| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
We were previously allowing arbitrarily-long descriptors, which could lead to a
buffer overflow in the qemu-kvm process.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the old spice-vmc device we used to have:
last_out = virtio_serial_write(&svc->port, p, MIN(len, VMC_MAX_HOST_WRITE));
if (last_out > 0)
...
Now in the chardev backend we have:
last_out = MIN(len, VMC_MAX_HOST_WRITE);
qemu_chr_read(scd->chr, p, last_out);
if (last_out > 0) {
...
Which causes us to no longer detect if the virtio port is not ready
to receive data from us. chardev actually has a mechanism to detect this,
but it requires a separate call to qemu_chr_can_read, before calling
qemu_chr_read (which return void).
This patch uses qemu_chr_can_read to fix the flow control from client to
guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
|
| |
Note the vmc_register_interface() in spice_chr_write is left in place
in case someone uses spice-chardev with a frontend which does not have
guest open / close notification.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
| |
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Some frontends know when the guest has opened the "channel" and is actively
listening to it, for example virtio-serial. This patch adds 2 new qemu-chardev
functions which can be used by frontends to signal guest open / close, and
allows interested backends to listen to this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BZ: 672191
upstream: not submitted (explained below)
virtio-serial's buffer is valid when it calls us, and we don't
access it otherwise: vmc_read is only called in response to wakeup,
or else we set datalen=0 and throttle. Then vmc_read is called back,
we return 0 (not accessing the buffer) and set the timer to unthrottle.
Also make datalen int and not ssize_t (to fit spice_chr_write signature).
This relied on the previous patch that introduces throttling, which
can't go upstream right now as explained in that patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BZ: 672191
upstream: not submitted (explained below)
Adds throttling support to spicevmc chardev. Uses a timer to avoid recursing:
1. spice-server: reds.c: read_from_vdi_port
2. qemu: spice-qemu-char.c: vmc_read
3. chr_write_unblocked
(calls virtio_serial_throttle_port(port, false))
4. qemu: virtio ...
5. qemu: spice-qemu-char.c: spice_chr_write
6. qemu: spice-qemu-char.c: wakeup (calls into spice-server)
7. spice-server: ...
8. qemu: spice-qemu-char.c: vmc_read
Instead, in vmc_read if we were throttled and we are just about to return
all the bytes we will set a timer to be triggered immediately to call
chr_write_unblocked. Then we return after 2 above, and 3 is called from the
timer callback. This also means we can later remove some ugly recursion protection
from spice-server.
The other tricky point in this patch is not returning the leftover chunk twice.
When we throttle, by definition we have data that spice server didn't consume.
It is being kept by virtio-serial, and by us. The next vmc_read callback needs
to not return it, but just do unthrottling. Then virtio will give us the remaining
chunk as usual in spice_chr_write, and we will pass it to spice server in the
next vmc_read.
This patch relies on Amit's series to expose throttling to chardev's, which
was not accepted upstream, and will not be accepted upstream until the mainloop
is reworked to use glib.
|
|
|
|
|
|
|
|
|
|
| |
When a chardev indicates it can't accept more data, we tell the
virtio-serial code to stop sending us any more data till we tell
otherwise. This helps in guests continuing to run normally while the vq
keeps getting full and eventually the guest stops queueing more data.
As soon as the chardev indicates it can accept more data, start pushing!
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the host-side connection goes down, throttle the virtio-serial bus
and later unthrottle when a connection gets established. This helps
prevent any lost IO (guest->host) while the host connection was down.
Bugzilla: 621484
This commit actually helps the bug mentioned above as no writes will now
get lost because of the throttling done here. With just the patches
sent earlier for that bug, one write will end up getting lost in the
worst case (host d/c, guest write, host connect).
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the infrastructure is in place to return -EAGAIN to callers,
individual char drivers can set their update_fd_handlers() function to
set or remove an fd's write handler. This handler checks if the driver
became writable.
