[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f408f4: qtest: fix infinite loop when QEMU ab
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] f408f4: qtest: fix infinite loop when QEMU aborts abruptly |
|
Date: |
Fri, 07 Sep 2012 17:00:18 -0700 |
Branch: refs/heads/stable-1.1
Home: https://github.com/qemu/qemu
Commit: f408f49165111b95a7186e2b1e01ee577c643855
https://github.com/qemu/qemu/commit/f408f49165111b95a7186e2b1e01ee577c643855
Author: Anthony Liguori <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M tests/libqtest.c
Log Message:
-----------
qtest: fix infinite loop when QEMU aborts abruptly
>From Markus:
Makes "make check" hang:
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 gtester -k --verbose
-m=quick tests/crash-test tests/rtc-test
TEST: tests/crash-test... (pid=972)
qemu-system-x86_64: Device needs media, but drive is empty
[Nothing happens, wait a while, then hit ^C]
make: *** [check-qtest-x86_64] Interrupt
This was due to the fact that we weren't checked for errors when
reading from the QMP socket. This patch adds appropriate error
checking.
Reported-by: Markus Armbruster <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 039380a8e18f618cdacf72486449c04dc1b70eef)
Signed-off-by: Michael Roth <address@hidden>
Commit: 7940c766d470ddb184f6d678d080006d2b668172
https://github.com/qemu/qemu/commit/7940c766d470ddb184f6d678d080006d2b668172
Author: Peter Maydell <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M configure
Log Message:
-----------
configure: Don't override user's --cpu on MacOS and Solaris
Both MacOS and Solaris have special case handling for the CPU
type, because the check_define probes will return i386 even if
the hardware is 64 bit and x86_64 would be preferable. Move
these checks earlier in the configure probing so that we can
do them only if the user didn't specify a CPU with --cpu. This
fixes a bug where the user's command line argument was being
ignored.
Reviewed-by: Andreas F=E4rber <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit bbea4050802a2e7e0296a21823c0925782c02b93)
Signed-off-by: Michael Roth <address@hidden>
Commit: 08e642c00e979b10e3fb293272dc3057ab9f220b
https://github.com/qemu/qemu/commit/08e642c00e979b10e3fb293272dc3057ab9f220b
Author: David Gibson <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M target-ppc/kvm.c
Log Message:
-----------
ppc: Fix bug in handling of PAPR hypercall exits
Currently for powerpc, kvm_arch_handle_exit() always returns 1, meaning
that its caller - kvm_cpu_exec() - will always exit immediately afterwards
to the loop in qemu_kvm_cpu_thread_fn().
There's no need to do this. Once we've handled the hypercall there's no
reason we can't go straight around and KVM_RUN again, which is what ret = 0
will signal. The only exception might be for hypercalls which affect the
state of cpu_can_run(), however the only one that might do this is H_CEDE
and for kvm that is always handled in the kernel, not qemu.
Furtherm setting ret = 0 means that when exit_requested is set from a
hypercall, we will enter KVM_RUN once more with a signal which lets the
the kernel do its internal logic to complete the hypercall with out
actually executing any more guest code. This is important if our hypercall
also triggered a reset, which previously would re-initialize everything
without completing the hypercall. This caused the kernel to get confused
because it thought the guest was still in the middle of a hypercall when
it has actually been reset.
This patch therefore changes to ret = 0, which is both a bugfix and a small
optimization.
Signed-off-by: David Gibson <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
(cherry picked from commit 78e8fde26c032931ca2ae13bfc7c59e38afd17ee)
Signed-off-by: Michael Roth <address@hidden>
Commit: 97ac3b1af57a4cdbf04ad55c308dff72bc9f1a61
https://github.com/qemu/qemu/commit/97ac3b1af57a4cdbf04ad55c308dff72bc9f1a61
Author: Christian Borntraeger <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M target-s390x/kvm.c
M target-s390x/op_helper.c
Log Message:
-----------
s390: Fix error handling and condition code of service call
Invalid sccb addresses will cause specification or addressing exception.
Lets add those checks. Furthermore, the good case (cc=0) was incorrect
for KVM, we did not set the CC at all. We now use return codes < 0
as program checks and return codes > 0 as condition code values.
Signed-off-by: Christian Borntraeger <address@hidden>
Signed-off-by: Alexander Graf <address@hidden>
(cherry picked from commit 9abf567d95a4e840df868ca993219175fbef8c22)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5a1800cf1cc7869d29e6bd299dddbab7a3acbb2b
https://github.com/qemu/qemu/commit/5a1800cf1cc7869d29e6bd299dddbab7a3acbb2b
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/apic_common.c
Log Message:
-----------
kvmvapic: Disable if there is insufficient memory
We need at least 1M of RAM to map the option ROM. Otherwise, we will
corrupt host memory or even crash:
$ qemu-system-x86_64 -nodefaults --enable-kvm -vnc :0 -m 640k
Segmentation fault (core dumped)
Reported-and-tested-by: Markus Armbruster <address@hidden>
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Marcelo Tosatti <address@hidden>
(cherry picked from commit a9605e0317c7a6d5e68f3a3b6708c8ef1096f4bc)
Signed-off-by: Michael Roth <address@hidden>
Commit: 36ed337845a00240c370bbea782f953a8110d0c0
https://github.com/qemu/qemu/commit/36ed337845a00240c370bbea782f953a8110d0c0
Author: Anthony Liguori <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/qdev.c
Log Message:
-----------
qdev: fix use-after-free in the error path of qdev_init_nofail
>From Markus:
Before:
$ qemu-system-x86_64 -display none -drive if=ide
qemu-system-x86_64: Device needs media, but drive is empty
qemu-system-x86_64: Initialization of device ide-hd failed
[Exit 1 ]
After:
$ qemu-system-x86_64 -display none -drive if=ide
qemu-system-x86_64: Device needs media, but drive is empty
Segmentation fault (core dumped)
[Exit 139 (SIGSEGV)]
This error always existed as qdev_init() frees the object. But QOM
goes a bit further and purposefully sets the class pointer to NULL to
help find use-after-free. It worked :-)
Cc: Andreas Faerber <address@hidden>
Reported-by: Markus Armbruster <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 7de3abe505e34398cef5bddf6c4d0bd9ee47007f)
Signed-off-by: Michael Roth <address@hidden>
Commit: 3b38972743856fbfcee88fc15eb0753977103313
https://github.com/qemu/qemu/commit/3b38972743856fbfcee88fc15eb0753977103313
Author: Avi Kivity <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/virtio-blk.c
Log Message:
-----------
virtio-blk: fix use-after-free while handling scsi commands
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <address@hidden>
Signed-off-by: Avi Kivity <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 730a9c53b4e52681fcfe31cf38854cbf91e132c7)
Signed-off-by: Michael Roth <address@hidden>
Commit: 34b41ed15dd050097def7aebde9b39a12bd4cc43
https://github.com/qemu/qemu/commit/34b41ed15dd050097def7aebde9b39a12bd4cc43
Author: Gerd Hoffmann <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/usb/hcd-ehci.c
Log Message:
-----------
ehci: fix reset
Check for the reset bit first when processing USBCMD register writes.
Also break out of the switch, there is no need to check the other bits.
