breaks Xen support in QEMU, in particular the Xen mapcache. The effect
is that one Windows XP installation out of ten would end up with BSOD.
The reason is that after this commit l in address_space_rw can span a
page boundary, however qemu_get_ram_ptr still calls xen_map_cache asking
to map a single page (if block->offset == 0).
Fix the issue by reverting to the previous behaviour: do not return a
length from address_space_translate_internal that can span a page
boundary.
Also in address_space_translate do not ignore the length returned by
address_space_translate_internal.
Anthony PERARD [Fri, 10 Jan 2014 15:56:33 +0000 (15:56 +0000)]
xen_pt: Fix passthrough of device with ROM.
QEMU does not need and should not allocate memory for the ROM of a
passthrough PCI device. So this patch initialize the particular region
like any other PCI BAR of a passthrough device.
When a guest will access the ROM, Xen will take care of the IO, QEMU
will not be involved in it.
Xen set a limit of memory available for each guest, allocating memory
for a ROM can hit this limit.
pci: Replace pci_find_domain() with more general pci_root_bus_path()
The issue is that i440fx savevm idstr went from 0000:00:00.0/I440FX to
0000:00.0/I440FX. Unfortunately we are stuck with the breakage for
1.6 machine types.
Add a compat property to maintain the busted idstr for the 1.6 machine
types, but revert to the old style format for 1.7+, and <= 1.5.
Tested with migration from qemu 1.5, qemu 1.6, and qemu.git.
Cc: qemu-stable@nongnu.org Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Conflicts:
include/hw/i386/pc.h
Laszlo Ersek [Sat, 2 Nov 2013 19:14:21 +0000 (20:14 +0100)]
scsi_target_send_command(): amend stable-1.6 port of the CVE-2013-4344 fix
The originally suggested fix for CVE-2013-4344 introduced a regression in
scsi_target_send_command() / REQUEST_SENSE; the third argument passed to
scsi_device_get_sense() -- for the "len" parameter -- ignored the
possibility of the guest SCSI driver requesting truncated (or shorter than
full) sense data.
This could result in (r->len > req->cmd.xfer) on return, which is not
valid SCSI.
The problem was addressed in the second round, and the commit on the
master branch (84642435) is correct. However the stable-1.6 branch (the
v1.6.1 release) has the original, regressive fix (commit fdcbe7d5); let's
update it.
Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Fri, 29 Nov 2013 16:27:42 +0000 (17:27 +0100)]
target-mips: fix 64-bit FPU config for user-mode emulation
FR bit should be initialized to 1 for MIPS64, under condition that this
bit is writable and that CPU has an FPU unit. It should be initialized to
zero for MIPS32.
This fixes different MIPS32 issues with FPU instructions whose behaviour
defaulted to 64-bit FPU mode.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 4d66261f71f2efa31e1052e4041c5ee505572fe5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Fam Zheng [Tue, 3 Dec 2013 02:41:05 +0000 (10:41 +0800)]
vmdk: Fix creating big description file
The buffer for description file was 4096 which only covers a few
hundred of extents. This changes the buffer to dynamic allocated with
g_strdup_printf in order to support bigger cases.
Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit af057fe74092df2e7a576448ddbdc0daac1370bf)
Kevin Wolf [Wed, 4 Dec 2013 10:06:36 +0000 (11:06 +0100)]
qcow2: Zero-initialise first cluster for new images
Strictly speaking, this is only required for has_zero_init() == false,
but it's easy enough to just do a cluster-aligned write that is padded
with zeros after the header.
This fixes that after 'qemu-img create' header extensions are attempted
to be parsed that are really just random leftover data.
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f8413b3c23b08a547ce18609acc6fae5fd04ed5c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Fri, 6 Dec 2013 18:16:40 +0000 (11:16 -0700)]
vfio-pci: Release all MSI-X vectors when disabled
We were relying on msix_unset_vector_notifiers() to release all the
vectors when we disable MSI-X, but this only happens when MSI-X is
still enabled on the device. Perform further cleanup by releasing
any remaining vectors listed as in-use after this call. This caused
a leak of IRQ routes on hotplug depending on how the guest OS prepared
the device for removal.
