- 25 11月, 2014 1 次提交
-
-
由 Igor Mammedov 提交于
Currently maxmem limit is not checked and depends on hotplug region container not being able to fit more RAM than maxmem. Do check explicitly so that it would be possible to change hotplug container size later to deal with fragmentation. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 23 11月, 2014 7 次提交
-
-
由 Igor Mammedov 提交于
Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
Performance wise it's better to align GVA by the backend's page size. Also do not allow to create DIMM device with suboptimal size (i.e. not aligned to backends page size) to aviod memory loss. Do above only for 2.2 and newer machine types to avoid breaking working configs with 2.1 machine type. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
introduce memory_region_get_alignment() that returns underlying memory block alignment or 0 if it's not relevant/implemented for backend. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
When running in KVM mode, kvm_set_phys_mem() will silently fail if registered MemoryRegion address/size is not page aligned. Causing memory hotplug failure in guest. Mapping non aligned MemoryRegion in TCG mode 'works', but sane guest OS still expects page aligned memory module and fails to initialize it if it's not aligned. So do not allow non aligned (i.e. valid) address/size values for DIMM to avoid either KVM failure or guest issues caused by it. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
split addr initialization from declaration so that later when new local vars are added property getter wouldn't drift off of error check. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
When more memory devices are used than available KVM memory slots, QEMU crashes with: kvm_alloc_slot: no free slot available Aborted (core dumped) Fix this by checking that KVM has a free slot before attempting to map memory in guest address space. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Acked-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Michael S. Tsirkin 提交于
tcp_get_fds API discards fds if there's more than 1 of these. It's tricky to fix this without API changes in the generic case. However, this API is only used by tests ATM, and tests know how many fds they expect. So let's not waste cycles trying to fix this properly: simply assume at most 16 fds (tests use at most 8 now). assert if some test tries to get more. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 21 11月, 2014 8 次提交
-
-
由 Peter Maydell 提交于
# gpg: Signature made Fri 21 Nov 2014 11:12:37 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: rtl8139: fix Pointer to local outside scope pcnet: fix Negative array index read net/socket: fix Uninitialized scalar variable net/slirp: fix memory leak Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
gtk: two bugfixes for 2.2. # gpg: Signature made Fri 21 Nov 2014 07:38:45 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-gtk-20141121-1: gtk: Don't crash if -nodefaults gtk: fix possible memory leak about local_err Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Gonglei 提交于
Coverity spot: Assigning: iov = struct iovec [3]({{buf, 12UL}, {(void *)dot1q_buf, 4UL}, {buf + 12, size - 12}}) (address of temporary variable of type struct iovec [3]). out_of_scope: Temporary variable of type struct iovec [3] goes out of scope. Pointer to local outside scope (RETURN_LOCAL) use_invalid: Using iov, which points to an out-of-scope temporary variable of type struct iovec [3]. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Gonglei 提交于
s->xmit_pos maybe assigned to a negative value (-1), but in this branch variable s->xmit_pos as an index to array s->buffer. Let's add a check for s->xmit_pos. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Gonglei 提交于
If is_connected parameter is false, the saddr variable will no initialize. Coverity report: uninit_use: Using uninitialized value saddr.sin_port. We don't need add saddr information to nc->info_str when is_connected is false. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Gonglei 提交于
commit b412eb61 introduce 'cmd:' target for guestfwd, and fwd don't be used in this scenario, and will leak memory in true branch with 'cmd:'. Let's allocate memory for fwd variable just in else statement. Cc: Alexander Graf <agraf@suse.de> Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Fam Zheng 提交于
This fixes a crash by just skipping the vte resize hack if cur is NULL. Reproducer: qemu-system-x86_64 -nodefaults Signed-off-by: NFam Zheng <famz@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 zhanghailiang 提交于
local_err in gd_vc_gfx_init() is not freed, and we don't use it, so remove it. Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 20 11月, 2014 7 次提交
-
-
由 Leif Lindholm 提交于