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 7046530c36fa3a3f87692bdb54556f5d891a9c03)
Signed-off-by: Michael Roth <address@hidden>
Commit: b10daa61f9a600997b59b36b34c6e2341a6e7616
https://github.com/qemu/qemu/commit/b10daa61f9a600997b59b36b34c6e2341a6e7616
Author: Gerd Hoffmann <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/usb/hcd-ehci.c
Log Message:
-----------
ehci: don't flush cache on doorbell rings.
Commit 4be23939ab0d7019c7e59a37485b416fbbf0f073 makes ehci instantly
zap any unlinked queue heads when the guest rings the doorbell.
While hacking up uas support this turned out to be a problem. The linux
kernel can unlink and instantly relink the very same queue head, thereby
killing any async packets in flight. That alone isn't an issue yet, the
packet will canceled and resubmitted and everything is fine. We'll run
into trouble though in case the async packet is completed already, so we
can't cancel it any more. The transaction is simply lost then.
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds
00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds
00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f0c2 qtds
29dbce40,29dbc4e0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: alloc
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state undef
-> setup
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: process
usb_uas_command dev 2, tag 0x2, lun 0, lun64 00000000-00000000
scsi_req_parsed target 0 lun 0 tag 2 command 42 dir 2 length 16384
scsi_req_parsed_lba target 0 lun 0 tag 2 command 42 lba 5933312
scsi_req_alloc target 0 lun 0 tag 2
scsi_req_continue target 0 lun 0 tag 2
scsi_req_data target 0 lun 0 tag 2 len 16384
usb_uas_scsi_data dev 2, tag 0x2, bytes 16384
usb_uas_write_ready dev 2, tag 0x2
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state setup
-> complete
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: free
usb_ehci_qh_ptrs q 0x7f95fdec3210 - QH @ 39c4f0c0: next 39c4f002 qtds
29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_queue_action q 0x7f95fe5152a0: free
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state async
-> complete
^^^ async packets completes.
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: wakeup
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds
00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds
00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds
29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_queue_action q 0x7f95fdec3210: free
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: free
^^^ endpoint #2 queue head removed from schedule, doorbell makes ehci zap the
queue,
the (completed) usb packet is freed too and gets lost.
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f0c2 qtds
00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f0c2 qtds
00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_queue_action q 0x7f9600dff570: alloc
usb_ehci_qh_ptrs q 0x7f9600dff570 - QH @ 39c4f0c0: next 39c4f122 qtds
29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: alloc
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state undef
-> setup
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: process
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state setup
-> async
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: async
^^^ linux kernel relinked the queue head, ehci creates a new usb packet,
but we should have delivered the completed one instead.
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds
29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
So instead of instantly zapping the queue we'll set a flag that the
queue needs revalidation in case we'll see it again in the schedule.
ehci then checks that the queue head fields addressing / describing the
endpoint and the qtd pointer match the cached content before reusing it.
Cc: Hans de Goede <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 9bc3a3a216e2689bfcdd36c3e079333bbdbf3ba0)
Conflicts:
hw/usb/hcd-ehci.c
Signed-off-by: Michael Roth <address@hidden>
Commit: f49853a4bd5113cdb847579b8fb171a06d68af10
https://github.com/qemu/qemu/commit/f49853a4bd5113cdb847579b8fb171a06d68af10
Author: Gerd Hoffmann <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/usb/hcd-uhci.c
Log Message:
-----------
uhci: fix uhci_async_cancel_all
We update the QTAILQ in the loop, thus we must use the SAFE version
to make sure we don't touch the queue struct after freeing it.
https://bugzilla.novell.com/show_bug.cgi?id=766310
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 77fa9aee38758a078870e25f0dcf642066b4d5cc)
Signed-off-by: Michael Roth <address@hidden>
Commit: a1a17b1d5a7fe618e42a94fc171712aeb31561ec
https://github.com/qemu/qemu/commit/a1a17b1d5a7fe618e42a94fc171712aeb31561ec
Author: Gerd Hoffmann <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/usb/bus.c
Log Message:
-----------
usb: restore USBDevice->attached on vmload
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 495d544798151206bafca65ec588c0388637eb40)
Signed-off-by: Michael Roth <address@hidden>
Commit: b00201d402e9927427a4494510c9d0a4b2f620c7
https://github.com/qemu/qemu/commit/b00201d402e9927427a4494510c9d0a4b2f620c7
Author: Hans de Goede <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/usb/redirect.c
Log Message:
-----------
usb-redir: Correctly handle the usb_redir_babble usbredir status
Signed-off-by: Hans de Goede <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit adae502c0ae4572ef08f71cb5b5ed5a8e90299fe)
Signed-off-by: Michael Roth <address@hidden>
Commit: dbeb6c22d7a6d17f14fec38725bca63218ab7f22
https://github.com/qemu/qemu/commit/dbeb6c22d7a6d17f14fec38725bca63218ab7f22
Author: Hans de Goede <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/usb/hcd-ehci.c
Log Message:
-----------
usb-ehci: Fix an assert whenever isoc transfers are used
hcd-ehci.c is missing an usb_packet_init() call for the ipacket UsbPacket
it uses for isoc transfers, triggering an assert (taking the entire vm down)
in usb_packet_setup as soon as any isoc transfers are done by a high speed
USB device.
Signed-off-by: Hans de Goede <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 7341ea075c09258b98a1d0efc60efd402cbfc9b4)
Signed-off-by: Michael Roth <address@hidden>
Commit: 8a869baa08b3b3fd7a122957983f3d7754728112
https://github.com/qemu/qemu/commit/8a869baa08b3b3fd7a122957983f3d7754728112
Author: Michael Roth <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M qlist.c
M qlist.h
Log Message:
-----------
qlist: add qlist_size()
Signed-off-by: Michael Roth <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit a86a4c2f7b7f0b72816ea1c219d8140699b6665b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9c7e3b98aac6c43c3cf4d261696f58b13f84afe7
https://github.com/qemu/qemu/commit/9c7e3b98aac6c43c3cf4d261696f58b13f84afe7
Author: Michael Roth <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M json-parser.c
Log Message:
-----------
json-parser: don't replicate tokens at each level of recursion
Currently, when parsing a stream of tokens we make a copy of the token
list at the beginning of each level of recursion so that we do not
modify the original list in cases where we need to fall back to an
earlier state.
In the worst case, we will only read 1 or 2 tokens off the list before
recursing again, which means an upper bound of roughly N^2 token allocations.
For a "reasonably" sized QMP request (in this a QMP representation of
cirrus_vga's device state, generated via QIDL, being passed in via
qom-set), this caused my 16GB's of memory to be exhausted before any
noticeable progress was made by the parser.
This patch works around the issue by using single copy of the token list
in the form of an indexable array so that we can save/restore state by
manipulating indices.
A subsequent commit adds a "large_dict" test case which exhibits the
same behavior as above. With this patch applied the test case successfully
completes in under a second.
