Commit Graph

45382 Commits

Author SHA1 Message Date
Peter Maydell ef5d5641f5 ehci: fix (s)iTD looping issue (CVE-2015-8558) in a different way.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXFc6eAAoJEEy22O7T6HE4jOsQAInCKNSK7UbHEqAxcNt9v9jB
 7wrv87tiNYRQrFE46oLcvQdVfggW0Dml2xX8Isrmm44DKd7pZzliklHqlAIiyX2Z
 KyjrEjpTLJ3hMAHD9UbiCg4u69W4gWNTGhHtzYUCfRMwTfIawhKwUSce61ZscZEo
 Brb9hJa6mPULSey7LvFTlqEAH9qMiKTV53jZ4t/mcBNwICtOmPzxoQkegNxoFP6u
 k0gHdI9V2uwfDGlnyXKY38CytE08C+JB2CL4OggGeF6VFZDxeYZJc6pEiGhepFyE
 PPt5blBNyHxPvYXtCJp+K94IfhJB2iDGuBFL8SuMVtmE6FGDKGlCgZrV32TcCxxU
 nDK7hdbhz3wnpvlcc5L5xXe3bAyFyasWQ5BGtamgwyG/U+3WYm9A+j5nNXyI8f3A
 IWfR84XfuynNIHn+eCrHZHkby7x+U9IQ2yeb/2vwUj4ddGGo2nCnqjqVnh2CFWoW
 HWPLhQi0sjCN2/Sfokxh8Dm9lTDrUTz5tyZhPQUw4xzrpPdDbkQkAruO9MJmulRz
 D24s8AObL4s/0CKRbN/U3dzE9oxqJ0V++zGbdPyg8QFaPczXruGSrHCPxQjY3rto
 JEjNanI01Nl0TcA7EquTxjVsZdeGSEGuhBnx7qJO2LtjMbcOrHZg4vGXIyI1Oc6N
 F0RYHVSQibOwLG0r9pQi
 =Y5Gl
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20160419-1' into staging

ehci: fix (s)iTD looping issue (CVE-2015-8558) in a different way.

# gpg: Signature made Tue 19 Apr 2016 07:22:22 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20160419-1:
  Revert "ehci: make idt processing more robust"
  ehci: apply limit to iTD/sidt descriptors

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-19 12:10:30 +01:00
Peter Maydell bb97bfd901 ppc patch queueu for 2016-04-19
A single fix for a regression since 2.5.  This should be the last ppc
 pull request for 2.6.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXFY5uAAoJEGw4ysog2bOS1MgQAIKbBZPcKZeu7k8zVik6tObc
 N7T3xrzZC0zMJEB9uu8m2ULsHhk7NMs2nl951q8ofHeufYtMUVwrmvML90+09wrL
 brq08o0fHxyzWLmadwyHW8YuY5rTB1rsPTfUM+nUblS8n3LdcI2C8xBR6+Zvdjfj
 /4znUujytbxyncVgQR624Y0TXDFD3+EzYSnF9mEGMpXG4DLoIZpltFR1XwSf0Izz
 MkUeyPuXacapXofIKtJTPwmHDjetsElJTt4u85kw4XrjVeo9vXjBfZnbRIqd6jrM
 1dPz2oDYjNLU1TrpQtaXM54DXYyy+klpBbZbEBp0O43GRNWAtVDvK6XSpwHsScuE
 C/7wAIoMzNuGHrUnhmpkDJuJpulJuGiY0df+8me+K52NDaPgTeW0ZF1heGnMBQ3t
 7P2aSZ06Us047isGHYQpmvzf0ptLwn54i0Hh35ChXyrkCBHfA0DyRXhDbI+7GurA
 42quB8NZ8JeIoCtP0EPjYn532bDa8DKCegnNR6au+pkr9Ato4cDxO02JiINT4Y94
 +fMtvlWeHVGLuFVul/WRPYhzP7cRPvrcswpL/iABjCXKpfyRrg11Pe0Wvmn1JLnX
 tMjPCd2K1fqwYMtJ2uCIlv4NpDofJIdKF+kgVe8/VAFlKM4SpA6F+IILOqIsZUR1
 pE+nmQ6KAfIhnH2rfxy6
 =+Eci
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160419' into staging

ppc patch queueu for 2016-04-19

A single fix for a regression since 2.5.  This should be the last ppc
pull request for 2.6.

# gpg: Signature made Tue 19 Apr 2016 02:48:30 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160419:
  cuda: fix off-by-one error in SET_TIME command

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-19 11:15:32 +01:00
Michael S. Tsirkin 5eb0b194e9 cadence_uart: bounds check write offset
cadence_uart_init() initializes an I/O memory region of size 0x1000
bytes.  However in uart_write(), the 'offset' parameter (offset within
region) is divided by 4 and then used to index the array 'r' of size
CADENCE_UART_R_MAX which is much smaller: (0x48/4).  If 'offset>>=2'
exceeds CADENCE_UART_R_MAX, this will cause an out-of-bounds memory
write where the offset and the value are controlled by guest.

This will corrupt QEMU memory, in most situations this causes the vm to
crash.

Fix by checking the offset against the array size.

