- 09 3月, 2017 2 次提交
-
-
由 Gerd Hoffmann 提交于
Make sure we don't leave guest_cursor pointing into nowhere. This might lead to (rare) live migration failures, due to target trying to restore the cursor from the stale pointer. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1421788Reported-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-id: 1488789111-27340-1-git-send-email-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
The strict td link limit added by commit "95ed5693 usb: ohci: limit the number of link eds" causes problems with macos guests. Lets raise the limit. Reported-by: NProgrammingkid <programmingkidx@gmail.com> Reported-by: NHoward Spoelstra <hsp.cat7@gmail.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NBALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: NJohn Arbuckle <programmingkidx@gmail.com> Message-id: 1488876018-31576-1-git-send-email-kraxel@redhat.com
-
- 08 3月, 2017 1 次提交
-
-
由 Peter Maydell 提交于
block: Command line option -blockdev # gpg: Signature made Tue 07 Mar 2017 15:07:59 GMT # gpg: using RSA key 0x3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-block-2017-02-28-v4: (24 commits) keyval: Support lists docs/qapi-code-gen.txt: Clarify naming rules qapi: Improve how keyval input visitor reports unexpected dicts block: Initial implementation of -blockdev qapi: New qobject_input_visitor_new_str() for convenience keyval: Restrict key components to valid QAPI names qapi: New parse_qapi_name() test-qapi-util: New, covering qapi/qapi-util.c monitor: Assert qmp_schema_json[] is sane test-visitor-serialization: Pass &error_abort to qobject_from_json() check-qjson: Test errors from qobject_from_json() block: More detailed syntax error reporting for JSON filenames qobject: Propagate parse errors through qobject_from_json() test-qobject-input-visitor: Abort earlier on bad test input qjson: Abort earlier on qobject_from_jsonf() misuse libqtest: Fix qmp() & friends to abort on JSON parse errors qobject: Propagate parse errors through qobject_from_jsonv() qapi: Factor out common qobject_input_get_keyval() qapi: Factor out common part of qobject input visitor creation test-keyval: Cover use with qobject input visitor ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 07 3月, 2017 37 次提交
-
-
由 Markus Armbruster 提交于
Additionally permit non-negative integers as key components. A dictionary's keys must either be all integers or none. If all keys are integers, convert the dictionary to a list. The set of keys must be [0,N]. Examples: * list.1=goner,list.0=null,list.1=eins,list.2=zwei is equivalent to JSON [ "null", "eins", "zwei" ] * a.b.c=1,a.b.0=2 is inconsistent: a.b.c clashes with a.b.0 * list.0=null,list.2=eins,list.2=zwei has a hole: list.1 is missing Similar design flaw as for objects: there is no way to denote an empty list. While interpreting "key absent" as empty list seems natural (removing a list member from the input string works when there are multiple ones, so why not when there's just one), it doesn't work: "key absent" already means "optional list absent", which isn't the same as "empty list present". Update the keyval object visitor to use this a.0 syntax in error messages rather than the usual a[0]. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <1488317230-26248-25-git-send-email-armbru@redhat.com> [Off-by-one fix squashed in, as per Kevin's review] Reviewed-by: NKevin Wolf <kwolf@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-24-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Incorrect option -blockdev node-name=foo,driver=file,filename=foo.img,aio.unmap=on is rejected with "Invalid parameter type for 'aio', expected: string". To make sense of this, you almost have to translate it into the equivalent QMP command { "execute": "blockdev-add", "arguments": { "node-name": "foo", "driver": "file", "filename": "foo.img", "aio": { "unmap": true } } } Improve the error message to "Parameters 'aio.*' are unexpected". Take care not to confuse the case "unexpected nested parameters" (i.e. the object is a QDict or QList) with the case "non-string scalar parameter". The latter is a misuse of the visitor, and should perhaps be an assertion. Note that test-qobject-input-visitor exercises this misuse in test_visitor_in_int_keyval(), test_visitor_in_bool_keyval() and test_visitor_in_number_keyval(). Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-23-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
The new command line option -blockdev works like QMP command blockdev-add. The option argument may be given in JSON syntax, exactly as in QMP. Example usage: -blockdev '{"node-name": "foo", "driver": "raw", "file": {"driver": "file", "filename": "foo.img"} }' The JSON argument doesn't exactly blend into the existing option syntax, so the traditional KEY=VALUE,... syntax is also supported, using dotted keys to do the nesting: -blockdev node-name=foo,driver=raw,file.driver=file,file.filename=foo.img This does not yet support lists, but that will be addressed shortly. Note that calling qmp_blockdev_add() (say via qmp_marshal_block_add()) right away would crash. We need to stash the configuration for later instead. This is crudely done, and bypasses QemuOpts, even though storing configuration is what QemuOpts is for. Need to revamp option infrastructure to support QAPI types like BlockdevOptions. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1488317230-26248-22-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <1488317230-26248-21-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Until now, key components are separated by '.'. This leaves little room for evolving the syntax, and is incompatible with the __RFQDN_ prefix convention for downstream extensions. Since key components will be commonly used as QAPI member names by the QObject input visitor, we can just as well borrow the QAPI naming rules here: letters, digits, hyphen and period starting with a letter, with an optional __RFQDN_ prefix for downstream extensions. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-20-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1488317230-26248-19-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-18-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
