[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 3750da: virito-pci: fix OVERRUN problem
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 3750da: virito-pci: fix OVERRUN problem |
|
Date: |
Fri, 26 Jun 2015 09:30:06 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 3750dabc69d76f0938cc726a64a70e4ae2fe21df
https://github.com/qemu/qemu/commit/3750dabc69d76f0938cc726a64a70e4ae2fe21df
Author: Gonglei <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/virtio/virtio-pci.c
Log Message:
-----------
virito-pci: fix OVERRUN problem
Overrunning array "proxy->guest_features" of 2 4-byte
elements at element index 2 (byte offset 8) using index
"proxy->gfselect" (which evaluates to 2). Normally, the
Linux kernel driver just read/write '0' or '1' as the
"proxy->gfselect" values, so using '<' instead of '=<' to
make coverity happy and avoid potential harm.
Cc: Michael S. Tsirkin <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 1fa795a853255fcc93e5d3e2a92d161a2ed96eb8
https://github.com/qemu/qemu/commit/1fa795a853255fcc93e5d3e2a92d161a2ed96eb8
Author: Gonglei <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/core/qdev-properties.c
Log Message:
-----------
qdev: fix OVERFLOW_BEFORE_WIDEN
Potentially overflowing expression "1 << prop->bitnr" with
type "int" (32 bits, signed) is evaluated using 32-bit arithmetic,
and then used in a context that expects an expression of type
"uint64_t" (64 bits, unsigned).
Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: e3816255bf4b6377bb405331e2ee0dc14d841b80
https://github.com/qemu/qemu/commit/e3816255bf4b6377bb405331e2ee0dc14d841b80
Author: Denis V. Lunev <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/virtio/virtio-balloon.c
M include/hw/virtio/virtio-balloon.h
Log Message:
-----------
balloon: add a feature bit to let Guest OS deflate balloon on oom
Excessive virtio_balloon inflation can cause invocation of OOM-killer,
when Linux is under severe memory pressure. Various mechanisms are
responsible for correct virtio_balloon memory management. Nevertheless it
is often the case that these control tools does not have enough time to
react on fast changing memory load. As a result OS runs out of memory and
invokes OOM-killer. The balancing of memory by use of the virtio balloon
should not cause the termination of processes while there are pages in the
balloon. Now there is no way for virtio balloon driver to free memory at
the last moment before some process get killed by OOM-killer.
This does not provide a security breach as balloon itself is running
inside Guest OS and is working in the cooperation with the host. Thus
some improvements from Guest side should be considered as normal.
To solve the problem, introduce a virtio_balloon callback which is
expected to be called from the oom notifier call chain in out_of_memory()
function. If virtio balloon could release some memory, it will make the
system return and retry the allocation that forced the out of memory
killer to run.
This behavior should be enabled if and only if appropriate feature bit
is set on the device. It is off by default.
This functionality was recently merged into vanilla Linux.
commit 5a10b7dbf904bfe01bb9fcc6298f7df09eed77d5
Author: Raushaniya Maksudova <address@hidden>
Date: Mon Nov 10 09:36:29 2014 +1030
This patch adds respective control bits into QEMU. It introduces
deflate-on-oom option for balloon device which does the trick.
Signed-off-by: Denis V. Lunev <address@hidden>
CC: Raushaniya Maksudova <address@hidden>
CC: Anthony Liguori <address@hidden>
CC: Michael S. Tsirkin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Acked-by: James Bottomley <address@hidden>
Reviewed-by: Christian Borntraeger <address@hidden>
Commit: 16617e36b02ebdc83f215d89db9ac00f7d6d6d83
https://github.com/qemu/qemu/commit/16617e36b02ebdc83f215d89db9ac00f7d6d6d83
Author: Jason Wang <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/virtio/vhost.c
Log Message:
-----------
vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
We override the error value r in fail_vq, this will cause the caller
can't detect the failure which may cause the caller may disable the
notifiers twice if vhost is failed to start. Fix this by using another
variable to keep track the return value of set_host_notifier().
Fixes b0b3db79559e57db340b292621c397e7a6cdbdc5 ("vhost-net: cleanup
host notifiers at last step")
Cc: address@hidden
Cc: Michael S. Tsirkin <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 0e0b3592f6cfc56b3a4cc2c040552b7caaf2329f
https://github.com/qemu/qemu/commit/0e0b3592f6cfc56b3a4cc2c040552b7caaf2329f
Author: Michael S. Tsirkin <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M MAINTAINERS
Log Message:
-----------
MAINTAINERS: add ACPI entry
Igor agreed to help review ACPI patches, add an entry to MAINTAINERS
with all ACPI stuff I could think of.
