summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
| * lsi: move dma_len+dma_buf into lsi_requestGerd Hoffmann2010-04-181-22/+23
| | | | | | | | | | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit b96a0da06bd782ef290445479a6d4d0de00c2c23)
| * lsi: move current_dev into lsi_requestGerd Hoffmann2010-04-181-11/+12
| | | | | | | | | | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit daa70311e0f7b37cd0ea3c4de0d163ccf1a36abe)
| * lsi: have lsi_request for the whole life time of the request.Gerd Hoffmann2010-04-181-21/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | Right now lsi_request is allocated when a request is queued and released when a request is unqueued. With this patch applied the lsi_request is kept for the whole lifetime of the scsi request. Rationale: We can use it for per-request data then. The patch does that already for the request tag. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit af12ac9880eacdd79d49a11d5672df7170afb38f)
| * lsi: use QTAILQ for lsi_queueGerd Hoffmann2010-04-181-40/+28
| | | | | | | | | | | | | | | | | | Replace the funky array logic for queued commands with standard qemu list functions. Also rename lsi_queue to lsi_request. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit 042ec49dc52e54153942a089a46ae584152998fb)
| * tcp/mips: Change TCG_AREG0 (fp -> s0)Stefan Weil2010-04-143-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Register fp (frame pointer) is a bad choice for compilations without optimisation, because the compiler makes heavy use of this register (so the resulting code crashes). Register s0 had been used for TCG_AREG1 in earlier releases, but was no longer used and is now free for TCG_AREG0. The resulting code works for compilations without optimisation (tested with qemu mips in qemu mips on x86 host). Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
| * sh_pci: fix memory and I/O accessAurelien Jarno2010-04-143-96/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit 8da3ff180974732fc4272cb4433fef85c1822961 ("MMIO callback interface changes"), the addresses passed to the I/O functions are an offset to the start of the area. As a consequence, there is no need to correct the address using the value of IOBR. This make possible the use of the default MMIO functions. Moreover the addresses are now remaped when the value if IOBR change. The memory area corresponds to the devices behing the PCI bus, it should not be mapped by the PCI controller. Remove the corresponding code. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry-picked from commit 5ba9e9522cf572715ca1966b292f64fb78342e22)
| * Fix incoming migration with iothreadMarcelo Tosatti2010-04-141-0/+2
| | | | | | | | | | | | | | | | | | Do not allow the vcpus to execute if the vm is stopped. Fixes -incoming with CONFIG_IOTHREAD enabled. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> (cherry picked from commit c5f32c99c6855d466737daf1cd262e7e92062f87)
| * Fix SIGFPE for vnc display of width/height = 1Chris Webb2010-04-111-2/+4
| | | | | | | | | | | | | | | | | | | | | | During boot, the screen gets resized to height 1 and a mouse click at this point will cause a division by zero when calculating the absolute pointer position from the pixel (x, y). Return a click in the middle of the screen instead in this case. Signed-off-by: Chris Webb <chris@arachsys.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit cc39a92cbfc80c70d2b83708a4c9b309c3126ac3)
| * net: remove broken net_set_boot_mask() boot device validationEduardo Habkost2010-04-113-25/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are many problems with net_set_boot_mask(): 1) It is broken when using the device model instead of "-net nic". Example: $ qemu-system-x86_64 -device rtl8139,vlan=0,id=net0,mac=52:54:00:82:41:fd,bus=pci.0,addr=0x4 -net user,vlan=0,name=hostnet0 -vnc 0.0.0.0:0 -boot n Cannot boot from non-existent NIC $ 2) The mask was previously used to set which boot ROMs were supposed to be loaded, but this was changed long time ago. Now all ROM images are loaded, and SeaBIOS takes care of jumping to the right boot entry point depending on the boot settings. 3) Interpretation and validation of the boot parameter letters is done on the machine type code. Examples: PC accepts only a,b,c,d,n as valid boot device letters. mac99 accepts only a,b,c,d,e,f. As a side-effect of this change, qemu-kvm won't abort anymore if using "-boot n" on a machine with no network devices. Checking if the requested boot device is valid is now a task for the BIOS or the machine-type code. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry-picked from da1fcfda59a6bcbdf58d49243fbced455f2bf78a)
