2014-03-26 5:35 GMT+08:00 Eric Blake ebl...@redhat.com:
On 03/21/2014 04:12 AM, Chunyan Liu wrote:
Add two temp convert functions between QEMUOptionParameter to QemuOpts,
s/convert/conversion/ here and in subject
so that next patch can use it. It will simplify later patch for easier
On Wed, Mar 26, 2014 at 08:19:43AM +0800, Amos Kong wrote:
Stefan Fritsch just fixed a virtio-net driver bug [1], virtio-net won't
filter out VLAN-tagged packets if VIRTIO_NET_F_CTRL_VLAN isn't negotiated.
Yes but that fix is unfortunately wrong as it tests guest_features
on reset.
How about
Public bug reported:
Environment:
Host OS (ia32/ia32e/IA64):ia32e
Guest OS (ia32/ia32e/IA64):ia32e
Guest OS Type (Linux/Windows):Windows
kvm.git Commit:94b3ffcd41a90d2cb0b32ca23aa58a0d5dc0
qemu-kvm Commit:839a5547574e57cce62f49bfc50fe1f04b00589a
Host Kernel Version:3.14.0-rc3
Hi,
I also encounter the same problem. When I use the Qemu mainline and with
-machine pc-i440fx-2.0, the win7 guest will show blue screen, and give me
The BIOS in this system is not fully ACPI compliant. Please contact your system
Vendor for an updated BIOS.
Technical information:
*** STOP:
Hi,
I also encounter the same problem. When I use the Qemu mainline and with
-machine pc-i440fx-2.0, the win7 guest will show blue screen, and give me
The BIOS in this system is not fully ACPI compliant. Please contact your system
Vendor for an updated BIOS.
Technical information:
*** STOP:
2014-03-26 3:25 GMT+08:00 Leandro Dorileo l...@dorileo.org:
On Fri, Mar 21, 2014 at 06:12:23PM +0800, Chunyan Liu wrote:
In QEMUOptionParameter and QemuOptsList conversion, 'assigned' info
is lost. In current code, only qcow2 amend uses 'assigned' for a check.
It will be broken after next
On Mi, 2014-03-26 at 11:57 +0800, arei.gong...@huawei.com wrote:
From: Gonglei arei.gong...@huawei.com
UHCI emulation polls the device at a freq of 1000HZ, which consumes
12~13% CPU even though a Windows guest is completely idle when the guest
was configed usb1.1 tablet devcie. This solution
-Original Message-
From: Gerd Hoffmann [mailto:kra...@redhat.com]
Sent: Wednesday, March 26, 2014 3:59 PM
To: Gonglei (Arei)
Cc: qemu-devel@nongnu.org; Huangweidong (C)
Subject: Re: [PATCH] uhci: Lower uhci timer freq when guest is idle
On Mi, 2014-03-26 at 11:57 +0800,
On 25/03/14 13:37, Paolo Bonzini wrote:
Il 25/03/2014 04:19, Gonglei (Arei) ha scritto:
Based on discussions in:
http://lists.gnu.org/archive/html/qemu-devel/2013-11/threads.html#03322
About KVM_SET_GSI_ROUTING ioctl, I tested changing RCU to SRCU, but
unfortunately
it looks like SRCU's
Based on discussions in:
http://lists.gnu.org/archive/html/qemu-devel/2013-11/threads.html#03322
About KVM_SET_GSI_ROUTING ioctl, I tested changing RCU to SRCU, but
unfortunately
it looks like SRCU's grace period is no better than RCU.
Really? This is not what Christian Borntraeger
On Tue, Mar 25, 2014 at 10:35:28AM +, Anton Ivanov wrote:
On 25/03/14 10:17, Stefan Hajnoczi wrote:
On Mon, Mar 24, 2014 at 11:56:16AM +, anton.iva...@kot-begemot.co.uk
wrote:
1. Correct buffering and corect poll FSM
Current qemu queue logic assumes single packet inputs, not
On Tue, Mar 25, 2014 at 02:49:42PM +, Alex Bennée wrote:
Stefan Hajnoczi stefa...@redhat.com writes:
On Mon, Mar 24, 2014 at 05:04:54PM +, alex.ben...@linaro.org wrote:
From: Alex Bennée alex.ben...@linaro.org
This makes the UST backend pay attention to the format string
On my system I have HZ=100 and lots of CPUs. So RCUs every cpu has
scheduled
is certainly slower than SRCUs algorithm
(/*
* We use an adaptive strategy for synchronize_srcu() and especially for
* synchronize_srcu_expedited(). We spin for a fixed time period
* (defined below) to allow
[snip]
So the fact that qemu_send_packet_async() has returned a non-zero does not
mean that we have not paid the price for it :)
A non-zero return is simply an error code from the -receive() function.
