Chen Gang [Tue, 11 Nov 2014 09:23:40 +0000 (17:23 +0800)]
xen-hvm: Remove redundant variable 'xstate'
In xen_hvm_change_state_handler(), we can pass 'opaque' with type cast
to xen_main_loop_prepare() directly, there's no need to use additional
variable for it.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
coroutine-sigaltstack: Change jmp_buf to sigjmp_buf
This is a simple patch to change the type of old_env from jmp_buf
to sigjmp_buf. old_env is used by sigsetjmp and as such should be
a sigjmp_buf.
This fixes a stack_chk fail in a OSX 32bit build. Since at least on
OSX sigjmp_buf is four bytes larger then a jmpbuf, resulting in an
overflow in sigsetjmp. Due to variable reordering this overwrites
the stack cookie.
Signed-off-by: Willem Pinckaers <willem_qemu@lekkertech.net> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter: I think I must have missed this one when I converted
all the jmp_buf to sigjmp_buf in commit 6ab7e546. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Chen Gang [Mon, 3 Nov 2014 09:26:30 +0000 (17:26 +0800)]
pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'
For Linux upstream kernel (e.g. 3.17-rc7), the related compatible string
'xlnx,xps-ethernetlite-2.00.a' is supported, but 'b' is not supported,
so change qemu dtb file to match kernel driver.
The related operation for qemu (after this patch):
yum install libvirt
yum install tunctl
tunctl -b
ip link set tap0 up
brctl addif virbr0 tap0
Martin Simmons [Wed, 5 Nov 2014 14:47:39 +0000 (14:47 +0000)]
gdbstub: Add a missing case of signal number translation in gdbstub
While using qemu with gdb "target remote" to debug an application that uses
fork and exec, the qemu process receives SIGSTOP every time the forked process
terminates (sending SIGCHLD).
This is caused by a missing call to gdb_signal_to_target in gdbstub.c, which
is fixed by this patch:
Signed-off-by: Martin Simmons <martin@lispworks.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Next, "socket address" was reported as deprecated, use a combination of
"interfaces" and "bind interfaces only" instead (available since October
1997, commit 79f4fb52c1ed56fd843f81b4eb0cdd2991d4d0f4).
Set "usershare max shared=0" to prevent a global directory from being
used. Option available since Samba 3.0.23, February 2006, commit 5831715049f2d460ce42299963a5defdc160891b.
The last option was introduced with Samba 3.4.0, but previously
"state directory" was already added which exists in Samba 3.4.0. As
unknown parameters are ignored (while printing a warning), it should be
safe to add another option.
Signed-off-by: Peter Wu <peter@lekensteyn.nl> Cc: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 3 Nov 2014 14:55:17 +0000 (14:55 +0000)]
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-02' into staging
trivial patches for 2014-11-02
# gpg: Signature made Sun 02 Nov 2014 11:54:43 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2014-11-02: (23 commits)
vdi: wrapped uuid_unparse() in #ifdef
tap: fix possible fd leak in net_init_tap
tap: do not close(fd) in net_init_tap_one
target-i386: Remove unused model_features_t struct
tap_int.h: remove repeating NETWORK_SCRIPT defines
os-posix: reorder parent notification for -daemonize
pidfile: stop making pidfile error a special case
os-posix: replace goto again with a proper loop
os-posix: use global daemon_pipe instead of cryptic fds[1]
dump: Fix dump-guest-memory termination and use-after-close
virtio-9p-proxy: improve error messages in connect_namedsocket()
virtio-9p-proxy: fix error return in proxy_init()
virtio-9p-proxy: Fix sockfd leak
target-tricore: check return value before using it
net/slirp: specify logbase for smbd
Revert "os-posix: report error message when lock file failed"
util: Improve os_mem_prealloc error message
sparse: fix build
target-arm: A64: remove redundant store
target-xtensa: mark XtensaConfig structs as unused
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 3 Nov 2014 12:31:07 +0000 (12:31 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
The last round of patches for soft freeze. Includes ivshmem bugfixes,
megasas 2108 emulation, and other small patches here and there.
