#
c0da0cb7 |
| 10-Oct-2019 |
Greg Kurz <groug@kaod.org> |
9p: Simplify error path of v9fs_device_realize_common() Make v9fs_device_unrealize_common() idempotent and use it for rollback, in order to reduce code duplication. Signed-off-b
9p: Simplify error path of v9fs_device_realize_common() Make v9fs_device_unrealize_common() idempotent and use it for rollback, in order to reduce code duplication. Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
#
87032833 |
| 10-Oct-2019 |
Antonios Motakis <antonios.motakis@huawei.com> |
9p: unsigned type for type, version, path There is no need for signedness on these QID fields for 9p. Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> [CS: - Also m
9p: unsigned type for type, version, path There is no need for signedness on these QID fields for 9p. Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> [CS: - Also make QID type unsigned. - Adjust donttouch_stat() to new types. - Adjust trace-events to new types. ] Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
#
afd76053 |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190816' into staging target-arm queue: * target/arm: generate a custom MIDR for -cpu max * hw/misc/zynq_slcr:
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190816' into staging target-arm queue: * target/arm: generate a custom MIDR for -cpu max * hw/misc/zynq_slcr: refactor to use standard register definition * Set ENET_BD_BDU in I.MX FEC controller * target/arm: Fix routing of singlestep exceptions * refactor a32/t32 decoder handling of PC * minor optimisations/cleanups of some a32/t32 codegen * target/arm/cpu64: Ensure kvm really supports aarch64=off * target/arm/cpu: Ensure we can use the pmu with kvm * target/arm: Minor cleanups preparatory to KVM SVE support # gpg: Signature made Fri 16 Aug 2019 14:15:55 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20190816: (29 commits) target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR target/arm: Use tcg_gen_rotri_i32 for gen_swap_half target/arm: Use ror32 instead of open-coding the operation target/arm: Remove redundant shift tests target/arm: Use tcg_gen_deposit_i32 for PKHBT, PKHTB target/arm: Use tcg_gen_extract_i32 for shifter_out_im target/arm/kvm64: Move the get/put of fpsimd registers out target/arm/kvm64: Fix error returns target/arm/cpu: Use div-round-up to determine predicate register array size target/arm/helper: zcr: Add build bug next to value range assumption target/arm/cpu: Ensure we can use the pmu with kvm target/arm/cpu64: Ensure kvm really supports aarch64=off target/arm: Remove helper_double_saturate target/arm: Use unallocated_encoding for aarch32 target/arm: Remove offset argument to gen_exception_bkpt_insn target/arm: Replace offset with pc in gen_exception_internal_insn target/arm: Replace offset with pc in gen_exception_insn target/arm: Replace s->pc with s->base.pc_next target/arm: Remove redundant s->pc & ~1 ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
e018ccb3 |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - file-posix: Fix O_DIRECT alignment detection - Fixes for concurrent block jobs
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - file-posix: Fix O_DIRECT alignment detection - Fixes for concurrent block jobs - block-backend: Queue requests while drained (fix IDE vs. job crashes) - qemu-img convert: Deprecate using -n and -o together - iotests: Migration tests with filter nodes - iotests: More media change tests # gpg: Signature made Fri 16 Aug 2019 10:29:18 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: file-posix: Handle undetectable alignment qemu-img convert: Deprecate using -n and -o together block-backend: Queue requests while drained mirror: Keep mirror_top_bs drained after dropping permissions block: Remove blk_pread_unthrottled() iotests: Add test for concurrent stream/commit tests: Test mid-drain bdrv_replace_child_noperm() tests: Test polling in bdrv_drop_intermediate() block: Reduce (un)drains when replacing a child block: Keep subtree drained in drop_intermediate block: Simplify bdrv_filter_default_perms() iotests: Test migration with all kinds of filter nodes iotests: Move migration helpers to iotests.py iotests/118: Add -blockdev based tests iotests/118: Create test classes dynamically iotests/118: Test media change for scsi-cd Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
