Jeff Cody [Wed, 26 Mar 2014 12:05:39 +0000 (13:05 +0100)]
vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)
Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.
The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB.
LogicalSectorSize is required to be either 512 or 4096 bytes.
Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Jeff Cody [Fri, 28 Mar 2014 15:42:24 +0000 (11:42 -0400)]
vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144)
The maximum blocks_in_image is 0xffffffff / 4, which also limits the
maximum disk_size for a VDI image to 1024TB. Note that this is the maximum
size that QEMU will currently support with this driver, not necessarily the
maximum size allowed by the image format.
Jeff Cody [Wed, 26 Mar 2014 12:05:36 +0000 (13:05 +0100)]
vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144)
This adds checks to make sure that max_table_entries and block_size
are in sane ranges. Memory is allocated based on max_table_entries,
and block_size is used to calculate indices into that allocated
memory, so if these values are incorrect that can lead to potential
unbounded memory allocation, or invalid memory accesses.
Also, the allocation of the pagetable is changed from g_malloc0()
to qemu_blockalign().
Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 26 Mar 2014 12:05:35 +0000 (13:05 +0100)]
bochs: Fix bitmap offset calculation
32 bit truncation could let us access the wrong offset in the image.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 26 Mar 2014 12:05:34 +0000 (13:05 +0100)]
bochs: Check extent_size header field (CVE-2014-0142)
This fixes two possible division by zero crashes: In bochs_open() and in
seek_to_sector().
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 26 Mar 2014 12:05:33 +0000 (13:05 +0100)]
bochs: Check catalog_size header field (CVE-2014-0143)
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 26 Mar 2014 12:05:32 +0000 (13:05 +0100)]
bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
Gets us rid of integer overflows resulting in negative sizes which
aren't correctly checked.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 26 Mar 2014 12:05:31 +0000 (13:05 +0100)]
bochs: Unify header structs and make them QEMU_PACKED
This is an on-disk structure, so offsets must be accurate.
Before this patch, sizeof(bochs) != sizeof(header_v1), which makes the
memcpy() between both invalid. We're lucky enough that the destination
buffer happened to be the larger one, and the memcpy size to be taken
from the smaller one, so we didn't get a buffer overflow in practice.
This patch unifies the both structures, eliminating the need to do a
memcpy in the first place. The common fields are extracted to the top
level of the struct and the actually differing part gets a union of the
two versions.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Kevin Wolf [Wed, 26 Mar 2014 12:05:30 +0000 (13:05 +0100)]
qemu-iotests: Support for bochs format
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 26 Mar 2014 12:05:29 +0000 (13:05 +0100)]
block/cloop: fix offsets[] size off-by-one
cloop stores the number of compressed blocks in the n_blocks header
field. The file actually contains n_blocks + 1 offsets, where the extra
offset is the end-of-file offset.
The following line in cloop_read_block() results in an out-of-bounds
offsets[] access:
This patch allocates and loads the extra offset so that
cloop_read_block() works correctly when the last block is accessed.
Notice that we must free s->offsets[] unconditionally now since there is
always an end-of-file offset.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 26 Mar 2014 12:05:28 +0000 (13:05 +0100)]
block/cloop: refuse images with bogus offsets (CVE-2014-0144)
The offsets[] array allows efficient seeking and tells us the maximum
compressed data size. If the offsets are bogus the maximum compressed
data size will be unrealistic.
This could cause g_malloc() to abort and bogus offsets mean the image is
broken anyway. Therefore we should refuse such images.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 26 Mar 2014 12:05:27 +0000 (13:05 +0100)]
block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
Limit offsets_size to 512 MB so that:
1. g_malloc() does not abort due to an unreasonable size argument.
2. offsets_size does not overflow the bdrv_pread() int size argument.
This limit imposes a maximum image size of 16 TB at 256 KB block size.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
offsets_size can be smaller than n_blocks due to integer overflow.
Therefore s->offsets[] is too small when the for loop byteswaps offsets.
This patch refuses to open files if offsets_size would overflow.
