On 06/15/20 17:02, Philippe Mathieu-Daudé wrote:
> On 6/15/20 4:45 PM, Gerd Hoffmann wrote:
>> Hi,
>>
I can explain the rationale for that change, but I'm not sure of the
answer to your question. That changes makes sure that the fw_cfg data
remains exactly the same even on newer
Hello folks, I'd like to start a discussion (or bump it, in case it was
already discussed) about an "issue", or better saying, a limitation
we've been observing (and receiving reports) on qemu/ovmf with regards
to the PCI passthrough of large BAR devices.
After OVMF commit 7e5b1b670c38 ("OvmfPkg:
kon...@adacore.com writes:
> From: KONRAD Frederic
>
> Don't send the trailing 0 from the string.
>
> Signed-off-by: KONRAD Frederic
Reviewed-by: Alex Bennée
--
Alex Bennée
Cc'ing co-maintainer Christian Schoenebeck.
Christian,
If there are some more commits you think are worth being cherry picked
for QEMU 4.2.1, please inform Michael before freeze on 2020-06-22.
Cheers,
--
Greg
On Tue, 16 Jun 2020 09:15:41 -0500
Michael Roth wrote:
> From: Greg Kurz
>
>
Your pipeline has failed.
Project: QEMU ( https://gitlab.com/qemu-project/qemu )
Branch: master ( https://gitlab.com/qemu-project/qemu/-/commits/master )
Commit: 6675a653 (
https://gitlab.com/qemu-project/qemu/-/commit/6675a653d2e57ab09c32c0ea7b44a1d6c40a7f58
)
Commit Message: Merge
Patchew URL:
https://patchew.org/QEMU/20200616103927.20222-1-filip.boz...@syrmia.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Subject: [PATCH v4 0/6] Add strace support for printing arguments of selected
syscalls
Type: series
On 6/15/20 12:34 PM, Vladimir Sementsov-Ogievskiy wrote:
> 15.06.2020 10:47, Vladimir Sementsov-Ogievskiy wrote:
>> 11.06.2020 20:11, Denis V. Lunev wrote:
>>> From: Vladimir Sementsov-Ogievskiy
>>>
>>> Currently, aio task pool assumes that there is a main coroutine, which
>>> creates tasks and
Your pipeline has failed.
Project: QEMU ( https://gitlab.com/qemu-project/qemu )
Branch: master ( https://gitlab.com/qemu-project/qemu/-/commits/master )
Commit: cb8278cd (
https://gitlab.com/qemu-project/qemu/-/commit/cb8278cd997f4776b5a38fce7859bbe3b2d8d139
)
Commit Message: Merge
On Mon, May 25, 2020 at 05:44:23PM +0200, Lukas Straub wrote:
> The yank feature allows to recover from hanging qemu by "yanking"
> at various parts. Other qemu systems can register themselves and
> multiple yank functions. Then all yank functions for selected
> instances can be called by the
On 6/16/20 3:34 PM, Thomas Huth wrote:
> On 11/06/2020 13.43, Philippe Mathieu-Daudé wrote:
>> Commit 81527b94ad added hw/intc/sh_intc.c, complete by
>> adding its corresponding header.
>>
>> Signed-off-by: Philippe Mathieu-Daudé
>> ---
>> MAINTAINERS | 1 +
>> 1 file changed, 1 insertion(+)
>>
On Mon, May 25, 2020 at 05:44:33PM +0200, Lukas Straub wrote:
> Register yank functions on sockets to shut them down.
>
> Signed-off-by: Lukas Straub
> ---
> Makefile.objs | 1 +
> migration/channel.c | 12
> migration/migration.c | 18
уторак, 16. јун 2020., Jiaxun Yang је написао/ла:
>
>
> 在 2020/6/16 18:38, Aleksandar Markovic 写道:
>
>>
>>
>> уторак, 16. јун 2020., Jiaxun Yang > jiaxun.y...@flygoat.com>> је написао/ла:
>>
>> This is the sucessor of:
>> "Basic TCG Loongson-3A1000 Support"
>>
>> Thanks!
>>
>>
>> Hi,
On Mon, May 25, 2020 at 05:44:26PM +0200, Lukas Straub wrote:
> Register a yank function which shuts down the socket and sets
> s->state = NBD_CLIENT_QUIT. This is the same behaviour as if an
> error occured.
