From b85e6209ac92f90fa38fd3a550f0a29abcc22350 Mon Sep 17 00:00:00 2001 From: Justin M. Forbes Date: Mar 10 2010 18:09:38 +0000 Subject: Update to 0.12.3, require seabios, Migration clear the fd in error cases (#518032) --- diff --git a/0001-block-avoid-creating-too-large-iovecs-in-multiwrite_.patch b/0001-block-avoid-creating-too-large-iovecs-in-multiwrite_.patch new file mode 100644 index 0000000..968f923 --- /dev/null +++ b/0001-block-avoid-creating-too-large-iovecs-in-multiwrite_.patch @@ -0,0 +1,53 @@ +From c0c1147350005b47068285a288f848cf75eb60c6 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Tue, 26 Jan 2010 14:49:08 +0100 +Subject: [PATCH] block: avoid creating too large iovecs in multiwrite_merge + +If we go over the maximum number of iovecs support by syscall we get +back EINVAL from the kernel which translate to I/O errors for the guest. + +Add a MAX_IOV defintion for platforms that don't have it. For now we use +the same 1024 define that's used on Linux and various other platforms, +but until the windows block backend implements some kind of vectored I/O +it doesn't matter. + +Signed-off-by: Christoph Hellwig +Signed-off-by: Anthony Liguori +--- + block.c | 4 ++++ + qemu-common.h | 4 ++++ + 2 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/block.c b/block.c +index 97af3f5..9697dc9 100644 +--- a/block.c ++++ b/block.c +@@ -1669,6 +1669,10 @@ static int multiwrite_merge(BlockDriverState *bs, BlockRequest *reqs, + merge = bs->drv->bdrv_merge_requests(bs, &reqs[outidx], &reqs[i]); + } + ++ if (reqs[outidx].qiov->niov + reqs[i].qiov->niov + 1 > IOV_MAX) { ++ merge = 0; ++ } ++ + if (merge) { + size_t size; + QEMUIOVector *qiov = qemu_mallocz(sizeof(*qiov)); +diff --git a/qemu-common.h b/qemu-common.h +index 1c5c0b2..b604ddf 100644 +--- a/qemu-common.h ++++ b/qemu-common.h +@@ -54,6 +54,10 @@ struct iovec { + void *iov_base; + size_t iov_len; + }; ++/* ++ * Use the same value as Linux for now. ++ */ ++#define IOV_MAX 1024 + #else + #include + #endif +-- +1.6.6.1 + diff --git a/0002-migration-Clear-fd-also-in-error-cases.patch b/0002-migration-Clear-fd-also-in-error-cases.patch new file mode 100644 index 0000000..11205bd --- /dev/null +++ b/0002-migration-Clear-fd-also-in-error-cases.patch @@ -0,0 +1,100 @@ +From baaa7b9f8498f73d14c8457e0150d0dfdcdbd245 Mon Sep 17 00:00:00 2001 +From: Juan Quintela +Date: Tue, 9 Mar 2010 23:58:50 +0100 +Subject: [PATCH] migration: Clear fd also in error cases + +Not clearing the fd and closing the file makes qemu spin using 100%CPU +after incoming migration error. + +See for instance bug: +https://bugzilla.redhat.com/show_bug.cgi?id=518032 + +Signed-off-by: Juan Quintela +--- + migration-exec.c | 3 +-- + migration-fd.c | 3 +-- + migration-tcp.c | 5 ++--- + migration-unix.c | 5 ++--- + 4 files changed, 6 insertions(+), 10 deletions(-) + +diff --git a/migration-exec.c b/migration-exec.c +index 87f645b..e57a55d 100644 +--- a/migration-exec.c ++++ b/migration-exec.c +@@ -120,12 +120,11 @@ static void exec_accept_incoming_migration(void *opaque) + } + qemu_announce_self(); + dprintf("successfully loaded vm state\n"); +- /* we've successfully migrated, close the fd */ +- qemu_set_fd_handler2(qemu_stdio_fd(f), NULL, NULL, NULL, NULL); + if (autostart) + vm_start(); + + err: ++ qemu_set_fd_handler2(qemu_stdio_fd(f), NULL, NULL, NULL, NULL); + qemu_fclose(f); + } + +diff --git a/migration-fd.c b/migration-fd.c +index ef7edbc..7325d13 100644 +--- a/migration-fd.c ++++ b/migration-fd.c +@@ -113,12 +113,11 @@ static void fd_accept_incoming_migration(void *opaque) + } + qemu_announce_self(); + dprintf("successfully loaded vm state\n"); +- /* we've successfully migrated, close the fd */ +- qemu_set_fd_handler2(qemu_stdio_fd(f), NULL, NULL, NULL, NULL); + if (autostart) + vm_start(); + + err: ++ qemu_set_fd_handler2(qemu_stdio_fd(f), NULL, NULL, NULL, NULL); + qemu_fclose(f); + } + +diff --git a/migration-tcp.c b/migration-tcp.c +index 2cfa8cb..c328e73 100644 +--- a/migration-tcp.c ++++ b/migration-tcp.c +@@ -170,15 +170,14 @@ static void tcp_accept_incoming_migration(void *opaque) + qemu_announce_self(); + dprintf("successfully loaded vm state\n"); + +- /* we've successfully migrated, close the server socket */ +- qemu_set_fd_handler2(s, NULL, NULL, NULL, NULL); +- close(s); + if (autostart) + vm_start(); + + out_fopen: + qemu_fclose(f); + out: ++ qemu_set_fd_handler2(s, NULL, NULL, NULL, NULL); ++ close(s); + close(c); + } + +diff --git a/migration-unix.c b/migration-unix.c +index a141dbb..9685c4b 100644 +--- a/migration-unix.c ++++ b/migration-unix.c +@@ -176,13 +176,12 @@ static void unix_accept_incoming_migration(void *opaque) + qemu_announce_self(); + dprintf("successfully loaded vm state\n"); + +- /* we've successfully migrated, close the server socket */ +- qemu_set_fd_handler2(s, NULL, NULL, NULL, NULL); +- close(s); + + out_fopen: + qemu_fclose(f); + out: ++ qemu_set_fd_handler2(s, NULL, NULL, NULL, NULL); ++ close(s); + close(c); + } + +-- +1.6.6.1 + diff --git a/ksm.init b/ksm.init index 45d617d..0603243 100644 --- a/ksm.init +++ b/ksm.init @@ -40,8 +40,10 @@ default_max_kernel_pages () { start() { echo -n $"Starting $prog: " - KSM_MAX_KERNEL_PAGES=${KSM_MAX_KERNEL_PAGES:-`default_max_kernel_pages`} - echo $KSM_MAX_KERNEL_PAGES > /sys/kernel/mm/ksm/max_kernel_pages + if [ -f /sys/kernel/mm/ksm/max_kernel_pages ]; then + KSM_MAX_KERNEL_PAGES=${KSM_MAX_KERNEL_PAGES:-`default_max_kernel_pages`} + echo $KSM_MAX_KERNEL_PAGES > /sys/kernel/mm/ksm/max_kernel_pages + fi echo 1 > /sys/kernel/mm/ksm/run RETVAL=$? [ $RETVAL = 0 ] && success $"$prog startup" || failure $"$prog startup" diff --git a/ksmtuned b/ksmtuned index 7da8b68..205ff84 100644 --- a/ksmtuned +++ b/ksmtuned @@ -21,6 +21,14 @@ if [ -f /etc/ksmtuned.conf ]; then . /etc/ksmtuned.conf fi +debug() { + if [ -n "$DEBUG" ]; then + s="`/bin/date`: $*" + [ -n "$LOGFILE" ] && echo "$s" >> "$LOGFILE" || echo "$s" + fi +} + + KSM_MONITOR_INTERVAL=${KSM_MONITOR_INTERVAL:-60} KSM_NPAGES_BOOST=${KSM_NPAGES_BOOST:-300} KSM_NPAGES_DECAY=${KSM_NPAGES_DECAY:--50} @@ -35,17 +43,17 @@ KSM_THRES_COEF=${KSM_THRES_COEF:-20} KSM_THRES_CONST=${KSM_THRES_CONST:-2048} total=`awk '/^MemTotal:/ {print $2}' /proc/meminfo` -[ -n "$DEBUG" ] && echo total $total +debug total $total npages=0 sleep=$[KSM_SLEEP_MSEC * 16 * 1024 * 1024 / total] [ $sleep -le 10 ] && sleep=10 -[ -n "$DEBUG" ] && echo sleep $sleep +debug sleep $sleep thres=$[total * KSM_THRES_COEF / 100] if [ $KSM_THRES_CONST -gt $thres ]; then thres=$KSM_THRES_CONST fi -[ -n "$DEBUG" ] && echo thres $thres +debug thres $thres KSMCTL () { case x$1 in @@ -89,22 +97,22 @@ adjust () { local free committed free=`free_memory` committed=`committed_memory` - [ -n "$DEBUG" ] && echo committed $committed free $free + debug committed $committed free $free if [ $[committed + thres] -lt $total -a $free -gt $thres ]; then KSMCTL stop - [ -n "$DEBUG" ] && echo "$[committed + thres] < $total