In this case the packet is dropped but queuing is unaffected.
The relevant code is in
On Wed, Mar 26, 2014 at 01:55:53AM +0530, Prasad Joshi wrote:
Signed-off-by: Prasad Joshi prasadjoshi.li...@gmail.com
---
qemu-img.c | 1 +
1 file changed, 1 insertion(+)
Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block
Stefan
* Michael S. Tsirkin (m...@redhat.com) wrote:
On Tue, Mar 25, 2014 at 08:17:11PM +, Dr. David Alan Gilbert (git) wrote:
snip
5) At the moment you select BER output format by setting an environment
variable ( export QEMUMIGFORMAT=BER ) , I need to put more thought
in to
Peter Lieven p...@kamp.de writes:
this patch tries to optimize zero write requests
by automatically using bdrv_write_zeroes if it is
supported by the format.
this should significantly speed up file system initialization and
should speed zero write test used to test backend storage
On Tue, Mar 25, 2014 at 04:44:48PM +0800, Li, Zhen-Hua wrote:
From: Li, ZhenHua zhen-h...@hp.com
In virtio-blk module, when there is new request, new req structure
will be created by malloc. Use a req pool instead of this, will increase
performance;
Increacement: about 5% to 10%.
On Tue, Mar 25, 2014 at 01:26:05PM +0100, Stefan Hajnoczi wrote:
From: Frank Ch. Eigler f...@redhat.com
SystemTap sdt.h sometimes results in compiled probes without sufficient
information to extract arguments. This can be solved in a slightly
hacky way by encouraging the compiler to place
On Wed, Mar 26, 2014 at 06:45:10AM -, Robert Hu wrote:
CCing Laszlo, Michael, and Marcel for ACPI
Public bug reported:
Environment:
Host OS (ia32/ia32e/IA64):ia32e
Guest OS (ia32/ia32e/IA64):ia32e
Guest OS Type (Linux/Windows):Windows
kvm.git
On 15.03.2014 03:48, Richard Henderson wrote:
Loading an qemu pointer as an immediate happens often. E.g.
- exit_tb $0x7fa8140013
+ exit_tb $0x7f81ee0013
...
- : d2800260mov x0, #0x13
- : f2b50280movkx0, #0xa814, lsl #16
- : f2c00fe0movkx0, #0x7f,
On 15.03.2014 03:48, Richard Henderson wrote:
Some guest env are small enough to reach the tlb with only a 12-bit addition.
Signed-off-by: Richard Henderson r...@twiddle.net
---
tcg/aarch64/tcg-target.c | 28 +++-
1 file changed, 19 insertions(+), 9 deletions(-)
On 15.03.2014 03:48, Richard Henderson wrote:
In some cases, a direct branch will be in range.
Signed-off-by: Richard Henderson r...@twiddle.net
---
tcg/aarch64/tcg-target.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c
Il 26/03/2014 09:22, Gonglei (Arei) ha scritto:
Yes, previously I was using synchronize_srcu, which is not good. When I
changed it to synchronize_srcu_expedited, grace period delay is much better
than synchronize_srcu. Though in our tests, we can still see some impact
of KVM_SET_GSI_ROUTING
On 15.03.2014 03:48, Richard Henderson wrote:
Signed-off-by: Richard Henderson r...@twiddle.net
---
tcg/aarch64/tcg-target.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/tcg/aarch64/tcg-target.c b/tcg/aarch64/tcg-target.c
index 3b8aa7d..26dc1ab 100644
On 15.03.2014 03:48, Richard Henderson wrote:
Making the bswap conditional on the memop instead of a
compile-time test instead.
too many insteads? :)
Signed-off-by: Richard Henderson r...@twiddle.net
---
tcg/aarch64/tcg-target.c | 131
+++
1
On 15.03.2014 03:48, Richard Henderson wrote:
Signed-off-by: Richard Henderson r...@twiddle.net
---
tcg/aarch64/tcg-target.c | 101
++-
tcg/aarch64/tcg-target.h | 2 +-
2 files changed, 39 insertions(+), 64 deletions(-)
diff --git
On 15.03.2014 03:48, Richard Henderson wrote:
Cleaning up the implementation of REV and REV16 at the same time.
