sample_page_period(int64_t sec)
This function name may confuse people the this will get the period.
But in fact you just check whether the 'period' is valid.
I think it is better to name it to be 'is_sample_period_valid' or
something meaningful.
Thanks,
Li Qiang
and other element.
2. you need to use two out parameter which seems can make confusion.
Could we allocates this array at onetime. This maybe two iteration
the ram block list.
But I think may make the code more simple and clean.
Thank,s
Li Qiang
> +if (dinfo == NULL) {
Pan Nengyuan 于2020年9月10日周四 上午10:39写道:
>
> 'str' is not used in match_interval_mapping_node(), remove it.
>
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> tests/test-vmstate.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/tests/
7; is
in main thread through BH.
So I think there is a race condition. But I don't find a pattern for
this kind of bug(BH and vcpu thread). I missed anything?
Thanks,
Li Qiang
Gerd Hoffmann 于2020年9月9日周三 下午12:49写道:
>
> On Wed, Sep 09, 2020 at 10:15:47AM +0800, Jason Wang wrote:
> >
> > On 2020/9/9 上午12:41, Li Qiang wrote:
> > > Currently the MR is not explicitly connecting with its device instead of
> > > a opaque. In most situation
Jason Wang 于2020年9月9日周三 上午10:16写道:
>
>
> On 2020/9/9 上午12:41, Li Qiang wrote:
> > Currently the MR is not explicitly connecting with its device instead of
> > a opaque. In most situation this opaque is the deivce but it is not an
> > enforcement. This patch adds
Jason Wang 于2020年9月9日周三 上午10:17写道:
>
>
> On 2020/9/9 上午12:41, Li Qiang wrote:
> > Currently the qemu device fuzzer find some DMA to MMIO issue. If the
> > device handling MMIO currently trigger a DMA which the address is MMIO,
> > this will reenter the device MMIO han
is by adding a per-device flag 'in_mmio'.
When the memory core dispatch MMIO it will check/set this flag and when
it leaves it will clean this flag.
Li Qiang (4):
memory: add memory_region_init_io_with_dev interface
memory: avoid reenter the device's MMIO handler while processin
This patch adds a 'in_mmio' flag to 'DeviceState' to indicate that the
device is doing MMIO path. This can avoid the malicious guest do
DMA to MMIO and crash the qemu.
Signed-off-by: Li Qiang
---
include/hw/qdev-core.h | 1 +
softmmu/memory.c | 31
This can avoid the DMA to MMIO issue here:
https://bugs.launchpad.net/qemu/+bug/1891354
Signed-off-by: Li Qiang
---
hw/usb/hcd-xhci.c | 25 +++--
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46a2186d91
This can avoid the DMA to MMIO issue here:
https://bugs.launchpad.net/qemu/+bug/1886362
Signed-off-by: Li Qiang
---
hw/net/e1000e.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index fda34518c9..0aac5cea2e 100644
--- a/hw/net
Currently the MR is not explicitly connecting with its device instead of
a opaque. In most situation this opaque is the deivce but it is not an
enforcement. This patch adds a DeviceState member of to MemoryRegion
we will use it in later patch.
Signed-off-by: Li Qiang
---
include/exec/memory.h
Michael S. Tsirkin 于2020年9月8日周二 下午10:10写道:
>
> For some reason I didn't receive the original email.
> Sorry.
> Queued now.
>
Kindly notice:
Here is another patch for virtio-pmem.
https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg02639.html
Thanks,
Li Qiang
> On
Ping!
Li Qiang 于2020年9月1日周二 下午6:34写道:
>
> Ping.
>
> Li Qiang 于2020年8月15日周六 下午3:21写道:
> >
> > In 'map_page' we need to check the return value of
> > 'dma_memory_map' to ensure the we actully maped something.
> > Otherwise, we will hit an
Ping!
Li Qiang 于2020年8月28日周五 上午9:21写道:
>
> Kindly ping.