>
> Signed-off-by: Lukas Straub
> ---
> Makefile.objs | 1 +
> block/nbd.c | 101
On 10.06.20 11:46, Alberto Garcia wrote:
> When resizing an image with qcow2_co_truncate() using the falloc or
> full preallocation modes the code assumes that both the old and new
> sizes are cluster-aligned.
>
> There are two problems with this:
>
> 1) The calculation of how many clusters
On 6/15/20 6:21 PM, Eduardo Habkost wrote:
> On Mon, Jun 15, 2020 at 05:21:18PM +0200, Philippe Mathieu-Daudé wrote:
>> On 6/9/20 11:55 PM, John Snow wrote:
>>>
>>>
>>> On 6/9/20 9:08 AM, Philippe Mathieu-Daudé wrote:
Hi John,
On 6/4/20 9:52 PM, John Snow wrote:
> v3:
>
From: Eric Blake
Commit 93676c88 relaxed our NBD client code to request export names up
to the NBD protocol maximum of 4096 bytes without NUL terminator, even
though the block layer can't store anything longer than 4096 bytes
including NUL terminator for display to the user. Since this means
From: Thomas Huth
The '\n' sneaked in by accident here, an "id" string should really
not contain a newline character at the end.
Fixes: 78cd6f7bf6b ('net: Add a new convenience option "--nic" ...')
Signed-off-by: Thomas Huth
Reviewed-by: Philippe Mathieu-Daudé
Message-Id:
kon...@adacore.com writes:
> From: KONRAD Frederic
>
> With that we can just use chardev=serial0.
I don't quite follow what this means.
./aarch64-softmmu/qemu-system-aarch64 -cpu max -monitor none -chardev=serial0
-M virt -display none -semihosting -kernel ./tests/tcg/aarch64-softmmu/memory
From: Igor Mammedov
Since 5.0 QEMU uses hostmem backend for allocating main guest RAM.
The backend however calls mbind() which is typically NOP
in case of default policy/absent host-nodes bitmap.
However when runing in container with black-listed mbind()
syscall, QEMU fails to start with error
>Hi,
>On 6/12/20 3:43 PM, Wu, Wentong wrote:
> > Hi,
> >Can any body help review this patch ? Thanks in advance!
> You just sent this patch yesterday... Please give reviewers more time.
> See:
> https://wiki.qemu.org/Contribute/SubmitAPatch#Participating_in_Code_Review
> In particular:
>
From: Greg Kurz
Locking was introduced in QEMU 2.7 to address the deprecation of
readdir_r(3) in glibc 2.24. It turns out that the frontend code is
the worst place to handle a critical section with a pthread mutex:
the code runs in a coroutine on behalf of the QEMU mainloop and then
yields
On Mon, May 25, 2020 at 05:44:29PM +0200, Lukas Straub wrote:
> Register a yank function to shutdown the socket on yank.
>
> Signed-off-by: Lukas Straub
> ---
> Makefile.objs | 1 +
> chardev/char-socket.c | 24
> 2 files changed, 25 insertions(+)
Reviewed-by:
From: Richard Henderson
Must clear the tail for AdvSIMD when SVE is enabled.
Fixes: ca40a6e6e39
Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Message-id: 20200513163245.17915-15-richard.hender...@linaro.org
Signed-off-by: Peter Maydell
(cherry picked
From: Nicholas Piggin
If mtmsr L=1 sets MSR[EE] while there is a maskable exception pending,
it does not cause an interrupt. This causes the test case to hang:
https://lists.gnu.org/archive/html/qemu-ppc/2019-10/msg00826.html
More recently, Linux reduced the occurance of operations (e.g., rfi)
From: Philippe Mathieu-Daudé
vu_queue_pop() returns memory that must be freed with free().
Cc: qemu-sta...@nongnu.org
Reported-by: Coverity (CID 1421887 ALLOC_FREE_MISMATCH)
Suggested-by: Peter Maydell
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Marc-André Lureau
Signed-off-by: Peter
Hi Stefan,
On 6/16/20 4:05 PM, Stefan Berger wrote:
> On 6/16/20 9:01 AM, Auger Eric wrote:
>> Hi Stefan,
>>
>> On 6/15/20 7:11 PM, Stefan Berger wrote:
>>> On 6/15/20 11:13 AM, Marc-André Lureau wrote:
> diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
> index
Am 12.06.2020 um 12:58 hat Roman Bolshakov geschrieben:
> The files are generated.