Bandan Das [Wed, 6 Nov 2013 22:52:17 +0000 (17:52 -0500)]
pci: unregister vmstate_pcibus on unplug
PCIBus registers a vmstate during init. Unregister it upon
removal/unplug.
Signed-off-by: Bandan Das <bsd@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 5c397242d5d53c1adecce31817bb439383cf8228)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Tue, 10 Sep 2013 16:21:08 +0000 (18:21 +0200)]
qdev-monitor: Unref device when device_add fails
qdev_device_add() leaks the created device upon failure. I suspect this
problem crept in because qdev_free() unparents the device but does not
drop a reference - confusing name.
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit ee6abeb6ec08473713848ce9028110f1684853b7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Igor Mammedov [Tue, 17 Sep 2013 13:32:32 +0000 (15:32 +0200)]
qdev-monitor: Fix crash when device_add is called with abstract driver
User is able to crash running QEMU when following monitor
command is called:
device_add intel-hda-generic
Crash is caused by assertion in object_initialize_with_type()
when type is abstract.
Checking if type is abstract before instance is created in
qdev_device_add() allows to prevent crash on incorrect user input.
Cc: qemu-stable@nongnu.org Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 2fa4e56d88aa0039062bbc7f9a88e9f90c77ed94)
Conflicts:
qdev-monitor.c
*updated to reflect different 1.6 variable names
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Amos Kong [Mon, 18 Nov 2013 15:32:17 +0000 (23:32 +0800)]
virtio-net: fix the memory leak in rxfilter_notify()
object_get_canonical_path() returns a gchar*, it should be freed by the
caller.
Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Vlad Yasevich <vyasevic@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 96e35046e4a97df5b4e1e24e217eb1e1701c7c71)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Tue, 12 Nov 2013 18:53:24 +0000 (11:53 -0700)]
vfio-pci: Fix multifunction=on
When an assigned device is initialized it copies the device config
space into the emulated config space. Unfortunately multifunction is
setup prior to the device initfn and gets clobbered. We need to
restore it just like pci-assign does.
Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 8d07d6c46597a885eb38d99cc6fff399ce69cd21)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Lieven [Tue, 12 Nov 2013 12:48:07 +0000 (13:48 +0100)]
qcow2: fix possible corruption when reading multiple clusters
if multiple sectors spanning multiple clusters are read the
function count_contiguous_clusters should ensure that the
cluster type should not change between the clusters.
Especially the for-loop should break when we have one
or more normal clusters followed by a compressed cluster.
Unfortunately the wrong macro was used in the mask to
compare the flags.
This was discovered while debugging a data corruption
issue when converting a compressed qcow2 image to raw.
qemu-img reads 2MB chunks which span multiple clusters.
CC: qemu-stable@nongnu.org Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 78a52ad5acca7053b774fcc80290e7b7e224c80a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Max Reitz [Fri, 27 Sep 2013 10:14:15 +0000 (12:14 +0200)]
qcow2: count_contiguous_clusters and compression
The function is not intended to be used on compressed clusters and will
not work correctly, if used anyway, since L2E_OFFSET_MASK is not the
right mask for determining the offset of compressed clusters. Therefore,
assert that the first cluster is not compressed and always include the
compression flag in the mask of significant flags, i.e., stop the search
as soon as a compressed cluster occurs.
pci: Replace pci_find_domain() with more general pci_root_bus_path()
The issue is that i440fx savevm idstr went from 0000:00:00.0/I440FX to
0000:00.0/I440FX. Unfortunately we are stuck with the breakage for
1.6 machine types.
Add a compat property to maintain the busted idstr for the 1.6 machine
types, but revert to the old style format for 1.7+, and <= 1.5.
Tested with migration from qemu 1.5, qemu 1.6, and qemu.git.