>
> Li Qiang 于2020年8月16日周日 下午10:23写道:
> >
> > If error occurs while processing the virtio request we should call
> > 'virtqueue_detach_element' to detach the element from the virtqueue
> > b
ping!
Li Qiang 于2020年8月28日周五 上午9:21写道:
>
> Kindly ping.
>
> Li Qiang 于2020年8月14日周五 上午12:52写道:
> >
> > If error occurs while processing the virtio request we should call
> > 'virtqueue_detach_element' to detach the element from the virtqueue
> > b
AlexChen 于2020年8月26日周三 下午6:16写道:
>
> From: AlexChen
Reviewed-by: Li Qiang
>
> The 'kdgb' is allocating memory in get_kdbg(), but it is not freed
> in both fill_header() and fill_context() failed branches, fix it.
>
> Signed-off-by: AlexChen
> ---
> cont
t; - dma_memory_read(E1, E2, E3, E4)
> + dma_memory_read(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
> |
> - dma_memory_write(E1, E2, E3, E4)
> + dma_memory_write(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
> )
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by:
3, E4)
> + dma_memory_map(E1, E2, E3, E4, MEMTXATTRS_UNSPECIFIED)
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h| 3 ++-
> include/sysemu/dma.h| 5 +++--
> dma-helpers.c | 3 ++-
> hw/display/vi
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:53写道:
>
> Let devices specify transaction attributes when calling
> dma_memory_rw().
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h | 3 ++-
> include/sysemu/dma.h | 11
t;
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 15 ++-
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
> index d0381f9ae9b..59331ec0bd3 100644
> --- a/i
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:49写道:
>
> Let devices specify transaction attributes when calling
> dma_memory_set().
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/ppc/spapr_vio.h | 3 ++-
> include/sysemu/dma.h
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:48写道:
>
> Let devices specify transaction attributes when calling
> dma_memory_valid().
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/ppc/spapr_vio.h | 2 +-
> include/sysemu/dma.h | 4
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:46写道:
>
> dma_memory_rw_relaxed() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 22 ++
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:50写道:
>
> dma_memory_rw_relaxed() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 21 +
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:46写道:
>
> address_space_rw() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 30 ++-
Philippe Mathieu-Daudé 于2020年9月4日周五 下午11:47写道:
>
> address_space_write() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/sysemu/dma.h | 15 ++-
> d
safe.
>
> Signed-off-by: Klaus Jensen
> Reviewed-by: Philippe Mathieu-Daudé
> Reviewed-by: Michael S. Tsirkin
> Acked-by: Keith Busch
> Message-Id: <20191011070141.188713-2-...@irrelevant.dk>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> --
Philippe Mathieu-Daudé 于2020年9月5日周六 上午12:26写道:
>
> pci_dma_rw() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h | 16 ++--
> 1 file chan
Philippe Mathieu-Daudé 于2020年9月5日周六 上午12:27写道:
>
> pci_dma_rw() returns a MemTxResult type.
> Do not discard it, return it to the caller.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> include/hw/pci/pci.h | 16 ++--
> 1 file chan
DMADirection dir)
> {
> return dma_memory_rw(pci_get_address_space(dev), addr, buf, len,
> dir, MEMTXATTRS_UNSPECIFIED);
Reviewed-by: Li Qiang
> --
> 2.26.2
>
>
plicated if we consider
the no-PCI the qemu_irq cases. I agree to address the PCI cases first.
Thanks,
Li Qiang
> Regards,
>
> Phil.
>
> Klaus Jensen (1):
> pci: pass along the return value of dma_memory_rw
>
> Philippe Mathieu-Daudé (11):
> dma: Let dma_memory_valid() t
0e_macreg_writeops[] = {
>
> 3102 e1000e_putreg(FLSWDATA),
>
> 3145 e1000e_putreg(FLSWDATA),
>
> To avoid confusion, remove the duplicated initialization.
>
> Fixes: 6f3fbe4ed0 ("net: Introduce e1000e device emulation")
> Signed
ation.
