[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ae440b: virtio-balloon: fix a use-after-free
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] ae440b: virtio-balloon: fix a use-after-free case |
|
Date: |
Wed, 13 Mar 2019 13:10:13 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ae440bd14c002f3a5528bd38e8a285ea625c04ca
https://github.com/qemu/qemu/commit/ae440bd14c002f3a5528bd38e8a285ea625c04ca
Author: Wei Wang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/virtio/virtio-balloon.c
Log Message:
-----------
virtio-balloon: fix a use-after-free case
The elem could theorically contain both outbuf and inbufs. We move the
free operation to the end of this function to avoid using elem->in_sg
while elem has been freed.
Fixes: c13c4153f7
("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Reported-by: Peter Maydell <address@hidden>
Signed-off-by: Wei Wang <address@hidden>
CC: Michael S. Tsirkin <address@hidden>
CC: Dr. David Alan Gilbert <address@hidden>
CC: Juan Quintela <address@hidden>
CC: Peter Xu <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 301cf2a8dd5024aa5bbdc6bd3e121174bbfc2957
https://github.com/qemu/qemu/commit/301cf2a8dd5024aa5bbdc6bd3e121174bbfc2957
Author: David Gibson <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/virtio/virtio-balloon.c
Log Message:
-----------
virtio-balloon: Don't mismatch g_malloc()/free (CID 1399146)
ed48c59875b6 "virtio-balloon: Safely handle BALLOON_PAGE_SIZE < host
page size" introduced a new temporary data structure which tracks 4kiB
chunks which have been inserted into the balloon by the guest but
don't yet form a full host page which we can discard.
Unfortunately, I had a thinko and allocated that structure with
g_malloc0() but freed it with a plain free() rather than g_free().
This corrects the problem.
Fixes: ed48c59875b6
Reported-by: Peter Maydell <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Commit: b27b3239140470b7d593e3b0b09687bcc6fbf274
https://github.com/qemu/qemu/commit/b27b3239140470b7d593e3b0b09687bcc6fbf274
Author: David Gibson <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/virtio/virtio-balloon.c
Log Message:
-----------
virtio-balloon: Fix possible guest memory corruption with inflates & deflates
This fixes a balloon bug with a nasty consequence - potentially
corrupting guest memory - but which is extremely unlikely to be
triggered in practice.
The balloon always works in 4kiB units, but the host could have a
larger page size on certain platforms. Since ed48c59 "virtio-balloon:
Safely handle BALLOON_PAGE_SIZE < host page size" we've handled this
by accumulating requests to balloon 4kiB subpages until they formed a
full host page. Since f6deb6d "virtio-balloon: Remove unnecessary
MADV_WILLNEED on deflate" we essentially ignore deflate requests.
Suppose we have a host with 8kiB pages, and one host page has subpages
A & B. If we get this sequence of events -
inflate A
deflate A
inflate B
- the current logic will discard the whole host page. That's
incorrect because the guest has deflated subpage A, and could have
written important data to it.
This patch fixes the problem by adjusting our state information about
partially ballooned host pages when deflate requests are received.
Fixes: ed48c59 "virtio-balloon: Safely handle BALLOON_PAGE_SIZE < host page
size"
Signed-off-by: David Gibson <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Acked-by: David Hildenbrand <address@hidden>
Commit: 596546fe9e4d1d1fa6423c300e2a73b6f90baeb0
https://github.com/qemu/qemu/commit/596546fe9e4d1d1fa6423c300e2a73b6f90baeb0
Author: David Gibson <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/virtio/virtio-balloon.c
Log Message:
-----------
virtio-balloon: Restore MADV_WILLNEED hint on balloon deflate
Prior to f6deb6d9 "virtio-balloon: Remove unnecessary MADV_WILLNEED on
deflate", the balloon device issued an madvise() MADV_WILLNEED on
pages removed from the balloon. That would hint to the host kernel
that the pages were likely to be needed by the guest in the near
future.
