| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
trick the block probing code into accessing arbitrary files in a guest. To
mitigate this, we added an explicit format parameter to -drive which disabling
block probing.
Fast forward to today, and the vast majority of users do not use this parameter.
libvirt does not use this by default nor does virt-manager.
Most users want block probing so we should try to make it safer.
This patch adds some logic to the raw device which attempts to detect a write
operation to the beginning of a raw device. If the first 4 bytes happen to
match an image file that has a backing file that we support, it scrubs the
signature to all zeros. If a user specifies an explicit format parameter, this
behavior is disabled.
I contend that while a legitimate guest could write such a signature to the
header, we would behave incorrectly anyway upon the next invocation of QEMU.
This simply changes the incorrect behavior to not involve a security
vulnerability.
I've tested this pretty extensively both in the positive and negative case. I'm
not 100% confident in the block layer's ability to deal with zero sized writes
particularly with respect to the aio functions so some additional eyes would be
appreciated.
Even in the case of a single sector write, we have to make sure to invoked the
completion from a bottom half so just removing the zero sized write is not an
option.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This mistake makes PCI devices can't work correctly.
Signed-off-by: Huacai Chen <zltjiangshi@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Commit 5989020bc11f8ba448d6fb79f4562f882a693d89 introduced a chardev
option to disable signals on stdio. Add the corresponding documentation.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Update PPC, Sparc32 and Sparc64 OpenBIOS images to r821.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Disks without media make no sense. For SCSI, a Linux guest kernel
complains during boot. I didn't try other combinations.
scsi-generic doesn't need the additional check, because it already
requires bdrv_is_sg(), which fails without media.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Move the check from virtio_blk_init_pci(), where it protects only
virtio-blk-pci, to virtio_blk_init(). Without that, virtio-blk-s390
initializes without a drive. I figure that can lead to null pointer
dereferences.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
It can't actually fail now, but the next commit will change that.
s390_virtio_blk_init() already checks for failure, but
virtio_blk_init_pci() doesn't. Fix that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
When there is no block driver associate with BlockDriverState bdrv_getlength
returns -ENOMEDIUM that cause block migration to fail
Signed-off-by: Shahar Havivi <shaharh@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Replace rebase by resize in documentation of resize command.
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
In addition to the previous fix for calling do_flush_queued_data() only
when the virtqueue is ready, ensure do_flush_queued_data() gets a vq
that's suitably initialised.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
If a virtio-serial port is removed before the guest comes up and
initialises the virtqueues, qemu exits with the message
Guest moved used index from 0 to 61440
This happens because we try to clear any pending buffers from the
virtqueue.
Ensure the virtqueue is initialised before calling any virtqueue
operations.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
While running in debug mode if 9P server is unable to open the log file
it results in a SEGV deep down in glibc:
Program received signal SIGSEGV, Segmentation fault.
0x008fca8c in fwrite () from /lib/libc.so.6
(gdb) bt
#0 0x008fca8c in fwrite () from /lib/libc.so.6
#1 0x081eb87e in pprint_pdu (pdu=0x89a52e1c)
at /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio-9p-debug.c:380
#2 0x0806dad8 in submit_pdu (s=0x897dc008, pdu=0x89a52e1c)
at /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio-9p.c:3092
#3 0x0806dc63 in handle_9p_output (vdev=0x897dc008, vq=0x86d8218)
at /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio-9p.c:3122
#4 0x081ac728 in virtio_queue_notify (vdev=0x897dc008, n=0)
at /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio.c:563
#5 0x08063876 in virtio_ioport_write (opaque=0x86d7b98, addr=16, val=0)
at /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio-pci.c:222
#6 0x08063e26 in virtio_pci_config_writew (opaque=0x86d7b98, addr=16, val=0)
at /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio-pci.c:357
#7 0x080c881a in ioport_write (index=1, address=49296, data=0) at ioport.c:80
#8 0x080c8d4c in cpu_outw (addr=49296, val=0) at ioport.c:204
#9 0x08073010 in kvm_handle_io (port=49296, data=0xab393000, direction=1, size=2, count=1)
at /data/sripathi/code/qemu/new/qemu-next-upstream/kvm-all.c:735
...
...
This is ugly and misleading. The following patch adds a BUG_ON to catch this
error. With this patch we get an abort message like the following, which makes
it easier to analyze:
f12-kvm login: qemu: /data/sripathi/code/qemu/new/qemu-next-upstream/hw/virtio-9p-debug.c:353: pprint_pdu: Assertion `!(!llogfile)' failed.