Tested with valgrind, make check, and QMP.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 65c0f1e9558c7c762cdb333406243fff1d687117)
Signed-off-by: Michael Roth <address@hidden>
Commit: b83883e2dbbbeb4b4f5c2fc83c5eec8e2d5a6c5d
https://github.com/qemu/qemu/commit/b83883e2dbbbeb4b4f5c2fc83c5eec8e2d5a6c5d
Author: Michael Roth <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M tests/check-qjson.c
Log Message:
-----------
check-qjson: add test for large JSON objects
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 7109edfeb69c1d3c2164175837784dfcd210fed0)
Signed-off-by: Michael Roth <address@hidden>
Commit: 55e64b6dddfd71953f4eb7ad6d0bcfc8d92500e5
https://github.com/qemu/qemu/commit/55e64b6dddfd71953f4eb7ad6d0bcfc8d92500e5
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M net/slirp.c
Log Message:
-----------
slirp: Enforce host-side user of smb share
Windows 7 (and possibly other versions) cannot connect to the samba
share if the exported host directory is not world-readable. This can be
resolved by forcing the username used for access checks to the one
under which QEMU and smbd are running.
Signed-off-by: Jan Kiszka <address@hidden>
(cherry picked from commit 1cb1c5d10bb9e180bd3f7be2c10b212ed86a97b4)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1a933e48016db893c799775a897b2af88a879683
https://github.com/qemu/qemu/commit/1a933e48016db893c799775a897b2af88a879683
Author: Dunrong Huang <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M net/slirp.c
Log Message:
-----------
slirp: Ensure smbd and shared directory exist when enable smb
Users may pass the following parameters to qemu:
$ qemu-kvm -net nic -net user,smb= ...
$ qemu-kvm -net nic -net user,smb ...
$ qemu-kvm -net nic -net user,smb=bad_directory ...
In these cases, qemu started successfully while samba server
failed to start. Users will confuse since samba server
failed silently without any indication of what it did wrong.
To avoid it, we check whether the shared directory exist and
if users have permission to access this directory when QEMU's
"built-in" SMB server is enabled.
Signed-off-by: Dunrong Huang <address@hidden>
Signed-off-by: Jan Kiszka <address@hidden>
(cherry picked from commit 927d811b282ffdf5386bd63f435c1507634ba49a)
Signed-off-by: Michael Roth <address@hidden>
Commit: 44a42fd2b69b1bc9cdb54d0cbfcdfd6b3bbf0c31
https://github.com/qemu/qemu/commit/44a42fd2b69b1bc9cdb54d0cbfcdfd6b3bbf0c31
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M net/slirp.c
Log Message:
-----------
slirp: Improve error reporting of inaccessible smb directories
Instead of guessing, print the error code returned by access.
Signed-off-by: Jan Kiszka <address@hidden>
(cherry picked from commit 22a61f365df83d5d7884cceb1c462295977cb2db)
Signed-off-by: Michael Roth <address@hidden>
Commit: c337db8cc9f4725c0654134de42b97f7847186a4
https://github.com/qemu/qemu/commit/c337db8cc9f4725c0654134de42b97f7847186a4
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/apic.c
Log Message:
-----------
apic: Resolve potential endless loop around apic_update_irq
Commit d96e173769 refactored the reinjection of pending PIC interrupts.
However, it missed the potential loop of apic_update_irq ->
apic_deliver_pic_intr -> apic_local_deliver -> apic_set_irq ->
apic_update_irq that /could/ occur if LINT0 is injected as APIC_DM_FIXED
and that vector is currently blocked via TPR.
Resolve this by reinjecting only where it matters: inside
apic_get_interrupt. This function may clear a vector while a
PIC-originated reason still exists.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Avi Kivity <address@hidden>
(cherry picked from commit 3db3659bf60094657e1465cc809acb09551816ee)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2a93a8940093560686fdcda24776ff265d6bcba7
https://github.com/qemu/qemu/commit/2a93a8940093560686fdcda24776ff265d6bcba7
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/apic.c
Log Message:
-----------
apic: Reevaluate pending interrupts on LVT_LINT0 changes
When the guest modifies the LVT_LINT0 register, we need to check if some
pending PIC interrupt can now be delivered.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Avi Kivity <address@hidden>
(cherry picked from commit a94820ddc36f8c452b37f9dcb323f55ffdbc75f9)
Signed-off-by: Michael Roth <address@hidden>
Commit: a47343957489b9fafdb438351e8fa9d58d7fd30b
https://github.com/qemu/qemu/commit/a47343957489b9fafdb438351e8fa9d58d7fd30b
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M cpu-exec.c
M hw/apic.c
M hw/apic.h
M hw/apic_internal.h
M target-i386/cpu.h
M target-i386/kvm.c
Log Message:
-----------
apic: Defer interrupt updates to VCPU thread
KVM performs TPR raising asynchronously to QEMU, specifically outside
QEMU's global lock. When an interrupt is injected into the APIC and TPR
is checked to decide if this can be delivered, a stale TPR value may be
used, causing spurious interrupts in the end.
Fix this by deferring apic_update_irq to the context of the target VCPU.
We introduce a new interrupt flag for this, CPU_INTERRUPT_POLL. When it
is set, the VCPU calls apic_poll_irq before checking for further pending
interrupts. To avoid special-casing KVM, we also implement this logic
for TCG mode.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Avi Kivity <address@hidden>
(cherry picked from commit 5d62c43a17edaa7f6a88821c9086e6c8e0e5327d)
Signed-off-by: Michael Roth <address@hidden>
Commit: c094d3d8181f3193e402b49361327040c5725d79
https://github.com/qemu/qemu/commit/c094d3d8181f3193e402b49361327040c5725d79
Author: Jason Baron <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M dma-helpers.c
M hw/ide/ahci.c
Log Message:
-----------
ahci: Fix sglist memleak in ahci_dma_rw_buf()
I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.
In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.
Signed-off-by: Jason Baron <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit ea8d82a1ed72634f089ed1bccccd9c84cc1ab855)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5ae1c7ca0a8e648219f7cea1f58bf57cf8d2cea2
https://github.com/qemu/qemu/commit/5ae1c7ca0a8e648219f7cea1f58bf57cf8d2cea2
Author: Jason Baron <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/ide/ahci.c
M hw/ide/internal.h
Log Message:
-----------
ahci: Fix ahci cdrom read corruptions for reads > 128k
While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:
[ 8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[ 8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a
I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:
dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct
The > 128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.
To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.
I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.
Signed-off-by: Jason Baron <address@hidden>
Tested-by: Andreas Färber <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 61f52e06f0a21bab782f98ef3ea789aa6d0aa046)
Conflicts:
hw/ide/ahci.c
Signed-off-by: Michael Roth <address@hidden>
Commit: 393d4c921464c2a791b6662b8b664feba9104cce
https://github.com/qemu/qemu/commit/393d4c921464c2a791b6662b8b664feba9104cce
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/kvm/i8254.c
Log Message:
-----------
kvm: i8254: Cache kernel clock offset in KVMPITState
To prepare the final fix for clock calibration issues with the in-kernel
PIT, we want to cache the offset between vmclock and the clock used by
the in-kernel PIT. So far, we only need to update it when the VM state
changes between running and stopped because we only read the in-kernel
PIT state while the VM is running.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Marcelo Tosatti <address@hidden>
(cherry picked from commit 205df4d1a87cbb14a50655fb2c0a987467fb29d6)
Signed-off-by: Michael Roth <address@hidden>
Commit: ffc7565c81b010683c3cab8efe9accd0eb90aa0d
https://github.com/qemu/qemu/commit/ffc7565c81b010683c3cab8efe9accd0eb90aa0d
Author: Jan Kiszka <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/kvm/i8254.c
Log Message:
-----------
kvm: i8254: Finish time conversion fix
0cdd3d1444 fixed reading back the counter load time from the kernel
while assuming the kernel would always update its load time on writing
the state. That is only true for channel 1, and so pit_get_channel_info
returned wrong output pin states for high counter values.
