Commit Graph

38532 Commits

Author SHA1 Message Date
Stefan Weil
60ff4e63e2 hw/arm/highbank: Fix resource leak and wrong image loading
Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.

In addition, that name is used to get the size of the image, but a
different image name was used to load it.

In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.

Fix all three issues.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 17:57:29 +01:00
Peter Maydell
fde069f751 vnc: fix websocket security issues (cve-2015-1779).
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVHAtaAAoJEEy22O7T6HE41U0P/17hZHdG7va0g3oplzSN4UTD
 q2Nhc/Uz5MpDKOYCGV0vFf3E33ahL9QZmFNI50cjyfoWGMvRT7r62ccc97UfJvGK
 YBbKz22E/gs2TAIhPoUFMgd0gpJ7o6GP8wEowJsiejeO958ABdkSN8v5ReiEMdQ3
 cojpI9VhTJmreKuA2ICintjYFyea7Fh0BZECih+1SdUfF6OwJTsRE8YK0CTlKmYT
 zb+iviJhCLmHcZR71AnKpXktY+QMsaO/yairDLGyS67XEmq26OeF8DIOCR8mQUWA
 QUDxPAibFOiH4oP9Kc5IRMxlethCRAiRnVUtuMr39KVwZeUHw/tvUApN22EB1Hmx
 R80jOPhl6po1OW84idUv3UplOctJ/Ty2/k4XeJzgk4izce9dN9eG/6HBwXJMswjP
 4Yw8r1SUkXV1USRTzIy/MWLouRshzqBjS4ZpfthFb7n2nEaPo3deezU8KWnZ4XGT
 QAg97TSEzskWHJn5oml0C59g7LVd08+RYoM7vrod+vEfXcZa4rLiyUvZQpbKjDiC
 07rbicmG98+XcsYfkvpKw3j8P2WccIdt3Rq1ozj6iUdJi9oCbMqgxYRnhbykN50x
 syLVvQYi4PTsesbGoLN4JVd/aPxD9ZLTHvzhO4lVz0G4FaA/1OU6u16l+S4mmQli
 yQcUggDl0i/uKbd4R+Y/
 =rQOo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-cve-2015-1779-20150401-2' into staging

vnc: fix websocket security issues (cve-2015-1779).

# gpg: Signature made Wed Apr  1 16:14:34 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-cve-2015-1779-20150401-2:
  CVE-2015-1779: limit size of HTTP headers from websockets clients
  CVE-2015-1779: incrementally decode websocket frames

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 17:18:51 +01:00
Daniel P. Berrange
2cdb5e142f CVE-2015-1779: limit size of HTTP headers from websockets clients
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.

A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-01 17:12:55 +02:00
Daniel P. Berrange
a2bebfd6e0 CVE-2015-1779: incrementally decode websocket frames
The logic for decoding websocket frames wants to fully
decode the frame header and payload, before allowing the
VNC server to see any of the payload data. There is no
size limit on websocket payloads, so this allows a
malicious network client to consume 2^64 bytes in memory
in QEMU. It can trigger this denial of service before
the VNC server even performs any authentication.

The fix is to decode the header, and then incrementally
decode the payload data as it is needed. With this fix
the websocket decoder will allow at most 4k of data to
be buffered before decoding and processing payload.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]

  @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
  -        *payload_size = input->offset;
  +        *payload_size = *payload_remain;

[ kraxel: fix 32bit build ]

  @@ -306,7 +306,7 @@ struct VncState
  -    uint64_t ws_payload_remain;
  +    size_t ws_payload_remain;

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-01 17:11:34 +02:00
Peter Maydell
b8a86c4ac4 Fix for object_del of in-use memory, pvpanic
regression, PPC regression and bogus error message with
 Oxygen theme.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVG6d0AAoJEL/70l94x66DRl4H/jruVMg0HXtQsjIdOvLd8GPk
 CrK+DCxRw1P6ysY0sRocki2MNm+eiI3sn0q+8AI4jNEr6jdRPvxJA5aOPlhOJLAy
 WoJTShprwOtgMtZTnueCpE342D+1NeRWAiXnk+zQB/bhvoYZn95mxuDTpWw+tCcX
 0mt7rg/zlzIvq4weXsT/c6ZGDaUymp5PheI3fEHcDJLOnU0+aZBtil6I/E6CgM3I
 r1mPjtv6SwCKTMcz6li9SBFp92AK80sOgLBzFY5AfTrMskKPha32R1r9z5q9MaYK
 Zm3Yf3Yi7MyrzO3dLmxNP6y2DR46X+YQv0uJAcHn8QRGXWLJ5H6TAZCNxsBctBk=
 =qZ9K
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Fix for object_del of in-use memory, pvpanic
regression, PPC regression and bogus error message with
Oxygen theme.

# gpg: Signature made Wed Apr  1 09:08:20 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  Revert "exec: Respect as_tranlsate_internal length clamp"
  rcu: do not create thread in pthread_atfork callback
  pc: acpi: fix pvpanic regression
  hostmem: Prevent removing an in-use memory backend
  qom: Add can_be_deleted callback to UserCreatableClass

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-01 11:31:31 +01:00
Paolo Bonzini
4025446f0a Revert "exec: Respect as_tranlsate_internal length clamp"
This reverts commit c3c1bb99d1.
It causes problems with boards that declare memory regions shorter
than the registers they contain.

Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-01 10:06:38 +02:00
Paolo Bonzini
a59629fcc6 rcu: do not create thread in pthread_atfork callback
If QEMU forks after the CPU threads have been created, qemu_mutex_lock_iothread
will not be able to do qemu_cpu_kick_thread.  There is no solution other than
assuming that forks after the CPU threads have been created will end up in an
exec.  Forks before the CPU threads have been created (such as -daemonize)
have to call rcu_after_fork manually.

Notably, the oxygen theme for GTK+ forks and shows a "No such process" error
without this patch.

This patch can be reverted once the iothread loses the "kick the TCG thread"
magic.

User-mode emulation does not use the iothread, so it can also call
rcu_after_fork.

Reported by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-01 10:06:38 +02:00
Igor Mammedov
e65bef6954 pc: acpi: fix pvpanic regression
Commit cd61cb2  pc: acpi-build: generate pvpanic device description dynamically

introduced regression changing pvpanic device HID from
QEMU0001 to QEMU0002.
Fix AML generated code so that pvpanic device
would keep its original HID. i.e. QEMU0001

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Gal Hammer <ghammer@redhat.com>
Message-Id: <1427717907-25027-1-git-send-email-imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-01 10:06:38 +02:00
Lin Ma
36bce5ca5d hostmem: Prevent removing an in-use memory backend
showing a memory device whose memdev is removed leads an assert:

(qemu) object_add memory-backend-ram,id=ram0,size=128M
(qemu) device_add pc-dimm,id=d0,memdev=ram0
(qemu) object_del ram0
(qemu) info memory-devices
**
ERROR:qom/object.c:1274:object_get_canonical_path_component:\
                            assertion failed: (obj->parent != NULL)
Aborted

The patch prevents removing an in-use mem backend and error out.

Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <1427704589-7688-3-git-send-email-lma@suse.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-01 10:06:38 +02:00
Lin Ma
d6edb15576 qom: Add can_be_deleted callback to UserCreatableClass
If backends implement the can_be_deleted and it returns false,
Then the qmp_object_del won't delete the given backends.

Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <1427704589-7688-2-git-send-email-lma@suse.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-01 10:06:38 +02:00
Peter Maydell
033a20359a QOM infrastructure fixes and device conversions
* Fix for adding alias properties with [*]
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJVGn30AAoJEPou0S0+fgE/BB8P/3RQ9zszlqUS9X77RHDnSdPj
 nVIN0AD62OFKoXtJPTeLSnFiN5UWUhWg+V/87IlIVuiUVbwo6sYw24oTphiEdq7K
 zq1wZTpNA2HtodBUuGveCECiK9a+dZzqGWfptOnpBne7pDsOyUehBse3c7JEq919
 OKYPwBzjqN9a9h7QKklF2W7+HUgGeGsFogy43r45mUDCpqFO/yWraC39H8H5f56I
 yVgYDjy8lmAD8HsX9Lpk8USEDQAPfoJBVDIQsfHn5DBaTaW3SDpj7XbtQ3uL4L34
 Kp/VhWirigO+xm8Fb7Z+ZwVwGIC8rbjvQ0DFLYGTz1FWjw21QgnGCVAW48yIyqRG
 9s+SGcohY94z22G0PvHDTQiIy3e+ZJq12ut+9LXlL8EJPlPX5Fuf/ah8FyJ3m6XP
 7i6ZQqwdGhVdk4Jd0RqDGfIFZZT/R3Gv7jpxdliH/dZYrFLcOCEByDj5m6xwmZp8
 dJE7iKzggvGckIIIzegpRGlhFkKEfSMQglApyFsAprjZjPHoMZzlvKsVppi4Hwsm
 eMZseltmI7Bl8C86EYPtEkJOrZzDcdvKZbBmoOZuTGUKKv/18y1w++mlzBKPe8bP
 6SPyfXjVVyB5UrUqdsIrwPbkKLfs6gtUzIZGC00RDSxme8SmCstdXSqXQI5ao+Dp
 uoZgGNvKGu1PkL0CrsSR
 =RGJv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

QOM infrastructure fixes and device conversions

* Fix for adding alias properties with [*]

# gpg: Signature made Tue Mar 31 11:59:00 2015 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  qom: Fix object_property_add_alias() with [*]

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-31 12:12:23 +01:00
Andreas Färber
a18bb417e9 qom: Fix object_property_add_alias() with [*]
Commit 8074264 (qom: Add description field in ObjectProperty struct)
introduced property descriptions and copied them for alias properties.

Instead of using the caller-supplied property name, use the returned
property name for setting the description. This avoids an Error when
setting a property description for a property with literal "[*]" that
doesn't exist due to automatic property naming in object_property_add().

