1. 06 Jan, 2021 1 commit
    • Gan Qixin's avatar
      qtest/libqtest: fix heap-buffer-overflow in qtest_cb_for_every_machine() · c7baac5e
      Gan Qixin authored and Thomas Huth's avatar Thomas Huth committed
      When the length of mname is less than 5, memcpy("xenfv", mname, 5) will cause
      heap buffer overflow. Therefore, use strncmp to avoid this problem.
      
      The asan showed stack:
      
      ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000f2f4 at
      pc 0x7f65d8cc2225 bp 0x7ffe93cc5a60 sp 0x7ffe93cc5208 READ of size 5 at
      0x60200000f2f4 thread T0
          #0 0x7f65d8cc2224 in memcmp (/lib64/libasan.so.5+0xdf224)
          #1
      
       0x5632c20be95b in qtest_cb_for_every_machine tests/qtest/libqtest.c:1282
          #2 0x5632c20b7995 in main tests/qtest/test-hmp.c:160
          #3 0x7f65d88fed42 in __libc_start_main (/lib64/libc.so.6+0x26d42)
          #4 0x5632c20b72cd in _start (build/tests/qtest/test-hmp+0x542cd)
      
      Reported-by: default avatarEuler Robot <euler.robot@huawei.com>
      Signed-off-by: default avatarGan Qixin <ganqixin@huawei.com>
      Reviewed-by: Laurent Vivier's avatarLaurent Vivier <lvivier@redhat.com>
      Message-Id: <20210106050625.518041-1-ganqixin@huawei.com>
      Signed-off-by: Thomas Huth's avatarThomas Huth <thuth@redhat.com>
      c7baac5e
  2. 03 Jan, 2021 1 commit
  3. 01 Jan, 2021 5 commits
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/ehabkost-gl/tags/machine-next-pull-request' into staging · 41192db3
      Peter Maydell authored
      
      
      Machine queue, 2020-12-23
      
      Cleanup:
      * qdev code cleanup (Eduardo Habkost)
      
      Bug fix:
      * hostmem: Free host_nodes list right after visited (Keqian Zhu)
      
      # gpg: Signature made Wed 23 Dec 2020 21:25:58 GMT
      # gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
      # gpg:                issuer "ehabkost@redhat.com"
      # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
      # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6
      
      * remotes/ehabkost-gl/tags/machine-next-pull-request:
        bugfix: hostmem: Free host_nodes list right after visited
        qdev: Avoid unnecessary DeviceState* variable at set_prop_arraylen()
        qdev: Rename qdev_get_prop_ptr() to object_field_prop_ptr()
        qdev: Move qdev_prop_tpm declaration to tpm_prop.h
        qdev: Make qdev_class_add_property() more flexible
        qdev: Make PropertyInfo.create return ObjectProperty*
        qdev: Move dev->realized check to qdev_property_set()
        qdev: Wrap getters and setters in separate helpers
        qdev: Add name argument to PropertyInfo.create method
        qdev: Add name parameter to qdev_class_add_property()
        qdev: Avoid using prop->name unnecessarily
        qdev: Get just property name at error_set_from_qdev_prop_error()
        sparc: Use DEFINE_PROP for nwindows property
        qdev: Reuse DEFINE_PROP in all DEFINE_PROP_* macros
        qdev: Move softmmu properties to qdev-properties-system.h
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      41192db3
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20201222' into staging · 83734919
      Peter Maydell authored
      
      
      Further s390x updates:
      - enhance the s390 devices acceptance test
      - tcg: improve carry computation
      - qga: send the ccw address with the fsinfo data
      - fixes for protected virtualisation and zpci
      
      # gpg: Signature made Tue 22 Dec 2020 10:37:34 GMT
      # gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
      # gpg:                issuer "cohuck@redhat.com"
      # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
      # gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
      # gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
      # gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
      # gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
      # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF
      