Signed-off-by: Richard Henderson r...@twiddle.net
---
tcg/aarch64/tcg-target.c | 22 ++
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git
Il 25/03/2014 19:59, Peter Maydell ha scritto:
Could virt be a sane default for qemu-system-arm?
2.0 might be the right time to change it.
Really I don't think there is a sane default at all for
ARM. Boards are just too different and you must know
which one you want. Anything other than the
Il 25/03/2014 20:26, Peter Maydell ha scritto:
Currently for both qemu-system-arm and qemu-system-aarch64
the default board model if the user doesn't specify one
is the 'integratorcp'. This is a totally arbitrary historical
accident since it was the first board to be modelled.
That board is now
Stefan,
Thank you for your suggestions. I will try g_slice_* and give more
performance testing results.
ZhenHua
On 03/26/2014 05:27 PM, Stefan Hajnoczi wrote:
On Tue, Mar 25, 2014 at 04:44:48PM +0800, Li, Zhen-Hua wrote:
From: Li, ZhenHua zhen-h...@hp.com
In virtio-blk module, when there
Il 26/03/2014 03:02, Li, Zhen-Hua ha scritto:
From: Li, ZhenHua zhen-h...@hp.com
In virtio-blk module, when there is new request, new req structure
will be created by malloc. Use a req pool instead of this, will increase
performance;
Increacement: about 5% to 10%.
Can you try
Sorry I am confused .
There are two ways now:
1. Just use g_slice_new to replace malloc/free.
2. Use a pool as a replacement of frequently create/destroy reqs. And
when create the pool, use g_slice_new.
Which are you meaning?
Thanks
ZhenHua
On 03/26/2014 05:55 PM, Paolo Bonzini wrote:
Il
Il 26/03/2014 10:59, Li, ZhenHua ha scritto:
Sorry I am confused .
There are two ways now:
1. Just use g_slice_new to replace malloc/free.
2. Use a pool as a replacement of frequently create/destroy reqs. And
when create the pool, use g_slice_new.
Which are you meaning?
I think both I and
On Wed, Mar 26, 2014 at 06:45:10AM -, Robert Hu wrote:
Public bug reported:
Environment:
Host OS (ia32/ia32e/IA64):ia32e
Guest OS (ia32/ia32e/IA64):ia32e
Guest OS Type (Linux/Windows):Windows
kvm.git Commit:94b3ffcd41a90d2cb0b32ca23aa58a0d5dc0
qemu-kvm
On Mo, 2014-03-24 at 11:39 +0200, Alon Levy wrote:
The command ring and cursor rings are pushed to by the guest, and
cleared asynchronously by qemu's spice thread. It is easy to have
them non empty by bad guest behaviour, and we must never abort on bad
guest behaviour.
I think we should
On Wed, Mar 26, 2014 at 08:46:35AM +0200, Michael S. Tsirkin wrote:
On Wed, Mar 26, 2014 at 08:19:43AM +0800, Amos Kong wrote:
Stefan Fritsch just fixed a virtio-net driver bug [1], virtio-net won't
filter out VLAN-tagged packets if VIRTIO_NET_F_CTRL_VLAN isn't negotiated.
Yes but that fix
On 26 March 2014 09:51, Paolo Bonzini pbonz...@redhat.com wrote:
It's your call as the maintainer. I certainly wouldn't object to that,
though (perhaps it's my delusion) I would have hoped that virt would have
been a suitable choice for users coming from x86.