Cc: qemu-stable@nongnu.org
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 20160418100735.GA517@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-19 11:13:59 +01:00
Peter Maydell a087cc589d X86 fix for 2.6.0-rc3
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXFS83AAoJECgHk2+YTcWmsY0P/i0mp5enDW96iZpn9QjSX2ic
 lxqBLbLJSzCitWItrorlPiIdfkkxlOlREqvnGWL/TaB6HVgZy+nSLqa1+pa/xRAy
 d5rzoRECSN3vfhCg2E0/NdYYCmKkKlDL6shid34UxMe0QWR3bcvw/OxSiDRZZvw0
 uggADw4V5R7/XkcAWB8FyNXATDjaZx9kHKrpOJ6l7+yBTAXLwzI5rE7y2NleZ05l
 BJ02PcTF8RrUhHzDfGRBcYu4osoXSVKgMMNpzWA04gxxeVien7C6tT+MJrQ0xYd4
 Oj38IT96SPadnWjp6x7JKrvoAALBuaBasFp6M5LlhDO3Ir2SWnXQ4UcW046J75nw
 hQZ/cEDqOIk1v1tJtZZ8mNhMVyWTid7Qq73Ey29ALmVJnDBzga9bsjqjRs+5kAIy
 vCgLbU+xFYeqeiyKFkHis4gp2AYAxyt30s6CL6gPY1z1M8Idhkf8adlcj26jA1VW
 xF14AmDa2AyBwzP2CylJbazN6ZrNwz3qn2h5fPgqUmKp7pYIe84L9LVybM0HlXN4
 MgkA2WUkeX53Ghg3j07dw0L1vW5UYUNeZE1O1q5TS62mCUJWHdi/G83b6LnFfnJY
 xMzBOOBPgdlMRe5IXaL3RdTOm78MuOhOGVs1OQzyxe9GgJa2OiOftYOHDcuVDQmj
 KLJ82Z/2jxnjr5fO5AUc
 =9YsB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging

X86 fix for 2.6.0-rc3

# gpg: Signature made Mon 18 Apr 2016 20:02:15 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"

* remotes/ehabkost/tags/x86-pull-request:
  target-i386: Set AMD alias bits after filtering CPUID data

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-19 10:11:17 +01:00
Gerd Hoffmann a49923d283 Revert "ehci: make idt processing more robust"
This reverts commit 156a2e4dbf.

Breaks FreeBSD.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-04-19 08:20:56 +02:00
Gerd Hoffmann 1ae3f2f178 ehci: apply limit to iTD/sidt descriptors
Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
DoS by the guest (create a circular iTD queue and let qemu ehci
emulation run in circles forever).  Unfortunately this has two problems:
First it misses the case of siTDs, and second it reportedly breaks
FreeBSD.

So lets go for a different approach: just count the number of iTDs and
siTDs we have seen per frame and apply a limit.  That should really
catch all cases now.

Reported-by: 杜少博 <dushaobo@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-04-19 08:18:27 +02:00
Aurelien Jarno ed3d807b0a cuda: fix off-by-one error in SET_TIME command
With the new framework the cuda_cmd_set_time command directly receive
the data, without the command byte. Therefore the time is stored at
in_data[0], not at in_data[1].

This fixes the "hwclock --systohc" command in a guest.

Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
[this fixes a regression introduced by e647317 "cuda: port SET_TIME
 command to new framework"]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-04-19 11:39:23 +10:00
Eduardo Habkost 9997cf7bda target-i386: Set AMD alias bits after filtering CPUID data
QEMU complains about -cpu host on an AMD machine:
  warning: host doesn't support requested feature: CPUID.80000001H:EDX [bit 0]
For bits 0,1,3,4,5,6,7,8,9,12,13,14,15,16,17,23,24.

KVM_GET_SUPPORTED_CPUID and and x86_cpu_get_migratable_flags()
don't handle the AMD CPUID aliases bits, making
x86_cpu_filter_features() print warnings and clear those CPUID
bits incorrectly.

To avoid hacking x86_cpu_get_migratable_flags() to handle
CPUID_EXT2_AMD_ALIASES (just like the existing hack inside
kvm_arch_get_supported_cpuid()), simply move the
CPUID_EXT2_AMD_ALIASES code in x86_cpu_realizefn() after the
x86_cpu_filter_features() call.

This will probably make the CPUID_EXT2_AMD_ALIASES hack in
kvm_arch_get_supported_cpuid() unnecessary, too. The hack will be
removed in a follow-up patch after v2.6.0.