Note that changing the type of offsets_size is not a fix since 32-bit
hosts still only have 32-bit size_t.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 26 Mar 2014 12:05:25 +0000 (13:05 +0100)]
block/cloop: validate block_size header field (CVE-2014-0144)
Avoid unbounded s->uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value. Also enforce the
assumption that the value is a non-zero multiple of 512.
These constraints conform to cloop 2.639's code so we accept existing
image files.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 26 Mar 2014 12:05:24 +0000 (13:05 +0100)]
qemu-iotests: add cloop input validation tests
Add a cloop format-specific test case. Later patches add tests for
input validation to the script.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 26 Mar 2014 12:05:23 +0000 (13:05 +0100)]
qemu-iotests: add ./check -cloop support
Add the cloop block driver to qemu-iotests.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Steven Noonan [Fri, 28 Mar 2014 16:19:02 +0000 (17:19 +0100)]
configure: add option to disable -fstack-protector flags
The -fstack-protector flag family is useful for ensuring safety and for
debugging, but has a performance impact. Here are some boot time comparisons of
the various versions of -fstack-protector using qemu-system-arm on an x86_64
host:
This patch introduces a configure option to disable the stack protector
entirely, and conditional stack protector flag selection (in order,
based on availability): -fstack-protector-strong, -fstack-protector-all,
no stack protector.
Signed-off-by: Steven Noonan <snoonan@amazon.com> Cc: Anthony Liguori <aliguori@amazon.com> Reviewed-by: Stefan Weil <sw@weilnetz.de>
[Prefer -fstack-protector-all to -fstack-protector, suggested by
Laurent Desnogues. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cole Robinson [Mon, 31 Mar 2014 18:31:44 +0000 (14:31 -0400)]
pci: Fix clearing IRQs on reset
irq_state is cleared before calling pci_device_deassert_intx, but the
latter misbehaves if the former isn't accurate. In this case, any raised
IRQs are not cleared, which hits an assertion in pcibus_reset:
pci_device_deassert_intx should clear irq_state anyways, so add
an assert.
This fixes migration with usb2 + usb-tablet.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Message-id: 7da1ad94ce027183b4049c2de370cb191b0073c1.1396290569.git.crobinso@redhat.com Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 31 Mar 2014 17:47:14 +0000 (18:47 +0100)]
Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-2.0' into staging
QOM CPUState refactorings / X86CPU
* X86CPU IA32e 1GB paging support
* Performance quickfix for CPU() cast macro
# gpg: Signature made Mon 31 Mar 2014 18:33:27 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-cpu-for-2.0:
cpu: Avoid QOM casts for CPU()
target-i386: x86_cpu_get_phys_page_debug(): support 1GB page translation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andreas Färber [Fri, 28 Mar 2014 15:25:07 +0000 (16:25 +0100)]
cpu: Avoid QOM casts for CPU()
CPU address spaces touching load and store helpers as well as the
movement of (almost) all fields from CPU_COMMON to CPUState have led to
a noticeable increase of CPU() usage in "hot" paths for both TCG and KVM.
While CPU()'s OBJECT_CHECK() might help detect development errors, i.e.
in form of crashes due to QOM vs. non-QOM mismatches rather than QOM
type mismatches, it is not really needed at runtime since mostly used in
CPU-specific paths, coming from a target-specific CPU subtype. If that
pointer is damaged, other errors are highly likely to occur elsewhere
anyway.
Keep the CPU() macro for a consistent developer experience and for
flexibility to exchange its implementation, but turn it into a pure,
unchecked C cast for now.
Luiz Capitulino [Wed, 19 Mar 2014 21:03:53 +0000 (17:03 -0400)]
target-i386: x86_cpu_get_phys_page_debug(): support 1GB page translation
Linux guests, when using more than 4GB of RAM, may end up using 1GB pages
to store (kernel) data. When this happens, we're unable to debug a running
Linux kernel with GDB:
(gdb) p node_data[0]->node_id
Cannot access memory at address 0xffff88013fffd3a0
(gdb)
GDB returns this error because x86_cpu_get_phys_page_debug() doesn't support
translating 1GB pages in IA-32e paging mode and returns an error to GDB.
