Spotted by Coverity: CID 1397074
Signed-off-by: Li Qiang
---
hw/usb/dev-mtp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 6098005cd4..b19b576278 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1729,6 +1729,7 @@ static void
In rdma_rm_get_backend_gid_index(), the 'sgid_idx' is used
to index the array 'dev_res->port.gid_tbl' which size is
MAX_PORT_GIDS. Current the 'sgid_idx' may be MAX_PORT_GIDS
thus cause an off-by-one issue.
Spotted by Coverity: CID 1398594
Signed-off-by: Li
Spotted by Coverity: CID 1398595
Signed-off-by: Li Qiang
---
hw/rdma/vmw/pvrdma_qp_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/rdma/vmw/pvrdma_qp_ops.c b/hw/rdma/vmw/pvrdma_qp_ops.c
index 300471a4c9..584be2043e 100644
--- a/hw/rdma/vmw/pvrdma_qp_ops.c
+++ b/hw/rdma/vmw
Thomas Huth 于2019年1月2日周三 下午9:50写道:
> On 2018-12-15 13:03, Li Qiang wrote:
> > Currently when processing VHOST_USER_SET_VRING_CALL
> > if 'qemu_chr_fe_get_msgfds' get no fd, the 'fd' will
> > be a stack uninitialized value.
> >
> > Signed-off-b
Commit 376692b9dc6(cpus: protect work list with work_mutex)
initialize a work_mutex in cpu_common_initfn, however forget
to destroy it. This will cause resource leak when hotunplug cpu
or hotplug cpu fails.
Signed-off-by: Li Qiang
---
qom/cpu.c | 3 +++
1 file changed, 3 insertions(+)
diff
Ping..
Li Qiang 于2018年12月15日周六 下午8:06写道:
> Currently, the vhost-user-test is not correct.
> When in qtest mode, the accel is qtest, not kvm.
> So when the client side of vhost-user-test send
> 'VHOST_USER_SET_VRING_CALL' msg, the 'fd' will
> no be added in
Fam Zheng 于2018年12月20日周四 上午9:26写道:
>
>
> > On Dec 20, 2018, at 06:58, Li Qiang wrote:
> >
> > Hello Paolo
> >
> > Thanks for your kind reply.
> >
> > Yes, aio_poll and aio_ctx_dispatch mostly run in different threads,
> though
> > So
h will call aio_dispatch_handlers and timerlistgroup_run_timers.
But the are the same fd, how can this happen?
Thanks,
Li Qiang
发件人: Paolo Bonzini
发送时间: 2018年12月20日 4:42
收件人: Li Qiang; stefa...@redhat.com; f...@euphon.net; Qemu Developers; 李强
主题: Re: Question about aio_poll and glib aio_ctx_dispatch
On 19/12/1
Sent it to qemu-devel.
Li Qiang 于2018年12月19日周三 下午6:04写道:
> Hello Paolo, Stefan, Fam and all,
>
> Here I have a question about 'aio_poll'.
> IIUC the 'aio_poll' is (mostly) used for synchronous IO
> as I see a lot of code like this:
> while(condition)
&
Markus Armbruster 于2018年12月18日周二 下午3:10写道:
> Philippe Mathieu-Daudé writes:
>
> > On 12/17/18 8:01 PM, Markus Armbruster wrote:
> >> Philippe Mathieu-Daudé writes:
> >>
> >>> Hi Li,
> >>>
> >>> On 11/29/18 5:52 AM, Li Qiang w
Signed-off-by: Li Qiang
---
util/main-loop.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/util/main-loop.c b/util/main-loop.c
index affe0403c5..845a4b1f13 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -26,7 +26,6 @@
#include "qapi/error.h"
#include "qemu/cuti
PingPaolo, could these patches go to your misc tree?
Thanks,
Li Qiang
Li Qiang 于2018年11月29日周四 下午12:53写道:
> According https://wiki.qemu.org/Contribute/BiteSizedTasks
> the 'DEFINE_PROP_PTR' should be replaced by QOM link property.
> The first patch replace constant str
Assert that the return value is not an error. This is like commit
7e6478e7d4f for qemu_set_cloexec.
Signed-off-by: Li Qiang
---
util/oslib-posix.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index c1bee2a581..4ce1ba9ca4
make this function return true if not using kvm accel.