      * remotes/cohuck-gitlab/tags/s390x-20201222:
        tests/acceptance: Add a test with the Fedora 31 kernel and initrd
        s390x/pci: Fix memory_region_access_valid call
        s390x/pci: fix pcistb length
        tests/acceptance: Test the virtio-balloon device on s390x
        tests/acceptance: Test virtio-rng on s390 via /dev/hwrng
        tests/acceptance: Extract the code to clear dmesg and wait for CRW reports
        tests/acceptance: test hot(un)plug of ccw devices
        target/s390x: Improve SUB LOGICAL WITH BORROW
        target/s390x: Improve cc computation for SUBTRACT LOGICAL
        target/s390x: Improve ADD LOGICAL WITH CARRY
        target/s390x: Improve cc computation for ADD LOGICAL
        qga/commands-posix: Send CCW address on s390x with the fsinfo data
        MAINTAINERS: move my git tree to gitlab
        s390x: pv: Fence additional unavailable SCLP facilities for PV guests
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      83734919
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-12-21' into staging · 3896895a
      Peter Maydell authored
      
      
      * Two fuzzer patches from Alexander
      * Show logs of failed acceptance jobs in the gitlab-CI
      
      # gpg: Signature made Mon 21 Dec 2020 13:38:37 GMT
      # gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
      # gpg:                issuer "thuth@redhat.com"
      # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
      # gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
      # gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
      # gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
      # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5
      
      * remotes/huth-gitlab/tags/pull-request-2020-12-21:
        gitlab-ci: Archive logs of acceptance tests
        gitlab-ci: Refactor code that show logs of failed acceptances
        tests/acceptance: Bump avocado requirements to 83.0
        fuzz: fix the generic-fuzz-floppy config
        fuzz: Add more i386 configurations for fuzzing
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      3896895a
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-12-19' into staging · 1f7c0279
      Peter Maydell authored
      
      
      QAPI patches patches for 2020-12-19
      
      # gpg: Signature made Sat 19 Dec 2020 09:40:05 GMT
      # gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
      # gpg:                issuer "armbru@redhat.com"
      # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
      # gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
      # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653
      
      * remotes/armbru/tags/pull-qapi-2020-12-19: (33 commits)
        qobject: Make QString immutable
        block: Use GString instead of QString to build filenames
        keyval: Use GString to accumulate value strings
        json: Use GString instead of QString to accumulate strings
        migration: Replace migration's JSON writer by the general one
        qobject: Factor JSON writer out of qobject_to_json()
        qobject: Factor quoted_str() out of to_json()
        qobject: Drop qstring_get_try_str()
        qobject: Drop qobject_get_try_str()
        Revert "qobject: let object_property_get_str() use new API"
        block: Avoid qobject_get_try_str()
        qmp: Fix tracing of non-string command IDs
        qobject: Move internals to qobject-internal.h
        hw/rdma: Replace QList by GQueue
        Revert "qstring: add qstring_free()"
        qobject: Change qobject_to_json()'s value to GString
        qobject: Use GString instead of QString to accumulate JSON
        qobject: Make qobject_to_json_pretty() take a pretty argument
        monitor: Use GString instead of QString for output buffer
        hmp: Simplify how qmp_human_monitor_command() gets output
        ...
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      1f7c0279
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging · 50536341
      Peter Maydell authored
      
      
      RDMA queue
      
      *  bug fix in contrib/rdmacm-mux
      
      # gpg: Signature made Fri 18 Dec 2020 18:40:53 GMT
      # gpg:                using RSA key 36D4C0F0CF2FE46D
      # gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>" [marginal]
      # gpg:                 aka "Marcel Apfelbaum <marcel@redhat.com>" [marginal]
      # gpg:                 aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>" [marginal]
      # gpg: WARNING: This key is not certified with sufficiently trusted signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: B1C6 3A57 F92E 08F2 640F  31F5 36D4 C0F0 CF2F E46D
      
      * remotes/marcel/tags/rdma-pull-request:
        contrib/rdmacm-mux: Fix error condition in hash_tbl_search_fd_by_ifid()
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      50536341
  4. 31 Dec, 2020 4 commits
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-12-18' into staging · 26f6b15e
      Peter Maydell authored
      
