- 07 1月, 2015 35 次提交
-
-
由 Zhang Haoyu 提交于
If there are still pending i/o while deleting snapshot, because deleting snapshot is done in non-coroutine context, and the pending i/o read/write (bdrv_co_do_rw) is done in coroutine context, so it's possible to cause concurrency problem between above two operations. Add bdrv_drain_all() to bdrv_snapshot_delete() to avoid this problem. Signed-off-by: NZhang Haoyu <zhanghy@sangfor.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 201410211637596311287@sangfor.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> (cherry picked from commit 3432a192) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Max Filippov 提交于
U-boot for xtensa always treats uImage load address as virtual address. This is important when booting uImage on xtensa core with MMUv2, because MMUv2 has fixed non-identity virtual-to-physical mapping after reset. Always do virtual-to-physical translation of uImage load address and load uImage at the translated address. This fixes booting uImage kernels on dc232b and other MMUv2 cores. Cc: qemu-stable@nongnu.org Reported-by: NWaldemar Brodkorb <mail@waldemar-brodkorb.de> Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com> (cherry picked from commit 6d2e4530) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Max Filippov 提交于
Such address translation is needed when load address recorded in uImage is a virtual address. When the actual load address is requested, return untranslated address: user that needs the translated address can always apply translation function to it and those that need it untranslated don't need to do the inverse translation. Add translation function pointer and its parameter to uimage_load prototype. Update all existing users. No user-visible functional changes. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com> Reviewed-by: NAlexander Graf <agraf@suse.de> (cherry picked from commit 25bda50a) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Aurelien Jarno 提交于
Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a regression at the same time by always calling tcg_out_tlb_load with is_load=1. This makes impossible to run any significant code under qemu-system-mips*. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: NRichard Henderson <rth@twiddle.net> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 0a2923f8) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Ting Wang 提交于
If req->resp.cmd.status is not GOOD, the address of sense for qemu_iovec_from_buf should be modified from &req->resp to sense. Cc: qemu-stable@nongnu.org Signed-off-by: NTing Wang <kathy.wangting@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit b7890c40) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Petr Matousek 提交于
bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: NPetr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> (cherry picked from commit e6908bfe) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Jan Kiszka 提交于
qemu_shutdown_requested may be interrupted by qemu_system_killed. If the latter sets shutdown_requested after qemu_shutdown_requested has read it but before it was cleared, the shutdown event is lost. Fix this by using atomic_xchg. This provides a different fix for the problem which commit 15124e14 attempts to deal with. That commit breaks use of ^C to drop into gdb, and so this approach is better (and 15124e14 can be reverted). Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Reviewed-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> [PMM: commit message tweak] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> (cherry picked from commit 817ef04d) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Ray Strode 提交于
commit 57f97834 cleaned up the cac_applet_pki_process_apdu function to have a single exit point. Unfortunately, that commit introduced a bug where the sign buffer can get free'd and nullified while it's still being used. This commit corrects the bug by introducing a boolean to track whether or not the sign buffer should be freed in the function exit path. Signed-off-by: NRay Strode <rstrode@redhat.com> Reviewed-by: NAlon Levy <alon@pobox.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> (cherry picked from commit 81b49e8f) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Max Reitz 提交于
While writing an L1 table sector, qcow2_write_l1_entry() copies the respective range from s->l1_table to the local "buf" array. The size of s->l1_table does not have to be a multiple of L1_ENTRIES_PER_SECTOR; thus, limit the index which is used for copying all entries to the L1 size. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> (cherry picked from commit a1391444) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> (cherry picked from commit bd9ccd85) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> (cherry picked from commit 61b41b4c) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change in behavior: We don't try to automatically fixup rectangles any more. In case we find invalid update requests we'll do a full-screen update instead. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> (cherry picked from commit 1735fe1e) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
Add verification function for rectangles, returning true if verification passes and false otherwise. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> (cherry picked from commit 07258900) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gerd Hoffmann 提交于