| * qcow2: Remove request from in-flight list after errorKevin Wolf2010-04-102-1/+6
| | | | | | | | | | | | | | | | | | | | | | If we complete a request with a failure we need to remove it from the list of requests that are in flight. If we don't do it, the next time the same AIOCB is used for a cluster allocation it will create a loop in the list and qemu will hang in an endless loop. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit c644db3d53c90ef569ff5a90e9f821b88e7123bb)
| * qcow2: Don't ignore immediate read/write failuresKevin Wolf2010-04-101-2/+6
| | | | | | | | | | | | | | | | Returning -EIO is far from optimal, but at least it's an error code. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 171e3d6b9997c98a97d0c525867f7cd9b640cadd)
| * block: Fix multiwrite memory leak in error caseKevin Wolf2010-04-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | Previously multiwrite_user_cb was never called if a request in the multiwrite batch failed right away because it did set mcb->error immediately. Make it look more like a normal callback to fix this. Reported-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 7eb58a6c556c3880e6712cbf6d24d681261c5095)
| * block: Fix error code in multiwrite for immediate failuresKevin Wolf2010-04-101-2/+2
| | | | | | | | | | | | Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 0f0b604b00851f2c7160b4195136c1fd27418088)
| * block: Fix multiwrite error handlingKevin Wolf2010-04-101-1/+1
| | | | | | | | | | | | | | | | | | | | When two requests of the same multiwrite batch fail, the callback of all requests in that batch were called twice. This could have any kind of nasty effects, in my case it lead to use after free and eventually a segfault. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit cb6d3ca07b8f62b47ef30c6a92caa3e8bd71248b)
| * scsi-disk: fix buffer overflowGerd Hoffmann2010-04-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | In case s->version is shorter than 4 bytes we overflow the memcpy src buffer. Fix it by clearing the target buffer, then copy only the amount of bytes we actually have. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from 314b1811c15f4e982e4667d9b845aee4b5a63d91) Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * qcow2: Rewrite alloc_refcount_block/grow_refcount_tableKevin Wolf2010-04-091-88/+222
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation of alloc_refcount_block and grow_refcount_table has fundamental problems regarding error handling. There are some places where an I/O error means that the image is going to be corrupted. I have found that the only way to fix this is to completely rewrite the thing. In detail, the problem is that the refcount blocks itself are allocated using alloc_refcount_noref (to avoid endless recursion when updating the refcount of the new refcount block, which migh access just the same refcount block but its allocation is not yet completed...). Only at the end of the refcount allocation the refcount of the refcount block is increased. If an error happens in between, the refcount block is in use, but has a refcount of zero and will likely be overwritten later. The new approach is explained in comments in the code. The trick is basically to let new refcount blocks describe their own refcount, so their refcount will be automatically changed when they are hooked up in the refcount table. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit 92dcb59fd4e1491afa0756ee9c2594869b487d23)
| * qcow2: Factor next_refcount_table_size outKevin Wolf2010-04-091-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | When the refcount table grows, it doesn't only grow by one entry but reserves some space for future refcount blocks. The algorithm to calculate the number of entries stays the same with the fixes, so factor it out before replacing the rest. As Juan suggested take the opportunity to simplify the code a bit. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit 05121aedc41f87e44e41e9cef55f2e49ce7ba94e)
| * block: avoid creating too large iovecs in multiwrite_mergeChristoph Hellwig2010-04-092-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we go over the maximum number of iovecs support by syscall we get back EINVAL from the kernel which translate to I/O errors for the guest. Add a MAX_IOV defintion for platforms that don't have it. For now we use the same 1024 define that's used on Linux and various other platforms, but until the windows block backend implements some kind of vectored I/O it doesn't matter. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit e2a305fb13ff0f5cf6ff805555aaa90a5ed5954c) Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * json-parser: Fix segfault on malformed inputKevin Wolf2010-04-091-1/+1
