[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] d2f39a: exec.c: Ensure right alignment also f
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] d2f39a: exec.c: Ensure right alignment also for file backe... |
|
Date: |
Mon, 23 May 2016 10:11:12 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: d2f39add725e2be849f5fb014a72368f711056fc
https://github.com/qemu/qemu/commit/d2f39add725e2be849f5fb014a72368f711056fc
Author: Dominik Dingel <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M exec.c
M include/qemu/osdep.h
M util/oslib-posix.c
Log Message:
-----------
exec.c: Ensure right alignment also for file backed ram
While in the anonymous ram case we already take care of the right alignment
such an alignment gurantee does not exist for file backed ram allocation.
Instead, pagesize is used for alignment. On s390 this is not enough for gmap,
as we need to satisfy an alignment up to segments.
Reported-by: Halil Pasic <address@hidden>
Signed-off-by: Dominik Dingel <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: dfc007f7f7aab982a8c22cbcb783d72b0db99705
https://github.com/qemu/qemu/commit/dfc007f7f7aab982a8c22cbcb783d72b0db99705
Author: Pranith Kumar <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M docs/atomics.txt
Log Message:
-----------
docs/atomics.txt: Update pointer to linux macro
Add a missing end brace and update doc to point to the latest access
macro. ACCESS_ONCE() is deprecated.
Signed-off-by: Pranith Kumar <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 691a02e2ce0c413236a78dee6f2651c937b09fb0
https://github.com/qemu/qemu/commit/691a02e2ce0c413236a78dee6f2651c937b09fb0
Author: Prasad J Pandit <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/i386/kvmvapic.c
Log Message:
-----------
i386: kvmvapic: initialise imm32 variable
When processing Task Priorty Register(TPR) access, it could leak
automatic stack variable 'imm32' in patch_instruction().
Initialise the variable to avoid it.
Reported by: Donghai Zdh <address@hidden>
Cc: address@hidden
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 5919e0328b7d6a08a661c3c747bae3e841d4e6f4
https://github.com/qemu/qemu/commit/5919e0328b7d6a08a661c3c747bae3e841d4e6f4
Author: Stefan Weil <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M configure
Log Message:
-----------
configure: Allow builds with extra warnings
The clang compiler supports a useful compiler option -Weverything,
and GCC also has other warnings not enabled by -Wall.
If glib header files trigger a warning, however, testing glib with
-Werror will always fail. A size mismatch is also detected without
-Werror, so simply remove it.
Cc: address@hidden
Signed-off-by: Stefan Weil <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 14cb949a3e2efd64ea3271b919b33b452ce7b180
https://github.com/qemu/qemu/commit/14cb949a3e2efd64ea3271b919b33b452ce7b180
Author: Paolo Bonzini <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M target-i386/translate.c
Log Message:
-----------
target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2
sfence was introduced before lfence and mfence. This fixes Linux
2.4's measurement of checksumming speeds for the pIII_sse
algorithm:
md: linear personality registered as nr 1
md: raid0 personality registered as nr 2
md: raid1 personality registered as nr 3
md: raid5 personality registered as nr 4
raid5: measuring checksumming speed
8regs : 384.400 MB/sec
32regs : 259.200 MB/sec
invalid operand: 0000
CPU: 0
EIP: 0010:[<c0240b2a>] Not tainted
EFLAGS: 00000246
eax: c15d8000 ebx: 00000000 ecx: 00000000 edx: c15d5000
esi: 8005003b edi: 00000004 ebp: 00000000 esp: c15bdf50
ds: 0018 es: 0018 ss: 0018
Process swapper (pid: 1, stackpage=c15bd000)
Stack: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000206 c0241c6c 00001000 c15d4000 c15d7000 c15d4000
c15d4000
Call Trace: [<c0241c6c>] [<c0105000>] [<c0241db4>] [<c010503b>]
[<c0105000>]
[<c0107416>] [<c0105030>]
Code: 0f ae f8 0f 10 04 24 0f 10 4c 24 10 0f 10 54 24 20 0f 10 5c
<0>Kernel panic: Attempted to kill init!
Reported-by: Stefan Weil <address@hidden>
Fixes: 121f3157887f92268a3d6169e2d4601f9292020b
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 479c2a1cb7fb82d23e66eab78b00fc5b0638439b
https://github.com/qemu/qemu/commit/479c2a1cb7fb82d23e66eab78b00fc5b0638439b
Author: Peter Xu <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/intc/ioapic.c
M include/hw/i386/ioapic_internal.h
Log Message:
-----------
ioapic: keep RO bits for IOAPIC entry
Currently IOAPIC RO bits can be written. To be better aligned with
hardware, we should let them read-only.