Signed-off-by: Li Qiang
---
v2: change the fix in 'ioeventfd_enabled' per Paolo's review
hw/virtio/vhost-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-us
success.
Even worse, 'qemu_set_nonblock' doesn't check the return value
of fcntl.
So this cause the interesting bug here: there are three issues,
but they combined and will bypass the qtest.
This patchset tries to address these issue.
v2: Change the second patch per Paolo'
Currently when processing VHOST_USER_SET_VRING_CALL
if 'qemu_chr_fe_get_msgfds' get no fd, the 'fd' will
be a stack uninitialized value.
Signed-off-by: Li Qiang
---
tests/vhost-user-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/vhost-user-
success.
Even worse, 'qemu_set_nonblock' doesn't check the return value
of fcntl.
So this cause the interesting bug here: there are three issues,
but they combined and will bypass the qtest.
This patchset tries to address these issue.
Li Qiang (3):
tests: vhost-user-test: init
Currentyly when processing VHOST_USER_SET_VRING_CALL
if 'qemu_chr_fe_get_msgfds' get no fd, the 'fd' will
be a stack uninitialized value.
Signed-off-by: Li Qiang
---
tests/vhost-user-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/vhost-user-
Assert that the return value is not an error. This is like commit
7e6478e7d4f for qemu_set_cloexec.
Signed-off-by: Li Qiang
---
util/oslib-posix.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index c1bee2a581..4ce1ba9ca4
Currently, the vhost-user-test assumes the eventfd is available.
However it's not true because the accel is qtest. So the
'vhost_set_vring_file' will not add fds to the msg and the server
side of vhost-user-test will be broken. This patch avoid this.
Signed-off-by: Li Qiang
---
Li Qiang 于2018年12月14日周五 上午9:46写道:
> Hi all,
>
> Here is the error.
>
> GTESTER check-qtest-x86_64
> Unable to get file status flag on fd 21860: Bad file descriptor(errno=9)
> GTESTER check-qtest-aarch64
> Broken pipe
> GTester: last random seed: R02S3f0d6981dd9723
uess.
21280 --> 0x5564
21965 --> 0x55CD
21890 --> 0x5582
21923 --> 0x55A3
Seems they are stack uninitialized value which 'fd's memory holds.
Seems 'qemu_chr_fe_get_msgfds' first failed, then the 'fd' is an
uninitialized value
cause my first patch '
Peter Maydell 于2018年12月13日周四 下午7:45写道:
> On Thu, 13 Dec 2018 at 11:37, Li Qiang wrote:
> >
> > Also add diagnostics info in 'qemu_set_cloexec' so that we can know
> > what happen when error occurs.
> >
> > Signed-off-by: Li Qiang
> > ---
> &g
Also add diagnostics info in 'qemu_set_cloexec' so that we can know
what happen when error occurs.
Signed-off-by: Li Qiang
---
Change since v1: add diagnostics info
util/oslib-posix.c | 37 -
1 file changed, 32 insertions(+), 5 deletions(-)
di
Daniel P. Berrangé 于2018年12月13日周四 下午6:17写道:
> On Thu, Dec 13, 2018 at 05:56:24PM +0800, Li Qiang wrote:
> > Peter Maydell 于2018年12月13日周四 下午5:31写道:
> >
> > > On Thu, 13 Dec 2018 at 06:58, wrote:
> > > >
> > > > Patchew URL:
> > >
> h
omplaint that this build setup doesn't
> have SDL2 installed.
>
> The actual cause of the failure is much lower down:
>
>
Indeed.
> GTESTER check-qtest-aarch64
> vhost-user-test: /tmp/qemu-test/src/util/oslib-posix.c:245:
> qemu_set_nonblock: Assertion `f != -1' failed.
Assert that the return value is not an error. This is like commit
7e6478e7d4f for qemu_set_cloexec.
Signed-off-by: Li Qiang
---
util/oslib-posix.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index c1bee2a581..4ce1ba9ca4
ael Hanselmann
> Signed-off-by: Prasad J Pandit
Reviewed-by: Li Qiang
> ---
> hw/i2c/pm_smbus.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/hw/i2c/pm_smbus.c b/hw/i2c/pm_smbus.c
> index 685a2378ed..03062740cc 100644
> --- a/hw/i2c/pm_smbus.c
> +++ b/h
Peter Maydell 于2018年12月6日周四 下午7:05写道:
> On Thu, 6 Dec 2018 at 11:00, Li Qiang wrote:
> > Yes, I know that, but as this issue is so good to write a perfect exploit
> > so I want to do more.