>
> 6f3fbe4ed0 ("net: Introduce e1000e device emulation")
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> hw/net/e1000e_core.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
>
Pan Nengyuan 于2020年9月4日周五 下午3:23写道:
>
> s->connection_track_table forgot to destroy in colo_rewriter_cleanup. Fix it.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> net/filter-rewriter.c | 2 ++
> 1 file changed, 2 inserti
Peter Maydell 于2020年9月3日周四 下午7:19写道:
>
> On Thu, 3 Sep 2020 at 12:11, Li Qiang wrote:
> >
> > Peter Maydell 于2020年9月3日周四 下午6:53写道:
> > >
> > > On Thu, 3 Sep 2020 at 04:55, Jason Wang wrote:
> > > > I think we still need to seek a way to address
controller?
This is special case I think.
> Now we have reentered into device A's code
>
> That is to say, the problem is general to "device A does
> something that affects device B" links of all kinds, which
As the P2P is a normal behavior, we can't just prevent this.
Michael Tokarev 于2020年9月3日周四 下午1:12写道:
>
> 02.09.2020 19:22, Li Qiang wrote:
> ..
> > @@ -809,6 +809,10 @@ void virtio_gpu_process_cmdq(VirtIOGPU *g)
> > {
> > struct virtio_gpu_ctrl_command *cmd;
> >
> > +if (atomic_read(&g->in_io)) {
>
Jason Wang 于2020年9月3日周四 下午2:16写道:
>
>
> On 2020/9/3 下午12:50, Li Qiang wrote:
> > Jason Wang 于2020年9月3日周四 下午12:24写道:
> >>
> >> On 2020/9/3 下午12:06, Alexander Bulekov wrote:
> >>> On 200903 1154, Jason Wang wrote:
> >>>> On 2020/9/3 上午12:
Jason Wang 于2020年9月3日周四 下午12:24写道:
>
>
> On 2020/9/3 下午12:06, Alexander Bulekov wrote:
> > On 200903 1154, Jason Wang wrote:
> >> On 2020/9/3 上午12:22, Li Qiang wrote:
> >>> The qemu device fuzzer has found several DMA to MMIO issue.
> >>> These i
unchpad.net/qemu/+bug/1886362
Reported-by: Alexander Bulekov
Signed-off-by: Li Qiang
---
hw/net/e1000e.c | 35 ++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index fda34518c9..eb6b34b7f3 100644
--- a/hw/net/e
emu/+bug/1891354
Reported-by: Alexander Bulekov
Signed-off-by: Li Qiang
---
hw/usb/hcd-xhci.c | 60 +++
hw/usb/hcd-xhci.h | 1 +
2 files changed, 61 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46a2186d91..06cd235123 100644
'virtio_gpu_process_cmdq' is run in a BH which in the
main thread
and 'virtio_gpu_reset' is run in the vcpu thread and both of them access the
'g->cmdq'.
Buglink: https://bugs.launchpad.net/qemu/+bug/1888606
Reported-by: Alexander Bulekov
Signed-off-by: Li Qia
k/set/clean according the per-device's
IO emulation.
The second issue which itself suffers a race condition so I uses a
atomic.
Li Qiang (3):
e1000e: make the IO handler reentrant
xhci: make the IO handler reentrant
virtio-gpu: make the IO handler reentrant
hw/display/virtio-gpu.c
g/1880189
> Cc: Li Qiang
> Reported-by: Philippe Mathieu-Daudé
> Signed-off-by: Gerd Hoffmann
> Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> hw/display/cirrus_vga.c | 12 +---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff
an
> Reviewed-by: Stefano Garzarella
Reviewed-by: Li Qiang
> ---
> Cc: Kevin Wolf
> Cc: Max Reitz
> Cc: Aarushi Mehta
> Cc: qemu-bl...@nongnu.org
> ---
> - V2: no changes in v2.
> ---
> block/file-posix.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(
Pan Nengyuan 于2020年8月31日周一 下午3:17写道:
>
> 'local_err' forgot to free in colo_process_incoming_thread error path.
> Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Hailiang Zhang
> Cc: Juan Qu
Ping.
Li Qiang 于2020年8月15日周六 下午3:21写道:
>
> In 'map_page' we need to check the return value of
> 'dma_memory_map' to ensure the we actully maped something.
> Otherwise, we will hit an assert in 'address_space_unmap'.
> This is because we can't
IOC) != 0);
Hi Gerd,
’usb_packet_setup‘ doesn't modify the 'iov' and other resources.
'usb_packet_cleanup' is paired with 'usb_packet_init' which I think should be
processed in the more up layer.
If 'usb_packet_map' fails, we need to cle
#x27; here, why we add 1 at the first?:
> >
> > "off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;"
>
> > This addition '1' is what I think should be substracted in wrapped cases.
>
> The +1 balances the -1 done before ...
Then the second set size is ok.
Thanks,
Li Qiang
>
> take care,
> Gerd
>
x27;s->cirrus_addr_mask->off_cur+1'.
+memory_region_set_dirty(&s->vga.vram, 0, off_cur_end);
For the 'off_cur_end' here, why we add 1 at the first?:
"off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;"
This addition '1' is what I think should be substracted in wrapped cases.
Thanks,
Li Qiang
+}
off_begin += off_pitch;
}
}
>
> take care,
> Gerd
>
ust sets 0x1fff-0x1000= 0xfff bytes.
In fact we need to set 0x1000 bytes.
>
> > > +memory_region_set_dirty(&s->vga.vram, 0, off_cur_end);
> >
> > And here be 'off_cur_end -1'
>
> --verbose please. I think this one is correct.
Here the 'off_cur_end' is size.
In this second set we actually sets 'off_cur_end+1' size bytes.
In a word, I think the first lost a byte and the second added a more byte .
Thank,s
Li Qiang
>
> take care,
> Gerd
>
ze 0x400
> temporary 0 iova (nil)
> qemu_vfio_find_mapping s 0xf1c60d90 host 0x2bc0
> qemu_vfio_new_mapping s 0xf1c60d90 host 0x2bc0 size 0x400
> index 4 iova 0x114000
> qemu_vfio_do_mapping s 0xf1c60d90 host 0x2bc0 size 0x400
u-Daudé
Reviewed-by: Li Qiang
> ---
> Since v1:
> - renamed argument 'bufptr' (Peter Maydell)
> ---
> include/qemu-common.h| 3 ++-
> hw/dma/xlnx_dpdma.c | 2 +-
> hw/net/fsl_etsec/etsec.c | 2 +-
> hw/sd/sd.c | 2 +-
> hw/usb/
Kindly ping.
Li Qiang 于2020年8月14日周五 上午12:52写道:
>
> If error occurs while processing the virtio request we should call
> 'virtqueue_detach_element' to detach the element from the virtqueue
> before free the elem.
>
> Signed-off-by: Li Qiang
> ---
> hw/vi
Kindly ping.
Li Qiang 于2020年8月16日周日 下午10:23写道:
>
> If error occurs while processing the virtio request we should call
> 'virtqueue_detach_element' to detach the element from the virtqueue
> before free the elem.
>
> Signed-off-by: Li Qiang
> ---
> Change sinc
Pan Nengyuan 于2020年8月27日周四 下午3:06写道:
>
>
>
> On 2020/8/26 20:20, Li Qiang wrote:
> > Pan Nengyuan 于2020年8月14日周五 下午6:15写道:
> >>
> >> Receiving error in local variable err, and forgot to free it.
> >> Considering that there is no place to deal with it.