This commit adds support for 1GB page translation for IA32e paging.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Peter Maydell [Fri, 28 Mar 2014 13:46:28 +0000 (13:46 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi,pc,build bug fixes
Here are some bugfixes for 2.0.
A bugfix for acpi for pci bridges, and a build fix for
old systems without pthread_setname_np: both fix regressions
so we definitely want to include them.
HPET fix is not for a regression but looks very safe,
fixes a nasty bug and has been on list for a while.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 28 Mar 2014 12:00:12 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi: fix ACPI generation for pci bridges
Don't enable a HPET timer if HPET is disabled
Detect pthread_setname_np at configure time
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Marcel Apfelbaum [Thu, 27 Mar 2014 15:35:36 +0000 (17:35 +0200)]
acpi: fix ACPI generation for pci bridges
Commit 8dcf525abc5dff785251a881f9764dd961065c0d
acpi-build: append description for non-hotplug
appended description for all occupied non hotpluggable PCI slots.
However the bridge devices are already added to SSDT,
adding them again will create an incorrect SSDT table.
Fixed by skipping the pci bridge devices, marking them as 'system'.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Thu, 27 Mar 2014 17:08:30 +0000 (17:08 +0000)]
Merge remote-tracking branch 'remotes/afaerber/tags/ppc-for-2.0' into staging
PowerPC queue for 2.0
* OpenPIC fix
* MSR fixes for POWER7 upwards
* TCG instruction set support fix for POWER8
# gpg: Signature made Thu 27 Mar 2014 16:12:12 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/ppc-for-2.0:
target-ppc: MSR_POW not supported on POWER7/7+/8
target-ppc: POWER7+ supports the MSR_VSX bit
target-ppc: POWER8 supports isel
target-ppc: POWER8 supports the MSR_LE bit
intc/openpic_kvm: Fix MemListener delete region callback function
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 27 Mar 2014 16:38:58 +0000 (16:38 +0000)]
Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-2014-03-27' into staging
trivial patches for 2014-03-27
# gpg: Signature made Thu 27 Mar 2014 15:23:53 GMT using RSA key ID 74F0C838
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: E190 8639 3B10 B51B AC2C 8B73 5253 C5AD 74F0 C838
* remotes/mjt/tags/trivial-patches-2014-03-27: (23 commits)
linux-user: remove duplicate statement
hw/timer/grlib_gptimer: remove unnecessary assignment
hw/pci-host/apb.c: Avoid shifting left into sign bit
hw/intc/xilinx_intc: Avoid shifting left into sign bit
hw/intc/slavio_intctl: Avoid shifting left into sign bit
tests/libqos/pci-pc: Avoid shifting left into sign bit
hw/ppc: Avoid shifting left into sign bit
hw/intc/openpic: Avoid shifting left into sign bit
hw/usb/hcd-ohci.c: Avoid shifting left into sign bit
target-mips: Avoid shifting left into sign bit
hw/i386/acpi_build.c: Avoid shifting left into sign bit
hw/pci/pci_host.c: Avoid shifting left into sign bit
hw/intc/apic.c: Use uint32_t for mask word in foreach_apic
target-i386: Avoid shifting left into sign bit
CODING_STYLE: Section about mixed declarations
doc: update default PowerPC framebuffer settings
doc: update sun4m documentation
fix return check for KVM_GET_DIRTY_LOG ioctl
target-i386: Add missing 'static' and 'const' attributes
util: Add 'static' attribute to function implementation
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Matt Lupfer [Sat, 22 Feb 2014 04:37:23 +0000 (21:37 -0700)]
Don't enable a HPET timer if HPET is disabled
A HPET timer can be started when HPET is not yet
enabled. This will not generate an interrupt
to the guest, but causes problems when HPET is later
enabled.
A timer that is created and expires at least once before
HPET is enabled will have an initialized comparator based
on a hpet_offset of 0 (uninitialized). When HPET is
enabled, hpet_set_timer() is called a second time, which
modifies the timer expiry to a time based on the
difference between current ticks (measured with the
newly initialized hpet_offset) and the timer's
comparator (which was generated before hpet_offset was
initialized). This results in a long period of no HPET
timer ticks.
