On 2/11/18 2:22, Li Qiang wrote:
Currently, the nvme_cmb_ops mr doesn't check the addr and size.
This can lead an oob access issue. This is triggerable in the guest.
Add check to avoid this issue.
Fixes CVE-2018-16847.
Reported-by: Li Qiang
Reviewed-by: Paolo Bonzini
Signed-off-by: Li Qiang
This definitions are QCow2 specific, there is no need to expose them
in the global namespace.
This partially reverts commit 540b8492618eb.
Signed-off-by: Philippe Mathieu-Daudé
---
block/qcow2.h| 56 +++-
include/qemu/units.h | 55
Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> This can lead an oob access issue. This is triggerable in the guest.
> Add check to avoid this issue.
>
> Fixes CVE-2018-16847.
>
> Reported-by: Li Qiang
> Reviewed-by: Paolo Bonz
Am 02.11.2018 um 11:00 hat Tim Smith geschrieben:
> A series of performance improvements for disks using the Xen PV ring.
>
> These have had fairly extensive testing.
>
> The batching and latency improvements together boost the throughput
> of small reads and writes by two to six percent (measure
Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
> This definitions are QCow2 specific, there is no need to expose them
> in the global namespace.
>
> This partially reverts commit 540b8492618eb.
>
> Signed-off-by: Philippe Mathieu-Daudé
If we don't want this globally, I think we
> -Original Message-
> From: Kevin Wolf [mailto:kw...@redhat.com]
> Sent: 02 November 2018 11:04
> To: Tim Smith
> Cc: xen-de...@lists.xenproject.org; qemu-de...@nongnu.org; qemu-
> bl...@nongnu.org; Anthony Perard ; Paul Durrant
> ; Stefano Stabellini ;
> Max Reitz ; arm...@redhat.com
> S
> -Original Message-
> From: Tim Smith [mailto:tim.sm...@citrix.com]
> Sent: 02 November 2018 10:01
> To: xen-de...@lists.xenproject.org; qemu-de...@nongnu.org; qemu-
> bl...@nongnu.org
> Cc: Anthony Perard ; Kevin Wolf
> ; Paul Durrant ; Stefano
> Stabellini ; Max Reitz
> Subject: [PATCH
> -Original Message-
> From: Tim Smith [mailto:tim.sm...@citrix.com]
> Sent: 02 November 2018 10:01
> To: xen-de...@lists.xenproject.org; qemu-de...@nongnu.org; qemu-
> bl...@nongnu.org
> Cc: Anthony Perard ; Kevin Wolf
> ; Paul Durrant ; Stefano
> Stabellini ; Max Reitz
> Subject: [PATCH
> -Original Message-
> From: Tim Smith [mailto:tim.sm...@citrix.com]
> Sent: 02 November 2018 10:01
> To: xen-de...@lists.xenproject.org; qemu-de...@nongnu.org; qemu-
> bl...@nongnu.org
> Cc: Anthony Perard ; Kevin Wolf
> ; Paul Durrant ; Stefano
> Stabellini ; Max Reitz
> Subject: [PATC
Am 02.11.2018 um 12:13 hat Paul Durrant geschrieben:
> > -Original Message-
> > From: Kevin Wolf [mailto:kw...@redhat.com]
> > Sent: 02 November 2018 11:04
> > To: Tim Smith
> > Cc: xen-de...@lists.xenproject.org; qemu-de...@nongnu.org; qemu-
> > bl...@nongnu.org; Anthony Perard ; Paul Dur
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 20181031215622.27690-1-kw...@redhat.com
Subject: [Qemu-devel] [PATCH 00/12] file-posix: Simplify delegation to worker
thread
=== TEST SCRIPT BEGIN ===
#!/bin/bash
BASE=base
31.07.2018 20:30, Vladimir Sementsov-Ogievskiy wrote:
> Implement reconnect. To achieve this:
>
> 1. add new modes:
> connecting-wait: means, that reconnecting is in progress, and there
> were small number of reconnect attempts, so all requests are
> waiting for the connection.
>
Hi Kevin,
On 2/11/18 12:07, Kevin Wolf wrote:
Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
This definitions are QCow2 specific, there is no need to expose them
in the global namespace.
This partially reverts commit 540b8492618eb.
Signed-off-by: Philippe Mathieu-Daudé
If w
On 9 October 2018 at 12:16, Paolo Bonzini wrote:
> On 08/10/2018 18:40, Kevin Wolf wrote:
>>>
>>> I'm pretty confident this analysis of the problem is correct:
>>> unfortunately I have no idea what the right way to fix it is...
