~~~~~~~~~~~~~~~~ block.c:3656:62: warning: implicit conversion from enumeration type 'BlockErrorAction' (aka 'enum BlockErrorAction') to different enumeration type 'IoOperationType' (aka 'enum IoOperationType') [-Wenum-conversion] qapi_event_send_block_io_error(bdrv_get_device_name(bs), ac, action, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^~ Correct the type to IoOperationType, and rename the variable to 'optype' to match its correct type. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NLuiz Capitulino <lcapitulino@redhat.com> Message-id: 1412969583-21045-1-git-send-email-peter.maydell@linaro.org Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Adam Crume 提交于
This fixes Ceph issue 2467: ttp://tracker.ceph.com/issues/2467 [Dropped return r in void function as suggested by Josh Durgin <josh.durgin@inktank.com>. --Stefan] Signed-off-by: NAdam Crume <adamcrume@gmail.com> Reviewed-by: NJosh Durgin <josh.durgin@inktank.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1412880272-3154-1-git-send-email-adamcrume@gmail.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Denis V. Lunev 提交于
found by valgrind. Command: ./qemu-img convert -f parallels -O qcow2 1.hds 1.img Invalid read of size 4 at 0x17D0EF: parallels_co_read (parallels.c:357) by 0x11FEE4: bdrv_aio_rw_vector (block.c:4640) by 0x11FFBF: bdrv_aio_readv_em (block.c:4652) by 0x11F55F: bdrv_co_readv_em (block.c:4862) by 0x123428: bdrv_aligned_preadv (block.c:3056) by 0x1239FA: bdrv_co_do_preadv (block.c:3162) by 0x125424: bdrv_rw_co_entry (block.c:2706) by 0x155DD9: coroutine_trampoline (coroutine-ucontext.c:118) by 0x6975B6F: ??? (in /lib/x86_64-linux-gnu/libc-2.19.so) The problem is that s->catalog_bitmap is allocated/filled as gmalloc(s->catalog_size) thus index validity check must be inclusive, i.e. index >= s->catalog_size is invalid. Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1412759610-2257-4-git-send-email-den@openvz.org CC: Jeff Cody <jcody@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Denis V. Lunev 提交于
This is simple test image for the following commit made by me. commit d25d5980 Author: Denis V. Lunev <den@openvz.org> Date: Mon Jul 28 20:23:55 2014 +0400 parallels: 2TB+ parallels images support Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1412759610-2257-3-git-send-email-den@openvz.org CC: Jeff Cody <jcody@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Denis V. Lunev 提交于
The image was generated using http://openvz.org/Ploop utility and properly filled with the same content as original one. Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1412759610-2257-2-git-send-email-den@openvz.org CC: Jeff Cody <jcody@redhat.com> CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Chris Spiegel 提交于
If an error occurs in bdrv_snapshot_delete_by_id_or_name(), "err" is freed. If "err" is not set to NULL before calling bdrv_snapshot_delete_by_id_or_name() again, it will not be updated on error, and will be freed again. This can be triggered by starting a VM with at least two drives and then attempting to delete a non-existent snapshot. Broken in commit a89d89d3. Signed-off-by: NChris Spiegel <chris.spiegel@cypherpath.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-id: 1412613225-32676-1-git-send-email-chris.spiegel@cypherpath.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
The SDB FIS creation was mangled; We were writing the error byte to byte 0, and omitting the SDB FIS magic byte. Though the SDB packet layout states that: byte 0: Must be 0xA1 to indicate SDB FIS. byte 1: Port multiplier select & other flags byte 2: status byte. byte 3: error byte. This patch adds an SDB FIS structure with human-readable names, and ensures that we are filling the structure appropriately. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Tested-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1412204151-18117-7-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
Currently, DMA read/write operations neglect to update the byte count after a successful transfer like ATAPI DMA read or PIO read/write operations do. We correct this oversight by adding another callback into the IDEDMAOps structure. The commit callback is called whenever we are cleaning up a scatter-gather list. AHCI can register this callback in order to update post- transfer information such as byte count updates. We use this callback in AHCI to consolidate where we delete the SGlist as generated from the PRDT, as well as update the byte count after the transfer is complete. The QEMUSGList structure has an init flag added to it in order to make qemu_sglist_destroy a nop if it is called when there is no sglist, which simplifies cleanup and error paths. This patch fixes several AHCI problems, notably Non-NCQ modes of operation for Windows 7 as well as Hibernate support for Windows 7. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Tested-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1412204151-18117-3-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
