[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e5554e: monitor: Reset HMP mon->rs in CHR_EVE
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] e5554e: monitor: Reset HMP mon->rs in CHR_EVENT_OPEN |
|
Date: |
Mon, 29 Sep 2014 11:30:05 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: e5554e2015f8fb452135f7b1ce1976536266379c
https://github.com/qemu/qemu/commit/e5554e2015f8fb452135f7b1ce1976536266379c
Author: Stratos Psomadakis <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M monitor.c
Log Message:
-----------
monitor: Reset HMP mon->rs in CHR_EVENT_OPEN
Commit cdaa86a54 ("Add G_IO_HUP handler for socket chardev") exposed a bug in
the way the HMP monitor handles its command buffer. When a client closes the
connection to the monitor, tcp_chr_read() will detect the G_IO_HUP condition
and call tcp_chr_disconnect() to close the server-side connection too. Due to
the fact that monitor reads 1 byte at a time (for each tcp_chr_read()), the
monitor readline state / buffers might contain junk (i.e. a half-finished
command). Thus, without calling readline_restart() on mon->rs in
CHR_EVENT_OPEN, future HMP commands will fail.
Signed-off-by: Stratos Psomadakis <address@hidden>
Signed-off-by: Dimitris Aragiorgis <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: 1f9296b51a26650916a2c4191268bb64057bdc5f
https://github.com/qemu/qemu/commit/1f9296b51a26650916a2c4191268bb64057bdc5f
Author: Luiz Capitulino <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M hw/virtio/virtio-balloon.c
Log Message:
-----------
virtio-balloon: fix integer overflow in memory stats feature
When a QMP client changes the polling interval time by setting
the guest-stats-polling-interval property, the interval value
is stored and manipulated as an int64_t variable.
However, the balloon_stats_change_timer() function, which is
used to set the actual timer with the interval value, takes
an int instead, causing an overflow for big interval values.
This commit fix this bug by changing balloon_stats_change_timer()
to take an int64_t and also it limits the polling interval value
to UINT_MAX to avoid other kinds of overflow.
Signed-off-by: Luiz Capitulino <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Commit: cee2dedb85b97e4976c83bea84064c3921b8b7ac
https://github.com/qemu/qemu/commit/cee2dedb85b97e4976c83bea84064c3921b8b7ac
Author: Michael Roth <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M include/qapi/visitor-impl.h
M include/qapi/visitor.h
M qapi/qapi-visit-core.c
M scripts/qapi-visit.py
Log Message:
-----------
qapi: add visit_start_union and visit_end_union
In some cases an input visitor might bail out on filling out a
struct for various reasons, such as missing fields when running
in strict mode. In the case of a QAPI Union type, this may lead
to cases where the .kind field which encodes the union type
is uninitialized. Subsequently, other visitors, such as the
dealloc visitor, may use this .kind value as if it were
initialized, leading to assumptions about the union type which
in this case may lead to segfaults. For example, freeing an
integer value.
However, we can generally rely on the fact that the always-present
.data void * field that we generate for these union types will
always be NULL in cases where .kind is uninitialized (at least,
there shouldn't be a reason where we'd do this purposefully).
So pass this information on to Visitor implementation via these
optional start_union/end_union interfaces so this information
can be used to guard against the situation above. We will make
use of this information in a subsequent patch for the dealloc
visitor.
Cc: address@hidden
Reported-by: Fam Zheng <address@hidden>
Suggested-by: Paolo Bonzini <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: 146db9f91979db89a123ea10d2b825d3670d2b36
https://github.com/qemu/qemu/commit/146db9f91979db89a123ea10d2b825d3670d2b36
Author: Michael Roth <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M qapi/qapi-dealloc-visitor.c
Log Message:
-----------
qapi: dealloc visitor, implement visit_start_union
If the .data field of a QAPI Union is NULL, we don't need to free
any of the union fields.
Make use of the new visit_start_union interface to access this
information and instruct the generated code to not visit these
fields when this occurs.
Cc: address@hidden
Reported-by: Fam Zheng <address@hidden>
Suggested-by: Paolo Bonzini <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: cb55111b4e425fa3279302fa7306b9a3d5164ff4
https://github.com/qemu/qemu/commit/cb55111b4e425fa3279302fa7306b9a3d5164ff4
Author: Michael Roth <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M tests/qapi-schema/qapi-schema-test.json
M tests/qapi-schema/qapi-schema-test.out
M tests/test-qmp-input-strict.c
Log Message:
-----------
tests: add QMP input visitor test for unions with no discriminator
This is more of an exercise of the dealloc visitor, where it may
erroneously use an uninitialized discriminator field as indication
that union fields corresponding to that discriminator field/type are
present, which can lead to attempts to free random chunks of heap
memory.