Fix this by applying the offset also on kvm_pit_put. Now we also need to
update the offset when we write the state while the VM is stopped as it
keeps on changing in that state.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Marcelo Tosatti <address@hidden>
(cherry picked from commit 050a46065de8e3d4ee5a04f5598d666f63d34800)
Signed-off-by: Michael Roth <address@hidden>
Commit: cfeb9958c8f4f99f08222a47fe42ea73acb41ecc
https://github.com/qemu/qemu/commit/cfeb9958c8f4f99f08222a47fe42ea73acb41ecc
Author: Markus Armbruster <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M hw/pc.c
Log Message:
-----------
pc: Fix RTC CMOS info on RAM for ram_size < 1MiB
pc_cmos_init() always claims 640KiB base memory, and ram_size - 1MiB
extended memory. The latter can underflow to "lots of extended
memory". Fix both, and clean up some.
Note: SeaBIOS currently requires 1MiB of RAM, and doesn't check
whether it got enough.
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Blue Swirl <address@hidden>
(cherry picked from commit e89001f72edde37fb36fa7c964daa1bbeb2eca26)
Signed-off-by: Michael Roth <address@hidden>
Commit: fd21cc14f57247339be0ebf3e0845e431aa5aedc
https://github.com/qemu/qemu/commit/fd21cc14f57247339be0ebf3e0845e431aa5aedc
Author: Markus Armbruster <address@hidden>
Date: 2012-08-21 (Tue, 21 Aug 2012)
Changed paths:
M vl.c
Log Message:
-----------
vl: Round argument of -m up to multiple of 8KiB
Partial pages make little sense and don't work. Ensure the RAM size
is a multiple of any possible target's page size.
Fixes
$ qemu-system-x86_64 -nodefaults -S -vnc :0 -m 0.8
qemu-system-x86_64: /work/armbru/qemu/exec.c:2255: register_subpage:
Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.
Signed-off-by: Markus Armbruster <address@hidden>
Signed-off-by: Blue Swirl <address@hidden>
(cherry picked from commit ff961015529437f4b83fca0a92069aebcf533c9c)
Signed-off-by: Michael Roth <address@hidden>
Commit: 07ab4fc1ef2e628209ecab97475ea45071b19ec8
https://github.com/qemu/qemu/commit/07ab4fc1ef2e628209ecab97475ea45071b19ec8
Author: Kevin Wolf <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M block/vmdk.c
Log Message:
-----------
vmdk: Fix header structure
Commit bb45ded9 swapped gd_offset and rgd_offset. This is wrong.
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 7a736bfa4e0a58087054cad68a1d4b3804bbb708)
Signed-off-by: Michael Roth <address@hidden>
Commit: d438650fa512f944ca4af1a08ab132712c50b684
https://github.com/qemu/qemu/commit/d438650fa512f944ca4af1a08ab132712c50b684
Author: Kevin Wolf <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M block/vmdk.c
Log Message:
-----------
vmdk: Read footer for streamOptimized images
The footer takes precedence over the header when it exists. It contains
the real grain directory offset that is missing in the header. Without
this patch, streamOptimized images with a footer cannot be read.
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Jeff Cody <address@hidden>
(cherry picked from commit 65bd155c7356d448ffee7f89149c4d473076b0ba)
Signed-off-by: Michael Roth <address@hidden>
Commit: f946f010f5f7d6b13bf6acabffebe093b1c9949c
https://github.com/qemu/qemu/commit/f946f010f5f7d6b13bf6acabffebe093b1c9949c
Author: Kevin Wolf <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M qemu-img.texi
Log Message:
-----------
Documentation: Warn against qemu-img on active image
People have repeatedly expected that you can do things like snapshotting
an image with qemu-img while a qemu instance is running. Maybe we need
to consider locking the files while they are in use, but having a
warning in the qemu-img manpage is doable for 1.2 and can't hurt anyway.
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 48467328c6dccc9c7be6628ed0ef0810f83be2a9)
Signed-off-by: Michael Roth <address@hidden>
Commit: a410be59b5f2727f254152020e0f59cf2c1c5b15
https://github.com/qemu/qemu/commit/a410be59b5f2727f254152020e0f59cf2c1c5b15
Author: Paolo Bonzini <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M block/iscsi.c
Log Message:
-----------
iscsi: move iscsi_schedule_bh and iscsi_readv_writev_bh_cb
Put these functions at the beginning, to avoid forward references
in the next patches.
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 27cbd828c617944c0f9603763fdf4fa87e7ad923)
Signed-off-by: Michael Roth <address@hidden>
Commit: b90d717b6469ac15fa1837a884097bbc5499124c
https://github.com/qemu/qemu/commit/b90d717b6469ac15fa1837a884097bbc5499124c
Author: Paolo Bonzini <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M block/iscsi.c
Log Message:
-----------
iscsi: simplify iscsi_schedule_bh
It is always used with the same callback, remove the argument. And
its return value is never used, assume allocation succeeds.
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit cfb3f5064af2d2e29c976e292c9472dfe9d61e31)
Conflicts:
block/iscsi.c
Signed-off-by: Michael Roth <address@hidden>
Commit: 799c27e1243769a52fb3edc7e5b42f9f50c9fba6
https://github.com/qemu/qemu/commit/799c27e1243769a52fb3edc7e5b42f9f50c9fba6
Author: Paolo Bonzini <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M block/iscsi.c
Log Message:
-----------
iscsi: fix races between task completion and abort
This patch fixes two main issues with block/iscsi.c:
1) iscsi_task_mgmt_abort_task_async calls iscsi_scsi_task_cancel which
was also directly called in iscsi_aio_cancel
2) a race between task completion and task abortion could happen cause
the scsi_free_scsi_task were done before iscsi_schedule_bh has finished.
To fix this, all the freeing of IscsiTasks and releasing of the AIOCBs
is centralized in iscsi_bh_cb, independent of whether the SCSI command
has completed or was cancelled.
3) iscsi_aio_cancel was not synchronously waiting for the end of the
command.
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 1bd075f29ea6d11853475c7c42734595720c3ac6)
Conflicts:
block/iscsi.c
Signed-off-by: Michael Roth <address@hidden>
Commit: b598cb2214cbc197a7d8a677644a7ef3ea17c2c1
https://github.com/qemu/qemu/commit/b598cb2214cbc197a7d8a677644a7ef3ea17c2c1
Author: Alexey Kardashevskiy <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M iohandler.c
Log Message:
-----------
eventfd: making it thread safe
QEMU uses IO handlers to run select() in the main loop.
The handlers list is managed by qemu_set_fd_handler() helper
which works fine when called from the main thread as it is
called when select() is not waiting.
However IO handlers list can be changed in the thread other than
the main one doing os_host_main_loop_wait(), for example, as a result
of a hypercall which changes PCI config space (VFIO on POWER is the case)
and enables/disabled MSI/MSIX which closes/creates eventfd handles.
As the main loop should be waiting on the newly created eventfds,
it has to be restarted.
The patch adds the qemu_notify_event() call to interrupt select()
to make main_loop() restart select() with the updated IO handlers
list.