>
> Fixes: 2af282ec51a ("qemu-storage-daemon: Add --monitor option")
> Cc: Kevin Wolf
> Signed-off-by: Roman Bolshakov
Thanks, applied to the block branch.
Kevin
From: Peter Maydell
In write_elf_section() we set the 'shdr' pointer to point to local
structures shdr32 or shdr64, which we fill in to be written out to
the ELF dump. Unfortunately the address we pass to fd_write_vmcore()
has a spurious '&' operator, so instead of writing out the section
On Mon, May 25, 2020 at 05:44:26PM +0200, Lukas Straub wrote:
> Register a yank function which shuts down the socket and sets
> s->state = NBD_CLIENT_QUIT. This is the same behaviour as if an
> error occured.
>
> Signed-off-by: Lukas Straub
> ---
> Makefile.objs | 1 +
> block/nbd.c | 101
From: David Hildenbrand
We took a reference when realizing, so let's drop that reference when
unrealizing.
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Alexander Duyck
Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Cc: qemu-sta...@nongnu.org
Cc: Wei Wang
Cc:
From: Richard Henderson
We were only constructing the 64-bit element, and not
replicating the 64-bit element across the rest of the vector.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Richard Henderson
(cherry picked from commit e20cb81d9c5a3d0f9c08f3642728a210a1c162c9)
Signed-off-by: Michael
From: Anthony PERARD
Commit a31ca6801c02 ("qemu/queue.h: clear linked list pointers on
remove") revealed that a request was removed twice from a list, once
in xen_block_finish_request() and a second time in
xen_block_release_request() when both function are called from
xen_block_complete_aio().
From: Eric Blake
Ever since commit 36683283 (v2.8), the server code asserts that error
strings sent to the client are well-formed per the protocol by not
exceeding the maximum string length of 4096. At the time the server
first started sending error messages, the assertion could not be
On 6/16/20 3:52 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé writes:
>
>> On 6/16/20 2:53 PM, Alex Bennée wrote:
>>> We should be keeping this up to date as Fedora goes out of support
>>> quite quickly.
>>>
>>> Signed-off-by: Alex Bennée
>>
>> FWIW this one had:
>> Reviewed-by: Richard
From: Stefan Hajnoczi
Although qemu-ga has supported vsock since 2016 it was not documented on
the man page.
Also add the socket address representation to the qga --help output.
Fixes: 586ef5dee77180fc32e33bc08051600030630239
("qga: add vsock-listen method")
Signed-off-by: Stefan
From: Alex Bennée
A write to the SCR can change the effective EL by droppping the system
from secure to non-secure mode. However if we use a cached current_el
from before the change we'll rebuild the flags incorrectly. To fix
this we introduce the ARM_CP_NEWEL CP flag to indicate the new EL
From: Raphael Pour
Close inherited stderr of the parent if fork_process is false.
Otherwise no one will close it. (introduced by e6df58a5)
This only affected 'qemu-nbd -c /dev/nbd0'.
Signed-off-by: Raphael Pour
Message-Id:
Reviewed-by: Eric Blake
[eblake: Enhance commit message]
From: Sameeh Jubran
This patch handles the case where VSS Provider is already registered,
where in such case qga uninstalls the provider and registers it again.
Signed-off-by: Sameeh Jubran
Signed-off-by: Basil Salman
Signed-off-by: Michael Roth
(cherry picked from commit
From: Eric Blake
The QAPI struct GuestFileWhence has a comment about how we are
exploiting equivalent values between two different integer types
shared in a union. But C says behavior is undefined on assignments to
overlapping storage when the two types are not the same width, and
indeed,
From: Kevin Wolf
bdrv_invalidate_cache_all() assumes that all nodes in a given subtree
are either active or inactive when it starts. Therefore, as soon as it
arrives at an already active node, it stops.
However, this assumption is wrong. For example, it's possible to take a
snapshot of an
From: Basil Salman
guest-file-read command is currently implemented to read from a
file handle count number of bytes. when executed with a very large count number
qemu-ga crashes.
after some digging turns out that qemu-ga crashes after trying to allocate
a buffer large enough to save the data
From: Igor Mammedov
Currently parse_numa_node() is always called from already numa
enabled context.