Reviewed-by: Radim Krčmář <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: ed1263c363c970a7ad5226b8f41dbbf0c92c1e17
https://github.com/qemu/qemu/commit/ed1263c363c970a7ad5226b8f41dbbf0c92c1e17
Author: Peter Xu <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/intc/ioapic.c
Log Message:
-----------
ioapic: clear remote irr bit for edge-triggered interrupts
This is to better emulate IOAPIC version 0x1X hardware. Linux kernel
leveraged this "feature" to do explicit EOI since EOI register is still
not introduced at that time. This will also fix the issue that level
triggered interrupts failed to work when IR enabled (tested with Linux
kernel version 4.5).
Reviewed-by: Radim Krčmář <address@hidden>
Signed-off-by: Peter Xu <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: e92a2d9cb3d8f589c9fe5d2eacc83d8dddea0e16
https://github.com/qemu/qemu/commit/e92a2d9cb3d8f589c9fe5d2eacc83d8dddea0e16
Author: Li Zhijian <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M vl.c
Log Message:
-----------
vl: change runstate only if new state is different from current state
Previously, qemu will abort at following scenario:
(qemu) stop
(qemu) system_reset
(qemu) system_reset
(qemu) 2016-04-13T20:54:38.979158Z qemu-system-x86_64: invalid runstate
transition: 'prelaunch' -> 'prelaunch'
Signed-off-by: Li Zhijian <address@hidden>
Acked-by: Paolo Bonzini <address@hidden>
Message-Id: <address@hidden>
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: fa53a0e53efdc7002497ea4a76aacf6cceb170ef
https://github.com/qemu/qemu/commit/fa53a0e53efdc7002497ea4a76aacf6cceb170ef
Author: Gonglei <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M exec.c
M include/exec/cpu-common.h
M include/exec/ram_addr.h
M memory.c
M migration/ram.c
M migration/savevm.c
Log Message:
-----------
memory: drop find_ram_block()
On the one hand, we have already qemu_get_ram_block() whose function
is similar. On the other hand, we can directly use mr->ram_block but
searching RAMblock by ram_addr which is a kind of waste.
Signed-off-by: Gonglei <address@hidden>
Reviewed-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: ab0a99560857302b60053c245d1231acbd976cd4
https://github.com/qemu/qemu/commit/ab0a99560857302b60053c245d1231acbd976cd4
Author: Gonglei <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M exec.c
Log Message:
-----------
exec: adjust rcu_read_lock requirement
qemu_ram_unset_idstr() doesn't need rcu lock anymore,
meanwhile make the range of rcu lock in
qemu_ram_set_idstr() as small as possible.
Signed-off-by: Gonglei <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: b61359781958759317ee6fd1a45b59be0b7dbbe1
https://github.com/qemu/qemu/commit/b61359781958759317ee6fd1a45b59be0b7dbbe1
Author: Fam Zheng <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M include/exec/memory.h
M memory.c
Log Message:
-----------
memory: Remove code for mr->may_overlap
The collision check does nothing and hasn't been used. Remove the
variable together with related code.
Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 5b5660adf1fdb61db14ec681b10463b8cba633f1
https://github.com/qemu/qemu/commit/5b5660adf1fdb61db14ec681b10463b8cba633f1
Author: Fam Zheng <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M memory.c
Log Message:
-----------
memory: Drop FlatRange.romd_mode
Its value is alway set to mr->romd_mode, so the removed comparisons are
fully superseded by "a->mr == b->mr".
Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: e4e697940dff612b789b0858270c20a8b680f78d
https://github.com/qemu/qemu/commit/e4e697940dff612b789b0858270c20a8b680f78d
Author: Paolo Bonzini <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M exec.c
M memory.c
M translate-all.c
Log Message:
-----------
memory: remove unnecessary masking of MemoryRegion ram_addr
mr->ram_block->offset is already aligned to both host and target size
(see qemu_ram_alloc_internal). Remove further masking as it is
unnecessary.
Reviewed-by: Fam Zheng <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: a2d1761da1de2c4d08f51067b2af8cf6d95899ee
https://github.com/qemu/qemu/commit/a2d1761da1de2c4d08f51067b2af8cf6d95899ee
Author: Peter Maydell <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M cpus.c
Log Message:
-----------
cpus.c: Use pthread_sigmask() rather than sigprocmask()
On Linux, sigprocmask() and pthread_sigmask() are in practice the
same thing (they only set the signal mask for the calling thread),
but the documentation states that the behaviour of sigprocmask() in a
multithreaded process is undefined. Use pthread_sigmask() instead
(which is what we do in almost all places in QEMU that alter the
signal mask already).
