If 'i != index' for all acl->entries, variable
entry leaks the storage it points to.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095
is always false regardless of the values of its operands.
This occurs as the logical second operand of '||'.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
lseek will return -1 on error, g_malloc0(size) and read(,,size)
paramenters cannot be negative. We should add a check for return
value of lseek().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Function send_response(s, &qdict->base) returns a negative number
when any failures occured. But strerror()'s parameter cannot be
negative. Let's change the testing condition and pass '-ret' to
strerr().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
May pass freed pointer filename as an argument to error_report.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In this false branch, fd will leak when it is zero.
Change the testing condition.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
[Fix net_l2tpv3_cleanup as well. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
freeaddrinfo(result) does not assign result = NULL, after frees it.
There will be a double free when it goes error case.
It is reported by covertiy.
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In function connect_to_qemu(), getaddrinfo() will allocate memory
that is stored into server, it should be freed by using freeaddrinfo()
before connect_to_qemu() return.
Cc: qemu-stable@nongnu.org
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
patches, pending confirmation from the submitter that they really
fix QNX.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJUZMqiAAoJEL/70l94x66DQEEH/3kWZSwiC6yh5icRmLd1PX9Q
P8a5qIGQUldN54orlr4bDs4Slb6w4CVwwupT6AIFvNbZDFQVlJTMd+3ssZ03H++D
eJ9WvY3yVmrC1ofFk1WNIposk01gvM0U74Kns4ttEuJ7UyB75mhPEegQd3B8WbPa
/eJILlXu9ayxj60yEqmoR8IfqrkuuTHx7P4QmpJigGeLkBhQOq0TXjb1xi+4JPnv
BHjVjA6YNtzuMO2wP0y6KE/9HZpow0luAb+vB0NkY0NoEezVucoDWLMMUkpSiZI/
yYFEqp4lzRo2ygnJXlGvLFND6F2qacGIIU5lj5t8a2BmswqD83JEt/idQGYeIzM=
=ExeA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
x86 and SCSI fixes. I left out the APIC device model
patches, pending confirmation from the submitter that they really
fix QNX.
# gpg: Signature made Thu 13 Nov 2014 15:13:38 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
acpi: accurate overflow check
smbios: change 'ram_addr_t' variables to 'uint64_t'
kvmclock: Add comment explaining why we need cpu_clean_all_dirty()
target-i386: fix Coverity complaints about overflows
apic_common: migrate missing fields
target-i386: eliminate dead code and hoist common code out of "if"
virtio-scsi: Fix comment for VirtIOSCSIReq
virtio-scsi: dataplane: suppress guest notification
esp: Do not overwrite ESP_TCHI after reset
virtio-scsi: dataplane: fix allocation for 'cmd_vrings'
esp: fix coding standards
virtio-scsi: work around bug in old BIOSes
esp-pci: fixup deadlock with linux
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare clock in ns, because acpi_pm_tmr_update uses rounded
to ns value instead of ticks.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[This lets Windows boot in icount mode. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ram_addr_t should not be used except if referring to a RAMBlobk.
Using 'uint64_t' avoids a -Wconstant-conversion warning, which
clang >= 3.4 produces in "smbios_get_tables()".
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
sipi_vector is an int; it is shifted by 12 and passed as a 64-bit value,
which makes Coverity think that we wanted (uint64_t)sipi_vector << 12.
But actually it must be between 0 and 255. Make this explicit.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds missed sipi_vector and wait_for_sipi fields to a new
subsection of the vmstate of the apic_common module. Saving and loading
of these fields makes migration of the apic state deterministic.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
[Initialize the field in pre_load and kvm_apic_realize. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
git shortlog since 1.7.5:
Hannes Reinecke (1):
megasas: read addional PCI I/O bar
Kevin O'Connor (5):
boot: Change ":rom%d" boot order rom instance to ":rom%x"
vgabios: Return from handle_1011() if handler found.
Don't enable thread preemption during S3 resume vga option rom execution.
build: Avoid absolute paths during "whole-program" compiling.
ehci: Fix bug in hub port assignment
Marcel Apfelbaum (1):
hw/pci: reserve IO and mem for pci express downstream ports with no devices attached
Markus Armbruster (1):
boot: Fix boot order for SCSI target, lun > 9
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The 'QemuConsole' is the input source for handler, we share some
input handlers to process the input events from different QemuConsole.
Normally we only have one set of keyboard, mouse, usbtablet, etc.
The devices have different mask, it's fine to just checking mask to
insure that the handler has the ability to process the event.
I saw we try to bind console to handler in usb/dev-hid.c, but display
always isn't available at that time.
If we have multiseat setup (as Gerd said), we only have 'problem' in
this case. Actually event from different devices have the same effect
for system, it's fine to always use the first available handler
without caring about the console.
For send-key command, we just pass a NULL for console parameter in
calling qemu_input_event_send_key(NULL, ..), but 'input-send-event'
needs to care more devices.
