Commit Graph

24860 Commits

Author SHA1 Message Date
Stefan Hajnoczi
da888d37b0 block/raw-posix: detect readonly Linux block devices using BLKROGET
Linux block devices can be set read-only with "blockdev --setro
<device>".  The same thing can be done for LVM volumes using "lvchange
--permission r <volume>".  This read-only setting is independent of
device node permissions.  Therefore the device can still be opened
O_RDWR but actual writes will fail.

This results in odd behavior for QEMU.  bdrv_open() is supposed to fail
if a read-only image is being opened with BDRV_O_RDWR.  By not failing
for Linux block devices, the guest boots up but every write produces an
I/O error.

This patch checks whether the block device is read-only so that Linux
block devices behave like regular files.

Reported-by: Sibiao Luo <sluo@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-02-12 12:22:49 +01:00
Kuo-Jung Su
03ec2f8308 hw/m25p80.c: add WRSR(0x01) support
Atmel, SST and Intel/Numonyx serial flash tend to power up
with the software protection bits set.
And thus the new m25p80.c in linux kernel would always tries
to use WREN(0x06) + WRSR(0x01) to turn-off the protection.

The WEL(0x02) of status register is supposed to be cleared after
WRSR(0x01). There are also some drivers (i.e mine for RTOSes)
would check the WEL(0x02) in status register to make sure the
protection is correctly turned off.

Signed-off-by: Kuo-Jung Su <dantesu@faraday-tech.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2013-02-12 10:03:27 +01:00
Markus Armbruster
58fa432522 qapi: Improve chardev-add documentation
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360602348-4727-1-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:52 -06:00
Stefan Hajnoczi
d7cd369402 migration: restrict scope of incoming fd read handler
The incoming migration is processed in a coroutine and uses an fd read
handler to enter the yielded coroutine when data becomes available.

The read handler was set too broadly, so that spurious coroutine entries
were be triggered if other coroutine users yielded (like the block
layer's bdrv_write() function).

Install the fd read only only when yielding for more data to become
available.  This prevents spurious coroutine entries which break code
that assumes only a specific set of places can re-enter the coroutine.

This patch fixes crashes in block/raw-posix.c that are triggered with
"migrate -b" when qiov becomes a dangling pointer due to a spurious
coroutine entry that frees qiov early.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360598505-5512-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:52 -06:00
Andreas Färber
d0bce760e0 libi2c-omap: Fix endianness dependency
The libqos driver for omap_i2c currently does not work on Big Endian.
Introduce helpers for reading from and writing to 16-bit armel registers.

This fixes tmp105-test failures on ppc.

To prepare for a QTest-level endianness solution, poison mem{read,write}
and always use the helpers. Adopt the expected signatures.
To avoid an unused variable warning, assert the STAT Single Byte Data
bit but, due to it not getting cleared, only it being set when len == 1.

Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1360600914-5448-3-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:48 -06:00
Andreas Färber
5dd6be069b qtest: Use strtoull() for uint64_t
On 32-bit hosts, unsigned long may be uint32_t and uint64_t may be
unsigned long long. Account for this by always using strtoull().
We were already using strtoll() for int64_t.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1360600914-5448-2-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:39 -06:00
Andreas Färber
84eac31707 libqtest: Fix documentation copy&paste errors
The [qtest_]in[bwl]() functions/macros don't have a value argument.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1360604139-16797-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 13:22:33 -06:00
Stefan Weil
f880defbb0 block/vpc: Fix size calculation
The size calculated from the CHS values is not the real image (disk) size,
but usually a smaller value. This is caused by rounding effects.

Only older operating systems use CHS. Such guests won't be able to use
the whole disk. All modern operating systems use the real size.

This patch fixes https://bugs.launchpad.net/qemu/+bug/1105670/.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1360265212-22037-1-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:41 -06:00
Stefan Hajnoczi
2c5a7f2011 block-migration: fix block_save_iterate() return value
The .save_live_iterate() function returns 0 to continue iterating or 1
to stop iterating.

Since 16310a3cca it only ever returns 0,
leading to an infinite loop.

Return 1 if we have finished sending dirty blocks.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1360534366-26723-4-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:05 -06:00
Stefan Hajnoczi
9ee0cb201e block-migration: fix blk_mig_save_dirty_block() return value checking
Commit 43be3a25c9 changed the
blk_mig_save_dirty_block() return code handling.  The function's doc
comment says:

  /* return value:
   * 0: too much data for max_downtime
   * 1: few enough data for max_downtime
   */

Because of the 1 return value, callers must check for ret < 0 instead of
just:

  if (ret) { ... }

We do not want to bail when 1 is returned, only on error.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:04 -06:00
Stefan Hajnoczi
d5f1f286ef block-migration: improve "Unknown flags" error message
Show the actual flags value and include "block migration" in the error
message so it's clear where the error is coming from.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360534366-26723-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:14:04 -06:00
Markus Armbruster
49295ebc56 vl: Exit unsuccessfully on option argument syntax error
We exit successfully after reporting syntax error for argument of
--sandbox and --add-fd.