Note: I listed ARM ACPI files here just to make sure we are Cc'd, no
plan to maintain ACPI for ARM through my tree :)
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 72d97b3a543a9c2c820bd463ba24751ae4247ac3
https://github.com/qemu/qemu/commit/72d97b3a543a9c2c820bd463ba24751ae4247ac3
Author: Igor Mammedov <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/i386/Makefile.objs
M hw/i386/acpi-build.c
R hw/i386/ssdt-tpm-common.dsl
R hw/i386/ssdt-tpm.dsl
R hw/i386/ssdt-tpm.hex.generated
R hw/i386/ssdt-tpm2.dsl
R hw/i386/ssdt-tpm2.hex.generated
Log Message:
-----------
pc: cleanup and convert TMP ACPI device description to AML API
remove some code duplication in acpi-build.c and drop 5
ASL and binary blobs files with TPM ACPI device description,
replacing them with 1 small hunk written in AML API.
Signed-off-by: Igor Mammedov <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: eb6c6a604890201e321a6ace32973d10dc033245
https://github.com/qemu/qemu/commit/eb6c6a604890201e321a6ace32973d10dc033245
Author: Gerd Hoffmann <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M docs/multiseat.txt
M docs/specs/pci-ids.txt
M hw/pci-bridge/pci_bridge_dev.c
M include/hw/pci/pci.h
Log Message:
-----------
add pci-bridge-seat
Simplifies multiseat configuration, see
docs/multiseat.txt update for details.
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 9df0b0e09c48ad543e6d12ee0c17d1857f83d3ca
https://github.com/qemu/qemu/commit/9df0b0e09c48ad543e6d12ee0c17d1857f83d3ca
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M include/migration/vmstate.h
Log Message:
-----------
migration: introduce VMSTATE_BUFFER_UNSAFE_INFO_TEST()
There is no _TEST() variant of VMSTATE_BUFFER_UNSAFE_INFO() yet, but we'll
soon need it. Introduce it and rebase the original
VMSTATE_BUFFER_UNSAFE_INFO() on top.
The parameter order of the new function-like macro follows that of
VMSTATE_SINGLE_TEST(): "_test" is introduced between "_state" and
"_version".
Cc: Juan Quintela <address@hidden>
Cc: Amit Shah <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 0034e56209c1333bfca53356ce82663d801a15c5
https://github.com/qemu/qemu/commit/0034e56209c1333bfca53356ce82663d801a15c5
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/pci-bridge/pci_bridge_dev.c
M include/hw/pci/shpc.h
Log Message:
-----------
hw/pci-bridge: expose _test parameter in SHPC_VMSTATE()
Change the signature of the function-like macro SHPC_VMSTATE(), so that we
can produce and expect this field conditionally in the migration stream,
starting with an upcoming patch.
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 3cf0ecb3c4f9bb6a7a58a62c0209509b4c9d13c6
https://github.com/qemu/qemu/commit/3cf0ecb3c4f9bb6a7a58a62c0209509b4c9d13c6
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/pci-bridge/pci_bridge_dev.c
M hw/pci-bridge/pci_expander_bridge.c
M include/hw/pci/pci_bridge.h
Log Message:
-----------
hw/pci-bridge: add macro for "chassis_nr" property
This should help catch property name typos at compile time.
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 7a7c6a41c5583b24f6a35b02c7f68c84ebd7e177
https://github.com/qemu/qemu/commit/7a7c6a41c5583b24f6a35b02c7f68c84ebd7e177
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/pci-bridge/pci_bridge_dev.c
M include/hw/pci/pci_bridge.h
Log Message:
-----------
hw/pci-bridge: add macro for "msi" property
This should help catch property name typos at compile time.
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 23ab143dcce8d7f758eb6946ebf68d8689018a9c
https://github.com/qemu/qemu/commit/23ab143dcce8d7f758eb6946ebf68d8689018a9c
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M include/hw/pci/shpc.h
Log Message:
-----------
hw/pci: introduce shpc_present() helper function
It follows msi_present() in "include/hw/pci/msi.h".
