- May 23, 2016
-
-
Vadim Rozenfeld authored
Signed-off-by:
Vadim Rozenfeld <vrozenfe@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Prasad J Pandit authored
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer. Routine get_cmd() uses DMA to read scsi commands into this buffer. Add check to validate DMA length against buffer size to avoid any overrun. Fixes CVE-2016-4441. Reported-by:
Li Qiang <liqiang6-s@360.cn> Cc: qemu-stable@nongnu.org Signed-off-by:
Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1463654371-11169-3-git-send-email-ppandit@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Prasad J Pandit authored
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer. While writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check was missing to validate input length. Add check to avoid OOB write access. Fixes CVE-2016-4439. Reported-by:
Li Qiang <liqiang6-s@360.cn> Cc: qemu-stable@nongnu.org Signed-off-by:
Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1463654371-11169-2-git-send-email-ppandit@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Richard W.M. Jones authored
Because of the risk that compilers might not emit the asm() block at the beginning of the option ROM, check that the ROM contains the required magic signature. Signed-off-by:
Richard W.M. Jones <rjones@redhat.com> Message-Id: <1463000807-18015-3-git-send-email-rjones@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Richard W.M. Jones authored
Modify the signrom.py script so that if the size byte in the header is 0 (ie. not set) then the script will set the size. If the size byte is non-zero then we do the same as before, so this doesn't require changes to any existing ROM sourcecode. Signed-off-by:
Richard W.M. Jones <rjones@redhat.com> Message-Id: <1463000807-18015-2-git-send-email-rjones@redhat.com>
-
Peter Maydell authored
Our dependency mechanism works like this: * on first build there is neither a .o nor a .d * we create the .d as a side effect of creating the .o * for rebuilds we know when we need to update the .o, which also updates the .d This system requires that you're never in a situation where there is a .o file but no .d (because then we will never realise we need to build the .d, and we will not have the dependency information about when to rebuild the .o). This is working fine for our object files, but we also try to use it for $TARGET/config-devices.mak (where the dependency file is in $TARGET-config-devices.mak.d). Unfortunately "make clean" doesn't remove config-devices.mak, which means that it puts us in the forbidden situation of "object file exists but not its .d file". This in turn means that we will fail to notice when we need to rebuild: mkdir build/depbug (cd build/depbug && '../../configure') make -C build/depbug -j8 make -C build/depbug clean echo "CONFIG_CANARY = y" >> default-configs/arm-softmmu.mak make -C build/depbug grep CANARY build/depbug/aarch64-softmmu/config-devices.mak The CANARY token should show up in config-devices.mak but does not. Fix this bug by making "make clean" delete the config-devices.mak files. config-all-devices.mak doesn't have the same problem since it has no .d file, but delete it too, since it is created by "make" and logically should be removed by "make clean". (Note that it is important not to remove config-devices.mak until after we have recursively run 'make clean' in the subdirectories.) Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> Message-Id: <1463484451-22979-1-git-send-email-peter.maydell@linaro.org> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Peter Maydell authored
On Linux, sigprocmask() and pthread_sigmask() are in practice the same thing (they only set the signal mask for the calling thread), but the documentation states that the behaviour of sigprocmask() in a multithreaded process is undefined. Use pthread_sigmask() instead (which is what we do in almost all places in QEMU that alter the signal mask already). Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> Message-Id: <1463420039-29761-1-git-send-email-peter.maydell@linaro.org> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
mr->ram_block->offset is already aligned to both host and target size (see qemu_ram_alloc_internal). Remove further masking as it is unnecessary. Reviewed-by:
Fam Zheng <famz@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Fam Zheng authored
Its value is alway set to mr->romd_mode, so the removed comparisons are fully superseded by "a->mr == b->mr". Signed-off-by:
Fam Zheng <famz@redhat.com> Message-Id: <1458900629-2334-3-git-send-email-famz@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Fam Zheng authored
The collision check does nothing and hasn't been used. Remove the variable together with related code. Signed-off-by:
Fam Zheng <famz@redhat.com> Message-Id: <1458900629-2334-2-git-send-email-famz@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Gonglei (Arei) authored
qemu_ram_unset_idstr() doesn't need rcu lock anymore, meanwhile make the range of rcu lock in qemu_ram_set_idstr() as small as possible. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Message-Id: <1462845901-89716-3-git-send-email-arei.gonglei@huawei.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Gonglei (Arei) authored
