https://github.com/qemu/qemu
- HEAD
- refs/heads/block
- refs/heads/coverity
- refs/heads/master
- refs/heads/stable-0.10
- refs/heads/stable-0.11
- refs/heads/stable-0.12
- refs/heads/stable-0.13
- refs/heads/stable-0.14
- refs/heads/stable-0.15
- refs/heads/stable-1.0
- refs/heads/stable-1.1
- refs/heads/stable-1.2
- refs/heads/stable-1.3
- refs/heads/stable-1.4
- refs/heads/stable-1.5
- refs/heads/stable-1.6
- refs/heads/stable-1.7
- refs/heads/stable-2.0
- refs/heads/stable-2.1
- refs/heads/stable-2.10
- refs/heads/stable-2.11
- refs/heads/stable-2.12
- refs/heads/stable-2.2
- refs/heads/stable-2.3
- refs/heads/stable-2.4
- refs/heads/stable-2.5
- refs/heads/stable-2.6
- refs/heads/stable-2.7
- refs/heads/stable-2.8
- refs/heads/stable-2.9
- refs/heads/stable-3.0
- refs/heads/stable-3.1
- refs/heads/stable-4.0
- refs/heads/stable-4.1
- refs/heads/stable-4.2
- refs/heads/stable-5.0
- refs/heads/stable-6.0
- refs/heads/stable-6.0-staging
- refs/heads/stable-6.1
- refs/heads/stable-7.2
- refs/heads/stable-7.2-staging
- refs/heads/stable-8.0
- refs/heads/stable-8.0-staging
- refs/heads/stable-8.1
- refs/heads/stable-8.2
- refs/heads/stable-9.0
- refs/heads/staging
- refs/heads/staging-0.0
- refs/heads/staging-7.2
- refs/heads/staging-8.0
- refs/heads/staging-8.1
- refs/heads/staging-8.2
- refs/heads/staging-9.0
- refs/heads/staging-mjt-test
- refs/heads/stsquad-hotfix
- refs/notes/commits
- refs/remotes/github/master
- refs/remotes/github/stable-0.10
- refs/remotes/github/stable-0.11
- refs/remotes/github/stable-0.12
- refs/remotes/github/stable-0.13
- refs/remotes/github/stable-0.14
- refs/remotes/github/stable-0.15
- refs/remotes/github/stable-1.0
- refs/remotes/github/stable-1.1
- refs/remotes/github/stable-1.2
- refs/remotes/github/stable-1.3
- refs/remotes/github/stable-1.4
- refs/remotes/github/stable-1.5
- refs/remotes/github/stable-1.6
- refs/remotes/github/stable-1.7
- refs/remotes/github/stable-2.0
- refs/remotes/github/stable-2.1
- refs/remotes/github/stable-2.10
- refs/remotes/github/stable-2.11
- refs/remotes/github/stable-2.12
- refs/remotes/github/stable-2.2
- refs/remotes/github/stable-2.3
- refs/remotes/github/stable-2.4
- refs/remotes/github/stable-2.5
- refs/remotes/github/stable-2.6
- refs/remotes/github/stable-2.7
- refs/remotes/github/stable-2.8
- refs/remotes/github/stable-2.9
- refs/remotes/github/stable-3.0
- refs/remotes/github/stable-3.1
- refs/remotes/github/stable-4.0
- refs/remotes/github/stable-4.1
- refs/remotes/github/stable-4.2
- refs/remotes/github/stable-5.0
- refs/remotes/github/staging
- refs/tags/initial
- refs/tags/release_0_10_0
- refs/tags/release_0_10_1
- refs/tags/release_0_10_2
- refs/tags/release_0_5_1
- refs/tags/release_0_6_0
- refs/tags/release_0_6_1
- refs/tags/release_0_7_0
- refs/tags/release_0_7_1
- refs/tags/release_0_8_1
- refs/tags/release_0_8_2
- refs/tags/release_0_9_0
- refs/tags/release_0_9_1
- refs/tags/v0.1.0
- refs/tags/v0.1.1
- refs/tags/v0.1.3
- refs/tags/v0.1.4
- refs/tags/v0.1.5
- refs/tags/v0.1.6
- refs/tags/v0.10.0
- refs/tags/v0.10.1
- refs/tags/v0.10.2
- refs/tags/v0.10.3
- refs/tags/v0.10.4
- refs/tags/v0.10.5
- refs/tags/v0.10.6
- refs/tags/v0.11.0
- refs/tags/v0.11.0-rc0
- refs/tags/v0.11.0-rc1
- refs/tags/v0.11.0-rc2
- refs/tags/v0.11.1
- refs/tags/v0.12.0
- refs/tags/v0.12.0-rc0
- refs/tags/v0.12.0-rc1
- refs/tags/v0.12.0-rc2
- refs/tags/v0.12.1
- refs/tags/v0.12.2
- refs/tags/v0.12.3
- refs/tags/v0.12.4
- refs/tags/v0.12.5
- refs/tags/v0.13.0
- refs/tags/v0.13.0-rc0
- refs/tags/v0.13.0-rc1
- refs/tags/v0.13.0-rc2
- refs/tags/v0.13.0-rc3
- refs/tags/v0.14.0
- refs/tags/v0.14.0-rc0
- refs/tags/v0.14.0-rc1
- refs/tags/v0.14.0-rc2
- refs/tags/v0.15.0
- refs/tags/v0.15.0-rc0
- refs/tags/v0.15.0-rc1
- refs/tags/v0.15.0-rc2
- refs/tags/v0.15.1
- refs/tags/v0.2.0
- refs/tags/v0.3.0
- refs/tags/v0.4.0
- refs/tags/v0.4.1
- refs/tags/v0.4.2
- refs/tags/v0.4.3
- refs/tags/v0.4.4
- refs/tags/v0.5.0
- refs/tags/v0.5.1
- refs/tags/v0.6.0
- refs/tags/v0.6.1
- refs/tags/v0.7.0
- refs/tags/v0.7.1
- refs/tags/v0.8.1
- refs/tags/v0.8.2
- refs/tags/v0.9.0
- refs/tags/v0.9.1
- refs/tags/v1.0-rc0
- refs/tags/v1.0-rc1
- refs/tags/v1.0-rc2
- refs/tags/v1.0-rc3
- refs/tags/v1.0.1
- refs/tags/v1.1-rc0
- refs/tags/v1.1-rc1
- refs/tags/v1.1-rc2
- refs/tags/v1.1.0
- refs/tags/v1.1.0-rc2
- refs/tags/v1.1.0-rc3
- refs/tags/v1.1.0-rc4
- refs/tags/v1.1.1
- refs/tags/v1.1.2
- refs/tags/v1.2.0-rc0
- refs/tags/v1.2.1
- refs/tags/v1.2.2
- refs/tags/v1.3.0
- refs/tags/v1.3.0-rc0
- refs/tags/v1.3.0-rc1
- refs/tags/v1.3.0-rc2
- refs/tags/v1.3.1
- refs/tags/v1.4.1
- refs/tags/v1.4.2
- refs/tags/v1.5.0
- refs/tags/v1.5.0-rc0
- refs/tags/v1.5.0-rc1
- refs/tags/v1.5.0-rc2
- refs/tags/v1.5.0-rc3
- refs/tags/v1.5.1
- refs/tags/v1.5.2
- refs/tags/v1.5.3
- refs/tags/v1.6.0
- refs/tags/v1.6.0-rc0
- refs/tags/v1.6.0-rc1
- refs/tags/v1.6.0-rc2
- refs/tags/v1.6.0-rc3
- refs/tags/v1.6.1
- refs/tags/v1.6.2
- refs/tags/v1.7.0
- refs/tags/v1.7.0-rc0
- refs/tags/v1.7.0-rc1
- refs/tags/v1.7.0-rc2
- refs/tags/v1.7.1
- refs/tags/v1.7.2
- refs/tags/v2.0.1
- refs/tags/v2.0.2
- v9.1.0-rc2
- v9.1.0-rc1
- v9.1.0-rc0
- v9.0.2
- v9.0.1
- v9.0.0-rc4
- v9.0.0-rc3
- v9.0.0-rc2
- v9.0.0-rc1
- v9.0.0-rc0
- v9.0.0
- v8.2.6
- v8.2.5
- v8.2.4
- v8.2.3
- v8.2.2
- v8.2.1
- v8.2.0-rc4
- v8.2.0-rc3
- v8.2.0-rc2
- v8.2.0-rc1
- v8.2.0-rc0
- v8.2.0
- v8.1.5
- v8.1.4
- v8.1.3
- v8.1.2
- v8.1.1
- v8.1.0-rc4
- v8.1.0-rc3
- v8.1.0-rc2
- v8.1.0-rc1
- v8.1.0-rc0
- v8.1.0
- v8.0.5
- v8.0.4
- v8.0.3
- v8.0.2
- v8.0.1
- v8.0.0-rc4
- v8.0.0-rc3
- v8.0.0-rc2
- v8.0.0-rc1
- v8.0.0-rc0
- v8.0.0
- v7.2.9
- v7.2.8
- v7.2.7
- v7.2.6
- v7.2.5
- v7.2.4
- v7.2.3
- v7.2.2
- v7.2.13
- v7.2.12
- v7.2.11
- v7.2.10
- v7.2.1
- v7.2.0-rc4
- v7.2.0-rc3
- v7.2.0-rc2
- v7.2.0-rc1
- v7.2.0-rc0
- v7.2.0
- v7.1.0-rc4
- v7.1.0-rc3
- v7.1.0-rc2
- v7.1.0-rc1
- v7.1.0-rc0
- v7.1.0
- v7.0.0-rc4
- v7.0.0-rc3
- v7.0.0-rc2
- v7.0.0-rc1
- v7.0.0-rc0
- v7.0.0
- v6.2.0-rc4
- v6.2.0-rc3
- v6.2.0-rc2
- v6.2.0-rc1
- v6.2.0-rc0
- v6.2.0
- v6.1.1
- v6.1.0-rc4
- v6.1.0-rc3
- v6.1.0-rc2
- v6.1.0-rc1
- v6.1.0-rc0
- v6.1.0
- v6.0.1
- v6.0.0-rc5
- v6.0.0-rc4
- v6.0.0-rc3
- v6.0.0-rc2
- v6.0.0-rc1
- v6.0.0-rc0
- v6.0.0
- v5.2.0-rc4
- v5.2.0-rc3
- v5.2.0-rc2
- v5.2.0-rc1
- v5.2.0-rc0
- v5.2.0
- v5.1.0-rc3
- v5.1.0-rc2
- v5.1.0-rc1
- v5.1.0-rc0
- v5.1.0
- v5.0.1
- v5.0.0-rc4
- v5.0.0-rc3
- v5.0.0-rc2
- v5.0.0-rc1
- v5.0.0-rc0
- v5.0.0
- v4.2.1
- v4.2.0-rc5
- v4.2.0-rc4
- v4.2.0-rc3
- v4.2.0-rc2
- v4.2.0-rc1
- v4.2.0-rc0
- v4.2.0
- v4.1.1
- v4.1.0-rc5
- v4.1.0-rc4
- v4.1.0-rc3
- v4.1.0-rc2
- v4.1.0-rc1
- v4.1.0-rc0
- v4.1.0
- v4.0.1
- v4.0.0-rc4
- v4.0.0-rc3
- v4.0.0-rc2
- v4.0.0-rc1
- v4.0.0-rc0
- v4.0.0
- v3.1.1.1
- v3.1.1
- v3.1.0-rc5
- v3.1.0-rc4
- v3.1.0-rc3
- v3.1.0-rc2
- v3.1.0-rc1
- v3.1.0-rc0
- v3.1.0
- v3.0.1
- v3.0.0-rc4
- v3.0.0-rc3
- v3.0.0-rc2
- v3.0.0-rc1
- v3.0.0-rc0
- v3.0.0
- v2.9.1
- v2.9.0-rc5
- v2.9.0-rc4
- v2.9.0-rc3
- v2.9.0-rc2
- v2.9.0-rc1
- v2.9.0-rc0
- v2.9.0
- v2.8.1.1
- v2.8.1
- v2.8.0-rc4
- v2.8.0-rc3
- v2.8.0-rc2
- v2.8.0-rc1
- v2.8.0-rc0
- v2.8.0
- v2.7.1
- v2.7.0-rc5
- v2.7.0-rc4
- v2.7.0-rc3
- v2.7.0-rc2
- v2.7.0-rc1
- v2.7.0-rc0
- v2.7.0
- v2.6.2
- v2.6.1
- v2.6.0-rc5
- v2.6.0-rc4
- v2.6.0-rc3
- v2.6.0-rc2
- v2.6.0-rc1
- v2.6.0-rc0
- v2.6.0
- v2.5.1.1
- v2.5.1
- v2.5.0-rc4
- v2.5.0-rc3
- v2.5.0-rc2
- v2.5.0-rc1
- v2.5.0-rc0
- v2.5.0
- v2.4.1
- v2.4.0.1
- v2.4.0-rc4
- v2.4.0-rc3
- v2.4.0-rc2
- v2.4.0-rc1
- v2.4.0-rc0
- v2.4.0
- v2.3.1
- v2.3.0-rc4
- v2.3.0-rc3
- v2.3.0-rc2
- v2.3.0-rc1
- v2.3.0-rc0
- v2.3.0