It's unclear if this is actually valuable or not, and so f6deb6d9
removed this, essentially ignoring balloon deflate requests. However,
concerns have been raised that this might cause a performance
regression by causing extra latency for the guest in certain
configurations.
So, until we can get actual benchmark data to see if that's the case,
this restores the old behaviour, issuing a MADV_WILLNEED when a page is
removed from the balloon.
Signed-off-by: David Gibson <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: ba275e9d28a2f4572325dceb867edebcff471fea
https://github.com/qemu/qemu/commit/ba275e9d28a2f4572325dceb867edebcff471fea
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M contrib/libvhost-user/libvhost-user.h
Log Message:
-----------
libvhost-user: fix clang enum-conversion warning
Now that the VhostUserMsg.request field is used for both master &
slave requests, since commit d84599f56c820d8c1ac9928a76500dcdfbbf194d:
contrib/libvhost-user/libvhost-user.c:953:20: error: implicit conversion from
enumeration type 'enum VhostUserSlaveRequest' to different enumeration type
'VhostUserRequest' (aka 'enum VhostUserRequest') [-Werror,-Wenum-conversion]
.request = VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Marc-André Lureau <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 482580a658df58f5d9f91a87d957660637d59432
https://github.com/qemu/qemu/commit/482580a658df58f5d9f91a87d957660637d59432
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M MAINTAINERS
A docs/interop/vhost-user.json
M docs/interop/vhost-user.txt
Log Message:
-----------
vhost-user: define conventions for vhost-user backends
As discussed during "[PATCH v4 00/29] vhost-user for input & GPU"
review, let's define a common set of backend conventions to help with
management layer implementation, and interoperability.
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 0b99f22461e59ec7a31c75ebc4c057a45dd9e9a5
https://github.com/qemu/qemu/commit/0b99f22461e59ec7a31c75ebc4c057a45dd9e9a5
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M backends/cryptodev-vhost-user.c
M hw/block/vhost-user-blk.c
M hw/scsi/vhost-user-scsi.c
M hw/virtio/vhost-stub.c
M hw/virtio/vhost-user.c
M include/hw/virtio/vhost-user-blk.h
M include/hw/virtio/vhost-user-scsi.h
M include/hw/virtio/vhost-user.h
M net/vhost-user.c
Log Message:
-----------
vhost-user: simplify vhost_user_init/vhost_user_cleanup
Take a VhostUserState* that can be pre-allocated, and initialize it
with the associated chardev.
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Tiwei Bie <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 6079865526474dea7d8680ed2cf0b6d15ac6e99f
https://github.com/qemu/qemu/commit/6079865526474dea7d8680ed2cf0b6d15ac6e99f
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M contrib/libvhost-user/libvhost-user.c
Log Message:
-----------
libvhost-user: exit by default on VHOST_USER_NONE
Since commit 2566378d6d13bf4d28c7770bdbda5f7682594bbe, libvhost-user
no longer panics on disconnect (rc == 0), and instead silently ignores
an invalid VHOST_USER_NONE message.
Without extra work from the API user, this will simply busy-loop on
HUP events. The obvious thing to do is to exit(0) instead, while
additional or different work can be done by overriding
iface->process_msg().
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Jens Freimann <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 917d7dd72a774d1f82700a284adb4ea632692638
https://github.com/qemu/qemu/commit/917d7dd72a774d1f82700a284adb4ea632692638
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/virtio/vhost-user.c
Log Message:
-----------
vhost-user: wrap some read/write with retry handling
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 9af84c02e2321e7e73234940cba9ce521dfc9423
https://github.com/qemu/qemu/commit/9af84c02e2321e7e73234940cba9ce521dfc9423
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/virtio/vhost-user.c
Log Message:
-----------
vhost-user: split vhost_user_read()
Split vhost_user_read(), so only header can be read with
vhost_user_read_header().
