- 17 3月, 2017 4 次提交
-
-
由 Fam Zheng 提交于
This fixes a leaked fd introduced in commit 9103f1ce. Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Changlong Xie 提交于
Even if hidden_disk, secondary_disk are backing files, they all need write permissions in replication scenario. Otherwise we will encouter below exceptions on secondary side during adding nbd server: {'execute': 'nbd-server-add', 'arguments': {'device': 'colo-disk', 'writable': true } } {"error": {"class": "GenericError", "desc": "Conflicts with use by hidden-qcow2-driver as 'backing', which does not allow 'write' on sec-qcow2-driver-for-nbd"}} CC: Zhang Hailiang <zhang.zhanghailiang@huawei.com> CC: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> CC: Wen Congyang <wencongyang2@huawei.com> Signed-off-by: NChanglong Xie <xiecl.fnst@cn.fujitsu.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Hajnoczi 提交于
The following pattern is unsafe: char buf[32]; ret = read(fd, buf, sizeof(buf)); ... buf[ret] = 0; If read(2) returns 32 then a byte beyond the end of the buffer is zeroed. In practice this buffer overflow does not occur because the sysfs max_segments file only contains an unsigned short + '\n'. The string is always shorter than 32 bytes. Regardless, avoid this pattern because static analysis tools might complain and it could lead to real buffer overflows if copy-pasted elsewhere in the codebase. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Peter Maydell 提交于
cirrus: blitter fixes. # gpg: Signature made Thu 16 Mar 2017 09:05:22 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-cirrus-20170316-1: cirrus: stop passing around src pointers in the blitter cirrus: stop passing around dst pointers in the blitter cirrus: fix cirrus_invalidate_region cirrus: add option to disable blitter cirrus: switch to 4 MB video memory by default cirrus/vnc: zap bitblit support from console code. fix :cirrus_vga fix OOB read case qemu Segmentation fault # Conflicts: # include/hw/compat.h Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 16 3月, 2017 36 次提交
-
-
由 Peter Maydell 提交于
migration/next for 20170316 # gpg: Signature made Thu 16 Mar 2017 08:21:51 GMT # gpg: using RSA key 0xF487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" # gpg: aka "Juan Quintela <quintela@trasno.org>" # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * remotes/juanquintela/tags/migration/20170316: postcopy: Check for shared memory RAMBlocks: qemu_ram_is_shared vmstate: fix failed iotests case 68 and 91 migration/block: Avoid invoking blk_drain too frequently migration: use "" as the default for tls-creds/hostname Change the method to calculate dirty-pages-rate Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Pull request Tracing makefile fixes for QEMU 2.9. # gpg: Signature made Thu 16 Mar 2017 06:56:10 GMT # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/tracing-pull-request: trace: ensure $(tracetool-y) is defined in top level makefile makefile: generate trace-events-all upfront makefile: merge GENERATED_HEADERS & GENERATED_SOURCES variables Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Commit c2cabb34 inadvertently downgraded the 'dtc' submodule, undoing the increments added in earlier commits. Revert this, returning the submodule state to where we should be. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
QAPI patches for 2017-03-16 # gpg: Signature made Thu 16 Mar 2017 06:18:38 GMT # gpg: using RSA key 0x3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2017-03-16: (49 commits) qapi: Fix a misleading parser error message qapi: Make pylint a bit happier qapi: Drop unused .check_clash() parameter schema qapi: union_types is a list used like a dict, make it one qapi: struct_types is a list used like a dict, make it one qapi: enum_types is a list used like a dict, make it one qapi: Factor add_name() calls out of the meta conditional qapi: Simplify what gets stored in enum_types qapi: Drop unused variable events qapi: Eliminate check_docs() and drop QAPIDoc.expr qapi: Fix detection of bogus member documentation tests/qapi-schema: Improve coverage of bogus member docs tests/qapi-schema: Rename doc-bad-args to doc-bad-command-arg qapi: Move empty doc section checking to doc parser qapi: Improve error message on @NAME: in free-form doc qapi: Move detection of doc / expression name mismatch qapi: Fix detection of doc / expression mismatch tests/qapi-schema: Improve doc / expression mismatch coverage qapi2texi: Use category "Object" for all object types qapi2texi: Generate descriptions for simple union tags ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
virtio, pci: fixes More fixes missed in the previous pull request. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 16 Mar 2017 02:29:49 GMT # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: virtio-serial-bus: Delete timer from list before free it hw/virtio: fix Power Management Control Register for PCI Express virtio devices hw/virtio: fix Link Control Register for PCI Express virtio devices hw/virtio: fix error enabling flags in Device Control register hw/pcie: fix Extended Configuration Space for devices with no Extended Capabilities Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
# gpg: Signature made Thu 16 Mar 2017 00:52:41 GMT # gpg: using RSA key 0x7DEF8106AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" # Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB # Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E * remotes/jnsnow/tags/ide-pull-request: ide: ahci: call cleanup function in ahci unit ide: core: add cleanup function ide: qdev: register ide bus unrealize function Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Dr. David Alan Gilbert 提交于
Postcopy doesn't support migration of RAM shared with another process yet (we've got a bunch of things to understand). Check for the case and don't allow postcopy to be enabled. Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NJuan Quintela <quintela@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Dr. David Alan Gilbert 提交于