- v2.2.1
- v2.2.0-rc5
- v2.2.0-rc4
- v2.2.0-rc3
- v2.2.0-rc2
- v2.2.0-rc1
- v2.2.0-rc0
- v2.2.0
- v2.12.1
- v2.12.0-rc4
- v2.12.0-rc3
- v2.12.0-rc2
- v2.12.0-rc1
- v2.12.0-rc0
- v2.12.0
- v2.11.2
- v2.11.1
- v2.11.0-rc5
- v2.11.0-rc4
- v2.11.0-rc3
- v2.11.0-rc2
- v2.11.0-rc1
- v2.11.0-rc0
- v2.11.0
- v2.10.2
- v2.10.1
- v2.10.0-rc4
- v2.10.0-rc3
- v2.10.0-rc2
- v2.10.0-rc1
- v2.10.0-rc0
- v2.10.0
- v2.1.3
- v2.1.2
- v2.1.1
- v2.1.0-rc5
- v2.1.0-rc4
- v2.1.0-rc3
- v2.1.0-rc2
- v2.1.0-rc1
- v2.1.0-rc0
- v2.1.0
- v2.0.0-rc3
- v2.0.0-rc2
- v2.0.0-rc1
- v2.0.0-rc0
- v2.0.0
- v1.4.0-rc2
- v1.4.0-rc1
- v1.4.0-rc0
- v1.4.0
- v1.2.0-rc3
- v1.2.0-rc2
- v1.2.0-rc1
- v1.2.0
- v1.0-rc4
- v1.0
- v0.14.1
- trivial-patches-pull-request
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| 8516273 | Peter Maydell | 14 April 2014, 16:45:11 UTC | Update version for v2.0.0-rc3 release Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 16:45:11 UTC |
| 50212d6 | Michael Tokarev | 14 April 2014, 12:14:04 UTC | Revert "fix return check for KVM_GET_DIRTY_LOG ioctl" This reverts commit b533f658a98325d0e47b36113bd9f5bcc046fdae. The original code was wrong, because effectively it ignored errors from kernel, because kernel does not return -1 on error case but returns -errno, and does not return -EPERM for this particular ioctl. But in some cases kernel actually returned unsuccessful result, namely, when the dirty bitmap in requested slot does not exist it returns -ENOENT. With new code this condition becomes an error when it shouldn't be. Revert that patch instead of fixing it properly this late in the release process. I disagree with this approach, but let's make things move _somewhere_, instead of arguing endlessly whch of the 2 proposed fixes is better. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Message-id: 1397477644-902-1-git-send-email-mjt@msgid.tls.msk.ru Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 14:40:02 UTC |
| c2b9af1 | Peter Maydell | 14 April 2014, 13:02:12 UTC | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging acpi: SSDT update This has a fix by Igor for a regression introduced by bridge hotplug code. Expected test files were updated accordingly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi-test: update expected files acpi: fix incorrect encoding for 0x{F-1}FFFF Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 13:02:12 UTC |
| 940973a | Benoît Canet | 12 April 2014, 20:59:50 UTC | ide: Correct improper smart self test counter reset in ide core. The SMART self test counter was incorrectly being reset to zero, not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE: * We would write off the beginning of a dynamically allocated buffer * We forgot the SMART history Fix this. Signed-off-by: Benoit Canet <benoit@irqsave.net> Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net Reviewed-by: Markus Armbruster <armbru@redhat.com> Cc: qemu-stable@nongnu.org Acked-by: Kevin Wolf <kwolf@redhat.com> [PMM: tweaked commit message as per suggestions from Markus] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 12:23:53 UTC |
| 8611224 | Michael S. Tsirkin | 14 April 2014, 12:08:37 UTC | acpi-test: update expected files commit 58b035c7354afc0c5351ea62264c01d74196ec26 acpi: fix incorrect encoding for 0x{F-1}FFFF changes the SSDT, update expected files accordingly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> | 14 April 2014, 12:13:27 UTC |
| 482f38b | Igor Mammedov | 13 April 2014, 21:55:51 UTC | acpi: fix incorrect encoding for 0x{F-1}FFFF Fix typo in build_append_int() which causes integer truncation when it's in range 0x{F-1}FFFF by packing it as WordConst instead of required DWordConst. In partucular this fixes a regression: hotplug in slots 16,17,18 and 19 didn't work, since SSDT had code like this: If (And (Arg0, 0x0000)) { Notify (S80, Arg1) } Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> | 14 April 2014, 12:13:27 UTC |
| 590e5dd | Peter Maydell | 11 April 2014, 16:13:52 UTC | configure: Make stack-protector test check both compile and link Since we use the -fstack-protector argument at both compile and link time in the build, we must check that it works with both a compile and a link: * MacOSX only fails in the compile step, not linking * some gcc cross environments only fail at the link stage (if they require a libssp and it's not present for some reason) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1397232832-32301-1-git-send-email-peter.maydell@linaro.org Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru> | 14 April 2014, 11:11:18 UTC |
| f12d048 | Dmitry Fleytman | 04 April 2014, 09:45:22 UTC | vmxnet3: validate queues configuration read on migration CVE-2013-4544 Signed-off-by: Dmitry Fleytman <dmitry@daynix.com> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-5-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 10:50:56 UTC |
| 3c99afc | Dmitry Fleytman | 04 April 2014, 09:45:21 UTC | vmxnet3: validate interrupt indices read on migration CVE-2013-4544 Signed-off-by: Dmitry Fleytman <dmitry@daynix.com> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-4-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 10:50:49 UTC |
| 9878d17 | Dmitry Fleytman | 04 April 2014, 09:45:20 UTC | vmxnet3: validate queues configuration coming from guest CVE-2013-4544 Signed-off-by: Dmitry Fleytman <dmitry@daynix.com> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-3-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 10:50:22 UTC |
| 8c6c047 | Dmitry Fleytman | 04 April 2014, 09:45:19 UTC | vmxnet3: validate interrupt indices coming from guest CVE-2013-4544 Signed-off-by: Dmitry Fleytman <dmitry@daynix.com> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1396604722-11902-2-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 April 2014, 10:33:18 UTC |
| 92b3eea | Cole Robinson | 10 April 2014, 18:47:38 UTC | qom: Fix crash with qom-list and link properties Commit 9561fda8d90e176bef598ba87c42a1bd6ad03ef7 changed the type of 'opaque' for link properties, but missed updating this call site. Reproducer: ./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server & ./scripts/qmp/qmp-shell ./qmp.sock (QEMU) qom-list path=//machine/i440fx/pci.0/child[2] Reported-by: Marcin Gibuła <m.gibula@beyond.pl> Signed-off-by: Cole Robinson <crobinso@redhat.com> Message-id: 2f8f007ce2152ac3b65f0811199662799c509225.1397155389.git.crobinso@redhat.com Acked-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 11 April 2014, 16:57:36 UTC |
| edc2438 | Michael S. Tsirkin | 11 April 2014, 12:18:08 UTC | virtio-net: fix guest-triggerable buffer overrun When VM guest programs multicast addresses for a virtio net card, it supplies a 32 bit entries counter for the number of addresses. These addresses are read into tail portion of a fixed macs array which has size MAC_TABLE_ENTRIES, at offset equal to in_use. To avoid overflow of this array by guest, qemu attempts to test the size as follows: - if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) { however, as mac_data.entries is uint32_t, this sum can overflow, e.g. if in_use is 1 and mac_data.entries is 0xffffffff then in_use + mac_data.entries will be 0. Qemu will then read guest supplied buffer into this memory, overflowing buffer on heap. CVE-2014-0150 Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 11 April 2014, 15:02:23 UTC |