| | | | | | | | | | | | | | | | | | | | If the parser fails to parse the key in parse_pair, it will access a NULL pointer. A simple way to trigger this is sending {foo} via QMP. This patch turns the segfault into a syntax error reply. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit d758d90fe1f74a46042fca665036a23b4d5fe87d)
| * linux-user: switch default ppc64 CPU to 970fx from 970Aurelien Jarno2010-04-091-1/+1
| | | | | | | | | | Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit f7177937a2c0db4c3bb42e3adfde937e9c0734a1)
| * target-sh4: MMU: fix store queue addressesAurelien Jarno2010-04-091-1/+1
| | | | | | | | | | | | | | The store queues are located from 0xe0000000 to 0xe3ffffff. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit b1563142123593581895049568c5526b1e91da7b)
| * target-sh4: MMU: fix ITLB priviledge checkAurelien Jarno2010-04-091-1/+1
| | | | | | | | | | | | | | | | There is an ITLB access violation if SR_MD=0 (user mode) while the high bit of the protection key is 0 (priviledge mode). Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit bc13ad29e6b7484ccd5e7ee0f5d0f966585eb4c9)
| * target-sh4: MMU: fix mem_idx computationAurelien Jarno2010-04-091-1/+1
| | | | | | | | | | | | | | | | | | The mem_idx is wrongly computed. As written in target-sh4/cpu.h, mode 0 corresponds to kernel mode (SR_MD = 1), while mode 1 corresponds to user mode (SR_MD = 0). Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 33b8f5546cc16eaa3d89fe133a9843c794b65d6c)
| * sh7750: handle MMUCR TI bitAurelien Jarno2010-04-093-2/+25
| | | | | | | | | | | | | | | | When the MMUCR TI bit is set, all the UTLB and ITLB entries should be flushed. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit e781d1285fc3b81d689ba25360c6c272116387fa)
| * UHCI spurious interrut fixPaul Brook2010-04-061-3/+4
| | | | | | | | | | | | Only raise an interrupt if the TD has actually completed. Signed-off-by: Paul Brook <paul@codesourcery.com>
| * tcg/mips: fix branch offset during retranslationAurelien Jarno2010-03-291-19/+30
| | | | | | | | | | | | | | | | Branch offsets should only be overwritten during relocation, to support partial retranslation. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 6d8ff4d85ce2f3fc8a18dc8f077f73a4bd19a89a)
| * tcg/arm: correctly save/restore registers in prologue/epilogueAurelien Jarno2010-03-191-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit 6113d6d3169393c323ac4c82d756a850145a5e7a QEMU crashes on ARM hosts. This is not a bug of this commit, but a latent bug revealed by this commit. The TCG code is called through a procedure call using the prologue and epilogue code. This code does not save and restore enough registers. The "Procedure Call Standard for the ARM Architecture" says: A subroutine must preserve the contents of the registers r4-r8, r10,  r11 and SP (and r9 in PCS variants that designate r9 as v6). The current code only saves and restores r9 to r11, and misses r4 to r8. The patch fixes that by saving r4 to r12. Theoretically there is no need to save and restore r12, but an even number of registers have to be saved as per EABI. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 4e17eae9f2ee49833698aae2753c5bb041510870)
| * workaround for cmd646 bmdma register access while no dma is activeIgor V. Kovalenko2010-03-193-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a workaround only, and is a partial revert of a few changes to BMDMAState which removed pci_dev field on the way. - cmd646 pci_from_bm() expects bm->unit value to correspond with bm data being passed to callback as opaque pointer. This breaks when write to dma control register of second channel happens when no dma operation is in progress, so bm->unit is zero for second channel, and pci_from_bm() returns garbage pointer. Crash happens shortly after that while dereferencing that pointer. v0->v1: cleaned up dead code from pci_from_bm. Signed-off-by: Igor V. Kovalenko <igor.v.kovalenko@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com> (cherry picked from commit 90228ee395b71cdd64e6bc844e3d553eb9ef643f)
| * Fix corner case in chardev udp: parameterJan Kiszka2010-03-161-1/+1