It's one option, but it's still
On Wed, Mar 26, 2014 at 07:16:42AM +, Gonglei (Arei) wrote:
Hi,
I also encounter the same problem. When I use the Qemu mainline and with
-machine pc-i440fx-2.0, the win7 guest will show blue screen, and give me
The BIOS in this system is not fully ACPI compliant. Please contact your
Il 26/03/2014 11:37, hu...@cn.fujitsu.com ha scritto:
Signed-off-by: Hu Tao hu...@cn.fujitsu.com
Just a small comment below.
---
qapi/string-output-visitor.c | 236
+++--
tests/test-string-output-visitor.c | 35 ++
2 files changed, 260
On Wed, Mar 26, 2014 at 06:29:52PM +0800, Amos Kong wrote:
From: Stefan Fritsch s...@sfritsch.de
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the
On Wed, Mar 26, 2014 at 06:29:52PM +0800, Amos Kong wrote:
From: Stefan Fritsch s...@sfritsch.de
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the
From: Stefan Fritsch s...@sfritsch.de
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the OpenBSD driver started as a port from NetBSD).
Signed-off-by:
From: Wanlong Gao gaowanl...@cn.fujitsu.com
Add the numa_info structure to contain the numa nodes memory,
VCPUs information and the future added numa nodes host memory
policies.
Reviewed-by: Eduardo Habkost ehabk...@redhat.com
Signed-off-by: Andre Przywara andre.przyw...@amd.com
Signed-off-by:
From: Wanlong Gao gaowanl...@cn.fujitsu.com
If the total number of the assigned numa nodes memory is not
equal to the assigned ram size, it will write the wrong data
to ACPI table, then the guest will ignore the wrong ACPI table
and recognize all memory to one node. It's buggy, we should
check it
From: Paolo Bonzini pbonz...@redhat.com
This option provides the infrastructure for binding guest NUMA nodes
to host NUMA nodes. For example:
-object memory-ram,size=1024M,policy=bind,host-nodes=0,id=ram-node0 \
-numa node,nodeid=0,cpus=0,memdev=ram-node0 \
-object
From: Paolo Bonzini pbonz...@redhat.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
hw/i386/pc.c | 11 +--
hw/i386/pc_piix.c| 8 +++-
hw/i386/pc_q35.c | 4 +---
include/hw/i386/pc.h | 7 +++
4 files changed, 12 insertions(+), 18 deletions(-)
diff
From: Igor Mammedov imamm...@redhat.com
Adds option to -m
size - startup memory amount
For compatibility with legacy CLI if suffix-less number is passed,
it assumes amount in Mb.
Otherwise user is free to use suffixed number using suffixes b,k/K,M,G
Signed-off-by: Igor Mammedov
From: Igor Mammedov imamm...@redhat.com
Provides framework for splitting host RAM allocation/
policies into a separate backend that could be used
by devices.
Initially only legacy RAM backend is provided, which
uses memory_region_init_ram() allocator and compatible
with every CLI option that
From: Paolo Bonzini pbonz...@redhat.com
Follow the lines of the HMP implementation, using OptsVisitor
to parse the options. This gives access to OptsVisitor's
rich parsing of integer lists.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
vl.c | 87
From: Paolo Bonzini pbonz...@redhat.com
Prepare for adding more flags. The _MASK suffix is unique, kill it.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
exec.c | 9 ++---
include/exec/cpu-all.h | 3 ---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git
From: Paolo Bonzini pbonz...@redhat.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
backends/Makefile.objs | 1 +
backends/hostmem-file.c | 108
2 files changed, 109 insertions(+)
create mode 100644 backends/hostmem-file.c
diff --git
From: Paolo Bonzini pbonz...@redhat.com
A new share property can be used with the memory-file backend to
map memory with MAP_SHARED instead of MAP_PRIVATE.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
backends/hostmem-file.c | 26 +-
exec.c | 18
Signed-off-by: Hu Tao hu...@cn.fujitsu.com
---
include/qom/object.h | 18 ++
qom/object.c | 35 +++
2 files changed, 53 insertions(+)
diff --git a/include/qom/object.h b/include/qom/object.h
index a641dcd..2e488f1 100644
---
From: Wanlong Gao gaowanl...@cn.fujitsu.com
Signed-off-by: Wanlong Gao gaowanl...@cn.fujitsu.com
Reviewed-by: Eduardo Habkost ehabk...@redhat.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
Makefile.target | 2 +-
cpus.c| 14
include/exec/cpu-all.h
On Tue, Mar 11, 2014 at 06:46:10PM -0600, Eric Blake wrote:
On 03/06/2014 11:09 PM, Amos Kong wrote:
vm_config_groups[] only contains part of the options which have
parameters, and all options which have no parameter aren't added
to vm_config_groups[]. Current query-command-line-options
From: Paolo Bonzini pbonz...@redhat.com
This allows the superclass to set various policies on the memory
region that the subclass creates.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
backends/hostmem-file.c | 9 -
backends/hostmem-ram.c | 8 +++-
backends/hostmem.c
From: Wanlong Gao gaowanl...@cn.fujitsu.com
Add detection of libnuma (mostly contained in the numactl package)
to the configure script. Can be enabled or disabled on the command
line, default is use if available.
