aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-24softfloat: Clarify license statussf-relicensingPeter Maydell
The code in the softfloat source files is under a mixture of licenses: the original code and many changes from QEMU contributors are under the base SoftFloat-2a license; changes from Stefan Weil and RedHat employees are GPLv2-or-later; changes from Fabrice Bellard are under the BSD license. Clarify this in the comments at the top of each affected source file, including a statement about the assumed licensing for future contributions, so we don't need to remember to ask patch submitters explicitly to pick a license. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24softfloat: reimplement SNAN_BIT_IS_ONE supportPeter Maydell
Reimplement support for architectures where the most significant bit in the mantissa is 1 for a signaling NaN rather than a quiet NaN, by adding handling for SNAN_BIT_IS_ONE being set to the functions which test values for NaN-ness. This includes restoring the bugfixes lost in the reversion where some of the float*_is_quiet_nan() functions were returning true for both signaling and quiet NaNs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24softfloat: Implement uint64_to_float64() and uint64_to_float32()Peter Maydell
Reimplement from scratch the uint64_to_float64() and uint64_to_float32() conversion functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24softfloat: Revert remaining parts of commits b645bb4885 and 5a6932d51dPeter Maydell
Revert the parts of commits b645bb4885 and 5a6932d51d which are still in the codebase and under a SoftFloat-2b license. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-24softfloat: Revert remaining portions of commits 75d62a5856 and 3430b0be36fPeter Maydell
Revert the remaining portions of commits 75d62a5856 and 3430b0be36f which are under a SoftFloat-2b license, ie the functions uint64_to_float32() and uint64_to_float64(). (The float64_to_uint64() and float64_to_uint64_round_to_zero() functions were completely rewritten in commits fb3ea83aa and 0a87a3107d so can stay.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-21softfloat: Apply patch corresponding to rebasing to softfloat-2aPeter Maydell
This commit applies the changes to master which correspond to replacing commit 158142c2c2df with a set of changes made by: * taking the SoftFloat-2a release * mechanically transforming the block comment style * reapplying Fabrice's original changes from 158142c2c2df This commit was created by: diff -u 158142c2c2df import-sf-2a patch -p1 --fuzz 10 <../relicense-patch.txt (where import-sf-2a is the branch resulting from the changes above). Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20hw/arm/virt: set stdout-path instead of linux,stdout-pathLeif Lindholm
ePAPR 1.1 defines the stdout-path property, making the os-specific linux,stdout-path property redundant. Change the DT setup for ARM virt to use the generic property - supported by Linux since 3.15. The old QEMU behaviour was not present in any released version of QEMU, and was only added to QEMU after the kernel changed, so this should not break any existing setups. Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org> [PMM: add note to commit about the old behaviour never hving been in a released version of QEMU] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' ↵Peter Maydell
into staging Patch queue for ppc - 2014-11-20 Hopefully the last few fixups for 2.2: - KVM memory slot fix (should usually only occur on PPC) - e300 fix - Altivec mtvscr instruction fix # gpg: Signature made Thu 20 Nov 2014 13:53:34 GMT using RSA key ID 03FEDC60 # gpg: Good signature from "Alexander Graf <agraf@suse.de>" # gpg: aka "Alexander Graf <alex@csgraf.de>" * remotes/agraf/tags/signed-ppc-for-upstream: target-ppc: Altivec's mtvscr Decodes Wrong Register kvm: Fix memory slot page alignment logic target-ppc: Fix breakpoint registers for e300 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20target-ppc: Altivec's mtvscr Decodes Wrong RegisterTom Musta
The Move to Vector Status and Control Register (mtvscr) instruction uses VRB as the source register. Fix the code generator to correctly decode the VRB field. That is, use "rB(ctx->opcode)" instead of "rD(ctx->opcode)". Signed-off-by: Tom Musta <tommusta@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-20kvm: Fix memory slot page alignment logicAlexander Graf
Memory slots have to be page aligned to get entered into KVM. There is existing logic that tries to ensure that we pad memory slots that are not page aligned to the biggest region that would still fit in the alignment requirements. Unfortunately, that logic is broken. It tries to calculate the start offset based on the region size. Fix up the logic to do the thing it was intended to do and document it properly in the comment above it. With this patch applied, I can successfully run an e500 guest with more than 3GB RAM (at which point RAM starts overlapping subpage memory regions). Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-20target-ppc: Fix breakpoint registers for e300Fabien Chouteau