Quick & easy stopgap for CVE-2014-3689: We just compile out the hardware acceleration functions which lack sanity checks. Thankfully we have capability bits for them (SVGA_CAP_RECT_COPY and SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory. Subsequent patches will add the missing checks and re-enable the hardware acceleration emulation. Cc: qemu-stable@nongnu.org Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> (cherry picked from commit 83afa38e) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Jan Kiszka 提交于
We used to be able to address both the QEMU and the KVM APIC via "apic". This doesn't work anymore. So we need to use their parent class to turn off the vapic on machines that should not expose them. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> (cherry picked from commit df1fd4b5) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon unplug the virtio-9p child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 8f3d60e5) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
virtio-9p-pci all duplicate the qdev properties of their V9fsState child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the V9fsState child. This way no duplication is necessary. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 48833071) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-balloon child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 91ba2120) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-rng child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 352fa88d) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
virtio-rng-{pci, s390, ccw} all duplicate the qdev properties of their VirtIORNG child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIORNG child. This way no duplication is necessary. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 8ee486ae) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-serial child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit e77ca8b9) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
virtio-serial-{pci, s390, ccw} all duplicate the qdev properties of their VirtIOSerial child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIOSerial child. This way no duplication is necessary. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 4f456d80) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-scsi/vhost-scsi child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 1312f12b) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
{virtio, vhost}-scsi-{pci, s390, ccw} all duplicate the qdev properties of their VirtIOSCSI/VHostSCSI child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIOSCSI/VHostSCSI child. This way no duplication is necessary. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit c39343fd) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
object_initialize() leaves the object with a refcount of 1. object_property_add_child() adds its own reference which is dropped again when the property is deleted. The upshot of this is that we always have a refcount >= 1. Upon hot unplug the virtio-net child is not finalized! Drop our reference after the child property has been added to the parent. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 6a0c6b59) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Gonglei 提交于
virtio-net-pci, virtio-net-s390, and virtio-net-ccw all duplicate the qdev properties of their VirtIONet child. This approach does not work well with string or pointer properties since we must be careful about leaking or double-freeing them. Use the QOM alias property to forward property accesses to the VirtIONet child. This way no duplication is necessary. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NCornelia Huck <cornelia.huck@de.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 7779edfe) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Paolo Bonzini 提交于
This helps for cross-endian configurations. Cc: qemu-stable@nongnu.org Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 7ce04255) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Eduardo Habkost 提交于
QEMU currently allows the number of VCPUs to not be a multiple of the number of threads per socket, but the smbios socket count calculation introduced by commit c97294ec doesn't take that into account, triggering an assertion. e.g.: $ ./x86_64-softmmu/qemu-system-x86_64 -smp 4,sockets=2,cores=6,threads=1 qemu-system-x86_64: /home/ehabkost/rh/proj/virt/qemu/hw/i386/smbios.c:825: smbios_get_tables: Assertion `smbios_smp_sockets >= 1' failed. Aborted (core dumped) Socket count calculation doesn't belong to smbios.c and should eventually be moved to the main SMP topology configuration code. But while we don't move the code, at least make it correct by rounding up the division. Cc: Gabriel Somlo <somlo@cmu.edu> Cc: qemu-stable@nongnu.org Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Reviewed-By: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> (cherry picked from commit 7dfddd7f) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Zhang Haoyu 提交于
The while loop variabal is "bs1", but "bs" is always passed to bdrv_snapshot_delete_by_id_or_name. Broken in commit a89d89d3, v1.7.0. Signed-off-by: NZhang Haoyu <zhanghy@sangfor.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> (cherry picked from commit af957387) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Michael Roth 提交于