We continue undaunted after reporting it for argument of -boot,
--option-rom and --object.

Change all five to exit unsuccessfully, like the other options.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-7-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
cfdd162866 vl: Drop redundant "parse error" reports
qemu_opts_parse() reports the error already, and in a much more useful
way.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-6-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
7216ae3d1a qemu-option: Disable two helpful messages that got broken recently
commit 8be7e7e4 and commit ec7b2ccb messed up the ordering of error
message and the helpful explanation that should follow it, like this:

    $ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
    Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
    qemu-system-x86_64: -chardev null,id=,: Parameter 'id' expects an identifier

    $ qemu-system-x86_64 --nodefaults -S --vnc :0 --machine kvm_shadow_mem=dunno
    You may use k, M, G or T suffixes for kilobytes, megabytes, gigabytes and terabytes.
    qemu-system-x86_64: -machine kvm_shadow_mem=dunno: Parameter 'kvm_shadow_mem' expects a size

Pity.  Disable them for now.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-5-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
312fd5f290 error: Strip trailing '\n' from error string arguments (again)
Commit 6daf194d and be62a2eb got rid of a bunch, but they keep coming
back.  Tracked down with this Coccinelle semantic patch:

    @r@
	expression err, eno, cls, fmt;
	position p;
    @@
    (
	error_report(fmt, ...)@p
    |
	error_set(err, cls, fmt, ...)@p
    |
	error_set_errno(err, eno, cls, fmt, ...)@p
    |
	error_setg(err, fmt, ...)@p
    |
	error_setg_errno(err, eno, fmt, ...)@p
    )
    @script:python@
	fmt << r.fmt;
	p << r.p;
    @@
    if "\\n" in str(fmt):
	print "%s:%s:%s:%s" % (p[0].file, p[0].line, p[0].column, fmt)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-4-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:19 -06:00
Markus Armbruster
1a9522cc6e error: Clean up abuse of error_report() for help
Use error_printf() instead, so the help gets presented more nicely.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-3-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:18 -06:00
Markus Armbruster
474c21349f error: Clean up error strings with embedded newlines
The arguments of error_report() should yield a short error string
without newlines.

A few places try to print additional help after the error message by
embedding newlines in the error string.  That's nice, but let's do it
the right way.

Since I'm touching these lines anyway, drop a stray preposition and
some tabs.  We don't use tabs for similar messages elsewhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1360354939-10994-2-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-11 08:13:18 -06:00
Anthony Liguori
2da2e52dce Merge remote-tracking branch 'luiz/queue/qmp' into staging
# By Peter Maydell
# Via Luiz Capitulino
* luiz/queue/qmp:
  tests/test-string-input-visitor: Handle errors provoked by fuzz test
2013-02-11 08:10:39 -06:00
Blue Swirl
10442558ab Update OpenBIOS images
Update OpenBIOS images to SVN r1097 built from submodule.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-02-09 13:39:45 +00:00
Liming Wang
70ef6a5b71 xilinx_zynq: Fix wrong IRQ number of the second EHCI controller
The IRQ number of the second EHCI controller should be 76, not 75.

Signed-off-by: Liming Wang <walimisdev@gmail.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:20 -06:00
Stefan Hajnoczi
fb6d1bbd24 block/curl: disable extra protocols to prevent CVE-2013-0249
There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html

QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:20 -06:00
Paolo Bonzini
0eb256a217 qemu-nbd: document --cache and --aio options
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:19 -06:00
Jesse Larrew
32ab06bcf1 hw/virtio-net: disable multiqueue by default
The new multiqueue feature adds fields to the virtio device config, which
breaks Windows guests. Disable the feature by default until the Windows
drivers are fixed.

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:19 -06:00
Jesse Larrew
14f9b664b3 hw/virtio-net.c: set config size using host features
Currently, the config size for virtio devices is hard coded. When a new
feature is added that changes the config size, drivers that assume a static
config size will break. For purposes of backward compatibility, there needs
to be a way to inform drivers of the config size needed to accommodate the
set of features enabled.

aliguori: merged in
 - hw/virtio-net: use existing macros to implement endof
 - hw/virtio-net: fix config_size data type

Signed-off-by: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:13:44 -06:00
Anthony Liguori
1e89ad5b00 virtio-net: pass host features to virtio_net_init
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 07:37:24 -06:00
Michael Roth
b890492110 net: fix infinite loop on exit
1ceef9f273 added handling for cleaning
up multiple queues in qemu_del_nic() for cases where multiqueue is in
use. To determine the number of queues it looks at nic->conf->queues,
then iterates through all the queues to cleanup the associated
NetClientStates. If no queues are found, no NetClientStates are deleted.