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 4e5c9bfecf5da13e8e0f790002a55bb1cc0437b1
https://github.com/qemu/qemu/commit/4e5c9bfecf5da13e8e0f790002a55bb1cc0437b1
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/pci-bridge/pci_bridge_dev.c
M include/hw/pci/pci_bridge.h
Log Message:
-----------
hw/pci-bridge: introduce "shpc" property
In the PCI expander bridge, we will want to disable those features of
pci-bridge that relate to SHPC (standard hotplug controller):
- SHPC bar and underlying MemoryRegion
- interrupt (INTx or MSI)
- effective hotplug callbacks
- other SHPC hooks (initialization, cleanup, migration etc)
Introduce a new feature request bit in the PCIBridgeDev.flags field, and
turn off the above if the bit is explicitly cleared.
Suggested-by: Michael S. Tsirkin <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: d10dda2d60c8c225a89a53d53add799b69f6bb46
https://github.com/qemu/qemu/commit/d10dda2d60c8c225a89a53d53add799b69f6bb46
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/pci-bridge/pci_expander_bridge.c
Log Message:
-----------
hw/pci-bridge: disable SHPC in PXB
OVMF downloads the ACPI linker/loader script from QEMU when the edk2 PCI
Bus driver globally signals the firmware that PCI enumeration and resource
allocation have completed. At this point QEMU regenerates the ACPI payload
in an fw_cfg read callback, and this is when the PXB's _CRS gets
populated.
Unfortunately, when this happens, the PCI_COMMAND_MEMORY bit is clear in
the root bus's command register, *unlike* under SeaBIOS. The consequences
unfold as follows:
- When build_crs() fetches dev->io_regions[i].addr, it is all-bits-one,
because pci_update_mappings() --> pci_bar_address() calculated it as
PCI_BAR_UNMAPPED, due to the PCI_COMMAND_MEMORY bit being clear.
- Consequently, the SHPC MMIO BAR (bar 0) of the bridge is not added to
the _CRS, *despite* having been programmed in PCI config space.
- Similarly, the SHPC MMIO BAR of the PXB is not removed from the main
root bus's DWordMemory descriptor.
- Guest OSes (Linux and Windows alike) notice the pre-programmed SHPC BAR
within the PXB's config space, and notice that it conflicts with the
main root bus's memory resource descriptors. Linux reports
pci 0000:04:00.0: BAR 0: can't assign mem (size 0x100)
pci 0000:04:00.0: BAR 0: trying firmware assignment [mem
0x88200000-0x882000ff 64bit]
pci 0000:04:00.0: BAR 0: [mem 0x88200000-0x882000ff 64bit] conflicts
with PCI Bus 0000:00 [mem
0x88200000-0xfebfffff]
While Windows Server 2012 R2 reports
https://technet.microsoft.com/en-us/library/cc732199%28v=ws.10%29.aspx
This device cannot find enough free resources that it can use. If you
want to use this device, you will need to disable one of the other
devices on this system. (Code 12)
This issue was apparently encountered earlier, see the "hack" in:
https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg02983.html
and the current hole-punching logic in build_crs() and build_ssdt() is
probably supposed to remedy exactly that problem -- however, for OVMF they
don't work, because at the end of the PCI enumeration and resource
allocation, which cues the ACPI linker/loader client, the command register
is clear.
The "shpc" property of "pci-bridge", introduced in the previous patches,
allows us to disable the standard hotplug controller cleanly, eliminating
the SHPC bar and the conflict.
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 0b336b3b98d8983d821ef9b0f159acc7c77cbac7
https://github.com/qemu/qemu/commit/0b336b3b98d8983d821ef9b0f159acc7c77cbac7
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/core/sysbus.c
M include/hw/sysbus.h
Log Message:
-----------
hw/core: explicit OFW unit address callback for SysBusDeviceClass
The sysbus_get_fw_dev_path() function formats OpenFirmware device path
nodes ("address@hidden") for sysbus devices. The first choice
for "unit-address" is the base address of the device's first MMIO region.
The second choice is its first IO port.
However, if two sysbus devices with the same "driver-name" lack both MMIO
and PIO resources, then there is no good way to distinguish them based on
their OFW nodes, because in this case unit-address is omitted completely
for both devices. An example is TYPE_PXB_HOST ("pxb-host").
For the sake of such devices, introduce the explicit_ofw_unit_address()
"virtual member function". With this function, each sysbus device in the
same SysBusDeviceClass can state its own address.
