- 05 Apr, 2014 18 commits
-
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
libsdl2-dev does not depend on libpng-dev and libjpeg-dev, so add those to build-deps or else build fails
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
-
Michael Tokarev authored
v2.0.0-rc1 release Removed changed bin files in pc-bios, plus 2 new files: pc-bios/QEMU,cgthree.bin pc-bios/bios-256k.bin
-
Michael Tokarev authored
-
Michael Tokarev authored
-
- 03 Apr, 2014 9 commits
-
-
Peter Maydell authored
Signed-off-by:Peter Maydell <peter.maydell@linaro.org>
-
Peter Maydell authored
* remotes/riku/for-2.0: linux-user: pass correct host flags to accept4() Signed-off-by: -
Andreas Färber authored
FreeBSD 10.0-RELEASE has bswap16() etc. macros defined in sys/endian.h, which leads to a conflict with our static inline definitions. Force using the system version of the macros. Signed-off-by:
-
Alexander Graf authored
Commit 6f1834a2 exposed a bug in openpic_kvm where we don't filter for memory events that only happen to the region we want to know events about. Add proper filtering, fixing the e500plat target with KVM. Signed-off-by:
-
Peter Maydell authored
* remotes/bonzini/scsi-next: iscsi: always query max WRITE SAME length iscsi: ignore flushes on scsi-generic devices iscsi: recognize "invalid field" ASCQ from WRITE SAME command scsi-bus: remove bogus assertion Signed-off-by: -
Peter Crosthwaite authored
Change over to my proper Xilinx email. s/petalogix.com/xilinx.com. Signed-off-by:
-
Paolo Bonzini authored
Max WRITE SAME length is also used when the UNMAP bit is zero, so it should be queried even if LBPWS=0. Same for the optimal transfer length. However, the write_zeroes_alignment only matters for UNMAP=1 so we still restrict it to LBPWS=1. Reviewed-by:
-
Paolo Bonzini authored
Non-block SCSI devices do not support flushing, but we may still send them requests via bdrv_flush_all. Just ignore them. Reviewed-by:
-
Paolo Bonzini authored
Some targets may return "invalid field" as the ASCQ from WRITE SAME if they support the command only without the UNMAP field. Recognize that, and return ENOTSUP just like for "invalid operation code". Reviewed-by:
-
- 02 Apr, 2014 1 commit
-
-
Paolo Bonzini authored
This assertion is invalid, because get_sg_list can return an empty sg-list even for commands that transfer no data (such as SYNCHRONIZE CACHE). Signed-off-by:
-
- 01 Apr, 2014 12 commits
-
-
Peter Maydell authored
Tracing pull request # gpg: Signature made Tue 01 Apr 2014 19:08:48 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/tracing-pull-request: trace: add workaround for SystemTap PR13296 Signed-off-by: -
Frank Ch. Eigler authored
SystemTap sdt.h sometimes results in compiled probes without sufficient information to extract arguments. This can be solved in a slightly hacky way by encouraging the compiler to place arguments into registers. This patch fixes the apic_reset_irq_delivered() trace event on Fedora 20 with gcc-4.8.2-7.fc20 and systemtap-sdt-devel-2.4-2.fc20 on x86_64. Signed-off-by:
-
Peter Maydell authored
Block pull request # gpg: Signature made Tue 01 Apr 2014 18:11:16 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (51 commits) qcow2: link all L2 meta updates in preallocate() parallels: Sanity check for s->tracks (CVE-2014-0142) parallels: Fix catalog size integer overflow (CVE-2014-0143) qcow2: Limit snapshot table size qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) qcow2: Fix copy_sectors() with VM state block: Limit request size (CVE-2014-0143) block: vdi bounds check qemu-io tests dmg: prevent chunk buffer overflow (CVE-2014-0145) dmg: use uint64_t consistently for sectors and lengths dmg: sanitize chunk length and sectorcount (CVE-2014-0145) dmg: use appropriate types when reading chunks dmg: drop broken bdrv_pread() loop dmg: prevent out-of-bounds array access on terminator dmg: coding style and indentation cleanup qcow2: Fix new L1 table size check (CVE-2014-0143) qcow2: Protect against some integer overflows in bdrv_check qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref ... Signed-off-by: -
Peter Maydell authored
input bugfixes for 2.0 # gpg: Signature made Tue 01 Apr 2014 10:16:43 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-input-7: input: add sanity check input: mouse_set should check input device type. input: fix input_event_key_number trace event Signed-off-by: -
Stefan Hajnoczi authored
preallocate() only links the first QCowL2Meta's data clusters into the L2 table and ignores any chained QCowL2Metas in the linked list. Chains of QCowL2Meta structs are built up when contiguous clusters span L2 tables. Each QCowL2Meta describes one L2 table update. This is a rare case in preallocate() but can happen. This patch fixes preallocate() by iterating over the whole list of QCowL2Metas. Compare with the qcow2_co_writev() function's implementation, which is similar but also also handles request dependencies. preallocate() only performs one allocation at a time so there can be no dependencies. Signed-off-by: -
Kevin Wolf authored
This avoids a possible division by zero. Convert s->tracks to unsigned as well because it feels better than surviving just because the results of calculations with s->tracks are converted to unsigned anyway. Signed-off-by:
-
Kevin Wolf authored
The first test case would cause a huge memory allocation, leading to a qemu abort; the second one to a too small malloc() for the catalog (smaller than s->catalog_size), which causes a read-only out-of-bounds array access and on big endian hosts an endianess conversion for an undefined memory area. The sample image used here is not an original Parallels image. It was created using an hexeditor on the basis of the struct that qemu uses. Good enough for trying to crash the driver, but not for ensuring compatibility. Signed-off-by:
-
Kevin Wolf authored
Even with a limit of 64k snapshots, each snapshot could have a filename and an ID with up to 64k, which would still lead to pretty large allocations, which could potentially lead to qemu aborting. Limit the total size of the snapshot table to an average of 1k per entry when the limit of 64k snapshots is fully used. This should be plenty for any reasonable user. This also fixes potential integer overflows of s->snapshot_size. Suggested-by:
-
Kevin Wolf authored
This avoids an unbounded allocation. Signed-off-by:
-
Kevin Wolf authored
For the L1 table to loaded for an internal snapshot, the code allocated only enough memory to hold the currently active L1 table. If the snapshot's L1 table is actually larger than the current one, this leads to a buffer overflow. Signed-off-by:
-
Kevin Wolf authored
The qcow2 code assumes that s->snapshots is non-NULL if s->nb_snapshots != 0. By having the initialisation of both fields separated in qcow2_open(), any error occuring in between would cause the error path to dereference NULL in qcow2_free_snapshots() if the image had any snapshots. Signed-off-by:
-
Kevin Wolf authored
bs->total_sectors is not the highest possible sector number that could be involved in a copy on write operation: VM state is after the end of the virtual disk. This resulted in wrong values for the number of sectors to be copied (n). The code that checks for the end of the image isn't required any more because the code hasn't been calling the block layer's bdrv_read() for a long time; instead, it directly calls qcow2_readv(), which doesn't error out on VM state sector numbers. Signed-off-by:
-