| 21e2db7 | Peter Maydell | 11 April 2014, 13:07:24 UTC | Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block patches for 2.0.0-rc3 # gpg: Signature made Fri 11 Apr 2014 13:37:34 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: block-commit: speed is an optional parameter iscsi: Remember to set ret for iscsi_open in error case bochs: Fix catalog size check bochs: Fix memory leak in bochs_open() error path Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 11 April 2014, 13:07:24 UTC |
| 80fc7b1 | Peter Maydell | 11 April 2014, 12:51:15 UTC | Merge remote-tracking branch 'remotes/kraxel/tags/pull-sdl-1' into staging sdl2 relative mouse mode fixes. # gpg: Signature made Fri 11 Apr 2014 11:36:46 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-sdl-1: input: sdl2: Fix relative mode to match SDL1 behavior input: sdl2: Fix guest_cursor logic Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 11 April 2014, 12:51:16 UTC |
| 5450466 | Max Reitz | 10 April 2014, 17:36:25 UTC | block-commit: speed is an optional parameter As speed is an optional parameter for the QMP block-commit command, it should be set to 0 if not given (as it is undefined if has_speed is false), that is, the speed should not be limited. Cc: qemu-stable@nongnu.org Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> | 11 April 2014, 11:59:49 UTC |
| cd82b6f | Fam Zheng | 10 April 2014, 01:33:55 UTC | iscsi: Remember to set ret for iscsi_open in error case Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> | 11 April 2014, 11:59:49 UTC |
| 715c3f6 | Kevin Wolf | 09 April 2014, 10:10:34 UTC | bochs: Fix catalog size check The old check was off by a factor of 512 and didn't consider cases where we don't get an exact division. This could lead to an out-of-bounds array access in seek_to_sector(). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> | 11 April 2014, 11:59:49 UTC |
| 28ec11b | Kevin Wolf | 09 April 2014, 09:19:04 UTC | bochs: Fix memory leak in bochs_open() error path Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> | 11 April 2014, 11:59:49 UTC |
| 2d968ff | Cole Robinson | 01 April 2014, 20:37:11 UTC | input: sdl2: Fix relative mode to match SDL1 behavior Right now relative mode accelerates too fast, and has the 'invisible wall' problem. SDL2 added an explicit API to handle this use case, so let's use it. Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 11 April 2014, 10:19:16 UTC |
| afbc0dd | Cole Robinson | 01 April 2014, 20:37:10 UTC | input: sdl2: Fix guest_cursor logic Unbreaks relative mouse mode with sdl2, just like was done with sdl.c in c3aa84b6. Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 11 April 2014, 10:19:16 UTC |
| f516a5c | Peter Maydell | 10 April 2014, 22:07:55 UTC | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging acpi: DSDT update Two fixes here: - Test fix to avoid warning with make check. - Hex file update so people building QEMU without installing iasl get exactly the same ACPI as with. Both should help avoid user confusion. As it's very easy to check that the produced ACPI binary didn't change, I think these are very low risk. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 10 Apr 2014 17:09:43 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi: update generated hex files tests/acpi: update expected DSDT files Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 10 April 2014, 22:07:56 UTC |
| 0a9077e | Peter Maydell | 09 April 2014, 11:04:47 UTC | configure: use do_cc when checking for -fstack-protector support MacOSX clang silently swallows unrecognized -f options when doing a link with '-framework' also on the command line, so to detect support for the various -fstack-protector options we must do a plain .c to .o compile, not a complete compile-and-link. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 1397041487-28477-1-git-send-email-peter.maydell@linaro.org | 10 April 2014, 21:17:47 UTC |
| 7754784 | Michael S. Tsirkin | 10 April 2014, 16:03:18 UTC | acpi: update generated hex files commit f2ccc311df55ec026a8f8ea9df998f26314f22b2 dsdt: tweak ACPI ID for hotplug resource device changes the DSDT, update hex files to match Otherwise the fix is only effective if QEMU is built with iasl. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> | 10 April 2014, 16:03:18 UTC |
| 50329d3 | Michael S. Tsirkin | 09 April 2014, 14:47:07 UTC | tests/acpi: update expected DSDT files commit f2ccc311df55ec026a8f8ea9df998f26314f22b2 dsdt: tweak ACPI ID for hotplug resource device changes the DSDT, update test expected files to match Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reported-by: Igor Mammedov <imammedo@redhat.com> | 09 April 2014, 14:52:08 UTC |
| efcc87d | Peter Maydell | 08 April 2014, 17:52:06 UTC | Update version for v2.0.0-rc2 release Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 08 April 2014, 17:52:06 UTC |
| 7dc176b | Peter Maydell | 08 April 2014, 15:51:11 UTC | hw/pci-host/prep: Don't reverse IO accesses on bigendian hosts The raven_io_read() and raven_io_write() functions pass and return values in little-endian format (since the IO op struct is marked DEVICE_LITTLE_ENDIAN); however they were storing the values in the buffer to pass to address_space_read/write() in host-endian order, which meant that on big-endian hosts the values were inadvertently reversed. Use the *_le_p() accessors instead so that we are consistent regardless of host endianness. Strictly speaking the byte order of the buffer for address_space_rw() is target byte order (which for PPC will be BE) but it doesn't actually matter as long as we are consistent about the marking on the IO op struct and which stl_*_p(). This bug was probably introduced due to confusion caused by the two different versions of ldl_p() and friends: bswap.h defines versions meaning "host endianness access" cpu-all.h defines versions meaning "target endianness access" As a target-independent source file prep.c gets the bswap.h versions; the very similar looking code in ioport.c is compiled per-target and gets the cpu-all.h versions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1396972271-22660-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Richard Henderson <rth@twiddle.net> | 08 April 2014, 17:37:45 UTC |
| 9bc1a1d | Peter Maydell | 08 April 2014, 12:59:28 UTC | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging acpi bug fix Here is a single last minute fix for 2.0 This changes the HID of the container used to claim resources for CPU hotplug. As a result, windows XP SP3 no longer brings up an annoying "found new hardware" wizard on boot. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Tue 08 Apr 2014 13:23:30 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: dsdt: tweak ACPI ID for hotplug resource device Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 08 April 2014, 12:59:28 UTC |
| f2ccc31 | Michael S. Tsirkin | 06 April 2014, 09:47:37 UTC | dsdt: tweak ACPI ID for hotplug resource device ACPI0004 seems too new: Windows XP complains about an unrecognized device. This is a regression since 1.7. Use PNP0A06 instead - Generic Container Device. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-By: Igor Mammedov <imammedo@redhat.com> | 08 April 2014, 12:22:59 UTC |
| 093de72 | Peter Maydell | 08 April 2014, 12:05:25 UTC | Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-5' into staging gtk: Implement grab-on-click behavior in relative mode # gpg: Signature made Tue 08 Apr 2014 12:58:49 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-gtk-5: gtk: Implement grab-on-click behavior in relative mode Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 08 April 2014, 12:05:25 UTC |