Eduardo Habkost 于2020年8月27日周四 上午2:44写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Paolo Bonzini
> Cc: Fam Zheng
> Cc: qemu-devel@nongnu.org
> ---
> hw/scsi/esp-pci
Eduardo Habkost 于2020年8月27日周四 上午2:50写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Andrzej Zaborowski
> Cc: Peter Maydell
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel
Eduardo Habkost 于2020年8月27日周四 上午2:51写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: David Gibson
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.org
> ---
> hw/pci-h
Eduardo Habkost 于2020年8月27日周四 上午2:48写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: "Michael S. Tsirkin"
> Cc: Marcel Apfelbaum
> Cc: Paolo Bonzini
> Cc: Ric
Eduardo Habkost 于2020年8月27日周四 上午2:47写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Alistair Francis
> Cc: "Edgar E. Iglesias"
> Cc: Peter Maydell
> Cc:
Eduardo Habkost 于2020年8月27日周四 上午2:46写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: David Gibson
> Cc: Jason Wang
> Cc: qemu-...@nongnu.org
> Cc: qemu-devel@nongnu.or
Eduardo Habkost 于2020年8月27日周四 上午2:45写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Cornelia Huck
> Cc: Halil Pasic
> Cc: Christian Borntraeger
> Cc: Thomas Huth
>
Eduardo Habkost 于2020年8月27日周四 上午2:44写道:
>
> This will make future conversion to use OBJECT_DECLARE* easier.
>
> Signed-off-by: Eduardo Habkost
Reviewed-by: Li Qiang
> ---
> Cc: Chris Wulff
> Cc: Marek Vasut
> Cc: qemu-devel@nongnu.org
> ---
> hw/intc/nios2_iic
if ((*iov)[i].iov_base) {
> +i++; /* cleanup the 'i'th map */
Should we also reset (*iov)[i].iov_len to 'len' so the
dma_memory_unmap has the right size?
Thanks,
Li Qiang
> +}
> virtio_gpu_cleanup_mapping_iov(g, *iov, i);
> g_free(ents);
> *iov = NULL;
> --
> 2.17.1
>
>
>
>
82,6 +883,7 @@ void *colo_process_incoming_thread(void *opaque)
> colo_send_message(mis->to_src_file, COLO_MESSAGE_CHECKPOINT_READY,
>&local_err);
> if (local_err) {
> +error_report_err(local_err);
> goto out;
> }
>
Could we arrange 'error_report_err' in 'out' label?
Like this:
if (local_err) {
error_report_err(local_err);
}
Thanks,
Li Qiang
> --
> 2.18.2
>
>
Pan Nengyuan 于2020年8月14日周五 下午6:38写道:
>
> 'err' forgot to free in x86_cpu_class_check_missing_features error path.
> Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Paolo Bonzini
> Cc: Ric
t; params->minor_ver);
> -gdk_gl_context_realize(ctx, &err);
> +gdk_gl_context_realize(ctx, NULL);
> return ctx;
> }
Maybe we should check the return value of 'gdk_window_create_gl_context'
and 'gdk_gl_context_realize' instead of omitting it?
Thanks,
Li Qiang
>
> --
> 2.18.2
>
>
Pan Nengyuan 于2020年8月14日周五 下午6:30写道:
>
> Missing g_error_free on error path in ga_channel_write_all(). Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Michael Roth
> ---
> qga/channel-posix.c | 6 +-
>
Cornelia Huck 于2020年8月26日周三 下午7:41写道:
>
> On Wed, 26 Aug 2020 19:03:37 +0800
> Li Qiang wrote:
>
> > Pan Nengyuan 于2020年8月14日周五 下午6:29写道:
> > >
> > > Missing g_error_free() in vfio_ap_get_group() error path. Fix that.
> > >
> > > Repor
Pan Nengyuan 于2020年8月14日周五 下午6:29写道:
>
> Missing g_error_free() in vfio_ap_get_group() error path. Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
I see Cornelia Huck has merged this in his tree.
Don't know whether this ser
Pan Nengyuan 于2020年8月14日周五 下午6:28写道:
>
> Missing g_error_free in QEMU_Elf_init() error path. Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Viktor Prutyanov
> ---
> contrib/elf2dmp/qemu_elf.c | 1 +
>
Pan Nengyuan 于2020年8月14日周五 下午6:37写道:
>
> Missing g_error_free() in sev_read_file_base64() error path.
> Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Paolo Bonzini
> Cc: Richard Henderson
> Cc: Eduardo
Pan Nengyuan 于2020年8月14日周五 下午6:51写道:
>
> Missing g_error_free in pdb_init_from_file() error path. Fix that.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Viktor Prutyanov
> ---
> contrib/elf2dmp/pdb.c | 1 +
>
Pan Nengyuan 于2020年8月14日周五 下午6:54写道:
>
> 'local_err' seems forgot to propagate in error path, it'll cause
> a memleak. Fix it.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li Qiang
> ---
> Cc: Kevin Wolf
> Cc: Max Rei
Pan Nengyuan 于2020年8月14日周五 下午6:32写道:
>
> local_err is not initialized to NULL, it will cause a assert error as below:
> qemu/util/error.c:59: error_setv: Assertion `*errp == NULL' failed.
>
> Fixes: c6447510690
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyu
Pan Nengyuan 于2020年8月14日周五 下午6:40写道:
>
> 'addr' forgot to free in vnc_socket_ip_addr_string error path. Fix that.
s/forgot/is forgot, I think the maintainer will do this minor adjustment.
.
>
> Reported-by: Euler Robot
> Signed-off-by: Pan Nengyuan
Reviewed-by: Li
rspace_addr, &offset, &fd);
> ^~
>
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Raphael Norwitz
Reviewed-by: Li Qiang
> ---
> Cc: "Michael S. Tsirkin"
> Cc: Raphael Norwitz
> ---
> hw/virtio/vhost-user.c | 2 +-
> 1
- a/hw/vfio/platform.c
> > > +++ b/hw/vfio/platform.c
> > > @@ -236,7 +236,7 @@ static void vfio_intp_interrupt(VFIOINTp *intp)
> > > trace_vfio_intp_interrupt_set_pending(intp->pin);
> > > QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue,
&g
-by: Chen Qun
> Reviewed-by: Gerd Hoffmann
Reviewed-by: Li Qiang
> ---
> Cc: Gerd Hoffmann
> ---
> hw/display/vga.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/display/vga.c b/hw/display/vga.c
> index 061fd9ab8f..836ad50c7b 100644
> --- a/hw/display/vg
QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue,
> intp, pqnext);
> -ret = event_notifier_test_and_clear(intp->interrupt);
Shouldn't we check the 'ret' like the other place in this function?
Thanks,
Li Qiang
> +event_notifier_test_and_clear(intp->interrupt);
> return;
> }
>
> --
> 2.23.0
>
>
_TCP_FLAG' is '0x3F'. The last ‘tcp_flag’ assignment statement
> is
> the same as that of the first two statements.
>
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> Cc: "Michael
y: Euler Robot
> Signed-off-by: Chen Qun
Reviewed-by: Li Qiang
> ---
> Cc: Peter Maydell
> Cc: qemu-...@nongnu.org
> ---
> hw/arm/omap1.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
> index 6ba0df6b6d..02c0f66431 100644
;
> Reported-by: Euler Robot
> Signed-off-by: Chen Qun
> Reviewed-by: Igor Mammedov
Reviewed-by: Li Qiang
> ---
> Cc: Shannon Zhao
> Cc: Peter Maydell
> Cc: "Michael S. Tsirkin"
> Cc: Igor Mammedov
> Cc: qemu-...@nongnu.org
> ---
> hw/arm/v
rom working with invalid USBDevice->setup_len values and overrunning
> the USBDevice->setup_buf[] buffer.
>
> Fixes: CVE-2020-14364
> Signed-off-by: Gerd Hoffmann
> Tested-by: Gonglei
Reviewed-by: Li Qiang
Just see the page.