Signed-off-by: Andre Przywara andre.przyw...@amd.com
Signed-off-by: Wanlong Gao
From: Paolo Bonzini pbonz...@redhat.com
And allow preallocation of file-based memory even without -mem-prealloc.
Some care is necessary because -mem-prealloc does not allow disabling
preallocation for hostmem-file.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
backends/hostmem-file.c |
From: Paolo Bonzini pbonz...@redhat.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
backends/hostmem.c | 85 +++-
include/qemu/osdep.h | 10 ++
include/sysemu/hostmem.h | 1 +
3 files changed, 95 insertions(+), 1 deletion(-)
This is the hmp counterpart of qmp query-memdev.
Signed-off-by: Hu Tao hu...@cn.fujitsu.com
---
hmp.c | 36
hmp.h | 1 +
monitor.c | 7 +++
3 files changed, 44 insertions(+)
diff --git a/hmp.c b/hmp.c
index 2f279c4..b500856 100644
--- a/hmp.c
Signed-off-by: Hu Tao hu...@cn.fujitsu.com
---
qapi/string-output-visitor.c | 236 +++--
tests/test-string-output-visitor.c | 35 ++
2 files changed, 260 insertions(+), 11 deletions(-)
diff --git a/qapi/string-output-visitor.c
Hello,
I can confirm the problem too, (opteron 63XX - opteron 61XX)
qemu 1.7.1 (qemu64 or kvm64 vcpu) , host kernel 2.6.32 (rhel6.5)
I can reproduce it 100%
- Mail original -
De: Markus Kovero m...@mui.fi
À: qemu-devel@nongnu.org
Envoyé: Lundi 27 Janvier 2014 15:20:19
Objet: Re:
From: Paolo Bonzini pbonz...@redhat.com
So that backends can use it.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
exec.c | 44 +--
include/qemu/osdep.h | 2 ++
util/oslib-posix.c | 73
3
Signed-off-by: Hu Tao hu...@cn.fujitsu.com
---
include/qemu/range.h | 119 +++
1 file changed, 119 insertions(+)
diff --git a/include/qemu/range.h b/include/qemu/range.h
index aae9720..d2dd49d 100644
--- a/include/qemu/range.h
+++
From: Paolo Bonzini pbonz...@redhat.com
Use QERR_INVALID_PARAMETER_VALUE for consistency.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
qmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qmp.c b/qmp.c
index 54b95ba..440f3ab 100644
--- a/qmp.c
+++ b/qmp.c
@@
On Wed, Mar 26, 2014 at 08:22:29AM +, Gonglei (Arei) wrote:
Based on discussions in:
http://lists.gnu.org/archive/html/qemu-devel/2013-11/threads.html#03322
About KVM_SET_GSI_ROUTING ioctl, I tested changing RCU to SRCU, but
unfortunately
it looks like SRCU's grace period is
This is the model file that is being used for the QEMU project's scans
on scan.coverity.com. It fixed about 30 false positives (10% of the
total) and exposed about 60 new memory leaks.
The file is not automatically used; changes to it must be propagated
to the website manually by an admin (right
From: Wanlong Gao gaowanl...@cn.fujitsu.com
libnuma choosed 128 for MAX_NODES, so we follow libnuma here.