Signed-off-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 168340b6ba5ab784b9d2ed90351759f36c9b1486
https://github.com/qemu/qemu/commit/168340b6ba5ab784b9d2ed90351759f36c9b1486
Author: Peter Maydell <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M Makefile
Log Message:
-----------
Remove config-devices.mak on 'make clean'
Our dependency mechanism works like this:
* on first build there is neither a .o nor a .d
* we create the .d as a side effect of creating the .o
* for rebuilds we know when we need to update the .o,
which also updates the .d
This system requires that you're never in a situation where there is
a .o file but no .d (because then we will never realise we need to
build the .d, and we will not have the dependency information about
when to rebuild the .o).
This is working fine for our object files, but we also try to use it
for $TARGET/config-devices.mak (where the dependency file is
in $TARGET-config-devices.mak.d). Unfortunately "make clean" doesn't
remove config-devices.mak, which means that it puts us in the
forbidden situation of "object file exists but not its .d file".
This in turn means that we will fail to notice when we need to rebuild:
mkdir build/depbug
(cd build/depbug && '../../configure')
make -C build/depbug -j8
make -C build/depbug clean
echo "CONFIG_CANARY = y" >> default-configs/arm-softmmu.mak
make -C build/depbug
grep CANARY build/depbug/aarch64-softmmu/config-devices.mak
The CANARY token should show up in config-devices.mak but does not.
Fix this bug by making "make clean" delete the config-devices.mak files.
config-all-devices.mak doesn't have the same problem since it has
no .d file, but delete it too, since it is created by "make" and
logically should be removed by "make clean".
(Note that it is important not to remove config-devices.mak until
after we have recursively run 'make clean' in the subdirectories.)
Signed-off-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 6f71b779c8b05cf60ea0fffbcd8c02adfe845ece
https://github.com/qemu/qemu/commit/6f71b779c8b05cf60ea0fffbcd8c02adfe845ece
Author: Richard W.M. Jones <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M scripts/signrom.py
Log Message:
-----------
scripts/signrom.py: Allow option ROM checksum script to write the size header.
Modify the signrom.py script so that if the size byte in the header is
0 (ie. not set) then the script will set the size. If the size byte
is non-zero then we do the same as before, so this doesn't require
changes to any existing ROM sourcecode.
Signed-off-by: Richard W.M. Jones <address@hidden>
Message-Id: <address@hidden>
Commit: fd28938b7adb33f8af11849cdd0d0b2fb92990e3
https://github.com/qemu/qemu/commit/fd28938b7adb33f8af11849cdd0d0b2fb92990e3
Author: Richard W.M. Jones <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M scripts/signrom.py
Log Message:
-----------
scripts/signrom.py: Check for magic in option ROMs.
Because of the risk that compilers might not emit the asm() block at
the beginning of the option ROM, check that the ROM contains the
required magic signature.
Signed-off-by: Richard W.M. Jones <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: c98c6c105f66f05aa0b7c1d2a4a3f716450907ef
https://github.com/qemu/qemu/commit/c98c6c105f66f05aa0b7c1d2a4a3f716450907ef
Author: Prasad J Pandit <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/scsi/esp.c
Log Message:
-----------
esp: check command buffer length before write(CVE-2016-4439)
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer. While
writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check
was missing to validate input length. Add check to avoid OOB write
access.
Fixes CVE-2016-4439.
Reported-by: Li Qiang <address@hidden>
Cc: address@hidden
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 6c1fef6b59563cc415f21e03f81539ed4b33ad90
https://github.com/qemu/qemu/commit/6c1fef6b59563cc415f21e03f81539ed4b33ad90
Author: Prasad J Pandit <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/scsi/esp.c
Log Message:
-----------
esp: check dma length before reading scsi command(CVE-2016-4441)
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer.
Routine get_cmd() uses DMA to read scsi commands into this buffer.
Add check to validate DMA length against buffer size to avoid any
overrun.
Fixes CVE-2016-4441.
Reported-by: Li Qiang <address@hidden>
Cc: address@hidden
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 644c6869d335e10bc10b8399646f767763c4977f
https://github.com/qemu/qemu/commit/644c6869d335e10bc10b8399646f767763c4977f
Author: Vadim Rozenfeld <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M block/iscsi.c
Log Message:
-----------
iscsi: pass SCSI status back for SG_IO
Signed-off-by: Vadim Rozenfeld <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 6ad978e9f40d3edfd9f4a86b4a60e3523eff08fe
https://github.com/qemu/qemu/commit/6ad978e9f40d3edfd9f4a86b4a60e3523eff08fe
Author: Paolo Bonzini <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M scripts/cocci-macro-file.h
Log Message:
-----------
coccinelle: add g_assert_cmp* to macro file
This helps applying semantic patches to unit tests.