      
      Block patches:
      - New block filter: preallocate (which, on writes beyond an image file's
        end, allocates big chunks of data so that such post-EOF writes will
        occur less frequently)
      - write-zeroes and block-status support for Quorum
      - Implementation of truncate for the nvme block driver similarly to the
        existing implementations for host block devices and iscsi devices
      - Block layer refactoring: Drop the tighten_restrictions concept in the
        block permission functions
      - iotest fixes
      
      # gpg: Signature made Fri 18 Dec 2020 14:45:30 GMT
      # gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
      # gpg:                issuer "mreitz@redhat.com"
      # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
      # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40
      
      * remotes/maxreitz/tags/pull-block-2020-12-18: (30 commits)
        iotests: Fix _send_qemu_cmd with bash 5.1
        iotests/102: Pass $QEMU_HANDLE to _send_qemu_cmd
        block/nvme: Implement fake truncate() coroutine
        quorum: Implement bdrv_co_pwrite_zeroes()
        quorum: Implement bdrv_co_block_status()
        scripts/simplebench: add bench_prealloc.py
        simplebench/results_to_text: make executable
        simplebench/results_to_text: add difference line to the table
        simplebench/results_to_text: improve view of the table
        simplebench: move results_to_text() into separate file
        simplebench: rename ascii() to results_to_text()
        scripts/simplebench: use standard deviation for +- error
        scripts/simplebench: support iops
        scripts/simplebench: fix grammar: s/successed/succeeded/
        iotests: add 298 to test new preallocate filter driver
        iotests.py: execute_setup_common(): add required_fmts argument
        iotests: qemu_io_silent: support --image-opts
        qemu-io: add preallocate mode parameter for truncate command
        block: introduce preallocate filter
        block: bdrv_check_perm(): process children anyway
        ...
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      26f6b15e
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging · c7e48f91
      Peter Maydell authored
      
      
      Block layer patches:
      
      - Add qemu-storage-daemon documentation
      - hw/block/nand: Decommission the NAND museum
      - vpc: Clean up some buffer abuse
      - nfs: fix int overflow in nfs_client_open_qdict
      - Several iotests fixes
      
      # gpg: Signature made Fri 18 Dec 2020 12:07:30 GMT
      # gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
      # gpg:                issuer "kwolf@redhat.com"
      # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
      # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6
      
      * remotes/kevin/tags/for-upstream:
        block/vpc: Use sizeof() instead of HEADER_SIZE for footer size
        block/vpc: Pass footer buffers as VHDFooter * instead of uint8_t *
        block/vpc: Pad VHDFooter, replace uint8_t[] buffers
        block/vpc: Use sizeof() instead of 1024 for dynamic header size
        block/vpc: Pad VHDDynDiskHeader, replace uint8_t[] buffers
        block/vpc: Make vpc_checksum() take void *
        block/vpc: Don't abuse the footer buffer for dynamic header
        block/vpc: Don't abuse the footer buffer as BAT sector buffer
        block/vpc: Make vpc_open() read the full dynamic header
        iotests:172: use _filter_qom_path
        iotests: make _filter_qom_path more strict
        MAINTAINERS: add Kevin Wolf as storage daemon maintainer
        docs: add qemu-storage-daemon(1) man page
        docs: generate qemu-storage-daemon-qmp-ref(7) man page
        block/nfs: fix int overflow in nfs_client_open_qdict
        hw/block/nand: Decommission the NAND museum
        iotests/210: Fix reference output
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      c7e48f91
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20201218a' into staging · 3fb340cc
      Peter Maydell authored
      
      
      Monitor, virtiofsd and migration pull
      
      HMP cleanups
      Migration fixes
        Note the change in behaviour of not allowing a postmigrate migrtion
        rather than crashing
      
      Virtiofsd cleanups and fixes
        --thread-pool-size=0 for no thread pool (faster for some workloads)
      
      Signed-off-by: Dr. David Alan Gilbert's avatarDr. David Alan Gilbert <dgilbert@redhat.com>
      
      # gpg: Signature made Fri 18 Dec 2020 10:39:37 GMT
      # gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
      # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
      # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7
      