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org (v2.2+)
Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-03-31 12:56:48 +02:00
Peter Maydell
9e0ad3472d QTest cleanups
* Change fw_cfg-test and i440fx-test GTester paths
 * Extend libqtest API as necessary
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJVGYgDAAoJEPou0S0+fgE/Rv0P/i4ONP1W4lVhXJFCvPRUNwM8
 aOTLbCbixY6bJeXfVykfArjOlBw44aj0zEaRWdu3KYq4GEn+zt0/ZpMA/RZGD1z3
 yssoa1bjzv0SqnrAfDcF/AMLkzpquJyo1RV0XpXLuYJ/9gSaSDYqVwj+84HWJOJr
 kfJXBtCZT9iUh3hoW0wEY9wMCaHe53DaI3OBh3QewE4ys5goJ50XhDlkjWF2b+vg
 lxNJUMHBY09c2B57FKytNshO8oRoNQTSOaf7iVcMiaNuGztujyV5jpN50k6vtIS/
 bTzWdrqAgWUzKLQORaz+L8gMo/nBb+4WvyPYA7hNWUYEGwBrTtuPxWD8pGjw4fk9
 AEsU7Qpu/uJcwxaaRYioTWGRXEzTVsENjxbEWmUDza0KIWE8R5Qbg7k60VwfW3Vo
 5NQqoUsuTOAtv+dDst9CdMj5Ib15wmmu28kxAmz8iwYa0rz8bHRs8h5EWvX5Vwxg
 p1ed0Gxe7VOaWYbSe3p/WqzN7IaPpQVex2V4WvjcqkJGxl7zk9JNSqoZKPEKi4Ut
 V8KYTbOp2RfS1dNM7wW8X9k6VKY4Y8FfuSPsQKz9z61fk257Lk9r7Uppj7KXDsY0
 cbaOdE0RR3RZ3Irmg9lfONDCwfzOQUDFOQWmRE7PyOO029ZN48ht7HS4dFn/uJyC
 zEWs8Huet7chj0ysaKOX
 =I+Qw
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qtest-for-2.3' into staging

QTest cleanups

* Change fw_cfg-test and i440fx-test GTester paths
* Extend libqtest API as necessary

# gpg: Signature made Mon Mar 30 18:29:39 2015 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qtest-for-2.3:
  i440fx-test: Fix test paths to include architecture
  qtest: Add qtest_add() wrapper macro
  qtest: Add qtest_add_data_func() wrapper function
  fw_cfg-test: Fix test path to include architecture

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-31 10:55:33 +01:00
Peter Maydell
adbeb458ee TriCore bugfixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCgAGBQJVGTZCAAoJEArSxjlracoUUqwQAM5kEsNYhd3T+jRhr8+/blPX
 yr5YW1VXgZuzLtflr4Y0SD4XQfn7FNFIrMYrGL8dUo/pUgEFObWwNJuwy/b4yyP6
 jqcmeswzYMuJ+hgr6EFWhpOVu4N9q0gtJBZpis9c4mT//TaUOzzMIQrrLAmo0vMy
 KlbCaTbGZYhxdB0zmMcRekKpTn15asiNqCjJ4Jk6ut9URHq9VK7rQF4jC4/8yxhc
 9y0xDHBgfUChtq7mSLc8NgD9AohQ+oRZk1z/n33bfXetFh0vLHaFPwG4xbZTqheh
 ZZY0EQxWc7o9sAT4raOjmxkrnjPzBd8tbDyx5Eyzd724mHshQ60VHETqP95r9TMl
 B4QNL1NOImpTpqFg4Wb1njcpqVAWmlvNxeFjyym4LxjOHeqLrfsuP3xW7bOfuja/
 naZzdxP0VqTBMfpEFUqGTkjKOSo40oqZW8usWiY1bGZqUnfWMV2Jyj6tZDaKe41n
 SGWXESwVviFYli9SyXO0sUsOHgG6Vf0cgZV9fKldIuGcl/NGpLfuX8wecylLSOzL
 vbd2NpQWREdozWd8hBq7zHW2LAjoKCp+lKnjl7d+hb2AZtlUrrC+YX5sYoA9R3/P
 gvdr05//Q5TaO8eSZ0WXIV3a6xboNRdoWb2v58sVJ8nKYonZv3B8PxFk3ZoqGG6l
 v/KI9h0XNIk9uO/uwj/j
 =6j+6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bkoppelmann/tags/pull-tricore-20150330' into staging

TriCore bugfixes

# gpg: Signature made Mon Mar 30 12:40:50 2015 BST using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20150330:
  target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-31 09:56:48 +01:00
Peter Maydell
d4892d935b s390x fixes:
- virtqueue index issues in virtio-ccw
 - cleanup and sign extension fix for the ipl device
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJVGQDWAAoJEN7Pa5PG8C+v7AAP/3EXIWAJSIY9fS/RDmyMfS04
 By0jEnNtmEykRcBvZJFXCCiyfGjHBVaQeAYkadnk4K4AUMVeLR5Zqy66Ii3JK86K
 EK3EymTBTo2BIgniJqVF6sjaOKXtp30BCqncAjYY0a+OUDBNEkjcoJ/fuzvpaSXz
 WH9Q2kiSDl3pBOpspcj5Nbms/jEW9nc/5cdJCV30AuEDblnaJxVe/vEvUSxZnd47
 WKgKITrCAiwjInjr6qd1p8JbFpZh3mEs5rCSjYGrzx+ZhpXuRliaaY0vfNrLIuQY
 sXNGy4KWvPgyfIwshA+VGijdKjti92x4dYTtabq+tHxHR+/UrXZaFpMR/HChz6Bj
 LW8e31eLLMv1gdQDJ1Q9togiCqLYxiEtmLw4/u8ZwIx00JIH4DGB38qNQC/41icK
 xsuGWDZpucfQKsKaF1BromHjSsbrHnGz38mMcvWmiFUt5/nZ3lqSnx+WFcW+u8RR
 Wdl5Q9T8l09WU9dfVvymXFdPfkN7wODF3KyRc4oJ/dE2U5/bSJwhm+RMugI+ed3T
 fSrWSgebN8VGjlcgEgwVnrfre+aoYr4H9IWKOEOjzEIITk9wYBEbccD1lhfJAOWc
 ESuR7d9KyPJp0E7bxAPtKEiTJVEc2QfphBB6rVhtweiEnGDLZyXZr5YHWymv7Aar
 J8440Ad2AYB4aidDA1os
 =8Zpv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150330' into staging