However, nic->conf->queues is only set when a peer is created via
-netdev or netdev_add, and is otherwise 0. This causes us to spin in
net_cleanup() if we attempt to shut down qemu before adding a host
device.

Since qemu_new_nic() unconditionally creates at least 1
queue/NetClientState at queue idx 0, make qemu_del_nic() always attempt
to clean it up.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-07 13:13:39 -06:00
Peter Maydell
0184543814 tests/test-string-input-visitor: Handle errors provoked by fuzz test
It's OK and expected for visitors to return errors when presented with
the fuzz test's random data. Since the fuzzer doesn't care about
errors, we pass in NULL rather than an Error**. This fixes a bug in
the fuzzer where it was passing the same Error** into each visitor,
with the effect that once one visitor returned an error, each later
visitor would notice that it had been passed in an Error** representing
an already set error, and do nothing.

For the case of visit_type_str() we also need to handle the case where
an error means that the visitor doesn't set our char*. We initialize
the pointer to NULL so we can safely g_free() it regardless of whether
the visitor allocated a string for us or not.

This fixes a problem where this test failed the MacOSX malloc()
consistency checks and might segfault on other platforms [due
to calling free() on an uninitialized pointer variable when
visit_type_str() failed.].

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2013-02-07 13:22:50 -02:00
Anthony Liguori
ecd8d4715e Update version for release
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 18:33:47 -06:00
Anthony Liguori
bd4bd24ed3 Merge branch 'for-linux-user' of https://git.gitorious.org/qemu-m68k/qemu-m68k into staging
* 'for-linux-user' of https://git.gitorious.org/qemu-m68k/qemu-m68k:
  linux-user: correct reboot()
  linux-user: correct setsockopt()
  linux-user: correct print_timeval() swap tv_sec and tv_usec
  linux-user: correct msgrcv()

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:39:04 -06:00
Peter Maydell
0bc8ce9460 linux-user: Restore cast to target type in get_user()
Commit 658f2dc97 accidentally dropped the cast to the target type of
the value loaded by get_user().  The most visible effect of this would
be that the sequence "uint64_t v; get_user_u32(v, addr)" would sign
extend the 32 bit loaded value into v rather than zero extending as
would be expected for a _u32 accessor.  Put the cast back again to
restore the old behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:37:39 -06:00
Peter Maydell
f565235b71 hw/pxa2xx: Fix transposed crn/crm values for pxa2xx cp14 perf regs
When the pxa2xx performance counter related cp14 registers were converted
from a switch-statement implementation to the new table driven cpregs
format in commit dc2a9045c, the crn and crm values for all these
registers were accidentally transposed. Fix this mistake, which was
causing OpenBSD for Zaurus to fail to boot.

Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:37:24 -06:00
Anthony Liguori
5b2cd9857d Merge remote-tracking branch 'stefanha/tracing' into staging
# By Markus Armbruster
# Via Stefan Hajnoczi
* stefanha/tracing:
  trace: Fix location of simpletrace.py in docs
  trace: Clean up the "try to update atomic until it worked" loops
  trace: Direct access of atomics is verboten, use the API
  trace: Fix simple trace dropped event record for big endian
2013-02-06 16:36:16 -06:00
Anthony Liguori
3f23624c84 Merge remote-tracking branch 'stefanha/trivial-patches' into staging
# By Michael Tokarev (1) and Stefan Weil (1)
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
  vnc: recognize Hungarian doubleacutes
  target-m68k: Fix comment
2013-02-06 16:36:11 -06:00
Markus Armbruster
8a14952c9d hmp: Disable chardev-add and chardev-remove
As a general rule, HMP commands must be built on top of the QMP API.
Luiz and others have worked long & hard to make HMP conform to this
rule.

Commit f1088908 added chardev-add, in violation of this rule.  QMP
command chardev-add was added right before, with minimal features, and
the idea to complete it step by step, then switch over the HMP command
to use it.

Unfortunately, we're not there, yet, and we don't want to release with
chardev-add in a "HMP is more powerful than QMP" state.

Disable the HMP command for now, along with its chardev-remove buddy.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:43 -06:00
Markus Armbruster
543f34126b hmp: make memchar-read escape ASCII control chars except \n and \t
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:20 -06:00
Markus Armbruster
de1cc36e10 qemu-char: Support suffixed ringbuf size arguments like "size=64K"
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:19 -06:00
Markus Armbruster
3949e59414 qemu-char: Saner naming of memchar stuff & doc fixes
New device, has never been released, so we can still improve things
without worrying about compatibility.