c6a2225a |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-08-15' into staging nbd patches for 2019-08-15 - Addition of InetSocketAddress keep-alive - Addition of BDRV_REQ_P
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-08-15' into staging nbd patches for 2019-08-15 - Addition of InetSocketAddress keep-alive - Addition of BDRV_REQ_PREFETCH for more efficient copy-on-read - Initial refactoring in preparation of NBD reconnect # gpg: Signature made Thu 15 Aug 2019 19:28:41 BST # gpg: using RSA key A7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2019-08-15: block/nbd: refactor nbd connection parameters block/nbd: add cmdline and qapi parameter reconnect-delay block/nbd: move from quit to state block/nbd: use non-blocking io channel for nbd negotiation block/nbd: split connection_co start out of nbd_client_connect nbd: improve CMD_CACHE: use BDRV_REQ_PREFETCH block/stream: use BDRV_REQ_PREFETCH block: implement BDRV_REQ_PREFETCH qapi: Add InetSocketAddress member keep-alive Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
95a9457f |
| 16-Aug-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2019-08-13-v2' into staging Header cleanup patches for 2019-08-13 # gpg: Signature made Fri 16 Aug 2019 12:39:12 BST
Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2019-08-13-v2' into staging Header cleanup patches for 2019-08-13 # gpg: Signature made Fri 16 Aug 2019 12:39:12 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-include-2019-08-13-v2: (29 commits) sysemu: Split sysemu/runstate.h off sysemu/sysemu.h sysemu: Move the VMChangeStateEntry typedef to qemu/typedefs.h Include sysemu/sysemu.h a lot less Clean up inclusion of sysemu/sysemu.h numa: Move remaining NUMA declarations from sysemu.h to numa.h Include sysemu/hostmem.h less numa: Don't include hw/boards.h into sysemu/numa.h Include hw/boards.h a bit less Include hw/qdev-properties.h less Include qemu/main-loop.h less Include qemu/queue.h slightly less Include hw/hw.h exactly where needed Include qom/object.h slightly less Include exec/memory.h slightly less Include migration/vmstate.h less migration: Move the VMStateDescription typedef to typedefs.h Clean up inclusion of exec/cpu-common.h Include hw/irq.h a lot less typedefs: Separate incomplete types and function types ide: Include hw/ide/internal a bit less outside hw/ide/ ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
db725815 |
| 12-Aug-2019 |
Markus Armbruster <armbru@redhat.com> |
Include qemu/main-loop.h less In my "build everything" tree, changing qemu/main-loop.h triggers a recompile of some 5600 out of 6600 objects (not counting tests and objects that don'
Include qemu/main-loop.h less In my "build everything" tree, changing qemu/main-loop.h triggers a recompile of some 5600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). It includes block/aio.h, which in turn includes qemu/event_notifier.h, qemu/notify.h, qemu/processor.h, qemu/qsp.h, qemu/queue.h, qemu/thread-posix.h, qemu/thread.h, qemu/timer.h, and a few more. Include qemu/main-loop.h only where it's needed. Touching it now recompiles only some 1700 objects. For block/aio.h and qemu/event_notifier.h, these numbers drop from 5600 to 2800. For the others, they shrink only slightly. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190812052359.30071-21-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
show more ...
