** No longer affects: qemu
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1379340
Title:
qemu-kvm guest panic for AMD smp trusty guests
Status in “qemu” package in Ubuntu:
New
Bug description:
Hi,
The patch grow to three parts now. Although it is still add a QEmu
support for Microsoft's Virtual Machine Generation ID device.
The first is a short device's description, then the ACPI tables
changes and the actual device and the last patch updates the tests'
ACPI tables.
Your comment are w
Signed-off-by: Gal Hammer
---
docs/specs/vmgenid.txt | 27 +++
1 file changed, 27 insertions(+)
create mode 100644 docs/specs/vmgenid.txt
diff --git a/docs/specs/vmgenid.txt b/docs/specs/vmgenid.txt
new file mode 100644
index 000..9a09d11
--- /dev/null
+++ b/docs/sp
Based on Microsoft's sepecifications (paper can be dowloaded from
http://go.microsoft.com/fwlink/?LinkId=260709), add a device
description to the SSDT ACPI table and its implementation.
The GUID is set using a global "vmgenid.uuid" parameter.
Signed-off-by: Gal Hammer
---
default-configs/i386-
Signed-off-by: Gal Hammer
---
tests/acpi-test-data/pc/DSDT | Bin 2807 -> 2820 bytes
tests/acpi-test-data/pc/SSDT | Bin 3065 -> 3268 bytes
tests/acpi-test-data/q35/DSDT | Bin 7397 -> 7410 bytes
tests/acpi-test-data/q35/SSDT | Bin 1346 -> 1549 bytes
4 files changed, 0 insertions(+), 0 deleti
I'm trying to track down a bug in ARM TCG where we:
* boot a guest
* run 'shutdown -r now' to trigger a reboot
* on reboot, crash when running userspace because the contents
of physical RAM have changed but the translated code from
before the shutdown was never invalidated
This is with a
The code in invalidate_and_set_dirty() needs to handle addr/length
combinations which cross guest physical page boundaries. This can happen,
for example, when disk I/O reads large blocks into guest RAM which previously
held code that we have cached translations for. Unfortunately we were only
check
On Sun, Nov 16, 2014 at 12:15:56PM +0200, Gal Hammer wrote:
> Hi,
>
> The patch grow to three parts now. Although it is still add a QEmu
> support for Microsoft's Virtual Machine Generation ID device.
>
> The first is a short device's description, then the ACPI tables
> changes and the actual dev
On Fri, 11/14 09:29, Stefan Hajnoczi wrote:
> On Fri, Nov 14, 2014 at 12:09:21PM +0800, Fam Zheng wrote:
> > When extent types don't match, we return -ENOTSUP. In this case, be
> > polite to the caller and don't modify bdi.
> >
> > Signed-off-by: Fam Zheng
> > ---
> > block/vmdk.c | 20 +
On 2014/11/5 22:09, Michael S. Tsirkin wrote:
On Wed, Nov 05, 2014 at 03:22:59PM +0800, Tiejun Chen wrote:
Currently IGD drivers always need to access PCH by 1f.0, and
PCH vendor/device id is used to identify the card.
Signed-off-by: Tiejun Chen
---
hw/i386/pc_piix.c | 28 +++
At the moment sPAPR only supports 512MB window for MMIO BARs. However
modern devices might want bigger 64bit BARs.
This adds another 64bit MMIO window per PHB and advertises it via
the PHB's "ranges" property in the device tree. The new window is 1TB long
and starts from 1TB offset on a PCI addres
The n_valid and n_invalid fields are unsigned short integers but it is
possible to have more than 65535 entries in a contiguous hunk, overflowing
the field. This results in an incorrect HTAB being sent to the destination
during migration.
Signed-off-by: Samuel Mendoza-Jonas
---
hw/ppc/spapr.c |
If a spapr guest reboots during a live migration, the guest HTAB on the
destination is not updated properly, usually resulting in a kernel panic.
This is a (delayed!) follow up to my previous patch including a fix
for TCG guests as well as KVM.
Changes from V1:
- Split out overflow fix into separ
If a guest reboots during a running migration, changes to the
hash page table are not necessarily updated on the destination.
Opening a new file descriptor to the HTAB forces the migration
handler to resend the entire table.
Signed-off-by: Samuel Mendoza-Jonas
---
hw/ppc/spapr.c | 38 +++
If a TCG guest reboots during a running migration HTAB entries are not
marked dirty, and the destination boots with an invalid HTAB.
When a reboot occurs, explicitly mark the current HTAB dirty after
clearing it.
Signed-off-by: Samuel Mendoza-Jonas
---
hw/ppc/spapr.c | 16 +++-
1 fi
Memory and CPU hot unplug are both asynchronize procedures.
