[Spice-commits] Changes to 'stable-0.14'
Gerd Hoffmann
kraxel at kemper.freedesktop.org
Wed May 11 06:18:40 PDT 2011
New branch 'stable-0.14' available with the following commits:
commit 56a60dd6d619877e9957ba06b92d2f276e3c229d
Author: Justin M. Forbes <jforbes at redhat.com>
Date: Wed May 4 13:50:56 2011 -0500
Version 0.14.1
commit 76c9b330e3cf1454f2661e6f01942b04e2d81ae1
Author: Christoph Hellwig <hch at lst.de>
Date: Wed Apr 6 20:28:34 2011 +0200
virtio-blk: fail unaligned requests
Like all block drivers virtio-blk should not allow small than block size
granularity access. But given that the protocol specifies a
byte unit length field we currently accept such requests, which cause
qemu to abort() in lower layers. Add checks to the main read and
write handlers to catch them early.
Reported-by: Conor Murphy <conor_murphy_virt at hotmail.com>
Tested-by: Conor Murphy <conor_murphy_virt at hotmail.com>
Signed-off-by: Christoph Hellwig <hch at lst.de>
Reviewed-by: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
commit 9b33410d3bdd40b6a289c6b79d40a96b129e22af
Author: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Date: Sun Apr 24 18:38:58 2011 +0100
qed: Fix consistency check on 32-bit hosts
The qed_bytes_to_clusters() function is normally used with size_t
lengths. Consistency check used it with file size length and therefore
failed on 32-bit hosts when the image file is 4 GB or more.
Make qed_bytes_to_clusters() explicitly 64-bit and update consistency
check to keep 64-bit cluster counts.
Reported-by: Michael Tokarev <mjt at tls.msk.ru>
Signed-off-by: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
commit 419f1c3503967d85d304d776a1af85b7780fed80
Author: Michael Tokarev <mjt at tls.msk.ru>
Date: Wed Mar 30 16:31:05 2011 +0400
exit if -drive specified is invalid instead of ignoring the "wrong" -drive
This fixes the problem when qemu continues even if -drive specification
is somehow invalid, resulting in a mess. Applicable for both current
master and for stable-0.14 (and the same issue exist 0.13 and 0.12 too).
The prob can actually be seriuos: when you start guest with two drives
and make an error in the specification of one of them, and the guest
has something like a raid array on the two drives, guest may start failing
that array or kick "missing" drives which may result in a mess - this is
what actually happened to me, I did't want a resync at all, and a resync
resulted in re-writing (and allocating) a 4TB virtual drive I used for
testing, which in turn resulted in my filesystem filling up and whole
thing failing badly. Yes it was just testing VM, I experimented with
larger raid arrays, but the end result was quite, well, unexpected.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Acked-by: Jes Sorensen <Jes.Sorensen at redhat.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
commit fc5c4a7a63d80af7f4862e4965dd4ffcaedbf69a
Author: Michael S. Tsirkin <mst at redhat.com>
Date: Wed Mar 16 12:09:09 2011 +0200
vhost: fix dirty page handling
vhost was passing a physical address to cpu_physical_memory_set_dirty,
which is wrong: we need to translate to ram address first.
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
Note: this lead to crashes during migration, so the patch
is needed on the stable branch too.
commit 22da30fc281c73e352aabe88af5e7714bf7d5cc0
Author: Ryan Harper <ryanh at us.ibm.com>
Date: Tue Mar 29 20:51:47 2011 -0500
Do not delete BlockDriverState when deleting the drive
When removing a drive from the host-side via drive_del we currently have
the following path:
drive_del
qemu_aio_flush()
bdrv_close() // zaps bs->drv, which makes any subsequent I/O get
// dropped. Works as designed
drive_uninit()
bdrv_delete() // frees the bs. Since the device is still connected to
// bs, any subsequent I/O is a use-after-free.
The value of bs->drv becomes unpredictable on free. As long as it
remains null, I/O still gets dropped, however it could become non-null
at any point after the free resulting SEGVs or other QEMU state
corruption.
To resolve this issue as simply as possible, we can chose to not
actually delete the BlockDriverState pointer. Since bdrv_close()
handles setting the drv pointer to NULL, we just need to remove the
BlockDriverState from the QLIST that is used to enumerate the block
devices. This is currently handled within bdrv_delete, so move this
into its own function, bdrv_make_anon().
The result is that we can now invoke drive_del, this closes the file
descriptors and sets BlockDriverState->drv to NULL which prevents futher
IO to the device, and since we do not free BlockDriverState, we don't
have to worry about the copy retained in the block devices.
We also don't attempt to remove the qdev property since we are no longer
deleting the BlockDriverState on drives with associated drives. This
also allows for removing Drives with no devices associated either.