Cc: qemu-stable@nongnu.org Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 04c7d8b8dea724f1007f0f6e76047ff03b4cb24f)
Conflicts:
include/hw/i386/pc.h
*removed 1.6 compat properties
*enabled short_root_bus by default to enable for 1.6 (no 1.6 compat
fields to do so in 1.6.x)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
which happens due to attempt to invalidate breakpoint by virtual address
for which get_phys_page_debug couldn't find mapping.
For more details see
http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg04582.html
Cc: qemu-stable@nongnu.org Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e8262a1b5b7cfbcbc80c46e4ce6ff7c517b7b2f6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Wang [Wed, 6 Nov 2013 08:58:08 +0000 (16:58 +0800)]
virtio-net: only delete bh that existed
We delete without check whether it existed during exit. This will lead NULL
pointer deference since it was created conditionally depends on guest driver
status and features. So add a check of existence before trying to delete it.
Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383728288-28469-1-git-send-email-jasowang@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
(cherry picked from commit fe2dafa02de4f80ab36f6e0f4ddfcd6418c03c49)
Conflicts:
hw/net/virtio-net.c
*modified to reflect timer function names for 1.6
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Wed, 30 Oct 2013 21:52:24 +0000 (22:52 +0100)]
linux-user: Fix stat64 syscall for SPARC64
Some targets use a stat64 structure for the stat64 syscall while others
use a stat structure. SPARC64 used the wrong kind.
Instead of extending the conditional compilation in syscall.c, now a
macro TARGET_HAS_STRUCT_STAT64 is defined whenever a target has a
target_stat64.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Erik de Castro Lopo <erikd@mega-nerd.com>
(cherry picked from commit 20d155bc902f41c5b354937e730ad85b43614ae9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Mon, 21 Oct 2013 20:03:06 +0000 (21:03 +0100)]
configure: Explicitly set ARFLAGS so we can build with GNU Make 4.0
Our rules.mak adds '-rR' to MAKEFLAGS to indicate that we will be
explicitly specifying everything and not relying on any default
variables or rules. However we were accidentally relying on the
default ARFLAGS ("rv"). This went unnoticed because of a bug in
GNU Make 3.82 and earlier which meant that adding -rR to MAKEFLAGS
only affected submakes, not the currently running instance.
Explicitly set ARFLAGS in config-host.mak, in the same way we
handle CFLAGS and LDFLAGS; this will allow us to work with
Make 4.0.
Thanks to Paul Smith for analyzing this bug for us.
Cc: qemu-stable@nongnu.org Reported-by: Ken Moffat <zarniwhoop@ntlworld.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 45d285abd7028ac72418c1a22f9298bb898fbfb8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Mike Frysinger [Mon, 1 Jul 2013 03:30:18 +0000 (23:30 -0400)]
configure: detect endian via compile test
This avoids needing to execute a program and keeping an (incomplete)
list when cross-compiling.
Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Tested-by: James Hogan <james.hogan@imgtec.com> [mips]
Message-id: 1372649418-4987-1-git-send-email-vapier@gentoo.org Signed-off-by: Anthony Liguori <aliguori@amazon.com>
(cherry picked from commit 61cc919f73ea7ca134c0ac41b748981ad63a253b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 16 Oct 2013 17:17:08 +0000 (19:17 +0200)]
monitor: eliminate monitor_event_state_lock
This lock does not protect anything that the BQL does not already
protect. Furthermore, with -nodefaults and no monitor, the mutex
is not initialized but monitor_protocol_event_queue is called
anyway, which causes a crash under mingw (and only works by luck.
under Linux or other POSIX OSes).
Reported-by: Orx Goshen <orx.goshen@intel.com> Cc: Daniel Berrange <berrange@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit c20b7fa4b2fedd979bcb0cc974bb5d08a10e3448)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 9 Oct 2013 19:33:44 +0000 (21:33 +0200)]
audio: honor QEMU_AUDIO_TIMER_PERIOD instead of waking up every *nano* second
Now that we no longer have MIN_REARM_TIMER_NS a bug in the audio subsys has
clearly shown it self by trying to make a timer fire every nano second.