Reported-by: Radim Krčmář <rkrcmar@redhat.com>
Tested-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-04-18 15:49:17 -03:00
Peter Maydell 92b674b62a QOM CPUState and X86CPU
* MAINTAINERS cleanup
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJXFQn0AAoJEPou0S0+fgE/Mg8P/3y8/GsHMILGYoj8rrQdZrkP
 VAa06TELj6QQkk1A4R3NkceJD8CHPRcQfOlMC9Weo/z5ft81zv/55x152kVgz4r+
 H1VPvlvq0TTlv8ovTqQmbZNRNNySp3H4xLg3Cs+UbD9mFn2Zg147D5PXSYpb69q/
 W/YVRTU5DmcbH0KaukC3L2fYOHsj+gtQ3Mo9ibcpLnam2d3L1w4M7lJj1QZ19IjB
 dfdV4VvV4JBJ3havzosX7OMl2fJr7Y2zdEEoRR0n2Fx/jM5rFbLWPQkONKQO1CLU
 y/tIgOeN4BWfhSh4WcV5BdCja5rjgY/YxXVtnObRQcJrVZfIURHD23OelWxIfz9h
 ZK1NGW/qzpzq3GZcI+jLHZw1Q54ooNc62pIBfqRC20Dt+AUXtPEfKT/B2j9g4nMj
 /i2M5apzvSfre+615niJ91CD+K5QHbXpNrwvgjdYcn5bLwzhqJQDapTvk2dgv5RG
 AQ3WOCpw5Yfy0TxMe6Ks2dhqNOT+fLSx1W1OC1VdQXH6T9f87mVrN/zOUVGEWTte
 Oqy/+Q03Ns0uvoPcP2okf/9mopHyZ2mV6FfP2YOIYjEJ0NvDd0c0hGn5AnvER3CG
 DoyhYYz/WWqo3aY08gCIMMIagsIkRYKhGow7qgT3XLzJqXUTbIMfUBqFvx7GMEUz
 wibSkDRctzBe/MO8EQaz
 =Xnob
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' into staging

QOM CPUState and X86CPU

* MAINTAINERS cleanup

# gpg: Signature made Mon 18 Apr 2016 17:23:16 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-cpu-for-peter:
  MAINTAINERS: Drop target-i386 from CPU subsystem

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-18 17:42:59 +01:00
Andreas Färber 2e4cad2833 MAINTAINERS: Drop target-i386 from CPU subsystem
X86CPU QOM type is in good hands and actively maintained these days, so
drop it from the generic QOM CPU subsystem.

Some refactorings and design questions will still intersect, but review
and discussions of individual series can still take place while opting out
of general X86CPU patch review.

Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2016-04-18 18:14:52 +02:00
Peter Maydell 6a6fa68ae2 Update OpenBIOS images
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJXFJ1DAAoJEFvCxW+uDzIfNz8H/2u5WrFM1OO2Xz+8zMU9BOhu
 RQOuxA4w7hlt4q4Eztfz74v0bCLlM3B6BRyAert4og1LEtloLXgfGBgVqdw+2OOd
 UTYz1D/T0Ke+Zthp4h1B6+9tAIz1N9J/wgJy5GXOD3Ckm/fgLNUwo9lFxdgkHY+u
 NTWVNrSdB7AVLyWMtG7nmDVhPB9tCLns5AZUS+J9KaBRSH3nLE/8hddEGAq6hX2x
 bTFhxp5BRS9nY6BY1h2x7vQFdEjbkq7QBAFzxpfmQrT+G9Wmk3gQfFq0LlKdOZPq
 lnNd+Smt0K2WJvIgyKaUU2JTnwZ/mJCx2CafkMd9ZdcZPd1qqbCiInzk1cGHf8U=
 =UN9W
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging

Update OpenBIOS images

# gpg: Signature made Mon 18 Apr 2016 09:39:31 BST using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-openbios-signed:
  Update OpenBIOS images

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-18 11:55:10 +01:00
Peter Maydell ba3899507a ppc patch queue for 2-16-04-18
Three bugfixe patches for 2.6 here.
 * Two for bad implementation of some of the strong load/store
   instructions
 
 * One for bad migration of the XER register.  This is a regression
   from 2.5, cause by a change in the way we represent at XER during
   runtime.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXFG3PAAoJEGw4ysog2bOSK/sQAL4jHiB83e2ob5pah7NviaWX
 3pwbvS2IrZkyeaNGVP4Qv1sghukX9E2FO1LlzqhsRGPt+W7MpfAC5kI3AC48Ivbx
 8JmPNl9o/fkXpK5p+BI503v1dLg1hy8H8sQXCXyzmyjK/+rv7gJP/3xpgTnGxT58
 aFxIevEYxK6noesMJVlxcDRt1WU/YxXfcYSXJvR4lNYqOKMYAL+jOMCcGCFYnTN3
 VOQpbp4koLrJ76ULK6t4cSieQZPp+ofSh3Y6VBvFg8SctNTXK4q3ZaC/pE00KuUd
 AIWhsKe7D1qmL5iyhqeys9JVrTdVIzG25m5U1hhpKLtv1jV9G5EgTYHsDx2cZF/9
 0hqMP7APhtCdH0ol2Qb83uBErupNzXkytnHJbqhBc+3RAUPM/VizUv3PiGGXqhuy
 tJCxdRkp2L4fWYByN0/8/3BgA3kxHszJbhTOWX3VhiEBjSygfPWH0p6rciJrrQYC
 IaPBIlIkAyoxCRIv9xjEwHHshRL1O5FpAGRgxEm4TqC7z/dyQCV0bYOzMA+7NbCJ
 dXEhRusagqE8ooa+9lZVs2PvzcbcCQIbPYtjnF4phBsxut/cK/YuSC7wWw49CjWj
 EWL3VVuzbdE9v01QkAjKvIwtLboO2yPhmnrvsn6YmsmB999Do4hpJnZ536SAGXOF
 jqDjSiDKIzKoiCfmtBUX
 =AnCp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160418' into staging

ppc patch queue for 2-16-04-18

Three bugfixe patches for 2.6 here.
* Two for bad implementation of some of the strong load/store
  instructions

* One for bad migration of the XER register.  This is a regression
  from 2.5, cause by a change in the way we represent at XER during
  runtime.

