- 10 6月, 2015 1 次提交
-
-
由 Petr Matousek 提交于
4096 is the maximum length per TMD and it is also currently the size of the relay buffer pcnet driver uses for sending the packet data to QEMU for further processing. With packet spanning multiple TMDs it can happen that the overall packet size will be bigger than sizeof(buffer), which results in memory corruption. Fix this by only allowing to queue maximum sizeof(buffer) bytes. This is CVE-2015-3209. [Fixed 3-space indentation to QEMU's 4-space coding standard. --Stefan] Signed-off-by: NPetr Matousek <pmatouse@redhat.com> Reported-by: NMatt Tait <matttait@google.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 26 2月, 2015 1 次提交
-
-
由 Markus Armbruster 提交于
The next commit will exploit the fact it never fails. This one makes it obvious. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NGonglei <arei.gonglei@huawei.com>
-
- 10 2月, 2015 1 次提交
-
-
由 Don Koch 提交于
Signed-off-by: NDon Koch <dkoch@verizon.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 26 1月, 2015 1 次提交
-
-
由 Paolo Bonzini 提交于
Old users of VMSTATE_TIMER* are mechanically changed to VMSTATE_TIMER_PTR variants. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 12 1月, 2015 1 次提交
-
-
由 Paolo Bonzini 提交于
All NICs have a cleanup function that, in most cases, zeroes the pointer to the NICState. In some cases, it frees data belonging to the NIC. However, this function is never called except when exiting from QEMU. It is not necessary to NULL pointers and free data here; the right place to do that would be in the device's unrealize function, after calling qemu_del_nic. Zeroing the NIC multiple times is also wrong for multiqueue devices. This cleanup function gets in the way of making the NetClientStates for the NIC hold an object_ref reference to the object, so get rid of it. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 21 11月, 2014 1 次提交
-
-
由 Gonglei 提交于
s->xmit_pos maybe assigned to a negative value (-1), but in this branch variable s->xmit_pos as an index to array s->buffer. Let's add a check for s->xmit_pos. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 15 10月, 2014 1 次提交
-
-
由 Gonglei 提交于
On this way, we can assure the new bootindex take effect during vm rebooting. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 16 6月, 2014 1 次提交
-
-
由 Juan Quintela 提交于
After previous Peter patch, they are redundant. This way we don't assign them except when needed. Once there, there were lots of case where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (appart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: NJuan Quintela <quintela@redhat.com> Acked-by: NAlexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 25 4月, 2014 1 次提交
-
-
由 Prasad Joshi 提交于
Signed-off-by: NPrasad Joshi <prasadjoshi.linux@gmail.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 23 8月, 2013 1 次提交
-
-
由 Alex Bligh 提交于
This is an autogenerated patch using scripts/switch-timer-api. Switch the entire code base to using the new timer API. Note this patch may introduce some line length issues. Signed-off-by: NAlex Bligh <alex@alex.org.uk> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 05 8月, 2013 1 次提交
-
-
由 Jan Kiszka 提交于
Analogously to other NICs, we have to inform the network layer when the can_receive handler will no longer report 0. Without this, we may get stuck waiting on queued incoming packets. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 09 4月, 2013 2 次提交
-
-
由 Paolo Bonzini 提交于
Many headers are used only in a single directory. These can be kept in hw/. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
This patch tackles all files that are compiled once, moving them to subdirectories of hw/. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 01 3月, 2013 1 次提交
-
-
由 Paolo Bonzini 提交于
Done with this script: cd hw for i in `find . -name '*.h' | sed 's/^..//'`; do echo '\,^#.*include.*["<]'$i'[">], s,'$i',hw/&,' done | sed -i -f - `find . -type f` This is so that paths remain valid as files are moved. Instead, files in hw/dataplane are referenced with the relative path. We know they are not going to move to include/, and they are the only include files that are in subdirectories _and_ move. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 02 2月, 2013 2 次提交
-
-
由 Jason Wang 提交于
To support multiqueue, this patch introduces a helper qemu_get_nic() to get NICState from a NetClientState. The following patches would refactor this helper to support multiqueue. Signed-off-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