-->https://access.redhat.com/security/cve/CVE-2
irrus_addr_mask - off_cur);
Should here be 's->cirrus_addr_mask + 1 - off_cur'
> +memory_region_set_dirty(&s->vga.vram, 0, off_cur_end);
And here be 'off_cur_end -1'
Thanks,
Li Qiang
> +}
> off_begin += off_pitch;
> }
> }
> --
> 2.27.0
>
>
Thomas Huth 于2020年8月20日周四 下午10:24写道:
>
> On 19/08/2020 16.15, Li Qiang wrote:
> > Currently the device fuzzer find a more and more issues.
> > For every fuzz case, we need not only the fixes but also
> > the coressponding test case. We can analysis the reproducer
> >
c10dc0e
outl 0x03cc 0x2f31dc12
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0x1021f40e
EOF
This patch fixes this.
Buglink: https://bugs.launchpad.net/qemu/+bug/1880189
Reported-by: Alexander Bulekov
Philippe Mathieu-Daudé 于2020年8月19日周三 下午11:07写道:
>
> On 8/19/20 4:43 PM, Li Qiang wrote:
> > If g_malloc fails, the application will be terminated.
>
> Which we don't want... better to use g_try_malloc() instead?
I don't think so. If g_malloc return NULL it means
Alexander Bulekov 于2020年8月20日周四 上午12:23写道:
>
> On 200819 2250, Li Qiang wrote:
> > Philippe Mathieu-Daudé 于2020年8月19日周三 下午10:38写道:
> >
> > > On 8/19/20 4:15 PM, Li Qiang wrote:
> > > > Currently the device fuzzer find a more and more issues.
> >
Philippe Mathieu-Daudé 于2020年8月19日周三 下午10:38写道:
> On 8/19/20 4:15 PM, Li Qiang wrote:
> > Currently the device fuzzer find a more and more issues.
> > For every fuzz case, we need not only the fixes but also
> > the coressponding test case. We can analysis the reproducer
&g
If g_malloc fails, the application will be terminated.
No need to check the return value of g_malloc.
Signed-off-by: Li Qiang
---
hw/virtio/vhost-vdpa.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 4580f3efd8
s the issue LP#1878263 test case.
Signed-off-by: Li Qiang
---
tests/qtest/Makefile.include | 2 ++
tests/qtest/fuzz-test.c | 45
2 files changed, 47 insertions(+)
create mode 100644 tests/qtest/fuzz-test.c
diff --git a/tests/qtest/Makefile.include b/
Paolo Bonzini 于2020年8月18日周二 上午1:05写道:
> On 15/08/20 16:19, Li Qiang wrote:
> > Currently in 'megasas_map_sgl' when 'iov_count=0' will just return
> > success however the 'cmd' doens't contain any iov. This will cause
> > the
If error occurs while processing the virtio request we should call
'virtqueue_detach_element' to detach the element from the virtqueue
before free the elem.
Signed-off-by: Li Qiang
---
Change since v1:
Change the subject
Avoid using the goto label
hw/virtio/virtio-mem.c | 3 +++
1 fi
API could be used instead (with better
> performance) but requires careful auditing of the code, so do the simple
> thing instead.
>
> Signed-off-by: Stefan Hajnoczi
>
virtio-net also uses this method.
Reviewed-by: Li Qiang
> ---
> hw/virtio/virtio-crypto.c | 17 ++---
}
> }
>
> -size_t iov_discard_front(struct iovec **iov, unsigned int *iov_cnt,
> - size_t bytes)
> +void iov_discard_undo(IOVDiscardUndo *undo)
> +{
> +/* Restore original iovec if it was modified */
> +if (undo->modified_iov) {
> +
Philippe Mathieu-Daudé 于2020年8月14日周五 下午4:33写道:
>
> Use self-explicit definitions instead of magic '512' value.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Li Qiang
> ---
> hw/ide/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
&g
Philippe Mathieu-Daudé 于2020年8月14日周五 下午4:29写道:
>
> As it is not obvious the default size for the null block driver
> is 1 GiB, replace the obfuscated '1 << 30' magic value by a
> definition using IEC binary prefixes.
>
> Signed-off-by: Philippe Mat
101 - 200 of 833 matches
Mail list logo