ePAPR 1.1 defines the stdout-path property, making the os-specific linux,stdout-path property redundant. Change the DT setup for ARM virt to use the generic property - supported by Linux since 3.15. The old QEMU behaviour was not present in any released version of QEMU, and was only added to QEMU after the kernel changed, so this should not break any existing setups. Signed-off-by: NLeif Lindholm <leif.lindholm@linaro.org> [PMM: add note to commit about the old behaviour never hving been in a released version of QEMU] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Patch queue for ppc - 2014-11-20 Hopefully the last few fixups for 2.2: - KVM memory slot fix (should usually only occur on PPC) - e300 fix - Altivec mtvscr instruction fix # gpg: Signature made Thu 20 Nov 2014 13:53:34 GMT using RSA key ID 03FEDC60 # gpg: Good signature from "Alexander Graf <agraf@suse.de>" # gpg: aka "Alexander Graf <alex@csgraf.de>" * remotes/agraf/tags/signed-ppc-for-upstream: target-ppc: Altivec's mtvscr Decodes Wrong Register kvm: Fix memory slot page alignment logic target-ppc: Fix breakpoint registers for e300 Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Tom Musta 提交于
The Move to Vector Status and Control Register (mtvscr) instruction uses VRB as the source register. Fix the code generator to correctly decode the VRB field. That is, use "rB(ctx->opcode)" instead of "rD(ctx->opcode)". Signed-off-by: NTom Musta <tommusta@gmail.com> Signed-off-by: NAlexander Graf <agraf@suse.de>
-
由 Alexander Graf 提交于
Memory slots have to be page aligned to get entered into KVM. There is existing logic that tries to ensure that we pad memory slots that are not page aligned to the biggest region that would still fit in the alignment requirements. Unfortunately, that logic is broken. It tries to calculate the start offset based on the region size. Fix up the logic to do the thing it was intended to do and document it properly in the comment above it. With this patch applied, I can successfully run an e500 guest with more than 3GB RAM (at which point RAM starts overlapping subpage memory regions). Cc: qemu-stable@nongnu.org Signed-off-by: NAlexander Graf <agraf@suse.de>
-
由 Fabien Chouteau 提交于
In the previous patch, the registers were added to init_proc_G2LE instead of init_proc_e300. Signed-off-by: NFabien Chouteau <chouteau@adacore.com> Signed-off-by: NAlexander Graf <agraf@suse.de>
-
由 Peter Maydell 提交于
Fix from a while back that unfortunately got ignored. Dave Gilbert says it may actually fix a case where autoconverge would break on a repeat migration (and not just fix stats). # gpg: Signature made Thu 20 Nov 2014 12:52:41 GMT using RSA key ID 854083B6 # gpg: Good signature from "Amit Shah <amit@amitshah.net>" # gpg: aka "Amit Shah <amit@kernel.org>" # gpg: aka "Amit Shah <amitshah@gmx.net>" * remotes/amit-migration/tags/for-2.2-2: migration: static variables will not be reset at second migration Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 ChenLiang 提交于
The static variables in migration_bitmap_sync will not be reset in the case of a second attempted migration. Signed-off-by: NChenLiang <chenliang88@huawei.com> Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
- 19 11月, 2014 3 次提交
-
-
由 Peter Maydell 提交于
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Don Slutz 提交于
The other callers to blk_set_enable_write_cache() in this file already check for s->blk == NULL. Signed-off-by: NDon Slutz <dslutz@verizon.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1416259239-13281-1-git-send-email-dslutz@verizon.com Cc: qemu-stable@nongnu.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
# gpg: Signature made Tue 18 Nov 2014 15:04:53 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: net: The third parameter of getsockname should be initialized Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 18 11月, 2014 14 次提交
-
-
由 Peter Maydell 提交于
# gpg: Signature made Tue 18 Nov 2014 15:04:14 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/tracing-pull-request: Tracing: Fix simpletrace.py error on tcg enabled binary traces Tracing docs fix configure option and description Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 zhanghailiang 提交于
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Christoph Seifert 提交于
simpletrace.py does not recognize the tcg option while reading trace-events file. In result simpletrace does not work on binary traces and tcg enabled events. Moved transformation of tcg enabled events to _read_events() which is used by simpletrace. Signed-off-by: NChristoph Seifert <christoph.seifert@posteo.de> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Dr. David Alan Gilbert 提交于