# gpg: Signature made Fri 31 Oct 2014 17:17:54 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (35 commits)
virtio-scsi: fix dataplane
ivshmem: use error_report
ivshmem: Fix fd leak on error
ivshmem: Fix potential OOB r/w access
ivshmem: validate incoming_posn value from server
ivshmem: Check ivshmem_read() size argument
i386: fix breakpoints handling in icount mode
kvm_stat: Add powerpc support
kvm_stat: Abstract ioctl numbers
kvm_stat: Rework platform detection
kvm_stat: Fix the non-x86 exit reasons
kvm_stat: Only consider online cpus
virtio-scsi: Fix num_queue input validation
scsi: devirtualize unrealize of SCSI devices
virtio-scsi: Fix memory leak when realize failed
iscsi: Refuse to open as writable if the LUN is write protected
kvmvapic: patch_instruction fix
vl.c: Fix Coverity complaining for vmstate_dump_file
Add skip_dump flag to ignore memory region during dump
-machine vmport=off: Allow disabling of VMWare ioport emulation
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Aurelien Jarno [Mon, 27 Oct 2014 14:53:35 +0000 (15:53 +0100)]
tcg/mips: fix store softmmu slow path
Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a
regression at the same time by always calling tcg_out_tlb_load with
is_load=1. This makes impossible to run any significant code under
qemu-system-mips*.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Gonglei [Fri, 31 Oct 2014 06:11:00 +0000 (14:11 +0800)]
tap: do not close(fd) in net_init_tap_one
commit 5193e5fb (tap: factor out common tap initialization)
introduce net_init_tap_one(). But it's inappropriate that
we close fd in net_init_tap_one(), we should lay it in the
caller, becuase some callers needn't to close it if we get
the fd by monitor_handle_fd_param().
On the other hand, in other exceptional branches fd isn't
closed, so that's incomplete anyway.
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
DEFAULT_NETWORK_SCRIPT and DEFAULT_NETWORK_DOWN_SCRIPT
have been defined in net/net.h included in
tap.c, which is the only C file that using those two macro.
Let's remove the repeating macroinstruction.
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Michael Tokarev [Thu, 30 Oct 2014 14:47:46 +0000 (17:47 +0300)]
os-posix: reorder parent notification for -daemonize
Put "success" parent reporting in os_setup_post() to after
all other initializers which may also fail, to the very end,
so more possible failure cases are reported properly to the
calling process.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Michael Tokarev [Thu, 30 Oct 2014 14:40:48 +0000 (17:40 +0300)]
pidfile: stop making pidfile error a special case
In case of -daemonize, we write non-zero to the daemon
pipe only if pidfile creation failed, so the parent will
report error about pidfile problem. There's no need to
make special case for this, since all other errors are
reported by the child just fine. Let the parent report
error and simplify logic in os_daemonize().
This way, we don't need os_pidfile_error() function, since
it only prints error now, so put the error reporting printf
into the only place where qemu_create_pidfile() is called,
in vl.c.
While at it, fix wrong indentation in os_daemonize().
Michael Tokarev [Thu, 30 Oct 2014 14:30:51 +0000 (17:30 +0300)]
os-posix: use global daemon_pipe instead of cryptic fds[1]
When asked to -daemonize, we fork a child and setup a pipe between
it and parent to pass exit status. os-posix.c used global fds[2]
array for that, but actually only the writing side of the pipe is
needed to be global, and this name is really too generic. Use
just one interger for the writing side of the pipe, and name it
daemon_pipe to be more understandable than cryptic fds[1].
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Gonglei [Thu, 30 Oct 2014 06:01:17 +0000 (14:01 +0800)]
dump: Fix dump-guest-memory termination and use-after-close
dump_iterate() dumps blocks in a loop. Eventually, get_next_block()
returns "no more". We then call dump_completed(). But we neglect to
break the loop! Broken in commit 4c7e251a.