and free > $thres, stop ksm" + debug "$[committed + thres] < $total and free > $thres, stop ksm" return 1 fi - [ -n "$DEBUG" ] && echo "$[committed + thres] > $total, start ksm" + debug "$[committed + thres] > $total, start ksm" if [ $free -lt $thres ]; then npages=`increase_npages $KSM_NPAGES_BOOST` - [ -n "$DEBUG" ] && echo "$free < $thres, boost" + debug "$free < $thres, boost" else npages=`increase_npages $KSM_NPAGES_DECAY` - [ -n "$DEBUG" ] && echo "$free > $thres, decay" + debug "$free > $thres, decay" fi KSMCTL start $npages $sleep - [ -n "$DEBUG" ] && echo "KSMCTL start $npages $sleep" + debug "KSMCTL start $npages $sleep" return 0 } diff --git a/ksmtuned.conf b/ksmtuned.conf index 87b9178..fc4518c 100644 --- a/ksmtuned.conf +++ b/ksmtuned.conf @@ -14,3 +14,8 @@ # KSM_THRES_COEF=20 # KSM_THRES_CONST=2048 + +# uncomment the following if you want ksmtuned debug info + +# LOGFILE=/var/log/ksmtuned +# DEBUG=1 diff --git a/qemu-add-ksm-support.patch b/qemu-add-ksm-support.patch deleted file mode 100644 index b9b594a..0000000 --- a/qemu-add-ksm-support.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c6c94b043e8b3593d0beb52966dce43069233840 Mon Sep 17 00:00:00 2001 -From: Izik Eidus -Date: Tue, 28 Jul 2009 19:14:26 +0300 -Subject: [PATCH] kvm userspace: ksm support - -rfc for ksm support to kvm userpsace. - -Signed-off-by: Izik Eidus -signed-off-by: Justin M. Forbes -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-add-ksm-support.patch ---- - exec.c | 6 ++++++ - 1 files changed, 6 insertions(+), 0 deletions(-) - -diff --git a/exec.c b/exec.c -index 0655b4b..a0e2203 100644 ---- a/exec.c -+++ b/exec.c -@@ -65,6 +65,9 @@ - #undef DEBUG_TB_CHECK - #endif - -+/* Quick hack to enable KSM support */ -+#define MADV_MERGEABLE 12 /* KSM may merge identical pages */ -+ - #define SMC_BITMAP_USE_THRESHOLD 10 - - #if defined(TARGET_SPARC64) -@@ -2579,6 +2582,9 @@ ram_addr_t qemu_ram_alloc(ram_addr_t size) - new_block->host = file_ram_alloc(size, mem_path); - if (!new_block->host) { - new_block->host = qemu_vmalloc(size); -+#ifdef MADV_MERGEABLE -+ madvise(new_block->host, size, MADV_MERGEABLE); -+#endif - } - new_block->offset = last_ram_offset; - new_block->length = size; --- -1.6.2.5 - diff --git a/qemu-allow-pulseaudio-to-be-the-default.patch b/qemu-allow-pulseaudio-to-be-the-default.patch deleted file mode 100644 index 46432dc..0000000 --- a/qemu-allow-pulseaudio-to-be-the-default.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8ab0d97572264051176ff45171484fa463d1287f Mon Sep 17 00:00:00 2001 -From: Mark McLoughlin -Date: Fri, 4 Sep 2009 11:24:03 +0100 -Subject: [PATCH] Allow pulseaudio backend to be the default - -We're seeing various issues with the SDL audio backend and want to -switch to the pulseaudio backend. See e.g. - - https://bugzilla.redhat.com/495964 - https://bugzilla.redhat.com/519540 - https://bugzilla.redhat.com/496627 - -The pulseaudio backend seems to work well, so we should allow it to be -selected as the default. - -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-allow-pulseaudio-to-be-the-default.patch ---- - audio/paaudio.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/audio/paaudio.c b/audio/paaudio.c -index a50fccc..547e252 100644 ---- a/audio/paaudio.c -+++ b/audio/paaudio.c -@@ -507,7 +507,7 @@ struct audio_driver pa_audio_driver = { - INIT_FIELD (init = ) qpa_audio_init, - INIT_FIELD (fini = ) qpa_audio_fini, - INIT_FIELD (pcm_ops = ) &qpa_pcm_ops, -- INIT_FIELD (can_be_default = ) 0, -+ INIT_FIELD (can_be_default = ) 1, - INIT_FIELD (max_voices_out = ) INT_MAX, - INIT_FIELD (max_voices_in = ) INT_MAX, - INIT_FIELD (voice_size_out = ) sizeof (PAVoiceOut), --- -1.6.2.5 - diff --git a/qemu-bios-bigger-roms.patch b/qemu-bios-bigger-roms.patch deleted file mode 100644 index 16a8ba3..0000000 --- a/qemu-bios-bigger-roms.patch +++ /dev/null @@ -1,81 +0,0 @@ -From b5c99e96655e8dc938f801e1ac0dbdf2d6dfba37 Mon Sep 17 00:00:00 2001 -From: Glauber Costa -Date: Wed, 24 Jun 2009 14:31:41 +0100 -Subject: [PATCH] compute checksum for roms bigger than a segment - -Some option roms (e1000 provided by gpxe project as an example) -are bigger than a segment. The current algorithm to compute the -checksum fails in such case. To proper compute the checksum, this -patch deals with the possibility of the rom's size crossing a -segment border. - -We don't need to worry about it crossing more than one segment -border, since the option roms format only save one byte to store -the image size (thus, maximum size = 0xff = 128k = 2 segments) - -[ including improvements suggested by malc ] - -Signed-off-by: Glauber Costa -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-bios-bigger-roms.patch ---- - kvm/bios/rombios.c | 33 +++++++++++++++++++++++++++------ - 1 files changed, 27 insertions(+), 6 deletions(-) - -diff --git a/kvm/bios/rombios.c b/kvm/bios/rombios.c -index 6e1d446..8a96d8e 100644 ---- a/kvm/bios/rombios.c -+++ b/kvm/bios/rombios.c -@@ -10189,22 +10189,43 @@ no_serial: - ret - - rom_checksum: -- push ax -- push bx -- push cx -+ pusha -+ push ds -+ - xor ax, ax - xor bx, bx - xor cx, cx -+ xor dx, dx -+ - mov ch, [2] - shl cx, #1 -+ -+ jnc checksum_loop -+ xchg dx, cx -+ dec cx -+ - checksum_loop: - add al, [bx] - inc bx - loop checksum_loop -+ -+ test dx, dx -+ je checksum_out -+ -+ add al, [bx] -+ mov cx, dx -+ mov dx, ds -+ add dh, #0x10 -+ mov ds, dx -+ xor dx, dx -+ xor bx, bx -+ -+ jmp checksum_loop -+ -+checksum_out: - and al, #0xff -- pop cx -- pop bx -- pop ax -+ pop ds -+ popa - ret - - --- -1.6.2.5 - diff --git a/qemu-correctly-free-nic-info-structure.patch b/qemu-correctly-free-nic-info-structure.patch deleted file mode 100644 index b18e8df..0000000 --- a/qemu-correctly-free-nic-info-structure.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 3675a0dde74f890404f392e194f1adc6b24285f7 Mon Sep 17 00:00:00 2001 -From: Glauber Costa -Date: Wed, 23 Sep 2009 09:49:43 +0100 -Subject: [PATCH] Correctly free nd structure - -When we "free" a NICInfo structure, we can leak pointers, since we don't do -much more than setting used = 0. - -We free() the model parameter, but we don't set it to NULL. This means that -a new user of this structure will see garbage in there. It was not noticed -before because reusing a NICInfo is not that common, but it can be, for -users of device pci hotplug. - -A user hit it, described at https://bugzilla.redhat.com/524022 - -This patch memset's the whole structure, guaranteeing that anyone reusing it -will see a fresh NICinfo. Also, we free some other strings that are currently -leaking. - -This codebase is quite old, so this patch should feed all stable trees. - -Signed-off-by: Glauber Costa -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-correctly-free-nic-info-structure.patch ---- - net.c | 16 +++++++++++----- - net.h | 8 ++++---- - vl.c | 2 +- - 3 files changed, 16 insertions(+), 10 deletions(-) - -diff --git a/net.c