Fix the example trace configure option. Update the text to say that multiple backends are allowed and what happens when multiple backends are enabled. Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1412691161-31785-1-git-send-email-dgilbert@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Maydell 提交于
Block patches for 2.2.0-rc2 # gpg: Signature made Tue 18 Nov 2014 11:32:55 GMT using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: block/raw-posix: Catch fsync() errors block/raw-posix: Only sync after successful preallocation block/raw-posix: Fix preallocating write() loop raw-posix: The SEEK_HOLE code is flawed, rewrite it raw-posix: SEEK_HOLE suffices, get rid of FIEMAP raw-posix: Fix comment for raw_co_get_block_status() Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Fix for CVE-2014-7840, avoiding arbitrary qemu memory overwrite for migration by Michael S. Tsirkin. # gpg: Signature made Tue 18 Nov 2014 11:23:00 GMT using RSA key ID 854083B6 # gpg: Good signature from "Amit Shah <amit@amitshah.net>" # gpg: aka "Amit Shah <amit@kernel.org>" # gpg: aka "Amit Shah <amitshah@gmx.net>" * remotes/amit-migration/tags/for-2.2: migration: fix parameter validation on ram load Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Ard Biesheuvel 提交于
This updates the Linux header to version 3.18-rc5, adding support for (among other things) read-only memslots on ARM and arm64. Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 1416248898-6302-1-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Michael S. Tsirkin 提交于
During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of said function. To fix this, we need to make sure that the [offset, offset + length] range fits into one of the allocated memory regions. Validating addr < len should be sufficient since data seems to always be managed in TARGET_PAGE_SIZE chunks. Fixes: CVE-2014-7840 Note: follow-up patches add extra checks on each block->host access. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NAmit Shah <amit.shah@redhat.com>
-
由 Max Reitz 提交于
fsync() may fail, and that case should be handled. Reported-by: NLászló Érsek <lersek@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
The loop which filled the file with zeroes may have been left early due to an error. In that case, the fsync() should be skipped. Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
write() may write less bytes than requested; in this case, the number of bytes written is returned. This is the byte count we should be subtracting from the number of bytes still to be written, and not the byte count we requested to write. Reported-by: NLászló Érsek <lersek@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Peter Maydell 提交于
The code in invalidate_and_set_dirty() needs to handle addr/length combinations which cross guest physical page boundaries. This can happen, for example, when disk I/O reads large blocks into guest RAM which previously held code that we have cached translations for. Unfortunately we were only checking the clean/dirty status of the first page in the range, and then were calling a tb_invalidate function which only handles ranges that don't cross page boundaries. Fix the function to deal with multipage ranges. The symptoms of this bug were that guest code would misbehave (eg segfault), in particular after a guest reboot but potentially any time the guest reused a page of its physical RAM for new code. Cc: qemu-stable@nongnu.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1416167061-13203-1-git-send-email-peter.maydell@linaro.org
-
由 Kevin Wolf 提交于
* mreitz/block: raw-posix: The SEEK_HOLE code is flawed, rewrite it raw-posix: SEEK_HOLE suffices, get rid of FIEMAP raw-posix: Fix comment for raw_co_get_block_status()
-
由 Markus Armbruster 提交于
On systems where SEEK_HOLE in a trailing hole seeks to EOF (Solaris, but not Linux), try_seek_hole() reports trailing data instead. Additionally, unlikely lseek() failures are treated badly: * When SEEK_HOLE fails, try_seek_hole() reports trailing data. For -ENXIO, there's in fact a trailing hole. Can happen only when something truncated the file since we opened it. * When SEEK_HOLE succeeds, SEEK_DATA fails, and SEEK_END succeeds, then try_seek_hole() reports a trailing hole. This is okay only when SEEK_DATA failed with -ENXIO (which means the non-trailing hole found by SEEK_HOLE has since become trailing somehow). For other failures (unlikely), it's wrong. * When SEEK_HOLE succeeds, SEEK_DATA fails, SEEK_END fails (unlikely), then try_seek_hole() reports bogus data [-1,start), which its caller raw_co_get_block_status() turns into zero sectors of data. Could theoretically lead to infinite loops in code that attempts to scan data vs. hole forward. Rewrite from scratch, with very careful comments. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NMax Reitz <mreitz@redhat.com>
-