|
Revision tags: v4.0.0, v4.0.0-rc1, v4.0.0-rc0 |
|
#
6d809e7d |
| 23-Jan-2019 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/xtensa/tags/20190122-xtensa' into staging target/xtensa: zero overhead loops rework/helpers split - change xtensa zero overhead loops implement
Merge remote-tracking branch 'remotes/xtensa/tags/20190122-xtensa' into staging target/xtensa: zero overhead loops rework/helpers split - change xtensa zero overhead loops implementation to avoid invalidation of TBs corresponding to previous loop body when a new loop is encountered; - extract helper function groups from op_helper.c and move them into separate source files: exc_helper.c (exception helpers), win_helper.c (windowed registers helpers), fpu_helper.c (floating point helpers), mmu_helper.c (memory management helpers) and dbg_helper.c (native debug helpers). # gpg: Signature made Tue 22 Jan 2019 18:44:17 GMT # gpg: using RSA key 51F9CC91F83FA044 # gpg: Good signature from "Max Filippov <filippov@cadence.com>" # gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20190122-xtensa: target/xtensa: move non-HELPER functions to helper.c target/xtensa: drop dump_state helper target/xtensa: extract interrupt and exception helpers target/xtensa: extract debug helpers target/xtensa: extract MMU helpers target/xtensa: extract windowed registers helpers target/xtensa: extract FPU helpers target/xtensa: rework zero overhead loops implementation Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
b019f5e5 |
| 16-Dec-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-misc-20181214' into staging miscellaneous patches: * checkpatch.pl: Enforce multiline comment syntax * Rename cpu_physical_
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-misc-20181214' into staging miscellaneous patches: * checkpatch.pl: Enforce multiline comment syntax * Rename cpu_physical_memory_write_rom() to address_space_write_rom() * disas, monitor, elf_ops: Use address_space_read() to read memory * Remove load_image() in favour of load_image_size() * Fix some minor memory leaks in arm boards/devices * virt: fix broken indentation # gpg: Signature made Fri 14 Dec 2018 14:41:20 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-misc-20181214: (22 commits) virt: Fix broken indentation target/arm: Create timers in realize, not init tests/test-arm-mptimer: Don't leak string memory hw/sd/sdhci: Don't leak memory region in sdhci_sysbus_realize() hw/arm/mps2-tz.c: Free mscname string in make_dma() target/arm: Free name string in ARMCPRegInfo hashtable entries include/hw/loader.h: Document load_image_size() hw/core/loader.c: Remove load_image() device_tree.c: Don't use load_image() hw/block/tc58128.c: Don't use load_image() hw/i386/multiboot.c: Don't use load_image() hw/i386/pc.c: Don't use load_image() hw/pci/pci.c: Don't use load_image() hw/smbios/smbios.c: Don't use load_image() hw/ppc/ppc405_boards: Don't use load_image() hw/ppc/mac_newworld, mac_oldworld: Don't use load_image() elf_ops.h: Use address_space_write() to write memory monitor: Use address_space_read() to read memory disas.c: Use address_space_read() to read memory Rename cpu_physical_memory_write_rom() to address_space_write_rom() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
58b1f0f2 |
| 16-Dec-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - qcow2: Decompression worker threads - dmg: lzfse compression support - fil
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - qcow2: Decompression worker threads - dmg: lzfse compression support - file-posix: Simplify delegation to worker thread - Don't pass flags to bdrv_reopen_queue() - iotests: make 235 work on s390 (and others) # gpg: Signature made Fri 14 Dec 2018 10:55:09 GMT # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (42 commits) block/mirror: add missing coroutine_fn annotations iotests: make 235 work on s390 (and others) block: Assert that flags are up-to-date in bdrv_reopen_prepare() block: Remove assertions from update_flags_from_options() block: Stop passing flags to bdrv_reopen_queue_child() block: Remove flags parameter from bdrv_reopen_queue() block: Clean up reopen_backing_file() in block/replication.c