> >
> > I know the qemu planing and know this issue doesn't affect anyone.
Peter Maydell 于2018年12月6日周四 下午6:46写道:
> On Thu, 6 Dec 2018 at 10:34, li qiang wrote:
> >
> >
> > 在 2018/12/6 18:16, Peter Maydell 写道:
> > > On Thu, 6 Dec 2018 at 09:10, li qiang wrote:
> > >> Oh... Finally another one find this.
> > >>
在 2018/12/6 18:16, Peter Maydell 写道:
> On Thu, 6 Dec 2018 at 09:10, li qiang wrote:
>> Oh... Finally another one find this.
>>
>> I've already found this. This is very a serious security issue.
> If you find a security issue, we would appreciate it if
> y
FYI:
http://terenceli.github.io/%E6%8A%80%E6%9C%AF/2018/12/06/qemu-escape
在 2018/12/6 17:02, li qiang 写道:
> 在 2018/12/6 16:48, P J P 写道:
>> From: Prasad J Pandit
>>
>> While performing block transfer write in smb_ioport_writeb(),
>> 'smb_index' is increment
story.
Please pay a lot of attention for this issue.
Later I will release the full paper and exploit. It's not harm as this
is introduced in 3.1
and no one use it now.
Thanks,
Li Qiang
ion when the piix3’s PIRQx route control registers is set and by
who?
I mean when this ‘‘piix3->dev.config[PIIX_PIRQC + pin];’’ is set?
Once I think this is set by seabios.
But seems it is not as this function is called in vfio_realize, the guest
dones’t begin.
Thanks,
Li Qiang
?
Thanks,
Li Qiang
Cc: qemu-triv...@nongnu.org
Signed-off-by: Li Qiang
---
util/vfio-helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
index 9cd42e..342d4a2285 100644
--- a/util/vfio-helpers.c
+++ b/util/vfio-helpers.c
@@ -348,7 +348,7
-Type to continue, or q to quit---
at qdev-monitor.c:822
16 0x55a01e2a in hmp_device_add (mon=0x568b8000,
qdict=0x56a15000) at hmp.c:2067
Signed-off-by: Li Qiang
---
hw/scsi/esp-pci.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/hw/scsi/esp-pci.c b/hw/scsi/
Markus Armbruster 于2018年11月27日周二 下午8:38写道:
> Darren Kenny writes:
>
> > Hi Li Qiang,
> >
> > This is only a suggestion, I'm sure someone else might also correct
> > me, but I'm not sure the subject above really describes what is
> > happening in t
According to qdev-properties.h, properties of pointer type should
be avoided. Turn "ps2_mouse" into a link.
Reviewed-by: Markus Armbruster
Reviewed-by: Darren Kenny
Signed-off-by: Li Qiang
---
Change since v2: detailed commit message
Change since v1: use erro
TYPE_VMMOUSE is defined in vmmouse.c currently, move it
to pc.h in order to use it in pc.c.
Reviewed-by: Darren Kenny
Reviewed-by: Markus Armbruster
Signed-off-by: Li Qiang
---
hw/i386/pc.c | 6 +++---
hw/i386/vmmouse.c| 1 -
include/hw/i386/pc.h | 3 +++
3 files changed, 6
it message
Change since v1: fix some issues per Markus' review
Li Qiang (2):
hw: pc: use TYPE_XXX instead of constant strings
hw: vmmouse: Use link instead of pointer property
hw/i386/pc.c | 9 +
hw/i386/vmmouse.c| 18 +++---
include/hw/i386/pc.h | 3 +++
e of all networking codes and reduce the limit to
> NET_BUFSIZE to be more conservative.
>
> Cc: qemu-sta...@nongnu.org
> Cc: Li Qiang
> Reported-by: Li Qiang
> Signed-off-by: Jason Wang
>
Looks ok to me.
Reviewed-by: Li Qiang
> ---
> net/net.c | 13 +++--
> 1
Markus Armbruster 于2018年11月27日周二 下午2:59写道:
> Li Qiang writes:
>
> > Signed-off-by: Li Qiang
> > ---
> > hw/i386/pc.c | 9 +++--
> > hw/sparc64/sun4u.c | 2 +-
> > include/hw/i386/pc.h | 7 +++
> > 3 files changed, 11 insertions(+), 7
Use link property instead.