A generic callback routine is used for unblocking writes and letting
users of chardevs know that a driver became writable again.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The send_all function is modified to return to the caller in case the
driver cannot handle any more data. It returns -EAGAIN or
WSAEWOULDBLOCK on non-Windows and Windows platforms respectively. This
is only done when the caller sets a callback function handler indicating
it's not interested in blocking till the driver has written out all the
data.
Currently there's no driver or caller that supports this. Future
commits will add such capability.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The char layer can let users know that the driver will block on further
input. For users interested in not blocking, they can assign a function
pointer that will be called back when the driver becomes writable. This
patch just adds the function pointers to the CharDriverState structure,
future patches will enable the nonblocking and callback functionality.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
| |
These will be used to provide a cleaner API for the nonblocking case.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
|
| |
Instead of passing each handler in the qemu_add_handlers() function,
create a struct of handlers that can be passed to the function instead.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
| |
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
|
|
|
|
|
|
| |
Switching locking protection of ds->cursor_set/cursor_move to moving
every call to these functions into the iothread and using the ssd->pipe
to transfer that, adding QXL_SERVER_CURSOR_SET, QXL_SERVER_CURSOR_MOVE.
This is tested with both -vnc :0 -spice and -sdl -spice.
|
|
|
|
|
|
|
|
|
|
| |
with the previous patch making sure get_command no longer needs to lock,
there is no reason to drop the qemu iothread mutex in qxl.c and in
ui/spice-display.c
The only location where the lock remains are the cursor related callbacks,
that path is currently broken. It is only triggered if running spice and sdl,
which is broken already before that.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch and the next drop the requirement to lose the global qemu
mutex during dispatcher calls. This patch enables it, the next drops
the unlock/lock pairs around dispatcher calls.
The current solution of dropping the locks is buggy:
* it allows multiple dispatcher calls from two vcpu threads, the
dispatcher doesn't handle that by design (single fd, not locked, can't
handle writes from two threads)
* it requires us to keep track of cpu_single_env, which is magic.
The solution implemented in this patch and the next (the next just
drops the locks, this patch allows that to work):
* the only operation that needed locking was qemu_create_simple_update,
* it required locking because it was called from the spice-server thread.
* do it in the iothread by reusing the existing pipe used for set_irq.
The current flow implemented is now:
spice-server thread:
qxl.c:interface_get_command (called either by polling or from wakeup)
if update!=NULL:
waiting_for_update=0
update=NULL
return update
else:
if not waiting_for_update:
waiting_for_update=1
write to pipe, which is read by iothread (main thread)
iothread:
wakeup from select,
qxl.c:pipe_read
update=qemu_create_simple_update()
wakeup spice-server thread by calling d.worker->wakeup(d.worker)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This moves the int pipe[2] and pthread_t main data from the
PCIQXLDevice struct to the SimpleSpiceDisplay. This will let us
reuse it in the next patch for both -spice with no -qxl usage and
for vga mode from qxl.
Also move the pipe creation function (which is effectively completely rewritten
by this patch anyways) from hw/qxl.c to ui/spice-display.c, since
spice-display will depend on it after the next patch and qemu can be build
with ui/spice-display.c in combination with no hw/qxl.c.
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes qemu ignore unplug requests from the guest for pci
devices which are tagged as non-hotpluggable. Trouble spot is the
piix4 chipset with the ISA bridge. Requests to unplug that one will
make it go away together with all ISA bus devices, which are not
prepared to be unplugged and thus don't cleanup, leaving active
qemu timers behind in free'ed memory.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'v0.14.1':
Version 0.14.1
virtio-blk: fail unaligned requests
qed: Fix consistency check on 32-bit hosts
exit if -drive specified is invalid instead of ignoring the "wrong" -drive
vhost: fix dirty page handling
Do not delete BlockDriverState when deleting the drive
vnc: tight: Fix crash after 2GB of output
lan9118: Ignore write to MAC_VLAN1 register
Don't allow multiwrites against a block device without underlying medium
Signed-off-by: Avi Kivity <avi@redhat.com>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Like all block drivers virtio-blk should not allow small than block size
granularity access. But given that the protocol specifies a
byte unit length field we currently accept such requests, which cause
qemu to abort() in lower layers. Add checks to the main read and
write handlers to catch them early.
Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com>
Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The qed_bytes_to_clusters() function is normally used with size_t
lengths. Consistency check used it with file size length and therefore
failed on 32-bit hosts when the image file is 4 GB or more.
Make qed_bytes_to_clusters() explicitly 64-bit and update consistency
check to keep 64-bit cluster counts.
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the problem when qemu continues even if -drive specification
is somehow invalid, resulting in a mess. Applicable for both current
master and for stable-0.14 (and the same issue exist 0.13 and 0.12 too).
The prob can actually be seriuos: when you start guest with two drives
and make an error in the specification of one of them, and the guest
has something like a raid array on the two drives, guest may start failing
that array or kick "missing" drives which may result in a mess - this is
what actually happened to me, I did't want a resync at all, and a resync
resulted in re-writing (and allocating) a 4TB virtual drive I used for
testing, which in turn resulted in my filesystem filling up and whole
thing failing badly. Yes it was just testing VM, I experimented with
larger raid arrays, but the end result was quite, well, unexpected.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
vhost was passing a physical address to cpu_physical_memory_set_dirty,
which is wrong: we need to translate to ram address first.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Note: this lead to crashes during migration, so the patch
is needed on the stable branch too.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When removing a drive from the host-side via drive_del we currently have
the following path:
drive_del
qemu_aio_flush()
bdrv_close() // zaps bs->drv, which makes any subsequent I/O get
// dropped. Works as designed
drive_uninit()
bdrv_delete() // frees the bs. Since the device is still connected to
// bs, any subsequent I/O is a use-after-free.
The value of bs->drv becomes unpredictable on free. As long as it
remains null, I/O still gets dropped, however it could become non-null
at any point after the free resulting SEGVs or other QEMU state
corruption.
To resolve this issue as simply as possible, we can chose to not
actually delete the BlockDriverState pointer. Since bdrv_close()
handles setting the drv pointer to NULL, we just need to remove the
BlockDriverState from the QLIST that is used to enumerate the block
devices. This is currently handled within bdrv_delete, so move this
into its own function, bdrv_make_anon().
The result is that we can now invoke drive_del, this closes the file
descriptors and sets BlockDriverState->drv to NULL which prevents futher
IO to the device, and since we do not free BlockDriverState, we don't
have to worry about the copy retained in the block devices.
We also don't attempt to remove the qdev property since we are no longer
deleting the BlockDriverState on drives with associated drives. This
also allows for removing Drives with no devices associated either.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
fix 2Gb integer overflow in in VNC tight and zlib encodings
As found by Roland Dreier <roland@purestorage.com> (excellent
catch!), when amount of VNC compressed data produced by zlib
and sent to client exceeds 2Gb, integer overflow occurs because
currently, we calculate amount of data produced at each step by
comparing saved total_out with new total_out, and total_out is
something which grows without bounds. Compare it with previous
avail_out instead of total_out, and leave total_out alone.
The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c,
so fix both cases.
There, there's no actual need to save previous_out value, since
capacity-offset (which is how that value is calculated) stays
the same so it can be recalculated again after call to deflate(),
but whole thing becomes less readable this way.
Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On Mon, 4 Apr 2011 20:15:30 +0200, Aurelien Jarno <aurelien@aurel32.net> wrote:
> Is it really safe ignoring write to this register? If yes, it's probably
> a good idea to explain why in a comment. In any case, if supporting this
> register is easy to do, it would be the best option.
I think it is safe. Please see an updated comment below.
And though implementing this register might be possible, I suppose it
is not worth to supporting FrameTooLong detection, for now at least.