Signed-off-by: Alexey Kardashevskiy <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 55ce75faf253d4369670f60409c608e665e8dde9)
Signed-off-by: Michael Roth <address@hidden>
Commit: 886c62a3ff5aefca7b595a830ef2def5fedb636d
https://github.com/qemu/qemu/commit/886c62a3ff5aefca7b595a830ef2def5fedb636d
Author: Jan Kiszka <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M hw/i82378.c
Log Message:
-----------
i82378: Remove bogus MMIO coalescing
This MMIO area is an entry gate to legacy PC ISA devices, addressed via
PIO over there. Quite a few of the PIO ports have side effects on access
like starting/stopping timers that must be executed properly ordered
/wrt the CPU. So we have to remove the coalescing mark.
Acked-by: Hervé Poussineau <address@hidden>
Acked-by: Andreas Färber <address@hidden>
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 0ec64507a5e6366e6d8070a82c866b935f687ed9)
Signed-off-by: Michael Roth <address@hidden>
Commit: c7e6d6b1158910460b395232faeb053593da2a96
https://github.com/qemu/qemu/commit/c7e6d6b1158910460b395232faeb053593da2a96
Author: Frediano Ziglio <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M xen-mapcache.c
Log Message:
-----------
Fix invalidate if memory requested was not bucket aligned
When memory is mapped in qemu_map_cache with lock != 0 a reverse mapping
is created pointing to the virtual address of location requested.
The cached mapped entry is saved in last_address_vaddr with the memory
location of the base virtual address (without bucket offset).
However when this entry is invalidated the virtual address saved in the
reverse mapping is used. This cause that the mapping is freed but the
last_address_vaddr is not reset.
Signed-off-by: Frediano Ziglio <address@hidden>
Signed-off-by: Stefano Stabellini <address@hidden>
(cherry picked from commit 27b7652ef515bb4c694f79d657d2052c72b19536)
Signed-off-by: Michael Roth <address@hidden>
Commit: 07548727b3ef25c63ed5a3f068f46059963490c6
https://github.com/qemu/qemu/commit/07548727b3ef25c63ed5a3f068f46059963490c6
Author: Dongxiao Xu <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M xen-all.c
Log Message:
-----------
xen-all.c: fix multiply issue for int and uint types
If the two multiply operands are int and uint types separately,
the int type will be transformed to uint firstly, which is not the
intent in our code piece. The fix is to add (int64_t) transform
for the uint type before the multiply.
Signed-off-by: Dongxiao Xu <address@hidden>
Signed-off-by: Stefano Stabellini <address@hidden>
(cherry picked from commit 14d40183725361e6350166099556c7661063921b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1bc633246105b629b72728b007fd9d414c6038e8
https://github.com/qemu/qemu/commit/1bc633246105b629b72728b007fd9d414c6038e8
Author: Jim Meyering <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M qemu-ga.c
Log Message:
-----------
qemu-ga: don't leak a file descriptor upon failed lockf
Signed-off-by: Jim Meyering <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 4144f122b477164cf466ca69be24cf4ef5c218d3)
Signed-off-by: Michael Roth <address@hidden>
Commit: df60f451b3eb94305e63f0bb12c9c361a721bc81
https://github.com/qemu/qemu/commit/df60f451b3eb94305e63f0bb12c9c361a721bc81
Author: Jim Meyering <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
Also, use g_malloc to avoid NULL-deref upon OOM.
Signed-off-by: Jim Meyering <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 0d07fe47d4986271a21ed4ff5237275ff55dd93f)
Signed-off-by: Michael Roth <address@hidden>
Commit: b68e45c68667dce43341c94c69126852496ddbaf
https://github.com/qemu/qemu/commit/b68e45c68667dce43341c94c69126852496ddbaf
Author: Jim Meyering <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M block/sheepdog.c
Log Message:
-----------
sheepdog: don't leak socket file descriptor upon connection failure
Signed-off-by: Jim Meyering <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit a7e47d4bfcbf256fae06891a8599950ff8e1b61b)
Signed-off-by: Michael Roth <address@hidden>
Commit: cc5caf7df4ed5833183121e08c6b6131722137d5
https://github.com/qemu/qemu/commit/cc5caf7df4ed5833183121e08c6b6131722137d5
Author: Jim Meyering <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M arm-semi.c
Log Message:
-----------
arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN
Always call unlock_user before returning.
Signed-off-by: Jim Meyering <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 396bef4b3846bf4e80a2bee38e9a2d8554d0f251)
Signed-off-by: Michael Roth <address@hidden>
Commit: c068d37020f8c0d10beaf4671c41b05b923d7896
https://github.com/qemu/qemu/commit/c068d37020f8c0d10beaf4671c41b05b923d7896
Author: Jim Meyering <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M softmmu-semi.h
Log Message:
-----------
softmmu-semi: fix lock_user* functions not to deref NULL upon OOM
Return NULL upon malloc failure.
Signed-off-by: Jim Meyering <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 15d9e3bc6af8a56af8c61911aab8453a54795db1)
Signed-off-by: Michael Roth <address@hidden>
Commit: 50d0184cb7be68a521a19073c92c5ffc6adb728f
https://github.com/qemu/qemu/commit/50d0184cb7be68a521a19073c92c5ffc6adb728f
Author: Anthony Liguori <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M monitor.c
Log Message:
-----------
monitor: move json init from OPEN event to init
At some point in the past, the OPEN event was changed to be issued from a
bottom half. This creates a small window whereas a data callback registered in
init may be invoked before the OPEN event has been issued.
This is reproducible with:
echo "{'execute': 'qmp_capabilities'}" | qemu-system-x86_64 -M none -qmp stdio
We can fix this for the monitor by moving the parser initialization to init.
The remaining state that is set in OPEN appears harmless.
Reported-by: Daniel Berrange <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 58617a795c8067b2f9800cffce60f38707d3aa31)
Conflicts:
monitor.c
Signed-off-by: Michael Roth <address@hidden>
Commit: 5ea33884f642ab74a321527d7a91001d1562d671
https://github.com/qemu/qemu/commit/5ea33884f642ab74a321527d7a91001d1562d671
Author: Meador Inge <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
target-mips: Enable access to required RDHWR hardware registers
While running in the usermode emulator all of the required*
MIPS32r2 RDHWR hardware registers should be accessible (the
Linux kernel enables access to these same registers). Note
that these registers are still enabled when the MIPS ISA is
not release 2. This is OK since the Linux kernel emulates
access to them when they are not available in hardware.
* There is also the ULR register which is only recommended
for full release 2 compliance. Incidentally, accessing
this register in the current implementation works fine
without flipping its access bit.
Signed-off-by: Meador Inge <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 94159135cb59684853dcd45ff70d6dbc54a29209)
Signed-off-by: Michael Roth <address@hidden>
Commit: cdcf2aa41c816482b53e2d3909557c7c3f909845
https://github.com/qemu/qemu/commit/cdcf2aa41c816482b53e2d3909557c7c3f909845
Author: Stefan Weil <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-mips/op_helper.c
Log Message:
-----------
target-mips: Fix some helper functions (VR54xx multiplication)
Commits b5dc7732e1cc2fb549e48b7b5d664f2c79628e2e and
be24bb4f3007c3e07cbf1934f7e781493d876ab7 optimized the code
and removed the correct setting of t0. Fix this.
gcc-4.7 detected this bug because parameter arg1 was unused
but set in set_HIT0_LO and set_HI_LOT0.
