- 12 12月, 2018 35 次提交
-
-
由 Peter Xu 提交于
When a QMP client sends in-band commands more quickly that we can process them, we can either queue them without limit (QUEUE), drop commands when the queue is full (DROP), or suspend receiving commands when the queue is full (SUSPEND). None of them is ideal: * QUEUE lets a misbehaving client make QEMU eat memory without bounds. Not such a hot idea. * With DROP, the client has to cope with dropped in-band commands. To inform the client, we send a COMMAND_DROPPED event then. The event is flawed by design in two ways: it's ambiguous (see commit d621cfe0), and it brings back the "eat memory without bounds" problem. * With SUSPEND, the client has to manage the flow of in-band commands to keep the monitor available for out-of-band commands. We currently DROP. Switch to SUSPEND. Managing the flow of in-band commands to keep the monitor available for out-of-band commands isn't really hard: just count the number of "outstanding" in-band commands (commands sent minus replies received), and if it exceeds the limit, hold back additional ones until it drops below the limit again. Note that we need to be careful pairing the suspend with a resume, or else the monitor will hang, possibly forever. And here since we need to make sure both: (1) popping request from the req queue, and (2) reading length of the req queue will be in the same critical section, we let the pop function take the corresponding queue lock when there is a request, then we release the lock from the caller. Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NPeter Xu <peterx@redhat.com> Message-Id: <20181009062718.1914-2-peterx@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
When a monitor is connected to a Spice chardev, the monitor cleanup can dead-lock: #0 0x00007f43446637fd in __lll_lock_wait () at /lib64/libpthread.so.0 #1 0x00007f434465ccf4 in pthread_mutex_lock () at /lib64/libpthread.so.0 #2 0x0000556dd79f22ba in qemu_mutex_lock_impl (mutex=0x556dd81c9220 <monitor_lock>, file=0x556dd7ae3648 "/home/elmarco/src/qq/monitor.c", line=645) at /home/elmarco/src/qq/util/qemu-thread-posix.c:66 #3 0x0000556dd7431bd5 in monitor_qapi_event_queue (event=QAPI_EVENT_SPICE_DISCONNECTED, qdict=0x556dd9abc850, errp=0x7fffb7bbddd8) at /home/elmarco/src/qq/monitor.c:645 #4 0x0000556dd79d476b in qapi_event_send_spice_disconnected (server=0x556dd98ee760, client=0x556ddaaa8560, errp=0x556dd82180d0 <error_abort>) at qapi/qapi-events-ui.c:149 #5 0x0000556dd7870fc1 in channel_event (event=3, info=0x556ddad1b590) at /home/elmarco/src/qq/ui/spice-core.c:235 #6 0x00007f434560a6bb in reds_handle_channel_event (reds=<optimized out>, event=3, info=0x556ddad1b590) at reds.c:316 #7 0x00007f43455f393b in main_dispatcher_self_handle_channel_event (info=0x556ddad1b590, event=3, self=0x556dd9a7d8c0) at main-dispatcher.c:197 #8 0x00007f43455f393b in main_dispatcher_channel_event (self=0x556dd9a7d8c0, event=event@entry=3, info=0x556ddad1b590) at main-dispatcher.c:197 #9 0x00007f4345612833 in red_stream_push_channel_event (s=s@entry=0x556ddae2ef40, event=event@entry=3) at red-stream.c:414 #10 0x00007f434561286b in red_stream_free (s=0x556ddae2ef40) at red-stream.c:388 #11 0x00007f43455f9ddc in red_channel_client_finalize (object=0x556dd9bb21a0) at red-channel-client.c:347 #12 0x00007f434b5f9fb9 in g_object_unref () at /lib64/libgobject-2.0.so.0 #13 0x00007f43455fc212 in red_channel_client_push (rcc=0x556dd9bb21a0) at red-channel-client.c:1341 #14 0x0000556dd76081ba in spice_port_set_fe_open (chr=0x556dd9925e20, fe_open=0) at /home/elmarco/src/qq/chardev/spice.c:241 #15 0x0000556dd796d74a in qemu_chr_fe_set_open (be=0x556dd9a37c00, fe_open=0) at /home/elmarco/src/qq/chardev/char-fe.c:340 #16 0x0000556dd796d4d9 in qemu_chr_fe_set_handlers (b=0x556dd9a37c00, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=true) at /home/elmarco/src/qq/chardev/char-fe.c:280 #17 0x0000556dd796d359 in qemu_chr_fe_deinit (b=0x556dd9a37c00, del=false) at /home/elmarco/src/qq/chardev/char-fe.c:233 #18 0x0000556dd7432240 in monitor_data_destroy (mon=0x556dd9a37c00) at /home/elmarco/src/qq/monitor.c:786 #19 0x0000556dd743b968 in monitor_cleanup () at /home/elmarco/src/qq/monitor.c:4683 #20 0x0000556dd75ce776 in main (argc=3, argv=0x7fffb7bbe458, envp=0x7fffb7bbe478) at /home/elmarco/src/qq/vl.c:4660 Because spice code tries to emit a "disconnected" signal on the monitors. Fix this dead-lock by releasing the monitor lock for flush/destroy. monitor_lock protects mon_list, monitor_qapi_event_state and monitor_destroyed. monitor_flush() and monitor_data_destroy() don't access any of those variables. monitor_cleanup()'s loop is safe because it uses QTAILQ_FOREACH_SAFE(), and no further monitor can be added after calling monitor_cleanup() thanks to monitor_destroyed check in monitor_list_append(). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <20181205203737.9011-8-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