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 922ef483ec812730f87102b372691c510313fcea
https://github.com/qemu/qemu/commit/922ef483ec812730f87102b372691c510313fcea
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M contrib/libvhost-user/libvhost-user-glib.c
M contrib/libvhost-user/libvhost-user-glib.h
Log Message:
-----------
libvhost-user-glib: export vug_source_new()
Simplify the creation of FD sources for other users. This is just
convenience to avoid duplicating similar code elsewhere.
Signed-off-by: Marc-André Lureau <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: b13919ab64e712158a031bf4ea48e92b20ed8ef5
https://github.com/qemu/qemu/commit/b13919ab64e712158a031bf4ea48e92b20ed8ef5
Author: Marc-André Lureau <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M contrib/libvhost-user/libvhost-user.c
M contrib/libvhost-user/libvhost-user.h
Log Message:
-----------
libvhost-user: add vu_queue_unpop()
vhost-user-input will make use of this function to undo some queue pop
in case the virtio queue does not have enough room.
Signed-off-by: Marc-André Lureau <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: fb43cf739e1a74178212bfcd4313b598109d2310
https://github.com/qemu/qemu/commit/fb43cf739e1a74178212bfcd4313b598109d2310
Author: Liu, Yi L <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/i386/intel_iommu.c
M hw/i386/intel_iommu_internal.h
M hw/i386/trace-events
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel_iommu: scalable mode emulation
Intel(R) VT-d 3.0 spec introduces scalable mode address translation to
replace extended context mode. This patch extends current emulator to
support Scalable Mode which includes root table, context table and new
pasid table format change. Now intel_iommu emulates both legacy mode
and scalable mode (with legacy-equivalent capability set).
The key points are below:
1. Extend root table operations to support both legacy mode and scalable
mode.
2. Extend context table operations to support both legacy mode and
scalable mode.
3. Add pasid tabled operations to support scalable mode.
Signed-off-by: Liu, Yi L <address@hidden>
[Yi Sun is co-developer to contribute much to refine the whole commit.]
Signed-off-by: Yi Sun <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Peter Xu <address@hidden>
Commit: c0c1d351849bc249304e0c505e1597e570d1e777
https://github.com/qemu/qemu/commit/c0c1d351849bc249304e0c505e1597e570d1e777
Author: Liu, Yi L <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/i386/intel_iommu.c
M hw/i386/intel_iommu_internal.h
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel_iommu: add 256 bits qi_desc support
Per Intel(R) VT-d 3.0, the qi_desc is 256 bits in Scalable
Mode. This patch adds emulation of 256bits qi_desc.
Signed-off-by: Liu, Yi L <address@hidden>
[Yi Sun is co-developer to rebase and refine the patch.]
Signed-off-by: Yi Sun <address@hidden>
Reviewed-by: Peter Xu <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 4a4f219e8a109b0859b23b1f9c8ad8bfbcb59ee1
https://github.com/qemu/qemu/commit/4a4f219e8a109b0859b23b1f9c8ad8bfbcb59ee1
Author: Yi Sun <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/i386/intel_iommu.c
M hw/i386/intel_iommu_internal.h
M include/hw/i386/intel_iommu.h
Log Message:
-----------
intel_iommu: add scalable-mode option to make scalable mode work
This patch adds an option to provide flexibility for user to expose
Scalable Mode to guest. User could expose Scalable Mode to guest by
the config as below:
"-device intel-iommu,caching-mode=on,scalable-mode=on"
The Linux iommu driver has supported scalable mode. Please refer below
patch set:
https://www.spinics.net/lists/kernel/msg2985279.html
Signed-off-by: Liu, Yi L <address@hidden>
Signed-off-by: Yi Sun <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Peter Xu <address@hidden>
Reviewed-by: Igor Mammedov <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: b096c11458e58ddcebf8e6ae239a3c608de1ef78
https://github.com/qemu/qemu/commit/b096c11458e58ddcebf8e6ae239a3c608de1ef78
Author: Wei Yang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/acpi/nvdimm.c
Log Message:
-----------
nvdimm: fix typo in nvdimm_build_nvdimm_devices argument
>From dsm_dma_arrea to dsm_dma_area.