Drop unnecessary check if numa is supported.
Signed-off-by: Igor Mammedov
Message-Id: <1576154936-178362-2-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost
(cherry picked from
From: Cornelia Huck
Commit bb15791166c1 ("compat: disable edid on virtio-gpu base
device") tried to disable 'edid' on the virtio-gpu base device.
However, that device is not 'virtio-gpu', but 'virtio-gpu-device'.
Fix it.
Fixes: bb15791166c1 ("compat: disable edid on virtio-gpu base device")
From: Li Hangjing
When the number of a virtio-blk device's virtqueues is larger than
BITS_PER_LONG, the out-of-bounds access to bitmap[ ] will occur.
Fixes: e21737ab15 ("virtio-blk: multiqueue batch notify")
Cc: qemu-sta...@nongnu.org
Cc: Stefan Hajnoczi
Signed-off-by: Li Hangjing
From: Vladimir Sementsov-Ogievskiy
Prior to 1143ec5ebf4 it was OK to qemu_iovec_from_buf() from aligned-up
buffer to original qiov, as qemu_iovec_from_buf() will stop at qiov end
anyway.
But after 1143ec5ebf4 we assume that bdrv_co_do_copy_on_readv works on
part of original qiov, defined by
From: Peter Maydell
In the function amdvi_log_event(), we write an event log buffer
entry into guest ram, whose contents are passed to the function
via the "uint64_t *evt" argument. Unfortunately, a spurious
'&' in the call to dma_memory_write() meant that instead of
writing the event to the
From: Basil Salman
Installation might fail if we don't wait for the provider
unregisteration process to finish.
Signed-off-by: Sameeh Jubran
Signed-off-by: Basil Salman
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Michael Roth
(cherry picked from commit
From: David Hildenbrand
Checking against guest features is wrong. We allocated data structures
based on host features. We can rely on "free_page_bh" as an indicator
whether to un-do stuff instead.
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Alexander Duyck
Fixes: c13c4153f76d
From: Vitaly Chikunov
rlwinm cannot just AND with Mask if shift value is zero on ppc64 when
Mask Begin is greater than Mask End and high bits are set to 1.
Note that PowerISA 3.0B says that for `rlwinm' ROTL32 is used, and
ROTL32 is defined (in 3.3.14) so that rotated value should have two
From: Max Reitz
Test what happens when writing data to an external data file, where the
write requires an L2 entry to be allocated, but the data write fails.
Signed-off-by: Max Reitz
Message-Id: <20200225143130.111267-4-mre...@redhat.com>
Signed-off-by: Kevin Wolf
(cherry picked from commit
From: Stefan Hajnoczi
The virtqueue code sets up MemoryRegionCaches to access the virtqueue
guest RAM data structures. The code currently assumes that
VRingMemoryRegionCaches is initialized before device emulation code
accesses the virtqueue. An assertion will fail in
vring_get_region_caches()
From: David Hildenbrand
In case we don't have an iothread, we mark the feature as abscent but
still add the queue. 'free_page_bh' remains set to NULL.
qemu-system-i386 \
-M microvm \
-nographic \
-device virtio-balloon-device,free-page-hint=true \
-nographic \
From: Alex Bennée
While do_gen_mem_cb does copy (via extu_tl_i64) vaddr into a new temp
this won't help if the vaddr temp gets clobbered by the actual
load/store op. To avoid this clobbering we explicitly copy vaddr
before the op to ensure it is live my the time we do the
instrumentation.
From: Max Reitz
handle_alloc() reuses preallocated zero clusters. If anything goes
wrong during the data write, we do not change their L2 entry, so we
must not let qcow2_alloc_cluster_abort() free them.
Fixes: 8b24cd141549b5b264baeddd4e72902cfb5de23b
Cc: qemu-sta...@nongnu.org
Signed-off-by:
From: Christophe de Dinechin
Compile error reported by gcc 10.0.1:
scsi/qemu-pr-helper.c: In function ‘multipath_pr_out’:
scsi/qemu-pr-helper.c:523:32: error: array subscript is outside array
bounds of ‘struct transportid *[0]’ [-Werror=array-bounds]
523 |
From: Kevin Wolf
This adds a test for 'qemu-img convert' with copy offloading where the
target image has an external data file. If the test hosts supports it,
it tests both the case where copy offloading is supported and the case
where it isn't (otherwise we just test unsupported twice).