Signed-off-by: Li Qiang
---
Change since v1: use error_abort in object_property_set_link()
hw/i386/pc.c | 3 ++-
hw/i386/vmmouse.c | 17 +++--
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index
TYPE_VMMOUSE is defined in vmmouse.c currently, move it
to pc.h in order to use it in pc.c.
Signed-off-by: Li Qiang
---
Change since v1: remove the unnecessary change
hw/i386/pc.c | 6 +++---
hw/i386/vmmouse.c| 1 -
include/hw/i386/pc.h | 3 +++
3 files changed, 6 insertions(+), 4
issues per Markus' review
Li Qiang (2):
hw: pc: use TYPE_XXX instead of constant strings
hw: vmmouse: drop DEFINE_PROP_PTR()
hw/i386/pc.c | 9 +
hw/i386/vmmouse.c| 18 +++---
include/hw/i386/pc.h | 3 +++
3 files changed, 19 insertions(+), 11 deletions(-)
--
2.11.0
Cc: qemu-triv...@nongnu.org
Signed-off-by: Li Qiang
---
target/i386/hax-all.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index 502ce6f0af..b978a9b821 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -205,7
Cc: qemu-triv...@nongnu.org
Signed-off-by: Li Qiang
---
target/i386/hax-all.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index 502ce6f0af..70213ebcf5 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -205,7
Hello Paolo, Philippe
Seems this patch has been lost...
I think Philippe can merge it for 4.0, right?
Also pls notice the following fw_cfg patchset.
-->https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04097.html
Thanks,
Li Qiang
Li Qiang 于2018年11月1日周四 下午2:02写道:
> read_spla
e guest
write this when QEMU is in 'ehci_state_fetchqtd'?
Thanks,
Li Qiang
> Typical effect is that qemu doesn't notice that the guest appends new
> qtds to the end of the queue. Looks like the usb device stopped
> responding. Linux can recover from that, but leaves a message in th
Cc: qemu-triv...@nongnu.org
Signed-off-by: Li Qiang
---
target/i386/hax-all.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index 502ce6f0af..464744a406 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -205,7
And also the g_malloc doesn't need check return value,
remove it.
Cc: qemu-triv...@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Markus Armbruster
Signed-off-by: Li Qiang
---
target/i386/hax-all.c | 15 +++
1 file changed, 3 insertions(+), 12 deletions(-)
Peter Maydell 于2018年11月22日周四 下午6:38写道:
> On 22 November 2018 at 10:35, Philippe Mathieu-Daudé
> wrote:
> > Hi Li,
> >
> > On 22/11/18 11:00, Li Qiang wrote:
> >> The third argument of object_property_set_link() is the name of
> >> property, not related
The third argument of object_property_set_link() is the name of
property, not related with the QOM type name, using the constant
string instead.
Signed-off-by: Li Qiang
---
hw/arm/musicpal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/arm/musicpal.c b/hw/arm
According https://wiki.qemu.org/Contribute/BiteSizedTasks
the 'DEFINE_PROP_PTR' should be replaced by QOM link property.
The first patch replace constant strings with TYPE_ and move some
definition to pc.h header file so that the second patch can work.
Li Qiang (2):
hw: pc: us
Use link property instead.
Signed-off-by: Li Qiang
---
hw/i386/pc.c | 2 +-
hw/i386/vmmouse.c | 17 +++--
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5d3fd86b83..9b343b4fd1 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
Signed-off-by: Li Qiang
---
hw/i386/pc.c | 9 +++--
hw/sparc64/sun4u.c | 2 +-
include/hw/i386/pc.h | 7 +++
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index f095725dba..5d3fd86b83 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
Marc-André Lureau 于2018年11月21日周三 下午7:28写道:
> Hi
>
> On Wed, Nov 21, 2018 at 3:22 PM Li Qiang wrote:
> >
> > The fcntl will change the flags directly, use qemu_set_nonblock()
> > instead.
>
> qemu_set_nonblock() will preserve the existing flags. And on windows,
The fcntl will change the flags directly, use qemu_set_nonblock()
instead.