Conclusion:
Generally assigning the special console is meanless, and we can't
directly remove the QMP parameter for compatibility.
So we can make the parameter optional. The parameter might be useful
for some special condition: we have multiple devices without binding
console and they all have the ability(mask) to process events, and
we don't want to use the first one.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ist != 0 is checked in the first "if", so it cannot be true in
the "else if" part. While at it, simplify the code and move
the ESP alignment out of the conditionals.
Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The cdb is not zeroed by virtio_scsi_init_req, so fix the misleading
comment.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch uses vring_should_notify() to suppress
guest notification, and looks notification frequency
can be decreased from ~33K/sec to ~2K/sec in my test
environment.
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After a reset ESP_TCHI should contain the unique ID
of the chip. This value will be overwritten with the
current tranfer count if the transfer count has
previously been set.
So we should always return the chip id if ESP_TCHI
has never been written to.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Current stable version of libseccomp (2.1.1) only supports i386 and
x86_64 archs correctly. This patch limits the usage of the syscall
filter for those archs and updates to the correct last version of
libseccomp.
This patch also fixes the bug:
https://bugs.launchpad.net/qemu/+bug/1363641
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Moore <pmoore@redhat.com>
fallocate() is needed for snapshotting. If it isn’t whitelisted
$ qemu-img create -f qcow2 x.qcow 1G
Formatting 'x.qcow', fmt=qcow2 size=1073741824 encryption=off cluster_size=65536 lazy_refcounts=off
$ qemu-kvm -display none -monitor stdio -sandbox on x.qcow
QEMU 2.1.50 monitor - type 'help' for more information
(qemu) savevm foo
(qemu) loadvm foo
will fail, as will subsequent savevm commands on the same image.
fadvise64(), inotify_init1(), inotify_add_watch() are needed by
the SDL display. Without the whitelist entries,
qemu-kvm -sandbox on
fails immediately.
In my tests fadvise64() is called 50--51 times per VM run. That
number seems independent of the duration of the run. fallocate(),
inotify_init1(), inotify_add_watch() are called once each.
Accordingly, they are added to the whitelist at a very low
priority.
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJUYh9vAAoJEL7lnXSkw9fbgPQH/065L5+SpaJR1Nte9Lz3N2s1
a6tGSI22yu85tKvYCdYjeoVHSkSTyR57FdTfUd2xc2QPj+J4sWXpA81KILBGTJUp
NMpmLpWg4LOh8Ek4ViRgmFFdryzIFa4dT4gc1AcSAIAQ6jsgK1dM7m5kfncC3TN0
TUs248vJ2i/DaE0k8TOeJqxJTqInoFttlJEqG7RD+V5JznokE4zpFNXHDGx9BptE
W2J38GJ/TKRPe9UrHMKZI1r6+ZBdXyE/CaqsNNKLJdqrHgSQuAyK/PS6dQbM4BLg
M1qdP7Tp0wOlvv9qoEZMOEiUsi54XPqLgaLMbW74Yp5X459fqmLW2imy49pHXt8=
=klsW
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2014-11-11' into staging
trivial patches for 2014-11-11
# gpg: Signature made Tue 11 Nov 2014 14:38:39 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2014-11-11:
block: Fix comment for bdrv_co_get_block_status
sysbus: Correct SYSTEM_BUS(obj) defines
target-i386: cpu: keeping function parameters alignment on new line
xen-hvm: Remove redundant variable 'xstate'
coroutine-sigaltstack: Change jmp_buf to sigjmp_buf
pc-bios: petalogix-s3adsp1800.dtb: Use 'xlnx, xps-ethernetlite-2.00.a' instead of 'xlnx, xps-ethernetlite-2.00.b'
gdbstub: Add a missing case of signal number translation in gdbstub
numa: make 'info numa' take into account hotplugged memory
slirp/smbd: modify/set several parameters in generated smbd.conf
qemu-doc.texi: fix typos in x509 examples
icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
It returns more information than binary, fix the comment.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In xen_hvm_change_state_handler(), we can pass 'opaque' with type cast
to xen_main_loop_prepare() directly, there's no need to use additional
variable for it.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The size of each element should be sizeof(VirtIOSCSIVring *).