Cc: Aurelien Jarno <address@hidden>
Signed-off-by: Stefan Weil <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 6fc97fafce05eee76479ca6d289241772d21b370)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5330a894ed44e18ba8eb038fbc1060eac34ad8bc
https://github.com/qemu/qemu/commit/5330a894ed44e18ba8eb038fbc1060eac34ad8bc
Author: Anthony Liguori <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M monitor.c
Log Message:
-----------
monitor: don't try to initialize json parser when monitor is HMP
Reported-by: Michael Roth <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 26efaca377e004b79ff50a6e936d029a0c095b8b)
Signed-off-by: Michael Roth <address@hidden>
Commit: 1d34dff02fad135a64266e670f01ac3c6a408fa1
https://github.com/qemu/qemu/commit/1d34dff02fad135a64266e670f01ac3c6a408fa1
Author: Paolo Bonzini <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M hw/acpi_piix4.c
M hw/qdev.c
M hw/xen_platform.c
M qom/object.c
Log Message:
-----------
qom: object_delete should unparent the object first
object_deinit is only called when the reference count goes to zero,
and yet tries to do an object_unparent. Now, object_unparent
either does nothing or it will decrease the reference count.
Because we know the reference count is zero, the object_unparent
call in object_deinit is useless.
Instead, we need to disconnect the object from its parent just
before we remove the last reference apart from the parent's. This
happens in object_delete. Once we do this, all calls to
object_unparent peppered through QEMU can go away.
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit da5a44e8b0b727681fc33e8d94832d1cae48a788)
Signed-off-by: Michael Roth <address@hidden>
Commit: 63f7166a80a204e8d6d1732315b5c924d46f31d3
https://github.com/qemu/qemu/commit/63f7166a80a204e8d6d1732315b5c924d46f31d3
Author: Paolo Bonzini <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M hw/ivshmem.c
Log Message:
-----------
ivshmem: fix memory_region_del_eventfd assertion failure
We do not register ioeventfds unless the IVSHMEM_IOEVENTFD feature
is set. The same feature must be checked before releasing the eventfds.
Regression introduced by commit 563027c (ivshmem: use EventNotifier and
memory API, 2012-07-05).
Reported-by: Cam Macdonnell <address@hidden>
Tested-by: Cam Macdonnell <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 98609cd8fcf755c0ba7049d751353b8b2e243b65)
Signed-off-by: Michael Roth <address@hidden>
Commit: 0214b6b4deb87d70bfc5fb00ba62f85fcf06f8ab
https://github.com/qemu/qemu/commit/0214b6b4deb87d70bfc5fb00ba62f85fcf06f8ab
Author: Matthew Ogilvie <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-i386/translate.c
Log Message:
-----------
target-i386/translate.c: mov to/from crN/drN: ignore mod bits
> This instruction is always treated as a register-to-register (MOD = 11)
> instruction, regardless of the encoding of the MOD field in the MODR/M
> byte.
Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on
real Intel 386 and 486 CPU's (at least), but does not run in qemu without
this patch.
Signed-off-by: Matthew Ogilvie <address@hidden>
Signed-off-by: malc <address@hidden>
(cherry picked from commit 5c73b757e3aa80dc84352b2ede0d8bdea5419f6d)
Conflicts:
target-i386/translate.c
Signed-off-by: Michael Roth <address@hidden>
Commit: 0ba3d50242573c3c821f275e6061655b7e6d4ae1
https://github.com/qemu/qemu/commit/0ba3d50242573c3c821f275e6061655b7e6d4ae1
Author: Peter Maydell <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M tcg/arm/tcg-target.c
Log Message:
-----------
tcg/arm: Fix broken CONFIG_TCG_PASS_AREG0 code
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was
broken in that it did not respect the ABI requirement that 64
bit values were passed in even-odd register pairs. The simplest
way to fix this is to implement some new utility functions
for marshalling function arguments into the correct registers
and stack, so that the code which sets up the address and
data arguments does not need to care whether there has been
a preceding env argument.
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Blue Swirl <address@hidden>
(cherry picked from commit 9716ef3b1b48ebbb4b6515fb4685a5db96ce41d9)
Signed-off-by: Michael Roth <address@hidden>
Commit: ec16f35e4e448a11741263c08bf4e76533c435c8
https://github.com/qemu/qemu/commit/ec16f35e4e448a11741263c08bf4e76533c435c8
Author: Aurelien Jarno <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M tcg/ia64/tcg-target.c
Log Message:
-----------
tcg/ia64: fix prologue/epilogue
Prologue and epilogue code has been broken in cea5f9a28.
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 18d445b443a5fa06a7c2819a170623b970afb3fb)
Signed-off-by: Michael Roth <address@hidden>
Commit: 50462f2ca8098aff7d947772446b6060e2f59f79
https://github.com/qemu/qemu/commit/50462f2ca8098aff7d947772446b6060e2f59f79
Author: Aurelien Jarno <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M tcg/ia64/tcg-target.c
Log Message:
-----------
tcg/ia64: fix and optimize ld/st slow path
Store slow path has been broken in e141ab52d:
- the arguments are shifted before the last one (mem_index) is written.
- the shift is done for both slow and fast paths.
Fix that. Also optimize a bit by bundling the move together. This still
can be optimized, but it's better to wait for a decision to be taken on
the arguments order.
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit d03c98d80ffb7c561d9e6874580f52fe7ecc8c6c)
Signed-off-by: Michael Roth <address@hidden>
Commit: 9a32fb28244272f4e57145646a5f4b67edb6e111
https://github.com/qemu/qemu/commit/9a32fb28244272f4e57145646a5f4b67edb6e111
Author: Richard Sandiford <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
Fix operands of RECIP2.S and RECIP2.PS
Read the second input operand of RECIP2.S and RECIP2.PS from FT rather
than FD. RECIP2.D is already correct.
Signed-off-by: Richard Sandiford <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit d22d7289877ecd3ef86570f6f6d0574da40711dc)
Signed-off-by: Michael Roth <address@hidden>
Commit: bc4321e754e8fadac0d8173c73719700a8c98d4a
https://github.com/qemu/qemu/commit/bc4321e754e8fadac0d8173c73719700a8c98d4a
Author: Richard Sandiford <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
Fix order of CVT.PS.S operands
The FS input to CVT.PS.S is the high half and FT is the low half.
tcg_gen_concat_i32_i64 takes the low half first, so the operands
were in the wrong order.
Signed-off-by: Richard Sandiford <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 13d24f49720a3e7b35a21222ef182c8513f139db)
Signed-off-by: Michael Roth <address@hidden>
Commit: 2f0f684cce95a9e0ef709cc2614fd1512cf0bb85
https://github.com/qemu/qemu/commit/2f0f684cce95a9e0ef709cc2614fd1512cf0bb85
Author: Richard Henderson <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
target-mips: Streamline indexed cp1 memory addressing.
We've already eliminated both base and index being zero.
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 05168674505153a641c7bfddb691d2eda11d13d1)
Signed-off-by: Michael Roth <address@hidden>
Commit: 8d45ae83523ae29fc05c6a3f7af3d863e3af18e7
https://github.com/qemu/qemu/commit/8d45ae83523ae29fc05c6a3f7af3d863e3af18e7
Author: Richard Henderson <address@hidden>
Date: 2012-08-27 (Mon, 27 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
mips-linux-user: Always support rdhwr.