qemu-io: Put flag changes in the options QDict in reopen_f() block: Drop bdrv_reopen() block: Use bdrv_reopen_set_read_only() in the mirror driver block: Use bdrv_reopen_set_read_only() in external_snapshot_commit() block: Use bdrv_reopen_set_read_only() in qmp_change_backing_file() block: Use bdrv_reopen_set_read_only() in stream_start/complete() block: Use bdrv_reopen_set_read_only() in bdrv_commit() block: Use bdrv_reopen_set_read_only() in commit_start/complete() block: Use bdrv_reopen_set_read_only() in bdrv_backing_update_filename() block: Add bdrv_reopen_set_read_only() file-posix: Avoid aio_worker() for QEMU_AIO_IOCTL file-posix: Switch to .bdrv_co_ioctl file-posix: Remove paio_submit_co() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
3866e6be |
| 16-Dec-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20181214-pull-request' into staging usb: fixes for mtp, ehci, usb-host and pvusb (xen). # gpg: Signature made Fri 14 Dec 2018 1
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20181214-pull-request' into staging usb: fixes for mtp, ehci, usb-host and pvusb (xen). # gpg: Signature made Fri 14 Dec 2018 10:38:33 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20181214-pull-request: usb-mtp: Limit filename to object information size usb-mtp: use O_NOFOLLOW and O_CLOEXEC. ehci: fix fetch qtd race usb-host: reset and close libusb_device_handle before qemu exit pvusb: set max grants only in initialise Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
81781be3 |
| 15-Dec-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2018-12-13-v2' into staging QAPI patches for 2018-12-13 # gpg: Signature made Fri 14 Dec 2018 05:53:51 GMT # gpg:
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2018-12-13-v2' into staging QAPI patches for 2018-12-13 # gpg: Signature made Fri 14 Dec 2018 05:53:51 GMT # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2018-12-13-v2: (32 commits) qapi: add conditions to REPLICATION type/commands on the schema qapi: add more conditions to SPICE qapi: add condition to variants documentation qapi: add 'If:' condition to struct members documentation qapi: add 'If:' condition to enum values documentation qapi: Add #if conditions to generated code members qapi: add 'if' to alternate members qapi: add 'if' to union members qapi: Add 'if' to implicit struct members qapi: add a dictionary form for TYPE qapi-events: add 'if' condition to implicit event enum qapi: add 'if' to enum members qapi: add a dictionary form with 'name' key for enum members qapi: improve reporting of unknown or missing keys qapi: factor out checking for keys tests: print enum type members more like object type members qapi: change enum visitor and gen_enum* to take QAPISchemaMember qapi: Do not define enumeration value explicitly qapi: break long lines at 'data' member qapi: rename QAPISchemaEnumType.values to .members ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
d058a37a |
| 14-Dec-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging Most notable change in this PR is the full removal of the "handle" fsdev backend. # gpg: Signature ma
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging Most notable change in this PR is the full removal of the "handle" fsdev backend. # gpg: Signature made Wed 12 Dec 2018 13:20:42 GMT # gpg: using RSA key 71D4D5E5822F73D6 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" # gpg: aka "[jpeg image of size 3330]" # Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6 * remotes/gkurz/tags/for-upstream: 9p: remove support for the "handle" backend xen/9pfs: use g_new(T, n) instead of g_malloc(sizeof(T) * n) 9p: use g_new(T, n) instead of g_malloc(sizeof(T) * n) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
1923923b |
| 12-Dec-2018 |
Greg Kurz <groug@kaod.org> |
9p: use g_new(T, n) instead of g_malloc(sizeof(T) * n) Because it is a recommended coding practice (see HACKING). Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Anthony
9p: use g_new(T, n) instead of g_malloc(sizeof(T) * n) Because it is a recommended coding practice (see HACKING). Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
show more ...