Signed-off-by: Li Qiang
---
net/tap.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/tap.c b/net/tap.c
index cc8525f154..e8aadd8d4b 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -592,7
ash-time=T" for any T,
we need use qemu_opt_get() to check if splash time exists.
This patch also make the qemu exit when finding or loading
splash file failed.
Signed-off-by: Li Qiang
Reviewed-by: Markus Armbruster
---
v1->v2: drop error_report when read_splashfile
checks for conversion errors properly, and reject all values
outside 0...0x.
Signed-off-by: Li Qiang
Reviewed-by: Markus Armbruster
---
v1->v2: commit typo fix
hw/nvram/fw_cfg.c | 27 +--
vl.c | 2 +-
2 files changed, 14 insertions(+), 15 deletions(-)
qemu_extra_params_fw[] has external linkage, but is used
only in fw_cfg_bootsplash(), it makes sense to make it
locally.
Signed-off-by: Li Qiang
Reviewed-by: Markus Armbruster
---
hw/nvram/fw_cfg.c | 1 +
include/sysemu/sysemu.h | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff
And also do some code cleanup.
A lot of thanks to Markus's review and advice.
v2: fix some small issue per Markus's review.
Li Qiang (3):
fw_cfg: fix -boot bootsplash error checking
fw_cfg: fix -boot reboot-timeout error checking
fw_cfg: make qemu_extra_params_fw locally
Ping...
It makes sense as when we use 'memory_region_read_accessor' we check
mr->ops->read.
but when we use 'memory_region_read_with_attrs_accessor', we doesn't check
this.
Thanks,
Li Qiang
Li Qiang 于2018年11月13日周二 上午9:42写道:
> This can avoid the NULL-deref if
qemu_extra_params_fw[] has external linkage, but is used
only in fw_cfg_bootsplash(), it makes sense to make it
locally.
Suggested-by: Markus Armbruster
Signed-off-by: Li Qiang
---
hw/nvram/fw_cfg.c | 1 +
include/sysemu/sysemu.h | 1 -
2 files changed, 1 insertion(+), 1 deletion
checks for conversion errors properly, and reject all valus
outside 0...0x.
Signed-off-by: Li Qiang
---
hw/nvram/fw_cfg.c | 27 +--
vl.c | 2 +-
2 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index
And also do some code cleanup.
A lot of thanks to Markus's review and advice.
Li Qiang (3):
fw_cfg: fix -boot bootsplash error checking
fw_cfg: fix -boot reboot-timeout error checking
fw_cfg: make qemu_extra_params_fw locally
hw/nvram/fw_cfg.c
ash-time=T" for any T,
we need use qemu_opt_get() to check if splash time exists.
This patch also make the qemu exit when finding or loading
splash file failed.
Signed-off-by: Li Qiang
---
hw/nvram/fw_cfg.c | 40
vl.c | 2 +-
2 files
Markus Armbruster 于2018年11月19日周一 下午3:01写道:
> ÀîÇ¿ writes:
>
> > At 2018-11-17 00:52:58, "Markus Armbruster" wrote:
> >>Li Qiang writes:
> >>
> >>> Currently the user can set a negative reboot_timeout.
> >>> Also it is wrong to p
Gerd Hoffmann 于2018年11月16日周五 下午6:43写道:
> Signed-off-by: Gerd Hoffmann
>
Reviewed-by: Li Qiang
> ---
> ui/keymaps.c | 7 +++
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/ui/keymaps.c b/ui/keymaps.c
> index 085889b555..6e44f738ed 100644
>
r on.
>
> Cc: Keith Busch
> Cc: qemu-bl...@nongnu.org
> Cc: Li Qiang
> Signed-off-by: Paolo Bonzini
---
> hw/block/nvme.c| 2 +-
> tests/Makefile.include | 2 +-
> tests/nvme-test.c | 58 +++---
> 3 files changed, 57 insert
Markus Armbruster 于2018年11月15日周四 下午9:29写道:
> Li Qiang writes:
>
> > When the parse_keyboard_layout() find a "include " line
> > in the keyboard layout file, it will call parse_keyboard_layout()
> > to perform a recursive parse. If the keyboard layout is malf
Ping
Li Qiang 于2018年11月1日周四 下午1:59写道:
> parse_fw_cfg() reports "can't load" without further details. Get
> the details from g_file_get_contents(), and include them in the
> error message.