>> Yes, I agree with your analysis. If __thread variables can be destr
On Fri, Nov 02, 2018 at 10:00:59AM +, Tim Smith wrote:
> When I/O consists of many small requests, performance is improved by
> batching them together in a single io_submit() call. When there are
> relatively few requests, the extra overhead is not worth it. This
> introduces a check to start b
On Fri, Nov 02, 2018 at 10:01:04AM +, Tim Smith wrote:
> If the I/O ring is full, the guest cannot send any more requests
> until some responses are sent. Only sending all available responses
> just before checking for new work does not leave much time for the
> guest to supply new work, so thi
On Fri, Nov 02, 2018 at 10:01:09AM +, Tim Smith wrote:
> xen_disk currently allocates memory to hold the data for each ioreq
> as that ioreq is used, and frees it afterwards. Because it requires
> page-aligned blocks, this interacts poorly with non-page-aligned
> allocations and balloons the he
Am 02.11.2018 um 13:37 hat Philippe Mathieu-Daudé geschrieben:
> Hi Kevin,
>
> On 2/11/18 12:07, Kevin Wolf wrote:
> > Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
> > > This definitions are QCow2 specific, there is no need to expose them
> > > in the global namespace.
> > >
> >
On 11/2/18 9:10 AM, Kevin Wolf wrote:
Am 02.11.2018 um 13:37 hat Philippe Mathieu-Daudé geschrieben:
Hi Kevin,
On 2/11/18 12:07, Kevin Wolf wrote:
Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
This definitions are QCow2 specific, there is no need to expose them
in the global
On Fri, Nov 02, 2018 at 11:54:21AM +0100, Kevin Wolf wrote:
> Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > This can lead an oob access issue. This is triggerable in the guest.
> > Add check to avoid this issue.
> >
> > Fix
Reduce extra noise of nbd-client, change 083 correspondingly.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
block/nbd-client.c | 27 +++
block/trace-events | 4
tests/qemu-iotests/083.out | 28
3 files changed, 27 inser
Add a function to export error hint - a pair to error_get_pretty. It's
needed to handle errors by hand, where we can't just report it or
propagate.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
include/qapi/error.h | 5 +
util/error.c | 5 +
2 files changed, 10 insertions(+)
d
Hi all.
It was discussed, that error messages, produced by error_reprt_err's,
added in f140e300 are
1. not really needed
2. subject to race conditions
And it was decided to drop them (switch to trace-points), look thread
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg00833.html
So, I'v
These functions are used for formatting pretty trace points. We are
going to add some in block/nbd-client, so, let's publish all these
functions at once. Note, that nbd_reply_type_lookup is already
published, and constants, "named" by these functions live in
include/block/nbd.h too.
Signed-off-by:
Hello Kevin,
Kevin Wolf 于2018年11月2日周五 下午6:54写道:
> Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > This can lead an oob access issue. This is triggerable in the guest.
> > Add check to avoid this issue.
> >
> > Fixes CVE-201
(MCA: here's the latest version of the q800 patchset. I've hope that I've
addressed most of the comments, plus this will now boot into the Debian
installer correctly when applied to git master.
Outstanding comments:
1) Should the comment blocks copied from the Linux headers be removed
from
From: Laurent Vivier
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
---
hw/scsi/esp.c | 291 +-
include/hw/scsi/esp.h | 7 ++
2 files changed, 269 insertions(+), 29 deletions(-)
diff --
From: Laurent Vivier
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
---
hw/Makefile.objs| 1 +
hw/nubus/Makefile.objs | 4 +
hw/nubus/mac-nubus-bridge.c | 45
hw/nubus/nubus-bridge.c
From: Laurent Vivier
This is needed by Quadra 800, this card can run on little-endian
or big-endian bus.
Signed-off-by: Laurent Vivier
Tested-by: Hervé Poussineau
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Hervé Poussineau
---
hw/net/dp8393x.c | 88
From: Laurent Vivier
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
Reviewed-by: Hervé Poussineau
---
hw/block/Makefile.objs | 1 +
hw/block/swim.c | 415
include/hw/block/swim.h | 7
From: Laurent Vivier
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
Reviewed-by: Hervé Poussineau
---
hw/misc/Makefile.objs | 1 +
hw/misc/mac_via.c | 666 ++
include/hw/misc/mac_via.h
From: Laurent Vivier
On Sparc and PowerMac, the bit 0 of the address
selects the register type (control or data) and
bit 1 selects the channel (B or A).
On m68k Macintosh, the bit 0 selects the channel and
bit 1 the register type.