Provide a helper to say whether a RAMBlock was created as a shared mapping. Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NJuan Quintela <quintela@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 QingFeng Hao 提交于
This problem affects s390x only if we are running without KVM. Basically, S390CPU.irqstate is unused if we do not use KVM, and thus no buffer is allocated. This causes size=0, first_elem=NULL and n_elems=1 in vmstate_load_state and vmstate_save_state. And the assert fails. With this fix we can go back to the old behavior and support VMS_VBUFFER with size 0 and nullptr. Signed-off-by: NQingFeng Hao <haoqf@linux.vnet.ibm.com> Signed-off-by: NHalil Pasic <pasic@linux.vnet.ibm.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Lidong Chen 提交于
Increase bmds->cur_dirty after submit io, so reduce the frequency involve into blk_drain, and improve the performance obviously when block migration. The performance test result of this patch: During the block dirty save phase, this patch improve guest os IOPS from 4.0K to 9.5K. and improve the migration speed from 505856 rsec/s to 855756 rsec/s. Signed-off-by: NLidong Chen <jemmy858585@gmail.com> Reviewed-by: NFam Zheng <famz@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Gerd Hoffmann 提交于
Does basically the same as "cirrus: stop passing around dst pointers in the blitter", just for the src pointer instead of the dst pointer. For the src we have to care about cputovideo blits though and fetch the data from s->cirrus_bltbuf instead of vga memory. The cirrus_src*() helper functions handle that. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1489584487-3489-1-git-send-email-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Instead pass around the address (aka offset into vga memory). Calculate the pointer in the rop_* functions, after applying the mask to the address, to make sure the address stays within the valid range. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1489574872-8679-1-git-send-email-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
off_cur_end is exclusive, so off_cur_end == cirrus_addr_mask is valid. Fix calculation to make sure to allow that, otherwise the assert added by commit f153b563 can trigger for valid blits. Test case: boot windows nt 4.0 Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1489579606-26020-1-git-send-email-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Ok, we have this beast in the cirrus code which is not used at all by modern guests, except when you try to find security holes in qemu. So, add an option to disable blitter altogether. Guests released within the last ten years should not show any rendering issues if you turn off blitter support. There are no known bugs in the cirrus blitter code. But in the past we hoped a few times already that we've finally nailed the last issue. So having some easy way to mitigate in case yet another blitter issue shows up certainly makes me sleep a bit better at night. For completeness: The by far better way to mitigate is to switch away from cirrus and use stdvga instead. Or something more modern like virtio-vga in case your guest has support for it. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1489494540-15745-1-git-send-email-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Quoting cirrus source code: Follow real hardware, cirrus card emulated has 4 MB video memory. Also accept 8 MB/16 MB for backward compatibility. So just use 4MB by default. We decided to leave that at 8MB by default a while ago, for live migration compatibility reasons. But we have compat properties to handle that, so that isn't a compeling reason. This also removes some sanity check inconsistencies in the cirrus code. Some places check against the allocated video memory, some places check against the 4MB physical hardware has. Guest code can trigger asserts because of that. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1489494514-15606-1-git-send-email-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
There is a special code path (dpy_gfx_copy) to allow graphic emulation notify user interface code about bitblit operations carryed out by guests. It is supported by cirrus and vnc server. The intended purpose is to optimize display scrolls and just send over the scroll op instead of a full display update. This is rarely used these days though because modern guests simply don't use the cirrus blitter any more. Any linux guest using the cirrus drm driver doesn't. Any windows guest newer than winxp doesn't ship with a cirrus driver any more and thus uses the cirrus as simple framebuffer. So this code tends to bitrot and bugs can go unnoticed for a long time. See for example commit "3e10c3ec vnc: fix qemu crash because of SIGSEGV" which fixes a bug lingering in the code for almost a year, added by commit "c7628bff vnc: only alloc server surface with clients connected". Also the vnc server will throttle the frame rate in case it figures the network can't keep up (send buffers are full). This doesn't work with dpy_gfx_copy, for any copy operation sent to the vnc client we have to send all outstanding updates beforehand, otherwise the vnc client might run the client side blit on outdated data and thereby corrupt the display. So this dpy_gfx_copy "optimization" might even make things worse on slow network links. Lets kill it once for all. Oh, and one more reason: Turns out (after writing the patch) we have a security bug in that code path ... Fixes: CVE-2016-9603 Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 1489494419-14340-1-git-send-email-kraxel@redhat.com