monitor_cleanup() is one of the last things main() calls before it returns. In the following patch, monitor_cleanup() will release the monitor_lock during flushing. There may be pending commands to insert new monitors, which would modify the mon_list during iteration, and the clean-up could thus miss those new insertions. Add a monitor_destroyed global to check if monitor_cleanup() has been already called. In this case, don't insert the new monitor in the list, but free it instead. A cleaner solution would involve the main thread telling other threads to terminate, waiting for their termination. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <20181205203737.9011-7-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
COLO uses a worker context (iothread) to drive the chardev. All backends are not able to switch the context, let's report an error in this case. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181205203737.9011-6-marcandre.lureau@redhat.com> Reviewed-by: NLi Zhijian <lizhiian@cn.fujitsu.com> Reviewed-by: NZhang Chen <zhangckid@gmail.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
Not all backends are able to switch gcontext. Those backends cannot drive a OOB monitor (the monitor would then be blocking on main thread). For example, ringbuf, spice, or more esoteric input chardevs like braille or MUX. We already forbid MUX because not all frontends are ready to run outside main loop. Replace that by a context-switching feature check. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181205203737.9011-5-marcandre.lureau@redhat.com> [Error condition simplified, commit message adjusted accordingly] Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
QEMU_CHAR_FEATURE_GCONTEXT declares the character device can switch GMainContext. Assert we don't switch context when the character device doesn't provide this feature. Character device users must not violate this restriction. In particular, user configurations that violate them must be rejected. Existing frontend that rely on context switching would now assert() if the backend doesn't allow it (instead of silently producing undesired events in the default context). Following patches improve the situation by reporting an error earlier instead, on the frontend side. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20181205203737.9011-4-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
Chardev backends may not handle safely IO events from concurrent threads (may not handle I/O events from concurrent threads safely, only the write path is since commit > 9005b2a7). Better to wake up the chardev from the monitor IO thread if it's being used as the chardev context. Unify code paths by using a BH in all cases. Drop the now redundant aio_notify() call. Clean up control flow not to rely on mon->use_io_thread implying monitor_is_qmp(mon). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <20181205203737.9011-3-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Marc-André Lureau 提交于
The function were not named with "mon_iothread", or following the AIO vs GMainContext distinction. Inline them instead. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <20181205203737.9011-2-marcandre.lureau@redhat.com> Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
-
由 Peter Maydell 提交于
Machine queue post-3.1.0 (including 4.0 machine-types) Features: * Add 4.0 machine-types to q35/440fx/arm/spapr (Alex Williamson) Documentation: * Document vCPU hotplug procedure (Kashyap Chamarthy) * Deprecate `cpu-add` monitor commands (Kashyap Chamarthy) Bug fixes: * A small sun4v_rtc_write() tracing fix that fell through the cracks (Eduardo Habkost) * Validation of "host-nodes" option on memory backends (Eduardo Habkost) * memory-device fixes and cleanups (David Hildenbrand) Cleanups: * Machine-type code cleanup (remove unnecessary instance_init functions) (Eduardo Habkost) * qdev, qom, and global property code cleanups (Marc-André Lureau) * PCMachineState field renames (Corey Minyard) * numa: Match struct to typedef name (Eric Blake) * hostmem-file: remove object id from pmem error message (Zhang Yi) # gpg: Signature made Tue 11 Dec 2018 17:58:03 GMT # gpg: using RSA key 2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/machine-next-pull-request: (24 commits) qom: remove unimplemented class_finalize qdev: move qdev_prop_register_global_list() to tests accel: register global_props like machine globals qom: make user_creatable_complete() specific to UserCreatable qom: make interface types abstract tests: qdev_prop_check_globals() doesn't return "all_used" pc: Use default_machine_opts to set suppress_vmdesc spapr: Delete instance_options functions spapr: Use default_machine_opts to set suppress_vmdesc spapr: Use default_machine_opts to set use_hotplug_event_source virt: Eliminate separate instance_init functions q35/440fx/arm/spapr: Add QEMU 4.0 machine type hostmem: Validate host-nodes before setting bitmap numa: Match struct to typedef name i386: Rename bools in PCMachineState to end in _enabled move ObjectClass to typedefs.h memory-device: avoid overflows on very huge devices memory-device: use QEMU_IS_ALIGNED range: pass const pointer where possible Deprecate HMP `cpu-add` ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Marc-André Lureau 提交于