qmp_query_qmp_schema() parses qmp_schema_json[] with qobject_from_json(). This must not fail, so pass &error_abort. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-17-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
qmp_deserialize() calls qobject_from_json() ignoring errors. It passes the result to qobject_input_visitor_new(), which asserts it's not null. Therefore, we can just as well pass &error_abort to qobject_from_json(). Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-16-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Pass &error_abort with known-good input. Else pass &err and check what comes back. This demonstrates that the parser fails silently for many errors. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-15-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-14-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
The next few commits will put the errors to use where appropriate. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1488317230-26248-13-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
visitor_input_test_init_internal() parses test input with qobject_from_jsonv(), and asserts it succeeds. Pass &error_abort for good measure. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-12-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Ignoring errors first, then asserting success is suboptimal. Pass &error_abort instead, so we abort earlier, and hopefully get more useful clues on what's wrong. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-11-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-10-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
The next few commits will put the errors to use where appropriate. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-9-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1488317230-26248-8-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-7-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-6-git-send-email-armbru@redhat.com>
-
由 Daniel P. Berrange 提交于
Currently the QObjectInputVisitor assumes that all scalar values are directly represented as the final types declared by the thing being visited. i.e. it assumes an 'int' is using QInt, and a 'bool' is using QBool, etc. This is good when QObjectInputVisitor is fed a QObject that came from a JSON document on the QMP monitor, as it will strictly validate correctness. To allow QObjectInputVisitor to be reused for visiting a QObject originating from keyval_parse(), an alternative mode is needed where all the scalars types are represented as QString and converted on the fly to the final desired type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Message-Id: <1475246744-29302-8-git-send-email-berrange@redhat.com> Rebased, conflicts resolved, commit message updated to refer to keyval_parse(). autocast replaced by keyval in identifiers, noautocast replaced by fail in tests. Fix qobject_input_type_uint64_keyval() not to reject '-', for QemuOpts compatibility: replace parse_uint_full() by open-coded parse_option_number(). The next commit will add suitable tests. Leave out the fancy ERANGE error reporting for now, but add a TODO comment. Add it qobject_input_type_int64_keyval() and qobject_input_type_number_keyval(), too. Open code parse_option_bool() and parse_option_size() so we have to call qobject_input_get_name() only when actually needed. Again, leave out ERANGE error reporting for now. QAPI/QMP downstream extension prefixes __RFQDN_ don't work, because keyval_parse() splits them at '.'. This will be addressed later in the series. qobject_input_type_int64_keyval(), qobject_input_type_uint64_keyval(), qobject_input_type_number_keyval() tweaked for style. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-5-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
keyval_parse() parses KEY=VALUE,... into a QDict. Works like qemu_opts_parse(), except: * Returns a QDict instead of a QemuOpts (d'oh). * Supports nesting, unlike QemuOpts: a KEY is split into key fragments at '.' (dotted key convention; the block layer does something similar on top of QemuOpts). The key fragments are QDict keys, and the last one's value is updated to VALUE. * Each key fragment may be up to 127 bytes long. qemu_opts_parse() limits the entire key to 127 bytes. * Overlong key fragments are rejected. qemu_opts_parse() silently truncates them. * Empty key fragments are rejected. qemu_opts_parse() happily accepts empty keys. * It does not store the returned value. qemu_opts_parse() stores it in the QemuOptsList. * It does not treat parameter "id" specially. qemu_opts_parse() ignores all but the first "id", and fails when its value isn't id_wellformed(), or duplicate (a QemuOpts with the same ID is already stored). It also screws up when a value contains ",id=". * Implied value is not supported. qemu_opts_parse() desugars "foo" to "foo=on", and "nofoo" to "foo=off". * An implied key's value can't be empty, and can't contain ','. I intend to grow this into a saner replacement for QemuOpts. It'll take time, though. Note: keyval_parse() provides no way to do lists, and its key syntax is incompatible with the __RFQDN_ prefix convention for downstream extensions, because it blindly splits at '.', even in __RFQDN_. Both issues will be addressed later in the series. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-Id: <1488317230-26248-4-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-3-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
qemu_opts_parse() interprets "no" as negated empty key. Consistent with its acceptance of empty keys elsewhere, whatever that's worth. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Message-Id: <1488317230-26248-2-git-send-email-armbru@redhat.com>
-
由 Peter Maydell 提交于
When assembling 'given' from the instruction bytes, C's integer promotion rules mean we may promote an unsigned char to a signed integer before shifting it, and then sign extend to a 64-bit long, which can set the high bits of the long. The code doesn't in fact care about the high bits if the long is 64 bits, but this is surprising, so don't do it. (Spotted by Coverity, CID 1005404.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1488556233-31246-7-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