|
Revision tags: v3.1.0, v3.1.0-rc5, v3.1.0-rc4, v3.1.0-rc3 |
|
#
4822f1ee |
| 27-Nov-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging various bugfixes for 3.1: fmops, ps2, cirrus, hda, usb-host, qapi # gpg: Signature mad
Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging various bugfixes for 3.1: fmops, ps2, cirrus, hda, usb-host, qapi # gpg: Signature made Tue 27 Nov 2018 06:49:13 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/fixes-31-20181127-pull-request: qapi: add query-display-options command usb-host: set ifs.detached as true if kernel driver is not active audio/hda: fix guest triggerable assert cirrus_vga/migration: update the bank offset before use ps2kbd: default to scan enabled after reset fmops: fix off-by-one in AR_TABLE and DR_TABLE array size Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
72138f9b |
| 26-Nov-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging Fixes a QEMU crash triggerable by guest userspace (CVE-2018-19489). # gpg: Signature made Mon 26 Nov 2018
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging Fixes a QEMU crash triggerable by guest userspace (CVE-2018-19489). # gpg: Signature made Mon 26 Nov 2018 07:25:01 GMT # gpg: using RSA key 71D4D5E5822F73D6 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" # gpg: aka "[jpeg image of size 3330]" # Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6 * remotes/gkurz/tags/for-upstream: 9p: fix QEMU crash when renaming files Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
1d203986 |
| 23-Nov-2018 |
Greg Kurz <groug@kaod.org> |
9p: fix QEMU crash when renaming files When using the 9P2000.u version of the protocol, the following shell command line in the guest can cause QEMU to crash: while true; do
9p: fix QEMU crash when renaming files When using the 9P2000.u version of the protocol, the following shell command line in the guest can cause QEMU to crash: while true; do rm -rf aa; mkdir -p a/b & touch a/b/c & mv a aa; done With 9P2000.u, file renaming is handled by the WSTAT command. The v9fs_wstat() function calls v9fs_complete_rename(), which calls v9fs_fix_path() for every fid whose path is affected by the change. The involved calls to v9fs_path_copy() may race with any other access to the fid path performed by some worker thread, causing a crash like shown below: Thread 12 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555a25da2 in local_open_nofollow (fs_ctx=0x555557d958b8, path=0x0, flags=65536, mode=0) at hw/9pfs/9p-local.c:59 59 while (*path && fd != -1) { (gdb) bt #0 0x0000555555a25da2 in local_open_nofollow (fs_ctx=0x555557d958b8, path=0x0, flags=65536, mode=0) at hw/9pfs/9p-local.c:59 #1 0x0000555555a25e0c in local_opendir_nofollow (fs_ctx=0x555557d958b8, path=0x0) at hw/9pfs/9p-local.c:92 #2 0x0000555555a261b8 in local_lstat (fs_ctx=0x555557d958b8, fs_path=0x555556b56858, stbuf=0x7fff84830ef0) at hw/9pfs/9p-local.c:185 #3 0x0000555555a2b367 in v9fs_co_lstat (pdu=0x555557d97498, path=0x555556b56858, stbuf=0x7fff84830ef0) at hw/9pfs/cofile.c:53 #4 0x0000555555a1e9e2 in v9fs_stat (opaque=0x555557d97498) at hw/9pfs/9p.c:1083 #5 0x0000555555e060a2 in coroutine_trampoline (i0=-669165424, i1=32767) at util/coroutine-ucontext.c:116 #6 0x00007fffef4f5600 in __start_context () at /lib64/libc.so.6 #7 0x0000000000000000 in () (gdb) The fix is to take the path write lock when calling v9fs_complete_rename(), like in v9fs_rename(). Impact: DoS triggered by unprivileged guest users. Fixes: CVE-2018-19489 Cc: P J P <ppandit@redhat.com> Reported-by: zhibin hu <noirfate@gmail.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
Revision tags: v3.1.0-rc2 |
|
#
5b3c77aa |
| 20-Nov-2018 |
Greg Kurz <groug@kaod.org> |
9p: take write lock on fid path updates (CVE-2018-19364) Recent commit 5b76ef50f62079a fixed a race where v9fs_co_open2() could possibly overwrite a fid path with v9fs_path_copy() while
9p: take write lock on fid path updates (CVE-2018-19364) Recent commit 5b76ef50f62079a fixed a race where v9fs_co_open2() could possibly overwrite a fid path with v9fs_path_copy() while it is being accessed by some other thread, ie, use-after-free that can be detected by ASAN with a custom 9p client. It turns out that the same can happen at several locations where v9fs_path_copy() is used to set the fid path. The fix is again to take the write lock. Fixes CVE-2018-19364. Cc: P J P <ppandit@redhat.com> Reported-by: zhibin hu <noirfate@gmail.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