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Two last minute fixes uncovered and fixed by Tom Musta
and Alexander Graf, thanks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVGGuUrRIkN7ePJvAAQgR+Q/+MVD1IIFsk8VDwex0J4wQ+pgy60m/rgTv
clgk4ZqxnKiWtQRM12UzmVsD7Z51cb/ijl8Bh7DawxCQmFmCSmfu2DMPSrXcRUEA
dB1EdM16GoOuJutNhNIjquHKF8FT7KJf421nX3Wk4knKvEjFRRvCCpgxcXbqaek/
KON1SLf9ABqNGbWuVoZBe3ltc5uAREhF32fWAxErRVcREg1nxUPKS4zgWaLSwksA
CicjfRGO3bxVAejXi3SIH/kv2w5y0lqvlrCLynqPdZOc9jD2J05SfuVXG/4phSUy
Ug8BAPYm3lZqm4ICH0l0+FRM4hOXfulYDTohbBNQnAdxas7c0mHdihBdCTsQCCRy
RRaWX7FKDDo/vVep2dCyGWFzWSY4sgCZWifFsXPOdwtLUCnksOPld/78lmM83MXo
cSJUYpuepQRxa5lUy6awkkHz6YPdLQ3jxSCnzjwCh7KSH+LFGATpNTw8PQbkxdVD
AxWLgdxV4xGSyCW4gJkCJIYkpY9wSL4VH4Et4tl0RGZEacJx5R3CsBABbtmlM2bh
K2gnB59GOg2vLcf0A8Wh7oDnc6HxWnhp+p6fPw2aPnVIc7QfVUuAM3OK0/XSQzH6
zVKOnABSvFBNhjgGgYHZsIuBbg1Pdt7B6nE6bA+TMA8jggSjO/O75huTaZw9M1yl
NWi+faoD4+4=
=o8o5
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20141111' into staging
linux-user pull for 2.2
Two last minute fixes uncovered and fixed by Tom Musta
and Alexander Graf, thanks
# gpg: Signature made Tue 11 Nov 2014 06:36:02 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
* remotes/riku/tags/pull-linux-user-20141111:
linux-user: Fix up timer id handling
linux-user: Do not subtract offset from end address
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
bootdevice.c was created by me, and I wrote most of
the code in this file. And now I can maintain it,
I'd hope nobody object this.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
This is a simple patch to change the type of old_env from jmp_buf
to sigjmp_buf. old_env is used by sigsetjmp and as such should be
a sigjmp_buf.
This fixes a stack_chk fail in a OSX 32bit build. Since at least on
OSX sigjmp_buf is four bytes larger then a jmpbuf, resulting in an
overflow in sigsetjmp. Due to variable reordering this overwrites
the stack cookie.
Signed-off-by: Willem Pinckaers <willem_qemu@lekkertech.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter: I think I must have missed this one when I converted
all the jmp_buf to sigjmp_buf in commit 6ab7e546.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
When creating a timer handle, we give the timer id a special magic offset
of 0xcafe0000. However, we never mask that offset out of the timer id before
we start using it to dereference our timer array. So we always end up aborting
timer operations because the timer id is out of bounds.
This was not an issue before my patch e52a99f756 ("linux-user: Simplify
timerid checks on g_posix_timers range") because before we would blindly mask
anything above the first 16 bits.
This patch simplifies the code around timer id creation by introducing a proper
target_timer_id typedef that is s32, just like Linux has it. It also changes the
magic offset to a value that makes all timer ids be positive.
Reported-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Tom Musta <tommusta@gmail.com>
Tested-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
When computing the upper address of a program segment, do not subtract the
offset from the virtual address; instead compute the sum of the virtual address
and the memory size.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
For Linux upstream kernel (e.g. 3.17-rc7), the related compatible string
'xlnx,xps-ethernetlite-2.00.a' is supported, but 'b' is not supported,
so change qemu dtb file to match kernel driver.
The related operation for qemu (after this patch):
yum install libvirt
yum install tunctl
tunctl -b
ip link set tap0 up
brctl addif virbr0 tap0
./configure
make
./microblaze-softmmu/qemu-system-microblaze -M petalogix-s3adsp1800 \
-kernel ../linux-stable.microblaze/arch/microblaze/boot/linux.bin \
-no-reboot -append "console=ttyUL0,115200 doreboot" -nographic \
-net nic,vlan=0,model=xlnx.xps-ethernetlite,macaddr=00:16:35:AF:94:00 \
-net tap,vlan=0,ifname=tap0,script=no,downscript=no
in microblaze qemu bash (guest machine):
ifconfig eth0 add 192.168.122.2 netmask 255.255.255.0
ifconfig eth0 up
Then can telnet 192.168.122.2 directly without password from the host
machine.
The related operation for generating new dtb:
building Linux kernel firstly, then get dts tool "./scripts/dts/dts".
"./scripts/dtc/dtc -I dtb -O dts -o ../work.dts ../qemu/petalogix-s3adsp1800.dtb"
edit work.dts (replace 'xlnx,xps-ethernetlite-2.00.b')
"./scripts/dtc/dtc -I dts -O dtb -o ..qemu/petalogix-s3adsp1800.dtb ../work.dts"
(Since I am not quite sure whether can read this patch or not, I put the
related dtb file in attachment, please check, thanks).
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
While using qemu with gdb "target remote" to debug an application that uses
fork and exec, the qemu process receives SIGSTOP every time the forked process
terminates (sending SIGCHLD).
This is caused by a missing call to gdb_signal_to_target in gdbstub.c, which
is fixed by this patch:
Signed-off-by: Martin Simmons <martin@lispworks.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
When do memory hotplug, if there is numa node, we should add
the memory size to the corresponding node memory size.
It affects the result of hmp command "info numa".
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
