- 15 6月, 2017 20 次提交
-
-
由 Yang Zhong 提交于
there are some types of accelerators in qemu, and all accelerators have their own file except tcg. tcg accelerator is also defined in accel.c file. tcg accelerator file will be splited from accel.c and re-name to tcg-all.c. accel/ directory will be created to include kvm and tcg related files. Signed-off-by: NYang Zhong <yang.zhong@intel.com> Message-Id: <1496383606-18060-2-git-send-email-yang.zhong@intel.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Max Reitz 提交于
qemu proper has done so for 13 years (8a7ddc38), qemu-img and qemu-io have done so for four years (526eda14). Ignoring this signal is especially important in qemu-nbd because otherwise a client can easily take down the qemu-nbd server by dropping the connection when the server wants to send something, for example: $ qemu-nbd -x foo -f raw -t null-co:// & [1] 12726 $ qemu-io -c quit nbd://localhost/bar can't open device nbd://localhost/bar: No export with name 'bar' available [1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co:// In this case, the client sends an NBD_OPT_ABORT and closes the connection (because it is not required to wait for a reply), but the server replies with an NBD_REP_ACK (because it is required to reply). Signed-off-by: NMax Reitz <mreitz@redhat.com> Message-Id: <20170611123714.31292-1-mreitz@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Eric Blake 提交于
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient server would not quit, regardless of how many probe connections came and went, until a connection actually negotiated). But we broke that in commit ee7d7aab when removing the return value to nbd_client_new(), although that patch also introduced a bug causing an assertion failure on a client that fails negotiation. We then made it worse during refactoring in commit 1a6245a5 (a segfault before we could even assert); the (masked) assertion was cleaned up in d3780c2d (still in 2.6), and just recently we finally fixed the segfault ("nbd: Fully intialize client in case of failed negotiation"). But that still means that ever since we added TLS support to qemu-nbd, we have been vulnerable to an ill-timed port-scan being able to cause a denial of service by taking down qemu-nbd before a real client has a chance to connect. Since negotiation is now handled asynchronously via coroutines, we no longer have a synchronous point of return by re-adding a return value to nbd_client_new(). So this patch instead wires things up to pass the negotiation status through the close_fn callback function. Simple test across two terminals: $ qemu-nbd -f raw -p 30001 file $ nmap 127.0.0.1 -p 30001 && \ qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 Note that this patch does not change what constitutes successful negotiation (thus, a client must enter transmission phase before that client can be considered as a reason to terminate the server when the connection ends). Perhaps we may want to tweak things in a later patch to also treat a client that uses NBD_OPT_ABORT as being a 'successful' negotiation (the client correctly talked the NBD protocol, and informed us it was not going to use our export after all), but that's a discussion for another day. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614Signed-off-by: NEric Blake <eblake@redhat.com> Message-Id: <20170608222617.20376-1-eblake@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
While at it, drop the current_cpu assignment since this is a per-thread variable on modern QEMU. Cc: Vincent Palatin <vpalatin@chromium.org> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Roman Kagan 提交于
Wrap the bulk of kvm_cpu_exec with cpu_exec_start/end, so that kvm version can also enjoy performing certain operations while all vCPUs are quiescent. Signed-off-by: NRoman Kagan <rkagan@virtuozzo.com> Message-Id: <20170606181948.16238-15-rkagan@virtuozzo.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Thomas Huth 提交于
Commit bde4d920 ("Fix the -accel parameter and the documentation for 'hax'") introduced a regression by adding a new local accel_opts variable which shadows the variable with the same name that is declared at the beginning of the main() scope. This causes the qemu_tcg_configure() call later to be always called with NULL, so that the thread=xxx option gets ignored. Fix it by removing the local accel_opts variable and use "opts" instead, which is meant for storing temporary QemuOpts values. And while we're at it, also change the exit(1) here to exit(0) since asking for help is not an error. Fixes: bde4d920Reported-by: NMarkus Armbruster <armbru@redhat.com> Reported-by: NEmilio G. Cota <cota@braap.org> Signed-off-by: NThomas Huth <thuth@redhat.com> Message-Id: <1496899257-25800-1-git-send-email-thuth@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Thomas Huth 提交于
When doing a "make -j10" in the vanilla QEMU source tree (without running "configure" first), the Makefile currently generates two files already, qemu-version.h and qemu-options.def. This should not happen, so let's only build the generated files if config-host.mak is available (i.e. "configure" has been run already). Signed-off-by: NThomas Huth <thuth@redhat.com> Message-Id: <1496926799-13040-1-git-send-email-thuth@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