When this occurs with a CentOS 5.x guest, the guest
may not receive timer interrupts during its narrow
timer check window and panic on boot.
Signed-off-by: Matt Lupfer <mlupfer@ddn.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Warn if no way of setting thread name is available.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Thu, 27 Mar 2014 15:29:33 +0000 (15:29 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20140327' into staging
target-arm queue:
* Don't default to integratorcp board if no machine specified
# gpg: Signature made Thu 27 Mar 2014 14:09:12 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140327:
vl.c: Improve message when no default machine is found
hw/arm: Stop specifying integratorcp as the default board
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 17 Mar 2014 16:00:37 +0000 (16:00 +0000)]
hw/ppc: Avoid shifting left into sign bit
Add U suffix to various places where we were doing "1 << 31",
which is undefined behaviour, and also to other constant
definitions in the same groups, for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2014 16:00:36 +0000 (16:00 +0000)]
hw/intc/openpic: Avoid shifting left into sign bit
Add U suffix to avoid undefined behaviour. This is only strictly
necessary for the 1 << 31 cases; for consistency we extend it
to other constants in the same group.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2014 16:00:35 +0000 (16:00 +0000)]
hw/usb/hcd-ohci.c: Avoid shifting left into sign bit
Add U suffix to avoid undefined behaviour. This is only
strictly necessary for the 1<<31 cases, but we add it for the
other constants in these groups for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2014 16:00:33 +0000 (16:00 +0000)]
hw/i386/acpi_build.c: Avoid shifting left into sign bit
Add U suffix to avoid undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2014 16:00:32 +0000 (16:00 +0000)]
hw/pci/pci_host.c: Avoid shifting left into sign bit
Add U suffix to avoid undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2014 16:00:31 +0000 (16:00 +0000)]
hw/intc/apic.c: Use uint32_t for mask word in foreach_apic
Use unsigned arithmetic for operations on the mask word
in the foreach_apic() macro, to avoid relying on undefined
behaviour when shifting into the sign bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2014 16:00:30 +0000 (16:00 +0000)]
target-i386: Avoid shifting left into sign bit
Add 'U' suffixes where necessary to avoid (1 << 31) which
shifts left into the sign bit, which is undefined behaviour.
Add the suffix also for other constants in the same groupings
even if they don't shift into bit 31, for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Eduardo Habkost [Mon, 17 Mar 2014 18:26:31 +0000 (15:26 -0300)]
CODING_STYLE: Section about mixed declarations
We had an unwritten rule about declarations having to be at beginning of
blocks. Make it a written rule.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Mario Smarduch [Wed, 19 Mar 2014 17:24:26 +0000 (10:24 -0700)]
fix return check for KVM_GET_DIRTY_LOG ioctl
Fix return condition check from kvm_vm_ioctl(s, KVM_GET_DIRTY_LOG, &d) to
handle internal failures or no support for memory slot dirty bitmap.
Otherwise the ioctl succeeds and continues with migration.
Addresses BUG# 1294227
Signed-off-by: Mario Smarduch <m.smarduch@samsung.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Anton Blanchard [Tue, 25 Mar 2014 02:40:29 +0000 (13:40 +1100)]
target-ppc: MSR_POW not supported on POWER7/7+/8
Remove MSR_POW from the msr_mask for POWER7/7P/8.
Signed-off-by: Anton Blanchard <anton@samba.org> Reviewed-by: Cédric Le Goater <clg@fr.ibm.com> Tested-by: Cédric Le Goater <clg@fr.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Anton Blanchard [Tue, 25 Mar 2014 02:40:28 +0000 (13:40 +1100)]
target-ppc: POWER7+ supports the MSR_VSX bit
Without MSR_VSX we die early during a Linux boot.
Signed-off-by: Anton Blanchard <anton@samba.org> Reviewed-by: Cédric Le Goater <clg@fr.ibm.com> Tested-by: Cédric Le Goater <clg@fr.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Anton Blanchard [Tue, 25 Mar 2014 02:40:27 +0000 (13:40 +1100)]
target-ppc: POWER8 supports isel
Add PPC_ISEL to insns_flags.