b/net.c -index a1c1111..da2f428 100644 ---- a/net.c -+++ b/net.c -@@ -2559,7 +2559,7 @@ void qemu_check_nic_model_list(NICInfo *nd, const char * const *models, - int i, exit_status = 0; - - if (!nd->model) -- nd->model = strdup(default_model); -+ nd->model = qemu_strdup(default_model); - - if (strcmp(nd->model, "?") != 0) { - for (i = 0 ; models[i]; i++) -@@ -2629,6 +2629,7 @@ int net_client_init(Monitor *mon, const char *device, const char *p) - goto out; - } - nd = &nd_table[idx]; -+ memset(nd, 0, sizeof(*nd)); - macaddr = nd->macaddr; - macaddr[0] = 0x52; - macaddr[1] = 0x54; -@@ -2645,13 +2646,13 @@ int net_client_init(Monitor *mon, const char *device, const char *p) - } - } - if (get_param_value(buf, sizeof(buf), "model", p)) { -- nd->model = strdup(buf); -+ nd->model = qemu_strdup(buf); - } - if (get_param_value(buf, sizeof(buf), "addr", p)) { -- nd->devaddr = strdup(buf); -+ nd->devaddr = qemu_strdup(buf); - } - if (get_param_value(buf, sizeof(buf), "id", p)) { -- nd->id = strdup(buf); -+ nd->id = qemu_strdup(buf); - } - nd->nvectors = NIC_NVECTORS_UNSPECIFIED; - if (get_param_value(buf, sizeof(buf), "vectors", p)) { -@@ -2998,8 +2999,13 @@ void net_client_uninit(NICInfo *nd) - { - nd->vlan->nb_guest_devs--; - nb_nics--; -+ -+ qemu_free(nd->model); -+ qemu_free(nd->name); -+ qemu_free(nd->devaddr); -+ qemu_free(nd->id); -+ - nd->used = 0; -- free((void *)nd->model); - } - - static int net_host_check_device(const char *device) -diff --git a/net.h b/net.h -index 57ab031..94db0d7 100644 ---- a/net.h -+++ b/net.h -@@ -101,10 +101,10 @@ enum { - - struct NICInfo { - uint8_t macaddr[6]; -- const char *model; -- const char *name; -- const char *devaddr; -- const char *id; -+ char *model; -+ char *name; -+ char *devaddr; -+ char *id; - VLANState *vlan; - VLANClientState *vc; - void *private; -diff --git a/vl.c b/vl.c -index 26bced8..d7c7ab1 100644 ---- a/vl.c -+++ b/vl.c -@@ -2594,7 +2594,7 @@ static int usb_device_add(const char *devname, int is_hotplug) - - if (net_client_init(NULL, "nic", p) < 0) - return -1; -- nd_table[nic].model = "usb"; -+ nd_table[nic].model = qemu_strdup("usb"); - dev = usb_net_init(&nd_table[nic]); - } else if (!strcmp(devname, "bt") || strstart(devname, "bt:", &p)) { - dev = usb_bt_init(devname[2] ? hci_init(p) : --- -1.6.2.5 - diff --git a/qemu-disable-preadv-support.patch b/qemu-disable-preadv-support.patch deleted file mode 100644 index 2c255de..0000000 --- a/qemu-disable-preadv-support.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ef41d27fae62bbb71f3af60488b455582ee92625 Mon Sep 17 00:00:00 2001 -From: Mark McLoughlin -Date: Wed, 4 Nov 2009 12:29:35 -0500 -Subject: [PATCH] Disable preadv/pwritev support - -Workaround for a data corruptor issue on 32 bit hosts: - - https://bugzilla.redhat.com/526549 - -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-disable-preadv-support.patch ---- - posix-aio-compat.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/posix-aio-compat.c b/posix-aio-compat.c -index e9fc9fa..b116933 100644 ---- a/posix-aio-compat.c -+++ b/posix-aio-compat.c -@@ -34,7 +34,7 @@ static int idle_threads = 0; - static TAILQ_HEAD(, qemu_paiocb) request_list; - - #ifdef HAVE_PREADV --static int preadv_present = 1; -+static int preadv_present = 0; - #else - static int preadv_present = 0; - #endif --- -1.6.2.5 - diff --git a/qemu-do-not-exit-on-pci-hotplug-invalid-nic1.patch b/qemu-do-not-exit-on-pci-hotplug-invalid-nic1.patch deleted file mode 100644 index 2c3c6c2..0000000 --- a/qemu-do-not-exit-on-pci-hotplug-invalid-nic1.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 0ce1af6e7d4b1e2ffa4dedf6d415c4d86a1af490 Mon Sep 17 00:00:00 2001 -From: Markus Armbruster -Date: Fri, 25 Sep 2009 03:53:50 +0200 -Subject: [PATCH] Make it obvious that pci_nic_init() can't fail - -Before this patch, pci_nic_init() returns NULL when it can't find the -model in pci_nic_models[]. Except this can't happen, because -qemu_check_nic_model_list() just searched for model in -pci_nic_models[], and terminated the program on failure. - -Repeating the search here is pointless. Instead, change -qemu_check_nic_model_list() to return the model's array index. - -Signed-off-by: Markus Armbruster -Signed-off-by: Mark McLoughlin model, pci_nic_models[i]) == 0) { -- pci_dev = pci_create(pci_nic_names[i], devaddr); -- dev = &pci_dev->qdev; -- if (nd->id) -- dev->id = qemu_strdup(nd->id); -- dev->nd = nd; -- qdev_init(dev); -- nd->private = dev; -- return pci_dev; -- } -- } -- -- return NULL; -+ i = qemu_check_nic_model_list(nd, pci_nic_models, default_model); -+ pci_dev = pci_create(pci_nic_names[i], devaddr); -+ dev = &pci_dev->qdev; -+ if (nd->id) -+ dev->id = qemu_strdup(nd->id); -+ dev->nd = nd; -+ qdev_init(dev); -+ nd->private = dev; -+ return pci_dev; - } - - typedef struct { -diff --git a/net.c b/net.c -index da2f428..047e72e 100644 ---- a/net.c -+++ b/net.c -@@ -2553,8 +2553,8 @@ void qemu_check_nic_model(NICInfo *nd, const char *model) - qemu_check_nic_model_list(nd, models, model); - } - --void qemu_check_nic_model_list(NICInfo *nd, const char * const *models, -- const char *default_model) -+int qemu_check_nic_model_list(NICInfo *nd, const char * const *models, -+ const char *default_model) - { - int i, exit_status = 0; - -@@ -2564,7 +2564,7 @@ void qemu_check_nic_model_list(NICInfo *nd, const char * const *models, - if (strcmp(nd->model, "?") != 0) { - for (i = 0 ; models[i]; i++) - if (strcmp(nd->model, models[i]) == 0) -- return; -+ return i; - - fprintf(stderr, "qemu: Unsupported NIC model: %s\n", nd->model); - exit_status = 1; -diff --git a/net.h b/net.h -index 94db0d7..9662988 100644 ---- a/net.h -+++ b/net.h -@@ -80,8 +80,8 @@ void qemu_purge_queued_packets(VLANClientState *vc); - void qemu_flush_queued_packets(VLANClientState *vc); - void qemu_format_nic_info_str(VLANClientState *vc, uint8_t macaddr[6]); - void qemu_check_nic_model(NICInfo *nd, const char *model); --void qemu_check_nic_model_list(NICInfo *nd, const char * const *models, -- const char *default_model); -+int qemu_check_nic_model_list(NICInfo *nd, const char * const *models, -+ const char *default_model); - void qemu_handler_true(void *opaque); - - void do_info_network(Monitor *mon); --- -1.6.2.5 - diff --git a/qemu-do-not-exit-on-pci-hotplug-invalid-nic2.patch b/qemu-do-not-exit-on-pci-hotplug-invalid-nic2.patch deleted file mode 100644 index 3e04bbb..0000000 --- a/qemu-do-not-exit-on-pci-hotplug-invalid-nic2.patch +++ /dev/null @@ -1,324 +0,0 @@ -From 0ba615f4e6ecf13839b7688c762961aa1d092504 Mon Sep 17 00:00:00 2001 -From: Markus Armbruster -Date: Fri, 25 Sep 2009 03:53:51 +0200 -Subject: [PATCH] Fix pci_add nic not to exit on bad model - -Monitor command "pci_add ADDR nic model=MODEL" uses pci_nic_init() to -create the NIC. When MODEL is unknown or "?", this prints to stderr -and terminates the program. - -Change pci_nic_init() not to treat "?" specially, and to return NULL -on failure. Switch