Thank you for comments.
>8---------------------------------------------------------------------
From: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Date: Tue, 5 Apr 2011 23:12:07 +0900
Subject: [PATCH] lan9118: Ignore write to MAC_VLAN1 register
Since linux 2.6.38, smsc911x driver writes to VLAN1 registger.
Since this register only affects FrameTooLong detection, ignoring
write to this register should be safe.
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit a0313c00fcd26530a025ff93edee32959917be8d)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the block device has been closed, we no longer have a medium to submit
IO against, check for this before submitting io. This prevents a segfault
further in the code where we dereference elements of the block driver.
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 1a836445 moved pci.o from a target object to a generic hardware
object, which drops CONFIG_KVM_DEVICE_ASSIGNMENT. This results in
the device assignment kludge to update INTx vectors on interrupt
routing changes never getting called, which means device assignment
level triggered interrupts don't work. This mostly reverts that
commit, but makes pci.o conditional on CONFIG_PCI, which hopefully
addresses the original intent of the change. Fixes:
https://bugs.launchpad.net/qemu/+bug/730441
Reported-by: Yongjie Ren <yongjie.ren@intel.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit 2124d7b42c2f0d88460d12fd33123fe67cad286f)
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* upstream-merge:
lsi53c895a: add support for ABORT messages
virtio-pci: fix bus master work around on load
fix applesmc REV key
rbd: don't link with -lcrypto
net: Add the missing option declaration of "vhostforce"
lsi53c895a: Update dnad when skipping MSGOUT bytes
Revert "prep: Disable second IDE channel, as long as ISA IDE emulation doesn't support same irq for both channels"
isa-bus: Remove bogus IRQ sharing check
virtio-net: Fix lduw_p() pointer argument of wrong size
hw/sd.c: Add missing state change for SD_STATUS, SEND_NUM_WR_BLOCKS
vnc: Fix fatal crash with vnc reverse mode
Signed-off-by: Avi Kivity <avi@redhat.com>
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'd4b4ba03e86eeb697f04bf1173c29530e77e0ce5':
lsi53c895a: add support for ABORT messages
virtio-pci: fix bus master work around on load
fix applesmc REV key
rbd: don't link with -lcrypto
net: Add the missing option declaration of "vhostforce"
lsi53c895a: Update dnad when skipping MSGOUT bytes
Revert "prep: Disable second IDE channel, as long as ISA IDE emulation doesn't support same irq for both channels"
Signed-off-by: Avi Kivity <avi@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If these messages are not handled correctly the guest driver may hang.
Always mandatory:
- ABORT
- BUS DEVICE RESET
Mandatory if tagged queuing is implemented (which disks usually do):
- ABORT TAG
- CLEAR QUEUE
Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 508240c0daecdd62ab46727f37145f2dbb029ff7)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit c81131db15dd1844d0db1d51f3cd7a105cfd2cf3
detects old guests by comparing virtio and
PCI status. It attempts to do this on load,
as well, but load_config callback in a binding
is invoked too early and so the virtio status
isn't set yet.
We could add yet another callback to the
binding, to invoke after load, but it
seems easier to reuse the existing vmstate
callback.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
(cherry picked from commit 89c473fd82daf7dddad8162a683bcd0ef671ecda)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix applesmc REV key string literal hex encoding.
Signed-off-by: René Rebe <rene@exactcode.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 7f90fa77b8f0dbe2e9d221953b8f9a6af6a3128a)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
rbd support tries to both link with -lrados and -lcrypto. While the
first one is of course necessary, the second is not necessary (only
librados ifself needs to link with libcrypto).
This fixes a licensing issue: qemu as a whole is GPL v2, and thus can't
be linked with OpenSSL without an exception in the license, which seems
difficult to get given the number of persons involved.
Cc: Christian Brunner <chb@muc.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit cc4e8741ccdaa905017f3c7c59e14c685a239c2d)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 96c94b298f99d6edf4e49d03cc8458f5b6e9d5f0)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase. Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.