Since 3687d532 we've been unconditionally adding qom-test to our qtests for every arch. However, some archs inherit their tests from Makefile variables for other archs, such as i386/x86_64, microblaze/microblazeel, and xtensa/xtensaeb. Since these are evaluated in a lazy manner, we ultimately end up adding qom-test twice. In the case x86_64, where we have a large number of machine types that we rerun qom-test for, this has lead to a fairly noticeable increase in the overall run-time of `make check` (78s vs. 42s on my machine). Similar speed-ups are visible for other such archs, but not nearly as significant. Fix this by only adding qom-test to an arch's test list if it's not already present. Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NAndreas Färber <afaerber@suse.de> Cc: qemu-stable@nongnu.org Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru> (cherry picked from commit 2b8419cb) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 zhanghailiang 提交于
It should not break memory hotplug feature if there is non-NUMA option. This patch would also allow to use pc-dimm as replacement for initial memory for non-NUMA configs. Note: After this patch, the memory hotplug can work normally for Linux guest OS when there is non-NUMA option and NUMA option. But not support Windows guest OS to hotplug memory with no-NUMA config, actully, it's Windows limitation. Reviewed-By: NIgor Mammedov <imammedo@redhat.com> Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> (cherry picked from commit fc50ff06) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Andreas Färber 提交于
Reported-by: NStefan Hajnoczi <stefanha@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: NAndreas Färber <afaerber@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 3a31cff1) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Sebastian Krahmer 提交于
Fix OOB access via malformed incoming_posn parameters and check that requested memory is actually alloc'ed. Signed-off-by: NSebastian Krahmer <krahmer@suse.de> [AF: Rebased, cleanups, avoid fd leak] Cc: qemu-stable@nongnu.org Signed-off-by: NAndreas Färber <afaerber@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 34bc07c5) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Stefan Hajnoczi 提交于
Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem server on the host sends invalid values. Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: NSebastian Krahmer <krahmer@suse.de> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> [AF: Tighten upper bound check for posn in close_guest_eventfds()] Cc: qemu-stable@nongnu.org Signed-off-by: NAndreas Färber <afaerber@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 363ba1c7) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Stefan Hajnoczi 提交于
The third argument to the fd_read() callback implemented by ivshmem_read() is the number of bytes, not a flags field. Fix this and check we received enough bytes before accessing the buffer pointer. Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: NSebastian Krahmer <krahmer@suse.de> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> [AF: Handle partial reads via FIFO] Reported-by: NPeter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: NAndreas Färber <afaerber@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> (cherry picked from commit a2e9011b) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
- 06 1月, 2015 2 次提交
-
-
由 Damjan Marion 提交于
Header length check should happen only if backend is kernel. For user backend there is no reason to reset this bit. vhost-user code does not define .has_vnet_hdr_len so VIRTIO_NET_F_MRG_RXBUF cannot be negotiated even if both sides support it. Signed-off-by: NDamjan Marion <damarion@cisco.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> (cherry picked from commit d8e80ae3) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Luiz Capitulino 提交于
When a QMP client changes the polling interval time by setting the guest-stats-polling-interval property, the interval value is stored and manipulated as an int64_t variable. However, the balloon_stats_change_timer() function, which is used to set the actual timer with the interval value, takes an int instead, causing an overflow for big interval values. This commit fix this bug by changing balloon_stats_change_timer() to take an int64_t and also it limits the polling interval value to UINT_MAX to avoid other kinds of overflow. Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> (cherry picked from commit 1f9296b5) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
- 05 1月, 2015 3 次提交
-
-
由 Stratos Psomadakis 提交于
Commit cdaa86a5 ("Add G_IO_HUP handler for socket chardev") exposed a bug in the way the HMP monitor handles its command buffer. When a client closes the connection to the monitor, tcp_chr_read() will detect the G_IO_HUP condition and call tcp_chr_disconnect() to close the server-side connection too. Due to the fact that monitor reads 1 byte at a time (for each tcp_chr_read()), the monitor readline state / buffers might contain junk (i.e. a half-finished command). Thus, without calling readline_restart() on mon->rs in CHR_EVENT_OPEN, future HMP commands will fail. Signed-off-by: NStratos Psomadakis <psomas@grnet.gr> Signed-off-by: NDimitris Aragiorgis <dimara@grnet.gr> Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com> (cherry picked from commit e5554e20) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Fam Zheng 提交于
Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com> (cherry picked from commit fe509ee2) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-
由 Michael Roth 提交于
This is more of an exercise of the dealloc visitor, where it may erroneously use an uninitialized discriminator field as indication that union fields corresponding to that discriminator field/type are present, which can lead to attempts to free random chunks of heap memory. Cc: qemu-stable@nongnu.org Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com> (cherry picked from commit cb55111b) Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
-