# gpg: Signature made Mon 18 Apr 2016 06:17:03 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.6-20160418:
  ppc: Fix migration of the XER register
  ppc: Fix the bad exception NIP value and the range check in LSWX
  ppc: Fix the range check in the LSWI instruction

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-18 11:11:45 +01:00
Peter Maydell adde0204e4 seccomp branch queue
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXEotmAAoJEP0M/1sS+L0vzAEIAImgDVmrNVPLfN+JZ6JGbbPG
 VqcU2jJLF5caOv+VoGXgvfL03a7AlSAjoZ2ghf3ncokB7+81Z2h9kiskbR07VRNR
 bTCQley1xZyU2O8l8ckI5Lyc8vm+UmVwiDiMg93cH/kcbOaltz9xYu+PPrQTEQXG
 lvikpI/wIsyo3nveKBCvnzKUnz8mX7dyHwUD5J7cDAqfa6XuEkJLMbHAjIS3kr9Z
 UPC0olxrVil+HxCQUkQemwO+mhhgA6l+oqRNlDIwJU2d/e5HX43YWp6ETNkW8Bnd
 vI5tIM/tjjX32pqcMbcfpLC8wqSZPocxCSZgKV8a1OQyFXPu/v9QaP/qqGDezrI=
 =oVhZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20160416' into staging

seccomp branch queue

# gpg: Signature made Sat 16 Apr 2016 19:58:46 BST using RSA key ID 12F8BD2F
# gpg: Good signature from "Eduardo Otubo (Software Engineer @ ProfitBricks) <eduardo.otubo@profitbricks.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC  3FDE FD0C FF5B 12F8 BD2F

* remotes/otubo/tags/pull-seccomp-20160416:
  seccomp: adding sysinfo system call to whitelist
  seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  configure: Enable seccomp sandbox for MIPS

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-18 10:22:44 +01:00
Peter Maydell c6c598ca5f wxx patch queue
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXESapAAoJEOCMIdVndFCtXcQP/2BM8Plo6IdkkToXrw01eZeN
 jnTBxFrFU1WCt/kNT1w9OXCm0YdQzzoi3iD5zt/PNjw13x7E8CPx0UeD2RHaFG3A
 qYLvSOXTIp7K7oumbVcwFtyIrf1uzG0Qn5A4iMGpUDFZTguYm4cW+uyJypyni9l9
 zcU1F/U1PcyCQi73j6uHsQUvCDk9oacc/TRTWKa5HPGlhzvNXWpSnfM34pmYperC
 bdOswH1DsqWL3LSkTVvcSNENE698whr8D7GlayBsAE2liRtUfrF3FlOT0Eo5Cg8v
 E/aLSSmfuTorPA23bY/158j5yF+oAlMl4DR/Nmv1+tA1d/gqxObU712JSO5zpFYj
 D2TZPCjjUXgqagcnz9QQ364jh4G9TETQwL6+mJkbiMxji/mO4R7yJIrHIzNwJ7v7
 xtLmxEqKqQr0tloRLjD1810kfQH0IZtp+lQM0s6BMWCVqspoDqtgpQVb7Xcmue4e
 Jerr5iXyKKvAoJXqIYLf5Eq3+jQJPdfgbkOhFZ0E6CYxMPP9AlJ9KizSkB+TEjHb
 qQvVB4m/BzmiuFzLRZyv4DWbkXyD0j+dQ54G4O32deu9BGxCBaKv7m5cwZV1XyMI
 A3qFK72LqakHRmMzZIEvHkze+ndNK82Ng5nJqBlrSIYU6l5H2RtY3Mp7EyiYVqJ3
 Mo3fzSN8sVjFQZCBj/1S
 =WMAY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/weil/tags/pull-wxx-20160415' into staging

wxx patch queue

# gpg: Signature made Fri 15 Apr 2016 18:36:41 BST using RSA key ID 677450AD
# gpg: Good signature from "Stefan Weil <sw@weilnetz.de>"
# gpg:                 aka "Stefan Weil <stefan.weil@weilnetz.de>"
# gpg:                 aka "Stefan Weil <stefan.weil@bib.uni-mannheim.de>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4923 6FEA 75C9 5D69 8EC2  B78A E08C 21D5 6774 50AD

* remotes/weil/tags/pull-wxx-20160415:
  wxx: Fix broken TCP networking (regression)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-18 09:55:16 +01:00
Mark Cave-Ayland afc474863f Update OpenBIOS images
Update OpenBIOS images to SVN r1395 built from submodule.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-04-18 09:38:55 +01:00
Thomas Huth aa378598fe ppc: Fix migration of the XER register
env->xer only holds the lower bits of the XER register nowadays, the
SO, OV and CA bits are stored in separate variables (see the function
cpu_write_xer() for details). Since the migration code currently only
reads the "xer" variable, the upper bits are lost during migration.
Fix it by using cpu_read_xer() instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-04-18 15:14:38 +10:00
Thomas Huth 537d3e8e6b ppc: Fix the bad exception NIP value and the range check in LSWX
The range checks in the LSWX instruction are completely insufficient:
They do not take the wrap-around case into account, and the check
"reg < rx" should be "reg <= rx" instead. Fix it by using the new
lsw_reg_in_range() helper function that is already used for LSWI, too.