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 1255166b9974665d1e4a24473e1dc51cd061ef4a
https://github.com/qemu/qemu/commit/1255166b9974665d1e4a24473e1dc51cd061ef4a
Author: Bandan Das <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/i386/pc.c
Log Message:
-----------
target-i386: add a generic x86 nmi handler
Instead of having x86 ifdefs in core nmi code, this
change adds a arch specific handler that the nmi common
code can call.
Signed-off-by: Bandan Das <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: f7e981f29548fe4af7812f5920304fe607e5bf0d
https://github.com/qemu/qemu/commit/f7e981f29548fe4af7812f5920304fe607e5bf0d
Author: Bandan Das <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M hw/core/nmi.c
M hw/watchdog/watchdog.c
M include/hw/nmi.h
Log Message:
-----------
nmi: remove x86 specific nmi handling
nmi_monitor_handle is wired to call the x86 nmi
handler. So, we can directly use it at call sites.
Signed-off-by: Bandan Das <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 1453e6627d19a8d6d54480c6980f5cef5dfc6833
https://github.com/qemu/qemu/commit/1453e6627d19a8d6d54480c6980f5cef5dfc6833
Author: Bandan Das <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M cpus.c
Log Message:
-----------
cpus: call the core nmi injection function
We can call the common function here directly since
x86 specific actions will be taken care of by the arch
specific nmi handler
Signed-off-by: Bandan Das <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: c9158547617584bb9d19db7fb139998fbef80133
https://github.com/qemu/qemu/commit/c9158547617584bb9d19db7fb139998fbef80133
Author: Peter Maydell <address@hidden>
Date: 2016-05-23 (Mon, 23 May 2016)
Changed paths:
M Makefile
M block/iscsi.c
M configure
M cpus.c
M docs/atomics.txt
M exec.c
M hw/core/nmi.c
M hw/i386/kvmvapic.c
M hw/i386/pc.c
M hw/intc/ioapic.c
M hw/scsi/esp.c
M hw/watchdog/watchdog.c
M include/exec/cpu-common.h
M include/exec/memory.h
M include/exec/ram_addr.h
M include/hw/i386/ioapic_internal.h
M include/hw/nmi.h
M include/qemu/osdep.h
M memory.c
M migration/ram.c
M migration/savevm.c
M scripts/cocci-macro-file.h
M scripts/signrom.py
M target-i386/translate.c
M translate-all.c
M util/oslib-posix.c
M vl.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* NMI cleanups (Bandan)
* RAMBlock/Memory cleanups and fixes (Dominik, Gonglei, Fam, me)
* first part of linuxboot support for fw_cfg DMA (Richard)
* IOAPIC fix (Peter Xu)
* iSCSI SG_IO fix (Vadim)
* Various infrastructure bug fixes (Zhijian, Peter M., Stefan)
* CVE fixes (Prasad)
# gpg: Signature made Mon 23 May 2016 16:06:18 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <address@hidden>"
# gpg: aka "Paolo Bonzini <address@hidden>"
* remotes/bonzini/tags/for-upstream: (24 commits)
cpus: call the core nmi injection function
nmi: remove x86 specific nmi handling
target-i386: add a generic x86 nmi handler
coccinelle: add g_assert_cmp* to macro file
iscsi: pass SCSI status back for SG_IO
esp: check dma length before reading scsi command(CVE-2016-4441)
esp: check command buffer length before write(CVE-2016-4439)
scripts/signrom.py: Check for magic in option ROMs.
scripts/signrom.py: Allow option ROM checksum script to write the size header.
Remove config-devices.mak on 'make clean'
cpus.c: Use pthread_sigmask() rather than sigprocmask()
memory: remove unnecessary masking of MemoryRegion ram_addr
memory: Drop FlatRange.romd_mode
memory: Remove code for mr->may_overlap
exec: adjust rcu_read_lock requirement
memory: drop find_ram_block()
vl: change runstate only if new state is different from current state
ioapic: clear remote irr bit for edge-triggered interrupts
ioapic: keep RO bits for IOAPIC entry
target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2
...
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/2b5f477789aa...c91585476175
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] d2f39a: exec.c: Ensure right alignment also for file backe...,
GitHub <=