Signed-off-by: Wanlong Gao gaowanl...@cn.fujitsu.com
Reviewed-by: Eduardo Habkost ehabk...@redhat.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
include/sysemu/sysemu.h | 2 +-
1
From: Luiz Capitulino lcapitul...@redhat.com
The -numa option documentation in qemu's manpage lacks the command-line
options and some information regarding how it relates to options -m and
-smp. This commit fills in the missing text.
Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
On 26/03/14 09:22, Gonglei (Arei) wrote:
Without patches, ping time can jump from 0.3ms to 2ms-30ms. With
synchronize_srcu
patch, ping time is worse. With synchronize_srcu_expedited patch, ping time
is
overall good, though sometimes ping time jump to 1ms-3ms.
Just to understand whats
changes to v2.1:
- switch all boards to memory_region_allocate_system_memory
- make string input/output visitor parse int list
- add hmp info memdev
- tweaks to get pass of checkpatch.pl.
You can search `Current state of NUMA series, and hostmem improvements'
for the link of v2.1. Sorry
Signed-off-by: Hu Tao hu...@cn.fujitsu.com
---
hw/alpha/typhoon.c | 4 ++--
hw/arm/cubieboard.c | 5 +++--
hw/arm/digic_boards.c| 3 +--
hw/arm/exynos4210.c | 18 +--
hw/arm/highbank.c
Add the cloop block driver to qemu-iotests.
Signed-off-by: Stefan Hajnoczi stefa...@redhat.com
Signed-off-by: Kevin Wolf kw...@redhat.com
---
tests/qemu-iotests/common| 7 +++
tests/qemu-iotests/common.rc | 3 +++
2 files changed, 10 insertions(+)
diff --git a/tests/qemu-iotests/common
Add a cloop format-specific test case. Later patches add tests for
input validation to the script.
Signed-off-by: Stefan Hajnoczi stefa...@redhat.com
Signed-off-by: Kevin Wolf kw...@redhat.com
---
tests/qemu-iotests/075 | 53 +
The offsets[] array allows efficient seeking and tells us the maximum
compressed data size. If the offsets are bogus the maximum compressed
data size will be unrealistic.
This could cause g_malloc() to abort and bogus offsets mean the image is
broken anyway. Therefore we should refuse such
This patch series fixes missing input validation in qcow2, vdi, vhdx, vpc,
bochs, curl, parallels, cloop, and dmg.
Some of the patches have been assigned CVEs because they have a security
impact.
Most of the missing input validation is in code that has been in the tree for a
long time. The
Avoid unbounded s-uncompressed_block memory allocation by checking that
the block_size header field has a reasonable value. Also enforce the
assumption that the value is a non-zero multiple of 512.
These constraints conform to cloop 2.639's code so we accept existing
image files.
Signed-off-by:
From: Kevin Wolf kw...@redhat.com
Signed-off-by: Kevin Wolf kw...@redhat.com
Reviewed-by: Stefan Hajnoczi stefa...@redhat.com
---
tests/qemu-iotests/078 | 53 +++
tests/qemu-iotests/078.out | 6 +++
tests/qemu-iotests/common
The following integer overflow in offsets_size can lead to out-of-bounds
memory stores when n_blocks has a huge value:
uint32_t n_blocks, offsets_size;
[...]
ret = bdrv_pread(bs-file, 128 + 4, s-n_blocks, 4);
[...]
s-n_blocks = be32_to_cpu(s-n_blocks);
/* read offsets */
From: Jeff Cody jc...@redhat.com
Other variables (e.g. sectors_per_block) are calculated using these
variables, and if not range-checked illegal values could be obtained
causing infinite loops and other potential issues when calculating
BAT entries.
The 1.00 VHDX spec requires BlockSize to be
From: Kevin Wolf kw...@redhat.com
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s-catalog_bitmap
buffer overflow on big endian hosts.
Signed-off-by: Kevin Wolf kw...@redhat.com
Reviewed-by: Stefan Hajnoczi stefa...@redhat.com
---
Limit offsets_size to 512 MB so that:
1. g_malloc() does not abort due to an unreasonable size argument.
2. offsets_size does not overflow the bdrv_pread() int size argument.
This limit imposes a maximum image size of 16 TB at 256 KB block size.