| 800b0e8 | Takashi Iwai | 08 April 2014, 09:26:45 UTC | gtk: Implement grab-on-click behavior in relative mode This patch changes the behavior in the relative mode to be compatible with other UIs, namely, grabbing the input at the first left click. It improves the usability a lot; otherwise you have to press ctl-alt-G or select from menu at each time you want to move the pointer. Also, the input grab is cleared when the current mode is switched to the absolute mode. The automatic reset of the implicit grabbing is needed since the switching to the absolute mode happens always after the click even on Gtk. That is, we cannot check whether the absolute mode is already available at the first click time even though it should have been switched in X11 input driver side. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 08 April 2014, 11:57:34 UTC |
| 9a4fb6a | Peter Maydell | 08 April 2014, 09:58:31 UTC | Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging Patch queue for ppc - 2014-04-08 This is the final queue for 2.0! It fixes a lot of bugs people have seen during testing: - Fix e500 SMP - Fix book3s_64 DEC - Fix VSX (new feature in 2.0) for LE hosts - Fix PR KVM on top of pHyp (SLOF update) # gpg: Signature made Tue 08 Apr 2014 10:24:18 BST using RSA key ID 03FEDC60 # gpg: Can't check signature: public key not found * remotes/agraf/tags/signed-ppc-for-upstream: PPC: Add l1 cache sizes for 970 and above systems ppce500_spin: Initialize struct properly PPC: Only enter MSR_POW when no interrupts pending PPC: Clean up DECR implementation target-ppc: Correct VSX Integer to FP Conversion target-ppc: Correct VSX FP to Integer Conversion target-ppc: Correct VSX FP to FP Conversions target-ppc: Correct VSX Scalar Compares target-ppc: Correct Simple VSR LE Host Inversions target-ppc: Correct LE Host Inversion of Lower VSRs target-ppc: Define Endian-Correct Accessors for VSR Field Access target-ppc: Bug: VSX Convert to Integer Should Truncate softfloat: Introduce float32_to_uint64_round_to_zero pseries: Update SLOF firmware image to qemu-slof-20140404 PPC: E500: Set PIR default reset value rather than SPR value Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 08 April 2014, 09:58:31 UTC |
| e792933 | Peter Maydell | 08 April 2014, 09:41:30 UTC | Merge remote-tracking branch 'remotes/mdroth/qga-pull-2014-4-7' into staging * remotes/mdroth/qga-pull-2014-4-7: vss-win32: Fix build with mingw64-headers-3.1.0 Makefile: add qga-vss-dll-obj-y to nested variables Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 08 April 2014, 09:41:30 UTC |
| 06f6e12 | Alexander Graf | 07 April 2014, 23:42:53 UTC | PPC: Add l1 cache sizes for 970 and above systems Book3s_64 guests expect the L1 cache size in device tree, so let's give them proper values for all CPU types we support. This fixes a "not compliant" warning with sles11 guests on -M pseries for me. Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:06 UTC |
| 6a2b3d8 | Alexander Graf | 07 April 2014, 14:48:42 UTC | ppce500_spin: Initialize struct properly The spinning struct is in guest endianness, so we need to initialize its variables in guest endianness too. This fixes booting e500 guests with SMP on x86 for me. Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:05 UTC |
| 05edc26 | Alexander Graf | 06 April 2014, 20:40:47 UTC | PPC: Only enter MSR_POW when no interrupts pending We were entering the power saving state even when interrupts (like an external interrupt or a decrementer interrupt) were still in flight. In case we find a pending interrupt, don't enter power saving state. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Tom Musta <tmusta@gmail.com> | 08 April 2014, 09:20:05 UTC |
| e81a982 | Alexander Graf | 05 April 2014, 23:32:06 UTC | PPC: Clean up DECR implementation There are 3 different variants of the decrementor for BookE and BookS. The BookE variant sets TSR[DIS] to 1 when the DEC value becomes 1 or 0. TSR[DIS] is then the indicator whether the decrementor interrupt line is asserted or not. The old BookS variant treats DEC as an edge interrupt that gets triggered when the DEC value's top bit turns 1 from 0. The new BookS variant maintains the assertion bit inside DEC itself. Whenever the DEC value becomes negative (top bit set) the DEC interrupt line is asserted. So far we implemented mostly the old BookS variant. Let's do them all properly. This fixes booting pseries ppc64 guest images in TCG mode for me. Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:04 UTC |
| 6cd7db3 | Tom Musta | 31 March 2014, 21:04:03 UTC | target-ppc: Correct VSX Integer to FP Conversion This patch corrects the VSX integer to floating point conversion instructions by using the endian correct accessors. The auxiliary "j" index used by the existing macros is now obsolete and is removed. The JOFFSET preprocessor macro is also obsolete and removed. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:04 UTC |
| d1dec5e | Tom Musta | 31 March 2014, 21:04:02 UTC | target-ppc: Correct VSX FP to Integer Conversion This patch corrects the VSX floating point to integer conversion instructions by using the endian correct accessors. The auxiliary "j" index used by the existing macros is now obsolete and is removed. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:03 UTC |
| 6bbad7a | Tom Musta | 31 March 2014, 21:04:01 UTC | target-ppc: Correct VSX FP to FP Conversions This change corrects the VSX double precision to single precision and single precision to double precisions conversion routines. The endian correct accessors are now used. The auxiliary "j" index is no longer necessary and is eliminated. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:03 UTC |
| 50fc89e | Tom Musta | 31 March 2014, 21:04:00 UTC | target-ppc: Correct VSX Scalar Compares This change fixes the VSX scalar compare instructions. The existing usage of "x.f64[0]" is changed to "x.VsrD(0)". Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:03 UTC |
| bcb7652 | Tom Musta | 31 March 2014, 21:03:59 UTC | target-ppc: Correct Simple VSR LE Host Inversions A common pattern in the VSX helper code macros is the use of "x.fld[i]" where "x" is a VSR and "fld" is an argument to a macro ("f64" or "f32" is passed). This is not always correct on LE hosts. This change addresses all instances of this pattern to be "x.fld" where "fld" is: - "VsrD(0)" for scalar instructions accessing 64-bit numbers - "VsrD(i)" for vector instructions accessing 64-bit numbers - "VsrW(i)" for vector instructions accessing 32-bit numbers Note that there are no instances of this pattern where a scalar instruction accesses a 32-bit number. Note also that it would be correct to use "VsrD(i)" for scalar instructions since the loop index is only ever "0". I have choosen to use "VsrD(0)" instead ... it seems a little clearer. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:02 UTC |
| d359db0 | Tom Musta | 31 March 2014, 21:03:58 UTC | target-ppc: Correct LE Host Inversion of Lower VSRs This change properly orders the doublewords of the VSRs 0-31. Because these registers are constructed from separate doublewords, they must be inverted on Little Endian hosts. The inversion is performed both when the VSR is read and when it is written. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:02 UTC |