Then there is a second problem: In case the INVAL exception is generated,
the NIP value is wrong, it currently points to the instruction before
the LSWX instruction. This is because gen_lswx() already decreases the
NIP value by 4 (to be prepared for page fault exceptions), and
powerpc_excp() later decreases it again by 4 while handling the program
exception. So to get this right, we've got to undo the "- 4" from
gen_lswx() here before calling helper_raise_exception_err().

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-04-18 15:14:38 +10:00
Thomas Huth afbee7128c ppc: Fix the range check in the LSWI instruction
There are two issues: First, the number of registers that are used has
to be calculated with "(nb + 3) / 4" (i.e. round always up, not down).
Second, the "start <= ra && (start + nr - 32) > ra" condition for the
wrap-around case is wrong: It has to be tested with "||" instead of "&&".
Since we can reuse this check later for the LSWX instruction, let's
place the fixed code into a helper function, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-04-18 15:14:38 +10:00
Miroslav Rezanina 8e08f8a4a7 seccomp: adding sysinfo system call to whitelist
Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
so qemu using rbd image hang after start when run in sandbox mode.

To allow using rbd images in sandbox mode we have to whitelist it.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
2016-04-16 20:27:44 +02:00
James Hogan 81bed73b53 seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
The cacheflush system call (found on MIPS and ARM) has been included in
the libseccomp header since 2.2.0, so include it back to that version.
Previously it was only enabled since 2.2.3 since that is when it was
enabled properly for ARM.

This will allow seccomp support to be enabled for MIPS back to
libseccomp 2.2.0.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-By: Andrew Jones <drjones@redhat.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
2016-04-16 20:27:41 +02:00
James Hogan 5ce4397281 configure: Enable seccomp sandbox for MIPS
Enable seccomp on MIPS since libseccomp version 2.2.0 when MIPS support
was first added.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
2016-04-16 20:27:37 +02:00
Stefan Weil 3424c8a9c8 wxx: Fix broken TCP networking (regression)
It is broken since commit c619644067.

Reported-by: Michael Fritscher <michael@fritscher.net>
Tested-by: Michael Fritscher <michael@fritscher.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-15 19:35:17 +02:00
Peter Maydell 072035eba1 Block layer patches for 2.6.0-rc3
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJXERCPAAoJEH8JsnLIjy/W1DQP/0PkX4RGpwZZFkr+SmftWYjA
 RgCWeOmLv1HduuRZ1gwh4XiUDF5YOF9FnzaYoRoUgHLYZZOP+npNZpeIjYuEvGMJ
 PHI53x6UHI/rIPuFJI+yujjPZKguIFB/F2j2dEI40s9d6Q7Y2EiJNRBj6zeFMCF0
 YFtLnrKquAoJ3JeFS51NYjTgCLuly91/jnjAbre2timyY7t3/1HhobjzmrpzGAHT
 DhcgWg4aQF1ObHMuOGyP3t9AGW7WT4xxEHnHkr4SD2SpD8j7QfGdnEb0TsQkeHu3
 FjyPEd6MHT1n6QmvSoMA9wj45SVPCdga4bAbIKsBVigF9W6cBEJ0D0ki/CbVi4c+
 Dqiy76FJv73ylkWZgbL0XbvX+P9/GVKw3s9dq2IfXE13rqlRNhQ3Um+Emi6yBIhs
 g2XgYmqt11ftljidNL8S0/4Hpf0LXkEIzWkgmvWg3qMjtr8PrGQD8qzUi7qdrGpZ
 GXlZH7FUtJQpQ68Bi4W9RlwLwGVco/sq/Q/mOtV2wUW8CgVVdiyNEqK7WsXi9fwi
 ta/VWwAmsl5LIlCX8jeEr9Xgn3hAHacVBByI49wxODvCoO9Cgjthkg1xxLTDN7B1
 wwbNzzQLWTCRlXONTmGzgNho6dAIIEbYN30JNaAgemlKblNsqz/Sq84FzfSlpt/j
 cvhF3zLa/RpMWhm6Awyv
 =qnSC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.6.0-rc3

# gpg: Signature made Fri 15 Apr 2016 17:02:23 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  nbd: Don't kill server on client that doesn't request TLS
  nbd: fix assert() on qemu-nbd stop
  nbd: Don't fail handshake on NBD_OPT_LIST descriptions
  qemu-iotests: 041: More robust assertion on quorum node
  qemu-iotests: place valgrind log file in scratch dir
  qemu-iotests: tests: do not set unused tmp variable
  qemu-iotests: common.rc: drop unused _do()
  qemu-iotests: drop unused _within_tolerance() filter
  Fix pflash migration
  block: Don't ignore flags in blk_{,co,aio}_write_zeroes()
  block/vpc: update comments to be compliant w/coding guidelines
  block/vpc: set errp in vpc_open
  block/vpc: make checks on max table size a bit more lax
  block/vpc: Use the correct max sector count for VHD images
  block/vpc: use current_size field for XenConverter VHD images
  vpc: use current_size field for XenServer VHD images
  block/vpc: set errp in vpc_create
  block: Fix blk_aio_write_zeroes()
  qemu-io: Support 'aio_write -z'