When the unplug operation happens, unplug request cb is called first.
And when ghest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
They both need pc-machine, piix4 and ich9 unplug and unplug reque
Memory and CPU hot unplug are both asynchronize procedures.
They both need unplug request cb when the unplug operation happens.
This patch adds hotunplug request cb for pc machine, and memory and CPU
hot unplug will base on it.
Signed-off-by: Tang Chen
---
hw/i386/pc.c | 8
1 file chan
Memory and CPU hot unplug are both asynchronize procedures.
When the unplug operation happens, unplug request cb is called first.
And when ghest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds hotunplug cb for pc machine, and memory and CPU
h
Memory and CPU hot unplug are both asynchronize procedures.
When the unplug operation happens, unplug request cb is called first.
And when ghest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds hotunplug cb for piix4, and memory and CPU
hot un
Memory and CPU hot unplug are both asynchronize procedures.
When the unplug operation happens, unplug request cb is called first.
And when ghest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds hotunplug cb for ich9, and memory and CPU
hot unp
Memory and CPU hot unplug are both asynchronize procedures.
They both need unplug request cb when the unplug operation happens.
This patch adds hotunplug request cb for ich9, and memory and CPU
hot unplug will base on it.
Signed-off-by: Tang Chen
---
hw/acpi/ich9.c | 7 +++
hw/isa/l
Add a new API named acpi_memory_get_slot_status_descriptor() to obtain
a single memory slot status. Doing this is because this procedure will
be used by other functions in the next coming patches.
Signed-off-by: Tang Chen
---
hw/acpi/memory_hotplug.c | 27 +++
1 file chan
Memory hot unplug are both asynchronize procedures.
When the unplug operation happens, unplug request cb is called first.
And when ghest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds unplug request cb for memory device. Add a new bool
membe
Memory hot unplug are both asynchronize procedures.
When the unplug operation happens, unplug request cb is called first.
And when ghest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
Hu Tao (2):
acpi, piix4: Add memory hot unplug request support for pii
Implement unplug cb for pc-dimm. It remove the corresponding
memory region, and unregister vmstat. At last, it calls memory
unplug cb to reset memory status and do unparenting.
Signed-off-by: Tang Chen
---
hw/i386/pc.c | 25 +++--
1 file changed, 23 insertions(+), 2 deletions
Add a new API named acpi_memory_hotplug_sci() to send memory hotplug SCI.
Doing this is because this procedure will be used by other functions in the
next coming patches.
Signed-off-by: Tang Chen
---
hw/acpi/memory_hotplug.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
dif
From: Hu Tao
Call memory unplug request cb in piix4_device_unplug_request_cb().
Signed-off-by: Hu Tao
Signed-off-by: Tang Chen
---
hw/acpi/piix4.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 353f91a..6c7dff9 100644
--- a/hw/
Call memory unplug cb in ich9_pm_device_unplug_cb().
Signed-off-by: Tang Chen
---
hw/acpi/ich9.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 841f57d..691299f 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -317,8 +317,1
Replace string "slot" in acpi_memory_plug_cb() with MACRO PC_DIMM_SLOT_PROP.
Signed-off-by: Tang Chen
---
hw/acpi/memory_hotplug.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index ed39241..c6580da 100644
--- a/hw/acpi
Call memory unplug request cb in ich9_pm_device_unplug_request_cb().
Signed-off-by: Tang Chen
---
hw/acpi/ich9.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index c48d176..841f57d 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
When do memory balloon, it takes the 'ram_size' as the VM's current ram size,
But 'ram_size' is the startup configured ram size, it does not take into
account the hotplugged memory.
As a result, the balloon result will be confused.
Steps to reproduce:
(1)Start VM: qemu -m size=1024,slots=4,maxmem=
This patch adds a new bit to memory hotplug IO port indicating that
ej0 has been evaluated by guest OS. And call pc-dimm unplug cb to do
the real removal.
Signed-off-by: Hu Tao
Signed-off-by: Tang Chen
---
docs/specs/acpi_mem_hotplug.txt | 8 ++--
hw/acpi/memory_hotplug.c| 23
Implement memory unplug request cb for pc-dimm, and call it in
pc_machine_device_unplug_request_cb().
Signed-off-by: Tang Chen
---
hw/i386/pc.c | 28 ++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index d5073df..eacf290 100
Reset all memory status, and unparent the memory device.
Signed-off-by: Tang Chen
---
hw/acpi/memory_hotplug.c | 16
include/hw/acpi/memory_hotplug.h | 2 ++
2 files changed, 18 insertions(+)
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 3d8e39
From: Hu Tao
This patch implements MEMORY_SLOT_EJECT_METHOD according to ACPI spec.