-
由 hangaohuai 提交于
check the validity of parameters in cirrus_bitblt_rop_fwd_transp_xxx and cirrus_bitblt_rop_fwd_xxx to avoid the OOB read which causes qemu Segmentation fault. After the fix, we will touch the assert in cirrus_invalidate_region: assert(off_cur_end >= off_cur); Signed-off-by: Nfangying <fangying1@huawei.com> Signed-off-by: Nhangaohuai <hangaohuai@huawei.com> Message-id: 20170314063919.16200-1-hangaohuai@huawei.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Daniel P. Berrange 提交于
The tls-creds parameter has a default value of NULL indicating that TLS should not be used. Setting it to non-NULL enables use of TLS. Once tls-creds are set to a non-NULL value via the monitor, it isn't possible to set them back to NULL again, due to current implementation limitations. The empty string is not a valid QObject identifier, so this switches to use "" as the default, indicating that TLS will not be used The tls-hostname parameter has a default value of NULL indicating the the hostname from the migrate connection URI should be used. Again, once tls-hostname is set non-NULL, to override the default hostname for x509 cert validation, it isn't possible to reset it back to NULL via the monitor. The empty string is not a valid hostname, so this switches to use "" as the default, indicating that the migrate URI hostname should be used. Using "" as the default for both, also means that the monitor commands "info migrate_parameters" / "query-migrate-parameters" will report existance of tls-creds/tls-parameters even when set to their default values. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Chao Fan 提交于
In function cpu_physical_memory_sync_dirty_bitmap, file include/exec/ram_addr.h: if (src[idx][offset]) { unsigned long bits = atomic_xchg(&src[idx][offset], 0); unsigned long new_dirty; new_dirty = ~dest[k]; dest[k] |= bits; new_dirty &= bits; num_dirty += ctpopl(new_dirty); } After these codes executed, only the pages not dirtied in bitmap(dest), but dirtied in dirty_memory[DIRTY_MEMORY_MIGRATION] will be calculated. For example: When ram_list.dirty_memory[DIRTY_MEMORY_MIGRATION] = 0b00001111, and atomic_rcu_read(&migration_bitmap_rcu)->bmap = 0b00000011, the new_dirty will be 0b00001100, and this function will return 2 but not 4 which is expected. the dirty pages in dirty_memory[DIRTY_MEMORY_MIGRATION] are all new, so these should be calculated also. Signed-off-by: NChao Fan <fanc.fnst@cn.fujitsu.com> Signed-off-by: NLi Zhijian <lizhijian@cn.fujitsu.com> Reviewed-by: NJuan Quintela <quintela@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Peter Maydell 提交于
Update OpenBIOS images # gpg: Signature made Wed 15 Mar 2017 21:01:53 GMT # gpg: using RSA key 0x5BC2C56FAE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images to f233c3f built from submodule. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Markus Armbruster 提交于
When choking on a token where an expression is expected, we report 'Expected "{", "[" or string'. Close, but no cigar. Fix it to Expected '"{", "[", string, boolean or "null"'. Missed in commit e53188ad. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-48-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-47-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-46-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-45-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-44-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-43-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-42-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Don't invent a new dictionary structure just for enum_types, simply store the defining expression, like we do for struct_types and union_types. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-41-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Missed in commit e98859a9Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-40-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Move what's left in check_docs() to check_expr(). Delegate the actual checking to new QAPIDoc.check_expr(). QAPIDoc.expr is now unused; drop it. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-39-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
check_definition_doc() checks for member documentation without a matching member. It laboriously second-guesses what members QAPISchema._def_exprs() will create. That's a stupid game. Move the check into QAPISchema.check(), where the members are known. Delegate the actual checking to new QAPIDoc.check(). Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-38-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
New test doc-bad-union-member.json shows we can fail to reject documentation for nonexistent members. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-37-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-36-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Results in a more precise error location, but the real reason is emptying out check_docs() step by step. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-35-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-34-git-send-email-armbru@redhat.com>
-
由 Markus Armbruster 提交于
Move the check whether the doc matches the expression name from check_definition_doc() to check_exprs(). This changes the error location from the comment to the expression. Makes sense as the message talks about the expression: "Definition of '%s' follows documentation for '%s'". It's also a step towards getting rid of check_docs(). Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-Id: <1489582656-31133-33-git-send-email-armbru@redhat.com>
-