In the cris disassembler we were using 'unsigned long' to calculate addresses which are supposed to be 32 bits. This meant that we might accidentally sign extend or calculate a value that was outside the 32 bit range of the guest CPU. Use 'uint32_t' instead so we give the right answers on 64-bit hosts. (Spotted by Coverity, CID 1005402, 1005403.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1488556233-31246-6-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
In read_insn_microblaze() we assemble 4 bytes into an 'unsigned long'. If 'unsigned long' is 64 bits and the high byte has its top bit set, then C's implicit conversion from 'unsigned char' to 'int' for the shift will result in an unintended sign extension which sets the top 32 bits in 'inst'. Add casts to prevent this. (Spotted by Coverity, CID 10054016.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1488556233-31246-5-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
In get_field(), we take an 'unsigned char' value and shift it left, which implicitly promotes it to 'signed int', before ORing it into an 'unsigned long' type. If 'unsigned long' is 64 bits then this will result in a sign extension and the top 32 bits of the result will be 1s. Add explicit casts to unsigned long before shifting to prevent this. (Spotted by Coverity, CID 715697.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Message-id: 1488556233-31246-4-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
In a code path where we hit an internal disassembler error, execution would subsequently attempt to dereference a NULL pointer. This should never happen, but avoid the crash. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1488556233-31246-3-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Coverity complains (CID 1302705) that the "fr0" part of the ?: in fput_fp_reg_r() is dead. This looks like cut-n-paste error from fput_fp_reg(); delete the dead code. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1488556233-31246-2-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
target/xtensa updates: - instantiate local memories in xtensa sim machine; - add two missing include files to xtensa core importing script. # gpg: Signature made Mon 06 Mar 2017 22:32:45 GMT # gpg: using RSA key 0x51F9CC91F83FA044 # gpg: Good signature from "Max Filippov <filippov@cadence.com>" # gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20170306-xtensa: target/xtensa: add two missing headers to core import script target/xtensa: sim: instantiate local memories Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Fixes issues that got merged with the latest pull request: - missing O_NOFOLLOW flag for CVE-2016-960 - build break with older glibc that don't have O_PATH and AT_EMPTY_PATH - various bugs reported by Coverity # gpg: Signature made Mon 06 Mar 2017 17:51:29 GMT # gpg: using DSA key 0x02FC3AEB0101DBC2 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Greg Kurz <groug@free.fr>" # gpg: aka "Greg Kurz <gkurz@linux.vnet.ibm.com>" # gpg: aka "Gregory Kurz (Groug) <groug@free.fr>" # gpg: aka "[jpeg image of size 3330]" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2 * remotes/gkurz/tags/fixes-for-2.9: 9pfs: fix vulnerability in openat_dir() and local_unlinkat_common() 9pfs: fix O_PATH build break with older glibc versions 9pfs: don't use AT_EMPTY_PATH in local_set_cred_passthrough() 9pfs: fail local_statfs() earlier 9pfs: fix fd leak in local_opendir() 9pfs: fix bogus fd check in local_remove() Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
qemu-ga patch queue for 2.9 * fix fsfreeze for filesystems mounted in multiple locations * fix test failure when running in a chroot * support for socket-based activation # gpg: Signature made Mon 06 Mar 2017 07:54:17 GMT # gpg: using RSA key 0x3353C9CEF108B584 # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" # gpg: aka "Michael Roth <mdroth@utexas.edu>" # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2017-03-06-tag: tests: check path to avoid a failing qga/get-vcpus test qga: ignore EBUSY when freezing a filesystem qga: add systemd socket activation support Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Greg Kurz 提交于
We should pass O_NOFOLLOW otherwise openat() will follow symlinks and make QEMU vulnerable. While here, we also fix local_unlinkat_common() to use openat_dir() for the same reasons (it was a leftover in the original patchset actually). This fixes CVE-2016-9602. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NDaniel P. Berrange <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Greg Kurz 提交于
When O_PATH is used with O_DIRECTORY, it only acts as an optimization: the openat() syscall simply finds the name in the VFS, and doesn't trigger the underlying filesystem. On systems that don't define O_PATH, because they have glibc version 2.13 or older for example, we can safely omit it. We don't want to deactivate O_PATH globally though, in case it is used without O_DIRECTORY. The is done with a dedicated macro. Systems without O_PATH may thus fail to resolve names that involve unreadable directories, compared to newer systems succeeding, but such corner case failure is our only option on those older systems to avoid the security hole of chasing symlinks inappropriately. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NEric Blake <eblake@redhat.com> (added last paragraph to changelog as suggested by Eric Blake) Signed-off-by: NGreg Kurz <groug@kaod.org>
-
由 Greg Kurz 提交于
The name argument can never be an empty string, and dirfd always point to the containing directory of the file name. AT_EMPTY_PATH is hence useless here. Also it breaks build with glibc version 2.13 and older. It is actually an oversight of a previous tentative patch to implement this function. We can safely drop it. Reported-by: NMark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: NGreg Kurz <groug@kaod.org> Tested-by: NMark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Greg Kurz 提交于
If we cannot open the given path, we can return right away instead of passing -1 to fstatfs() and close(). This will make Coverity happy. (Coverity issue CID1371729) Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NDaniel P. berrange <berrange@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
-