Revision tags: v3.1.0-rc1, v3.1.0-rc0, libfdt-20181002, ppc-for-3.1-20180925, ppc-for-3.1-20180907, ppc-for-3.1-20180821, v3.0.0, v3.0.0-rc4, v2.12.1, ppc-for-3.0-20180801, v3.0.0-rc3, v3.0.0-rc2, v3.0.0-rc1, ppc-for-3.0-20180716, v3.0.0-rc0, ppc-for-3.0-20180709, ppc-for-3.0-20180703, v2.11.2, ppc-for-3.0-20180622, ppc-for-3.0-20180618, ppc-for-3.0-20180612 |
|
#
bac5ba3d |
| 08-Jun-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging slirp updates Prasad J Pandit (2): slirp: Fix buffer overflow on packet reassembling
Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging slirp updates Prasad J Pandit (2): slirp: Fix buffer overflow on packet reassembling Samuel Thibault (3): slirp: Add Samuel Thibault's staging tree for slirp slirp: fix domainname version availability # gpg: Signature made Fri 08 Jun 2018 07:12:24 BST # gpg: using RSA key 996849C1CF560478 # gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>" # gpg: aka "Samuel Thibault <sthibault@debian.org>" # gpg: aka "Samuel Thibault <samuel.thibault@gnu.org>" # gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>" # gpg: aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6 # Subkey fingerprint: 3A3A 5D46 4660 E867 610C A427 9968 49C1 CF56 0478 * remotes/thibault/tags/samuel-thibault: slirp: reformat m_inc routine slirp: correct size computation while concatenating mbuf slirp: fix domainname version availability slirp: Add Samuel Thibault's staging tree for slirp slirp: Fix spurious error report when sending directly Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
a674da0a |
| 07-Jun-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging Mostly bug fixes and code sanitization motivated by the upcoming support for Darwin hosts. Thanks to Keno Fisc
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging Mostly bug fixes and code sanitization motivated by the upcoming support for Darwin hosts. Thanks to Keno Fischer. # gpg: Signature made Thu 07 Jun 2018 11:30:56 BST # gpg: using RSA key 71D4D5E5822F73D6 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" # gpg: aka "[jpeg image of size 3330]" # Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6 * remotes/gkurz/tags/for-upstream: 9p: xattr: Properly translate xattrcreate flags 9p: Properly check/translate flags in unlinkat 9p: local: Avoid warning if FS_IOC_GETVERSION is not defined 9p: xattr: Fix crashes due to free of uninitialized value 9p: Move a couple xattr functions to 9p-util 9p: local: Properly set errp in fstatfs error path 9p: proxy: Fix size passed to `connect` Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
aca6897f |
| 07-Jun-2018 |
Keno Fischer <keno@juliacomputing.com> |
9p: xattr: Properly translate xattrcreate flags As with unlinkat, these flags come from the client and need to be translated to their host values. The protocol values happen to match
9p: xattr: Properly translate xattrcreate flags As with unlinkat, these flags come from the client and need to be translated to their host values. The protocol values happen to match linux, but that need not be true in general. Signed-off-by: Keno Fischer <keno@juliacomputing.com> Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
#
67e87345 |
| 07-Jun-2018 |
Keno Fischer <keno@juliacomputing.com> |
9p: Properly check/translate flags in unlinkat The 9p-local code previously relied on P9_DOTL_AT_REMOVEDIR and AT_REMOVEDIR having the same numerical value and deferred any errorchecking
9p: Properly check/translate flags in unlinkat The 9p-local code previously relied on P9_DOTL_AT_REMOVEDIR and AT_REMOVEDIR having the same numerical value and deferred any errorchecking to the syscall itself. However, while the former assumption is true on Linux, it is not true in general. 9p-handle did this properly however. Move the translation code to the generic 9p server code and add an error if unrecognized flags are passed. Signed-off-by: Keno Fischer <keno@juliacomputing.com> Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
#
a647502c |
| 07-Jun-2018 |
Keno Fischer <keno@juliacomputing.com> |
9p: xattr: Fix crashes due to free of uninitialized value If the size returned from llistxattr/lgetxattr is 0, we skipped the malloc call, leaving xattr.value uninitialized. However, thi
9p: xattr: Fix crashes due to free of uninitialized value If the size returned from llistxattr/lgetxattr is 0, we skipped the malloc call, leaving xattr.value uninitialized. However, this value is later passed to `g_free` without any further checks, causing an error. Fix that by always calling g_malloc unconditionally. If `size` is 0, it will return NULL, which is safe to pass to g_free. Signed-off-by: Keno Fischer <keno@juliacomputing.com> Signed-off-by: Greg Kurz <groug@kaod.org>
show more ...