Signed-off-by: Stefan Hajnoczi
From: Kevin Wolf kw...@redhat.com
This fixes two possible division by zero crashes: In bochs_open() and in
seek_to_sector().
Signed-off-by: Kevin Wolf kw...@redhat.com
Reviewed-by: Stefan Hajnoczi stefa...@redhat.com
---
block/bochs.c | 8
tests/qemu-iotests/078 | 13
From: Jeff Cody jc...@redhat.com
The maximum blocks_in_image is 0x / 4, which also limits the
maximum disk_size for a VDI image.
Signed-off-by: Jeff Cody jc...@redhat.com
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block/vdi.c | 28 +---
1 file changed, 25
From: Jeff Cody jc...@redhat.com
This adds checks to make sure that max_table_entries and block_size
are in sane ranges. Memory is allocated based on max_table_entries,
and block_size is used to calculate indices into that allocated
memory, so if these values are incorrect that can lead to
Use the right types instead of signed int:
size_t new_size;
This is a byte count for g_realloc() that is calculated from uint32_t
and size_t values.
uint32_t chunk_count;
Use the same type as s-n_chunks, which is used together with
chunk_count.
This patch is a cleanup and does not
From: Kevin Wolf kw...@redhat.com
This fixes some cases of division by zero crashes.
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block/vpc.c| 5
tests/qemu-iotests/088 | 64 ++
tests/qemu-iotests/088.out | 17
From: Kevin Wolf kw...@redhat.com
free_cluster_index is only correct if update_refcount() was called from
an allocation function, and even there it's brittle because it's used to
protect unfinished allocations which still have a refcount of 0 - if it
moves in the wrong place, the unfinished
From: Kevin Wolf kw...@redhat.com
This ensures that the checks catch all invalid cluster indexes
instead of returning the refcount of a wrong cluster.
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block/qcow2-refcount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Paolo Bonzini pbonz...@redhat.com
Split the internal interface in exec.c to a separate function, and
push the check on mem_path up to memory_region_init_ram.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
exec.c | 105 +---
From: Kevin Wolf kw...@redhat.com
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block/qcow2-refcount.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 9130042..a37ee45 100644
---
From: Kevin Wolf kw...@redhat.com
Header, header extension and the backing file name must all be stored in
the first cluster. Setting the backing file to a much higher value
allowed header extensions to become much bigger than we want them to be
(unbounded allocation).
Signed-off-by: Kevin Wolf
From: Paolo Bonzini pbonz...@redhat.com
Right now, -mem-path will fall back to RAM-based allocation in some
cases. This should never happen with -object memory-file, prepare
the code by adding correct error propagation.
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
exec.c
When a terminator is reached the base for offsets and sectors is stored.
The following records that are processed will use this base value.
If the first record we encounter is a terminator, then calculating the
base values would result in out-of-bounds array accesses. Don't do
that.
From: Kevin Wolf kw...@redhat.com
The end of the refcount table must not exceed INT64_MAX so that integer
overflows are avoided.
Also check for misaligned refcount table. Such images are invalid and
probably the result of data corruption. Error out to avoid further
corruption.
Signed-off-by:
Peter,
The following changes since commit 7f6613cedc59fa849105668ae971dc31004bca1c:
target-mips: fix MTHC1 and MFHC1 when FPU in FR=0 mode (2014-03-25 23:36:35
+0100)
are available in the git repository at:
git://github.com/bonzini/qemu.git scsi-next
for you to fetch changes up to
From: Kevin Wolf kw...@redhat.com
Limit the in-memory reference count table size to 8 MB, it's enough in
practice. This fixes an unbounded allocation as well as a buffer
overflow in qcow2_refcount_init().
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block/qcow2-refcount.c | 4 +++-
From: Kevin Wolf kw...@redhat.com
This avoids an unbounded allocation.
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block/qcow2-snapshot.c | 4
block/qcow2.c | 4 +---
block/qcow2.h | 4
tests/qemu-iotests/080 | 15 ++-
From: Stefan Fritsch s...@sfritsch.de
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all
VLAN-tagged packets but send them to the guest.
This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because
the OpenBSD driver started as a port from NetBSD).
Signed-off-by:
1 - 100 of 303 matches
Mail list logo