Cc: Markus Armbruster <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Tested-by: Marcel Apfelbaum <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 48ea3dedc54dbcb3c738ddef02a336739910ecfd
https://github.com/qemu/qemu/commit/48ea3dedc54dbcb3c738ddef02a336739910ecfd
Author: Laszlo Ersek <address@hidden>
Date: 2015-06-23 (Tue, 23 Jun 2015)
Changed paths:
M hw/pci-bridge/pci_expander_bridge.c
Log Message:
-----------
hw/pci-bridge: format special OFW unit address for PXB host
We have agreed that OpenFirmware device paths in the "bootorder" fw_cfg
file should follow the pattern
/address@hidden,%x/...
for devices that live behind an extra root bus. The extra root bus in
question is the %x'th among the extra root buses. (In other words, %x
gives the position of the affected extra root bus relative to the other
extra root buses, in bus_nr order.) %x starts at 1, and is formatted in
hex.
The portion of the unit address that comes before the comma is dynamically
taken from the main host bridge, similarly to sysbus_get_fw_dev_path().
Cc: Kevin O'Connor <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Cc: Marcel Apfelbaum <address@hidden>
Signed-off-by: Laszlo Ersek <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: d46f7c9e648d8098ac73b36834ac81237b8c2c2d
https://github.com/qemu/qemu/commit/d46f7c9e648d8098ac73b36834ac81237b8c2c2d
Author: Dr. David Alan Gilbert <address@hidden>
Date: 2015-06-24 (Wed, 24 Jun 2015)
Changed paths:
M configure
Log Message:
-----------
Fix glib_subprocess test
A typo means that the tests dependent on glib with subprocess
support are never run.
Fixes: 9d41401b90fa10b335d2e739149d36437cfbf622
Signed-off-by: Dr. David Alan Gilbert <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: dc1e1350f8061021df765b396295329797d66933
https://github.com/qemu/qemu/commit/dc1e1350f8061021df765b396295329797d66933
Author: Peter Maydell <address@hidden>
Date: 2015-06-26 (Fri, 26 Jun 2015)
Changed paths:
M MAINTAINERS
M configure
M docs/multiseat.txt
M docs/specs/pci-ids.txt
M hw/core/qdev-properties.c
M hw/core/sysbus.c
M hw/i386/Makefile.objs
M hw/i386/acpi-build.c
R hw/i386/ssdt-tpm-common.dsl
R hw/i386/ssdt-tpm.dsl
R hw/i386/ssdt-tpm.hex.generated
R hw/i386/ssdt-tpm2.dsl
R hw/i386/ssdt-tpm2.hex.generated
M hw/pci-bridge/pci_bridge_dev.c
M hw/pci-bridge/pci_expander_bridge.c
M hw/virtio/vhost.c
M hw/virtio/virtio-balloon.c
M hw/virtio/virtio-pci.c
M include/hw/pci/pci.h
M include/hw/pci/pci_bridge.h
M include/hw/pci/shpc.h
M include/hw/sysbus.h
M include/hw/virtio/virtio-balloon.h
M include/migration/vmstate.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pci fixes, enhancements
Almost exclusively bugfixes, though in this case,
we are adding functionality to the pxb in order
to make OVMF work on it.
Signed-off-by: Michael S. Tsirkin <address@hidden>
# gpg: Signature made Fri Jun 26 14:43:27 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <address@hidden>"
# gpg: aka "Michael S. Tsirkin <address@hidden>"
* remotes/mst/tags/for_upstream:
Fix glib_subprocess test
hw/pci-bridge: format special OFW unit address for PXB host
hw/core: explicit OFW unit address callback for SysBusDeviceClass
hw/pci-bridge: disable SHPC in PXB
hw/pci-bridge: introduce "shpc" property
hw/pci: introduce shpc_present() helper function
hw/pci-bridge: add macro for "msi" property
hw/pci-bridge: add macro for "chassis_nr" property
hw/pci-bridge: expose _test parameter in SHPC_VMSTATE()
migration: introduce VMSTATE_BUFFER_UNSAFE_INFO_TEST()
add pci-bridge-seat
pc: cleanup and convert TMP ACPI device description to AML API
MAINTAINERS: add ACPI entry
vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
balloon: add a feature bit to let Guest OS deflate balloon on oom
qdev: fix OVERFLOW_BEFORE_WIDEN
virito-pci: fix OVERRUN problem
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/d14b9d79be8a...dc1e1350f806
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 3750da: virito-pci: fix OVERRUN problem,
GitHub <=