In the previous patch, the registers were added to init_proc_G2LE instead of init_proc_e300. Signed-off-by: Fabien Chouteau <chouteau@adacore.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-11-20Merge remote-tracking branch 'remotes/amit-migration/tags/for-2.2-2' into ↵Peter Maydell
staging Fix from a while back that unfortunately got ignored. Dave Gilbert says it may actually fix a case where autoconverge would break on a repeat migration (and not just fix stats). # gpg: Signature made Thu 20 Nov 2014 12:52:41 GMT using RSA key ID 854083B6 # gpg: Good signature from "Amit Shah <amit@amitshah.net>" # gpg: aka "Amit Shah <amit@kernel.org>" # gpg: aka "Amit Shah <amitshah@gmx.net>" * remotes/amit-migration/tags/for-2.2-2: migration: static variables will not be reset at second migration Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-20migration: static variables will not be reset at second migrationChenLiang
The static variables in migration_bitmap_sync will not be reset in the case of a second attempted migration. Signed-off-by: ChenLiang <chenliang88@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-11-18Update version for v2.2.0-rc2 releasePeter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18hw/ide/core.c: Prevent SIGSEGV during migrationDon Slutz
The other callers to blk_set_enable_write_cache() in this file already check for s->blk == NULL. Signed-off-by: Don Slutz <dslutz@verizon.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1416259239-13281-1-git-send-email-dslutz@verizon.com Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Tue 18 Nov 2014 15:04:53 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: net: The third parameter of getsockname should be initialized Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' ↵Peter Maydell
into staging # gpg: Signature made Tue 18 Nov 2014 15:04:14 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/tracing-pull-request: Tracing: Fix simpletrace.py error on tcg enabled binary traces Tracing docs fix configure option and description Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18net: The third parameter of getsockname should be initializedzhanghailiang
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-18Tracing: Fix simpletrace.py error on tcg enabled binary tracesChristoph Seifert
simpletrace.py does not recognize the tcg option while reading trace-events file. In result simpletrace does not work on binary traces and tcg enabled events. Moved transformation of tcg enabled events to _read_events() which is used by simpletrace. Signed-off-by: Christoph Seifert <christoph.seifert@posteo.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-18Tracing docs fix configure option and descriptionDr. David Alan Gilbert
Fix the example trace configure option. Update the text to say that multiple backends are allowed and what happens when multiple backends are enabled. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 1412691161-31785-1-git-send-email-dgilbert@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-18Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block patches for 2.2.0-rc2 # gpg: Signature made Tue 18 Nov 2014 11:32:55 GMT using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: block/raw-posix: Catch fsync() errors block/raw-posix: Only sync after successful preallocation block/raw-posix: Fix preallocating write() loop raw-posix: The SEEK_HOLE code is flawed, rewrite it raw-posix: SEEK_HOLE suffices, get rid of FIEMAP raw-posix: Fix comment for raw_co_get_block_status() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18Merge remote-tracking branch 'remotes/amit-migration/tags/for-2.2' into stagingPeter Maydell
Fix for CVE-2014-7840, avoiding arbitrary qemu memory overwrite for migration by Michael S. Tsirkin. # gpg: Signature made Tue 18 Nov 2014 11:23:00 GMT using RSA key ID 854083B6 # gpg: Good signature from "Amit Shah <amit@amitshah.net>" # gpg: aka "Amit Shah <amit@kernel.org>" # gpg: aka "Amit Shah <amitshah@gmx.net>" * remotes/amit-migration/tags/for-2.2: migration: fix parameter validation on ram load Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18linux-headers: update to 3.18-rc5Ard Biesheuvel
This updates the Linux header to version 3.18-rc5, adding support for (among other things) read-only memslots on ARM and arm64. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Message-id: 1416248898-6302-1-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-18migration: fix parameter validation on ram loadMichael S. Tsirkin
During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of said function. To fix this, we need to make sure that the [offset, offset + length] range fits into one of the allocated memory regions. Validating addr < len should be sufficient since data seems to always be managed in TARGET_PAGE_SIZE chunks. Fixes: CVE-2014-7840 Note: follow-up patches add extra checks on each block->host access. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-11-18block/raw-posix: Catch fsync() errorsMax Reitz
fsync() may fail, and that case should be handled. Reported-by: László Érsek <lersek@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-18block/raw-posix: Only sync after successful preallocationMax Reitz
The loop which filled the file with zeroes may have been left early due to an error. In that case, the fsync() should be skipped. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-18block/raw-posix: Fix preallocating write() loopMax Reitz