Cc: address@hidden
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: fe509ee2373078435fb8c4f68eebd2740c4e388f
https://github.com/qemu/qemu/commit/fe509ee2373078435fb8c4f68eebd2740c4e388f
Author: Fam Zheng <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M tests/qemu-iotests/087
M tests/qemu-iotests/087.out
Log Message:
-----------
qemu-iotests: Test missing "driver" key for blockdev-add
Signed-off-by: Fam Zheng <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Cc: address@hidden
Signed-off-by: Michael Roth <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: dbe2a7a62a94edfcf28826a39fffcc237ac1864b
https://github.com/qemu/qemu/commit/dbe2a7a62a94edfcf28826a39fffcc237ac1864b
Author: Markus Armbruster <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M include/qapi/qmp/qerror.h
Log Message:
-----------
qemu-socket: Polish errors for connect() and listen() failure
connect() doesn't "connect to socket", it connects a socket to an
address and, if it's of type SOCK_STREAM, initiates a connection.
Scratch "to".
listen() does "set socket to listening mode", but it sounds awkward.
Change to "listen on socket".
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Gonglei <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: 235256a2bdebf7097e524031d74b43bcb4adec30
https://github.com/qemu/qemu/commit/235256a2bdebf7097e524031d74b43bcb4adec30
Author: Markus Armbruster <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M include/qapi/qmp/qerror.h
M util/qemu-sockets.c
Log Message:
-----------
qemu-socket: Eliminate silly QERR_ macros
The QERR_ macros are leftovers from the days of "rich" error objects.
They're used with error_set() and qerror_report(), and expand into the
first *two* arguments. This trickiness has become pointless. Clean
up.
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: a631892f9d6440812af98588e9635f1a2a7260ff
https://github.com/qemu/qemu/commit/a631892f9d6440812af98588e9635f1a2a7260ff
Author: Zhu Guihua <address@hidden>
Date: 2014-09-26 (Fri, 26 Sep 2014)
Changed paths:
M hmp-commands.hx
M hmp.c
M hmp.h
M monitor.c
Log Message:
-----------
Add HMP command "info memory-devices"
Provides HMP equivalent of QMP query-memory-devices command.
Signed-off-by: Zhu Guihua <address@hidden>
Reviewed-By: Igor Mammedov <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
Commit: b60a7726cc0f5cbb2aecdbba67aeaf54ffc2c9cf
https://github.com/qemu/qemu/commit/b60a7726cc0f5cbb2aecdbba67aeaf54ffc2c9cf
Author: Peter Maydell <address@hidden>
Date: 2014-09-29 (Mon, 29 Sep 2014)
Changed paths:
M hmp-commands.hx
M hmp.c
M hmp.h
M hw/virtio/virtio-balloon.c
M include/qapi/qmp/qerror.h
M include/qapi/visitor-impl.h
M include/qapi/visitor.h
M monitor.c
M qapi/qapi-dealloc-visitor.c
M qapi/qapi-visit-core.c
M scripts/qapi-visit.py
M tests/qapi-schema/qapi-schema-test.json
M tests/qapi-schema/qapi-schema-test.out
M tests/qemu-iotests/087
M tests/qemu-iotests/087.out
M tests/test-qmp-input-strict.c
M util/qemu-sockets.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
* remotes/qmp-unstable/queue/qmp:
Add HMP command "info memory-devices"
qemu-socket: Eliminate silly QERR_ macros
qemu-socket: Polish errors for connect() and listen() failure
qemu-iotests: Test missing "driver" key for blockdev-add
tests: add QMP input visitor test for unions with no discriminator
qapi: dealloc visitor, implement visit_start_union
qapi: add visit_start_union and visit_end_union
virtio-balloon: fix integer overflow in memory stats feature
monitor: Reset HMP mon->rs in CHR_EVENT_OPEN
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/70556264a89a...b60a7726cc0f
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] e5554e: monitor: Reset HMP mon->rs in CHR_EVENT_OPEN,
GitHub <=