| | | | | | | | | | | | | | | | The missing '@' broke 'udp::<port>@:<port>' parsing. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 39324ca488ac8f7124b3698d28bf46b90d9acd84)
| * Don't set default monitor when there is a mux'ed oneJan Kiszka2010-03-161-0/+9
| | | | | | | | | | | | | | | | This fixes eg. "-nographic -serial mon:stdio [-serial ...]". Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 18141ed67f5ee8c7e8e3f8bffdb24d7b8cdbc270)
| * spelling typo (compatibilty) in hw/fw_cfg.cVagrant Cascadian2010-03-141-1/+1
| | | | | | | | | | | | | | | | here's a trivial patch to fix the spelling of "compatibility": Signed-off-by: Vagrant Cascadian <vagrant@freegeek.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com> (cherry picked from commit 66c80e75752e87a9479577fda1446a7623884f01)
| * fdc: fix drive property handling.Gerd Hoffmann2010-03-131-5/+15
| | | | | | | | | | | | | | | | | | | | Fix the floppy controller init wrappers to set the drive properties only in case the DriveInfo pointers passed in are non NULL. This allows to set the properties using -global. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 995bf0ca57e52f4991d7f90c7eb2bbf7bc3f3c44)
| * target-i386: fix commit c22549204a6edc431e8e4358e61bd56386ff6957TeLeMan2010-03-131-0/+5
| | | | | | | | | | | | | | | | | | The commit c22549204a6edc431e8e4358e61bd56386ff6957 led movntps & movntdq to be translated incorrectly. Signed-off-by: TeLeMan <geleman@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 2e21e7491ff2af3628a97d4652e7adcc6961c2e9)
| * target-i386: fix SIB decoding with index = 4Aurelien Jarno2010-03-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A SIB byte with an index of 4 means "no scaled index", even if the scale value is not 0. In 64-bit mode, if REX.X is used, an index of 4 selects %r12. This is correctly handled by the computation of the index variable, which includes the index bits, and also the REX.X prefix: index = ((code >> 3) & 7) | REX_X(s); Thanks to Avi Kivity, Jamie Lokier and Malc for the analysis of the problem and the initial patch. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit b16f827bdf7444b8cd338b9ecb654b4752f47225)
| * Fix segfault with ram_size > 4095M without kvmRyan Harper2010-03-061-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently, x86_64-softmmu qemu segfaults when trying to use > 4095M memsize. This patch adds a simple check and error message (much like the 2047 limit on 32-bit hosts) on ram_size in the control path after we determine we're not using kvm Upstream qemu-kvm is affected if using the -no-kvm option; this patch address the segfault there as well. Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
| * target-i386: Fix long jumps/calls in long mode with REX.W setmalc2010-03-061-3/+1
| | | | | | | | | | | | Signed-off-by: malc <av1474@comtv.ru> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 41b1e61f51b05fd6ca060f901b822f83e0beb6b6)
| * target-i386: fix lddqu SSE instructionAurelien Jarno2010-03-061-1/+1
| | | | | | | | | | | | | | This instruction load data from memory to register and not the reverse. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit c22549204a6edc431e8e4358e61bd56386ff6957)
| * qemu-char.c: drop debug printfs from qemu_chr_parse_compatJan Kiszka2010-02-281-3/+0
| | | | | | | | | | | | | | Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 5bb599023a6478e86152a2e8bc2b21775261b9da)
| * fix undefined shifts by >32Paolo Bonzini2010-02-271-2/+2
| | | | | | | | | | | | | | | | This one is for 0.12 too. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com> (cherry picked from commit 0dfbd514460045e3af1ed6805ab97ffedbbd1ab2)
| * Fix qemu -net user,hostfwd= exampleAurelien Jarno2010-02-271-1/+1
| | | | | | | | | | Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit aa375206189b7de7c23ad9de66413fb7d4497940)
* | pci passthrough: zap option rom scanning.Gerd Hoffmann2010-03-251-75/+0
| | | | | | | | | | | | | | | | | | | | Nowdays (qemu 0.12) seabios loads option roms from pci rom bars. So there is no need any more to scan for option roms and have qemu load them. Zap the code. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> (cherry picked from commit 51c0dad5ce383be94ca7c46e491ada17cc9ec416)