| 8018903 | Tom Musta | 31 March 2014, 21:03:57 UTC | target-ppc: Define Endian-Correct Accessors for VSR Field Access This change defines accessors for VSR doubleword and word fields that are correct from a host Endian perspective. This allows code to use the Power ISA indexing numbers in code. For example, the xscvdpsxws instruction has a target VSR that looks like this: 0 32 64 127 +-----------+--------+-----------+-----------+ | undefined | SW | undefined | undefined | +-----------+--------+-----------+-----------+ VSX helper code will use VsrW(1) to access this field. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:01 UTC |
| 0453099 | Tom Musta | 31 March 2014, 21:03:56 UTC | target-ppc: Bug: VSX Convert to Integer Should Truncate The various VSX Convert to Integer instructions should truncate the floating point number to an integer value, which is equivalent to a round-to-zero rounding mode. The existing VSX floating point to integer conversion helpers are erroneously using the rounding mode set int the PowerPC Floating Point Status and Control Register (FPSCR). This change corrects this defect by using the appropriate float*_to_*_round_to_zero() routines fro the softfloat library. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:01 UTC |
| a13d448 | Tom Musta | 31 March 2014, 21:03:55 UTC | softfloat: Introduce float32_to_uint64_round_to_zero This change adds the float32_to_uint64_round_to_zero function to the softfloat library. This function fills out the complement of float32 to INT round-to-zero conversion rountines, where INT is {int32_t, uint32_t, int64_t, uint64_t}. This contribution can be licensed under either the softfloat-2a or -2b license. Signed-off-by: Tom Musta <tommusta@gmail.com> Tested-by: Tom Musta <tommusta@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:00 UTC |
| 3636226 | Alexey Kardashevskiy | 04 April 2014, 00:57:35 UTC | pseries: Update SLOF firmware image to qemu-slof-20140404 The change log is: > Isolate sc 1 detection logic > build: auto-detect ppc64 architecture > cas: increase hcall buffer size to accomodate 256 cpus > usb: change device tree naming > usb-core: adjust port numbers in set_address > virtio-scsi: correct srplun comment > Fix kernel loading > Workaround to make grub2 assign server ip from dhcp ack packet only > ELF: Enter LE binary in LE mode > ELF loading should fail for virt != phys Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Alexander Graf <agraf@suse.de> | 08 April 2014, 09:20:00 UTC |
| 6a450df | Alexander Graf | 03 April 2014, 18:45:27 UTC | PPC: E500: Set PIR default reset value rather than SPR value We now reset SPRs to their reset values on CPU reset. So if we want to have an SPR persistently changed, we need to change its default reset value rather than the value itself manually. Do this for SPR_BOOKE_PIR, fixing e500v2 SMP boot. Reported-by: Frederic Konrad <fred.konrad@greensocs.com> Signed-off-by: Alexander Graf <agraf@suse.de> Tested-by: KONRAD Frederic <fred.konrad@greensocs.com> | 08 April 2014, 09:19:59 UTC |
| 9854202 | Tomoki Sekiyama | 26 March 2014, 18:28:51 UTC | vss-win32: Fix build with mingw64-headers-3.1.0 In mingw64-headers-3.1.0, definition of _com_issue_error() is added, which conflicts with definition in install.cpp. This adds version checking for mingw headers to disable the definition when the headers>=3.1 is used. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | 07 April 2014, 19:39:19 UTC |
| 577a672 | Tomoki Sekiyama | 26 March 2014, 18:28:45 UTC | Makefile: add qga-vss-dll-obj-y to nested variables The build rule for qga/vss-win32/qga-vss.dll is broken by commit ba1183da9a10b94611cad88c44a5c6df005f9b55, because it misses qga-vss-dll-obj-y in the list of nested variables. This fixes build of qga-vss.dll by adding qga-vss-dll-obj-y to the list. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> | 07 April 2014, 19:39:19 UTC |
| 55519a4 | Peter Maydell | 07 April 2014, 16:57:23 UTC | Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-2.0' into staging QOM/QTest infrastructure fixes * Relicensing of FWPathProvider interface * Clean up all targets' qtests # gpg: Signature made Mon 07 Apr 2014 17:56:13 BST using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-2.0: tests: Update check-clean rule fw-path-provider: Change GPL version to 2+ Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 07 April 2014, 16:57:23 UTC |
| f85e345 | Andreas Färber | 07 April 2014, 16:33:22 UTC | tests: Update check-clean rule Only i386, x86_64, sparc and sparc64 qtests were cleaned up. Make this more generic to not miss any newly tested targets. Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru> Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de> | 07 April 2014, 16:33:22 UTC |
| 9c269f6 | Michael Tokarev | 05 April 2014, 14:25:46 UTC | Makefile: remove bashism When installing modules (when --enable-modules is specified for ./configure), Makefile uses the following construct to replace all slashes with dashes in module name: ${s//\//-} This is a bash-specific substitution mechanism. POSIX does not have it, and some operating systems (for example Debian) does not implement this construct in default shell (for example dash). Use more traditional way to perform the substitution: use `tr' tool. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Message-id: 1396707946-21351-1-git-send-email-mjt@msgid.tls.msk.ru Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 07 April 2014, 14:19:16 UTC |
| dffacd4 | Don Slutz | 18 March 2014, 16:29:34 UTC | char/serial: Fix emptyness handling The commit 88c1ee73d3231c74ff90bcfc084a7589670ec244 char/serial: Fix emptyness check Still causes extra NULL byte(s) to be sent. So if the fifo is empty, do not send an extra NULL byte. Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Don Slutz <dslutz@verizon.com> Message-id: 1395160174-16006-1-git-send-email-dslutz@verizon.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 07 April 2014, 13:51:32 UTC |
| 20c50a9 | Alexey Kardashevskiy | 26 March 2014, 14:13:02 UTC | fw-path-provider: Change GPL version to 2+ Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> | 07 April 2014, 13:36:07 UTC |
| bd7ce90 | Peter Maydell | 07 April 2014, 11:48:34 UTC | Merge remote-tracking branch 'remotes/spice/tags/pull-spice-6' into staging spice: monitors_config: check pointer before dereferencing # gpg: Signature made Mon 07 Apr 2014 11:19:19 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/spice/tags/pull-spice-6: spice: monitors_config: check pointer before dereferencing Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 07 April 2014, 11:48:34 UTC |
| e20c016 | Peter Maydell | 07 April 2014, 11:27:10 UTC | Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-4' into staging gtk: pointer fixes from Takashi Iwai. # gpg: Signature made Mon 07 Apr 2014 09:51:52 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-gtk-4: ui: Update MAINTAINERS entry. gtk: Remember the last grabbed pointer position gtk: Fix the relative pointer tracking mode gtk: Use gtk generic event signal instead of motion-notify-event Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 07 April 2014, 11:27:10 UTC |
| dc491cf | Gerd Hoffmann | 07 April 2014, 10:15:44 UTC | spice: monitors_config: check pointer before dereferencing Reported-by: Fabio Fantoni <fabio.fantoni@m2r.biz> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 07 April 2014, 10:18:43 UTC |
| 25eccc3 | Gerd Hoffmann | 07 April 2014, 08:42:03 UTC | ui: Update MAINTAINERS entry. With Amazon eating Anthonys time status "Maintained" certainly isn't true any more. Update entry accordingly. Also add myself, so scripts/get_maintainer.pl will Cc: me, to reduce the chance ui patches fall through the cracks on our pretty loaded qemu-devel mailing list. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 07 April 2014, 08:50:30 UTC |