On the one hand, we have already qemu_get_ram_block() whose function is similar. On the other hand, we can directly use mr->ram_block but searching RAMblock by ram_addr which is a kind of waste. Signed-off-by:
Gonglei <arei.gonglei@huawei.com> Reviewed-by:
Fam Zheng <famz@redhat.com> Message-Id: <1462845901-89716-2-git-send-email-arei.gonglei@huawei.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Li Zhijian authored
Previously, qemu will abort at following scenario: (qemu) stop (qemu) system_reset (qemu) system_reset (qemu) 2016-04-13T20:54:38.979158Z qemu-system-x86_64: invalid runstate transition: 'prelaunch' -> 'prelaunch' Signed-off-by:
Li Zhijian <lizhijian@cn.fujitsu.com> Acked-by:
Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1460604352-18630-1-git-send-email-lizhijian@cn.fujitsu.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Peter Xu authored
This is to better emulate IOAPIC version 0x1X hardware. Linux kernel leveraged this "feature" to do explicit EOI since EOI register is still not introduced at that time. This will also fix the issue that level triggered interrupts failed to work when IR enabled (tested with Linux kernel version 4.5). Reviewed-by:
Radim Krčmář <rkrcmar@redhat.com> Signed-off-by:
Peter Xu <peterx@redhat.com> Message-Id: <1462875682-1349-3-git-send-email-peterx@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Peter Xu authored
Currently IOAPIC RO bits can be written. To be better aligned with hardware, we should let them read-only. Reviewed-by:
Radim Krčmář <rkrcmar@redhat.com> Signed-off-by:
Peter Xu <peterx@redhat.com> Message-Id: <1462875682-1349-2-git-send-email-peterx@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
sfence was introduced before lfence and mfence. This fixes Linux 2.4's measurement of checksumming speeds for the pIII_sse algorithm: md: linear personality registered as nr 1 md: raid0 personality registered as nr 2 md: raid1 personality registered as nr 3 md: raid5 personality registered as nr 4 raid5: measuring checksumming speed 8regs : 384.400 MB/sec 32regs : 259.200 MB/sec invalid operand: 0000 CPU: 0 EIP: 0010:[<c0240b2a>] Not tainted EFLAGS: 00000246 eax: c15d8000 ebx: 00000000 ecx: 00000000 edx: c15d5000 esi: 8005003b edi: 00000004 ebp: 00000000 esp: c15bdf50 ds: 0018 es: 0018 ss: 0018 Process swapper (pid: 1, stackpage=c15bd000) Stack: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000206 c0241c6c 00001000 c15d4000 c15d7000 c15d4000 c15d4000 Call Trace: [<c0241c6c>] [<c0105000>] [<c0241db4>] [<c010503b>] [<c0105000>] [<c0107416>] [<c0105030>] Code: 0f ae f8 0f 10 04 24 0f 10 4c 24 10 0f 10 54 24 20 0f 10 5c <0>Kernel panic: Attempted to kill init! Reported-by:
Stefan Weil <sw@weilnetz.de> Fixes: 121f3157 Cc: qemu-stable@nongnu.org Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Stefan Weil authored
The clang compiler supports a useful compiler option -Weverything, and GCC also has other warnings not enabled by -Wall. If glib header files trigger a warning, however, testing glib with -Werror will always fail. A size mismatch is also detected without -Werror, so simply remove it. Cc: qemu-stable@nongnu.org Signed-off-by:
Stefan Weil <sw@weilnetz.de> Message-Id: <1461879221-13338-1-git-send-email-sw@weilnetz.de> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Prasad J Pandit authored
When processing Task Priorty Register(TPR) access, it could leak automatic stack variable 'imm32' in patch_instruction(). Initialise the variable to avoid it. Reported by: Donghai Zdh <donghai.zdh@alibaba-inc.com> Cc: qemu-stable@nongnu.org Signed-off-by:
Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1460013608-16670-1-git-send-email-ppandit@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Pranith Kumar authored
Add a missing end brace and update doc to point to the latest access macro. ACCESS_ONCE() is deprecated. Signed-off-by:
Pranith Kumar <bobby.prani@gmail.com> Message-Id: <1462198852-28694-1-git-send-email-bobby.prani@gmail.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Dominik Dingel authored
While in the anonymous ram case we already take care of the right alignment such an alignment gurantee does not exist for file backed ram allocation. Instead, pagesize is used for alignment. On s390 this is not enough for gmap, as we need to satisfy an alignment up to segments. Reported-by:
Halil Pasic <pasic@linux.vnet.ibm.com> Signed-off-by:
Dominik Dingel <dingel@linux.vnet.ibm.com> Message-Id: <1461585338-45863-1-git-send-email-dingel@linux.vnet.ibm.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Peter Maydell authored