s390x fixes:
- virtqueue index issues in virtio-ccw
- cleanup and sign extension fix for the ipl device

# gpg: Signature made Mon Mar 30 08:52:54 2015 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20150330:
  s390x/ipl: avoid sign extension
  s390x: do not include ram_addr.h
  virtio-ccw: range check in READ_VQ_CONF
  virtio-ccw: fix range check for SET_VQ

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-30 22:55:51 +01:00
Andreas Färber
6ca90ffeec i440fx-test: Fix test paths to include architecture
Replace g_test_add_func() with new qtest_add_func() and g_test_add()
macro with qtest_add() macro. This effectively changes GTester paths:

  /i440fx/foo -> /x86_64/i440fx/foo etc.

Cc: qemu-stable@nongnu.org
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-03-30 19:24:54 +02:00
Andreas Färber
45b0f830dd qtest: Add qtest_add() wrapper macro
It extends g_test_add() macro with the architecture path.

Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-03-30 19:20:44 +02:00
Andreas Färber
7949c0e39f qtest: Add qtest_add_data_func() wrapper function
It calls g_test_add_data_func() with a path supplemented by the
architecture, like qtest_add_func() does.

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-03-30 19:20:34 +02:00
Andreas Färber
53850b8894 fw_cfg-test: Fix test path to include architecture
Use qtest_add_func() instead of g_test_add_func() to reflect
the architecture tested, changing GTester paths as follows:

  /fw_cfg/foo -> /x86_64/fw_cfg/foo etc.

Cc: qemu-stable@nongnu.org
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-03-30 19:19:42 +02:00
Bastian Koppelmann
f1fdaf5529 target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..
..for address calculation instead address registers.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2015-03-30 13:39:38 +02:00
Cornelia Huck
fa92e218df s390x/ipl: avoid sign extension
Make s390_update_iplstate() return uint32_t to avoid sign extensions
for cssids > 127. While this doesn't matter in practice yet (as
nobody supports MCSS-E and thus won't see the real cssid), play safe.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Paolo Bonzini
f65025caab s390x: do not include ram_addr.h
ram_addr.h is an internal interface and it is not needed anyway by
hw/s390x/ipl.c.

Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1427295389-5054-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Cornelia Huck
d03a363054 virtio-ccw: range check in READ_VQ_CONF
Processing for READ_VQ_CONF needs to check whether the requested queue
value is actually in the supported range and post a channel program
check if not.

Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Cornelia Huck
590fe5722b virtio-ccw: fix range check for SET_VQ
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.

Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-03-30 09:25:17 +02:00
Peter Maydell
627f91b1f8 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQIcBAABAgAGBQJVFddzAAoJEH3vgQaq/DkOF4gQAMLRh84LWGntsegTRZGY+Wqq
 WOzs8xnTlKOS3Ebu6npHo53/PRkGuD9FUDRMOc71+n0IzVjvZ+7CKHSYwmQ4qcMU
 1lXsTt5M+ZhxDZFtcAuFfjKPv60CdauPtxfQo+wLZzoWaoEho1HN8oSi4uiL+bP9
 P+29FxiOfQJES5qIQTza07RRQTwOqCxG8XwLNmHepu02uJm8BeEmUvQ0J/uvjnNi
 liUKzYH1lzI4URuCzcW95bR0vnN4dhQ+aWAazPnNgBWe/M1AQnP7ehUODT2y6vul
 mk5y9iI68xhBX3j9kVBRB7Wdp+X/c6mNAXrKG/Qwph4Mu7NSVfJZZYS2yJ/DXtzu
 BgT+uvFs7iZWkI/K2XV8hZi3r6NOCIGoBAg4MGfrniabsspwM8PmUdPq7/Zp/+lG
 jmZZIGv0fi3kSghDVi+6L/2uPa5TXutmhzU9J0rLlYlSXYpJkYCZiU2GsODLqS4g
 RbNd1FxcFLuEUowxlnrPZ2PTDRaaSp6ZLd67498Sq4YgUdWZwL2dvaWWu9yYAnQ5
 GO/OhI3t+fkDVjt4xRzQkmwrXyytahOD7Ddi8QKzjC7z+aVRW5ZtTLlRlYUkUBk6
 KLyza3ye8ZJ0rMAtcFT2V/tUzWTHLnRja7Niowoqoxc4D8duuKny/I9NMG6jFoB0
 g+64eTw9HidJ2EdwS0F8
 =1ygA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into staging

# gpg: Signature made Fri Mar 27 22:19:31 2015 GMT using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jnsnow/tags/ide-pull-request:
  AHCI: Protect cmd register
  AHCI: Do not (re)map FB/CLB buffers while not running

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-28 10:10:04 +00:00
John Snow
fc3d8e1138 AHCI: Protect cmd register
Many bits in the CMD register are supposed to be strictly read-only.
We should not be deleting them on every write.