| ecce192 | Takashi Iwai | 04 April 2014, 10:41:23 UTC | gtk: Remember the last grabbed pointer position It's pretty annoying that the pointer reappears at a random place once after grabbing and ungrabbing the input. Better to restore to the original position where the pointer was grabbed. Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587 Tested-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com> Tested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 07 April 2014, 08:10:16 UTC |
| e61031c | Takashi Iwai | 04 April 2014, 10:41:22 UTC | gtk: Fix the relative pointer tracking mode The relative pointer tracking mode was still buggy even after the previous fix of the motion-notify-event since the events are filtered out when the pointer moves outside the drawing window due to the boundary check for the absolute mode. This patch fixes the issue by moving the unnecessary boundary check into the if block of absolute mode, and keep the coordinate in the relative mode even if it's outside the drawing area. But this makes the coordinate (last_x, last_y) possibly pointing to (-1,-1), introduce a new flag to indicate the last coordinate has been updated. Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587 Tested-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com> Tested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 07 April 2014, 08:10:10 UTC |
| 0d0e044 | Takashi Iwai | 04 April 2014, 10:41:21 UTC | gtk: Use gtk generic event signal instead of motion-notify-event The GDK motion-notify-event isn't generated when the pointer goes out of the target window even if the pointer is grabbed, which essentially means to lose the pointer tracking in gtk-ui. Meanwhile the generic "event" signal is sent when the pointer is grabbed, so we can use this and pick the motion notify events manually there instead. Reference: https://bugzilla.novell.com/show_bug.cgi?id=849587 Tested-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com> Tested-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | 07 April 2014, 08:09:51 UTC |
| 466e6e9 | Paolo Bonzini | 02 April 2014, 15:33:02 UTC | target-i386: reorder fields in cpu/msr_hyperv_hypercall subsection The subsection already exists in one well-known enterprise Linux distribution, but for some strange reason the fields were swapped when forward-porting the patch to upstream. Limit headaches for said enterprise Linux distributor when the time will come to rebase their version of QEMU. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1396452782-21473-1-git-send-email-pbonzini@redhat.com Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 05 April 2014, 09:49:05 UTC |
| 8ae60ee | Peter Maydell | 04 April 2014, 23:18:19 UTC | Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block patches for 2.0.0 # gpg: Signature made Fri 04 Apr 2014 20:25:08 BST using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: dataplane: replace iothread object_add() with embedded instance iothread: make IOThread struct definition public dma-helpers: Initialize DMAAIOCB in_cancel flag block: Check bdrv_getlength() return value in bdrv_append_temp_snapshot() block: Fix snapshot=on for protocol parsed from filename qemu-iotests: Remove CR line endings in reference output block: Don't parse 'filename' option qcow2: Put cache reference in error case qcow2: Flush metadata during read-only reopen iscsi: Don't set error if already set in iscsi_do_inquiry Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 04 April 2014, 23:18:19 UTC |
| 54bee5c | Stefan Hajnoczi | 20 March 2014, 14:06:32 UTC | dataplane: replace iothread object_add() with embedded instance Before IOThread was its own object, each virtio-blk device would create its own internal thread. We need to preserve this behavior for backwards compatibility when users do not specify -device virtio-blk-pci,iothread=<id>. This patch changes how the internal IOThread object is created. Previously we used the monitor object_add() function, which is really a layering violation. The problem is that this needs to assign a name but we don't have a name for this internal object. Generating names for internal objects is a pain but even worse is that they may collide with user-defined names. Paolo Bonzini <pbonzini@redhat.com> suggested that the internal IOThread object should not be named. This way the conflict cannot happen and we no longer need object_add(). One gotcha is that internal IOThread objects will not be listed by the query-iothreads command since they are not named. This is okay though because query-iothreads is new and the internal IOThread is just for backwards compatibility. New users should explicitly define IOThread objects. Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> | 04 April 2014, 18:48:13 UTC |
| 8c2664d | Stefan Hajnoczi | 20 March 2014, 14:06:31 UTC | iothread: make IOThread struct definition public Make the IOThread struct definition public so objects can be embedded in parent structs. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> | 04 April 2014, 18:48:02 UTC |
| 4d1cb6e | Peter Maydell | 28 March 2014, 14:22:49 UTC | dma-helpers: Initialize DMAAIOCB in_cancel flag Initialize the dbs->in_cancel flag in dma_bdrv_io(), since qemu_aio_get() does not return zero-initialized memory. Spotted by the clang sanitizer (which complained when the value loaded in dma_complete() was not valid for a bool type); this might have resulted in leaking the AIO block. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com> | 04 April 2014, 17:36:39 UTC |
| f187743 | Kevin Wolf | 04 April 2014, 15:07:19 UTC | block: Check bdrv_getlength() return value in bdrv_append_temp_snapshot() Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> | 04 April 2014, 17:35:52 UTC |
| b998875 | Kevin Wolf | 03 April 2014, 10:09:34 UTC | block: Fix snapshot=on for protocol parsed from filename Since commit 9fd3171a, BDRV_O_SNAPSHOT uses an option QDict to specify the originally requested image as the backing file of the newly created temporary snapshot. This means that the filename is stored in "file.filename", which is an option that is not parsed for protocol names. Therefore things like -drive file=nbd:localhost:10809 were broken because it looked for a local file with the literal name 'nbd:localhost:10809'. This patch changes the way BDRV_O_SNAPSHOT works once again. We now open the originally requested image as normal, and then do a similar operation as for live snapshots to put the temporary snapshot on top. This way, both driver specific options and parsed filenames work. As a nice side effect, this results in code movement to factor bdrv_append_temp_snapshot() out. This is a good preparation for moving its call to drive_init() and friends eventually. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> | 04 April 2014, 17:35:51 UTC |
| bae2c27 | Peter Maydell | 04 April 2014, 16:42:56 UTC | cpu-exec: Unlock tb_lock if we longjmp out of code generation If the guest attempts to execute from unreadable memory, this will cause us to longjmp back to the main loop from inside the target frontend decoder. For linux-user mode, this means we will still hold the tb_ctx.tb_lock, and will deadlock when we try to start executing code again. Unlock the lock in the return-from-longjmp code path to avoid this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Andrei Warkentin <andrey.warkentin@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net> | 04 April 2014, 17:29:25 UTC |
