Select Git revision
Search by author
- Any Author
- authors
-
Adrien Ricciardi
RICCIARDI-Adrien-BayLibre
-
Alexandre Bailon abailon
-
Andrew Stubbs
ams
-
Anne Françoise Gros afgros
-
BayLibreCI baylibreCI
-
Bernhard Rosenkränzer
bero
-
Carlo Caione carlo.caione
-
Christophe Baylibre
BLChristopheCBO
-
Drew Fustini dfustini
-
Guillaume LA ROQUE glaroque
-
Guillaume Pain gpain
-
Guillaume Ranquet granquet
-
Jeremy Robinson jrobinson
-
Jerome Brunet
jbrunet
-
Julien Masson
JulienMasson
-
Julien Morin
jmorin2
-
Julien Stephan jstephan
-
Jérémie Garcia jgarcia
-
Kevin Hilman khilman
-
Markus Schneider-Pargmann msp8
- Dec 11, 2012
-
-
Michael Roth authored
Signed-off-by:Michael Roth <mdroth@linux.vnet.ibm.com>
-
- Dec 03, 2012
-
-
Michael Contreras authored
The e1000_receive function for the e1000 needs to discard packets longer than 1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes this behavior and allocates memory based on this assumption. Signed-off-by:
Michael Contreras <michael@inetric.com> Signed-off-by:
Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit b0d9ffcd) Signed-off-by:
-
Dietmar Maurer authored
The formula to compute slice_quota was wrong since commit 6ef228fc. Signed-off-by:
Dietmar Maurer <dietmar@proxmox.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> (cherry picked from commit e3980e28) Signed-off-by:
-
Stefan Hajnoczi authored
Report an error instead of segfaulting when attaching a USB device to a machine with no USB busses: $ qemu-system-arm -machine vexpress-a9 \ -sd Fedora-17-armhfp-vexpress-mmcblk0.img \ -kernel vmlinuz-3.4.2-3.fc17.armv7hl \ -initrd initramfs-3.4.2-3.fc17.armv7hl.img \ -usbdevice disk:format=raw:test.img Note that the vexpress-a9 machine does not have a USB host controller. Reported-by:David Abdurachmanov <David.Abdurachmanov@cern.ch> Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commit c128d6a6) Signed-off-by:
-
Yonit Halperin authored
The devram memslot stays active when qxl enters UNDEFINED mode (i.e, no primary surface). If migration has occurred while the device is in UNDEFINED stae, the memslots have to be reloaded at the destination. Fixes rhbz#874574 Signed-off-by:
Yonit Halperin <yhalperi@redhat.com> Signed-off-by:
-
David Gibson authored
The virtio-scsi config space is, by specification, in guest endian (which is ill-defined, but there you go). In virtio_scsi_get_config() we set up all the fields in there, using stl_raw(). Which is a problem for the max_channel and max_target fields, which are 16-bit, not 32-bit. For little-endian targets we get away with it by accident, since the first two bytes will still be correct, and the extra two bytes written (with zeroes) will be overwritten correctly by the next store. But for big-endian guests, this means the max_target field ends up as zero, which means the guest will only recognize a single disk on the virtio-scsi bus. This patch fixes the problem. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au> Signed-off-by:
David Gibson <david@gibson.dropbear.id.au> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 863d1050) Signed-off-by:
-
David Gibson authored
The virtio-scsi specification does not specify the correct endianness for fields in the request structure. It's therefore best to assume that it is "guest native" endian since that's the (stupid and poorly defined) norm in virtio. However, the qemu device for virtio-scsi has no byteswaps at all, and so will break if the guest has different endianness from the host. This patch fixes it by adding tswap() calls for the sense_len and resid fields in the request structure. In theory status_qualifier needs swaps as well, but that field is never actually touched. The tag field is a uint64_t, but since its value is completely arbitrary, it might as well be uint8_t[8] and so it does not need swapping. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Paul 'Rusty' Russell <rusty@rustcorp.com.au> Signed-off-by:
-
Peter Lieven authored
Without any complex checks we can't assume that an iscsi target is initialized to zero. Signed-off-by:
Peter Lieven <pl@kamp.de> Signed-off-by:
-
Peter Lieven authored
If the connection is interrupted before the first login is successfully completed qemu-kvm is waiting forever in qemu_aio_wait(). This is fixed by performing an sync login to the target. If the connection breaks after the first successful login errors are handled internally by libiscsi. Signed-off-by:
-
Peter Lieven authored
If an invalid URL is specified iscsi_get_error(iscsi) is called with iscsi == NULL. Signed-off-by:
-
Bruce Rogers authored
The second parameter to qapi_dealloc_type_size should be a uint64_t *, not a size_t *. This was causing our 32 bit x86 build to fail, since warnings are treated as errors. Signed-off-by:
Bruce Rogers <brogers@suse.com> Reviewed-by:
Stefan Weil <sw@weilnetz.de> Signed-off-by:
Luiz Capitulino <lcapitulino@redhat.com> (cherry picked from commit 1d162526) Signed-off-by:
-
Stefan Hajnoczi authored
visit_type_size() requires either visitor->type_size() or visitor_uint64() to be implemented, otherwise a NULL function pointer is invoked. It is possible to trigger this crash as follows: $ qemu-system-x86_64 -netdev tap,sndbuf=0,id=netdev0 \ -device virtio-blk-pci,netdev=netdev0 The 'sndbuf' option has type "size". Reviewed-by:Andreas Färber <afaerber@suse.de> Reviewed-by:
-
Paolo Bonzini authored
The reference count for embedded objects is always one too low, because object_initialize_with_type returns with zero references to the object. This causes premature finalization of the object (or an assertion failure) after calling object_ref to add an extra reference and object_unref to remove it. The fix is to move the initial object_ref call from object_new_with_type to object_initialize_with_type. Acked-by:
-
Julio Guerra authored
This patch fixes bug 1031698 : https://bugs.launchpad.net/qemu/+bug/1031698 If we look at the (truncated) translation of the conditional branch instruction in the test submitted in the bug post, the call to the exception helper is missing in the "bne-false" chunk of translated code : IN: bne- 0x1800278 OUT: 0xb544236d: jne 0xb5442396 0xb5442373: mov %ebp,(%esp) 0xb5442376: mov $0x44,%ebx 0xb544237b: mov %ebx,0x4(%esp) 0xb544237f: mov $0x1800278,%ebx 0xb5442384: mov %ebx,0x25c(%ebp) 0xb544238a: call 0x827475a ^^^^^^^^^^^^^^^^^^ 0xb5442396: mov %ebp,(%esp) 0xb5442399: mov $0x44,%ebx 0xb544239e: mov %ebx,0x4(%esp) 0xb54423a2: mov $0x1800270,%ebx 0xb54423a7: mov %ebx,0x25c(%ebp) Indeed, gen_exception(ctx, excp) called by gen_goto_tb (called by gen_bcond) changes ctx->exception's value to excp's : gen_bcond() { gen_goto_tb(ctx, 0, ctx->nip + li - 4); /* ctx->exception value is POWERPC_EXCP_BRANCH */ gen_goto_tb(ctx, 1, ctx->nip); /* ctx->exception now value is POWERPC_EXCP_TRACE */ } Making the following gen_goto_tb()'s test false during the second call : if ((ctx->singlestep_enabled & (CPU_BRANCH_STEP | CPU_SINGLE_STEP)) && ctx->exception == POWERPC_EXCP_BRANCH /* false...*/) { target_ulong tmp = ctx->nip; ctx->nip = dest; /* ... and this is the missing call */ gen_exception(ctx, POWERPC_EXCP_TRACE); ctx->nip = tmp; } So the patch simply adds the missing matching case, fixing our problem. Signed-off-by:
Julio Guerra <guerr@julio.in> Signed-off-by:
Alexander Graf <agraf@suse.de> (cherry picked from commit f0cc4aa8) Signed-off-by:
-
Paolo Bonzini authored
Commit 0d936928 (qdev: Convert busses to QEMU Object Model, 2012-05-02) removed a check on the type of the bus where a SCSI disk is hotplugged. However, hot-plugging to the wrong kind of device now causes a crash due to either a NULL pointer dereference (avoided by the previous patch) or a failed QOM cast. Instead, in this case we need to use object_dynamic_cast and check for the result, similar to what was done before that commit. Reported-by:
Markus Armbruster <armbru@redhat.com> Signed-off-by:
-
Paolo Bonzini authored
Trying to cast a NULL value will cause a crash. Returning NULL is also sensible, and it is also what the type-unsafe DO_UPCAST macro does. Reported-by:
-
Stefan Weil authored
The local string tmp_filename is passed to function get_tmp_filename which expects a string with minimum size MAX_PATH for w32 hosts. MAX_PATH is 260 and PATH_MAX is 259, so tmp_filename was too short. Commit eba25057 introduced this regression. Signed-off-by:
Blue Swirl <blauwirbel@gmail.com> (cherry picked from commit 89c9bc3d) Signed-off-by:
-
Richard Henderson authored
Fixes the pointer truncation that was occurring for branches. Cc: Stefan Weil <sw@weilnetz.de> Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by:
Richard Henderson <rth@twiddle.net> Reviewed-by:
-
Kevin Wolf authored
A missing factor for the refcount table entry size in the calculation could mean that too little memory was allocated for the in-memory representation of the table, resulting in a buffer overflow. Signed-off-by:
Michael Tokarev <mjt@tls.msk.ru> Tested-by:
-
Bruce Rogers authored
When building qemu-kvm for openSUSE:Factory, I am getting a warning in the pipe2 detection performed by configure, which prevents using --enable-werror. Change detection code to use return value of pipe2. Signed-off-by:
Peter Maydell <peter.maydell@linaro.org> Signed-off-by:
-
Aurelien Jarno authored
On an ARM host, the registers definitions from cpu.h clash with /usr/include/sys/ucontext.h. As there are unused, just remove them. Cc: Jia Liu <proljc@gmail.com> Cc: qemu-stable@nongnu.org Reviewed-by:
Aurelien Jarno <aurelien@aurel32.net> (cherry picked from commit 44e04d3b) Signed-off-by:
-
Aurelien Jarno authored
The bswap16 TCG opcode assumes that the high bytes of the temp equal to 0 before calling it. The ARM backend implementation takes this assumption to slightly optimize the generated code. The same implementation is called for implementing the cross-endian qemu_st16 opcode, where this assumption is not true anymore. One way to fix that would be to zero the high bytes before calling it. Given the store instruction just ignore them, it is possible to provide a slightly more optimized version. With ARMv6+ the rev16 instruction does the work correctly. For lower ARM versions the patch provides a version which behaves correctly with non-zero high bytes, but fill them with junk. Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org Reviewed-by:
-
Aurelien Jarno authored
The TCG arm backend considers likely that the offset to the TLB entries does not exceed 12 bits for mem_index = 0. In practice this is not true for at least the MIPS target. The current patch fixes that by loading the bits 23-12 with a separate instruction, and using loads with address writeback, independently of the value of mem_idx. In total this allow a 24-bit offset, which is a lot more than needed. Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by:
-
- Nov 30, 2012
-
-
Chen Wei-Ren authored
While reading microMIPS decoding, I found a possible wrong opcode encoding. According to [1] page 166, the bits 13..12 for MULTU is 0x01 rather than 0x00. Please review, thanks. [1] MIPS Architecture for Programmers VolumeIV-e: The MIPS DSP Application-Specific Extension to the microMIPS32 Architecture Signed-off-by:Chen Wei-Ren <chenwj@iis.sinica.edu.tw> Signed-off-by:
-
Aurelien Jarno authored
According to the MIPS Malta Developement Platform User's Manual, the i8259 interrupt controller is supposed to be connected to the hardware IRQ0, and the CBUS UART to the hardware interrupt 2. In QEMU they are both connected to hardware interrupt 0, the CBUS UART interrupt being wrong. This patch fixes that. It should be noted that the irq array in QEMU includes the software interrupts, hence env->irq[2] is the first hardware interrupt. Cc: Ralf Baechle <ralf@linux-mips.org> Reviewed-by:
Eric Johnson <ericj@mips.com> Signed-off-by:
-
Paolo Bonzini authored
We do not need BLKROSET if the kernel supports setting flags. Also, always do BLKROSET even for a read-write export, otherwise the read-only state remains "sticky" after the invocation of "qemu-nbd -r". Signed-off-by:
-
Meador Inge authored