More
From: Finn Thain
The jazzsonic driver in Linux uses the Silicon Revision register value
to probe the chip. The driver fails unless the SR register contains 4.
Unfortunately, reading this register in QEMU usually returns 0 because
the s->regs[] array gets wiped after a software reset.
Fixes:
From: Daniel P. Berrangé
Mention that this is a PCI device address & give the format it is
expected in. Also mention that it must be first unbound from any
host kernel driver.
Signed-off-by: Daniel P. Berrangé
Reviewed-by: Stefan Hajnoczi
Reviewed-by: Eric Blake
Signed-off-by: Kevin Wolf
From: Vladimir Sementsov-Ogievskiy
We need it in separate to pass to the block-copy object in the next
commit.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Vladimir Sementsov-Ogievskiy
Reviewed-by: Andrey Shinkevich
Reviewed-by: Max Reitz
Message-Id:
From: Kevin Wolf
In the case that update_refcount() frees a refcount block, it evicts it
from the metadata cache. Before doing so, however, it returns the
currently used refcount block to the cache because it might be the same.
Returning the refcount block early means that we need to reset
From: Max Reitz
Test what happens when writing data to a preallocated zero cluster, but
the data write fails.
Signed-off-by: Max Reitz
Message-Id: <20200225143130.111267-3-mre...@redhat.com>
Signed-off-by: Kevin Wolf
(cherry picked from commit 31ab00f3747c00fdbb9027cea644b40dd1405480)
From: Vladimir Sementsov-Ogievskiy
Assume we have two regions, A and B, and region B is in-flight now,
region A is not yet touched, but it is unallocated and should be
skipped.
Correspondingly, as progress we have
total = A + B
current = 0
If we reset unallocated region A and call
From: Finn Thain
The existing code has a bug where the Remaining Buffer Word Count (RBWC)
is calculated with a truncating division, which gives the wrong result
for odd-sized packets.
Section 1.4.1 of the datasheet says,
Once the end of the packet has been reached, the serializer will
From: Christian Borntraeger
There is a special quiesce PSW that we check for "shutdown". Otherwise disabled
wait is detected as "crashed". Architecturally we must only check PSW bits
116-127. Fix this.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Christian Borntraeger
Message-Id:
From: Vladimir Sementsov-Ogievskiy
On success path we return what inflate() returns instead of 0. And it
most probably works for Z_STREAM_END as it is positive, but is
definitely broken for Z_BUF_ERROR.
While being here, switch to errno return code, to be closer to
qcow2_compress API (and usual
From: Kevin Wolf
For external data file, cluster allocations return an offset in the data
file and are not refcounted. In this case, there is nothing to do for
qcow2_alloc_cluster_abort(). Freeing the same offset in the qcow2 file
is wrong and causes crashes in the better case or image
From: Finn Thain
Follow the algorithm given in the National Semiconductor DP83932C
datasheet in section 3.4.7:
At the next reception, the SONIC re-reads the last RXpkt.link field,
and updates its CRDA register to point to the next descriptor.
The chip is designed to allow the host to
From: Eduardo Habkost
When using `query-cpu-definitions` using `-machine none`,
QEMU is resolving all CPU models to their latest versions. The
actual CPU model version being used by another machine type (e.g.
`pc-q35-4.0`) might be different.
In theory, this was OK because the correct CPU
From: "Emilio G. Cota"
Fixes: 54cb65d8588
Reported-by: Robert Henry
Signed-off-by: Emilio G. Cota
Signed-off-by: Alex Bennée
Reviewed-by: Richard Henderson
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20200105072940.32204-1-c...@braap.org>
Cc: qemu-sta...@nongnu.org
Message-Id:
From: Finn Thain
It doesn't make sense to clear the command register bit unless the
command was actually issued.
Signed-off-by: Finn Thain
Reviewed-by: Philippe Mathieu-Daudé
Tested-by: Laurent Vivier
Signed-off-by: Jason Wang
(cherry picked from commit
From: Finn Thain
Section 3.4.7 of the datasheet explains that,
The RBE bit in the Interrupt Status register is set when the
SONIC finishes using the second to last receive buffer and reads
the last RRA descriptor. Actually, the SONIC is not truly out of
resources, but gives the
From: Finn Thain
This function re-uses its 'size' argument as a scratch variable.