uses during startup to new convenience wrapper -pci_nic_init_nofail(), which behaves just like pci_nic_init() used to -do. - -[markmc: - - - rebase to stable-0.11 - - drop qemu_error() usage - - go back to pci_create() in pci_nic_init - - qdev_init() doesn't have an error return -] - -Signed-off-by: Markus Armbruster -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-do-not-exit-on-pci-hotplug-invalid-nic2.patch ---- - hw/mips_malta.c | 2 +- - hw/pc.c | 2 +- - hw/pci.c | 19 ++++++++++++++++++- - hw/pci.h | 2 ++ - hw/ppc440_bamboo.c | 2 +- - hw/ppc_newworld.c | 2 +- - hw/ppc_oldworld.c | 2 +- - hw/ppc_prep.c | 2 +- - hw/ppce500_mpc8544ds.c | 2 +- - hw/r2d.c | 2 +- - hw/realview.c | 2 +- - hw/sun4u.c | 2 +- - hw/versatilepb.c | 2 +- - net.c | 41 +++++++++++++++++++++++++---------------- - net.h | 5 +++-- - 15 files changed, 59 insertions(+), 30 deletions(-) - -diff --git a/hw/mips_malta.c b/hw/mips_malta.c -index 7728e58..ed86d4b 100644 ---- a/hw/mips_malta.c -+++ b/hw/mips_malta.c -@@ -486,7 +486,7 @@ static void network_init(void) - /* The malta board has a PCNet card using PCI SLOT 11 */ - default_devaddr = "0b"; - -- pci_nic_init(nd, "pcnet", default_devaddr); -+ pci_nic_init_nofail(nd, "pcnet", default_devaddr); - } - } - -diff --git a/hw/pc.c b/hw/pc.c -index bcd2989..3b226f4 100644 ---- a/hw/pc.c -+++ b/hw/pc.c -@@ -1360,7 +1360,7 @@ static void pc_init1(ram_addr_t ram_size, - if (!pci_enabled || (nd->model && strcmp(nd->model, "ne2k_isa") == 0)) - pc_init_ne2k_isa(nd, i8259); - else -- pci_nic_init(nd, "rtl8139", NULL); -+ pci_nic_init_nofail(nd, "rtl8139", NULL); - } - - piix4_acpi_system_hot_add_init(cpu_model); -diff --git a/hw/pci.c b/hw/pci.c -index eb990f9..9bcf49d 100644 ---- a/hw/pci.c -+++ b/hw/pci.c -@@ -937,7 +937,10 @@ PCIDevice *pci_nic_init(NICInfo *nd, const char *default_model, - DeviceState *dev; - int i; - -- i = qemu_check_nic_model_list(nd, pci_nic_models, default_model); -+ i = qemu_find_nic_model(nd, pci_nic_models, default_model); -+ if (i < 0) -+ return NULL; -+ - pci_dev = pci_create(pci_nic_names[i], devaddr); - dev = &pci_dev->qdev; - if (nd->id) -@@ -948,6 +951,20 @@ PCIDevice *pci_nic_init(NICInfo *nd, const char *default_model, - return pci_dev; - } - -+PCIDevice *pci_nic_init_nofail(NICInfo *nd, const char *default_model, -+ const char *default_devaddr) -+{ -+ PCIDevice *res; -+ -+ if (qemu_show_nic_models(nd->model, pci_nic_models)) -+ exit(0); -+ -+ res = pci_nic_init(nd, default_model, default_devaddr); -+ if (!res) -+ exit(1); -+ return res; -+} -+ - typedef struct { - PCIDevice dev; - PCIBus *bus; -diff --git a/hw/pci.h b/hw/pci.h -index 7ca3ba9..18a05f5 100644 ---- a/hw/pci.h -+++ b/hw/pci.h -@@ -291,6 +291,8 @@ PCIBus *pci_register_bus(DeviceState *parent, const char *name, - - PCIDevice *pci_nic_init(NICInfo *nd, const char *default_model, - const char *default_devaddr); -+PCIDevice *pci_nic_init_nofail(NICInfo *nd, const char *default_model, -+ const char *default_devaddr); - void pci_data_write(void *opaque, uint32_t addr, uint32_t val, int len); - uint32_t pci_data_read(void *opaque, uint32_t addr, int len); - int pci_bus_num(PCIBus *s); -diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c -index c74aa2f..9f22623 100644 ---- a/hw/ppc440_bamboo.c -+++ b/hw/ppc440_bamboo.c -@@ -128,7 +128,7 @@ static void bamboo_init(ram_addr_t ram_size, - for (i = 0; i < nb_nics; i++) { - /* There are no PCI NICs on the Bamboo board, but there are - * PCI slots, so we can pick whatever default model we want. */ -- pci_nic_init(&nd_table[i], "e1000", NULL); -+ pci_nic_init_nofail(&nd_table[i], "e1000", NULL); - } - } - -diff --git a/hw/ppc_newworld.c b/hw/ppc_newworld.c -index 45480ea..5fa9e82 100644 ---- a/hw/ppc_newworld.c -+++ b/hw/ppc_newworld.c -@@ -304,7 +304,7 @@ static void ppc_core99_init (ram_addr_t ram_size, - serial_hds[0], serial_hds[1], ESCC_CLOCK, 4); - - for(i = 0; i < nb_nics; i++) -- pci_nic_init(&nd_table[i], "ne2k_pci", NULL); -+ pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL); - - if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) { - fprintf(stderr, "qemu: too many IDE bus\n"); -diff --git a/hw/ppc_oldworld.c b/hw/ppc_oldworld.c -index 5c745a0..49c8a00 100644 ---- a/hw/ppc_oldworld.c -+++ b/hw/ppc_oldworld.c -@@ -315,7 +315,7 @@ static void ppc_heathrow_init (ram_addr_t ram_size, - serial_hds[1], ESCC_CLOCK, 4); - - for(i = 0; i < nb_nics; i++) -- pci_nic_init(&nd_table[i], "ne2k_pci", NULL); -+ pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL); - - - if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) { -diff --git a/hw/ppc_prep.c b/hw/ppc_prep.c -index 7a21977..a8f0002 100644 ---- a/hw/ppc_prep.c -+++ b/hw/ppc_prep.c -@@ -681,7 +681,7 @@ static void ppc_prep_init (ram_addr_t ram_size, - if (strcmp(nd_table[i].model, "ne2k_isa") == 0) { - isa_ne2000_init(ne2000_io[i], i8259[ne2000_irq[i]], &nd_table[i]); - } else { -- pci_nic_init(&nd_table[i], "ne2k_pci", NULL); -+ pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL); - } - } - -diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c -index db52cdd..5f2b526 100644 ---- a/hw/ppce500_mpc8544ds.c -+++ b/hw/ppce500_mpc8544ds.c -@@ -228,7 +228,7 @@ static void mpc8544ds_init(ram_addr_t ram_size, - - /* Register network interfaces. */ - for (i = 0; i < nb_nics; i++) { -- pci_nic_init(&nd_table[i], "virtio", NULL); -+ pci_nic_init_nofail(&nd_table[i], "virtio", NULL); - } - } - -diff --git a/hw/r2d.c b/hw/r2d.c -index 8ce6832..af229d4 100644 ---- a/hw/r2d.c -+++ b/hw/r2d.c -@@ -231,7 +231,7 @@ static void r2d_init(ram_addr_t ram_size, - - /* NIC: rtl8139 on-board, and 2 slots. */ - for (i = 0; i < nb_nics; i++) -- pci_nic_init(&nd_table[i], "rtl8139", i==0 ? "2" : NULL); -+ pci_nic_init_nofail(&nd_table[i], "rtl8139", i==0 ? "2" : NULL); - - /* Todo: register on board registers */ - if (kernel_filename) { -diff --git a/hw/realview.c b/hw/realview.c -index 8e176b9..70c129b 100644 ---- a/hw/realview.c -+++ b/hw/realview.c -@@ -125,7 +125,7 @@ static void realview_init(ram_addr_t ram_size, - smc91c111_init(nd, 0x4e000000, pic[28]); - done_smc = 1; - } else { -- pci_nic_init(nd, "rtl8139", NULL); -+ pci_nic_init_nofail(nd, "rtl8139", NULL); - } - } - -diff --git a/hw/sun4u.c b/hw/sun4u.c -index 9d2a7f5..9fb5dcd 100644 ---- a/hw/sun4u.c -+++ b/hw/sun4u.c -@@ -497,7 +497,7 @@ static void sun4uv_init(ram_addr_t RAM_size, - } - - for(i = 0; i < nb_nics; i++) -- pci_nic_init(&nd_table[i], "ne2k_pci", NULL); -+ pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL); - - if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) { - fprintf(stderr, "qemu: too many IDE bus\n"); -diff --git a/hw/versatilepb.c b/hw/versatilepb.c -index 3371121..8e06c31 100644 ---- a/hw/versatilepb.c -+++ b/hw/versatilepb.c -@@ -212,7 +212,7 @@ static void versatile_init(ram_addr_t ram_size, - smc91c111_init(nd, 0x10010000, sic[25]); - done_smc = 1; - } else { -- pci_nic_init(nd, "rtl8139", NULL); -+ pci_nic_init_nofail(nd, "rtl8139", NULL); - } - } - if (usb_enabled) { -diff --git a/net.c b/net.c -index 047e72e..3572c48 100644 ---- a/net.c -+++ b/net.c -@@ -2543,6 +2543,19 @@ static int nic_get_free_idx(void) - return -1; - } - -+int qemu_show_nic_models(const char *arg, const char *const *models) -+{ -+ int i; -+ -+ if (!arg || strcmp(arg, "?")) -+ return 0; -+ -+ fprintf(stderr, "qemu: Supported NIC models: "); -+ for (i = 0 ; models[i]; i++) -+ fprintf(stderr, "%s%c", models[i], models[i+1] ? ',' : '\n'); -+ return 1; -+} -+ - void qemu_check_nic_model(NICInfo *nd, const char *model) - { - const char *models[2]; -@@ -2550,31 +2563,27 @@ void qemu_check_nic_model(NICInfo *nd, const char *model) - models[0] = model; - models[1] = NULL; - -- qemu_check_nic_model_list(nd, models, model); -+ if (qemu_show_nic_models(nd->model, models)) -+ exit(0); -+ if (qemu_find_nic_model(nd, models, model) < 0) -+ exit(1); - } - --int qemu_check_nic_model_list(NICInfo *nd, const char * const *models, -- const char *default_model) -+int qemu_find_nic_model(NICInfo *nd, const char * const *models, -+ const char *default_model) - { -- int i, exit_status = 0; -+ int i; - - if (!nd->model) - nd->model = qemu_strdup(default_model); - -- if (strcmp(nd->model, "?") != 0) { -- for (i = 0 ; models[i]; i++) -- if (strcmp(nd->model, models[i]) == 0) -- return i; -- -- fprintf(stderr, "qemu: Unsupported NIC model: %s\n", nd->model); -- exit_status = 1; -+ for (i = 0 ; models[i]; i++) { -+ if (strcmp(nd->model, models[i]) == 0) -+ return i; - } - -- fprintf(stderr, "qemu: Supported NIC models: "); -- for (i = 0 ; models[i]; i++) -- fprintf(stderr, "%s%c", models[i], models[i+1] ? ',' : '\n'); -- -- exit(exit_status); -+ fprintf(stderr, "qemu: Unsupported NIC model: %s\n", nd->model); -+ return -1; - } - - static int net_handle_fd_param(Monitor *mon, const char *param) -diff --git a/net.h b/net.h -index 9662988..07b4c9a 100644 ---- a/net.h -+++ b/net.h -@@ -79,9 +79,10 @@ ssize_t qemu_send_packet_async(VLANClientState *vc, const uint8_t *buf, - void qemu_purge_queued_packets(VLANClientState *vc); - void qemu_flush_queued_packets(VLANClientState *vc); - void qemu_format_nic_info_str(VLANClientState *vc, uint8_t macaddr[6]); -+int qemu_show_nic_models(const char *arg, const char *const *models); - void qemu_check_nic_model(NICInfo *nd, const char *model); --int qemu_check_nic_model_list(NICInfo *nd, const char * const *models, -- const char *default_model); -+int qemu_find_nic_model(NICInfo *nd, const char * const *models, -+ const char *default_model); - void qemu_handler_true(void *opaque); - - void do_info_network(Monitor *mon); --- -1.6.2.5 - diff --git a/qemu-fix-dropped-packets-with-non-virtio-nics.patch b/qemu-fix-dropped-packets-with-non-virtio-nics.patch deleted file mode 100644 index aad4997..0000000 --- a/qemu-fix-dropped-packets-with-non-virtio-nics.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 2e7c7b6cb25603e2fa40990da86d03a57b2616bd Mon Sep 17 00:00:00 2001 -From: Mark McLoughlin -Date: Thu, 29 Oct 2009 11:34:17 +0000 -Subject: [PATCH] net: disable draining tap queue in one go - -If qemu_send_packet_async() returns zero, it means the packet has been -queued and the sent callback will be invoked once it has been flushed. - -This is only possible where the NIC's receive() handler returns zero -and promises to notify the networking core that room is available in its -queue again. - -In the case where the receive handler does not have this capability -(and its queue fills up) it returns -1 and the networking core does not -queue up the packet. This condition is indicated by a -1 return from -qemu_send_packet_async(). - -Currently, tap handles this condition simply by dropping the packet. It -should do its best to avoid getting into this situation by checking such -NIC's have room for a packet before copying the packet from the tap -interface. - -tap_send() used to achieve this by only reading a single packet before -returning to the mainloop. That way, tap_can_send() is called before -reading each packet. - -tap_send() was changed to completely drain the tap interface queue -without taking into account the situation where the NIC returns an -error and the packet is not queued. Let's start fixing this by -reverting to the previous behaviour of reading one packet at a time. - -Reported-by: Scott Tsai -Tested-by: Sven Rudolph -Signed-off-by: Mark McLoughlin - -Fedora-patch: qemu-fix-dropped-packets-with-non-virtio-nics.patch ---- - net.c | 29 +++++++++++++---------------- - 1 files changed, 13 insertions(+), 16 deletions(-) - -diff --git a/net.c b/net.c -index 3572c48..522e33c 100644 ---- a/net.c -+++ b/net.c -@@ -1453,27 +1453,24 @@ static void tap_send(void *opaque) - { - TAPState *s = opaque; - int size; -+ uint8_t *buf = s->buf; - -- do { -- uint8_t *buf = s->buf; -- -- size = tap_read_packet(s->fd, s->buf, sizeof(s->buf)); -- if (size <= 0) { -- break; -- } -+ size = tap_read_packet(s->fd, s->buf, sizeof(s->buf)); -+ if (size <= 0) { -+ return; -+ } - - #ifdef IFF_VNET_HDR -- if (s->has_vnet_hdr && !s->using_vnet_hdr) { -- buf += sizeof(struct virtio_net_hdr); -- size -= sizeof(struct virtio_net_hdr); -- } -+ if (s->has_vnet_hdr && !s->using_vnet_hdr) { -+ buf += sizeof(struct virtio_net_hdr); -+ size -= sizeof(struct virtio_net_hdr); -+ } - #endif - -- size = qemu_send_packet_async(s->vc, buf, size, tap_send_completed); -- if (size == 0) { -- tap_read_poll(s, 0); -- } -- } while (size > 0); -+ size = qemu_send_packet_async(s->vc, buf, size, tap_send_completed); -+ if (size == 0) { -+ tap_read_poll(s, 0); -+ } - } - - #ifdef TUNSETSNDBUF --- -1.6.2.5 - diff --git a/qemu-fix-linux-user-build-on-ppc.patch b/qemu-fix-linux-user-build-on-ppc.patch deleted file mode 100644 index f8dccc1..0000000 --- a/qemu-fix-linux-user-build-on-ppc.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 8f4d4cb4e4e73d0533aa2cb421c14210c75f6edc Mon Sep 17 00:00:00 2001 -From: Mark McLoughlin -Date: Mon, 29 Jun 2009 14:49:03 +0100 -Subject: [PATCH] Fix linux-user build on ppc - -kvm-87 build fails on ppc: - - https://koji.fedoraproject.org/koji/getfile?taskID=1441042&name=build.log - - gcc -I. -I.. -I/builddir/build/BUILD/qemu-kvm-devel-87/target-i386 - -I/builddir/build/BUILD/qemu-kvm-devel-87 -MMD -MT elfload.o -MP - -DNEED_CPU_H -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE - -D__user= -I/builddir/build/BUILD/qemu-kvm-devel-87/tcg - -I/builddir/build/BUILD/qemu-kvm-devel-87/tcg/ppc64 - -I/builddir/build/BUILD/qemu-kvm-devel-87/fpu - -I/builddir/build/BUILD/qemu-kvm-devel-87/linux-user - -I/builddir/build/BUILD/qemu-kvm-devel-87/linux-user/i386 -O2 -g -pipe - -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector - --param=ssp-buffer-size=4 -m64 -mminimal-toc -g -fno-strict-aliasing - -O2 -Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes - -Wstrict-prototypes -Wredundant-decls -c -o elfload.o - /builddir/build/BUILD/qemu-kvm-devel-87/linux-user/elfload.c - /builddir/build/BUILD/qemu-kvm-devel-87/linux-user/elfload.c:214: error: conflicting types for 'elf_greg_t' - /usr/include/asm/elf.h:123: note: previous declaration of 'elf_greg_t' was here - /builddir/build/BUILD/qemu-kvm-devel-87/linux-user/elfload.c:220: error: conflicting types for 'elf_gregset_t' - /usr/include/asm/elf.h:124: note: previous declaration of 'elf_gregset_t' was here - In file included from /builddir/build/BUILD/qemu-kvm-devel-87/linux-user/elfload.c:697: - ../elf.h:457:1: warning: "R_PPC_NUM" redefined - In file included from /usr/include/asm/sigcontext.h:13, - from /usr/include/bits/sigcontext.h:28, - from /usr/include/signal.h:339, - from /builddir/build/BUILD/qemu-kvm-devel-87/linux-user/qemu.h:4, - from /builddir/build/BUILD/qemu-kvm-devel-87/linux-user/elfload.c:16: - /usr/include/asm/elf.h:81:1: warning: this is the location of the previous definition - -Problem seems to be that signal.h is pulling in a bunch of ppc -headers which expose elf_greg_t, R_PPC_* and PPC_FEATURE_*. - -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-fix-linux-user-build-on-ppc.patch ---- - elf.h | 2 ++ - linux-user/elfload.c | 10 ++++++++++ - 2 files changed, 12 insertions(+), 0 deletions(-) - -diff --git a/elf.h b/elf.h -index b042002..14f8aa1 100644 ---- a/elf.h -+++ b/elf.h -@@ -454,7 +454,9 @@ typedef struct { - #define R_PPC_SECTOFF_HI 35 - #define R_PPC_SECTOFF_HA 36 - /* Keep this the last entry. */ -+#ifndef R_PPC_NUM - #define R_PPC_NUM 37 -+#endif /* R_PPC_NUM */ - - /* ARM specific declarations */ - -diff --git a/linux-user/elfload.c b/linux-user/elfload.c -index 3a8268b..d283f73 100644 ---- a/linux-user/elfload.c -+++ b/linux-user/elfload.c -@@ -134,6 +134,7 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i - regs->rip = infop->entry; - } - -+#ifdef FIX_BROKEN_PPC_BUILD - typedef target_ulong elf_greg_t; - typedef uint32_t target_uid_t; - typedef uint32_t target_gid_t; -@@ -179,6 +180,7 @@ static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env) - (*regs)[25] = env->segs[R_FS].selector & 0xffff; - (*regs)[26] = env->segs[R_GS].selector & 0xffff; - } -+#endif /* FIX_BROKEN_PPC_BUILD */ - - #else - -@@ -211,6 +213,7 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i - regs->edx = 0; - } - -+#ifdef FIX_BROKEN_PPC_BUILD - typedef target_ulong elf_greg_t; - typedef uint16_t target_uid_t; - typedef uint16_t target_gid_t; -@@ -246,9 +249,12 @@ static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env) - (*regs)[15] = env->regs[R_ESP]; - (*regs)[16] = env->segs[R_SS].selector & 0xffff; - } -+#endif /* FIX_BROKEN_PPC_BUILD */ - #endif - -+#ifdef FIX_BROKEN_PPC_BUILD - #define USE_ELF_CORE_DUMP -+#endif /* FIX_BROKEN_PPC_BUILD */ - #define ELF_EXEC_PAGESIZE 4096 - - #endif -@@ -286,6 +292,7 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i - regs->ARM_r10 = infop->start_data; - } - -+#ifdef FIX_BROKEN_PPC_BUILD - typedef uint32_t elf_greg_t; - typedef uint16_t target_uid_t; - typedef uint16_t target_gid_t; -@@ -318,6 +325,7 @@ static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env) - } - - #define USE_ELF_CORE_DUMP -+#endif /* FIX_BROKEN_PPC_BUILD */ - #define ELF_EXEC_PAGESIZE 4096 - - enum -@@ -421,6 +429,7 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i - - /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). - See arch/powerpc/include/asm/cputable.h. */ -+#ifndef PPC_FEATURE_32 - enum { - PPC_FEATURE_32 = 0x80000000, - PPC_FEATURE_64 = 0x40000000, -@@ -452,6 +461,7 @@ enum { - PPC_FEATURE_TRUE_LE = 0x00000002, - PPC_FEATURE_PPC_LE = 0x00000001, - }; -+#endif /* !defined(PPC_FEATURE_32) */ - - #define ELF_HWCAP get_elf_hwcap() - --- -1.6.2.5 - diff --git a/qemu-fix-msr-count-potential-segfault.patch b/qemu-fix-msr-count-potential-segfault.patch deleted file mode 100644 index c9f92bc..0000000 --- a/qemu-fix-msr-count-potential-segfault.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 7834349cfcc68b946c0d241ffd99c598857e489b Mon Sep 17 00:00:00 2001 -From: Eduardo Habkost -Date: Wed, 14 Oct 2009 15:02:27 -0300 -Subject: [PATCH] fix MSR_COUNT for kvm_arch_save_regs() - -A new register was added to the load/save list on commit -d283d5a65a2bdcc570065267be21848bd6fe3d78, but MSR_COUNT was not updated, leading -to potential stack corruption on kvm_arch_save_regs(). - -The following registers are saved by kvm_arch_save_regs(): - - 1) MSR_IA32_SYSENTER_CS - 2) MSR_IA32_SYSENTER_ESP - 3) MSR_IA32_SYSENTER_EIP - 4) MSR_STAR - 5) MSR_IA32_TSC - 6) MSR_VM_HSAVE_PA - 7) MSR_CSTAR (x86_64 only) - 8) MSR_KERNELGSBASE (x86_64 only) - 9) MSR_FMASK (x86_64 only) -10) MSR_LSTAR (x86_64 only) - -(cherry picked from commit e7e5448ba387adc20be1cf08411a5b526d684299) - -Signed-off-by: Eduardo Habkost -Signed-off-by: Marcelo Tosatti -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-fix-msr-count-potential-segfault.patch ---- - qemu-kvm-x86.c | 6 ++++-- - 1 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c -index 492dbc5..d5436b6 100644 ---- a/qemu-kvm-x86.c -+++ b/qemu-kvm-x86.c -@@ -847,9 +847,9 @@ static int get_msr_entry(struct kvm_msr_entry *entry, CPUState *env) - } - - #ifdef TARGET_X86_64 --#define MSR_COUNT 9 -+#define MSR_COUNT 10 - #else --#define MSR_COUNT 5 -+#define MSR_COUNT 6 - #endif - - static void set_v8086_seg(struct kvm_segment *lhs, const SegmentCache *rhs) -@@ -991,6 +991,7 @@ void kvm_arch_load_regs(CPUState *env) - - /* msrs */ - n = 0; -+ /* Remember to increase MSR_COUNT if you add new registers below */ - set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_CS, env->sysenter_cs); - set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_ESP, env->sysenter_esp); - set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip); -@@ -1166,6 +1167,7 @@ void kvm_arch_save_regs(CPUState *env) - - /* msrs */ - n = 0; -+ /* Remember to increase MSR_COUNT if you add new registers below */ - msrs[n++].index = MSR_IA32_SYSENTER_CS; - msrs[n++].index = MSR_IA32_SYSENTER_ESP; - msrs[n++].index = MSR_IA32_SYSENTER_EIP; --- -1.6.2.5 - diff --git a/qemu-fix-qcow2-backing-file-with-virtio.patch b/qemu-fix-qcow2-backing-file-with-virtio.patch deleted file mode 100644 index 2dc56ac..0000000 --- a/qemu-fix-qcow2-backing-file-with-virtio.