[Qemu-commits] [qemu/qemu] ee8c13: pr-helper: avoid error on PR IN comma

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ee8c13: pr-helper: avoid error on PR IN comma

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] ee8c13: pr-helper: avoid error on PR IN command with zero ...
Date:	Fri, 06 Jul 2018 11:04:37 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: ee8c13b81474e002db083e9692b11c0e106a9c7f
      
https://github.com/qemu/qemu/commit/ee8c13b81474e002db083e9692b11c0e106a9c7f
  Author: Paolo Bonzini <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M scsi/qemu-pr-helper.c

  Log Message:
  -----------
  pr-helper: avoid error on PR IN command with zero request size

After reading a PR IN command with zero request size in prh_read_request,
the resp->result field will be uninitialized and the resp.sz field will
be also uninitialized when returning to prh_co_entry.

If resp->result == GOOD (from a previous successful reply or just luck),
then the assert in prh_write_response might not be triggered and
uninitialized response will be sent.

The fix is to remove the whole handling of sz == 0 in prh_co_entry.
Those errors apply only to PR OUT commands and it's perfectly okay to
catch them later in do_pr_out and multipath_pr_out; the check for
too-short parameters in fact doesn't apply in the easy SG_IO case, as
it can be left to the target firmware even.

The result is that prh_read_request does not fail requests anymore and
prh_co_entry becomes simpler.

Reported-by: Dima Stepanov <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 2729d79d4993099782002c9a218de1fc12c32c69
      
https://github.com/qemu/qemu/commit/2729d79d4993099782002c9a218de1fc12c32c69
  Author: Michal Privoznik <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M scsi/qemu-pr-helper.c

  Log Message:
  -----------
  pr-helper: Rework socket path handling

When reviewing Paolo's pr-helper patches I've noticed couple of
problems:

1) socket_path needs to be calculated at two different places
(one for printing out help, the other if socket activation is NOT
used),

2) even though the default socket_path is allocated in
compute_default_paths() it is the only default path the function
handles. For instance, pidfile is allocated outside of this
function. And yet again, at different places than 1)

Signed-off-by: Michal Privoznik <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 70da30483e78b501ff4b3a090f26c08abd0f7a7f
      
https://github.com/qemu/qemu/commit/70da30483e78b501ff4b3a090f26c08abd0f7a7f
  Author: Julia Suvorova <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M qtest.c

  Log Message:
  -----------
  qtest: Use cpu address space instead of system memory

Some devices (like nvic in armv7m) are not accessable through
address_space_memory, therefore can not be tested with qtest.

Signed-off-by: Julia Suvorova <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 02693cc4f4aacf82cb73559dfa9af76ce4b13d11
      
https://github.com/qemu/qemu/commit/02693cc4f4aacf82cb73559dfa9af76ce4b13d11
  Author: Greg Kurz <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M target/i386/cpu.c

  Log Message:
  -----------
  i386: fix '-cpu ?' output for host cpu type

Since commit d6dcc5583e7, '-cpu ?' shows the description of the
X86_CPU_TYPE_NAME("max") for the host CPU model:

Enables all features supported by the accelerator in the current host

instead of the expected:

KVM processor with all supported host features

or

HVF processor with all supported host features

This is caused by the early use of kvm_enabled() and hvf_enabled() in
a class_init function. Since the accelerator isn't configured yet, both
helpers return false unconditionally.

A QEMU binary will only be compiled with one of these accelerators, not
both. The appropriate description can thus be decided at build time.

Signed-off-by: Greg Kurz <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 81e34930ce2b605ce9dbb54a7b846379cbb1b811
      
https://github.com/qemu/qemu/commit/81e34930ce2b605ce9dbb54a7b846379cbb1b811
  Author: xinhua.Cao <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M chardev/char-socket.c

  Log Message:
  -----------
  qemu-char: check errno together with ret < 0

In the tcp_chr_write function, we checked errno,
but errno was not reset before a read or write operation.
Therefore, this check of errno's actions is often
incorrect after EAGAIN has occurred.
we need check errno together with ret < 0.