As a side-effect: pay explicit attention to when a guest marks off
the FIS Receive or Start bits, and disable the status bits ourselves,
instead of letting them implicitly fall off.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1426283454-15590-3-git-send-email-jsnow@redhat.com
2015-03-27 15:48:11 -04:00
John Snow
a13ab5a35b AHCI: Do not (re)map FB/CLB buffers while not running
The FIS Receive Buffer and Command List Buffer pointers
should not be edited while the FIS receive engine or
Command Receive engines are running.

Currently, we attempt to re-map the buffers every time they
are adjusted, but while the AHCI engines are off, these registers
may contain stale values, so we should not attempt to re-map these
values until the engines are reactivated.

Reported-by: Jordan Hargrave <jharg93@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1426283454-15590-2-git-send-email-jsnow@redhat.com
2015-03-27 15:48:11 -04:00
Peter Maydell
b27e767e8c -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJVFUYtAAoJEJykq7OBq3PIVMoH/3wEtwjopwb6Di8OrErQCAoL
 fH2mnKNwW2zIiRDFcALmdOaioi0qXdURkdbLXJSWZ1FwtUg8IKPvGnbJ/vES+k78
 dtRtj0RyVVok8yRNd9Z2xuN3zSwjD8r5E1ccZIPdGeHePe9I11F0gOL/kc8yNzYQ
 /GGkFbriSg1k8Ej/0bZrGguWRF5uiWywIRs6XuwqfrDkXi95fK2d4JYRAMwkC1An
 YXTHkcCfOwKTfIaTvWlwLkfFUXp9B5t13oNVY2NNhyv70+KZzp/AZinfQFum5PKf
 Y6LGihXvi7ws02Ko0/opzjHc8us1HaPSFLnC1RAIksZDeK/D6ps5O9a85S+kkDw=
 =rUqQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into staging

# gpg: Signature made Fri Mar 27 11:59:41 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/net-pull-request:
  hw/net/e1000: fix integer endianness

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-27 12:12:27 +00:00
Peter Maydell
500d76a093 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJVFS1PAAoJEJykq7OBq3PIuc4H/iIkMVgXRZlROy11ZsKU5Fnx
 y9KZ83RN84pwaJYy1BWpfVpn0Ps6i8+/S8rQeFxX64XWgb7F+GRlIMTRTA28UNUl
 AU8wPqbtiCSAQ9Qy8R8B3qBNDfM2X4a/X64wvhAukyga3sAKkIcfNFZYhI+V1dd7
 rZ9cwlIB0StBOaH//Fmj4lnbT0gN8wd02WLZPbt7qCdqkYWlqJg7gGH8P/IGXx2o
 7/tJ7kcAtJUY8VqtESpHgl6TiOau+1sP4QRFLxi9BbA+HMVcsJbLy9RFOji7IQbt
 InGMpm6dYiC8DdihUxNLvCGlUbKb5ol1/4fTuiM0ZZvGJ5nnRSj+mVpccuQGV7c=
 =ec1o
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Fri Mar 27 10:13:35 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/block-pull-request:
  block: Document blockdev-add's immaturity
  qemu-iotests: Test unaligned 4k zero write
  block: Fix unaligned zero write
  nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-27 10:30:48 +00:00
Shannon Zhao
4e60a250d3 hw/net/e1000: fix integer endianness
It's detected by coverity.In is_vlan_packet s->mac_reg[VET] is
unsigned int but is dereferenced as a narrower unsigned short.
This may lead to unexpected results depending on machine
endianness.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Message-id: 1426224119-8352-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:23:50 +00:00
Markus Armbruster
da2cf4e803 block: Document blockdev-add's immaturity
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1426858337-21423-1-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:01:12 +00:00
Fam Zheng
61815d6e0a qemu-iotests: Test unaligned 4k zero write
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1427160230-4489-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:01:12 +00:00
Fam Zheng
fc3959e466 block: Fix unaligned zero write
If the zero write is not aligned, bdrv_co_do_pwritev will segfault
because of accessing to the NULL qiov passed in by bdrv_co_write_zeroes.
Fix this by allocating a local qiov in bdrv_co_do_pwritev if the request
is not aligned. (In this case the padding iovs are necessary anyway, so
it doesn't hurt.)