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-15 18:26:49 +01:00
Peter Maydell c7b45f1282 hostmem-file: plug a small leak
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXERcyAAoJEDhwtADrkYZTvIAQAJ1Yd+VIcjT1o/pDFOhDqUGu
 PasrTq2S8jeFrseN/5t+BAnOCNOkMXlzhSwYZKlycJ41eWyfgIb6+Jkg/H3QHd2o
 WLRMpzKnDT2gnQBeb2ht9WAk+6EmfLLKegxSvDKuLecJ0vfyoz5+m4Bem+AP5yqE
 yeDNdenKzO82u2D0tol1s4Mb0iX8AGG7xBuC+SFEIgBznibNUAcz/kNFvV2CECzy
 M2fvElj70Eza0FqpLM/lY9fpfNGtsctRIr/p/P4ijZY/dSWTXzy/0DEaDV0BI94J
 oxI35FKZUB1vXx1xU38UAp5v1Yhg9bH2LcaGwV8nwqLIjx6UqckbWXd5SKFZrWO9
 WcXFm+BudwvZ0hUpuuOg9SabvaWpgG6631PekkMYdIMz/OiSmI6DvY86iZBX4viR
 cM4LFw+JfYwO6kocE+Xw0Yd0Y/wIrMNoLJ9sm0C9uofSxUvrwc/Iglzgbzj939fl
 MLIwLwe5Bced7Ucw6GJ+Upp5GBv7yJJSa9q2UJ+NTh1pwZX1z3F/wEv1VE7pArtz
 SBhB7/hfPZkiJv0Yg5WREvQTkw09v4iYso6KvEEx0D5GJngBfOhZDizK5PN9NyKS
 WH+fWDIP0daHRc9V526kdsbpEcdsJjGdwNhkVM6M0AepyCKeAgAg5M7RRRIG7YS7
 +ek93fqd9oKMV6rGGMMj
 =seHo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-backends-2016-04-15' into staging

hostmem-file: plug a small leak

# gpg: Signature made Fri 15 Apr 2016 17:30:42 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-backends-2016-04-15:
  hostmem-file: plug a small leak

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-15 17:43:34 +01:00
Kevin Wolf cdc8845331 Block patches for 2.6.0-rc3.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJXEQ9qAAoJEDuxQgLoOKytNf4IAKIpgbFOAsIpJOAcNxsAveP1
 uKqxK6pUYIz2Q+qOfAkFhXdHMmmf8APSzyMRcUNTpYL7c2V4uvV5Bn+Ry1rPFSMg
 c4gX74TNrbYs/3RtyRmJadq6dUoyl2gFZWH8nEhEIF/DLYapnstuSmrKGNFesNP5
 LNcJojUAh4aY+kflndsuFqPY7A56crpngsmSPiLZc8beJnLpg6aPhr+ByLh1SgXL
 O51Rf7rBaIls1w3jOJtwnctuDe934B6yYfSlqHtUFpuRQaoakv59Ow4436SlTcMf
 ZyyEhLC6FKM1SpOHvwSrCDzU7hxiAecFTMQs4un/cDV22dzxRZS40p5t3wjVIts=
 =lTt/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-04-15' into queue-block

Block patches for 2.6.0-rc3.

# gpg: Signature made Fri Apr 15 17:57:30 2016 CEST using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"

* mreitz/tags/pull-block-for-kevin-2016-04-15:
  nbd: Don't kill server on client that doesn't request TLS
  nbd: fix assert() on qemu-nbd stop
  nbd: Don't fail handshake on NBD_OPT_LIST descriptions
  qemu-iotests: 041: More robust assertion on quorum node
  qemu-iotests: place valgrind log file in scratch dir
  qemu-iotests: tests: do not set unused tmp variable
  qemu-iotests: common.rc: drop unused _do()
  qemu-iotests: drop unused _within_tolerance() filter

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:59:42 +02:00
Eric Blake d1129a8ad9 nbd: Don't kill server on client that doesn't request TLS
Upstream NBD documents (as of commit 4feebc95) that servers MAY
choose to operate in a conditional mode, where it is up to the
client whether to use TLS.  For qemu's case, we want to always be
in FORCEDTLS mode, because of the risk of man-in-the-middle
attacks, and since we never export more than one device; likewise,
the qemu client will ALWAYS send NBD_OPT_STARTTLS as its first
option.  But now that SELECTIVETLS servers exist, it is feasible
to encounter a (non-qemu) client that is programmed to talk to
such a server, and does not do NBD_OPT_STARTTLS first, but rather
wants to probe if it can use a non-encrypted export.

The NBD protocol documents that we should let such a client
continue trying, on the grounds that maybe the client will get the
hint to send NBD_OPT_STARTTLS, rather than immediately dropping
the connection.

Note that NBD_OPT_EXPORT_NAME is a special case: since it is the
only option request that can't have an error return, we have to
(continue to) drop the connection on that one; rather, what we are
fixing here is that all other replies prior to TLS initiation tell
the client NBD_REP_ERR_TLS_REQD, but keep the connection alive.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-id: 1460671343-18485-1-git-send-email-eblake@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
Pavel Butsykin 23994a5f52 nbd: fix assert() on qemu-nbd stop
From time to time qemu-nbd is crashing on the following assert:
    assert(state == TERMINATING);
    nbd_export_closed
    nbd_export_put
    main
and the state at the moment of the crash is evaluated to TERMINATE.

During shutdown process of the client the nbd_client_thread thread sends
SIGTERM signal and the main thread calls the nbd_client_closed callback.
If the SIGTERM callback will be executed after change the state to
TERMINATING, then the state will once again be TERMINATE.