Instead of trying to implement something that isn't well specified, remove it. (it would be tricky to implement, since a class struct is memcpy on children types...) Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-7-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
The function is only used by a test, move it there. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20181204142023.15982-6-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
global_props is only used for Xen xen_compat_props. It's a static array of GlobalProperty, like machine globals in SET_MACHINE_COMPAT(). Let's register the globals the same way, without extra copy allocation. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Message-Id: <20181204142023.15982-5-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
Instead of accepting any Object*, change user_creatable_complete() to require a UserCreatable*. Modify the callers to pass the appropriate argument, removing redundant dynamic cast checks in object creation. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-4-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
Interfaces don't have instance, let's make the interface type really abstract to avoid confusion. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-3-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Marc-André Lureau 提交于
Instead, it returns 1 if an error was detected, which is the case for: /qdev/properties/dynamic/global/subprocess: warning: global dynamic-prop-type-bad.prop3 has invalid class name warning: global nohotplug-type.prop5=105 not used warning: global nondevice-type.prop6 has invalid class name Clarify the function return value. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181204142023.15982-2-marcandre.lureau@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
Instead of setting suppress_vmdesc at instance_init time, set default_machine_opts on pc_i440fx_2_2_machine_options() to implement equivalent behavior. This will let us eliminate the need for pc_compat_*() functions for PC machine-types. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181205205827.19387-6-ehabkost@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
Now that all instance_options functions for spapr are empty, delete them. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181205205827.19387-5-ehabkost@redhat.com> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
Instead of setting suppress_vmdesc at instance_init time, set default_machine_opts on spapr_machine_2_2_class_options() to implement equivalent behavior. This will let us eliminate the need for separate instance_init functions for each spapr machine-type. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181205205827.19387-4-ehabkost@redhat.com> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
Instead of setting use_hotplug_event_source at instance_init time, set default_machine_opts on spapr_machine_2_7_class_options() to implement equivalent behavior. This will let us eliminate the need for separate instance_init functions for each spapr machine-type. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181205205827.19387-3-ehabkost@redhat.com> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
All instance_init functions for all virt machine-types run exactly the same code, so we don't need separate functions. We only need to set instance_init for TYPE_VIRT_MACHINE. Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181205205827.19387-2-ehabkost@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Alex Williamson 提交于
Including all machine types that might have a pcie-root-port. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Acked-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com> Message-Id: <154394083644.28192.8501647946108201466.stgit@gimli.home> Reviewed-by: NEric Auger <eric.auger@redhat.com> [ehabkost: fixed accidental recursion at spapr_machine_3_1_class_options()] Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
host_memory_backend_set_host_nodes() was not validating host-nodes before writing to backend->host_nodes, making QEMU write beyond the end of the bitmap. Fix the crash and add a simple regression test for the fix. While at it, fix memory leak of the list returned by visit_type_uint16List(). Reported-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181130122844.29103-1-ehabkost@redhat.com> Reviewed-by: NStefano Garzarella <sgarzare@redhat.com> Reviewed-by: NDavid Hildenbrand <david@redhat.com> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> [ehabkost: removed test case code] Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eric Blake 提交于