Signed-off-by: Sripathi Kodi <sripathik@in.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
No need to call cpu_register_physical_memory() for a zero sized area.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
|
|
- 17d3e46 smbios: Allow all fields to be set via qemu_cfg_smbios_load_field()
- 0d6b8d5 seabios: pciinit: use pci device initializer helper function.
- 968d3a8 seabios: pci: introduce helper function to initialize a given device.
- 4e0daae virtio: Clear interrupt status register in virtio-blk
- af0963d seabios: pciinit: initialize pci bridge filtering registers.
- f441666 seabios: pciinit: pci bridge bus initialization.
- 5d0de15 seabios: pciinit: make bar offset calculation pci bridge aware.
- a65821d seabios: pciinit: factor out bar offset calculation.
- 0a8eada seabios: pciinit: make pci bar assigner preferchable memory aware.
- dfd94fa seabios: pciinit: make pci memory space assignment 64bit aware.
- b9e4721 seabios: pciinit: factor out pci bar region allocation logic.
- edd9911 seabios: pci: introduce foreachpci_in_bus() helper macro.
- f79a462 Add romfile_size() wrapper for accessing cbfs/qemu_cfg files.
- afbed1b Initial bootsplash support.
- 83d6ed6 Update TODO
- 1d7d893 Fix bvprintf() to respect padding for hex printing.
- e230426 Unify optionrom cbfs/qemu_cfg rom pulling code.
- 8cb8ba5 SeaBIOS VGA hooks
- 203f6f3 SeaBIOS CD/DVD abbreviations
- 12cbb43 seabios: remove iasl output file when error.
- d5d02b6 Allocate cdemu buffer in low mem instead of ebda.
- 8f59aa3 Introduce memcpy_fl - a memcpy on "flat" pointers.
- 42a1d4c Rework malloc to use a "first fit" algorithm.
- 34e9cc5 Minor mptable changes.
- 0f3783b virtio: clean up memory barrier usage
- bfe4d60 virtio: remove NO_NOTIFY optimization
- bb68591 Don't use RTC to time boot menu delay.
- b5cc2ca Generalize timer based delay code.
- 144817b Rename check_time() to check_tsc().
- 9c447c3 Allow wait_irq to be called in 32bit code.
- 49cc72b Improve optionrom debugging statements.
- c65a4a6 Minor - compile out usb-msc code if CONFIG_USB_MSC not set.
- 456479e Minor ata cleanups.
- 2515a72 Make sure virtio-blk is fully compiled out if not wanted.
- c4fe135 Minor - split up virtio_blk_setup().
- 4030db0 fix two issues with virtio-blk
- ea8ac63 Minor improvements to virtio (allow irqs, allocate page aligned).
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
The file, vt82c686.c, was added after the change set of
b80d4a9887fa4b6cc63f8c3a13ab2a45054d3e5c and
fecb93c45c749a4c994d8d12bdee17ce2012de9e
are created, but before the patch series was commit.
So similar fix is needed to vt82c686.c.
Cc: Huacai Chen <zltjiangshi@gmail.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
|
|
Add support for the following missing priviledged intructions:
For SH4:
- stc sgr, Rn
- stc.l sgr, @-Rn
For SH4A:
- ldc Rm, sgr
- ldc.l @Rm+, sgr
Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
The LDST macro is used to generate ldc and stc instructions that work with a
specific register. However, the SGR register only supports stc up to SH4A,
which supports both stc and ldc. This patch creates two sub-macros named LD
and ST that handle generating ldc and stc instructions separately, and
redeclares LDST to use these sub-macro.
Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
bridge config write should trigger updates
on the secondary bus. never on the primary bus.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
We were requesting too much when checking buffer
length: size already includes host header length.
Further, we should not exit if we get a packet that
is too long, since this might not be under control
of the guest. Just drop the packet.
Red Hat bz 591494
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
make pci hotplug callback return value to caller.
And when returning error, allocated resources are freed.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Make init value for this register match the spec.
BAR address is 0 at init, so enabling it
only works by chance.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Make rtl8139 spec compliant, fixing reset values
for command register.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
pcnet enables memory/io on init, which
does not make sense as BAR values are wrong.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
|
|
Clear interrupt disable bit on reset, according to PCI spec.
Fix pci_device_reset() with 64bit BAR.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Intel Macs have a chip called the "AppleSMC" which they use to control
certain Apple specific parts of the hardware, like the keyboard background
light.