Currently, the D2H FIS packets AHCI generates simply parrot back the LBA that the guest sent to us in the cmd_fis. However, some commands (like READ NATIVE MAX) modify the LBA registers as a return value, through which the AHCI D2H FIS is the only response mechanism. Thus, the D2H response should use the current register values, not the initial ones. This patch adjusts the LBA and drive select register responses for PIO Setup and D2H FIS response packets. Additionally, the PIO and D2H FIS responses copy too many bytes from the command FIS that it is being generated from. Specifically, byte 11 which is the Features(15:8) field for Register Host to Device FIS packets, is instead reserved for the PIO Setup FIS and should always be 0. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Tested-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1412204151-18117-2-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Lieven 提交于
Cancel oversized requests early. They would generate an iSCSI protocol error anyway; after having transferred possibly a lot of data over the wire. Suggested-By: NMax Reitz <mreitz@redhat.com> Signed-off-by: NPeter Lieven <pl@kamp.de> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Lieven 提交于
As Max pointed out there is a hidden cast from int64_t to int for all limits. So use the newly introduced sector_limits_lun2qemu for all limits received from the target. Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Lieven 提交于
Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NRonnie Sahlberg <ronniesahlberg@gmail.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Lieven 提交于
Copy the max_xfer_len from the BlockLimits VPD or use the maximum value fitting in the CDB. The helper function sector_limits_lun2qemu is introduced to convert and cap the limits from the VPD to the maximum power of two fitting in an integer; integer is the range for nb_sectors throughout the block layer. Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Lieven 提交于
Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Lieven 提交于
at least in block layer we have the case of limits being defined for a BlockDriverState. However, in this context often zero (0) has the special meanining of undefined which means no limit. If two of those limits are combined and the minimum is needed the minimum function should only return zero if both parameters are zero. Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 02 11月, 2014 1 次提交
-
-
由 Aurelien Jarno 提交于
Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a regression at the same time by always calling tcg_out_tlb_load with is_load=1. This makes impossible to run any significant code under qemu-system-mips*. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: NRichard Henderson <rth@twiddle.net> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
- 31 10月, 2014 4 次提交
-
-
由 Peter Maydell 提交于
* remotes/sstabellini/xen-2014-10-30: fix off-by-one error in pci_piix3_xen_ide_unplug xen-hvm.c: Add support for Xen access to vmport Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
vmware-vga: add rectangle verification (CVE-2014-3689) # gpg: Signature made Wed 29 Oct 2014 11:45:29 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-cve-2014-3689-20141029-1: vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect vmware-vga: add vmsvga_verify_rect vmware-vga: CVE-2014-3689: turn off hw accel Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
vnc: return directly if no vnc client connected vnc: sanitize bits_per_pixel from the client (CVE-2014-7815) # gpg: Signature made Tue 28 Oct 2014 10:52:31 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vnc-20141028-1: vnc: return directly if no vnc client connected vnc: sanitize bits_per_pixel from the client Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Fixes for libcacard (usb smartcard emulation), xhci and uhci. # gpg: Signature made Tue 28 Oct 2014 10:39:52 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-usb-20141028-1: uhci: remove useless DEBUG xhci: add property to turn on/off streams support libcacard: don't free sign buffer while sign op is pending libcacard: Lock NSS cert db when selecting an applet on an emulated card libcacard: introduce new vcard_emul_logout Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 30 10月, 2014 5 次提交
-
-
由 Peter Maydell 提交于