Note we have a similar problem in 1.6, 1.5 and older but there
MIN_REARM_TIMER_NS limits the wakeups caused by audio being active to
4000 times / second. This still causes a host cpu load of 50 % for simply
playing audio, where as with this patch git master is at 13%, so we should
backport this to 1.5 and 1.6 too.
Note this will not apply to 1.5 and 1.6 as is.
Cc: qemu-stable@nongnu.org Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit b4350deed67b95651896ddb60cf9f765093a4848)
Conflicts:
audio/audio.c
*fixed to reflect 1.6 timer function/clock names
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Fam Zheng [Fri, 11 Oct 2013 11:48:29 +0000 (19:48 +0800)]
vmdk: Fix vmdk_parse_extents
An extra 'p++' after while loop when *p == '\n' will move p to unknown
data position, risking parsing junk data or memory access violation.
Cc: qemu-stable@nongnu.org Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 899f1ae219d5eaa96a53c996026cb0178d62a86d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Matthew Daley [Thu, 10 Oct 2013 14:10:48 +0000 (14:10 +0000)]
xen_disk: mark ioreq as mapped before unmapping in error case
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <mattjd@gmail.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
(cherry picked from commit a76f48e53382e6f039db6278443e3ce437653302)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Mon, 30 Sep 2013 21:04:49 +0000 (23:04 +0200)]
qemu-char: Fix potential out of bounds access to local arrays
Latest gcc-4.8 supports a new option -fsanitize=address which activates
an AddressSanitizer. This AddressSanitizer stops the QEMU system emulation
very early because two character arrays of size 8 are potentially written
with 9 bytes.
There is no obvious reason why width or height could need 8 characters,
so reduce it to 7 characters which together with the terminating '\0'
fit into the arrays.
Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Alex Bennée <alex@bennee.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 49aa4058ac6dd0081aaa45776f07c98df397ca5e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Thu, 12 Sep 2013 19:13:12 +0000 (21:13 +0200)]
bitops: Add rotate functions (rol8, ror8, ...)
These functions were copies from include/linux/bitopts.h.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 6aa25b4a7bb10c48c3054f268d5be98e42ea42c0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Thu, 12 Sep 2013 19:13:11 +0000 (21:13 +0200)]
tci: Add implementation of rotl_i64, rotr_i64
It is used by qemu-ppc64 when running Debian's busybox-static.
Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit d285bf784b6234e994ce73c05c82c9fb6429df00)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Commit 4f193e3 added the test, but screwed up in-tree builds
(SRCDIR=.): the tests's output overwrites the expected output, and is
thus compared to itself.
Cc: qemu-stable@nongnu.org Reported-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit d8039e58b1ecfdc9af171502c83e3949f6dafb95)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Amit Shah [Wed, 28 Aug 2013 09:54:05 +0000 (15:24 +0530)]
char: remove watch callback on chardev detach from frontend
If a frontend device releases the chardev (via unplug), the chr handlers
are set to NULL via qdev's exit callbacks invoking
qemu_chr_add_handlers(). If the chardev had a pending operation, a
callback will be invoked, which will try to access data in the
just-released frontend, causing a segfault.
Ensure the callbacks are disabled when frontends release chardevs.
This was seen when a virtio-serial port was unplugged when heavy
guest->host IO was in progress (causing a callback to be registered).
In the window in which the throttling was active, unplugging ports
caused a qemu segfault.
CC: <qemu-stable@nongnu.org> Reported-by: Sibiao Luo <sluo@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
(cherry picked from commit 386a5a1e0057e220f79c48fe3689e3dfb17f1b09)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Amit Shah [Wed, 28 Aug 2013 09:53:37 +0000 (15:23 +0530)]
char: use common function to disable callbacks on chardev close
This deduplicates code used a lot of times.
CC: <qemu-stable@nongnu.org> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
(cherry picked from commit 26da70c72524eb22c946ab19ec98a217b8252f7e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Amit Shah [Wed, 28 Aug 2013 09:48:29 +0000 (15:18 +0530)]
char: move backends' io watch tag to CharDriverState
All the backends implement an io watcher tag for callbacks. Move it to
CharDriverState from each backend's struct to make accessing the tag from
backend-neutral functions easier.