Fixing a simple typo, s/errno/err/, that caused the error status from GDB semihosted system calls to be returned incorrectly. Signed-off-by:
Meador Inge <meadori@codesourcery.com> Reviewed-by:
-
Paolo Bonzini authored
Tools were broken because they initialized the block layer while qemu_aio_context was still NULL. Reported-by:
malc <av1474@comtv.ru> Signed-off-by:
-
Gerd Hoffmann authored
Used to be "UTB" not "USB". Signed-off-by:
-
Aurelien Jarno authored
OpenBIOS on sparc64 only support Standard VGA and not Cirrus VGA. Don't build Cirrus VGA support so that it can't be selected. This fixes the breakage introduced by commit f2898771. Reported-by:
-
Alexander Graf authored
Device tree properties need to be specified in big endian. Fix the bamboo memory size property accordingly. Signed-off-by:
-
Alexander Graf authored
When using -initrd in the virtio machine, we need to indicate the initrd start and size inside the kernel image. These parameters need to be stored in native endianness. Signed-off-by:
Christian Borntraeger <borntraeger@de.ibm.com> (cherry picked from commit 235a3f0b) Signed-off-by:
-
Avi Kivity authored
The memory core drops regions that are hidden by another region (for example, during BAR sizing), but it doesn't do so correctly if the lower address of the existing range is below the lower address of the new range. Example (qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -append "console=ttyS0" -nographic -vga cirrus): Existing range: 10000000-107fffff New range: 100a0000-100bffff Correct behaviour: drop new range Incorrect behaviour: add new range Fix by taking this case into account (previously we only considered equal lower boundaries). Tested-by:Avi Kivity <avi@redhat.com> Signed-off-by:
-
Dmitry Fleytman authored
Real HW always treats RX ring with RDH == RDT as empty. Emulation is supposed to behave the same. Reported-by:
Chris Webb <chris.webb@elastichosts.com> Reported-by:
Richard Davies <richard.davies@elastichosts.com> Signed-off-by:
Dmitry Fleytman <dmitry@daynix.com> Signed-off-by:
-
Don Slutz authored
The check using INT_MAX (2147483647) is wrong in this case. Signed-off-by:
Fred Oliveira <foliveira@cloudswitch.com> Signed-off-by:
Don Slutz <Don@CloudSwitch.com> Signed-off-by:
Stefan Hajnoczi <stefanha@gmail.com> (cherry picked from commit 2e84849a) Signed-off-by:
-
Stefan Weil authored
Those functions return -errno in case of an error. The old code would typically only detect EPERM (1) errors. Signed-off-by:
-
Paolo Bonzini authored
When setting a date in 1980, Linux is actually disregarding the century byte and setting the year to 2080. This causes a year-2038 overflow in mktimegm. Fix this by doing the days-to-seconds computation in 64-bit math. Reported-by:
Lucas Meneghel Rodrigues <lookkas@gmail.com> Signed-off-by:
-
Gerd Hoffmann authored
Don't try to be clever and skip displaysurface reinitialization in case the size hasn't changed. Other parameters might have changed nevertheless, for example depth or stride, resulting in rendering being broken then. Trigger: boot linux guest with vesafb, start X11, make sure both vesafb and X11 use the display same resolution. Then watch X11 screen being upside down. Signed-off-by:
-
Alon Levy authored
As suggested by Paolo Bonzini, to avoid possible integer overflow issues. Signed-off-by:
Alon Levy <alevy@redhat.com> Signed-off-by:
-
Hans de Goede authored
According to the spec we must raise an interrupt when one is requested even for non active tds. Linux depends on this, for bulk transfers it runs an inactivity timer to work around a bug in early uhci revisions, when we take longer then 200 ms to process a packet, this timer goes of, and as part of the handling Linux then unlinks the qh, and relinks it after the frindex has increased by atleast 1, the problem is Linux only checks for the frindex increases on an interrupt, and we don't send that, causing the qh to go inactive for more then 32 frames, at which point we consider the packet cancelled. Signed-off-by:
Hans de Goede <hdegoede@redhat.com> Signed-off-by:
-