Signed-off-by: Hu Tao
Signed-off-by: Tang Chen
---
hw/i386/ssdt-mem.dsl | 5 +
hw/i386/ssdt-misc.dsl| 13 -
include/hw/acpi/pc-hotplug.h | 2 ++
3 files changed, 19 insertions
Call memory unplug cb in piix4_device_unplug_cb().
Signed-off-by: Tang Chen
---
hw/acpi/piix4.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 6c7dff9..440c9e8 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -376,8
Add some trace events for easier debugging
Signed-off-by: zhanghailiang
---
hw/virtio/virtio-balloon.c | 6 ++
trace-events | 4
2 files changed, 10 insertions(+)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 41b24c9..8a48d2a 100644
--- a/hw/v
Hi,
Patch 1 and 2 mainly fix bug about balloon not working correctly when we do
hotplug memory. It takes 'ram_size' as VM's real RAM size which is wrong
after we hotplug memory.
This bug exists since we begin to support hotplug memory, and it is better
to fix it.
Patch 3 add some trace events, i
The global parameter 'ram_size' does not take into account
the hotplugged memory.
In some codes, we use 'ram_size' as current VM's real RAM size,
which is not correct.
Add function 'get_current_ram_size' to calculate VM's current RAM size,
it will enumerate present memory devices and also plus ra
On 2014/11/14 16:45, Paolo Bonzini wrote:
On 14/11/2014 02:39, zhanghailiang wrote:
freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.
Signed-off-by: zhanghailiang
---
net/l2tpv3.c | 1 +
1 f
On 2014/11/14 17:29, Markus Armbruster wrote:
zhanghailiang writes:
In function connect_to_qemu(), getaddrinfo() will allocate memory
that is stored into server, it should be freed by using freeaddrinfo()
before connect_to_qemu() return.
Signed-off-by: zhanghailiang
---
v2:
- fix typo in tit
When no device under usb-bot bus, usb_msd_handle_data() will print "usb-msd: Bad
LUN 0". This is not correct hints. So delete error_report here. When
scsi_device_find() return NULL, just goto fail.
This patch fixes following bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1164665
Signed-off-by:
Signed-off-by: zhanghailiang
---
net/socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/socket.c b/net/socket.c
index fb21e20..ca4b8ba 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -352,7 +352,7 @@ static NetSocketState
*net_socket_fd_init_dgram(NetClientState *pe
In function t_gen_mov_TN_preg and t_gen_mov_preg_TN, The begin check about the
validity of in-parameter 'r' is useless. We still access cpu_PR[r] in the
follow code if it is invalid. Which will be an out-of-bounds read error.
Fix it by using assert() to ensure it is valid before using it.
Signed-
On Mon, Nov 17, 2014 at 01:11:07PM +0800, zhanghailiang wrote:
> Hi,
>
> Patch 1 and 2 mainly fix bug about balloon not working correctly when we do
> hotplug memory. It takes 'ram_size' as VM's real RAM size which is wrong
> after we hotplug memory.
>
> This bug exists since we begin to support
On Mon, Nov 17, 2014 at 10:47:56AM +0800, Chen, Tiejun wrote:
> On 2014/11/5 22:09, Michael S. Tsirkin wrote:
> >On Wed, Nov 05, 2014 at 03:22:59PM +0800, Tiejun Chen wrote:
> >>Currently IGD drivers always need to access PCH by 1f.0, and
> >>PCH vendor/device id is used to identify the card.
> >>
On Mon, 2014-11-17 at 13:03 +0800, Tang Chen wrote:
> Call memory unplug cb in ich9_pm_device_unplug_cb().
>
> Signed-off-by: Tang Chen
> ---
> hw/acpi/ich9.c | 10 --
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
> index 841f57d..691
On 2014/11/17 13:49, Jun Li wrote:
> When no device under usb-bot bus, usb_msd_handle_data() will print "usb-msd:
> Bad
> LUN 0". This is not correct hints. So delete error_report here. When
> scsi_device_find() return NULL, just goto fail.
>
If the hints is incorrect, I think you should change
On (Wed) 12 Nov 2014 [11:44:35], Michael S. Tsirkin wrote:
> This patchset fixes CVE-2014-7840: invalid
> migration stream can cause arbitrary qemu memory
> overwrite.
> First patch includes the minimal fix for the issue.
> Follow-up patches on top add extra checking to reduce the
> chance this kin
zhanghailiang writes:
> Signed-off-by: zhanghailiang
> ---
> net/socket.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/socket.c b/net/socket.c
> index fb21e20..ca4b8ba 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -352,7 +352,7 @@ static NetSocketState
>
50 matches
Mail list logo