This will be used later to cancel a callback on chardev detach from a
frontend.
CC: <qemu-stable@nongnu.org> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
(cherry picked from commit 7ba9addc165b37b764baa08c02518b15b2361707)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Matthew Daley [Thu, 10 Oct 2013 14:10:48 +0000 (14:10 +0000)]
xen_disk: mark ioreq as mapped before unmapping in error case
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <mattjd@gmail.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This is the backport of the following commit. The patch is not
sent public since it is a embargoed bug.
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.
To fix, we allocate the buffer dynamically.
Signed-off-by: Asias He <asias@redhat.com> Signed-off-by: Asias He <asias@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
*s/&r->buf/r->buf/ due to type change
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony PERARD [Mon, 9 Sep 2013 16:15:53 +0000 (16:15 +0000)]
pc_q35: Initialize Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 254c12825f93f405658ca3366cd34f8a8ad23511)
Anthony PERARD [Mon, 9 Sep 2013 16:15:52 +0000 (16:15 +0000)]
pc: Initializing ram_memory under Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> CC: qemu-stable@nongnu.org
(cherry picked from commit 04d7bad8a4fb23e6d9af9d06ce3ddc28a251d94d)
This patch is qemu patch 2 to fix Xen HVM S3 bug, adding qemu
xen logic. When qemu wakeup, qemu xen logic is notified and
hypercall to xen hypervisor to unpause domain.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit 11addd0ab9371af2b6ec028c7fe4e4c4992252fc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Currently Xen hvm s3 has a bug coming from the difference between
qemu-traditioanl and qemu-xen. For qemu-traditional, the way to
resume from hvm s3 is via 'xl trigger' command. However, for
qemu-xen, the way to resume from hvm s3 inherited from standard
qemu, i.e. via QMP, and it doesn't work under Xen.
The root cause is, for qemu-xen, 'xl trigger' command didn't reset
devices, while QMP didn't unpause hvm domain though they did qemu
system reset.
We have two qemu patches and one xl patch to fix Xen hvm s3 bug.
This patch is the qemu patch 1. It adjusts qemu wakeup so that
Xen s3 resume logic (which will be implemented at qemu patch 2)
will be notified after qemu system reset.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit 4bc78a877252d772b983810a7d2c0be00e9be70e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.
For now mask all file mode bits for "group" and "others" in
become_daemon().
Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.
Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs
then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.
The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.
qemu-nbd --format raw -p 9000 evil.img
will now always use raw, regardless of what format 'evil.img'
looks like it contains
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The 'gthread' coroutine backend was written before the freelist (aka
pool) existed in qemu-coroutine.c.
This means that every thread is expected to exit when its coroutine
terminates. It is not possible to reuse threads from a pool.
This patch automatically disables the pool when 'gthread' is used. This
allows the 'gthread' backend to work again (for example,
tests/test-coroutine completes successfully instead of hanging).
I considered implementing thread reuse but I don't want quirks like CPU
affinity differences due to coroutine threads being recycled. The
'gthread' backend is a reference backend and it's therefore okay to skip
the pool optimization.
Note this patch also makes it easy to toggle the pool for benchmarking
purposes:
Reported-by: Gabriel Kerneis <gabriel@kerneis.info> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Gabriel Kerneis <gabriel@kerneis.info> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 70c60c089fdc6bf8a79324e492c13e8c08d55942)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
We use the extent size as cluster size for flat extents (where no L1/L2
table is allocated so it's safe) reuse sector calculating code with
sparse extents.
Don't pass in the cluster size for adding flat extent, just set it to
sectors later, then the cluster size checking will not fail.
The cluster_sectors is changed to int64_t to allow big flat extent.
Stefan Hajnoczi [Wed, 25 Sep 2013 14:00:48 +0000 (16:00 +0200)]
rbd: avoid qemu_rbd_snap_list() memory leaks
When there are no snapshots qemu_rbd_snap_list() returns 0 and the
snapshot table pointer is NULL. Don't forget to free the snaps buffer
we allocated for librbd rbd_snap_list().
