qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 0b8e2c: exec.c: Use atomic_rcu_read() to acce

From: GitHub
Subject: [Qemu-commits] [qemu/qemu] 0b8e2c: exec.c: Use atomic_rcu_read() to access dispatch i...
Date: Fri, 24 Jul 2015 06:30:07 -0700 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 0b8e2c1002afddc8ef3d52fa6fc29e4768429f98
      
https://github.com/qemu/qemu/commit/0b8e2c1002afddc8ef3d52fa6fc29e4768429f98
  Author: Peter Maydell <address@hidden>
  Date:   2015-07-23 (Thu, 23 Jul 2015)

  Changed paths:
    M exec.c

  Log Message:
  -----------
  exec.c: Use atomic_rcu_read() to access dispatch in 
memory_region_section_get_iotlb()

When accessing the dispatch pointer in an AddressSpace within an RCU
critical section we should always use atomic_rcu_read(). Fix an
access within memory_region_section_get_iotlb() which was incorrectly
doing a direct pointer access.

Signed-off-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 9172f428afc1461b1d9b33ebca3a679b9adf7c3a
      
https://github.com/qemu/qemu/commit/9172f428afc1461b1d9b33ebca3a679b9adf7c3a
  Author: Paolo Bonzini <address@hidden>
  Date:   2015-07-23 (Thu, 23 Jul 2015)

  Changed paths:
    M qemu-char.c

  Log Message:
  -----------
  qemu-char: handle EINTR for TCP character devices

Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 4bf1cb03fbc43b0055af60d4ff093d6894aa4338
      
https://github.com/qemu/qemu/commit/4bf1cb03fbc43b0055af60d4ff093d6894aa4338
  Author: Nils Carlson <address@hidden>
  Date:   2015-07-23 (Thu, 23 Jul 2015)

  Changed paths:
    M qemu-char.c

  Log Message:
  -----------
  qemu-char: Fix missed data on unix socket

Commit 812c1057 introduced HUP detection on unix and tcp sockets prior
to a read in tcp_chr_read. This unfortunately broke CloudStack 4.2
which relied on the old behaviour where data on a socket was readable
even if a HUP was present.

A working solution is to properly check the return values from recv,
handling a closed socket once there is no more data to read.

Also enable polling for G_IO_NVAL to ensure the callback is called
for all possible events as these should now be possible to handle
with the improved error detection.

Signed-off-by: Nils Carlson <address@hidden>
Message-Id: <address@hidden>
[Do not handle EINTR; use socket_error(). - Paolo]
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 60928458e5eea3c77a7eb0a4194927872f463947
      
https://github.com/qemu/qemu/commit/60928458e5eea3c77a7eb0a4194927872f463947
  Author: Gonglei <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  vnc: fix memory leak

If vnc's password is configured, it will leak memory
which cipher variable pointed on every vnc connection.

Cc: Daniel P. Berrange <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: c170aad8b057223b1139d72e5ce7acceafab4fa9
      
https://github.com/qemu/qemu/commit/c170aad8b057223b1139d72e5ce7acceafab4fa9
  Author: Paolo Bonzini <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M hw/scsi/scsi-bus.c

  Log Message:
  -----------
  scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)

This is a guest-triggerable buffer overflow present in QEMU 2.2.0
and newer.  scsi_cdb_length returns -1 as an error value, but the
caller does not check it.

Luckily, the massive overflow means that QEMU will just SIGSEGV,
making the impact much smaller.

Reported-by: Zhu Donghai (朱东海) <address@hidden>
Fixes: 1894df02811f6b79ea3ffbf1084599d96f316173
Reviewed-by: Fam Zheng <address@hidden>
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: ab28bd23125fb4a0411c3a3f01c4edacbc261486
      
https://github.com/qemu/qemu/commit/ab28bd23125fb4a0411c3a3f01c4edacbc261486
  Author: Paolo Bonzini <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M cpus.c
    M iothread.c
    M migration/migration.c
    M tests/test-rcu-list.c
    M util/rcu.c

  Log Message:
  -----------
  rcu: actually register threads that have RCU read-side critical sections

Otherwise, grace periods are detected too early!

Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 7d99f4c1b5d12de7644a5bd8c3d46bff05c9ca7c
      
https://github.com/qemu/qemu/commit/7d99f4c1b5d12de7644a5bd8c3d46bff05c9ca7c
  Author: Matthew Rosato <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M hw/scsi/scsi-disk.c

  Log Message:
  -----------
  scsi: Handle no media case for scsi_get_configuration

Currently, scsi_get_configuration always returns a current
profile (DVD or CD), even when there is actually no media present.
By comparison, ide/atapi uses a default profile of 0 (MMC_PROFILE_NONE)
for this case and checks for tray_open, so let's do the same for scsi.

This fixes a problem I'm seeing with Fedora 22 guests where systemd
cdrom_id fails to unmount after a QEMU-initiated eject against a
scsi cdrom device because it believes the media is still present
(but unreadable).

Signed-off-by: Matthew Rosato <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: fb4309695905de889d318caec8eb13d3b2c118d5
      
https://github.com/qemu/qemu/commit/fb4309695905de889d318caec8eb13d3b2c118d5
  Author: Stefan Weil <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M vl.c

  Log Message:
  -----------
  vl: Fix compiler warning for builds without VNC

This regression was caused by commit 70b94331.