由 Jason Wang 提交于
To support multiqueue, the patch introduce a helper qemu_get_queue() which is used to get the NetClientState of a device. The following patches would refactor this helper to support multiqueue. Signed-off-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
- 19 12月, 2012 3 次提交
-
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Move public headers to include/net, and leave private headers in net/. Put the virtio headers in include/net/tap.h, removing the multiple copies that existed. Leave include/net/tap.h as the interface for NICs, and net/tap_int.h as the interface for OS-specific parts of the tap backend. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 23 10月, 2012 1 次提交
-
-
由 Avi Kivity 提交于
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are reserved) and its purpose doesn't match the name (most target_phys_addr_t addresses are not target specific). Replace it with a finger-friendly, standards conformant hwaddr. Outstanding patchsets can be fixed up with the command git rebase -i --exec 'find -name "*.[ch]" | xargs s/target_phys_addr_t/hwaddr/g' origin Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
- 01 8月, 2012 1 次提交
-
-
由 Stefan Hajnoczi 提交于
The vlan feature is no longer part of net core. Rename VLANClientState to NetClientState because net clients are not explicitly associated with a vlan at all, instead they have a peer net client to which they are connected. This patch is a mechanical search-and-replace except for a few whitespace fixups where changing VLANClientState to NetClientState misaligned whitespace. Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: NZhi Yong Wu <wuzhy@linux.vnet.ibm.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com>
-
- 16 4月, 2012 2 次提交
-
-
由 Jan Kiszka 提交于
As long as we have no link and we aren't in internal loopback mode, no packet must be sent. Instead, LCAR needs to be set in any active TX descriptor and also CERR in CSR0. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
-
由 Jan Kiszka 提交于
pcnet_stop already clears any reason (BABL, CERR, MISS, MERR) why ERR (bit 15) should be set in CRS0. So we have to clear that bit as well. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
-
- 28 1月, 2012 2 次提交
-
-
由 Anthony Liguori 提交于
We already have a QOM interface for this so let's use it. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
由 Anthony Liguori 提交于
Right now, DeviceInfo acts as the class for qdev. In order to switch to a proper ObjectClass derivative, we need to ween all of the callers off of interacting directly with the info pointer. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
- 27 1月, 2012 1 次提交
-
-
由 Jan Kiszka 提交于
A device reset does not affect the link state, only set_link does. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
-
- 13 1月, 2012 1 次提交
-
-
由 Stefan Weil 提交于
These comments are used by static code analysis tools and in code reviews to avoid false warnings because of missing break statements. The case statements handled here were reported by coverity. Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NStefan Weil <sw@weilnetz.de> Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
-
- 02 11月, 2011 2 次提交
-
-
由 Jan Kiszka 提交于
Update lnkst on link state changes so that guests can obtain this information via reading back the LED output pin. Works for Linux but not for guests that depend on the missing PHY. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
由 Jan Kiszka 提交于
This moves BCR defines to the common header and immediately makes use of them to add BCR_APROMWE, replacing the open-coded write check in pcnet_aprom_writeb. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
- 02 4月, 2011 1 次提交
-
-
由 Michael Brown 提交于
The problem is with definitions in hw/pcnet.c such as: #define CSR_CRDA(S) ((S)->csr[28] | ((S)->csr[29] << 16)) "(S)->csr[29]" is a uint16_t, but "(S)->csr[29] << 16" gets promoted to int, so the overall CSR_CRDA(s) is a (signed) int rather than a uint32_t. This then gets assigned to a uint64_t using target_phys_addr_t crda = CSR_CRDA(s); so when (S)->csr[29] has the high bit set, we end up with crda=0xffffffffxxxxxxxx. From: Michael Brown <mcb30@ipxe.org> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>
-
- 21 3月, 2011 1 次提交
-
-
由 Paolo Bonzini 提交于