Machine Core queue, 2016-05-20 # gpg: Signature made Fri 20 May 2016 21:26:49 BST using RSA key ID 984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" * remotes/ehabkost/tags/machine-pull-request: (21 commits) Use &error_fatal when initializing crypto on qemu-{img,io,nbd} vl: Use &error_fatal when parsing monitor options vl: Use &error_fatal when parsing VNC options machine: add properties to compat_props incrementaly vl: Simplify global property registration vl: Make display_remote a local variable vl: Move DisplayType typedef to vl.c vl: Make display_type a local variable vl: Replace DT_NOGRAPHIC with machine option milkymist: Move DT_NOGRAPHIC check outside milkymist_tmu2_create() spice: Initialization stubs on qemu-spice.h gtk: Initialization stubs cocoa: cocoa_display_init() stub sdl: Initialization stubs curses: curses_display_init() stub vnc: Initialization stubs vl: Add DT_COCOA DisplayType value vl: Replace *_vga_available() functions with class_names field vl: Table-based select_vgahw() vl: Use exit(1) when requested VGA interface is unavailable ... Signed-off-by:
Peter Maydell <peter.maydell@linaro.org>
-
- May 20, 2016
-
-
Eduardo Habkost authored
In addition to making the code simpler, this will replace the long error messages: cannot initialize crypto: Unable to initialize GNUTLS library: [...] cannot initialize crypto: Unable to initialize gcrypt with shorter messages: Unable to initialize GNUTLS library: [...] Unable to initialize gcrypt Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Igor Mammedov authored
Switch to adding compat properties incrementaly instead of completly overwriting compat_props per machine type. That removes data duplication which we have due to nested [PC|SPAPR]_COMPAT_* macros. It also allows to set default device properties from default foo_machine_options() hook, which will be used in following patch for putting VMGENID device as a function if ISA bridge on pc/q35 machines. Suggested-by:
Eduardo Habkost <ehabkost@redhat.com> Signed-off-by:
Igor Mammedov <imammedo@redhat.com> Acked-by:
Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by:
Eduardo Habkost <ehabkost@redhat.com> [ehabkost: Fixed CCW_COMPAT_* and PC_COMPAT_0_* defines] Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
There's no need to use qdev_prop_register_global_list() and an array, if we are registering a single GlobalProperty struct. Use qdev_prop_register_global() instead. Reviewed-by:
Igor Mammedov <imammedo@redhat.com> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
The variable is used only inside main(), so it can be local. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Now the type is only used inside vl.c and doesn't need to be in a header file. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Now display_type is only used inside main(), and don't need to be a global variable. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
All DisplayType values are just UI options that don't affect any hardware emulation code, except for DT_NOGRAPHIC. Replace DT_NOGRAPHIC with DT_NONE plus a new "-machine graphics=on|off" option, so hardware emulation code don't need to use the display_type variable. Cc: Michael Walle <michael@walle.cc> Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
DT_NOGRAPHIC handling will be moved to a MachineState field, and it will be easier to change milkymist_init() to check that field. Cc: Michael Walle <michael@walle.cc> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
This reduces the number of CONFIG_SPICE #ifdefs in vl.c. Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by:
Gerd Hoffmann <kraxel@redhat.com> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
This reduces the number of CONFIG_GTK #ifdefs in vl.c. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
One less #ifdef in vl.c. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
This reduces the number of CONFIG_SDL #ifdefs in vl.c. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
One less #ifdef in vl.c. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
This reduces the number of CONFIG_VNC #ifdefs in the vl.c code. The only user-visible difference is that this will make QEMU complain about syntax when using "-display vnc" ("VNC requires a display argument vnc=<display>") even if CONFIG_VNC is disabled. Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Instead of reusing DT_SDL for Cocoa, use DT_COCOA to indicate that a Cocoa display was requested. configure already ensures CONFIG_COCOA and CONFIG_SDL are never set at the same time. The only case where DT_SDL is used outside a #ifdef CONFIG_SDL block is in the no_frame/alt_grab/ctrl_grab check. That means the only user-visible change is that we will start printing a warning if the SDL-specific options are used in Cocoa mode. This is a bugfix, because no_frame/alt_grab/ctrl_grab are not used by Cocoa code. Cc: Andreas Färber <andreas.faerber@web.de> Cc: Peter Maydell <peter.maydell@linaro.org> Acked-by:
Andreas Färber <andreas.faerber@web.de> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Instead of requiring a separate function for each VGA interface, just enumerate the corresponding class names on struct VGAInterfaceInfo. Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Marcel Apfelbaum <marcel@redhat.com> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-
Eduardo Habkost authored
Instead of implementing separate check functions for each vga interface type, add a table enumerating the possible VGA interfaces. Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Marcel Apfelbaum <marcel@redhat.com> Signed-off-by:
Eduardo Habkost <ehabkost@redhat.com>
-