When the function succeeds don't forget to free the snaps buffer after
calling rbd_snap_list_end().
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9e6337d0818650362149b734d53edf9489f3acaa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Sun, 4 Aug 2013 02:20:41 +0000 (22:20 -0400)]
tap: Use numbered tap/tun devices on all *BSD OS's
The following patch simplifies the *BSD tap/tun code and makes use of numbered
tap/tun interfaces on all *BSD OS's. NetBSD has a patch in their pkgsrc tree
to make use of this feature and DragonFly also supports this as well.
Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit aa4f082f7526d39dac8e2ca64d192d858014ee10)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 20 Sep 2013 15:31:55 +0000 (17:31 +0200)]
virtio-blk: do not relay a previous driver's WCE configuration to the current
The following sequence happens:
- the SeaBIOS virtio-blk driver does not support the WCE feature, which
causes QEMU to disable writeback caching
- the Linux virtio-blk driver resets the device, finds WCE is available
but writeback caching is disabled; tells block layer to not send cache
flush commands
- the Linux virtio-blk driver sets the DRIVER_OK bit, which causes
writeback caching to be re-enabled, but the Linux virtio-blk driver does
not know of this side effect and cache flushes remain disabled
The bug is at the third step. If the guest does know about CONFIG_WCE,
QEMU should ignore the WCE feature's state. The guest will control the
cache mode solely using configuration space. This change makes Linux
do flushes correctly, but Linux will keep SeaBIOS's writethrough mode.
Hence, whenever the guest is reset, the cache mode of the disk should
be reset to whatever was specified in the "-drive" option. With this
change, the Linux virtio-blk driver finds that writeback caching is
enabled, and tells the block layer to send cache flush commands
appropriately.
Reported-by: Rusty Russell <rusty@au1.ibm.com Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit ef5bc96268ceec64769617dc53b0ac3a20ff351c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 19 Sep 2013 16:48:53 +0000 (18:48 +0200)]
blockdev: do not default cache.no-flush to true
That's why all my VMs were so fast lately. :)
This changed in 1.6.0 by mistake in patch 29c4e2b (blockdev: Split up
'cache' option, 2013-07-18).
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 1df6fa4bc6754a170cf511a78e2e6fef84eb5228)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Thu, 12 Sep 2013 18:17:50 +0000 (20:17 +0200)]
tci: Fix qemu-alpha on 32 bit hosts (wrong assertions)
Debian busybox-static for alpha has a load address of 0x0000000120000000
which is mapped to 0x0000000020000000 for 32 bit hosts.
qemu-alpha uses the TCG opcodes qemu_ld32, qemu_ld64, qemu_st32 and
qemu_st64 which all raise the assertion (taddr == host_addr).
Remove all assertions of this type because they are either wrong or
unnecessary (when sizeof(tcg_target_ulong) >= sizeof(target_ulong)).
Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 07ac4dc5db22a31e47b149abdbc5ea99013cf4de)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 3 Sep 2013 16:08:52 +0000 (18:08 +0200)]
kvmvapic: Clear also physical ROM address when entering INACTIVE state
To avoid misinterpreting INACTIVE after migration as old qemu-kvm's
STANDBY, also clear rom_state_paddr when going back to this state.
CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 4357930b8a7d2fcff2d8121ec518117428a781e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 3 Sep 2013 16:08:51 +0000 (18:08 +0200)]
kvmvapic: Enter inactive state on hardware reset
ROM layout may change after reset of devices are hotplugged, so we have
to pick up the physical address again when the ROM is initialized. This
is best achieved by resetting the state to INACTIVE.
CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c056bc3f3464cfae1c94b7dd633d3ec13b13b655)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Tue, 3 Sep 2013 16:08:50 +0000 (18:08 +0200)]
kvmvapic: Catch invalid ROM size
If not caught early, a zero-length ROM will cause a NULL-pointer access
later on in patch_hypercalls when allocating a zero-length ROM copy and
trying to read from it.