Because of that, we dump the last block again. This attempts to write
to s->fd, which fails if we're lucky. The error makes dump_iterate()
return failure. It's the only way it can ever return.
Theoretical: if we're not so lucky, something else has opened something
for writing and got the same fd. dump_iterate() then keeps looping,
messing up the something else's output, until a write fails, or the
process mercifully terminates.
The obvious fix is to restore the return lost in commit 4c7e251a. But
the root cause of the bug is needlessly opaque loop control. Replace it
by a clean do ... while loop.
This makes the badly chosen return values of get_next_block() more
visible. Cleaning that up is outside the scope of this bug fix.
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
zhanghailiang [Thu, 30 Oct 2014 02:03:28 +0000 (10:03 +0800)]
target-tricore: check return value before using it
We reference the return value of cpu before checking whether it is NULL,
The checking code is after that which violates code style.
It makes no difference if the cpu is NULL, qemu process will terminate.
But one will be 'Segmentation fault' and the other will report a error
which is what we want.
Michael Tokarev [Fri, 24 Oct 2014 20:29:50 +0000 (00:29 +0400)]
net/slirp: specify logbase for smbd
It looks like smbd always logs to /var/log/samba/log.$progname
even if config file specifies different logfile -- when it needs
to log something before completing reading the config file. But
if it can't open it for writing, it fails and exits. Tell smbd
to use our temp dir as logbase (-l option) to avoid that.
The same option is used by samba3 and samba4, so there should
be no incompatible changes.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
qemu_create_pidfile() is only created from main(), and there,
if that function returns failure, os_pidfile_error() function
is called, to, guess that, report error (which is done differently
whenever we're daemonizing or not).
qemu_create_pidfile() function has several error returns, this
lockf() failure is one of them, there are others (another shown
in the patch context too).
So this patch makes whole thing inconsistent at least.
If we need to show error message when we're daemonizing, it
looks like we should modify os_pidfile_error() routine to always
report error and only after that check for daemon mode. This way
all errors will be reported the same way.
Michal Privoznik [Thu, 16 Oct 2014 13:13:32 +0000 (15:13 +0200)]
util: Improve os_mem_prealloc error message
Currently, when the preallocating guest memory process fails, a not
so helpful error message is printed out:
# virsh start migt10
error: Failed to start domain migt10
error: internal error: process exited while connecting to monitor:
os_mem_prealloc: failed to preallocate pages
From the error message it's not clear at the first glance where the
problem lies. However, changing the error message might give users a
clue.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Gerd Hoffmann [Wed, 15 Oct 2014 09:51:09 +0000 (11:51 +0200)]
sparse: fix build
c++ compiler isn't wrapped with cgcc, resulting in gcc complaining about
the sparse compiler flags which it doesn't know in case qemu is built
with --enable-sparse.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Sun, 14 Sep 2014 19:36:33 +0000 (20:36 +0100)]
target-xtensa: mark XtensaConfig structs as unused
The XtensaConfig structs will be defined but not used if they are
for the opposite endianness from that of the binary being built;
keep the compiler from complaining about this by marking them
with the 'unused' attribute.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Andrew Jones [Tue, 7 Oct 2014 11:24:02 +0000 (13:24 +0200)]
ivshmem: use error_report
Replace all the fprintf(stderr, ...) calls with error_report.
Also make sure exit() consistently uses the error code 1. A few calls
used -1. While at it cleanup some indentation in the printf argument
lists.
Signed-off-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andreas Färber [Mon, 15 Sep 2014 16:40:08 +0000 (18:40 +0200)]
ivshmem: Fix fd leak on error
Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix OOB access via malformed incoming_posn parameters
and check that requested memory is actually alloc'ed.
Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
[AF: Rebased, cleanups, avoid fd leak] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Hajnoczi [Mon, 15 Sep 2014 16:40:06 +0000 (18:40 +0200)]
ivshmem: validate incoming_posn value from server
Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem
server on the host sends invalid values.
Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Tighten upper bound check for posn in close_guest_eventfds()] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Hajnoczi [Mon, 15 Sep 2014 16:40:05 +0000 (18:40 +0200)]
ivshmem: Check ivshmem_read() size argument
The third argument to the fd_read() callback implemented by
ivshmem_read() is the number of bytes, not a flags field. Fix this and
check we received enough bytes before accessing the buffer pointer.
Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Handle partial reads via FIFO] Reported-by: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pavel Dovgalyuk [Wed, 22 Oct 2014 11:38:31 +0000 (15:38 +0400)]
i386: fix breakpoints handling in icount mode
This patch fixes instructions counting when execution is stopped on
breakpoint (e.g. set from gdb). Without a patch extra instruction is translated
and icount is incremented by invalid value (which equals to number of
executed instructions + 1).
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Michael Ellerman [Tue, 17 Jun 2014 07:54:34 +0000 (17:54 +1000)]
kvm_stat: Abstract ioctl numbers
Unfortunately ioctl numbers are platform specific, so abstract them out
of the code so they can be overridden. As it happens x86 and s390 share
the same values, so nothing needs to change yet.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Michael Ellerman [Tue, 17 Jun 2014 07:54:32 +0000 (17:54 +1000)]
kvm_stat: Rework platform detection
The current platform detection is a little bit messy. We look for lines
in /proc/cpuinfo starting with 'flags' OR 'vendor-id', and scan both
for values we know will only occur in one or the other. We also keep
scanning once we've found a value, which could be a feature, but isn't
in this case.
We'd also like to add another platform, powerpc, which will just make it
worse. So clean it up in preparation.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Michael Ellerman [Tue, 17 Jun 2014 07:54:31 +0000 (17:54 +1000)]
kvm_stat: Fix the non-x86 exit reasons
In kvm_stat we have a dictionary of exit reasons for s390. Firstly these
are not s390 specific, they are the generic exit reasons. So rename the
dictionary to reflect that, and add it separately to filters[].
Secondly, the values are defined using hex, but in the kernel header
they are decimal. That means values above 9 in kvm_stat are incorrect.
While we're there, fix the whitespace to match the rest of the file.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Michael Ellerman [Tue, 17 Jun 2014 07:54:30 +0000 (17:54 +1000)]
kvm_stat: Only consider online cpus
In kvm_stat we grovel through /sys to find out how many cpus are in the
system. However if a cpu is offline it will still be present in /sys,
and the perf_event_open() will fail.
Modify the logic to only return online cpus. We need to be careful on
systems which don't support cpu hotplug, the online file will not be
present at all.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pavel Dovgalyuk [Thu, 30 Oct 2014 09:31:00 +0000 (12:31 +0300)]
kvmvapic: patch_instruction fix
When QEMU works in icount mode cpu_restore_state function performs two actions:
restoring the program counter and updating icount to the correct value.
kvmvapic's patch_instruction function is called by cpu_report_tpr_access
function which also invokes cpu_restore_state. It results to calling
cpu_restore_state twice - in cpu_report_tpr_access and in patch_instruction.
When icount is disabled second call is safe. But when icount is enabled,
cpu_restore_state modifies instructions counter twice, which leads to incorrect
behavior. This patch removes useless cpu_restore_state call from kvmvapic.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Gonglei [Wed, 29 Oct 2014 12:49:43 +0000 (20:49 +0800)]
vl.c: Fix Coverity complaining for vmstate_dump_file
commit abfd9ce3(migration: dump vmstate info as a json
file for static analysis) introduce a new command,
'-dump-vmstate', that takes a filename
as an argument. When executed, QEMU will dump the vmstate information
for the machine type it's invoked with to the file, and quit.
However, only one instance of the -dump-vmstate option is supported.