| cd7ccc8 | Andrei Warkentin | 04 April 2014, 16:42:55 UTC | page_check_range: don't bail out early after unprotecting page When checking a page range, if we found that a page was made read-only by QEMU because it contained translated code, we were incorrectly returning immediately after unprotecting that page, rather than continuing to check the entire range, so we might fail to unprotect pages later in the range, or might incorrectly return a "success" result even if later pages were not writable. In particular, this could cause segfaults in a case where signals are delivered back to back on a target architecture which uses trampoline code in the stack frame (as AArch64 currently does). The second signal causes a segfault because the frame cannot be written to (it was protected because we translated and executed the restorer trampoline, and the unprotect logic did not unprotect the whole range). Signed-off-by: Andrei Warkentin <andrey.warkentin@gmail.com [PMM: expanded commit message a bit] Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 04 April 2014, 17:16:03 UTC |
| d097696 | Peter Maydell | 04 April 2014, 16:42:34 UTC | hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property For the machine models which can have a Cortex-A15 CPU (vexpress-a15 and midway), silently continue if the CPU object has no reset-cbar property rather than failing. This allows these boards to be used under KVM with the "-cpu host" option, since the 'host' CPU object has no reset-cbar property. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Rob Herring <rob.herring@linaro.org> | 04 April 2014, 17:01:09 UTC |
| 3b418d0 | Peter Maydell | 04 April 2014, 16:42:33 UTC | hw/arm/highbank: Don't segfault on unknown CPU names If the user passes an unknown CPU name via the '-cpu' option, exit with an error message rather than segfaulting. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Rob Herring <rob.herring@linaro.org> | 04 April 2014, 16:46:11 UTC |
| cd40890 | Kevin Wolf | 03 April 2014, 10:48:38 UTC | qemu-iotests: Remove CR line endings in reference output qemu doesn't print these CRs any more. The test still didn't fail because the output comparison ignores line endings, but the change turns up each time when you want to update the output. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> | 04 April 2014, 15:10:32 UTC |
| e3fa4bf | Kevin Wolf | 03 April 2014, 10:45:51 UTC | block: Don't parse 'filename' option When using the QDict option 'filename', it is supposed to be interpreted literally. The code did correctly avoid guessing the protocol from any string before the first colon, but it still called bdrv_parse_filename() which would, for example, incorrectly remove a 'file:' prefix in the raw-posix driver. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> | 04 April 2014, 15:10:25 UTC |
| 8885ead | Kevin Wolf | 08 February 2014, 16:44:59 UTC | qcow2: Put cache reference in error case When qcow2_get_cluster_offset() sees a zero cluster in a version 2 image, it (rightfully) returns an error. But in doing so it shouldn't leak an L2 table cache reference. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> | 04 April 2014, 15:10:08 UTC |
| 4c2e5f8 | Kevin Wolf | 03 April 2014, 11:47:50 UTC | qcow2: Flush metadata during read-only reopen If lazy refcounts are enabled for a backing file, committing to this backing file may leave it in a dirty state even if the commit succeeds. The reason is that the bdrv_flush() call in bdrv_commit() doesn't flush refcount updates with lazy refcounts enabled, and qcow2_reopen_prepare() doesn't take care to flush metadata. In order to fix this, this patch also fixes qcow2_mark_clean(), which contains another ineffective bdrv_flush() call beause lazy refcounts are disabled only afterwards. All existing callers of qcow2_mark_clean() either don't modify refcounts or already flush manually, so that this fixes only a latent, but not yet actually triggerable bug. Another instance of the same problem is live snapshots. Again, a real corruption is prevented by an explicit flush for non-read-only images in external_snapshot_prepare(), but images using lazy refcounts stay dirty. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> | 04 April 2014, 12:12:26 UTC |
| cbee81f | Fam Zheng | 04 April 2014, 11:53:29 UTC | iscsi: Don't set error if already set in iscsi_do_inquiry This eliminates the possible assertion failure in error_setg(). Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> | 04 April 2014, 12:11:34 UTC |
| 5913815 | Peter Maydell | 03 April 2014, 14:51:01 UTC | Update version for v2.0.0-rc1 release Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 03 April 2014, 14:51:01 UTC |
| 888157f | Peter Maydell | 03 April 2014, 13:31:20 UTC | Merge remote-tracking branch 'remotes/riku/for-2.0' into staging * remotes/riku/for-2.0: linux-user: pass correct host flags to accept4() Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 03 April 2014, 13:31:20 UTC |
| de03c31 | Andreas Färber | 02 April 2014, 14:06:38 UTC | bswap: Fix build on FreeBSD 10.0 FreeBSD 10.0-RELEASE has bswap16() etc. macros defined in sys/endian.h, which leads to a conflict with our static inline definitions. Force using the system version of the macros. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Tested-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 03 April 2014, 12:44:25 UTC |
| 87d8354 | Alexander Graf | 02 April 2014, 09:41:58 UTC | PPC: openpic_kvm: Filter memory events properly Commit 6f1834a2b exposed a bug in openpic_kvm where we don't filter for memory events that only happen to the region we want to know events about. Add proper filtering, fixing the e500plat target with KVM. Signed-off-by: Alexander Graf <agraf@suse.de> Message-id: 1396431718-14908-1-git-send-email-agraf@suse.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 03 April 2014, 11:43:17 UTC |
| 784a559 | Peter Maydell | 03 April 2014, 11:24:35 UTC | Merge remote-tracking branch 'remotes/bonzini/scsi-next' into staging * remotes/bonzini/scsi-next: iscsi: always query max WRITE SAME length iscsi: ignore flushes on scsi-generic devices iscsi: recognize "invalid field" ASCQ from WRITE SAME command scsi-bus: remove bogus assertion Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 03 April 2014, 11:24:35 UTC |
| 97891af | Peter Crosthwaite | 03 April 2014, 06:31:11 UTC | MAINTAINERS: Update Peter Crosthwaite's email Change over to my proper Xilinx email. s/petalogix.com/xilinx.com. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-id: cdff0c388c70df06217c467dcfb89267b7911feb.1396506607.git.peter.crosthwaite@xilinx.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 03 April 2014, 11:23:27 UTC |
| c97ca29 | Paolo Bonzini | 02 April 2014, 13:30:29 UTC | iscsi: always query max WRITE SAME length Max WRITE SAME length is also used when the UNMAP bit is zero, so it should be queried even if LBPWS=0. Same for the optimal transfer length. However, the write_zeroes_alignment only matters for UNMAP=1 so we still restrict it to LBPWS=1. Reviewed-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | 03 April 2014, 11:10:53 UTC |
| b2f9c08 | Paolo Bonzini | 02 April 2014, 13:04:41 UTC | iscsi: ignore flushes on scsi-generic devices Non-block SCSI devices do not support flushing, but we may still send them requests via bdrv_flush_all. Just ignore them. Reviewed-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | 03 April 2014, 11:10:45 UTC |