>
> Signed-off-by: Li Qiang
> ---
> vl.c | 6 --
> 1 fil
Gerd Hoffmann 于2018年11月15日周四 下午6:15写道:
> On Thu, Nov 15, 2018 at 01:04:23AM -0800, Li Qiang wrote:
> > When the parse_keyboard_layout() find a "include " line
> > in the keyboard layout file, it will call parse_keyboard_layout()
> > to perform a recursive p
Cc: qemu-triv...@nongnu.org
Signed-off-by: Li Qiang
---
vl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/vl.c b/vl.c
index fa25d1ae2d..ae63018a1d 100644
--- a/vl.c
+++ b/vl.c
@@ -1522,9 +1522,6 @@ static int machine_help_func(QemuOpts *opts, MachineState
*machine)
return 1
atch avoid this.
Signed-off-by: Li Qiang
---
ui/keymaps.c | 17 -
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/ui/keymaps.c b/ui/keymaps.c
index 085889b555..564893a9f3 100644
--- a/ui/keymaps.c
+++ b/ui/keymaps.c
@@ -38,6 +38,8 @@ struct kbd_layout_t {
GHashT
And also the g_malloc doesn't need check return value,
remove it.
Cc: qemu-triv...@nongnu.org
Signed-off-by: Li Qiang
---
target/i386/hax-all.c | 15 +++
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index d2e51
Paolo Bonzini 于2018年11月14日周三 下午11:44写道:
> On 14/11/2018 02:38, Li Qiang wrote:
> >
> >
> > Paolo Bonzini mailto:pbonz...@redhat.com>> 于2018
> > 年11月14日周三 上午2:27写道:
> >
> > On 13/11/2018 11:17, Kevin Wolf wrote:
> > > Am 13.11.2
Paolo Bonzini 于2018年11月14日周三 上午2:27写道:
> On 13/11/2018 11:17, Kevin Wolf wrote:
> > Am 13.11.2018 um 02:45 hat Li Qiang geschrieben:
> >> Ping what't the status of this patch.
> >>
> >> I see Kevin's new pr doesn't contain this patch.
&g
Kevin Wolf 于2018年11月13日周二 下午6:17写道:
> Am 13.11.2018 um 02:45 hat Li Qiang geschrieben:
> > Ping what't the status of this patch.
> >
> > I see Kevin's new pr doesn't contain this patch.
>
> Oh, I thought you said that you wanted to fix this at a hi
Peter Maydell 于2018年11月13日周二 下午5:49写道:
> On 13 November 2018 at 01:42, Li Qiang wrote:
> > This can avoid the NULL-deref if the rm doesn't has a
> > read/write nor write/read_with_attrs callback.
> >
> > Signed-off-by: Li Qiang
> > ---
> >
Ping what't the status of this patch.
I see Kevin's new pr doesn't contain this patch.
Thanks,
Li Qiang
Li Qiang 于2018年11月2日周五 上午9:22写道:
> Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> This can lead an oob access issue. This is triggerable in
This can avoid the NULL-deref if the rm doesn't has a
read/write nor write/read_with_attrs callback.
Signed-off-by: Li Qiang
---
memory.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/memory.c b/memory.c
index d14c6dec1d..3baf5857b9 100644
--- a/memory.c
) to parse 'splash-time'
2. exit when the splash-time is invalid or loading the splash file failed
3. simplify code
Signed-off-by: Li Qiang
---
hw/nvram/fw_cfg.c | 40
vl.c | 2 +-
2 files changed, 17 insertions(+), 25 deletions(-)
d
_timeout
3. simlify code
Signed-off-by: Li Qiang
---
hw/nvram/fw_cfg.c | 23 +++
vl.c | 2 +-
2 files changed, 12 insertions(+), 13 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 78f43dad93..6aca80846a 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvra
n set a negative
reboot_timeout.
Li Qiang (2):
hw: fw_cfg: refactor fw_cfg_bootsplash()
hw: fw_cfg: refactor fw_cfg_reboot()
hw/nvram/fw_cfg.c | 63 ---
vl.c | 4 +--
2 files changed, 29 insertions(+), 38 deletions(-)
--
2.17.1
In set_netdev(), the peers[i] is initialized
qemu_find_net_clients_except() when i is in
0 between 'queues' it can't be NULL.