Also add a check at the end of bdrv_co_do_pwritev to clear the zero flag
if padding is involved.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1427160230-4489-2-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:01:12 +00:00
Stefan Weil
2115f2a1d8 nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
The shift operation on nlb gives a 32 bit result if no type cast is
applied. This bug was reported by Coverity.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1426348844-8793-1-git-send-email-sw@weilnetz.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-27 10:01:12 +00:00
Peter Maydell
4ad9e2b36e gtk: do not call gtk_widget_get_window if drawing area is not initialized
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVFDsLAAoJEEy22O7T6HE4grQP/2cOVdC6wk/VMLahDr4MxICE
 1a5eYDQldZM39wGgZTDy8CVcMtKN/O1YJi+FV/+CRZ+40sh1/Nd5tr0ltBcA8KkY
 Q5qumberkiZKT7c5h1S7BGt4RlPT+IiTI9w4gLugY34VNWnfnCBFEyW0TQZXpjVp
 XabObmD76y7Yt7IYgwhmebQF2E7Bhyazry7XlKi4ZxoANwqs7zAY0cqRFHuSoy4i
 Te/hVIUvHVIOgtITU70J5dIHVG9Ahckf7rZI0IHwGrFuVmQhPzoK4yMi7sEF7MQR
 z3q587ne5ycfw+51zkDR5ha/4PUHN9ZRFnkjZtSfOaj5Om+eZv2d7rUjeTZI9cTT
 pQgSIkZAlh+vYP4G989QvU+F++UWzJM9F4gWFZdUBV6Ph17+dfg6Qqjuqxlr3CgB
 a3e3UV+C4NRsWiDWkz3A9rciFh9cfbDSXlC/YnSQC/bIx3fiktpoHuzg3RBQjPY+
 rLqbbovKEyfhy4vHq51VtBIofjP9nzXuNTgzPuhJhy5CFGuI06dErrNZiKkqNXri
 pNY1hMq1bYp+BHFUJXLvzGE9zpNyDEwOzuaCi5GGtTPOjOhG2ZyLBEpC4g/b/CLh
 GOBI67hc0vYe24S5IH/mBt4YzHtbq6cuVPdHcQUqx+6G337Wjrsr6TaS7FLk1qzE
 dSHYUaKtvL5VXTqIzH4q
 =/n5P
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-20150326-1' into staging

gtk: do not call gtk_widget_get_window if drawing area is not initialized

# gpg: Signature made Thu Mar 26 16:59:55 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-gtk-20150326-1:
  gtk: do not call gtk_widget_get_window if drawing area is not initialized

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 18:35:09 +00:00
Peter Maydell
f75d4f8295 Bugfixes and making SCSI adapters IOMMU-friendly.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVFAh1AAoJEL/70l94x66D8wEH/jOWcJ04YbRN9yIDXbtrWRtS
 XMz9GQcKrpo+QJYB466r8dP+2mRuKajkuSm6++MPXcJs1I0O1AzbSKCDTi5kG01/
 XZYOYNLc6lEjMJBZ6AbydjnsSCZjFglrFttQqIicX5l3oBZI6jtvC5FyUTUZbmp2
 FXwapzadeqf8n3C66RHSO1jTGuh7ROwW1inENsxhz34ZnQ5WhWrEiFYeTwo5mMqc
 sMQk3Fw4d9uRpJSVbfnQ44LrQ3GJX90U4rqBjhfIIvhkzQlziARBSR+3DdUZKVpI
 uniOtvNkWmy8ST1OBf3c1ALCHTb/uUS/9bz+FQz6dbjp5COXP2NCpvCShLswBU0=
 =TVSA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bugfixes and making SCSI adapters IOMMU-friendly.

# gpg: Signature made Thu Mar 26 13:24:05 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring
  misc: fix typos in copyright declaration
  exec: avoid possible overwriting of mmaped area in qemu_ram_remap
  sparc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  mips: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  m68k: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
  nbd: Fix up comment after commit e140177
  vmw_pvscsi: use PCI DMA APIs
  megasas: use PCI DMA APIs
  cpus: Don't kick un-realized cpus.
  i6300esb: Fix signed integer overflow
  i6300esb: Correct endiannness
  fw_cfg: factor out initialization of FW_CFG_ID (rev. number)
  rcu tests: fix compilation on 32-bit ppc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 17:33:35 +00:00
Eduardo Otubo
896848f0d3 seccomp: libseccomp version varying according to arch
Libseccomp dependency was mandating version 2.2.0 on all architectures
and this was causing configure and virt-test to break on non-updates
distros. This patch works-around it and give a more flexible way to
check the version, giving more time for other distros to update
libseccomp version.

Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Reported-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Tested-by: Juan Quintela <quintela@redhat.com>
Message-id: 1427385385-30571-1-git-send-email-eduardo.otubo@profitbricks.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 16:58:22 +00:00
Hervé Poussineau
4cdfc93526 gtk: do not call gtk_widget_get_window if drawing area is not initialized
This prevents gtk_widget_get_window to return a NULL pointer.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-26 17:58:12 +01:00
Peter Maydell
99b7f47c54 migration/next for 20150326
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJVFBhbAAoJEPSH7xhYctcjHkUP/RISkmiAR9v9x+i/l9jFPDhy
 unyP2+p5/O6WhFR3nG+x7ISXTT29IDWIL5TGT0+bJ3DwqLBU6Tt7goEPqzE5T3vG
 Q3C2C2vp3Po5ngFcbaukIhqO8tFrieeURfxDYj550eaLkuVblC1g7R3F5K7Da/Y9
 tvEB7nQpwJQjdg2LHeeUZAK0hVKRZthCeMlD64E11rfycmRWmdIUlbkfZVUy8Q2u
 ko9mCIPIoZ2xsj505J2+hH6hn8yRUTRjqXqWMPkmnNZYXmPMlXXT7EZ1AhfCjHPr
 ExrFDtNRiIcHTu7kRlkMFdvhyJGLvf5h+7raTMI4HsvrFgGqKjjS2tKgWIHcFl19
 eciWjkTJD6K4EOCBYQTVQp1q9OP1mbaAmmPjEdCXjLElL4LaneCSO0dRVc6bEGwW
 u9EiPJm7Z8kw3tfS3BhpnqVJxom25HjN3oOYsR4pjr6ceXrK+9DTL3fRZX7nAbqv
 gpnuJUzK3r3pfaJkLXCZ7dGkW1h+XYKpuLi8lg4xDoHeYOGUmi/I6NCQ6F91eVYV
 qRpremkW5+2Oa/W9+sKdWThNBD66CJ4CpOTpAMRD03Jj0cPVKRtvfYi6E5gV8JSF
 G8zSM4+UtrcPnECuUuAjWFFwfhdiyZLMW09K9cYNWX24d29b5gZtcUPSjA9PToar
 q7TvfokLZjlYMpV68h0t
 =bsza
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20150326' into staging

migration/next for 20150326

# gpg: Signature made Thu Mar 26 14:31:55 2015 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found

* remotes/juanquintela/tags/migration/20150326:
  migration:  remove last_sent_block from save_page_header
  rdma: Fix cleanup in error paths
  Avoid crashing on multiple -incoming

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 14:47:53 +00:00
Juan Quintela
43edc0ed11 migration: remove last_sent_block from save_page_header
Compression code (still not on tree) want to call this funtion from
outside the migration thread, so we can't write to last_sent_block.

Instead of reverting full patch:

[PULL 07/11] save_block_hdr: we can recalculate

Just revert the parts that touch last_sent_block.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2015-03-26 15:31:46 +01:00
Padmanabh Ratnakar
80b262e143 rdma: Fix cleanup in error paths
As part of commit e325b49a32,
order in which resources are destroyed was changed for fixing
a seg fault. Due to this change, CQ will never get destroyed as
CQ should be destroyed after QP destruction. Seg fault is caused
improper cleanup when connection fails. Fixing cleanup after
connection failure and order in which resources are destroyed
in qemu_rdma_cleanup() routine.

Signed-off-by: Meghana Cheripady <meghana.cheripady@emulex.com>
Signed-off-by: Padmanabh Ratnakar <padmanabh.ratnakar@emulex.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-26 15:31:46 +01:00
Dr. David Alan Gilbert
7c76235a3e Avoid crashing on multiple -incoming
Passing multiple -incoming options used to crash qemu (due to
an invalid state transition incoming->incoming).  Instead we now
take the last -incoming option, e.g.:

qemu-system-x86_64 -nographic -incoming tcp::4444 -incoming defer

ends up doing the defer.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-26 15:31:46 +01:00
Peter Maydell
1ee76e5191 Patch queue for 2.3 ppc - 2015-03-25
Just a few bug fixes before 2.3 gets released:
 
   - pseries: Firmware update, bugfixes
   - remove POWER5+ v0.0 that we incorrectly introduced in 2.3
   - Fix -machine usb=no
   - Fix -boot once=foo in pseries
   - Add NULL pointer check in pseries machine init
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJVEy5QAAoJECszeR4D/txgJLoQAI1ILcPuLAVqjhAKzP6LuKAC
 chtrSn982d3Tfu0gS6NW4iWoUDIx1ucrLnP8YrHWaUMBcGR0iz9z+2EhjgTH5+/g
 Zo9ngoYUc6a2QgoBhiKkJmxcY23pwmZKrYNwc3efOThHRSV4VGDY3zDG1RgM6Cp7
 pz0PeSkjtOHjmcbBF5lHJVkvV9tb4ztAuMS5D22jEw+k8rsjz+c+dC2/nUQgCuSA
 pFfpL7DWqOACa547iEhDCCZQwdXrcZKF9hO1CNeGBIgrLD/wxbbaR9JqToF2KkFK
 vrmvCfPtw4a2kjc8VqoNFKS43TyzFR3w5vtreoG76d9ctpSvWUJR6SwoPUpqMBiJ
 V1H2V2wH5kghKH6QebGUKi0as1/w9pQNZf241E9JzT5UrpA/4N3Y9qQO4LHnwFFg
 j9qJronESn+RzCVeIi9COkHqpqD/T0shPAF2JJqLDNZW6eD5iU/fCTZmZn397fsH
 CLU1g7MWDoWaZbcfcSdRSYslXe9nM4YXI8SWq6Ni7kOaPvkbMNeD+sFNnM8ifd2y
 AFYFNLrSbBQ7H2M+Gwpe5TQnz/9DMLBrKlSTP/ikjWgEX9W1YCZipuOEwIcth18S
 7jmoVaNbvFeBmxR4TttWXb9i4Thfu/UHq23zElTknN2QeEA9XS68fN7u4ikJan7T
 K1hkIPvDBN3w9OvEimOB
 =8Ygi
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging

Patch queue for 2.3 ppc - 2015-03-25

Just a few bug fixes before 2.3 gets released:

  - pseries: Firmware update, bugfixes
  - remove POWER5+ v0.0 that we incorrectly introduced in 2.3
  - Fix -machine usb=no
  - Fix -boot once=foo in pseries
  - Add NULL pointer check in pseries machine init

# gpg: Signature made Wed Mar 25 21:53:20 2015 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream:
  powerpc: fix -machine usb=no for newworld and pseries machines
  PPC: pseries: Implement boot once=foo
  target-ppc: Remove POWER5+ v0.0 that never existed
  spapr: Add missing checks for NULL pointers and report failures
  pseries: Update SLOF firmware image to qemu-slof-20150313

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 13:30:41 +00:00
Ting Wang
4020db0475 virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring
VirtIOSCSIVring which allocated in virtio_scsi_vring_init
should be free when dataplane has been stopped or failed to start.

Signed-off-by: Ting Wang <kathy.wangting@huawei.com>
Message-Id: <1427355752-25844-1-git-send-email-kathy.wangting@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-26 14:23:16 +01:00
Gonglei
fe75270cb6 misc: fix typos in copyright declaration
Add a space after comma.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Message-Id: <1427374663-10168-1-git-send-email-arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-26 14:21:43 +01:00
Peter Maydell
087c4c9419 pc, virtio bugfixes for 2.3
Several bugfixes, nothing stands out especially.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVEq0iAAoJECgfDbjSjVRplKAH/i8CIjI5mQPNzHGmSfLOafWq
 5GeCeJS3JJWg4u3+lx/gzhLEYex2HxGVGxawWu6UsMH5qAJdmaACpeL2ryyBCqvY
 3ba5w/Ku/ykIGlhKsEBBbd4+iDxrrLq3A5N0rl1KLptJpQdVw5XjC9u8sbaHYhEe
 MSm19azPVxG/ARfRO1cKKiJmkKNa6XhI8x92a6awo14gOzVwVZDUktjoFDT/Zmtn
 UocyMgDC75kF9Z48NsZmHOIFLhu6TkdsW5DwAJSSPHV/9pVzvlKnx6VPfiOkqVFQ
 pGnMsC7YanjrEcm0ZbagGKiPqc1uPyjtos34Fob+nsyNn2eqx5D1LPbjmll9BBo=
 =YHPl
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, virtio bugfixes for 2.3

Several bugfixes, nothing stands out especially.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Wed Mar 25 12:42:10 2015 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  virtio-net: validate backend queue numbers against bus limitation
  virtio-serial: fix virtio config size
  acpi: Add missing GCC_FMT_ATTR to local function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 12:18:44 +00:00
Peter Maydell
37a518ae5d seccomp branch queue
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVEolZAAoJEP0M/1sS+L0vmgoIAJHMiLvke6dFUxi5Nru6w/R3
 bVyS5vqfR5ZYIfj9fpuaIDdKeilhw5a5K4ClJFcelomdMiLmK+omaXC7F6iexK8D
 zj/A7uI1yUf0R2MjDRkR2EIpXal4PH4wLn+ctT3PL5EIv/oDYQFbbLGbMg0PVpmm
 rUY/5kbUVTW7dUFWQPcgNJD6sghYdHYK1h/IzO/7j67yqFeb6oMjJbyA0yQNPlL4
 FkgViwYoimTG1ellP8+qT1icnJQlzDrXv0P3hUNzHAM4jRIAA+FbcP9uuuwMgmpR
 TklbnCb80K6EMVtZQ+yIqxiC+ho57/dqui5597xM8wzD/zlNPr5o+Z6WRtNUlGY=
 =pFFP
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20150325' into staging

seccomp branch queue

# gpg: Signature made Wed Mar 25 10:09:29 2015 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found

* remotes/otubo/tags/pull-seccomp-20150325:
  seccomp: update libseccomp version and remove arch restriction

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-26 11:10:54 +00:00
Paolo Bonzini
f18c69cfc5 exec: avoid possible overwriting of mmaped area in qemu_ram_remap
It is not necessary to munmap an area before remapping it with MAP_FIXED;
if the memory region specified by addr and len overlaps pages of any
existing mapping, then the overlapped part of the existing mapping will
be discarded.

On the other hand, if QEMU does munmap the pages, there is a small
probability that another mmap sneaks in and catches the just-freed
portion of the address space.  In effect, munmap followed by
mmap(MAP_FIXED) is a use-after-free error, and Coverity flags it
as such.  Fix it.

Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-26 10:43:54 +01:00
Paolo Bonzini
c6e765035b powerpc: fix -machine usb=no for newworld and pseries machines
Capture the explicit setting of "usb=no" into a separate bool, and
use it to skip the update of machine->usb in the board init function.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-03-25 22:49:47 +01:00
Alexander Graf
5b2128d270 PPC: pseries: Implement boot once=foo
On sPAPR we haven't supported boot once ever since it emerged, but
recently grew need for it. This patch implements boot once logic
to it.

While at it, we also move to the new bootdevice handling that got
introduced to the tree recently.

Reported-by: Dinar Valeev <dvaleev@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-03-25 22:49:46 +01:00