Reported-by: Markus Armbruster <armbru at redhat.com>
Signed-off-by: Ryan Harper <ryanh at us.ibm.com>
Acked-by: Markus Armbruster <armbru at redhat.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
commit f8a4bf59fe40c0a01368673f7e5d530714f1aacc
Author: Michael Tokarev <mjt at tls.msk.ru>
Date: Mon Mar 21 09:34:35 2011 +0100
vnc: tight: Fix crash after 2GB of output
fix 2Gb integer overflow in in VNC tight and zlib encodings
As found by Roland Dreier <roland at purestorage.com> (excellent
catch!), when amount of VNC compressed data produced by zlib
and sent to client exceeds 2Gb, integer overflow occurs because
currently, we calculate amount of data produced at each step by
comparing saved total_out with new total_out, and total_out is
something which grows without bounds. Compare it with previous
avail_out instead of total_out, and leave total_out alone.
The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c,
so fix both cases.
There, there's no actual need to save previous_out value, since
capacity-offset (which is how that value is calculated) stays
the same so it can be recalculated again after call to deflate(),
but whole thing becomes less readable this way.
Reported-by: Roland Dreier <roland at purestorage.com>
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Signed-off-by: Corentin Chary <corentin.chary at gmail.com>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
commit b3d657bce4a99f7494a1b52ed14bd22b6a288e46
Author: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Date: Tue Apr 5 23:34:04 2011 +0900
lan9118: Ignore write to MAC_VLAN1 register
On Mon, 4 Apr 2011 20:15:30 +0200, Aurelien Jarno <aurelien at aurel32.net> wrote:
> Is it really safe ignoring write to this register? If yes, it's probably
> a good idea to explain why in a comment. In any case, if supporting this
> register is easy to do, it would be the best option.
I think it is safe. Please see an updated comment below.
And though implementing this register might be possible, I suppose it
is not worth to supporting FrameTooLong detection, for now at least.
Thank you for comments.
>8---------------------------------------------------------------------
From: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Date: Tue, 5 Apr 2011 23:12:07 +0900
Subject: [PATCH] lan9118: Ignore write to MAC_VLAN1 register
Since linux 2.6.38, smsc911x driver writes to VLAN1 registger.
Since this register only affects FrameTooLong detection, ignoring
write to this register should be safe.
Signed-off-by: Atsushi Nemoto <anemo at mba.ocn.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit a0313c00fcd26530a025ff93edee32959917be8d)
commit a0af597d00c27741a0bf99720209def055f45499
Author: Ryan Harper <ryanh at us.ibm.com>
Date: Mon Mar 7 10:01:04 2011 -0600
Don't allow multiwrites against a block device without underlying medium
If the block device has been closed, we no longer have a medium to submit
IO against, check for this before submitting io. This prevents a segfault
further in the code where we dereference elements of the block driver.
Signed-off-by: Ryan Harper <ryanh at us.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf at redhat.com>
commit d4b4ba03e86eeb697f04bf1173c29530e77e0ce5
Author: Bernhard Kohl <bernhard.kohl at nsn.com>
Date: Mon Sep 6 04:42:54 2010 +0000
lsi53c895a: add support for ABORT messages
If these messages are not handled correctly the guest driver may hang.
Always mandatory:
- ABORT
- BUS DEVICE RESET
Mandatory if tagged queuing is implemented (which disks usually do):
- ABORT TAG
- CLEAR QUEUE
Signed-off-by: Bernhard Kohl <bernhard.kohl at nsn.com>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit 508240c0daecdd62ab46727f37145f2dbb029ff7)
commit 6f162b368f6af3836c78c01d1dff299fc275367f
Author: Michael S. Tsirkin <mst at redhat.com>
Date: Sat Mar 19 19:28:19 2011 +0200
virtio-pci: fix bus master work around on load
Commit c81131db15dd1844d0db1d51f3cd7a105cfd2cf3
detects old guests by comparing virtio and
PCI status. It attempts to do this on load,
as well, but load_config callback in a binding
is invoked too early and so the virtio status
isn't set yet.
We could add yet another callback to the
binding, to invoke after load, but it
seems easier to reuse the existing vmstate
callback.
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
Cc: Alexander Graf <agraf at suse.de>
(cherry picked from commit 89c473fd82daf7dddad8162a683bcd0ef671ecda)
commit b25a1bbcda04cc5b14e804f0c135e0e2708d6881
Author: René Rebe <rene at exactcode.de>
Date: Mon Mar 21 11:33:21 2011 +0100
fix applesmc REV key
Fix applesmc REV key string literal hex encoding.
Signed-off-by: René Rebe <rene at exactcode.de>
Acked-by: Alexander Graf <agraf at suse.de>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit 7f90fa77b8f0dbe2e9d221953b8f9a6af6a3128a)
commit 3d19c4e338e3281cf91bf29f32e8624bda3cc14c
Author: Aurelien Jarno <aurelien at aurel32.net>
Date: Mon Mar 7 07:17:49 2011 +0100
rbd: don't link with -lcrypto
rbd support tries to both link with -lrados and -lcrypto. While the
first one is of course necessary, the second is not necessary (only
librados ifself needs to link with libcrypto).