Signed-off-by: Anton Blanchard <anton@samba.org> Reviewed-by: Cédric Le Goater <clg@fr.ibm.com> Tested-by: Cédric Le Goater <clg@fr.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Anton Blanchard [Tue, 25 Mar 2014 02:40:26 +0000 (13:40 +1100)]
target-ppc: POWER8 supports the MSR_LE bit
Add MSR_LE to the msr_mask for POWER8.
Signed-off-by: Anton Blanchard <anton@samba.org> Reviewed-by: Cédric Le Goater <clg@fr.ibm.com> Tested-by: Cédric Le Goater <clg@fr.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
Peter Maydell [Thu, 27 Mar 2014 14:00:52 +0000 (14:00 +0000)]
hw/arm: Stop specifying integratorcp as the default board
Currently for both qemu-system-arm and qemu-system-aarch64
the default board model if the user doesn't specify one
is the 'integratorcp'. This is a totally arbitrary historical
accident since it was the first board to be modelled.
That board is now just one target among many for us, and
is a very poor choice of default:
* it's an ancient board that is now only found in the
junkpiles of longtime ARM/Linux hackers, if at all
* it's an ARMv5 CPU, when most distros are now assuming
ARMv7
* it's pretty much unmaintained in QEMU
* it doesn't even have versatilepb's advantage of
supporting PCI
Making it or any other board the default serves only
to confuse people new to ARM who expect something more
like the x86 monoculture. Remove the is_default marker
from integratorcp, and don't set it for any other board,
to give users a nudge that they need to think about
which board they want a QEMU model of. (QEMU will produce
the admittedly slightly cryptic error "No machine found.")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Wed, 26 Mar 2014 15:15:19 +0000 (15:15 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi,virtio bug fixes
Two bugfixes for virtio-net, and one for a recent
regression in acpi.
Both issues have been reported in the wild, so
I think it's preferable to merge these ASAP so
that reporters can make sure RC fixes their issue.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Wed 26 Mar 2014 10:52:16 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
virtio-net: add vlan receive state to RxFilterInfo
virtio-net: Do not filter VLANs without F_CTRL_VLAN
Revert "acpi-test: rebuild SSDT"
acpi: make SSDT 1.0 spec compliant when possible
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
James Hogan [Tue, 25 Mar 2014 21:47:28 +0000 (21:47 +0000)]
linux-user: Correct DLINFO_ITEMS
Commit a07c67dfccb1 (Implement AT_CLKTCK.) back in March 2008 added a
new auxvec entry but didn't increment DLINFO_ITEMS, so it's been out of
sync ever since.
Bump it up to 14 so that it matches the number of NEW_AUX_ENT's that
need to be counted in create_elf_tables().
Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Riku Voipio <riku.voipio@iki.fi> Cc: Paul Brook <paul@codesourcery.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Amos Kong [Wed, 26 Mar 2014 00:19:43 +0000 (08:19 +0800)]
virtio-net: add vlan receive state to RxFilterInfo
Stefan Fritsch just fixed a virtio-net driver bug [1], virtio-net won't
filter out VLAN-tagged packets if VIRTIO_NET_F_CTRL_VLAN isn't negotiated.
This patch added a new field to @RxFilterInfo to indicate vlan receive
state ('normal', 'none', 'all'). If VIRTIO_NET_F_CTRL_VLAN isn't
negotiated, vlan receive state will be 'all', then all VLAN-tagged packets
will be received by guest.
This patch also fixed a boundary issue in visiting vlan table.
Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Stefan Fritsch [Wed, 26 Mar 2014 10:29:52 +0000 (18:29 +0800)]
virtio-net: Do not filter VLANs without F_CTRL_VLAN
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the OpenBSD driver started as a port from NetBSD).
Signed-off-by: Stefan Fritsch <sf@sfritsch.de> Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The ASL compiler can emit two different AML opcodes for a Package
declaration, either PackageOp or VarPackageOp. For small, fixed-length
packages, the PackageOp is used and this opcode is compatible with ACPI
1.0. A VarPackageOp will be emitted if any of the following conditions
are true:
. The NumElements argument is a TermArg that can only be resolved at
runtime.