CC: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 18e5eec4db96a00907eb588a2b803401637c7f67)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Thu, 22 Aug 2013 09:43:58 +0000 (11:43 +0200)]
chardev: fix pty_chr_timer
pty_chr_timer first calls pty_chr_update_read_handler(), then clears
timer_tag (because it is a one-shot timer). This is the wrong order
though. pty_chr_update_read_handler might re-arm time timer, and the
new timer_tag gets overwitten in that case.
This leads to crashes when unplugging a pty chardev: pty_chr_close
thinks no timer is running -> timer isn't canceled -> pty_chr_timer gets
called with stale CharDevState -> BOOM.
This patch fixes the ordering.
Kill the pointless goto while being at it.
Aurelien Jarno [Wed, 28 Aug 2013 12:17:39 +0000 (14:17 +0200)]
pcnet-pci: mark I/O and MMIO as LITTLE_ENDIAN
Now that the memory subsystem is propagating the endianness correctly,
the pcnet-pci device should have its I/O ports and MMIO memory marked
as LITTLE_ENDIAN, as PCI devices are little endian.
This makes the pcnet-pci NIC to work again on big endian MIPS Malta
(default NIC).
Cc: qemu-stable@nongnu.org Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a26405b350c0d31d5ef53f3b459aeb6eaaf50db0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cole Robinson [Sat, 31 Aug 2013 22:36:17 +0000 (18:36 -0400)]
qapi-types.py: Fix enum struct sizes on i686
Unlike other list types, enum wasn't adding any padding, which caused
a mismatch between the generated struct size and GenericList struct
size. More details in a678e26cbe89f7a27cbce794c2c2784571ee9d21
This crashed qemu if calling qmp query-tpm-types for example, which
upsets libvirt capabilities probing. Reproducer on i686:
Anthony PERARD [Mon, 9 Sep 2013 16:15:53 +0000 (16:15 +0000)]
pc_q35: Initialize Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 254c12825f93f405658ca3366cd34f8a8ad23511)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony PERARD [Mon, 9 Sep 2013 16:15:52 +0000 (16:15 +0000)]
pc: Initializing ram_memory under Xen.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> CC: qemu-stable@nongnu.org
(cherry picked from commit 04d7bad8a4fb23e6d9af9d06ce3ddc28a251d94d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The local spice renderer assumes the primary surface is located at the
start of the "ram" bar. This used to be a requirement in qxl hardware
revision 1. In revision 2+ this is relaxed. Nevertheless guest drivers
continued to use the traditional location, for historical and backward
compatibility reasons. The qxl kms driver doesn't though as it depends
on qxl revision 4+ anyway.
Result is that local rendering is hosed for recent linux guests, you'll
get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing
screendumps. Fix that by doing a proper mapping of the guest-specified
memory location.
Now that the memory subsystem is propagating the endianness correctly,
the ne2000 device should have its I/O ports marked as LITTLE_ENDIAN, as
PCI devices are little endian.
This makes the ne2000 NIC to work again on PowerPC.
Cc: qemu-stable@nongnu.org Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 45d883dcf208160e2db308d1b368beb74f37dc7e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hu Tao [Thu, 29 Aug 2013 10:21:16 +0000 (18:21 +0800)]
exec: check offset_within_address_space for register subpage
If offset_within_address_space falls in a page, then we register a
subpage. So check offset_within_address_space rather than
offset_within_region.
Cc: qemu-stable@nongnu.org Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: "Andreas Färber" <afaerber@suse.de> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 88266249701032211c1d7449460d063fbc01bf12)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The commit was wrong: We only return -1 on invalid accesses, not on
valid but unbacked ones. This broke various corner cases.
Cc: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 68a7439a150d6b4da99082ab454b9328b151bc25)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Mon, 2 Sep 2013 16:43:30 +0000 (18:43 +0200)]
memory: Provide separate handling of unassigned io ports accesses
Accesses to unassigned io ports shall return -1 on read and be ignored
on write. Ensure these properties via dedicated ops, decoupling us from
the memory core's handling of unassigned accesses.