If more were given, the vmstate_dump_file variable would be overwritten.
This fix also helps silence a Coverity error.
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add skip_dump flag to ignore memory region during dump
The PCI MMIO might be disabled or the device in the reset state.
Make sure we do not dump these memory regions.
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-machine vmport=off: Allow disabling of VMWare ioport emulation
This is a pc & q35 only machine opt.
VMWare apparently doesn't like running under QEMU due to our
incomplete emulation of it's special IO Port. This adds a
pc & q35 property to allow it to be turned off.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Don Slutz <dslutz@verizon.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hannes Reinecke [Wed, 29 Oct 2014 12:00:16 +0000 (13:00 +0100)]
megasas: Fixup MSI-X handling
MSI-X works slightly different than INTx; the doorbell
registers are not necessarily used as MSI-X interrupts
are directed anyway. So the head pointer on the
reply queue needs to be updated as soon as a frame
is completed, and we can set the doorbell only
when in INTx mode.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hannes Reinecke [Wed, 29 Oct 2014 12:00:15 +0000 (13:00 +0100)]
megasas: Rework frame queueing algorithm
Windows requires the frames to be unmapped, otherwise we run
into a race condition where the updated frame data is not
visible to the guest.
With that we can simplify the queue algorithm and use a bitmap
for tracking free frames.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hannes Reinecke [Wed, 29 Oct 2014 12:00:12 +0000 (13:00 +0100)]
megasas: Ignore duplicate init_firmware commands
The windows driver is sending several init_firmware commands
when in MSI-X mode. It is, however, using only the first
queue. So disregard any additional init_firmware commands
until the HBA is reset.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hannes Reinecke [Wed, 29 Oct 2014 12:00:07 +0000 (13:00 +0100)]
megasas: fixup device mapping
Logical drives can only be addressed with the 'target_id' number;
LUN numbers cannot be selected.
Physical drives can be selected with both, target and LUN id.
So we should disallow LUN numbers not equal to 0 when in
RAID mode.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hannes Reinecke [Wed, 29 Oct 2014 12:00:04 +0000 (13:00 +0100)]
scsi: Rename scsi_*_length() to scsi_*_xfer(), add scsi_cdb_length()
scsi_cdb_length() does not return the length of the cdb, but
the transfersize encoded in the cdb. So rename it to scsi_cdb_xfer()
and also rename all other related functions to end with _xfer.
We can then add a new scsi_cdb_length() which actually does return the
length of the cdb. With that DEBUG_SCSI can now display the correct
CDB buffer.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
# gpg: Signature made Wed 29 Oct 2014 11:45:29 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-cve-2014-3689-20141029-1:
vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
vmware-vga: add vmsvga_verify_rect
vmware-vga: CVE-2014-3689: turn off hw accel
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 30 Oct 2014 17:04:29 +0000 (17:04 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20141028-1' into staging
Fixes for libcacard (usb smartcard emulation), xhci and uhci.
# gpg: Signature made Tue 28 Oct 2014 10:39:52 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-20141028-1:
uhci: remove useless DEBUG
xhci: add property to turn on/off streams support
libcacard: don't free sign buffer while sign op is pending
libcacard: Lock NSS cert db when selecting an applet on an emulated card
libcacard: introduce new vcard_emul_logout
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
James Harper [Thu, 30 Oct 2014 10:08:28 +0000 (10:08 +0000)]
fix off-by-one error in pci_piix3_xen_ide_unplug
Fix off-by-one error when unplugging disks, which would otherwise leave the last ATA disk plugged, with obvious consequences. Also rewrite loop to be more readable.
Signed-off-by: James Harper <james.harper@ejbdigital.com.au> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Peter Maydell [Thu, 30 Oct 2014 13:35:12 +0000 (13:35 +0000)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
virtio-scsi fixes, the first part of dynamic sysbus devices,
MAINTAINERS updates, and AVX512 support.