| 27898a5 | Paolo Bonzini | 02 April 2014, 10:12:50 UTC | iscsi: recognize "invalid field" ASCQ from WRITE SAME command Some targets may return "invalid field" as the ASCQ from WRITE SAME if they support the command only without the UNMAP field. Recognize that, and return ENOTSUP just like for "invalid operation code". Reviewed-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | 03 April 2014, 11:10:32 UTC |
| d581eb7 | Paolo Bonzini | 02 April 2014, 11:24:23 UTC | scsi-bus: remove bogus assertion This assertion is invalid, because get_sg_list can return an empty sg-list even for commands that transfer no data (such as SYNCHRONIZE CACHE). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | 02 April 2014, 11:24:23 UTC |
| 82c6f51 | Peter Maydell | 01 April 2014, 19:45:42 UTC | Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging Tracing pull request # gpg: Signature made Tue 01 Apr 2014 19:08:48 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/tracing-pull-request: trace: add workaround for SystemTap PR13296 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 01 April 2014, 19:45:43 UTC |
| 9bcec93 | Frank Ch. Eigler | 25 March 2014, 12:08:30 UTC | trace: add workaround for SystemTap PR13296 SystemTap sdt.h sometimes results in compiled probes without sufficient information to extract arguments. This can be solved in a slightly hacky way by encouraging the compiler to place arguments into registers. This patch fixes the apic_reset_irq_delivered() trace event on Fedora 20 with gcc-4.8.2-7.fc20 and systemtap-sdt-devel-2.4-2.fc20 on x86_64. Signed-off-by: Frank Ch. Eigler <fche@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 18:08:25 UTC |
| 53e11bd | Peter Maydell | 01 April 2014, 17:23:28 UTC | Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging Block pull request # gpg: Signature made Tue 01 Apr 2014 18:11:16 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (51 commits) qcow2: link all L2 meta updates in preallocate() parallels: Sanity check for s->tracks (CVE-2014-0142) parallels: Fix catalog size integer overflow (CVE-2014-0143) qcow2: Limit snapshot table size qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) qcow2: Fix copy_sectors() with VM state block: Limit request size (CVE-2014-0143) block: vdi bounds check qemu-io tests dmg: prevent chunk buffer overflow (CVE-2014-0145) dmg: use uint64_t consistently for sectors and lengths dmg: sanitize chunk length and sectorcount (CVE-2014-0145) dmg: use appropriate types when reading chunks dmg: drop broken bdrv_pread() loop dmg: prevent out-of-bounds array access on terminator dmg: coding style and indentation cleanup qcow2: Fix new L1 table size check (CVE-2014-0143) qcow2: Protect against some integer overflows in bdrv_check qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 01 April 2014, 17:23:28 UTC |
| 507979a | Peter Maydell | 01 April 2014, 15:58:04 UTC | Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-7' into staging input bugfixes for 2.0 # gpg: Signature made Tue 01 Apr 2014 10:16:43 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-input-7: input: add sanity check input: mouse_set should check input device type. input: fix input_event_key_number trace event Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 01 April 2014, 15:58:04 UTC |
| c792707 | Stefan Hajnoczi | 01 April 2014, 09:12:57 UTC | qcow2: link all L2 meta updates in preallocate() preallocate() only links the first QCowL2Meta's data clusters into the L2 table and ignores any chained QCowL2Metas in the linked list. Chains of QCowL2Meta structs are built up when contiguous clusters span L2 tables. Each QCowL2Meta describes one L2 table update. This is a rare case in preallocate() but can happen. This patch fixes preallocate() by iterating over the whole list of QCowL2Metas. Compare with the qcow2_co_writev() function's implementation, which is similar but also also handles request dependencies. preallocate() only performs one allocation at a time so there can be no dependencies. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| 9302e86 | Kevin Wolf | 26 March 2014, 12:06:09 UTC | parallels: Sanity check for s->tracks (CVE-2014-0142) This avoids a possible division by zero. Convert s->tracks to unsigned as well because it feels better than surviving just because the results of calculations with s->tracks are converted to unsigned anyway. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| afbcc40 | Kevin Wolf | 26 March 2014, 12:06:08 UTC | parallels: Fix catalog size integer overflow (CVE-2014-0143) The first test case would cause a huge memory allocation, leading to a qemu abort; the second one to a too small malloc() for the catalog (smaller than s->catalog_size), which causes a read-only out-of-bounds array access and on big endian hosts an endianess conversion for an undefined memory area. The sample image used here is not an original Parallels image. It was created using an hexeditor on the basis of the struct that qemu uses. Good enough for trying to crash the driver, but not for ensuring compatibility. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| 5dae6e3 | Kevin Wolf | 26 March 2014, 12:06:07 UTC | qcow2: Limit snapshot table size Even with a limit of 64k snapshots, each snapshot could have a filename and an ID with up to 64k, which would still lead to pretty large allocations, which could potentially lead to qemu aborting. Limit the total size of the snapshot table to an average of 1k per entry when the limit of 64k snapshots is fully used. This should be plenty for any reasonable user. This also fixes potential integer overflows of s->snapshot_size. Suggested-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| 6a83f8b | Kevin Wolf | 26 March 2014, 12:06:06 UTC | qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) This avoids an unbounded allocation. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| c05e466 | Kevin Wolf | 26 March 2014, 12:06:05 UTC | qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) For the L1 table to loaded for an internal snapshot, the code allocated only enough memory to hold the currently active L1 table. If the snapshot's L1 table is actually larger than the current one, this leads to a buffer overflow. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| 11b128f | Kevin Wolf | 26 March 2014, 12:06:04 UTC | qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) The qcow2 code assumes that s->snapshots is non-NULL if s->nb_snapshots != 0. By having the initialisation of both fields separated in qcow2_open(), any error occuring in between would cause the error path to dereference NULL in qcow2_free_snapshots() if the image had any snapshots. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
| 6b7d4c5 | Kevin Wolf | 26 March 2014, 12:06:03 UTC | qcow2: Fix copy_sectors() with VM state bs->total_sectors is not the highest possible sector number that could be involved in a copy on write operation: VM state is after the end of the virtual disk. This resulted in wrong values for the number of sectors to be copied (n). The code that checks for the end of the image isn't required any more because the code hasn't been calling the block layer's bdrv_read() for a long time; instead, it directly calls qcow2_readv(), which doesn't error out on VM state sector numbers. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> | 01 April 2014, 13:22:35 UTC |