There's no reason to violate our naming conventions by having a struct with a different name than its typedef. Messed up since its introduction in commit 8c85901e, but made more obvious when commit 3bfe5716 promoted it to typedefs.h. Signed-off-by: NEric Blake <eblake@redhat.com> Message-Id: <20181115211752.1295571-3-eblake@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Corey Minyard 提交于
This makes their function more clear and prevents conflicts when adding the actual devices to the machine state, if necessary. Signed-off-by: NCorey Minyard <cminyard@mvista.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20181107152434.22219-1-minyard@acm.org> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-Id: <20181106102335.20027-2-kraxel@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 David Hildenbrand 提交于
Should not be a problem right now, but it could theoretically happen in the future. Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181023152306.3123-7-david@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 David Hildenbrand 提交于
Shorter and easier to read. Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181023152306.3123-6-david@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 David Hildenbrand 提交于
If there are no changes, let's use a const pointer. Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NDavid Hildenbrand <david@redhat.com> Message-Id: <20181023152306.3123-4-david@redhat.com> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Kashyap Chamarthy 提交于
Since we're deprecating the QMP `cpu-add`, let's deprecate its HMP equivalent, too. Suggested-by: NThomas Huth <thuth@redhat.com> Signed-off-by: NKashyap Chamarthy <kchamart@redhat.com> Message-Id: <20181030123526.26415-3-kchamart@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Kashyap Chamarthy 提交于
The intended functionality of QMP `cpu-add` is replaced with `device_add` (and `query-hotpluggable-cpus`). So let's deprecate `cpu-add`. A complete example of vCPU hotplug with the recommended way (using `device_add`) is provided as part of a seperate docs patch. Suggested-by: Eduardo Habkost <ehabkost@redhat.com Signed-off-by: NKashyap Chamarthy <kchamart@redhat.com> Message-Id: <20181030123526.26415-2-kchamart@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Kashyap Chamarthy 提交于
Signed-off-by: NKashyap Chamarthy <kchamart@redhat.com> Message-Id: <20181030123526.26415-4-kchamart@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Eduardo Habkost 提交于
The code was converted to use sun4v_rtc_read() by mistake, fix it. Reported-by: NDavid Gibson <david@gibson.dropbear.id.au> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <20181031001843.12892-1-ehabkost@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Zhang Yi 提交于
We will never get the canonical path from the object before object_property_add_child. Signed-off-by: NZhang Yi <yi.z.zhang@linux.intel.com> Message-Id: <a6491f996827f4039c1a52198ed5dcc7727cb0f9.1540389255.git.yi.z.zhang@linux.intel.com> [ehabkost: reword commit message] Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 07 12月, 2018 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 06 12月, 2018 1 次提交
-
-
由 Prasad J Pandit 提交于
While performing block transfer write in smb_ioport_writeb(), 'smb_index' is incremented and used to index smb_data[] array. Check 'smb_index' value to avoid OOB access. Note that this bug is exploitable by a guest to escape from the virtual machine. However the commit which introduced the bug was only made after the 3.0 release, and so it is not present in any released QEMU versions. Fixes: 38ad4fae i2c: pm_smbus: Add block transfer capability Reported-by: NMichael Hanselmann <public@hansmi.ch> Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org> Reviewed-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NLi Qiang <liq3ea@gmail.com> Reviewed-by: NMichael Hanselmann <public@hansmi.ch> Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 20181206121830.6177-1-ppandit@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 05 12月, 2018 1 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 04 12月, 2018 2 次提交
-
-
由 Jason Wang 提交于
This test tries to build a packet whose size is greater than INT_MAX which tries to trigger integer overflow in qemu_net_queue_append_iov() which may result OOB. Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NThomas Huth <thuth@redhat.com> Message-id: 20181204035347.6148-6-jasowang@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Jason Wang 提交于
Reviewed-by: NThomas Huth <thuth@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Message-id: 20181204035347.6148-5-jasowang@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-