Signed-off-by: Wei Yang <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Igor Mammedov <address@hidden>
Commit: ac265cacdd117ae965515df41bb4452478d22179
https://github.com/qemu/qemu/commit/ac265cacdd117ae965515df41bb4452478d22179
Author: Wei Yang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/acpi/nvdimm.c
Log Message:
-----------
nvdimm: use *function* directly instead of allocating it again
At the beginning or nvdimm_build_common_dsm(), variable *function* is
already allocated for Arg2.
This patch reuse variable *function* instead of allocating it again.
Signed-off-by: Wei Yang <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Igor Mammedov <address@hidden>
Commit: 1b8fff57584d04a94cc77b8d3f535d35f5827a5e
https://github.com/qemu/qemu/commit/1b8fff57584d04a94cc77b8d3f535d35f5827a5e
Author: Wei Yang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/acpi/nvdimm.c
Log Message:
-----------
nvdimm: use NVDIMM_ACPI_IO_LEN for the proper IO size
The IO range is defined to 4 bytes with NVDIMM_ACPI_IO_LEN, so it is
more proper to use this macro instead of calculating it by sizeof.
Signed-off-by: Wei Yang <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Igor Mammedov <address@hidden>
Commit: 5ad204bf2a06bf29234df9e6f1ef6c566771b40c
https://github.com/qemu/qemu/commit/5ad204bf2a06bf29234df9e6f1ef6c566771b40c
Author: Xie Yongji <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M docs/interop/vhost-user.txt
M hw/virtio/vhost-user.c
M hw/virtio/vhost.c
M include/hw/virtio/vhost-backend.h
M include/hw/virtio/vhost.h
Log Message:
-----------
vhost-user: Support transferring inflight buffer between qemu and backend
This patch introduces two new messages VHOST_USER_GET_INFLIGHT_FD
and VHOST_USER_SET_INFLIGHT_FD to support transferring a shared
buffer between qemu and backend.
Firstly, qemu uses VHOST_USER_GET_INFLIGHT_FD to get the
shared buffer from backend. Then qemu should send it back
through VHOST_USER_SET_INFLIGHT_FD each time we start vhost-user.
This shared buffer is used to track inflight I/O by backend.
Qemu should retrieve a new one when vm reset.
Signed-off-by: Xie Yongji <address@hidden>
Signed-off-by: Chai Wen <address@hidden>
Signed-off-by: Zhang Yu <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 792468cc6f15716fa37e2f0afa387b58bf9d9d05
https://github.com/qemu/qemu/commit/792468cc6f15716fa37e2f0afa387b58bf9d9d05
Author: Xie Yongji <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M contrib/libvhost-user/libvhost-user.c
Log Message:
-----------
libvhost-user: Remove unnecessary FD flag check for event file descriptors
The vu_check_queue_msg_file() has checked the FD flag. So let's
delete the redundant check after it.
Signed-off-by: Xie Yongji <address@hidden>
Signed-off-by: Zhang Yu <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: f7671f3d49418f570a86de6b54795edcd5cb68dd
https://github.com/qemu/qemu/commit/f7671f3d49418f570a86de6b54795edcd5cb68dd
Author: Xie Yongji <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M contrib/libvhost-user/libvhost-user.c
Log Message:
-----------
libvhost-user: Introduce vu_queue_map_desc()
Introduce vu_queue_map_desc() which should be
independent with vu_queue_pop();
Signed-off-by: Xie Yongji <address@hidden>
Signed-off-by: Zhang Yu <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 5f9ff1eff38ab341fb38ce32d4ae95e33f878781
https://github.com/qemu/qemu/commit/5f9ff1eff38ab341fb38ce32d4ae95e33f878781
Author: Xie Yongji <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M Makefile
M contrib/libvhost-user/libvhost-user.c
M contrib/libvhost-user/libvhost-user.h
Log Message:
-----------
libvhost-user: Support tracking inflight I/O in shared memory
This patch adds support for VHOST_USER_GET_INFLIGHT_FD and
VHOST_USER_SET_INFLIGHT_FD message to set/get shared buffer
to/from qemu. Then backend can track inflight I/O in this buffer.