To solve the issue, we must change the state to TERMINATE only if the state
is RUNNING. In the other case we are shutting down already.

Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1460629215-11567-1-git-send-email-den@openvz.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
Eric Blake 200650d49f nbd: Don't fail handshake on NBD_OPT_LIST descriptions
The NBD Protocol states that NBD_REP_SERVER may set
'length > sizeof(namelen) + namelen'; in which case the rest
of the packet is a UTF-8 description of the export.  While we
don't know of any NBD servers that send this description yet,
we had better consume the data so we don't choke when we start
to talk to such a server.

Also, a (buggy/malicious) server that replies with length <
sizeof(namelen) would cause us to block waiting for bytes that
the server is not sending, and one that replies with super-huge
lengths could cause us to temporarily allocate up to 4G memory.
Sanity check things before blindly reading incorrectly.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-id: 1460077777-31004-1-git-send-email-eblake@redhat.com
Reviewed-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
Fam Zheng e71fc0bae7 qemu-iotests: 041: More robust assertion on quorum node
Block nodes are now assigned names automatically, therefore the test
case is fragile in using fixed indices in result. Introduce a method in
iotests.py and do the matching more sensibly.

Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1460518995-1338-1-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
Sascha Silbe 5f1525a685 qemu-iotests: place valgrind log file in scratch dir
Do not place the valgrind log file at a predictable path in a
world-writable location. Use the common scratch directory (${TEST_DIR})
instead.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1460472980-26319-5-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
Sascha Silbe 339f06a3bc qemu-iotests: tests: do not set unused tmp variable
The previous commit removed the last usage of ${tmp} inside the tests
themselves; the only remaining users are sourced by check. So we can now
drop this variable from the tests.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1460472980-26319-4-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:56 +02:00
Sascha Silbe 6bb6f6cd9e qemu-iotests: common.rc: drop unused _do()
_do() was never used and possibly creates temporary files at
predictable, world-writable locations. Get rid of it.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1460472980-26319-3-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:55 +02:00
Sascha Silbe 242fbc19ef qemu-iotests: drop unused _within_tolerance() filter
_within_tolerance() isn't used anymore and possibly creates temporary
files at predictable, world-writable locations. Get rid of it.

If it's needed again in the future it can be revived easily and fixed up
to use TEST_DIR and / or safely created temporary files.

Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
Reviewed-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1460472980-26319-2-git-send-email-silbe@linux.vnet.ibm.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:56:55 +02:00
Marc-André Lureau bc78a01319 hostmem-file: plug a small leak
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1460566660-19241-1-git-send-email-marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-04-15 17:56:06 +02:00
Dr. David Alan Gilbert 90c647db8d Fix pflash migration
Pflash migration (e.g. q35 + EFI variable storage) fails
with the assert:

bdrv_co_do_pwritev: Assertion `!(bs->open_flags & 0x0800)' failed.

This avoids the problem by delaying the pflash update until after
the device loads complete.

Tested by:
  Migrating Q35/EFI vm.
  Changing efi variable content (with efiboot in the guest)
  md5sum'ing the variable file before migration and after.

This is a fix that Paolo posted in the message
  570244B3.4070105@redhat.com

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:27:34 +02:00
Kevin Wolf 16aaf975ee block: Don't ignore flags in blk_{,co,aio}_write_zeroes()
Commit 57d6a428 neglected to pass the given flags to blk_aio_prwv(),
which broke discard by WRITE SAME for scsi-disk (the UNMAP bit would be
ignored).

Commit fc1453cd introduced the same bug for blk_write_zeroes(). This is
used for 'qemu-img convert' without has_zero_init (e.g. on a block
device) and for preallocation=falloc in parallels.

Commit 8896e088 is the version for blk_co_write_zeroes(). This function
is only used in qemu-io.

Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2016-04-15 17:22:12 +02:00
Jeff Cody 9c057d0b68 block/vpc: update comments to be compliant w/coding guidelines
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:12 +02:00
Jeff Cody 32f6439cf7 block/vpc: set errp in vpc_open
Add more useful error information to failure paths in vpc_open

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:12 +02:00
Jeff Cody 66176fc6a7 block/vpc: make checks on max table size a bit more lax
The check on the max_table_size field not being larger than required is
valid, and in accordance with the VHD spec.  However, there have been
VHD images encountered in the wild that have an out-of-spec max table
size that is technically too large.

There is no issue in allowing this larger table size, as we also
later verify that the computed size (used for the pagetable) is
large enough to fit all sectors.  In addition, max_table_entries
is bounds checked against SIZE_MAX and INT_MAX.

Remove the strict check, so that we can accomodate these sorts of
images that are benignly out of spec.

Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Reported-by: Grant Wu <grantwwu@gmail.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:12 +02:00
Jeff Cody c23fb11bbb block/vpc: Use the correct max sector count for VHD images
The old VHD_MAX_SECTORS value is incorrect, and is a throwback
to the CHS calculations.  The VHD specification allows images up to 2040
GiB, which (using 512 byte sectors) corresponds to a maximum number of
sectors of 0xff000000, rather than the old value of 0xfe0001ff.

Update VHD_MAX_SECTORS to reflect the correct value.