* | Bail out when VCPU_CREATE failsAlexander Graf2010-03-241-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we fail to create a VCPU we have no way to tell our callers that something failed. So the caller happily uses a completely broken state. This code should become deprecated in the process of converting qemu-kvm to qemu anyways, so let's not care about remdeling it but just bailing out when something breaks. Also give the user a hint on why the VCPU_CREATE might have failed. This fixes a segmentation fault with -smp > VCPU_MAX in the host kernel. Signed-off-by: Alexander Graf <agraf@suse.de> Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Avi Kivity <avi@redhat.com>
* | Merge branch 'stable-0.12-merge' into stable-0.12Marcelo Tosatti2010-02-2553-262/+594
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * stable-0.12-merge: (52 commits) Update version and change for 0.12.3 release qcow2: Fix access after end of array ide save/restore pio/atapi cmd transfer fields and io buffer net: Monitor command set_link finds only VLAN clients, fix net: info network shows only VLAN clients, fix net: net_check_clients() checks only VLAN clients, fix net: Fix bogus "Warning: vlan 0 with no nics" with -device net: net_check_clients() runs too early to see -device, fix net: Remove unused net_client_uninit() don't dereference NULL after failed strdup virtio-net: fix network stall under load json: fix PRId64 on Win32 fix inet_parse typo iothread: fix vcpu stop with smp tcg segfault due to buffer overrun in usb-serial qcow2: Fix signedness bugs Do not ignore error, if open file failed (-serial /dev/tty) pc-bios: update to newer version of (stable) seabios kvm: Fix eflags corruption in kvm mode target-mips: fix ROTR and DROTR by zero ... Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
| * \ Merge commit '6173d56bdcb53389c54e803873e6bf8f87836a4f' into stable-0.12-mergeMarcelo Tosatti2010-02-2532-137/+328
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '6173d56bdcb53389c54e803873e6bf8f87836a4f': (27 commits) Update version and change for 0.12.3 release qcow2: Fix access after end of array ide save/restore pio/atapi cmd transfer fields and io buffer net: Monitor command set_link finds only VLAN clients, fix net: info network shows only VLAN clients, fix net: net_check_clients() checks only VLAN clients, fix net: Fix bogus "Warning: vlan 0 with no nics" with -device net: net_check_clients() runs too early to see -device, fix net: Remove unused net_client_uninit() don't dereference NULL after failed strdup virtio-net: fix network stall under load json: fix PRId64 on Win32 fix inet_parse typo iothread: fix vcpu stop with smp tcg segfault due to buffer overrun in usb-serial qcow2: Fix signedness bugs Do not ignore error, if open file failed (-serial /dev/tty) pc-bios: update to newer version of (stable) seabios kvm: Fix eflags corruption in kvm mode target-mips: fix ROTR and DROTR by zero ... Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> modified: net/slirp.c
| | * Merge remote branch 'qemu-kvm/uq/stable-0.12' into stable-0.12Anthony Liguori2010-02-230-0/+0
| | |\
| | | * kvm: Fix eflags corruption in kvm modeJan Kiszka2010-02-211-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should explain a lot of the weird breakages of upstream KVM we've seen recently (actually we should have seen it much earlier): Stop translating eflags into TCG format when in kvm mode as we never translate it back and rather sync this broken state into the kernel. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | * | Update version and change for 0.12.3 releaseAnthony Liguori2010-02-232-1/+53
| | | | | | | | | | | | | | | | Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| | * | qcow2: Fix access after end of arrayKevin Wolf2010-02-231-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a write requests crosses a L2 table boundary and all clusters until the end of the L2 table are usable for the request, we must not look at the next L2 entry because we already have arrived at the end of the array. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit 4805bb66969622f86376191c94c4748bce91e6be)
| | * | ide save/restore pio/atapi cmd transfer fields and io bufferMarcelo Tosatti2010-02-232-2/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Save/restore information necessary to continue in progress PIO/ATAPI CMD transfers. This includes the IO buffer. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit ed487bb1d69040b9dac64a4fc076d8dd82b131d6)
| | * | net: Monitor command set_link finds only VLAN clients, fixMarkus Armbruster2010-02-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clients not associated with a VLAN exist since commit d80b9fc6. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit 2583ba97ef1de6040b7d0afd2b66737515de5423)