This was done with: sed -i 's/qemu_get_clock\>/qemu_get_clock_ns/' \ $(git grep -l 'qemu_get_clock\>' ) sed -i 's/qemu_new_timer\>/qemu_new_timer_ns/' \ $(git grep -l 'qemu_new_timer\>' ) after checking that get_clock and new_timer never occur twice on the same line. There were no missed occurrences; however, even if there had been, they would have been caught by the compiler. There was exactly one false positive in qemu_run_timers: - current_time = qemu_get_clock (clock); + current_time = qemu_get_clock_ns (clock); which is of course not in this patch. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 13 3月, 2011 1 次提交
-
-
由 William Dauchy 提交于
The initialization should not be only on reset but also when initializing the device. It resolves a bug when hot plugging a pci network device: the mac address was always null. Signed-off-by: NWilliam Dauchy <wdauchy@gmail.com> Signed-off-by: NWen Congyang <wency@cn.fujitsu.com> Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
-
- 05 3月, 2011 1 次提交
-
-
由 Gerhard Wiesinger 提交于
bugfix under DOS for AMD netware driver: AMD PCNTNW Ethernet MLID v3.10 (960115), network card not found bugfix works well under DOS with: 1.) AMD NDIS driver v2.0.1 2.) AMD PCNTNW Ethernet MLID v3.10 (960115) 3.) Knoppix 6.2 Signed-off-by: NGerhard Wiesinger <lists@wiesinger.com> Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
-
- 12 12月, 2010 1 次提交
-
-
由 Gleb Natapov 提交于
If bootindex is specified on command line a string that describes device in firmware readable way is added into sorted list. Later this list will be passed into firmware to control boot order. Signed-off-by: NGleb Natapov <gleb@redhat.com> Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
-
- 27 11月, 2010 1 次提交
-
-
由 Paul Brook 提交于
The core pcnet emulation code is used by both the PCI "pcnet" device and the SPARC "lance" device. Split the common code frm the PCI code so that that can be configures independantly. Signed-off-by: NPaul Brook <paul@codesourcery.com>
-
- 21 11月, 2010 1 次提交
-
-
由 Jan Kiszka 提交于
While not explicitly stated in the spec, it was observed on real systems that enabling loopback testing on the pcnet controller disables reception of external frames. And some legacy software relies on it, so provide this behavior. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-
- 12 7月, 2010 2 次提交
-
-
由 Michael S. Tsirkin 提交于
pcnet enables memory/io on init, which does not make sense as BAR values are wrong. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Tested-by: NJan Kiszka <jan.kiszka@siemens.com>
-
由 Isaku Yamahata 提交于
Don't overwrite pci header type. Otherwise, multi function bit which pci_init_header_type() sets appropriately is lost. Anyway PCI_HEADER_TYPE_NORMAL is zero, so it is unnecessary to zero which is already zero cleared. how to test: run qemu and issue info pci to see whether a device in question is normal device, not pci-to-pci bridge. This is handy because guest os isn't required. tested changes: The following files are covered by using following commands. sparc64-softmmu apb_pci.c, vga-pci.c, cmd646.c, ne2k_pci.c, sun4u.c ppc-softmmu grackle_pci.c, cmd646.c, ne2k_pci.c, vga-pci.c, macio.c ppc-softmmu -M mac99 unin_pci.c(uni-north, uni-north-agp) ppc64-softmmu pci-ohci, ne2k_pci, vga-pci, unin_pci.c(u3-agp) x86_64-softmmu acpi_piix4.c, ide/piix.c, piix_pci.c -vga vmware vmware_vga.c -watchdog i6300esb wdt_i6300esb.c -usb usb-uhci.c -sound ac97 ac97.c -nic model=rtl8139 rtl8139.c -nic model=pcnet pcnet.c -balloon virtio virtio-pci.c: untested changes: The following changes aren't tested. prep_pci.c: ppc-softmmu -M prep should cover, but core dumped. unin_pci.c(uni-north-pci): the caller is commented out. openpic.c: the caller is commented out in ppc_prep.c Signed-off-by: NIsaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
-
- 15 3月, 2010 1 次提交
-
-
由 Michael S. Tsirkin 提交于
Real pcnet device (AT2450) apparently has subsystem device and vendor id set to 0, this is out of spec (which requires that vendor id is obtained from PCI SIG) but windows xp driver seems to need this in order to associate. qemu sets pci subsystem id to qumranet/qemu since d350d97d, debian does not yet have this patch. https://bugzilla.redhat.com/show_bug.cgi?id=521247Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Anthony Liguori <aliguori@us.ibm.com>
-
- 09 3月, 2010 1 次提交
-
-
由 Chris Kilgour 提交于
According to AMD document 21485D pp.141, APROMWE is bit 8 of BCR2. Signed-off-by: NChristopher Kilgour <techie@whiterocker.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
-