diff options
-rw-r--r-- | hw/net/virtio-net.c | 3 | ||||
-rw-r--r-- | hw/ppc/spapr.c | 4 | ||||
-rw-r--r-- | nbd/server.c | 10 | ||||
-rw-r--r-- | target/ppc/machine.c | 4 | ||||
-rw-r--r-- | util/qemu-sockets.c | 3 |
5 files changed, 20 insertions, 4 deletions
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 150fd0748e..38674b08aa 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -288,7 +288,8 @@ static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status) qemu_bh_cancel(q->tx_bh); } if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 && - (queue_status & VIRTIO_CONFIG_S_DRIVER_OK)) { + (queue_status & VIRTIO_CONFIG_S_DRIVER_OK) && + vdev->vm_running) { /* if tx is waiting we are likely have some packets in tx queue * and disabled notification */ q->tx_waiting = 0; diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 4d0a84f3ec..9efddeaee5 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1373,6 +1373,8 @@ void spapr_reallocate_hpt(sPAPRMachineState *spapr, int shift, DIRTY_HPTE(HPTE(spapr->htab, i)); } } + /* We're setting up a hash table, so that means we're not radix */ + spapr->patb_entry = 0; } void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr) @@ -1392,8 +1394,6 @@ void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr) spapr->rma_size = kvmppc_rma_size(spapr_node0_size(MACHINE(spapr)), spapr->htab_shift); } - /* We're setting up a hash table, so that means we're not radix */ - spapr->patb_entry = 0; } static void find_unknown_sysbus_device(SysBusDevice *sbdev, void *opaque) diff --git a/nbd/server.c b/nbd/server.c index 7d6801b427..92c0fdd03b 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -386,6 +386,10 @@ static int nbd_negotiate_handle_info(NBDClient *client, uint32_t length, msg = "name length is incorrect"; goto invalid; } + if (namelen >= sizeof(name)) { + msg = "name too long for qemu"; + goto invalid; + } if (nbd_read(client->ioc, name, namelen, errp) < 0) { return -EIO; } @@ -673,6 +677,12 @@ static int nbd_negotiate_options(NBDClient *client, uint16_t myflags, } length = be32_to_cpu(length); + if (length > NBD_MAX_BUFFER_SIZE) { + error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)", + length, NBD_MAX_BUFFER_SIZE); + return -EINVAL; + } + trace_nbd_negotiate_options_check_option(option, nbd_opt_lookup(option)); if (client->tlscreds && diff --git a/target/ppc/machine.c b/target/ppc/machine.c index 384caee800..24117e8f31 100644 --- a/target/ppc/machine.c +++ b/target/ppc/machine.c @@ -237,9 +237,11 @@ static int cpu_post_load(void *opaque, int version_id) #if defined(TARGET_PPC64) if (cpu->compat_pvr) { + uint32_t compat_pvr = cpu->compat_pvr; Error *local_err = NULL; - ppc_set_compat(cpu, cpu->compat_pvr, &local_err); + cpu->compat_pvr = 0; + ppc_set_compat(cpu, compat_pvr, &local_err); if (local_err) { error_report_err(local_err); return -1; diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index 8b75541ce4..a1cf47e625 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -1079,6 +1079,9 @@ void socket_listen_cleanup(int fd, Error **errp) SocketAddress *addr; addr = socket_local_address(fd, errp); + if (!addr) { + return; + } if (addr->type == SOCKET_ADDRESS_TYPE_UNIX && addr->u.q_unix.path) { |