Select Git revision
Search by author
- Any Author
- authors
-
Adrien Ricciardi
RICCIARDI-Adrien-BayLibre
-
Alexandre Bailon abailon
-
Andrew Stubbs
ams
-
Anne Françoise Gros afgros
-
BayLibreCI baylibreCI
-
Bernhard Rosenkränzer
bero
-
Carlo Caione carlo.caione
-
Christophe Baylibre
BLChristopheCBO
-
Drew Fustini dfustini
-
Guillaume LA ROQUE glaroque
-
Guillaume Pain gpain
-
Guillaume Ranquet granquet
-
Jeremy Robinson jrobinson
-
Jerome Brunet
jbrunet
-
Julien Masson
JulienMasson
-
Julien Morin
jmorin2
-
Julien Stephan jstephan
-
Jérémie Garcia jgarcia
-
Kevin Hilman khilman
-
Markus Schneider-Pargmann msp8
- Sep 05, 2012
-
-
Michael Roth authored
Signed-off-by:Michael Roth <mdroth@linux.vnet.ibm.com>
-
Ian Campbell authored
This is XSA-17 / CVE-2012-3515 Signed-off-by:
Ian Campbell <ian.campbell@citrix.com> Signed-off-by:
Anthony Liguori <aliguori@us.ibm.com>
-
Paolo Bonzini authored
QEMU will hang when fed the following command-line qemu-system-mips -kernel vmlinux-2.6.32-5-4kc-malta -append "console=ttyS0" -nographic -net none The -net none is important otherwise it seems some events are generated causing the things to work. When it doesn't work, the guest hangs when measuring the CPU frequency, after the following line: [ 0.000000] NR_IRQS:256 Pressing a key on the serial port unblocks it, hinting that the problem is due to the recent elimination of the 1 second timeout in the main loop. The problem is that because init_timer_alarm sets the timer's pending flag to true, the alarm timer is never armed until after the first time through the main loop. Thus the bug started when QEMU started testing the pending flag in qemu_mod_timer (commit 1828be31, more alarm timer cleanup, 2010-03-10). But actually, it isn't true at all that a timer is pending when the alarm timer is created, and the real bug has been latent forever: the fix is to remove the bogus setting of pending flag. Reported-by:
Aurelien Jarno <aurelien@aurel32.net> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> Reviewed-by:
Jan Kiszka <jan.kiszka@siemens.com> Tested-by:
Michael Tokarev <mjt@tls.msk.ru> Signed-off-by:
-
Max Filippov authored
This prevents guest from proceeding with uninitialised garbage returned from unimplemented simcalls. Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> Signed-off-by:
Blue Swirl <blauwirbel@gmail.com> (cherry picked from commit e7eee62a) Signed-off-by:
-
Max Filippov authored
Quote from ISA, 2.1: For most Xtensa instructions, bit numbering is irrelevant; only the BBC and BBS instructions assign bit numbers to values on which the processor operates. The BBC/BBS instructions use big-endian bit ordering (0 is the most-significant bit) on a big-endian processor configuration. Signed-off-by:
-
Hans de Goede authored
Signed-off-by:
Hans de Goede <hdegoede@redhat.com> (cherry picked from commit 7ce86aa1) Conflicts: hw/usb/hcd-ehci.c Signed-off-by:
-
Michael S. Tsirkin authored
The facility to use/unuse vectors dynamically is helpful for virtio but little else: everyone just seems to use vectors in their init function. Avoid clearing msix vector use info on reset and load. For virtio, clear it explicitly. This should fix regressions reported with ivshmem - though I didn't test this, I verified that virtio keeps working like it did. Tested-by:
Cam Macdonell <cam@cs.ualberta.ca> Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Gleb Natapov authored
The bug causes Windows + OVMF hang after reboot since OVMF checks PMREGMISC to see if IO space is enabled and skip configuration if it is. Reviewed-by:
Laszlo Ersek <lersek@redhat.com> Signed-off-by:
Gleb Natapov <gleb@redhat.com> Signed-off-by:
-
Stefano Stabellini authored
qemu_rearm_alarm_timer partially duplicates the code in qemu_next_alarm_deadline to figure out if it needs to rearm the timer. If it calls qemu_next_alarm_deadline, it always rearms the timer even if the next deadline is INT64_MAX. This patch simplifies the behavior of qemu_rearm_alarm_timer and removes the duplicated code, always calling qemu_next_alarm_deadline and only rearming the timer if the deadline is less than INT64_MAX. Signed-off-by:
Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by:
Stefan Weil <sw@weilnetz.de> Tested-by:
Andreas Färber <andreas.faerber@web.de> Signed-off-by:
-
- Aug 30, 2012
-
-
Stefan Weil authored
Clang reports this warning: Null pointer passed as an argument to a 'nonnull' parameter Reviewed-by:
Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by:
-
Jan Kiszka authored
The last argument of find_portio is "write", so this must be true here. Signed-off-by:
-
Cam Macdonell authored
setup_ioeventfds() is unnecessary and actually causes a segfault when used ioeventfd=on is used on the command-line. Since ioeventfds are handled within the memory API, it can be removed. Signed-off-by:
-
Peter Maydell authored
Add the missing .class_size definition to the arm_gic_info TypeInfo. This fixes the memory corruption and possible segfault that otherwise results when the class struct is allocated at too small a size and the class init function writes off the end of it. Reported-by:
Adam Lackorzynski <adam@os.inf.tu-dresden.de> Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> Signed-off-by:
-
- Aug 28, 2012
-
-
Aurelien Jarno authored
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was broken in that it did not respect the ABI requirement that 64 bit values were passed in even-odd register pairs. The simplest way to fix this is to implement some new utility functions for marshalling function arguments into the correct registers and stack, so that the code which sets up the address and data arguments does not need to care whether there has been a preceding env argument. Based on commit 9716ef3b for ARM by Peter Maydell. Signed-off-by:
-
Munkyu Im authored
Winwave audio backend has problem with pausing and restart audio out. Unlike other backends, Winwave pausing API does not flush audio buffer. As a result, the previous audio data are played in front of user expected sound when user restart audio. So changes it to waveOutReset() Signed-off-by:
Munkyu Im <munkyu.im@samsung.com> Signed-off-by:
malc <av1474@comtv.ru> (cherry picked from commit 13ef70f6) Signed-off-by:
-
Eric Johnson authored
The microMIPS SWP and SDP instructions do not modify GPRs. So their behavior is well defined when RD equals BASE. The MIPS Architecture Verification Programs (AVPs) check that they work as expected. This is required for AVPs to pass. Signed-off-by:
Eric Johnson <ericj@mips.com> Signed-off-by:
-
Eric Johnson authored
The MIPS Architecture Verification Programs (AVPs) check privileged instructions for the required privilege level. These changes are needed to pass the AVP suite. Signed-off-by:
-
Richard Henderson authored
The kernel will emulate this instruction if it's not supported natively. This insn is used for TLS, among other things, and so is required by modern glibc. Signed-off-by:
Richard Henderson <rth@twiddle.net> Cc: Riku Voipio <riku.voipio@iki.fi> Signed-off-by:
-
Richard Henderson authored
We've already eliminated both base and index being zero. Signed-off-by:
-
Richard Sandiford authored
The FS input to CVT.PS.S is the high half and FT is the low half. tcg_gen_concat_i32_i64 takes the low half first, so the operands were in the wrong order. Signed-off-by:
Richard Sandiford <rdsandiford@googlemail.com> Signed-off-by:
-
Richard Sandiford authored
Read the second input operand of RECIP2.S and RECIP2.PS from FT rather than FD. RECIP2.D is already correct. Signed-off-by:
-
Aurelien Jarno authored
Store slow path has been broken in e141ab52: - the arguments are shifted before the last one (mem_index) is written. - the shift is done for both slow and fast paths. Fix that. Also optimize a bit by bundling the move together. This still can be optimized, but it's better to wait for a decision to be taken on the arguments order. Signed-off-by:
-
Aurelien Jarno authored
Prologue and epilogue code has been broken in cea5f9a2. Signed-off-by:
-
Peter Maydell authored
The CONFIG_TCG_PASS_AREG0 code for calling ld/st helpers was broken in that it did not respect the ABI requirement that 64 bit values were passed in even-odd register pairs. The simplest way to fix this is to implement some new utility functions for marshalling function arguments into the correct registers and stack, so that the code which sets up the address and data arguments does not need to care whether there has been a preceding env argument. Signed-off-by:
-
Matthew Ogilvie authored
> This instruction is always treated as a register-to-register (MOD = 11) > instruction, regardless of the encoding of the MOD field in the MODR/M > byte. Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on real Intel 386 and 486 CPU's (at least), but does not run in qemu without this patch. Signed-off-by:
Matthew Ogilvie <mmogilvi_qemu@miniinfo.net> Signed-off-by:
-
Paolo Bonzini authored
We do not register ioeventfds unless the IVSHMEM_IOEVENTFD feature is set. The same feature must be checked before releasing the eventfds. Regression introduced by commit 563027cc (ivshmem: use EventNotifier and memory API, 2012-07-05). Reported-by:
-
Paolo Bonzini authored
object_deinit is only called when the reference count goes to zero, and yet tries to do an object_unparent. Now, object_unparent either does nothing or it will decrease the reference count. Because we know the reference count is zero, the object_unparent call in object_deinit is useless. Instead, we need to disconnect the object from its parent just before we remove the last reference apart from the parent's. This happens in object_delete. Once we do this, all calls to object_unparent peppered through QEMU can go away. Signed-off-by:
-
Anthony Liguori authored
Reported-by:
-
Stefan Weil authored
Commits b5dc7732 and be24bb4f optimized the code and removed the correct setting of t0. Fix this. gcc-4.7 detected this bug because parameter arg1 was unused but set in set_HIT0_LO and set_HI_LOT0. Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by:
-
Meador Inge authored
While running in the usermode emulator all of the required* MIPS32r2 RDHWR hardware registers should be accessible (the Linux kernel enables access to these same registers). Note that these registers are still enabled when the MIPS ISA is not release 2. This is OK since the Linux kernel emulates access to them when they are not available in hardware. * There is also the ULR register which is only recommended for full release 2 compliance. Incidentally, accessing this register in the current implementation works fine without flipping its access bit. Signed-off-by:
Meador Inge <meadori@codesourcery.com> Signed-off-by:
-
Anthony Liguori authored
At some point in the past, the OPEN event was changed to be issued from a bottom half. This creates a small window whereas a data callback registered in init may be invoked before the OPEN event has been issued. This is reproducible with: echo "{'execute': 'qmp_capabilities'}" | qemu-system-x86_64 -M none -qmp stdio We can fix this for the monitor by moving the parser initialization to init. The remaining state that is set in OPEN appears harmless. Reported-by:Daniel Berrange <berrange@redhat.com> Signed-off-by:
-
Jim Meyering authored
Return NULL upon malloc failure. Signed-off-by:
Jim Meyering <meyering@redhat.com> Signed-off-by:
-
Jim Meyering authored
Always call unlock_user before returning. Signed-off-by:
-
Jim Meyering authored
Signed-off-by:
-
Jim Meyering authored
Also, use g_malloc to avoid NULL-deref upon OOM. Signed-off-by:
-
Jim Meyering authored
Signed-off-by:
-
Dongxiao Xu authored
If the two multiply operands are int and uint types separately, the int type will be transformed to uint firstly, which is not the intent in our code piece. The fix is to add (int64_t) transform for the uint type before the multiply. Signed-off-by:
Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by:
-
Frediano Ziglio authored
When memory is mapped in qemu_map_cache with lock != 0 a reverse mapping is created pointing to the virtual address of location requested. The cached mapped entry is saved in last_address_vaddr with the memory location of the base virtual address (without bucket offset). However when this entry is invalidated the virtual address saved in the reverse mapping is used. This cause that the mapping is freed but the last_address_vaddr is not reset. Signed-off-by:
Frediano Ziglio <frediano.ziglio@citrix.com> Signed-off-by:
-
Jan Kiszka authored
This MMIO area is an entry gate to legacy PC ISA devices, addressed via PIO over there. Quite a few of the PIO ports have side effects on access like starting/stopping timers that must be executed properly ordered /wrt the CPU. So we have to remove the coalescing mark. Acked-by:
Hervé Poussineau <hpoussin@reactos.org> Acked-by:
-
Alexey Kardashevskiy authored
QEMU uses IO handlers to run select() in the main loop. The handlers list is managed by qemu_set_fd_handler() helper which works fine when called from the main thread as it is called when select() is not waiting. However IO handlers list can be changed in the thread other than the main one doing os_host_main_loop_wait(), for example, as a result of a hypercall which changes PCI config space (VFIO on POWER is the case) and enables/disabled MSI/MSIX which closes/creates eventfd handles. As the main loop should be waiting on the newly created eventfds, it has to be restarted. The patch adds the qemu_notify_event() call to interrupt select() to make main_loop() restart select() with the updated IO handlers list. Signed-off-by:
Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by:
-