Signed-off-by: Li Qiang
---
hw/core/qdev-properties-system.c | 4
1 file changed, 4 deletions(-)
diff --git a/hw/core/qdev-properties-system.c
Though there is no inconsistency between 'queues'
and 'peers[i]' currently, this makes the 'peers[i] == NULL'
meaningful.
Signed-off-by: Li Qiang
---
hw/core/qdev-properties-system.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/core/qdev
在 2018/11/6 20:28, Paolo Bonzini 写道:
> On 06/11/2018 13:27, li qiang wrote:
>> The addr is 0~0x1fff, but when addr is at the near the end ,for example
>> 0x1fffe, the add>>2 can be 2047
>>
>> and as script_ram is a uint32_t and so s->script_ram[addr >> 2
ript_ram[addr >> 2];
(gdb) p addr
$14 = 8188
(gdb) p addr >>2
$15 = 2047
(gdb) n
2051 mask = ((uint64_t)1 << (size * 8)) - 1;
(gdb) p /x val
$16 = 0x0
(gdb) n
2052 val >>= (addr & 3) * 8;
(gdb) n
2053 return val & mask;
(gdb) p /x mask
$17 = 0x
(gdb) p /s size
$18 = 4
But as you point Prasad's patch does nothing.
Hello Prasad,
I think you should check the addr with size to ensure the access
doesn't exceed script_ram.
Thanks,
Li Qiang
> It would probably be helpful (for readers and static analysers)
> to assert() that addr is < 0x2000, though.
>
> thanks
> -- PMM
>
Ping...
I think this is a serious issue, can go 3.1
Thanks,
Li Qiang
Li Qiang 于2018年10月29日周一 下午2:29写道:
> Currently, when hotplug/unhotplug nvme device, it will cause an
> assert in object.c. Following is the backtrack:
>
> ERROR:qom/object.c:981:object_unref: assertion failed: (
Kevin Wolf 于2018年11月2日周五 下午11:42写道:
> Am 02.11.2018 um 16:22 hat Li Qiang geschrieben:
> > Hello Kevin,
> >
> > Kevin Wolf 于2018年11月2日周五 下午6:54写道:
> >
> > > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > > > Currently, the nvme_cmb_ops mr d
Keith Busch 于2018年11月2日周五 下午11:42写道:
> On Thu, Nov 01, 2018 at 06:22:43PM -0700, Li Qiang wrote:
> > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > This can lead an oob access issue. This is triggerable in the guest.
> > Add check to avoid this iss
Use VIRTIO_PCI MACRO instead.
Signed-off-by: Li Qiang
---
hw/virtio/virtio-pci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index a954799267..277dc20c81 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
Hello Kevin,
Kevin Wolf 于2018年11月2日周五 下午6:54写道:
> Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > This can lead an oob access issue. This is triggerable in the guest.
> > Add check to avoid thi
When trigger a 'query-cpus' qmp, the pc is an signed value like
following:
{"arch": "x86", ... "pc": -1732653994, "halted": true,...}
It is strange. Change it to uint64_t.
Signed-off-by: Li Qiang
---
qapi/misc.json | 12 ++--
1 file ch
Currently, the nvme_cmb_ops mr doesn't check the addr and size.
This can lead an oob access issue. This is triggerable in the guest.
Add check to avoid this issue.
Fixes CVE-2018-16847.
Reported-by: Li Qiang
Reviewed-by: Paolo Bonzini
Signed-off-by: Li Qiang
---
hw/block/nvme.
Hello all
This is cause because the fixed patch here:
-->https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg7.html
is not merged ATM.
Thanks,
Li Qiang
于2018年11月1日周四 下午5:51写道:
> Hi,
>
> This series failed docker-quick@centos7 build test. Please find the
> testi
Hello all,
I have sent out another patch.
As the email's subject and commit message changed,
I'm not sure is it suitable to add Philippe and Laszlo's R-b tag.
Thanks,
Li Qiang
Markus Armbruster 于2018年10月31日周三 下午11:36写道:
> Philippe Mathieu-Daudé writes:
>
> > On 24
Thanks Eric and Markus's review,
I have sent out another patch.
I'm not sure what's the effect when the etc/reboot-timeout and
etc/splash-time is 0
in seabios, so CC'd Gerd. Maybe it can be more simplicity.
Thanks,
Li Qiang
Eric Blake 于2018年10月31日周三 下午11:55写道:
> On 1
501 - 600 of 833 matches
Mail list logo