This patch introduces a new parameter (bit_swap) to
the device i
From: Laurent Vivier
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
Reviewed-by: Hervé Poussineau
---
hw/misc/mac_via.c | 190 ++
include/hw/misc/mac_via.h | 7 ++
2 files changed, 197 inse
From: Laurent Vivier
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
Reviewed-by: Hervé Poussineau
---
arch_init.c| 4 +
hw/display/Makefile.objs | 1 +
hw/display/macfb.c | 419
Co-developed-by: Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland
Signed-off-by: Laurent Vivier
Reviewed-by: Hervé Poussineau
---
hw/display/macfb.c | 56 ++
include/hw/display/macfb.h | 21 +
2 files changed, 77 insertions(+)
Am 02.11.2018 um 15:52 hat Eric Blake geschrieben:
> On 11/2/18 9:10 AM, Kevin Wolf wrote:
> > Am 02.11.2018 um 13:37 hat Philippe Mathieu-Daudé geschrieben:
> > > Hi Kevin,
> > >
> > > On 2/11/18 12:07, Kevin Wolf wrote:
> > > > Am 02.11.2018 um 09:58 hat Philippe Mathieu-Daudé geschrieben:
> > >
From: Laurent Vivier
If you want to test the machine, it doesn't yet boot a MacROM, but you can
boot a linux kernel from the command line.
You can install your own disk using debian-installer with:
./qemu-system-m68k \
-M q800 \
-serial none -serial mon:stdio \
-m 1000M -drive f
Am 02.11.2018 um 16:22 hat Li Qiang geschrieben:
> Hello Kevin,
>
> Kevin Wolf 于2018年11月2日周五 下午6:54写道:
>
> > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > > This can lead an oob access issue. This is triggerable in the
On Thu, Nov 01, 2018 at 06:22:43PM -0700, Li Qiang wrote:
> Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> This can lead an oob access issue. This is triggerable in the guest.
> Add check to avoid this issue.
>
> Fixes CVE-2018-16847.
>
> Reported-by: Li Qiang
> Reviewed-by: P
A series of performance improvements for disks using the Xen PV ring.
These have had fairly extensive testing.
The batching and latency improvements together boost the throughput
of small reads and writes by two to six percent (measured using fio
in the guest)
Avoiding repeated calls to posix_me
If the I/O ring is full, the guest cannot send any more requests
until some responses are sent. Only sending all available responses
just before checking for new work does not leave much time for the
guest to supply new work, so this will cause stalls if the ring gets
full. Also, not completing rea
xen_disk currently allocates memory to hold the data for each ioreq
as that ioreq is used, and frees it afterwards. Because it requires
page-aligned blocks, this interacts poorly with non-page-aligned
allocations and balloons the heap.
Instead, allocate the maximum possible requirement, which is
B
When I/O consists of many small requests, performance is improved by
batching them together in a single io_submit() call. When there are
relatively few requests, the extra overhead is not worth it. This
introduces a check to start batching I/O requests via blk_io_plug()/
blk_io_unplug() in an amoun
ping
15.10.2018 19:06, Vladimir Sementsov-Ogievskiy wrote:
> Hi all!
>
> These series introduce backup-top driver. It's a filter-node, which
> do copy-before-write operation. Mirror uses filter-node for handling
> guest writes, let's move to filter-node (from write-notifiers) for
> backup too (pat
On 11/02/2018 04:11 AM, Dongli Zhang wrote:
> Hi,
>
> Is there any way to emulate I/O timeout on qemu side (not fault injection in
> VM
> kernel) without modifying qemu source code?
>
> For instance, I would like to observe/study/debug the I/O timeout handling of
> nvme, scsi, virtio-blk (not
On 11/2/18 10:49 AM, John Snow wrote:
On 11/02/2018 04:11 AM, Dongli Zhang wrote:
Hi,
Is there any way to emulate I/O timeout on qemu side (not fault injection in VM
kernel) without modifying qemu source code?
For instance, I would like to observe/study/debug the I/O timeout handling of
nvme,
On 11/02/2018 01:55 PM, Marc Olson wrote:
> On 11/2/18 10:49 AM, John Snow wrote:
>> On 11/02/2018 04:11 AM, Dongli Zhang wrote:
>>> Hi,
>>>
>>> Is there any way to emulate I/O timeout on qemu side (not fault
>>> injection in VM
>>> kernel) without modifying qemu source code?
>>>
>>> For instanc
Hi,
On 11/2/18 5:28 PM, Kevin Wolf wrote:
> Am 02.11.2018 um 15:52 hat Eric Blake geschrieben:
>> On 11/2/18 9:10 AM, Kevin Wolf wrote:
>>> Am 02.11.2018 um 13:37 hat Philippe Mathieu-Daudé geschrieben:
Hi Kevin,
On 2/11/18 12:07, Kevin Wolf wrote:
> Am 02.11.2018 um 09:58 hat P
The lookup table for power-of-two sizes was added in commit 540b8492618eb
for the purpose of having convenient shortcuts for these sizes in cases
when the literal number has to be present at compile time, and
expressions as '(1 * KiB)' can not be used. One such case is the
stringification of sizes.
If an expression is used to define DEFAULT_CLUSTER_SIZE, when compiled,
it will be embedded as a literal expression in the binary (as the
default value) because it is stringified to mark the size of the default
value. Now this is fixed by using a defined number to define this value.
Signed-off-by:
50 matches
Mail list logo