This ensures that the request is unref'ed properly, and avoids a segmentation fault in the new qtest testcase that is added. This is CVE-2017-9503. Reported-by: NZhangyanyu <zyy4013@stu.ouc.edu.cn> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Avoid TOC-TOU bugs by passing the frame_cmd down, and checking cmd->dcmd_opcode instead of cmd->frame->header.frame_cmd. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Avoid TOC-TOU bugs depending on how the compiler behaves. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Avoid TOC-TOU bugs depending on how the compiler behaves. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Now unnecessary since ivshmem uses memory_region_init_ram_from_fd. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-7-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Instead of having its own mmap handling code, reuse the code from exec.c. Note: memory_region_init_ram_from_fd() adds some restrictions (check for xen, kvm sync-mmu, etc) and changes (such as size alignment). This may actually be more correct. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-6-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Add a new function to initialize a RAM memory region with a file descriptor to be mmap-ed. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-5-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Add qemu_ram_alloc_from_fd(), which can be use to allocate ramblock from fd only. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-4-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Move file opening part in a seperate function, file_ram_open(). This allows for reuse of file_ram_alloc() with a given fd. Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-3-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Marc-André Lureau 提交于
Move kvm mmu notifiers check before calling file_ram_alloc(), with the other xen precondition. (file_ram_alloc() will be reused in other cases than -mem-path). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-2-marcandre.lureau@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 13 6月, 2017 20 次提交
-
-
由 Peter Maydell 提交于
target-arm queue: * vITS: Support save/restore * timer/aspeed: Fix timer enablement when reload is not set * aspped: add temperature sensor device * timer.h: Provide better monotonic time on ARM hosts * exynos4210: various cleanups * exynos4210: support system poweroff # gpg: Signature made Tue 13 Jun 2017 15:05:49 BST # gpg: using RSA key 0x3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20170613: hw/intc/arm_gicv3_its: Allow save/restore hw/intc/arm_gicv3_kvm: Implement pending table save hw/intc/arm_gicv3_its: Implement state save/restore kvm-all: Pass an error object to kvm_device_access timer/aspeed: fix timer enablement when a reload is not set aspeed: add a temp sensor device on I2C bus 3 hw/misc: add a TMP42{1, 2, 3} device model timer.h: Provide better monotonic time hw/misc/exynos4210_pmu: Add support for system poweroff hw/intc/exynos4210_gic: Constify array of combiner interrupts hw/arm/exynos: Use type define instead of hard-coded a9mpcore_priv string hw/arm/exynos: Declare local variables in some order hw/arm/exynos: Move DRAM initialization next boards hw/timer/exynos4210_mct: Remove unused defines hw/timer/exynos4210_mct: Cleanup indentation and empty new lines hw/timer/exynos4210_mct: Fix checkpatch style errors hw/intc/exynos4210_gic: Use more meaningful name for local variable Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Eric Auger 提交于
We change the restoration priority of both the GICv3 and ITS. The GICv3 must be restored before the ITS and the ITS needs to be restored before PCIe devices since it translates their MSI transactions. Signed-off-by: NEric Auger <eric.auger@redhat.com> Reviewed-by: NJuan Quintela <quintela@redhat.com> Message-id: 1497023553-18411-5-git-send-email-eric.auger@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Eric Auger 提交于
This patch adds the flush of the LPI pending bits into the redistributor pending tables. This happens on VM stop. There is no explicit restore as the tables are implicitly sync'ed on ITS table restore and on LPI enable at redistributor level. Signed-off-by: NEric Auger <eric.auger@redhat.com> Message-id: 1497023553-18411-4-git-send-email-eric.auger@redhat.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Eric Auger 提交于
We need to handle both registers and ITS tables. While register handling is standard, ITS table handling is more challenging since the kernel API is devised so that the tables are flushed into guest RAM and not in vmstate buffers. Flushing the ITS tables on device pre_save() is too late since the guest RAM is already saved at this point. Table flushing needs to happen when we are sure the vcpus are stopped and before the last dirty page saving. The right point is RUN_STATE_FINISH_MIGRATE but sometimes the VM gets stopped before migration launch so let's simply flush the tables each time the VM gets stopped. For regular ITS registers we just can use vmstate pre_save() and post_load() callbacks. Signed-off-by: NEric Auger <eric.auger@redhat.com> Message-id: 1497023553-18411-3-git-send-email-eric.auger@redhat.com Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Eric Auger 提交于