This fixes a licensing issue: qemu as a whole is GPL v2, and thus can't
be linked with OpenSSL without an exception in the license, which seems
difficult to get given the number of persons involved.
Cc: Christian Brunner <chb at muc.de>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit cc4e8741ccdaa905017f3c7c59e14c685a239c2d)
commit 2288eb3af2506a6950a6e3993c0e0cd0b0ad212b
Author: Jason Wang <jasowang at redhat.com>
Date: Fri Feb 25 16:11:27 2011 +0800
net: Add the missing option declaration of "vhostforce"
Signed-off-by: Jason Wang <jasowang at redhat.com>
Acked-by: Michael S. Tsirkin <mst at redhat.com>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit 96c94b298f99d6edf4e49d03cc8458f5b6e9d5f0)
commit ecebecffe3cbf73bd1a02148c186c0611a68b9b2
Author: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Date: Wed Jan 26 12:31:00 2011 +0000
lsi53c895a: Update dnad when skipping MSGOUT bytes
Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase. Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.
Tested on Linux and Windows Server 2003.
Signed-off-by: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit 444dd39b5f226926e8b8a950821e6f48a5da3ccd)
commit 6f9cace17abb630e9a8f82e36d94a04f66983c7c
Author: Aurelien Jarno <aurelien at aurel32.net>
Date: Mon Feb 21 15:53:05 2011 +0100
Revert "prep: Disable second IDE channel, as long as ISA IDE emulation doesn't support same irq for both channels"
This reverts commit 491e2a338fdf8310c84f6ebaed1683a871a0700e.
(cherry picked from commit 81aa06471a5c0ae45537b15f5b44e3f82488cdf5)
commit 57c864b1f32986116947d5e94218ec623ce393de
Author: Jan Kiszka <jan.kiszka at siemens.com>
Date: Sat Feb 19 18:56:22 2011 +0100
isa-bus: Remove bogus IRQ sharing check
Nothing prevented IRQ sharing on the ISA bus in principle. Not all
boards supported this, neither each and every card nor driver and OS.
Still, there existed valid IRQ sharing scenarios, (at least) two of them
can also be found in QEMU: >2 PC UARTs and the PREP IDE buses.
So remove this artificial restriction from our ISA model.
Signed-off-by: Jan Kiszka <jan.kiszka at siemens.com>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit ee951a37d8873bff7aa58e23222dfd984111b6cb)
commit 4b35dfea68539b9737749bf0e70a9dd4d253544c
Author: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Date: Thu Mar 3 21:42:28 2011 +0000
virtio-net: Fix lduw_p() pointer argument of wrong size
A pointer to a size_t variable was passed as the void * pointer to
lduw_p() in virtio_net_receive(). Instead of acting on the 16-bit value
this caused failure on big-endian hosts.
Avoid this issue in the future by using stw_p() instead. In general we
should use ld*_p() for loading from target memory and st*_p() for
storing to target memory anyway, not the other way around.
Also tighten up a correct use of lduw_p() when stw_p() should be used
instead in virtio_net_get_config().
Signed-off-by: Stefan Hajnoczi <stefanha at linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
(cherry picked from commit b46d97f2d2fd7c099b11e610de630918dfd11fa1)
commit cdd8152e56422d37e0d38454552bac5bc8ce4838
Author: Peter Maydell <peter.maydell at linaro.org>
Date: Fri Feb 18 13:39:00 2011 +0000
hw/sd.c: Add missing state change for SD_STATUS, SEND_NUM_WR_BLOCKS
The SD_STATUS and SEND_NUM_WR_BLOCKS commands are supposed to cause
the card to send data back to the host. However sd.c was missing the
state change to sd_sendingdata_state for these commands, with the effect
that the Linux driver would either hang indefinitely waiting for
nonexistent data (pl181) or read zeroes and provoke a qemu warning
message (omap).
Signed-off-by: Peter Maydell <peter.maydell at linaro.org>
Signed-off-by: Aurelien Jarno <aurelien at aurel32.net>
commit 74b121a007c52b435870def4b1f1e6c42042bf51
Author: Stefan Weil <weil at mail.berlios.de>
Date: Wed Feb 16 20:48:00 2011 +0100
vnc: Fix fatal crash with vnc reverse mode
Reverse mode is unusable:
qemu -vnc localhost:5500,reverse
crashes in vnc_refresh_server_surface because some pointers are NULL.
Fix this by calling vnc_dpy_resize (which initializes these pointers)
before calling vnc_refresh.
Cc: Anthony Liguori <aliguori at us.ibm.com>
Signed-off-by: Stefan Weil <weil at mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori at us.ibm.com>
More information about the Spice-commits
mailing list