gtk: fix two warnings with gtk 3.14+ # gpg: Signature made Tue 28 Oct 2014 10:25:52 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-gtk-20141028-1: gtk: avoid gd_widget_reparent with gtk 3.14+ gtk: drop gtk_widget_set_double_buffered call Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 James Harper 提交于
Fix off-by-one error when unplugging disks, which would otherwise leave the last ATA disk plugged, with obvious consequences. Also rewrite loop to be more readable. Signed-off-by: NJames Harper <james.harper@ejbdigital.com.au> Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
-
由 Don Slutz 提交于
This adds synchronisation of the 6 vcpu registers (only 32bits of them) that vmport.c needs between Xen and QEMU. This is to avoid a 2nd and 3rd exchange between QEMU and Xen to fetch and put these 6 vcpu registers used by the code in vmport.c and vmmouse.c The registers are passed in the new shared page provided by HVM_PARAM_VMPORT_REGS_PFN. Add new array to XenIOState that allows selection of current_cpu by vcpu id. Now pass XenIOState to handle_ioreq(). Add new routines regs_to_cpu(), regs_from_cpu(), and handle_vmport_ioreq(). Signed-off-by: NDon Slutz <dslutz@verizon.com> Reviewed-by: NPaul Durrant <paul.durrant@citrix.com> Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
-
由 Peter Maydell 提交于
virtio-scsi fixes, the first part of dynamic sysbus devices, MAINTAINERS updates, and AVX512 support. # gpg: Signature made Mon 27 Oct 2014 15:12:13 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (28 commits) aio / timers: De-document -clock hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl virtio-scsi: sense in virtio_scsi_command_complete target-i386: add Intel AVX-512 support get_maintainer.pl: restrict cases where it falls back to --git get_maintainer.pl: move git loop under "if ($email) {" qtest: fix qtest log fd should be initialized before qtest chardev MAINTAINERS: avoid M entries that point to mailing lists MAINTAINERS: add some tests directories MAINTAINERS: Add more TCG files MAINTAINERS: add myself for X86 MAINTAINERS: add Samuel Thibault as usb-serial.c and baum.c maintainer MAINTAINERS: grab more files from Anthony's pile target-i386: warns users when CPU threads>1 for non-Intel CPUs sysbus: Use TYPE_DEVICE GPIO functionality qdev: gpio: Define qdev_pass_gpios() qdev: gpio: Remove qdev_init_gpio_out x1 restriction qdev: gpio: delete NamedGPIOList::out irq: Remove qemu_irq_intercept_out qtest/irq: Rework IRQ interception ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Paolo Bonzini 提交于
The virtio-rng backend is currently linked twice, once in the proxy device (e.g. virtio-rng-pci) and once in virtio-rng-device. This causes a double unref of the backend when the parent device is unplugged. To fix this, make the proxy device use an alias, similar to what is already being done for the iothread link. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NGonglei <arei.gonglei@huawei.com> Message-id: 1414577839-18695-1-git-send-email-pbonzini@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 29 10月, 2014 2 次提交
-
-
由 Gerd Hoffmann 提交于
Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com>
-
由 Gerd Hoffmann 提交于
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com>
-
- 28 10月, 2014 5 次提交
-
-
由 ChenLiang 提交于
graphic_hw_update and vnc_refresh_server_surface aren't need to do when no vnc client connected. It can reduce lock contention, because vnc_refresh will hold global big lock two millisecond every three seconds. Signed-off-by: NChenLiang <chenliang88@huawei.com> Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Petr Matousek 提交于
bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: NPetr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gonglei 提交于
commit 50dcc0f8 (uhci: tracing support) had removed DPRINTF, the DEBUG marco is useless now, remove it. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
streams support in usb-redir and usb-host works only with recent enough versions of the support libraries (libusbredir and libusbx). Failure mode is rather unelegant: Any stream usb transfers will throw stall errors. Turning off support for streams in the xhci host controller will work better as the guest can figure beforehand that streams are not going to work. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NHans de Goede <hdegoede@redhat.com>
-
由 Ray Strode 提交于
commit 57f97834 cleaned up the cac_applet_pki_process_apdu function to have a single exit point. Unfortunately, that commit introduced a bug where the sign buffer can get free'd and nullified while it's still being used. This commit corrects the bug by introducing a boolean to track whether or not the sign buffer should be freed in the function exit path. Signed-off-by: NRay Strode <rstrode@redhat.com> Reviewed-by: NAlon Levy <alon@pobox.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-