Signed-off-by: Xie Yongji <address@hidden>
Signed-off-by: Zhang Yu <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: a1fe0b8f273c2272a7964655548179478b9d6a91
https://github.com/qemu/qemu/commit/a1fe0b8f273c2272a7964655548179478b9d6a91
Author: Xie Yongji <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/block/vhost-user-blk.c
M include/hw/virtio/vhost-user-blk.h
Log Message:
-----------
vhost-user-blk: Add support to get/set inflight buffer
This patch adds support for vhost-user-blk device to get/set
inflight buffer from/to backend.
Signed-off-by: Xie Yongji <address@hidden>
Signed-off-by: Zhang Yu <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: db891a9ba3b5aef52c2735f9b907d4d3678a86f8
https://github.com/qemu/qemu/commit/db891a9ba3b5aef52c2735f9b907d4d3678a86f8
Author: Knut Omang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/pci/pcie.c
M include/hw/pci/pcie.h
M include/hw/pci/pcie_regs.h
Log Message:
-----------
pcie: Add a simple PCIe ACS (Access Control Services) helper function
Implementing an ACS capability on downstream ports and multifunction
endpoints indicates isolation and IOMMU visibility to a finer
granularity. This creates smaller IOMMU groups in the guest and thus
more flexibility in assigning endpoints to guest userspace or an L2
guest.
Signed-off-by: Knut Omang <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Alex Williamson <address@hidden>
Commit: e07fb4b50b629141eb1517002ccfa070dbdc1ea7
https://github.com/qemu/qemu/commit/e07fb4b50b629141eb1517002ccfa070dbdc1ea7
Author: Knut Omang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/pci-bridge/gen_pcie_root_port.c
M hw/pci-bridge/pcie_root_port.c
M include/hw/pci/pcie_port.h
Log Message:
-----------
gen_pcie_root_port: Add ACS (Access Control Services) capability
Claim ACS support in the generic PCIe root port to allow
passthrough of individual functions of a device to different
guests (in a nested virt.setting) with VFIO.
Without this patch, all functions of a device, such as all VFs of
an SR/IOV device, will end up in the same IOMMU group.
A similar situation occurs on Windows with Hyper-V.
In the single function device case, it also has a small cosmetic
benefit in that the root port itself is not grouped with
the device. VFIO handles that situation in that binding rules
only apply to endpoints, so it does not limit passthrough in
those cases.
Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Alex Williamson <address@hidden>
Commit: 9040e6dfa8c3fed87695a3de555d2c775727bb51
https://github.com/qemu/qemu/commit/9040e6dfa8c3fed87695a3de555d2c775727bb51
Author: Wei Yang <address@hidden>
Date: 2019-03-12 (Tue, 12 Mar 2019)
Changed paths:
M hw/acpi/ich9.c
M hw/acpi/piix4.c
M hw/i386/pc.c
M hw/isa/lpc_ich9.c
M include/hw/acpi/ich9.h
Log Message:
-----------
i386, acpi: check acpi_memory_hotplug capacity in pre_plug
Currently we do device realization like below:
hotplug_handler_pre_plug()
dc->realize()
hotplug_handler_plug()
Before we do device realization and plug, we should allocate necessary
resources and check if memory-hotplug-support property is enabled.
At the piix4 and ich9, the memory-hotplug-support property is checked at
plug stage. This means that device has been realized and mapped into guest
address space 'pc_dimm_plug()' by the time acpi plug handler is called,
where it might fail and crash QEMU due to reaching g_assert_not_reached()
(piix4) or error_abort (ich9).
Fix it by checking if memory hotplug is enabled at pre_plug stage
where we can gracefully abort hotplug request.