# gpg: Signature made Mon 27 Oct 2014 15:12:13 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (28 commits)
aio / timers: De-document -clock
hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl
virtio-scsi: sense in virtio_scsi_command_complete
target-i386: add Intel AVX-512 support
get_maintainer.pl: restrict cases where it falls back to --git
get_maintainer.pl: move git loop under "if ($email) {"
qtest: fix qtest log fd should be initialized before qtest chardev
MAINTAINERS: avoid M entries that point to mailing lists
MAINTAINERS: add some tests directories
MAINTAINERS: Add more TCG files
MAINTAINERS: add myself for X86
MAINTAINERS: add Samuel Thibault as usb-serial.c and baum.c maintainer
MAINTAINERS: grab more files from Anthony's pile
target-i386: warns users when CPU threads>1 for non-Intel CPUs
sysbus: Use TYPE_DEVICE GPIO functionality
qdev: gpio: Define qdev_pass_gpios()
qdev: gpio: Remove qdev_init_gpio_out x1 restriction
qdev: gpio: delete NamedGPIOList::out
irq: Remove qemu_irq_intercept_out
qtest/irq: Rework IRQ interception
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Wed, 29 Oct 2014 10:17:19 +0000 (11:17 +0100)]
virtio: link the rng backend through an alias property
The virtio-rng backend is currently linked twice, once in the proxy
device (e.g. virtio-rng-pci) and once in virtio-rng-device. This causes
a double unref of the backend when the parent device is unplugged.
To fix this, make the proxy device use an alias, similar to what is
already being done for the iothread link.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 1414577839-18695-1-git-send-email-pbonzini@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
graphic_hw_update and vnc_refresh_server_surface aren't
need to do when no vnc client connected. It can reduce
lock contention, because vnc_refresh will hold global big
lock two millisecond every three seconds.
Petr Matousek [Mon, 27 Oct 2014 11:41:44 +0000 (12:41 +0100)]
vnc: sanitize bits_per_pixel from the client
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.
To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.
This is CVE-2014-7815.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]
Gerd Hoffmann [Tue, 21 Oct 2014 10:29:33 +0000 (12:29 +0200)]
xhci: add property to turn on/off streams support
streams support in usb-redir and usb-host works only with recent enough
versions of the support libraries (libusbredir and libusbx). Failure
mode is rather unelegant: Any stream usb transfers will throw stall
errors. Turning off support for streams in the xhci host controller
will work better as the guest can figure beforehand that streams are
not going to work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Ray Strode [Sun, 19 Oct 2014 02:12:49 +0000 (22:12 -0400)]
libcacard: don't free sign buffer while sign op is pending
commit 57f97834efe0c208ffadc9d2959f3d3d55580e52 cleaned up
the cac_applet_pki_process_apdu function to have a single
exit point. Unfortunately, that commit introduced a bug
where the sign buffer can get free'd and nullified while
it's still being used.
This commit corrects the bug by introducing a boolean to
track whether or not the sign buffer should be freed in
the function exit path.
Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-by: Alon Levy <alon@pobox.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Ray Strode [Sun, 19 Oct 2014 02:12:48 +0000 (22:12 -0400)]
libcacard: Lock NSS cert db when selecting an applet on an emulated card
When a process in a guest uses an emulated smartcard, libcacard running
on the host passes the PIN from the guest to the PK11_Authenticate NSS
function. The first time PK11_Authenticate is called the passed in PIN
is used to unlock the certificate database. Subsequent calls to
PK11_Authenticate will transparently succeed, regardless of the passed in
PIN. This is a convenience for applications provided by NSS.
Of course, the guest may have many applications using the one emulated
smart card all driven from the same host QEMU process. That means if a
user enters the right PIN in one program in the guest, and then enters the
wrong PIN in another program in the guest, the wrong PIN will still
successfully unlock the virtual smartcard.
This commit forces the NSS certificate database to be locked anytime an
applet is selected on an emulated smartcard by calling vcard_emul_logout.
Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-By: Robert Relyea <rrelyea@redhat.com> Reviewed-By: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Ray Strode [Sun, 19 Oct 2014 02:12:47 +0000 (22:12 -0400)]
libcacard: introduce new vcard_emul_logout
vcard_emul_reset currently only logs NSS out, but there is a TODO
for potentially sending insertion/removal events when powering down
or powering up.
For clarity, this commit moves the current guts of vcard_emul_reset to
a new vcard_emul_logout function which will never send insertion/removal
events. The vcard_emul_reset function now just calls vcard_emul_logout,
but also retains its TODO for watching power state transitions and sending
insertion/removal events.
Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-By: Robert Relyea <rrelyea@redhat.com> Reviewed-By: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Thu, 23 Oct 2014 13:29:37 +0000 (15:29 +0200)]
gtk: drop gtk_widget_set_double_buffered call
Dunno why it is here. Removing it seems to have no ill side effects.
It is depricated in 3.14+. In some cases it has no effect since 3.10
according to the docs:
Gerd Hoffmann [Mon, 6 Oct 2014 09:58:22 +0000 (11:58 +0200)]
vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change
in behavior: We don't try to automatically fixup rectangles any more.
In case we find invalid update requests we'll do a full-screen update
instead.
Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Don Koch <dkoch@verizon.com>
Gerd Hoffmann [Mon, 6 Oct 2014 09:42:34 +0000 (11:42 +0200)]
vmware-vga: CVE-2014-3689: turn off hw accel
Quick & easy stopgap for CVE-2014-3689: We just compile out the
hardware acceleration functions which lack sanity checks. Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.
Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.
Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Don Koch <dkoch@verizon.com>
Commit 6d32717 "aio / timers: Remove alarm timers" has issues:
1. It silently ignores -clock for backward compatibility.
Incompatible change: -clock help no longer terminates the program.
Tolerable.
2. Failed to update option documentation. In particular, -help still
advises users to try -clock help for available timers. Drop all
documentation on -clock.
3. The 'query-alarm-clock' example in docs/writing-commands.txt no
longer works, and needs to be redone. Can't do that right now, so I
just stick in a FIXME.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Bin Wu [Sat, 25 Oct 2014 02:43:44 +0000 (02:43 +0000)]
hw/scsi/virtio-scsi.c: fix the "type" use error in virtio_scsi_handle_ctrl
The local variable "type" in virtio_scsi_handle_ctl represents the tmf
command type from the guest and it has the same meaning as the
req->req.tmf.type. However, before the invoking of virtio_scsi_parse_req
the req->req.tmf.type doesn't has the correct value(just initialized to
zero). Therefore, we need to use the "type" variable to judge the case.
Cc: qemu-stable@nongnu.org Signed-off-by: Bin Wu <wu.wubin@huawei.com>
[Actually make it compile, "type" must be uint32_t in order to pass
it to virtio_tswap32s. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jan Kiszka [Mon, 27 Oct 2014 14:13:02 +0000 (14:13 +0000)]
Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously"
This reverts commit 15124e142034d21341ec9f1a304a1dc5a6c25681. It breaks
debuggability of qemu and is no longer needed as the problem has
now been addressed in a different way.
Instead we provide a comment about why these signals must be
handled asynchronously.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
[PMM: added comment] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jan Kiszka [Mon, 27 Oct 2014 14:05:10 +0000 (14:05 +0000)]
Make qemu_shutdown_requested signal-safe
qemu_shutdown_requested may be interrupted by qemu_system_killed. If the
latter sets shutdown_requested after qemu_shutdown_requested has read it
but before it was cleared, the shutdown event is lost. Fix this by using
atomic_xchg.
This provides a different fix for the problem which commit 15124e142
attempts to deal with. That commit breaks use of ^C to drop into gdb,
and so this approach is better (and 15124e142 can be reverted).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
[PMM: commit message tweak] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / qemu-upstream-unstable.git / log