The kernel will emulate this instruction if it's not supported
natively. This insn is used for TLS, among other things, and
so is required by modern glibc.
Signed-off-by: Richard Henderson <address@hidden>
Cc: Riku Voipio <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit b3167288367f79754b74ad933146e37938ebff13)
Signed-off-by: Michael Roth <address@hidden>
Commit: 57708c532fb37163c445e7e4827e182cce2bbf60
https://github.com/qemu/qemu/commit/57708c532fb37163c445e7e4827e182cce2bbf60
Author: Eric Johnson <address@hidden>
Date: 2012-08-28 (Tue, 28 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
target-mips: add privilege level check to several Cop0 instructions
The MIPS Architecture Verification Programs (AVPs) check privileged
instructions for the required privilege level. These changes are needed
to pass the AVP suite.
Signed-off-by: Eric Johnson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 2e15497c5b8d0d172dece0cf56e2d2e977a6b679)
Signed-off-by: Michael Roth <address@hidden>
Commit: 849c8651553ecbbb29993880b8709b0ab8e27ab1
https://github.com/qemu/qemu/commit/849c8651553ecbbb29993880b8709b0ab8e27ab1
Author: Eric Johnson <address@hidden>
Date: 2012-08-28 (Tue, 28 Aug 2012)
Changed paths:
M target-mips/translate.c
Log Message:
-----------
target-mips: allow microMIPS SWP and SDP to have RD equal to BASE
The microMIPS SWP and SDP instructions do not modify GPRs. So their
behavior is well defined when RD equals BASE. The MIPS Architecture
Verification Programs (AVPs) check that they work as expected. This
is required for AVPs to pass.
Signed-off-by: Eric Johnson <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit 36c6711bbe79642b0102416a9dd4243505e874a6)
Signed-off-by: Michael Roth <address@hidden>
Commit: 256c89943262c4a10f4a1604d73918d37adad24e
https://github.com/qemu/qemu/commit/256c89943262c4a10f4a1604d73918d37adad24e
Author: munkyu.im <address@hidden>
Date: 2012-08-28 (Tue, 28 Aug 2012)
Changed paths:
M audio/winwaveaudio.c
Log Message:
-----------
audio/winwave: previous audio buffer should be flushed
Winwave audio backend has problem with pausing and restart audio out.
Unlike other backends, Winwave pausing API does not flush audio buffer.
As a result, the previous audio data are played in front of
user expected sound when user restart audio.
So changes it to waveOutReset()
Signed-off-by: Munkyu Im <address@hidden>
Signed-off-by: malc <address@hidden>
(cherry picked from commit 13ef70f64e9e4d7583fbd9918d8ea76194023d37)
Signed-off-by: Michael Roth <address@hidden>
Commit: 69c67eca97298c37b084ddd6c961625079682579
https://github.com/qemu/qemu/commit/69c67eca97298c37b084ddd6c961625079682579
Author: Aurelien Jarno <address@hidden>
Date: 2012-08-28 (Tue, 28 Aug 2012)
Changed paths:
M tcg/mips/tcg-target.c
Log Message:
-----------
tcg/mips: fix broken CONFIG_TCG_PASS_AREG0 code
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was
broken in that it did not respect the ABI requirement that 64
bit values were passed in even-odd register pairs. The simplest
way to fix this is to implement some new utility functions
for marshalling function arguments into the correct registers
and stack, so that the code which sets up the address and
data arguments does not need to care whether there has been
a preceding env argument.
Based on commit 9716ef3b for ARM by Peter Maydell.
Signed-off-by: Aurelien Jarno <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
(cherry picked from commit 18fec301cd2a38f72a5eeba2656a0c5b4fa69fb7)
Signed-off-by: Michael Roth <address@hidden>
Commit: 450ead742ae119b9862c3385b9a27060c4364483
https://github.com/qemu/qemu/commit/450ead742ae119b9862c3385b9a27060c4364483
Author: Peter Maydell <address@hidden>
Date: 2012-08-30 (Thu, 30 Aug 2012)
Changed paths:
M hw/arm_gic.c
Log Message:
-----------
hw/arm_gic.c: Define .class_size in arm_gic_info TypeInfo
Add the missing .class_size definition to the arm_gic_info TypeInfo.
This fixes the memory corruption and possible segfault that otherwise
results when the class struct is allocated at too small a size and
the class init function writes off the end of it.
Reported-by: Adam Lackorzynski <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 998a74bcda7f3297813732ddc2f28ffe5a12e37a)
- ARMGICClass isn't in 1.1, set class size to SysBusDeviceClass instead
Signed-off-by: Michael Roth <address@hidden>
Commit: 57fa9fb4efa5aa3382045db2a1970279d49e63f5
https://github.com/qemu/qemu/commit/57fa9fb4efa5aa3382045db2a1970279d49e63f5
Author: Cam Macdonell <address@hidden>
Date: 2012-08-30 (Thu, 30 Aug 2012)
Changed paths:
M hw/ivshmem.c
Log Message:
-----------
ivshmem: remove redundant ioeventfd configuration
setup_ioeventfds() is unnecessary and actually causes a segfault when used
ioeventfd=on is used on the command-line. Since ioeventfds are handled within
the memory API, it can be removed.
Signed-off-by: Cam Macdonell <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 7e7de876ae9bdb1b994dee148c6dc009ce94c48e)
Conflicts:
hw/ivshmem.c
Signed-off-by: Michael Roth <address@hidden>
Commit: 25c0807e3ca1026b245243e156e764cf989be6bf
https://github.com/qemu/qemu/commit/25c0807e3ca1026b245243e156e764cf989be6bf
Author: Jan Kiszka <address@hidden>
Date: 2012-08-30 (Thu, 30 Aug 2012)
Changed paths:
M memory.c
Log Message:
-----------
memory: Fix copy&paste mistake in memory_region_iorange_write
The last argument of find_portio is "write", so this must be true here.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 7e2a62d82a3f1397acd67685c3008046eba8344b)
Signed-off-by: Michael Roth <address@hidden>
Commit: cccb5446a6d1083b51d851ef5a4f1acff9173127
https://github.com/qemu/qemu/commit/cccb5446a6d1083b51d851ef5a4f1acff9173127
Author: Stefan Weil <address@hidden>
Date: 2012-08-30 (Thu, 30 Aug 2012)
Changed paths:
M qemu-ga.c
Log Message:
-----------
qemu-ga: Fix null pointer passed to unlink in failure branch
Clang reports this warning:
Null pointer passed as an argument to a 'nonnull' parameter
Reviewed-by: Luiz Capitulino <address@hidden>
Signed-off-by: Stefan Weil <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 4bdb1a3059d7d3a931de0748a2eec39a0ab41b4e)
Signed-off-by: Michael Roth <address@hidden>
Commit: 28846ad3b556458674f03323cac3144dcc3cd5e2
https://github.com/qemu/qemu/commit/28846ad3b556458674f03323cac3144dcc3cd5e2
Author: Stefano Stabellini <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M qemu-timer.c
Log Message:
-----------
qemu_rearm_alarm_timer: do not call rearm if the next deadline is INT64_MAX
qemu_rearm_alarm_timer partially duplicates the code in
qemu_next_alarm_deadline to figure out if it needs to rearm the timer.