That chip is also used to store a key that Mac OS X uses to decrypt binaries.
This patch adds emulation for that chip, so we're getting one step further
to having Mac OS X run natively on Qemu.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
rewuired -> required
ths -> this
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
So interpret it by hand.
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
There were fsdev/qemu-fsdev.{o,d} not removed at "make clean".
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Set PCI multi-function bit according to multifunction property.
PCI address, devfn ,is exported to users as addr property,
so users can populate pci function(PCIDevice in qemu)
at arbitrary devfn.
It means each function(PCIDevice) don't know whether pci device
(PCIDevice[8]) is multi function or not.
So this patch allows user to set multifunction bit via property
and checks whether multifunction bit is set correctly.
Cc: Juan Quintela <quintela@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
make pci bridge aware of pci multi function property and let pci generic
code to set the bit.
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
use pci_create_simple_multifunction() for normal device which sets
multifunction bit.
At the moment, only pc_piix.c and mips_malta.c uses multifunction
devices with piix3/4 pci-isa bridge.
And other boards don't populate those devices.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
introduce multifunction property.
Also introduce new convenient device creation function which
will be used later.
For bisectability this patch doesn't do anything, but sets the property
resulting in no functional changes.
Actual changes will be introduced by later patch.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
implement qdev_prop_set_bit().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
replace PCIDeviceInfo::header_type with is_bridge
as suggested by Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Don't overwrite pci header type.
Otherwise, multi function bit which pci_init_header_type() sets
appropriately is lost.
Anyway PCI_HEADER_TYPE_NORMAL is zero, so it is unnecessary to zero
which is already zero cleared.
how to test:
run qemu and issue info pci to see whether a device in question is
normal device, not pci-to-pci bridge.
This is handy because guest os isn't required.
tested changes:
The following files are covered by using following commands.
sparc64-softmmu
apb_pci.c, vga-pci.c, cmd646.c, ne2k_pci.c, sun4u.c
ppc-softmmu
grackle_pci.c, cmd646.c, ne2k_pci.c, vga-pci.c, macio.c
ppc-softmmu -M mac99
unin_pci.c(uni-north, uni-north-agp)
ppc64-softmmu
pci-ohci, ne2k_pci, vga-pci, unin_pci.c(u3-agp)
x86_64-softmmu
acpi_piix4.c, ide/piix.c, piix_pci.c
-vga vmware vmware_vga.c
-watchdog i6300esb wdt_i6300esb.c
-usb usb-uhci.c
-sound ac97 ac97.c
-nic model=rtl8139 rtl8139.c
-nic model=pcnet pcnet.c
-balloon virtio virtio-pci.c:
untested changes:
The following changes aren't tested.
prep_pci.c: ppc-softmmu -M prep should cover, but core dumped.
unin_pci.c(uni-north-pci): the caller is commented out.
openpic.c: the caller is commented out in ppc_prep.c
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
device.
Auto-assigned-address pci function (passing devfn = -1) is always
single function.
This patch adds assert() to guarantee that auto-assigned-address function
is always single function device at function = 0.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Use PCI_DEVFN() and PCI_FUNC_MAX where appropriate.
This patch make it clear that func = 0.
test:
The following object files with/without this patch are stripped and compared.
They remains same.
arm-softmmu/versatile_pci.o
libhw32/ppce500_pci.o
libhw32/unin_pci.o
libhw64/ppce500_pci.o
libhw64/unin_pci.o
mips-softmmu/gt64xxx.o
mips64-softmmu/gt64xxx.o
mips64el-softmmu/gt64xxx.o
mipsel-softmmu/gt64xxx.o
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yu Liu <yu.liu@freescale.com>
Cc: Paul Brook <paul@codesourcery.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
This patch adds support for loongson 2E & 2F instructions. They are the
same instructions, but differ by the opcode encoding.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
With gcc 4.2.1-sjlj (mingw32-2) I get this warning:
/src/qemu/exec.c: In function 'qemu_ram_alloc':
/src/qemu/exec.c:2777: warning: 'offset' may be used uninitialized in this function
Fix by initializing the variable.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
WIN32 is not only the system which doesn't have TCP_CORK (e.g. OS X).
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
|
|
Now that we have a working qemu_ram_free() and the primary runtime
user of it has been updated, don't be lenient about duplicate id strings.
We also shouldn't need to create them ondemand at the target.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