Tested on Linux and Windows Server 2003.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 444dd39b5f226926e8b8a950821e6f48a5da3ccd)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
doesn't support same irq for both channels"
This reverts commit 491e2a338fdf8310c84f6ebaed1683a871a0700e.
(cherry picked from commit 81aa06471a5c0ae45537b15f5b44e3f82488cdf5)
|
|/| |
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '57c864b1f32986116947d5e94218ec623ce393de':
isa-bus: Remove bogus IRQ sharing check
virtio-net: Fix lduw_p() pointer argument of wrong size
hw/sd.c: Add missing state change for SD_STATUS, SEND_NUM_WR_BLOCKS
vnc: Fix fatal crash with vnc reverse mode
Conflicts:
hw/pc.c
Signed-off-by: Avi Kivity <avi@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Nothing prevented IRQ sharing on the ISA bus in principle. Not all
boards supported this, neither each and every card nor driver and OS.
Still, there existed valid IRQ sharing scenarios, (at least) two of them
can also be found in QEMU: >2 PC UARTs and the PREP IDE buses.
So remove this artificial restriction from our ISA model.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit ee951a37d8873bff7aa58e23222dfd984111b6cb)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A pointer to a size_t variable was passed as the void * pointer to
lduw_p() in virtio_net_receive(). Instead of acting on the 16-bit value
this caused failure on big-endian hosts.
Avoid this issue in the future by using stw_p() instead. In general we
should use ld*_p() for loading from target memory and st*_p() for
storing to target memory anyway, not the other way around.
Also tighten up a correct use of lduw_p() when stw_p() should be used
instead in virtio_net_get_config().
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit b46d97f2d2fd7c099b11e610de630918dfd11fa1)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The SD_STATUS and SEND_NUM_WR_BLOCKS commands are supposed to cause
the card to send data back to the host. However sd.c was missing the
state change to sd_sendingdata_state for these commands, with the effect
that the Linux driver would either hang indefinitely waiting for
nonexistent data (pl181) or read zeroes and provoke a qemu warning
message (omap).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reverse mode is unusable:
qemu -vnc localhost:5500,reverse
crashes in vnc_refresh_server_surface because some pointers are NULL.
Fix this by calling vnc_dpy_resize (which initializes these pointers)
before calling vnc_refresh.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace obsolete qemu-kvm.h with kvm.h in pci.c and build that module
just like upstream does. This fixes non-x86 targets which have no PCI
support.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit cf3a3feb8d6309a5c79277fc084d7785729b7262)
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* upstream/stable-0.14:
qemu-char: Check for missing backend name
Update version for 0.14.0
Update version for 0.14.0-rc2
Fix build from previous commit
PATCH] slirp: fix buffer overrun
correctly check ppr priority during interrupt injection]
qcow2: Fix order in L2 table COW
qemu-img: Improve error messages for failed bdrv_open
qed: Report error for unsupported features
qcow2: Report error for version > 2
qerror: Add QERR_UNKNOWN_BLOCK_FORMAT_FEATURE
qcow2: Fix error handling for reading compressed clusters
qcow2: Fix error handling for immediate backing file read failure
QCOW2: bug fix - read base image beyond its size
Change snapshot_blkdev hmp to use correct argument type for device
linux-user: Fix possible realloc memory leak
linux-user: Fix possible realloc memory leak
linux-user: fix for loopmount ioctl
blockdev: Plug memory leak in drive_init() error paths
blockdev: Plug memory leak in drive_uninit()
Signed-off-by: Avi Kivity <avi@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check if the backend option is missing before searching the backend
table. This fixes a NULL pointer dereference when QEMU is invoked with
the following invalid command-line:
$ qemu -chardev id=foo,path=/tmp/socket
Previously QEMU would segfault, now it produces this error message:
chardev: "foo" missing backend
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
| |
| |
| |
| | |
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|