Signed-off-by: xinhua.Cao <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Fixes: 9fc53a10f81d3a9027b23fa810147d21be29e614
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: ea3d77c889cfa8c450da8a716c2bfd6aaea0adb2
      
https://github.com/qemu/qemu/commit/ea3d77c889cfa8c450da8a716c2bfd6aaea0adb2
  Author: Paolo Bonzini <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M scsi/pr-manager-helper.c

  Log Message:
  -----------
  pr-manager-helper: fix memory leak on event

Reported by Coverity.

Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 960a479f7f94bb615991d41b8c5ff4e3c7d0088d
      
https://github.com/qemu/qemu/commit/960a479f7f94bb615991d41b8c5ff4e3c7d0088d
  Author: Paolo Bonzini <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M hw/intc/ioapic.c

  Log Message:
  -----------
  ioapic: remove useless lower bounds check

The vector cannot be negative.  Coverity now reports this because it sees an
array access before the check, in ioapic_stat_update_irq.

Reviewed-by: Peter Xu <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: e20122ff0faf07cb701d35e39e106d1783c07725
      
https://github.com/qemu/qemu/commit/e20122ff0faf07cb701d35e39e106d1783c07725
  Author: Paolo Bonzini <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M scripts/checkpatch.pl

  Log Message:
  -----------
  checkpatch: handle token pasting better

The mechanism to find possible type tokens can sometimes be confused and go 
into an
infinite loop.  This happens for example in QEMU for a line that looks like
    uint## BITS ##_t S = _S, T = _T;                            \
   uint## BITS ##_t as, at, xs, xt, xd;                        \

Because the token pasting operator does not have a space before _t, it does not
match $notPermitted.  However, (?x) is turned on in the regular expression for
modifiers, and thus ##_t matches the empty string.  As a result, annotate_values
goes in an infinite loop.

The solution is simply to remove token pasting operators from the string before
looking for modifiers.  In the example above, the string uintBITS_t will be
evaluated as a candidate modifier.  This is not optimal, but it works as long
as people do not write things like a##s##m, and it fits nicely into sub
possible.

For a similar reason, \# should be rejected always, even if it is not
at end of line or followed by whitespace.

The same patch was sent to the Linux kernel mailing list.

Reported-by: Aleksandar Markovic <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>


  Commit: 43a473993fd9378bf850dcafa68eb6dee8c300f8
      
https://github.com/qemu/qemu/commit/43a473993fd9378bf850dcafa68eb6dee8c300f8
  Author: Peter Maydell <address@hidden>
  Date:   2018-07-06 (Fri, 06 Jul 2018)

  Changed paths:
    M chardev/char-socket.c
    M hw/intc/ioapic.c
    M qtest.c
    M scripts/checkpatch.pl
    M scsi/pr-manager-helper.c
    M scsi/qemu-pr-helper.c
    M target/i386/cpu.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bug fixes.

# gpg: Signature made Fri 06 Jul 2018 17:40:06 BST
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <address@hidden>"
# gpg:                 aka "Paolo Bonzini <address@hidden>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  checkpatch: handle token pasting better
  ioapic: remove useless lower bounds check
  pr-manager-helper: fix memory leak on event
  qemu-char: check errno together with ret < 0
  i386: fix '-cpu ?' output for host cpu type
  qtest: Use cpu address space instead of system memory
  pr-helper: Rework socket path handling
  pr-helper: avoid error on PR IN command with zero request size

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/5fd4a9c97397...43a473993fd9
      **NOTE:** This service been marked for deprecation: 
https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] ee8c13: pr-helper: avoid error on PR IN command with zero ..., GitHub <=
Prev by Date: [Qemu-commits] [qemu/qemu] 5fd4a9: tests/migration: Skip tests for ppc tcg
Next by Date: [Qemu-commits] [qemu/qemu] 0c0eae: nbd/server: fix nbd_co_send_block_status
Previous by thread: [Qemu-commits] [qemu/qemu] 5fd4a9: tests/migration: Skip tests for ppc tcg
Next by thread: [Qemu-commits] [qemu/qemu] 0c0eae: nbd/server: fix nbd_co_send_block_status
Index(es):
- Date
- Thread