Naming is a mess.  The code calls the device driver CirMemCharDriver,
the public API calls it "memory", "memchardev", or "memchar", and the
special commands are named like "memchar-FOO".  "memory" is a
particularly unfortunate choice, because there's another character
device driver called MemoryDriver.  Moreover, the device's distinctive
property is that it's a ring buffer, not that's in memory.  Therefore:

* Rename CirMemCharDriver to RingBufCharDriver, and call the thing a
  "ringbuf" in the API.

* Rename QMP and HMP commands from memchar-FOO to ringbuf-FOO.

* Rename device parameter from maxcapacity to size (simple words are
  good for you).

* Clearly mark the parameter as optional in documentation.

* Fix error reporting so that chardev-add reports to current monitor,
  not stderr.

* Replace cirmem in C identifiers by ringbuf.

* Rework documentation.  Document the impact of our crappy UTF-8
  handling on reading.

* QMP examples that even work.

I could split this up into multiple commits, but they'd change the
same documentation lines multiple times.  Not worth it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:19 -06:00
Markus Armbruster
5c230105cd qemu-char: General chardev "memory" code cleanup
Inline trivial cirmem_chr_is_empty() into its only caller.

Rename qemu_chr_cirmem_count() to cirmem_count().

Fast ring buffer index wraparound.  Without this, there's no point in
restricting size to a power two.

qemu_is_chr(chr, "memory") returns *zero* when chr is a memory
character device, which isn't what I'd expect.  Replace it by the
saner and more obviously correct chr_is_cirmem().  Also avoids
encouraging testing for specific character devices elsewhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:19 -06:00
Markus Armbruster
6fd5b66950 qemu-char: Drop undocumented chardev "memory" compatibility syntax
This is a new device, so there's no compatibility to maintain, and its
use case isn't common enough to justify shorthand syntax.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:19 -06:00
Markus Armbruster
094c8c2c67 qemu-char: Fix chardev "memory" not to drop IAC characters
Undocumented misfeature, get rid of it while we can.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:19 -06:00
Markus Armbruster
44f3bcd2c7 qmp: Drop wasteful zero-initialization in qmp_memchar_read()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:19 -06:00
Markus Armbruster
c287e99fe4 qmp: Drop superfluous special case "empty" in qmp_memchar_read()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:18 -06:00
Markus Armbruster
13289fb5a7 qmp: Plug memory leaks in memchar-write, memchar-read
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:18 -06:00
Markus Armbruster
c4f331b6b3 qmp: Clean up type usage in qmp_memchar_write(), qmp_memchar_read()
Const-correctness, consistently use standard C types instead of mixing
them with GLib types.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:17 -06:00
Markus Armbruster
1a69278e53 qmp: Use generic errors in memchar-read, memchar-write
New errors should be generic unless there's a real use case for rich
errors.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:17 -06:00
Markus Armbruster
3ab651fc81 qmp: Clean up design of memchar-read
The data returned has a well-defined size, which makes the size
returned along with it redundant at best.  Drop it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:17 -06:00
Markus Armbruster
82e59a676c qmp: Fix design bug and read beyond buffer in memchar-write
Command memchar-write takes data and size parameter.  Begs the
question what happens when data doesn't match size.

With format base64, qmp_memchar_write() copies the full data argument,
regardless of size argument.

With format utf8, qmp_memchar_write() copies size bytes from data,
happily reading beyond data.  Copies crap from the heap or even
crashes.

Drop the size parameter, and always copy the full data argument.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 16:35:17 -06:00
Michael Tokarev
2a0e1ad66e vnc: recognize Hungarian doubleacutes
As reported in http://bugs.debian.org/697641 , some Hungarian keys
does not work with qemu when using vnc display.

This is because while the Hungarian keymap mentions these symbols,
qemu know nothing about them.  So add them.

This patch is applicable to -stable for all previous releases.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-06 15:52:31 +01:00
Stefan Weil
f38f7a847e target-m68k: Fix comment
* spelling fix ito -> into
* reorder to match load/store

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-02-06 15:52:07 +01:00
Michael Tokarev
15af6321f4 vnc: recognize Hungarian doubleacutes
As reported in http://bugs.debian.org/697641 , some Hungarian keys
does not work with qemu when using vnc display.

This is because while the Hungarian keymap mentions these symbols,
qemu know nothing about them.  So add them.

This patch is applicable to -stable for all previous releases.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-06 08:29:58 -06:00