Signed-off-by: Wei Yang <address@hidden>
CC: Igor Mammedov <address@hidden>
CC: Eric Blake <address@hidden>
Signed-off-by: Wei Yang <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Igor Mammedov <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Commit: 3b5b6e9b513e239da0074ba7fcb5b92a4bf375d3
https://github.com/qemu/qemu/commit/3b5b6e9b513e239da0074ba7fcb5b92a4bf375d3
Author: Peter Maydell <address@hidden>
Date: 2019-03-13 (Wed, 13 Mar 2019)
Changed paths:
M MAINTAINERS
M Makefile
M backends/cryptodev-vhost-user.c
M contrib/libvhost-user/libvhost-user-glib.c
M contrib/libvhost-user/libvhost-user-glib.h
M contrib/libvhost-user/libvhost-user.c
M contrib/libvhost-user/libvhost-user.h
A docs/interop/vhost-user.json
M docs/interop/vhost-user.txt
M hw/acpi/ich9.c
M hw/acpi/nvdimm.c
M hw/acpi/piix4.c
M hw/block/vhost-user-blk.c
M hw/i386/intel_iommu.c
M hw/i386/intel_iommu_internal.h
M hw/i386/pc.c
M hw/i386/trace-events
M hw/isa/lpc_ich9.c
M hw/pci-bridge/gen_pcie_root_port.c
M hw/pci-bridge/pcie_root_port.c
M hw/pci/pcie.c
M hw/scsi/vhost-user-scsi.c
M hw/virtio/vhost-stub.c
M hw/virtio/vhost-user.c
M hw/virtio/vhost.c
M hw/virtio/virtio-balloon.c
M include/hw/acpi/ich9.h
M include/hw/i386/intel_iommu.h
M include/hw/pci/pcie.h
M include/hw/pci/pcie_port.h
M include/hw/pci/pcie_regs.h
M include/hw/virtio/vhost-backend.h
M include/hw/virtio/vhost-user-blk.h
M include/hw/virtio/vhost-user-scsi.h
M include/hw/virtio/vhost-user.h
M include/hw/virtio/vhost.h
M net/vhost-user.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pci, pc, virtio: features, fixes, cleanups
intel-iommu scalable option
pcie acs emulation
beginning for vhost-user-blk reconnect and of vhost-user backend work
misc fixes and cleanups
Signed-off-by: Michael S. Tsirkin <address@hidden>
# gpg: Signature made Wed 13 Mar 2019 02:52:02 GMT
# gpg: using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <address@hidden>" [full]
# gpg: aka "Michael S. Tsirkin <address@hidden>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream: (26 commits)
i386, acpi: check acpi_memory_hotplug capacity in pre_plug
gen_pcie_root_port: Add ACS (Access Control Services) capability
pcie: Add a simple PCIe ACS (Access Control Services) helper function
vhost-user-blk: Add support to get/set inflight buffer
libvhost-user: Support tracking inflight I/O in shared memory
libvhost-user: Introduce vu_queue_map_desc()
libvhost-user: Remove unnecessary FD flag check for event file descriptors
vhost-user: Support transferring inflight buffer between qemu and backend
nvdimm: use NVDIMM_ACPI_IO_LEN for the proper IO size
nvdimm: use *function* directly instead of allocating it again
nvdimm: fix typo in nvdimm_build_nvdimm_devices argument
intel_iommu: add scalable-mode option to make scalable mode work
intel_iommu: add 256 bits qi_desc support
intel_iommu: scalable mode emulation
libvhost-user: add vu_queue_unpop()
libvhost-user-glib: export vug_source_new()
vhost-user: split vhost_user_read()
vhost-user: wrap some read/write with retry handling
libvhost-user: exit by default on VHOST_USER_NONE
vhost-user: simplify vhost_user_init/vhost_user_cleanup
...
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/523a2a42c3ab...3b5b6e9b513e
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ae440b: virtio-balloon: fix a use-after-free case,
Peter Maydell <=