Cc: qemu-stable@nongnu.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 3bb28b7208b349e7a1b326e3c6ef9efac1d462bf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Those devices use hdev_open which did not use the latest API for options.
This resulted in a fatal runtime error:
Block protocol 'host_device' doesn't support the option 'filename'
Duplicate code from raw_open to fix this.
Cc: qemu-stable@nongnu.org Reported-by: David Brenner <david.brenner3@gmail.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 68dc036488dfea170627a55e6ee3dfd7f2c2063e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Tue, 27 Aug 2013 13:25:24 +0000 (15:25 +0200)]
usb: parallelize usb3 streams
usb3 bulk endpoints with streams are implicitly pipelined now,
so the requests will actually be processed in parallel. Also
allow them to complete out-of-order.
Andrea Arcangeli [Thu, 25 Jul 2013 10:11:15 +0000 (12:11 +0200)]
exec: always use MADV_DONTFORK
MADV_DONTFORK prevents fork to fail with -ENOMEM if the default
overcommit heuristics decides there's too much anonymous virtual
memory allocated. If the KVM secondary MMU is synchronized with MMU
notifiers or not, doesn't make a difference in that regard.
Secondly it's always more efficient to avoid copying the guest
physical address space in the fork child (so we avoid to mark all the
guest memory readonly in the parent and so we skip the establishment
and teardown of lots of pagetables in the child).
In the common case we can ignore the error if MADV_DONTFORK is not
available. Leave a second invocation that errors out in the KVM path
if MMU notifiers are missing and KVM is enabled, to abort in such
case.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Tested-By: Benoit Canet <benoit@irqsave.net> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
(cherry picked from commit 3e469dbfe413c25d48321c3a19ddfae0727dc6e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
commit 62c96360ae7f2c7a8b029277fbb7cb082fdef7fd
virtio-pci: fix level interrupts
only helps systems without irqfd: on systems with irqfd support we
passed in flag requesting irqfd even when msix is disabled.
As a result, for level interrupts we didn't install an fd handler so
unmasking an fd had no effect.
Paolo Bonzini [Mon, 29 Jul 2013 12:27:39 +0000 (14:27 +0200)]
exec: fix writing to MMIO area with non-power-of-two length
The problem is introduced by commit 2332616 (exec: Support 64-bit
operations in address_space_rw, 2013-07-08). Before that commit,
memory_access_size would only return 1/2/4.
Since alignment is already handled above, reduce l to the largest
power of two that is smaller than l.
Cc: qemu-stable@nongnu.org Reported-by: Oleksii Shevchuk <alxchk@gmail.com> Tested-by: Oleksii Shevchuk <alxchk@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 098178f2749a63fbbb1a626dcc7d939d5cb2bde7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Fri, 30 Aug 2013 09:58:45 +0000 (11:58 +0200)]
target-i386: fix disassembly with PAE=1, PG=0
CR4.PAE=1 will not enable paging if CR0.PG=0, but the "if" chain
in x86_cpu_get_phys_page_debug says otherwise. Check CR0.PG
before everything else.
Fixes "-d in_asm" for a code section at the beginning of OVMF.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
(cherry picked from commit f2f8560c7a5303065a2a3207ec475dfb3a622a0e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 4 Sep 2013 17:00:25 +0000 (19:00 +0200)]
block: expect errors from bdrv_co_is_allocated
Some bdrv_is_allocated callers do not expect errors, but the fallback
in qcow2.c might make other callers trip on assertion failures or
infinite loops.
Fix the callers to always look for errors.
Cc: qemu-stable@nongnu.org Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit d663640c04f2aab810915c556390211d75457704)
Conflicts:
block/cow.c
*modified to avoid dependency on upstream's e641c1e8
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This isn't in line with the usb specification and adds regressions,
win7 fails to drive the usb hub for example.
Was added because it "solved" the issue of hubs interacting badly
with the xhci host controller. Now with the root cause being fixed
in xhci (commit <FIXME>) we can revert this one.
projects / qemu-upstream-4.4-testing.git / log