Instead, declare a local 'size' variable for that purpose so that the
function result doesn't get messed up.
Signed-off-by: Finn Thain
Reviewed-by: Philippe Mathieu-Daudé
Tested-by: Laurent Vivier
From: Finn Thain
Section 3.4.1 of the datasheet says,
The alignment of the RRA is confined to either word or long word
boundaries, depending upon the data width mode. In 16-bit mode,
the RRA must be aligned to a word boundary (A0 is always zero)
and in 32-bit mode, the RRA is
From: Finn Thain
These operations need to take place regardless of whether or not
rx descriptors have been used up (that is, EOL flag was observed).
The algorithm is now the same for a packet that was withheld as for
a packet that was not.
Signed-off-by: Finn Thain
Tested-by: Laurent Vivier
From: Pan Nengyuan
In currently implementation there will be a memory leak when
nbd_client_connect() returns error status. Here is an easy way to
reproduce:
1. run qemu-iotests as follow and check the result with asan:
./check -raw 143
Following is the asan output backtrack:
Direct leak of
From: Finn Thain
According to the datasheet, section 3.4.4, "in 32-bit mode ... the SONIC
always writes long words".
Therefore, use the same technique for the 'in_use' field that is used
everywhere else, and write the full long word.
Signed-off-by: Finn Thain
Tested-by: Laurent Vivier
From: Finn Thain
The DP83932 and DP83934 have 32 data lines. The datasheet says,
Data Bus: These bidirectional lines are used to transfer data on the
system bus. When the SONIC is a bus master, 16-bit data is transferred
on D15-D0 and 32-bit data is transferred on D31-D0. When the
From: Finn Thain
When the SONIC receives a packet into the last available descriptor, it
retains ownership of that descriptor for as long as necessary.
Section 3.4.7 of the datasheet says,
When the system appends more descriptors, the SONIC releases ownership
of the descriptor after
From: Finn Thain
The Least Significant bit of a descriptor address register is used as
an EOL flag. It has to be masked when the register value is to be used
as an actual address for copying memory around. But when the registers
are to be updated the EOL bit should not be masked.
Signed-off-by:
From: Vladimir Sementsov-Ogievskiy
qcow2_can_store_new_dirty_bitmap works wrong, as it considers only
bitmaps already stored in the qcow2 image and ignores persistent
BdrvDirtyBitmap objects.
So, let's instead count persistent BdrvDirtyBitmaps. We load all qcow2
bitmaps on open, so there should
From: Liu Yi L
The present bit check for pasid entry (pe) and pasid directory
entry (pdire) were missed in previous commits as fpd bit check
doesn't require present bit as "Set". This patch adds the present
bit check for callers which wants to get a valid pe/pdire.
Cc: qemu-sta...@nongnu.org
From: Finn Thain
A received packet consumes pkt_size bytes in the buffer and the frame
checksum that's appended to it consumes another 4 bytes. The Receive
Buffer Address register takes the former quantity into account but
not the latter. So the next packet written to the buffer overwrites
the
From: Yuri Benditovich
https://bugzilla.redhat.com/show_bug.cgi?id=1708480
Fix leak of region reference that prevents complete
device deletion on hot unplug.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Yuri Benditovich
Message-Id: <20191226043649.14481-2-yuri.benditov...@daynix.com>
Reviewed-by:
From: Liu Yi L
Ensure the return value of vtd_find_as_from_bus_num() is NULL by
enforcing vtd_bus=NULL. This would help caller of vtd_find_as_from_bus_num()
to decide if any further operation on the returned vtd_bus.
Cc: qemu-sta...@nongnu.org
Cc: Kevin Tian
Cc: Jacob Pan
Cc: Peter Xu
Cc: Yi
From: Peter Xu
The kvm irqchip notifier is only registered if the device supports
INTx, however it's unconditionally removed. If the assigned device
does not support INTx, this will cause QEMU to crash when unplugging
the device from the system. Change it to conditionally remove the
notifier
From: Finn Thain
Add a bounds check to prevent a large packet from causing a buffer
overflow. This is defensive programming -- I haven't actually tried
sending an oversized packet or a jumbo ethernet frame.