|
#
c8b7e627 |
| 04-May-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-05-04' into staging nbd patches for 2018-05-04 - Vladimir Sementsov-Ogievskiy: 0/2 fix coverity bugs - Eric Blake:
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-05-04' into staging nbd patches for 2018-05-04 - Vladimir Sementsov-Ogievskiy: 0/2 fix coverity bugs - Eric Blake: nbd/client: Fix error messages during NBD_INFO_BLOCK_SIZE - Eric Blake: nbd/client: Relax handling of large NBD_CMD_BLOCK_STATUS reply # gpg: Signature made Fri 04 May 2018 14:25:55 BST # gpg: using RSA key A7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" # gpg: aka "[jpeg image of size 6874]" # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2018-05-04: nbd/client: Relax handling of large NBD_CMD_BLOCK_STATUS reply nbd/client: Fix error messages during NBD_INFO_BLOCK_SIZE migration/block-dirty-bitmap: fix memory leak in dirty_bitmap_load_bits nbd/client: fix nbd_negotiate_simple_meta_context Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
46e04dac |
| 04-May-2018 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180504' into staging First s390x pull request for 2.13. - new machine type - extend SCLP event masks - support configura
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180504' into staging First s390x pull request for 2.13. - new machine type - extend SCLP event masks - support configuration of consoles via -serial - firmware improvements: non-sequential entries in boot menu, support for indirect loading via .INS files in s390-netboot - bugfixes and cleanups # gpg: Signature made Fri 04 May 2018 08:19:57 BST # gpg: using RSA key DECF6B93C6F02FAF # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" # gpg: aka "Cornelia Huck <cohuck@kernel.org>" # gpg: aka "Cornelia Huck <cohuck@redhat.com>" # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20180504: pc-bios/s390: Update firmware images s390-ccw: force diag 308 subcode to unsigned long pc-bios/s390-ccw/net: Add support for .INS config files pc-bios/s390-ccw/net: Use diag308 to reset machine before jumping to the OS pc-bios/s390-ccw/net: Split up net_load() into init, load and release parts pc-bios/s390-ccw: fix non-sequential boot entries (enum) pc-bios/s390-ccw: fix non-sequential boot entries (eckd) pc-bios/s390-ccw: fix loadparm initialization and int conversion pc-bios/s390-ccw: rename MAX_TABLE_ENTRIES to MAX_BOOT_ENTRIES pc-bios/s390-ccw: size_t should be unsigned hw/s390x: Allow to configure the consoles with the "-serial" parameter s390x/kvm: cleanup calls to cpu_synchronize_state() vfio-ccw: introduce vfio_ccw_get_device() s390x/sclp: extend SCLP event masks to 64 bits s390x: introduce 2.13 compat machine Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|