If it calls qemu_next_alarm_deadline, it always rearms the timer even if
the next deadline is INT64_MAX.
This patch simplifies the behavior of qemu_rearm_alarm_timer and removes
the duplicated code, always calling qemu_next_alarm_deadline and only
rearming the timer if the deadline is less than INT64_MAX.
Signed-off-by: Stefano Stabellini <address@hidden>
Reviewed-by: Stefan Weil <address@hidden>
Tested-by: Andreas Färber <address@hidden>
Signed-off-by: Blue Swirl <address@hidden>
(cherry picked from commit 8227421e0476d9caf2a9a089465bb40c23834e33)
Signed-off-by: Michael Roth <address@hidden>
Commit: 219a7482ab5866c64fc5a815381737ef8cf77f63
https://github.com/qemu/qemu/commit/219a7482ab5866c64fc5a815381737ef8cf77f63
Author: Gleb Natapov <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M hw/acpi_piix4.c
Log Message:
-----------
reset PMBA and PMREGMISC PIIX4 registers.
The bug causes Windows + OVMF hang after reboot since OVMF
checks PMREGMISC to see if IO space is enabled and skip
configuration if it is.
Reviewed-by: Laszlo Ersek <address@hidden>
Signed-off-by: Gleb Natapov <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 4d09d37c6aa9a02b44b1fdb6268820fab92499bd)
Signed-off-by: Michael Roth <address@hidden>
Commit: ce4fc986e576536b0998a7f8e963c0932adda6d0
https://github.com/qemu/qemu/commit/ce4fc986e576536b0998a7f8e963c0932adda6d0
Author: Michael S. Tsirkin <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M hw/msix.c
M hw/virtio-pci.c
Log Message:
-----------
msix: make [un]use vectors on reset/load optional
The facility to use/unuse vectors dynamically is helpful
for virtio but little else: everyone just seems to use
vectors in their init function.
Avoid clearing msix vector use info on reset and load.
For virtio, clear it explicitly.
This should fix regressions reported with ivshmem - though
I didn't test this, I verified that virtio keeps
working like it did.
Tested-by: Cam Macdonell <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
(cherry picked from commit 3cac001e5ae3c0ceb33e0a1978a48cb5e2482ab2)
Conflicts:
hw/msix.c
hw/virtio-pci.c
Signed-off-by: Michael Roth <address@hidden>
Commit: a8cd6f7ddfb9a8514170d79665669be8538d2f96
https://github.com/qemu/qemu/commit/a8cd6f7ddfb9a8514170d79665669be8538d2f96
Author: Hans de Goede <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M hw/usb/hcd-ehci.c
Log Message:
-----------
ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
Signed-off-by: Hans de Goede <address@hidden>
(cherry picked from commit 7ce86aa1aafaa65e7d3e572873bdf37bdb896f49)
Conflicts:
hw/usb/hcd-ehci.c
Signed-off-by: Michael Roth <address@hidden>
Commit: c7580c103434c8b96c5a2cd54aaa9a092bb638a7
https://github.com/qemu/qemu/commit/c7580c103434c8b96c5a2cd54aaa9a092bb638a7
Author: Max Filippov <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M target-xtensa/translate.c
Log Message:
-----------
target-xtensa: fix big-endian BBS/BBC implementation
Quote from ISA, 2.1:
For most Xtensa instructions, bit numbering is irrelevant; only the BBC
and BBS instructions assign bit numbers to values on which the processor
operates. The BBC/BBS instructions use big-endian bit ordering (0 is the
most-significant bit) on a big-endian processor configuration.
Signed-off-by: Max Filippov <address@hidden>
Signed-off-by: Blue Swirl <address@hidden>
(cherry picked from commit 7ff7563fc1c3c57914aafec1753219604346fe18)
Signed-off-by: Michael Roth <address@hidden>
Commit: 5a16dd9bc80bc1c519c500392122c179a2942b37
https://github.com/qemu/qemu/commit/5a16dd9bc80bc1c519c500392122c179a2942b37
Author: Max Filippov <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M xtensa-semi.c
Log Message:
-----------
target-xtensa: return ENOSYS for unimplemented simcalls
This prevents guest from proceeding with uninitialised garbage returned
from unimplemented simcalls.
Signed-off-by: Max Filippov <address@hidden>
Signed-off-by: Blue Swirl <address@hidden>
(cherry picked from commit e7eee62a90c671d22d50964b7de05e3f4fd96f5f)
Signed-off-by: Michael Roth <address@hidden>
Commit: f965d237b567389661bccb1701a6c94e964d7818
https://github.com/qemu/qemu/commit/f965d237b567389661bccb1701a6c94e964d7818
Author: Paolo Bonzini <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M qemu-timer.c
Log Message:
-----------
qemu-timer: properly arm alarm timer for timers set by device initialization
QEMU will hang when fed the following command-line
qemu-system-mips -kernel vmlinux-2.6.32-5-4kc-malta -append "console=ttyS0"
-nographic -net none
The -net none is important otherwise it seems some events are generated
causing the things to work. When it doesn't work, the guest hangs when
measuring the CPU frequency, after the following line:
[ 0.000000] NR_IRQS:256
Pressing a key on the serial port unblocks it, hinting that the problem
is due to the recent elimination of the 1 second timeout in the main
loop.
The problem is that because init_timer_alarm sets the timer's pending
flag to true, the alarm timer is never armed until after the first time
through the main loop. Thus the bug started when QEMU started testing
the pending flag in qemu_mod_timer (commit 1828be3, more alarm timer
cleanup, 2010-03-10).
But actually, it isn't true at all that a timer is pending when the
alarm timer is created, and the real bug has been latent forever: the
fix is to remove the bogus setting of pending flag.
Reported-by: Aurelien Jarno <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Reviewed-by: Jan Kiszka <address@hidden>
Tested-by: Aurelien Jarno <address@hidden>
Tested-by: Michael Tokarev <address@hidden>
Signed-off-by: Aurelien Jarno <address@hidden>
(cherry picked from commit de188751da8db3c77a681bf903035a0e5218c463)
Signed-off-by: Michael Roth <address@hidden>
Commit: 113f4cd9e96f55df159573282110848b898e6b50
https://github.com/qemu/qemu/commit/113f4cd9e96f55df159573282110848b898e6b50
Author: Ian Campbell <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M console.c
Log Message:
-----------
console: bounds check whenever changing the cursor due to an escape code
This is XSA-17 / CVE-2012-3515
Signed-off-by: Ian Campbell <address@hidden>
Signed-off-by: Anthony Liguori <address@hidden>
Commit: 4ce5bc2dd1914a706725186c6563e8f92eedfc84
https://github.com/qemu/qemu/commit/4ce5bc2dd1914a706725186c6563e8f92eedfc84
Author: Michael Roth <address@hidden>
Date: 2012-09-05 (Wed, 05 Sep 2012)
Changed paths:
M VERSION
Log Message:
-----------
update VERSION for 1.1.2
Signed-off-by: Michael Roth <address@hidden>
Compare: https://github.com/qemu/qemu/compare/785adb09b9fd...4ce5bc2dd191
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f408f4: qtest: fix infinite loop when QEMU aborts abruptly,
GitHub <=