The SONIC handles packets that are too big for the buffer by raising
the RBAE interrupt
From: "Michael S. Tsirkin"
Devices tend to maintain vq pointers, allow deleting them trough a vq pointer.
Signed-off-by: Michael S. Tsirkin
Reviewed-by: David Hildenbrand
Reviewed-by: David Hildenbrand
(cherry picked from commit 722f8c51d8af223751dfb1d02de40043e8ba067e)
*prereq for
From: "Michael S. Tsirkin"
Let's make sure calling this twice is harmless -
no known instances, but seems safer.
Suggested-by: Pan Nengyuan
Signed-off-by: Michael S. Tsirkin
(cherry picked from commit 8cd353ea0fbf0e334e015d833f612799be642296)
*prereq for 421afd2fe8
Signed-off-by: Michael Roth
From: "Michael S. Tsirkin"
Some guests read back queue size after writing it.
Update the size immediatly upon write otherwise
they get confused.
In particular this is the case for seabios.
Reported-by: Roman Kagan
Suggested-by: Denis Plotnikov
Cc: qemu-sta...@nongnu.org
Signed-off-by:
From: Richard Henderson
During the conversion to decodetree, the setting of
ISSIs16Bit got lost. This causes the guest os to
incorrectly adjust trapping memory operations.
Cc: qemu-sta...@nongnu.org
Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)")
Reported-by: Jeff Kubascik
From: Yuri Benditovich
https://bugzilla.redhat.com/show_bug.cgi?id=1708480
If the control queue is not deleted together with TX/RX, it
later will be ignored in freeing cache resources and hot
unplug will not be completed.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Yuri Benditovich
Message-Id:
From: Denis Plotnikov
Some guests read back queue size after writing it.
Always update the on size write otherwise they might be confused.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Denis Plotnikov
Message-Id: <20191224081446.17003-1-dplotni...@virtuozzo.com>
Reviewed-by: Michael S. Tsirkin
From: Alexander Popov
The commit a718978ed58a from July 2015 introduced the assertion which
implies that the size of successful DMA transfers handled in ide_dma_cb()
should be multiple of 512 (the size of a sector). But guest systems can
initiate DMA transfers that don't fit this requirement.
From: Pan Nengyuan
The BDRVNBDState cleanup code is common in two places, add
nbd_clear_bdrvstate() function to do these cleanups.
Suggested-by: Stefano Garzarella
Signed-off-by: Pan Nengyuan
Reviewed-by: Vladimir Sementsov-Ogievskiy
Message-Id:
Hi everyone,
The following new patches are queued for QEMU stable v4.2.1:
https://github.com/mdroth/qemu/commits/stable-4.2-staging
The release is planned for 2020-06-25:
https://wiki.qemu.org/Planning/4.2
Due to delays on my part this release is going out beyond the normal
~4 month
From: Niek Linnenbank
After setting CP15 bits in arm_set_cpu_on() the cached hflags must
be rebuild to reflect the changed processor state. Without rebuilding,
the cached hflags would be inconsistent until the next call to
arm_rebuild_hflags(). When QEMU is compiled with debugging enabled
From: Peter Wu
When the 'vga=' parameter is succeeded by another parameter, QEMU 4.2.0
would refuse to start with a rather cryptic message:
$ qemu-system-x86_64 -kernel /boot/vmlinuz-linux -append 'vga=792 quiet'
qemu: can't parse 'vga' parameter: Invalid argument
It was not clear
From: Max Reitz
When dropping backup-top, we need to drain the node before freeing the
BlockCopyState. Otherwise, requests may still be in flight and then the
assertion in shres_destroy() will fail.
(This becomes visible in intermittent failure of 056.)
Cc: qemu-sta...@nongnu.org
From: Alexander Popov
Fuzzing the Linux kernel with syzkaller allowed to find how to crash qemu
using a special SCSI_IOCTL_SEND_COMMAND. It hits the assertion in
ide_dma_cb() introduced in the commit a718978ed58a in July 2015.
Currently this bug is not reproduced by the unit tests.
Let's
From: Niek Linnenbank
This change ensures that the FPU can be accessed in Non-Secure mode
when the CPU core is reset using the arm_set_cpu_on() function call.
The NSACR.{CP11,CP10} bits define the exception level required to
access the FPU in Non-Secure mode. Without these bits set, the CPU
will
201 - 300 of 537 matches
Mail list logo