In some circumstances, we don't want to abort if the kvm_device_access fails. This will be the case during ITS migration, in case the ITS table save/restore fails because the guest did not program the vITS correctly. So let's pass an error object to the function and return the ioctl value. New callers will be able to make a decision upon this returned value. Existing callers pass &error_abort which will cause the function to abort on failure. Signed-off-by: NEric Auger <eric.auger@redhat.com> Reviewed-by: NJuan Quintela <quintela@redhat.com> Reviewed-by: NPeter Xu <peterx@redhat.com> Message-id: 1497023553-18411-2-git-send-email-eric.auger@redhat.com [PMM: wrapped long line] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Cédric Le Goater 提交于
When a timer is enabled before a reload value is set, the controller waits for a reload value to be set before starting decrementing. This fix tries to cover that case by changing the timer expiry only when a reload value is valid. Signed-off-by: NCédric Le Goater <clg@kaod.org> Reviewed-by: NAndrew Jeffery <andrew@aj.id.au> Message-id: 1496739312-32304-1-git-send-email-clg@kaod.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Cédric Le Goater 提交于
Temperatures can be changed from the monitor with : (qemu) qom-set /machine/unattached/device[2] temperature0 12000 Signed-off-by: NCédric Le Goater <clg@kaod.org> Message-id: 1496739230-32109-3-git-send-email-clg@kaod.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Cédric Le Goater 提交于
Largely inspired by the TMP105 temperature sensor, here is a model for the TMP42{1,2,3} temperature sensors. Specs can be found here : http://www.ti.com/lit/gpn/tmp421Signed-off-by: NCédric Le Goater <clg@kaod.org> Message-id: 1496739230-32109-2-git-send-email-clg@kaod.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Pranith Kumar 提交于
Tested and confirmed that the stretch i386 debian qcow2 image on a raspberry pi 2 works. Fixes: LP#: 893208 <https://bugs.launchpad.net/qemu/+bug/893208/> Signed-off-by: NPranith Kumar <bobby.prani@gmail.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 20170418191817.10430-1-bobby.prani@gmail.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
On all Exynos-based boards, the system powers down itself by driving PS_HOLD signal low - eight bit in PS_HOLD_CONTROL register of PMU. Handle writing to respective PMU register to fix power off failure: reboot: Power down Unable to poweroff system shutdown: 31 output lines suppressed due to ratelimiting Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000000 CPU: 0 PID: 1 Comm: shutdown Not tainted 4.11.0-rc8 #846 Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [<c031050c>] (unwind_backtrace) from [<c030ba6c>] (show_stack+0x10/0x14) [<c030ba6c>] (show_stack) from [<c05b2800>] (dump_stack+0x88/0x9c) [<c05b2800>] (dump_stack) from [<c03d3140>] (panic+0xdc/0x268) [<c03d3140>] (panic) from [<c0343614>] (do_exit+0xa90/0xab4) [<c0343614>] (do_exit) from [<c035f2dc>] (SyS_reboot+0x164/0x1d0) [<c035f2dc>] (SyS_reboot) from [<c0307c80>] (ret_fast_syscall+0x0/0x3c) Additionally the initial value of PS_HOLD has to be changed because recent Linux kernel (v4.12-rc1) uses regmap cache for this access. When the register is kept at reset value, the kernel will not issue a write to it. Usually the bootloader sets the eight bit of PS_HOLD high so mimic its existence here. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
The static array of interrupt combiner mappings is not modified so it can be made const for code safeness. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
Use a define for a9mpcore_priv device type name instead of hard-coded string. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
Bring some more readability by declaring local function variables: first initialized ones and then the rest (with reversed-christmas-tree order). Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
Before QOM-ifying the Exynos4 SoC model, move the DRAM initialization from exynos4210.c to exynos4_boards.c because DRAM is board specific, not SoC. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
Remove defines not used anywhere. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
Statements under 'case' were in some places wrongly indented bringing confusion and making the code less readable. Remove also few unneeded blank lines. No functional changes. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
Fix checkpatch errors: 1. ERROR: spaces required around that '+' (ctx:VxV) 2. ERROR: spaces required around that '&' (ctx:VxV) No functional changes. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Krzysztof Kozlowski 提交于
There are to SysBusDevice variables in exynos4210_gic_realize() function: one for the device itself and second for arm_gic device. Add a prefix "gic" to the second one so it will be easier to understand the code. While at it, put local uninitialized 'i' variable at the end, next to other uninitialized ones. Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
# gpg: Signature made Tue 13 Jun 2017 14:35:25 BST # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/tracing-pull-request: monitor: resurrect handle_qmp_command trace event monitor: add handle_hmp_command trace event Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Stefan Hajnoczi 提交于
Commit 104fc302 ("qmp: Drop duplicated QMP command object checks") removed the call to trace_handle_qmp_command() while eliminating code duplication. This patch brings the trace event back so QEMU-internal trace events can be correlated with the QMP commands that caused them. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 20170605104216.22429-3-stefanha@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-