Also, update comment references to the actual size limit, and correct
one compare so that we can have sizes up to the limit.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:12 +02:00
Jeff Cody bab246db1d block/vpc: use current_size field for XenConverter VHD images
XenConverter VHD images are another VHD image where current_size is
different from the CHS values in the the format header.  Use
current_size as the default, by looking at the creator_app signature
field.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:12 +02:00
Stefan Hajnoczi 9bdfb9e8ac vpc: use current_size field for XenServer VHD images
The vpc driver has two methods of determining virtual disk size.  The
correct one to use depends on the software that generated the image
file.  Add the XenServer creator_app signature so that image size is
correctly detected for those images.

Reported-by: Grant Wu <grantwwu@gmail.com>
Reported-by: Spencer Baugh <sbaugh@catern.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:12 +02:00
Jeff Cody 0211b9becc block/vpc: set errp in vpc_create
Add more useful error information to failure paths in vpc_create().

Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-04-15 17:22:11 +02:00
Kevin Wolf 7fa84cd8d4 block: Fix blk_aio_write_zeroes()
Commit 57d6a428 broke blk_aio_write_zeroes() because in some write
functions in the call path don't have an explicit length argument but
reuse qiov->size instead. Which is great, except that write_zeroes
doesn't have a qiov, which this commit interprets as 0 bytes.
Consequently, blk_aio_write_zeroes() didn't effectively do anything.

This patch introduces an explicit acb->bytes in BlkAioEmAIOCB and uses
that instead of acb->rwco.size.

The synchronous version of the function is okay because it does pass a
qiov (with the right size and a NULL pointer as its base).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:22:11 +02:00
Kevin Wolf 5ceb77652e qemu-io: Support 'aio_write -z'
This allows testing blk_aio_write_zeroes().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-04-15 17:22:11 +02:00
Peter Maydell 538a467329 qemu-sparc update
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJXEKbCAAoJEFvCxW+uDzIfh30H/2F/XC4Cd31/pgugvi7TuX2e
 OZ39eJCiZXrjOXvIQMvTh59pr0c9/TMSGvUVdWy5sONMhIgf5imsY3CHALP6KsBF
 xnu4b06H1/PWXSHJMEEdMxH0dNjgqYK4khyOPoEEgwkVbTwcljl4okxrJ2YIwsRw
 xOhQ74993jCtplLYQsfmjCsda68edlPvtsje8VaSDJxCJw8ZCp9984tgGqXOeq5Q
 vv1GMD2Q1Y55LUIs2o+fc4rEH8ifh56lPH5+6QmGLxppChjA5TaGauJA5TLI460Z
 lwboe8u+lBTnS2/6iWLBV21QsIg3UK3YMjm8YJue5BiFbn21bePFL5cjFLxO4cw=
 =bbm3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging

qemu-sparc update

# gpg: Signature made Fri 15 Apr 2016 09:30:58 BST using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"

* remotes/mcayland/tags/qemu-sparc-signed:
  target-sparc: fix Trap Based Address Register behavior for sparc64
  target-sparc: fix Nucleus quad LDD 128 bit access for windowed registers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-15 10:49:04 +01:00
Artyom Tarasenko de5f107744 target-sparc: fix Trap Based Address Register behavior for sparc64
Accoding the chapter 7.6 Trap Processing of the SPARC Architecture Manual v9,
the Trap Based Address Register is not modified as a trap is taken.

This fix allows booting FreeBSD-10.3-RELEASE-sparc64.

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-04-15 09:30:40 +01:00
Artyom Tarasenko 01a780d51a target-sparc: fix Nucleus quad LDD 128 bit access for windowed registers
Fix register offset calculation when regwptr is used.

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-04-15 09:30:39 +01:00
Peter Maydell bc8995cafa Update version for v2.6.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-14 17:30:28 +01:00
Peter Maydell 3e7cac31d6 tpm, vhost, virtio: fixes for 2.6
Minor fixes all over the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXD58TAAoJECgfDbjSjVRpDCAH/iZXlMxl4j23qH4mqJa88HJq
 UHqsuU6NGHXhsYUzGy9wQp7RTNnMlwF1GC+vsIlZzr1XPu/U/GwUZVPf1Ca0xZ0Q
 ukRzd7nvAaHnUEC26AJul8CgoThmPf5ip4LqAqQvSUrrAsQ1viR49HHCtmFC2w33
 iOg9ZznZM+Prlh8IGMCSF93ER9l4s7T2CvDPmlKtC5iXepU8J47V2EmPg3VjCd3B
 jeQ6RIF0RtJQCvUxLW3FcUnM6bmIszqPEwmBkiOfJcvuNisNMZGavAyzzoXfMmQ9
 YkrGEnDwLa5a3qMTptmxDvPzy4ksc7OzVIw0bcBnqnGmDJwGz44mBjYJ555zJi8=
 =ufoF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

tpm, vhost, virtio: fixes for 2.6

Minor fixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 14 Apr 2016 14:45:55 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  hw/virtio/balloon: Replace TARGET_PAGE_SIZE with BALLOON_PAGE_SIZE
  tpm: Fix write to file descriptor function
  tpm: acpi: remove IRQ from TPM's CRS to make Windows not see conflict
  pc: acpi: tpm: add missing MMIO resource to PCI0._CRS
  specs/vhost-user: spelling fix
  specs/vhost-user: improve VHOST_SET_VRING_NUM documentation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-14 14:55:25 +01:00