      * remotes/dgilbert/tags/pull-migration-20201218a:
        migration: Don't allow migration if vm is in POSTMIGRATE
        savevm: Delete snapshots just created in case of error
        savevm: Remove dead code in save_snapshot()
        docs/devel/migration: Improve debugging section a bit
        virtiofsd: Remove useless code about send_notify_iov
        virtiofsd: update FUSE_FORGET comment on "lo_inode.nlookup"
        virtiofsd: Check file type in lo_flush()
        virtiofsd: Disable posix_lock hash table if remote locks are not enabled
        virtiofsd: Set up posix_lock hash table for root inode
        virtiofsd: make the debug log timestamp on stderr more human-readable
        virtiofsd: Use --thread-pool-size=0 to mean no thread pool
        hmp-commands.hx: List abbreviation after command for cont, quit, print
        monitor:Don't use '#' flag of printf format ('%#') in format strings
        monitor:braces {} are necessary for all arms of this statement
        monitor:open brace '{' following struct go on the same line
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      3fb340cc
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging · 091774bf
      Peter Maydell authored
      
      
      Add MIPS Loongson 2F/3A
      sparc64 bug fix
      Implement copy_file_range
      Add most IFTUN ioctls
      Fix mremap
      
      # gpg: Signature made Fri 18 Dec 2020 10:23:43 GMT
      # gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
      # gpg:                issuer "laurent@vivier.eu"
      # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
      # gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
      # gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
      # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C
      
      * remotes/vivier2/tags/linux-user-for-6.0-pull-request:
        linux-user/sparc: Handle tstate in sparc64_get/set_context()
        linux-user/sparc: Don't restore %g7 in sparc64_set_context()
        linux-user/sparc: Remove unneeded checks of 'err' from sparc64_get_context()
        linux-user/sparc: Correct sparc64_get/set_context() FPU handling
        linux-user: Add most IFTUN ioctls
        linux-user: Implement copy_file_range
        docs/user: Display linux-user binaries nicely
        linux-user: Add support for MIPS Loongson 2F/3A
        linux-user/elfload: Update HWCAP bits from linux 5.7
        linux-user/elfload: Introduce MIPS GET_FEATURE_REG_EQU() macro
        linux-user/elfload: Introduce MIPS GET_FEATURE_REG_SET() macro
        linux-user/elfload: Rename MIPS GET_FEATURE() as GET_FEATURE_INSN()
        linux-user/elfload: Move GET_FEATURE macro out of get_elf_hwcap() body
        linux-user/mmap.c: check range of mremap result in target address space
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      091774bf
  5. 30 Dec, 2020 1 commit
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-12-18' into staging · 65a3c598
      Peter Maydell authored
      
      
      * Compile QEMU with -Wimplicit-fallthrough=2 to avoid bugs in
        switch-case statements
      
      # gpg: Signature made Fri 18 Dec 2020 08:19:04 GMT
      # gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
      # gpg:                issuer "thuth@redhat.com"
      # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
      # gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
      # gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
      # gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
      # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5
      
      * remotes/huth-gitlab/tags/pull-request-2020-12-18:
        configure: Compile with -Wimplicit-fallthrough=2
        hw/rtc/twl92230: Add missing 'break'
        bsd-user: Silence warnings about missing fallthrough statement
        tests/fp: Do not emit implicit-fallthrough warnings in the softfloat tests
        tcg/optimize: Add fallthrough annotations
        target/sparc/win_helper: silence the compiler warnings
        target/sparc/translate: silence the compiler warnings
        accel/tcg/user-exec: silence the compiler warnings
        hw/intc/arm_gicv3_kvm: silence the compiler warnings
        target/i386: silence the compiler warnings in gen_shiftd_rm_T1
        hw/timer/renesas_tmr: silence the compiler warnings
        hw/rtc/twl92230: Silence warnings about missing fallthrough statements
        target/unicore32/translate: Add missing fallthrough annotations
        disas/libvixl: Fix fall-through annotation for GCC >= 7
      
      Signed-off-by: Peter Maydell's avatarPeter Maydell <peter.maydell@linaro.org>
      65a3c598
  6. 22 Dec, 2020 1 commit
  7. 21 Dec, 2020 13 commits
  8. 19 Dec, 2020 14 commits