  CC    vl.o
vl.c: In function ‘select_display’:
vl.c:2064:12: error: unused variable ‘err’ [-Werror=unused-variable]
     Error *err = NULL;
      ^

Reported-by: Claudio Fontana <address@hidden>
Signed-off-by: Stefan Weil <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Wen Congyang <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: deb809edb85334c8e90530e1071b98f4da25ebaa
      
https://github.com/qemu/qemu/commit/deb809edb85334c8e90530e1071b98f4da25ebaa
  Author: Paolo Bonzini <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M include/exec/memory.h
    M memory.c

  Log Message:
  -----------
  memory: count number of active VGA logging clients

For a board that has multiple framebuffer devices, both of them
might want to use DIRTY_MEMORY_VGA on the same memory region.
The lack of reference counting in memory_region_set_log makes
this very awkward to implement.

Suggested-by: Peter Maydell <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: c1076c3e13a86140cc2ba29866512df8460cc7c2
      
https://github.com/qemu/qemu/commit/c1076c3e13a86140cc2ba29866512df8460cc7c2
  Author: Paolo Bonzini <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M hw/display/framebuffer.c
    M hw/display/framebuffer.h
    M hw/display/milkymist-vgafb.c
    M hw/display/omap_lcdc.c
    M hw/display/pl110.c
    M hw/display/pxa2xx_lcd.c

  Log Message:
  -----------
  framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer

The MemoryRegionSection contains enough information to access the
RAM region underlying the framebuffer, and can be cached inside the
display device.

By doing this, the new framebuffer_update_memory_section function can
enable dirty memory logging on the relevant RAM region.  The function
must be called whenever the stride or base of the framebuffer changes;
a simple way to cover these cases is to call it on every full frame
invalidation, which is a rare case.

framebuffer_update_display now works entirely on a MemoryRegionSection,
without going through cpu_physical_memory_map/unmap.

Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: d274e07c6df4cc8207b01892ff6f81118ea6083c
      
https://github.com/qemu/qemu/commit/d274e07c6df4cc8207b01892ff6f81118ea6083c
  Author: Gonglei <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M qemu-doc.texi
    M qemu-options.hx
    M qemu-tech.texi

  Log Message:
  -----------
  qemu-doc: fix typos

Signed-off-by: Gonglei <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 178846bdd93994c1acafe4423f99ead8bb24cf38
      
https://github.com/qemu/qemu/commit/178846bdd93994c1acafe4423f99ead8bb24cf38
  Author: Dmitry Poletaev <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M target-i386/fpu_helper.c

  Log Message:
  -----------
  target-i386/FPU: a misprint in helper_fistll_ST0

There is a cut-and-paste mistake in the patch
https://lists.gnu.org/archive/html/qemu-devel/2014-11/msg01657.html .
It cause errors in guest work.  Here is the bugfix.

Signed-off-by: Dmitry Poletaev <address@hidden>
Reported-by: Kirill Batuzov <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: f793d97e454a56d17e404004867985622ca1a63b
      
https://github.com/qemu/qemu/commit/f793d97e454a56d17e404004867985622ca1a63b
  Author: Peter Maydell <address@hidden>
  Date:   2015-07-24 (Fri, 24 Jul 2015)

  Changed paths:
    M cpus.c
    M exec.c
    M hw/display/framebuffer.c
    M hw/display/framebuffer.h
    M hw/display/milkymist-vgafb.c
    M hw/display/omap_lcdc.c
    M hw/display/pl110.c
    M hw/display/pxa2xx_lcd.c
    M hw/scsi/scsi-bus.c
    M hw/scsi/scsi-disk.c
    M include/exec/memory.h
    M iothread.c
    M memory.c
    M migration/migration.c
    M qemu-char.c
    M qemu-doc.texi
    M qemu-options.hx
    M qemu-tech.texi
    M target-i386/fpu_helper.c
    M tests/test-rcu-list.c
    M ui/vnc.c
    M util/rcu.c
    M vl.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* qemu-char fixes
* SCSI fixes (including CVE-2015-5158)
* RCU fixes
* Framebuffer logic to set DIRTY_MEMORY_VGA
* Fix compiler warning for --disable-vnc
* qemu-doc fixes
* x86 TCG pasto fix

# gpg: Signature made Fri Jul 24 12:57:52 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <address@hidden>"
# gpg:                 aka "Paolo Bonzini <address@hidden>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  target-i386/FPU: a misprint in helper_fistll_ST0
  qemu-doc: fix typos
  framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer
  memory: count number of active VGA logging clients
  vl: Fix compiler warning for builds without VNC
  scsi: Handle no media case for scsi_get_configuration
  rcu: actually register threads that have RCU read-side critical sections
  scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)
  vnc: fix memory leak
  qemu-char: Fix missed data on unix socket
  qemu-char: handle EINTR for TCP character devices
  exec.c: Use atomic_rcu_read() to access dispatch in 
memory_region_section_get_iotlb()

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/30fdfae49d53...f793d97e454a
reply via email to
[Prev in Thread] Current Thread [Next in Thread]