write() may write less bytes than requested; in this case, the number of bytes written is returned. This is the byte count we should be subtracting from the number of bytes still to be written, and not the byte count we requested to write. Reported-by: László Érsek <lersek@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-18exec: Handle multipage ranges in invalidate_and_set_dirty()Peter Maydell
The code in invalidate_and_set_dirty() needs to handle addr/length combinations which cross guest physical page boundaries. This can happen, for example, when disk I/O reads large blocks into guest RAM which previously held code that we have cached translations for. Unfortunately we were only checking the clean/dirty status of the first page in the range, and then were calling a tb_invalidate function which only handles ranges that don't cross page boundaries. Fix the function to deal with multipage ranges. The symptoms of this bug were that guest code would misbehave (eg segfault), in particular after a guest reboot but potentially any time the guest reused a page of its physical RAM for new code. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416167061-13203-1-git-send-email-peter.maydell@linaro.org
2014-11-18Merge remote-tracking branch 'mreitz/block' into queue-blockKevin Wolf
* mreitz/block: raw-posix: The SEEK_HOLE code is flawed, rewrite it raw-posix: SEEK_HOLE suffices, get rid of FIEMAP raw-posix: Fix comment for raw_co_get_block_status()
2014-11-18raw-posix: The SEEK_HOLE code is flawed, rewrite itMarkus Armbruster
On systems where SEEK_HOLE in a trailing hole seeks to EOF (Solaris, but not Linux), try_seek_hole() reports trailing data instead. Additionally, unlikely lseek() failures are treated badly: * When SEEK_HOLE fails, try_seek_hole() reports trailing data. For -ENXIO, there's in fact a trailing hole. Can happen only when something truncated the file since we opened it. * When SEEK_HOLE succeeds, SEEK_DATA fails, and SEEK_END succeeds, then try_seek_hole() reports a trailing hole. This is okay only when SEEK_DATA failed with -ENXIO (which means the non-trailing hole found by SEEK_HOLE has since become trailing somehow). For other failures (unlikely), it's wrong. * When SEEK_HOLE succeeds, SEEK_DATA fails, SEEK_END fails (unlikely), then try_seek_hole() reports bogus data [-1,start), which its caller raw_co_get_block_status() turns into zero sectors of data. Could theoretically lead to infinite loops in code that attempts to scan data vs. hole forward. Rewrite from scratch, with very careful comments. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2014-11-18raw-posix: SEEK_HOLE suffices, get rid of FIEMAPMarkus Armbruster
Commit 5500316 (May 2012) implemented raw_co_is_allocated() as follows: 1. If defined(CONFIG_FIEMAP), use the FS_IOC_FIEMAP ioctl 2. Else if defined(SEEK_HOLE) && defined(SEEK_DATA), use lseek() 3. Else pretend there are no holes Later on, raw_co_is_allocated() was generalized to raw_co_get_block_status(). Commit 4f11aa8 (May 2014) changed it to try the three methods in order until success, because "there may be implementations which support [SEEK_HOLE/SEEK_DATA] but not [FIEMAP] (e.g., NFSv4.2) as well as vice versa." Unfortunately, we used FIEMAP incorrectly: we lacked FIEMAP_FLAG_SYNC. Commit 38c4d0a (Sep 2014) added it. Because that's a significant speed hit, the next commit 7c159037 put SEEK_HOLE/SEEK_DATA first. As you see, the obvious use of FIEMAP is wrong, and the correct use is slow. I guess this puts it somewhere between -7 "The obvious use is wrong" and -10 "It's impossible to get right" on Rusty Russel's Hard to Misuse scale[*]. "Fortunately", the FIEMAP code is used only when * SEEK_HOLE/SEEK_DATA aren't defined, but CONFIG_FIEMAP is Uncommon. SEEK_HOLE had no XFS implementation between 2011 (when it was introduced for ext4 and btrfs) and 2012. * SEEK_HOLE/SEEK_DATA and CONFIG_FIEMAP are defined, but lseek() fails Unlikely. Thus, the FIEMAP code executes rarely. Makes it a nice hidey-hole for bugs. Worse, bugs hiding there can theoretically bite even on a host that has SEEK_HOLE/SEEK_DATA. I don't want to worry about this crap, not even theoretically. Get rid of it. [*] http://ozlabs.org/~rusty/index.cgi/tech/2008-04-01.html Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2014-11-18raw-posix: Fix comment for raw_co_get_block_status()Markus Armbruster
Missed in commit 705be72. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2014-11-17target-arm: handle address translations that start at level 3Peter Maydell
The ARMv8 address translation system defines that a page table walk starts at a level which depends on the translation granule size and the number of bits of virtual address that need to be resolved. Where the translation granule is 64KB and the guest sets the TCR.TxSZ field to between 35 and 39, it's actually possible to start at level 3 (the final level). QEMU's implementation failed to handle this case, and so we would set level to 2 and behave incorrectly (including invoking the C undefined behaviour of shifting left by a negative number). Correct the code that determines the starting level to deal with the start-at-3 case, by replacing the if-else ladder with an expression derived from the ARM ARM pseudocode version. This error was detected by the Coverity scan, which spotted the potential shift by a negative number. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1415890569-7454-1-git-send-email-peter.maydell@linaro.org