. At compile time, NumElements resolves to a constant that is larger than
255.
. The PackageList contains more than 255 initializer elements.
Note: The ability to create variable-sized packages was first introduced
in ACPI 2.0. ACPI 1.0 only allowed fixed-size packages with up to 255 elements.
So the spec seems to say a fixed value up to 255 must always
be used with PackageOp and not VarPackageOp, and some guests
(windows up to win2k8) seem to interpret it like this.
Let's do just this, choosing the encoding depending on
the number of elements.
Petar Jovanovic [Tue, 25 Mar 2014 13:35:18 +0000 (14:35 +0100)]
target-mips: fix MTHC1 and MFHC1 when FPU in FR=0 mode
Previous implementation presumed that FPU registers are 64-bit and are
working in 64-bit mode. This change first checks MIPS_HFLAG_F64 and if not
set, it does load/store from the odd numbered register pair.
Patch by Matthew Fortune.
Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com> Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Maydell [Tue, 25 Mar 2014 18:30:52 +0000 (18:30 +0000)]
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-pci-for-qemu-20140325.0' into staging
A couple trivial fixes for QEMU 2.0:
- Coding correction that allowed attempts to read the device
ROM after we'd already marked it failed (Bandan)
- Cosmetic error reporting fixes to remove unnecessary new lines
and fix a cut-n-paste wording error (Alex)
# gpg: Signature made Tue 25 Mar 2014 18:18:57 GMT using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found
* remotes/awilliam/tags/vfio-pci-for-qemu-20140325.0:
vfio: Cosmetic error reporting fixes
vfio: Correction in vfio_rom_read when attempting rom loading
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 25 Mar 2014 17:49:45 +0000 (17:49 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging
Net patches
# gpg: Signature made Tue 25 Mar 2014 15:02:48 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/net-pull-request:
net: netmap_poll must update both read/write poll state
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 25 Mar 2014 15:23:08 +0000 (15:23 +0000)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Block pull request
# gpg: Signature made Tue 25 Mar 2014 14:34:45 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
mirror: fix early wake from sleep due to aio
mirror: fix throttling delay calculation
Fixed various typos
qemu-img: mandate argument to 'qemu-img check --repair'
osdep: initialize glib threads in all QEMU tools
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bandan Das [Tue, 25 Mar 2014 14:24:20 +0000 (08:24 -0600)]
vfio: Correction in vfio_rom_read when attempting rom loading
commit e638073c569e801ce9de added a flag to track whether
a previous rom read had failed. Accidentally, the code
ended up adding vfio_load_option_rom twice. (Thanks to Alex
for spotting it)
Signed-off-by: Bandan Das <bsd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Stefan Hajnoczi [Fri, 21 Mar 2014 12:55:19 +0000 (13:55 +0100)]
mirror: fix early wake from sleep due to aio
The mirror blockjob coroutine rate-limits itself by sleeping. The
coroutine also performs I/O asynchronously so it's important that the
aio callback doesn't wake the coroutine early as that breaks
rate-limiting.
Reported-by: Joaquim Barrera <jbarrera@ac.upc.edu> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Paolo Bonzini [Fri, 21 Mar 2014 12:55:18 +0000 (13:55 +0100)]
mirror: fix throttling delay calculation
The throttling delay calculation was using an inaccurate sector count to
calculate the time to sleep. This broke rate-limiting for the block
mirror job.
Move the delay calculation into mirror_iteration() where we know how
many sectors were transferred. This lets us calculate an accurate delay
time.
Reported-by: Joaquim Barrera <jbarrera@ac.upc.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Prasad Joshi [Mon, 24 Mar 2014 18:38:54 +0000 (00:08 +0530)]
qemu-img: mandate argument to 'qemu-img check --repair'
qemu-img check --repair option accepts an argument. The argument to
--repair switch can either be 'all' or 'leak'. Fix the long option to
mandate argument with --repair switch.