2014-11-17Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
A smattering of fixes for problems that Coverity reported. # gpg: Signature made Mon 17 Nov 2014 17:03:25 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: hcd-musb: fix dereference null return value target-cris/translate.c: fix out of bounds read shpc: fix error propaagation qemu-char: fix MISSING_COMMA acl: fix memory leak nvme: remove superfluous check loader: fix NEGATIVE_RETURNS qga: fix false negative argument passing mips_mipssim: fix use-after-free for filename l2tpv3: fix fd leak l2tpv3: fix possible double free libcacard: fix resource leak Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-17hcd-musb: fix dereference null return valuePaolo Bonzini
usb_ep_get and usb_handle_packet can deal with a NULL device, but we have to avoid dereferencing NULL pointers when building the id. Thanks to Gonglei for an initial stab at fixing this. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' ↵Peter Maydell
into staging Update OpenBIOS images # gpg: Signature made Sat 15 Nov 2014 13:12:02 GMT using RSA key ID AE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-17target-cris/translate.c: fix out of bounds readzhanghailiang
In function t_gen_mov_TN_preg and t_gen_mov_preg_TN, The begin check about the validity of in-parameter 'r' is useless. We still access cpu_PR[r] in the follow code if it is invalid. Which will be an out-of-bounds read error. Fix it by using assert() to ensure it is valid before using it. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17shpc: fix error propaagationGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17qemu-char: fix MISSING_COMMAGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17acl: fix memory leakGonglei
If 'i != index' for all acl->entries, variable entry leaks the storage it points to. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17nvme: remove superfluous checkGonglei
Operands don't affect result (CONSTANT_EXPRESSION_RESULT) ((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095 is always false regardless of the values of its operands. This occurs as the logical second operand of '||'. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17loader: fix NEGATIVE_RETURNSGonglei
lseek will return -1 on error, g_malloc0(size) and read(,,size) paramenters cannot be negative. We should add a check for return value of lseek(). Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17qga: fix false negative argument passingGonglei
Function send_response(s, &qdict->base) returns a negative number when any failures occured. But strerror()'s parameter cannot be negative. Let's change the testing condition and pass '-ret' to strerr(). Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17mips_mipssim: fix use-after-free for filenameGonglei
May pass freed pointer filename as an argument to error_report. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-17l2tpv3: fix fd leakGonglei
In this false branch, fd will leak when it is zero. Change the testing condition. Signed-off-by: Gonglei <arei.gonglei@huawei.com> [Fix net_l2tpv3_cleanup as well. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-15Update OpenBIOS imagesMark Cave-Ayland
Update OpenBIOS images to SVN r1327 built from submodule. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-11-14Merge remote-tracking branch 'remotes/sstabellini/xen-2014-11-14' into stagingPeter Maydell
* remotes/sstabellini/xen-2014-11-14: xen_disk: fix unmapping of persistent grants pc: piix4_pm: init legacy PCI hotplug when running on Xen Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-11-14l2tpv3: fix possible double freezhanghailiang
freeaddrinfo(result) does not assign result = NULL, after frees it. There will be a double free when it goes error case. It is reported by covertiy. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Cc: qemu-stable@nongnu.org Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-14libcacard: fix resource leakzhanghailiang
In function connect_to_qemu(), getaddrinfo() will allocate memory that is stored into server, it should be freed by using freeaddrinfo() before connect_to_qemu() return. Cc: qemu-stable@nongnu.org Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-14Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Fri 14 Nov 2014 11:05:54 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: vmdk: Leave bdi intact if -ENOTSUP in vmdk_get_info block: Fix max nb_sectors in bdrv_make_zero ahci: factor out FIS decomposition from handle_cmd ahci: Check cmd_fis[1] more explicitly ahci: Reorder error cases in handle_cmd ahci: Fix FIS decomposition ahci: add is_ncq predicate helper ide: Correct handling of malformed/short PRDTs ahci: unify sglist preparation ide: repair PIO transfers for cases where nsector > 1 ahci: Fix byte count regression for ATAPI/PIO Signed-off-by: Peter Maydell <peter.maydell@linaro.org>