The patch fixes following segmentation fault
Core was generated by `qemu-img check -f qcow2 --repair all t.qcow2'.
Program terminated with signal 11, Segmentation fault.
0 in img_check (argc=6, argv=0x7fffab9b8a10) at qemu-img.c:588
588 if (!strcmp(optarg, "leaks")) {
(gdb) bt
0 img_check (argc=6, argv=0x7fffab9b8a10) at qemu-img.c:588
1 __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
2 _start ()
(gdb)
Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com> Reviewed-by: Leandro Dorileo <l@dorileo.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 8 Oct 2013 09:58:31 +0000 (11:58 +0200)]
osdep: initialize glib threads in all QEMU tools
glib versions prior to 2.31.0 require an explicit g_thread_init() call
to enable multi-threading.
Failure to initialize threading causes glib to take single-threaded code
paths without synchronization. For example, the g_slice allocator will
crash due to race conditions.
Fix this for all QEMU tool programs (qemu-nbd, qemu-io, qemu-img) by
moving the g_thread_init() call from vl.c:main() into a new
osdep.c:thread_init() constructor function.
thread_init() has __attribute__((constructor)) and is automatically
invoked by the runtime during startup.
We can now drop the "simple" trace backend's g_thread_init() call since
thread_init() already called it.
Note that we must keep coroutine-gthread.c's g_thread_init() call which
is located in a constructor function. There is no guarantee for
constructor function ordering so thread_init() may only be called later.
Reported-by: Mario de Chenno <mario.dechenno@unina2.it> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Mon, 24 Mar 2014 19:00:02 +0000 (19:00 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
acpi,pc,test bug fixes
More small fixes all over the place.
Notably fixes for big-endian hosts by Marcel.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 24 Mar 2014 10:41:07 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
tests/acpi-test: do not fail if iasl is broken
vl.c: Use MAX_CPUMASK_BITS macro instead of hardcoded constant
sysemu.h: Document what MAX_CPUMASK_BITS really limits
acpi: fix endian-ness for table ids
acpi-test: signature endian-ness fixes
i386/acpi-build: support hotplug of VCPU with APIC ID 0xFF
acpi-test: rebuild SSDT
i386/acpi-build: allow more than 255 elements in CPON
pc: Refuse max_cpus if it results in too large APIC ID
acpi: Don't use MAX_CPUMASK_BITS for APIC ID bitmap
acpi: Assert sts array limit on AcpiCpuHotplug_add()
pc: Refuse CPU hotplug if the resulting APIC ID is too large
acpi: Add ACPI_CPU_HOTPLUG_ID_LIMIT macro
acpi-test: update expected SSDT files
acpi-build: fix misaligned access
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
backends/baum.c: Fix compilation when SDL is not available.
backends/baum.c: In function ‘chr_baum_init’:
backends/baum.c:569:64: error: missing binary operator before token "("
#if defined(CONFIG_SDL) && SDL_COMPILEDVERSION < SDL_VERSIONNUM(2, 0, 0)
^
backends/baum.c:598:64: error: missing binary operator before token "("
#if defined(CONFIG_SDL) && SDL_COMPILEDVERSION < SDL_VERSIONNUM(2, 0, 0)
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 1395437377-5779-1-git-send-email-rjones@redhat.com Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 21 Mar 2014 18:44:36 +0000 (18:44 +0000)]
target-arm: Load ELF images with the correct machine type for CPU
When trying to load an ELF file specified via -kernel, we need to
pass load_elf() the ELF machine type corresponding to the CPU we're
booting with, not the one corresponding to the softmmu binary
we happen to be running. (The two are different in the case of
loading a 32-bit ARM ELF file into a 32 bit CPU being emulated
by qemu-system aarch64.) This was causing us to incorrectly fail
to load ELF images in this situation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1395427476-25546-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Mar 2014 15:59:02 +0000 (15:59 +0000)]
target-arm: Fix A64 Neon MLS
The order of operands for the accumulate step in disas_simd_3same_int()
was reversed. This only affected the MLS instruction, since all the
other accumulating instructions in this category perform an addition
rather than a subtraction.
projects / lisovros / qemu_apohw.git / log