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 1df18d4a961a66b9ea28ab83b409f4d9d470f148 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Thu, 8 Oct 2009 15:02:08 +0200 -Subject: [PATCH] qcow2: Bring synchronous read/write back to life - -When the synchronous read and write functions were dropped, they were replaced -by generic emulation functions. Unfortunately, these emulation functions don't -provide the same semantics as the original functions did. - -The original bdrv_read would mean that we read some data synchronously and that -we won't be interrupted during this read. The latter assumption is no longer -true with the emulation function which needs to use qemu_aio_poll and therefore -allows the callback of any other concurrent AIO request to be run during the -read. Which in turn means that (meta)data read earlier could have changed and -be invalid now. qcow2 is not prepared to work in this way and it's just scary -how many places there are where other requests could run. - -I'm not sure yet where exactly it breaks, but you'll see breakage with virtio -on qcow2 with a backing file. Providing synchronous functions again fixes the -problem for me. - -Signed-off-by: Kevin Wolf -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-fix-qcow2-backing-file-with-virtio.patch ---- - block/qcow2-cluster.c | 6 ++-- - block/qcow2.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++- - block/qcow2.h | 3 ++ - 3 files changed, 55 insertions(+), 5 deletions(-) - -diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c -index d4631c3..4d0ce16 100644 ---- a/block/qcow2-cluster.c -+++ b/block/qcow2-cluster.c -@@ -306,8 +306,8 @@ void qcow2_encrypt_sectors(BDRVQcowState *s, int64_t sector_num, - } - - --static int qcow_read(BlockDriverState *bs, int64_t sector_num, -- uint8_t *buf, int nb_sectors) -+int qcow2_read(BlockDriverState *bs, int64_t sector_num, uint8_t *buf, -+ int nb_sectors) - { - BDRVQcowState *s = bs->opaque; - int ret, index_in_cluster, n, n1; -@@ -358,7 +358,7 @@ static int copy_sectors(BlockDriverState *bs, uint64_t start_sect, - n = n_end - n_start; - if (n <= 0) - return 0; -- ret = qcow_read(bs, start_sect + n_start, s->cluster_data, n); -+ ret = qcow2_read(bs, start_sect + n_start, s->cluster_data, n); - if (ret < 0) - return ret; - if (s->crypt_method) { -diff --git a/block/qcow2.c b/block/qcow2.c -index dd32ea2..ced257e 100644 ---- a/block/qcow2.c -+++ b/block/qcow2.c -@@ -855,6 +855,51 @@ static int qcow_make_empty(BlockDriverState *bs) - return 0; - } - -+static int qcow2_write(BlockDriverState *bs, int64_t sector_num, -+ const uint8_t *buf, int nb_sectors) -+{ -+ BDRVQcowState *s = bs->opaque; -+ int ret, index_in_cluster, n; -+ uint64_t cluster_offset; -+ int n_end; -+ QCowL2Meta l2meta; -+ -+ while (nb_sectors > 0) { -+ memset(&l2meta, 0, sizeof(l2meta)); -+ -+ index_in_cluster = sector_num & (s->cluster_sectors - 1); -+ n_end = index_in_cluster + nb_sectors; -+ if (s->crypt_method && -+ n_end > QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors) -+ n_end = QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors; -+ cluster_offset = qcow2_alloc_cluster_offset(bs, sector_num << 9, -+ index_in_cluster, -+ n_end, &n, &l2meta); -+ if (!cluster_offset) -+ return -1; -+ if (s->crypt_method) { -+ qcow2_encrypt_sectors(s, sector_num, s->cluster_data, buf, n, 1, -+ &s->aes_encrypt_key); -+ ret = bdrv_pwrite(s->hd, cluster_offset + index_in_cluster * 512, -+ s->cluster_data, n * 512); -+ } else { -+ ret = bdrv_pwrite(s->hd, cluster_offset + index_in_cluster * 512, buf, n * 512); -+ } -+ if (ret != n * 512 || qcow2_alloc_cluster_link_l2(bs, cluster_offset, &l2meta) < 0) { -+ qcow2_free_any_clusters(bs, cluster_offset, l2meta.nb_clusters); -+ return -1; -+ } -+ nb_sectors -= n; -+ sector_num += n; -+ buf += n * 512; -+ if (l2meta.nb_clusters != 0) { -+ LIST_REMOVE(&l2meta, next_in_flight); -+ } -+ } -+ s->cluster_cache_offset = -1; /* disable compressed cache */ -+ return 0; -+} -+ - /* XXX: put compressed sectors first, then all the cluster aligned - tables to avoid losing bytes in alignment */ - static int qcow_write_compressed(BlockDriverState *bs, int64_t sector_num, -@@ -1037,8 +1082,10 @@ static BlockDriver bdrv_qcow2 = { - .bdrv_set_key = qcow_set_key, - .bdrv_make_empty = qcow_make_empty, - -- .bdrv_aio_readv = qcow_aio_readv, -- .bdrv_aio_writev = qcow_aio_writev, -+ .bdrv_read = qcow2_read, -+ .bdrv_write = qcow2_write, -+ .bdrv_aio_readv = qcow_aio_readv, -+ .bdrv_aio_writev = qcow_aio_writev, - .bdrv_write_compressed = qcow_write_compressed, - - .bdrv_snapshot_create = qcow2_snapshot_create, -diff --git a/block/qcow2.h b/block/qcow2.h -index 965a2f4..b41aa63 100644 ---- a/block/qcow2.h -+++ b/block/qcow2.h -@@ -202,6 +202,9 @@ uint64_t qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs, - int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, uint64_t cluster_offset, - QCowL2Meta *m); - -+int qcow2_read(BlockDriverState *bs, int64_t sector_num, uint8_t *buf, -+ int nb_sectors); -+ - /* qcow2-snapshot.c functions */ - int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info); - int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id); --- -1.6.2.5 - diff --git a/qemu-improve-error-reporting-on-file-access.patch b/qemu-improve-error-reporting-on-file-access.patch deleted file mode 100644 index 7451a6c..0000000 --- a/qemu-improve-error-reporting-on-file-access.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 565c62123258970d9254bc7b8eaa8f4c66ab2a21 Mon Sep 17 00:00:00 2001 -From: Justin M. Forbes -Date: Thu, 1 Oct 2009 16:13:56 -0500 -Subject: [PATCH] Improve error reporting on file access - -By making the error reporting include strerror(errno), it gives the user -a bit more indication as to why qemu failed. This is particularly -important for people running qemu as a non root user. - -(cherry-picked from commit 850810d01b45e6ce99ac6696773e967890db2937) - -Signed-off-by: Justin M. Forbes -Fedora-patch: qemu-improve-error-reporting-on-file-access.patch ---- - hw/pc.c | 12 ++++++------ - vl.c | 20 ++++++++++---------- - 2 files changed, 16 insertions(+), 16 deletions(-) - -diff --git a/hw/pc.c b/hw/pc.c -index 3b226f4..7a184cd 100644 ---- a/hw/pc.c -+++ b/hw/pc.c -@@ -841,8 +841,8 @@ static void load_linux(void *fw_cfg, - if (!f || !(kernel_size = get_file_size(f)) || - fread(header, 1, MIN(ARRAY_SIZE(header), kernel_size), f) != - MIN(ARRAY_SIZE(header), kernel_size)) { -- fprintf(stderr, "qemu: could not load kernel '%s'\n", -- kernel_filename); -+ fprintf(stderr, "qemu: could not load kernel '%s': %s\n", -+ kernel_filename, strerror(errno)); - exit(1); - } - -@@ -947,8 +947,8 @@ static void load_linux(void *fw_cfg, - - fi = fopen(initrd_filename, "rb"); - if (!fi) { -- fprintf(stderr, "qemu: could not load initial ram disk '%s'\n", -- initrd_filename); -+ fprintf(stderr, "qemu: could not load initial ram disk '%s': %s\n", -+ initrd_filename, strerror(errno)); - exit(1); - } - -@@ -956,8 +956,8 @@ static void load_linux(void *fw_cfg, - initrd_addr = (initrd_max-initrd_size) & ~4095; - - if (!fread_targphys_ok(initrd_addr, initrd_size, fi)) { -- fprintf(stderr, "qemu: read error on initial ram disk '%s'\n", -- initrd_filename); -+ fprintf(stderr, "qemu: read error on initial ram disk '%s': %s\n", -+ initrd_filename, strerror(errno)); - exit(1); - } - fclose(fi); -diff --git a/vl.c b/vl.c -index d7c7ab1..9182d89 100644 ---- a/vl.c -+++ b/vl.c -@@ -2379,8 +2379,8 @@ int drive_init(struct drive_opt *arg, int snapshot, void *opaque) - else if (cache == 2) /* write-back */ - bdrv_flags |= BDRV_O_CACHE_WB; - if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0) { -- fprintf(stderr, "qemu: could not open disk image %s\n", -- file); -+ fprintf(stderr, "qemu: could not open disk image %s: %s\n", -+ file, strerror(errno)); - return -1; - } - if (bdrv_key_required(bdrv)) -@@ -5799,7 +5799,7 @@ int main(int argc, char **argv, char **envp) - if (len != 1) - exit(1); - else if (status == 1) { -- fprintf(stderr, "Could not acquire pidfile\n"); -+ fprintf(stderr, "Could not acquire pidfile: %s\n", strerror(errno)); - exit(1); - } else - exit(0); -@@ -5826,7 +5826,7 @@ int main(int argc, char **argv, char **envp) - uint8_t status = 1; - write(fds[1], &status, 1); - } else -- fprintf(stderr, "Could not acquire pid file\n"); -+ fprintf(stderr, "Could not acquire pid file: %s\n", strerror(errno)); - exit(1); - } - #endif -@@ -6031,8 +6031,8 @@ int main(int argc, char **argv, char **envp) - snprintf(label, sizeof(label), "serial%d", i); - serial_hds[i] = qemu_chr_open(label, devname, NULL); - if (!serial_hds[i]) { -- fprintf(stderr, "qemu: could not open serial device '%s'\n", -- devname); -+ fprintf(stderr, "qemu: could not open serial device '%s': %s\n", -+ devname, strerror(errno)); - exit(1); - } - } -@@ -6045,8 +6045,8 @@ int main(int argc, char **argv, char **envp) - snprintf(label, sizeof(label), "parallel%d", i); - parallel_hds[i] = qemu_chr_open(label, devname, NULL); - if (!parallel_hds[i]) { -- fprintf(stderr, "qemu: could not open parallel device '%s'\n", -- devname); -+ fprintf(stderr, "qemu: could not open parallel device '%s': %s\n", -+ devname, strerror(errno)); - exit(1); - } - } -@@ -6059,8 +6059,8 @@ int main(int argc, char **argv, char **envp) - snprintf(label, sizeof(label), "virtcon%d", i); - virtcon_hds[i] = qemu_chr_open(label, devname, NULL); - if (!virtcon_hds[i]) { -- fprintf(stderr, "qemu: could not open virtio console '%s'\n", -- devname); -+ fprintf(stderr, "qemu: could not open virtio console '%s': %s\n", -+ devname, strerror(errno)); - exit(1); - } - } --- -1.6.2.5 - diff --git a/qemu-parallels-image-format-overflow.patch b/qemu-parallels-image-format-overflow.patch deleted file mode 100644 index dc3283a..0000000 --- a/qemu-parallels-image-format-overflow.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ff1a1e986f2e167c2538160d0476ac61cda31f77 Mon Sep 17 00:00:00 2001 -From: David Woodhouse -Date: Sat, 7 Nov 2009 14:10:01 +0000 -Subject: [PATCH] Fix 32-bit overflow in parallels image support - -(cherry picked from commit c34d2451ed32651e14e309f94009be07d231ee96) - -Signed-off-by: David Woodhouse -Signed-off-by: Anthony Liguori -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-parallels-image-format-overflow.patch ---- - block/parallels.c | 5 +++-- - 1 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/block/parallels.c b/block/parallels.c -index 0b64a5c..63b6738 100644 ---- a/block/parallels.c -+++ b/block/parallels.c -@@ -119,7 +119,8 @@ fail: - static inline int seek_to_sector(BlockDriverState *bs, int64_t sector_num) - { - BDRVParallelsState *s = bs->opaque; -- uint32_t index, offset, position; -+ uint32_t index, offset; -+ uint64_t position; - - index = sector_num / s->tracks; - offset = sector_num % s->tracks; -@@ -128,7 +129,7 @@ static inline int seek_to_sector(BlockDriverState *bs, int64_t sector_num) - if ((index > s->catalog_size) || (s->catalog_bitmap[index] == 0)) - return -1; - -- position = (s->catalog_bitmap[index] + offset) * 512; -+ position = (uint64_t)(s->catalog_bitmap[index] + offset) * 512; - - // fprintf(stderr, "sector: %llx index=%x offset=%x pointer=%x position=%x\n", - // sector_num, index, offset, s->catalog_bitmap[index], position); --- -1.6.2.5 - diff --git a/qemu-properly-save-kvm-system-time-registers.patch b/qemu-properly-save-kvm-system-time-registers.patch deleted file mode 100644 index 8bc87b4..0000000 --- a/qemu-properly-save-kvm-system-time-registers.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 20a3c3095744ea65b4dfb5365efea8cdb802f7f5 Mon Sep 17 00:00:00 2001 -From: Glauber Costa -Date: Wed, 21 Oct 2009 10:52:46 -0400 -Subject: [PATCH] properly save kvm system time msr registers - -Currently, the msrs involved in setting up pvclock are not saved over -migration and/or save/restore. This patch puts their value in special -fields in our CPUState, and deal with them using vmstate. - -kvm also has to account for it, by including them in the msr list -for the ioctls. - -Fedora-patch: qemu-properly-save-kvm-system-time-registers.patch -Signed-off-by: Glauber Costa ---- - qemu-kvm-x86.c | 15 +++++++++++++-- - target-i386/cpu.h | 5 ++++- - target-i386/machine.c | 8 ++++++++ - 3 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c -index d5436b6..300e6c2 100644 ---- a/qemu-kvm-x86.c -+++ b/qemu-kvm-x86.c -@@ -839,6 +839,12 @@ static int get_msr_entry(struct kvm_msr_entry *entry, CPUState *env) - case MSR_VM_HSAVE_PA: - env->vm_hsave = entry->data; - break; -+ case MSR_KVM_SYSTEM_TIME: -+ env->system_time_msr = entry->data; -+ break; -+ case MSR_KVM_WALL_CLOCK: -+ env->wall_clock_msr = entry->data; -+ break; - default: - printf("Warning unknown msr index 0x%x\n", entry->index); - return 1; -@@ -847,9 +853,9 @@ static int get_msr_entry(struct kvm_msr_entry *entry, CPUState *env) - } - - #ifdef TARGET_X86_64 --#define MSR_COUNT 10 -+#define MSR_COUNT 12 - #else --#define MSR_COUNT 6 -+#define MSR_COUNT 8 - #endif - - static void set_v8086_seg(struct kvm_segment *lhs, const SegmentCache *rhs) -@@ -1007,6 +1013,8 @@ void kvm_arch_load_regs(CPUState *env) - set_msr_entry(&msrs[n++], MSR_LSTAR , env->lstar); - } - #endif -+ set_msr_entry(&msrs[n++], MSR_KVM_SYSTEM_TIME, env->system_time_msr); -+ set_msr_entry(&msrs[n++], MSR_KVM_WALL_CLOCK, env->wall_clock_msr); - - rc = kvm_set_msrs(env->kvm_cpu_state.vcpu_ctx, msrs, n); - if (rc == -1) -@@ -1184,6 +1192,9 @@ void kvm_arch_save_regs(CPUState *env) - msrs[n++].index = MSR_LSTAR; - } - #endif -+ msrs[n++].index = MSR_KVM_SYSTEM_TIME; -+ msrs[n++].index = MSR_KVM_WALL_CLOCK; -+ - rc = kvm_get_msrs(env->kvm_cpu_state.vcpu_ctx, msrs, n); - if (rc == -1) { - perror("kvm_get_msrs FAILED"); -diff --git a/target-i386/cpu.h b/target-i386/cpu.h -index 08200ed..22e76ec 100644 ---- a/target-i386/cpu.h -+++ b/target-i386/cpu.h -@@ -640,6 +640,9 @@ typedef struct CPUX86State { - target_ulong fmask; - target_ulong kernelgsbase; - #endif -+ uint64_t system_time_msr; -+ uint64_t wall_clock_msr; -+ - - uint64_t tsc; - -@@ -867,7 +870,7 @@ static inline int cpu_get_time_fast(void) - #define cpu_signal_handler cpu_x86_signal_handler - #define cpu_list x86_cpu_list - --#define CPU_SAVE_VERSION 10 -+#define CPU_SAVE_VERSION 11 - - /* MMU modes definitions */ - #define MMU_MODE0_SUFFIX _kernel -diff --git a/target-i386/machine.c b/target-i386/machine.c -index ca32a92..4654508 100644 ---- a/target-i386/machine.c -+++ b/target-i386/machine.c -@@ -174,6 +174,9 @@ void cpu_save(QEMUFile *f, void *opaque) - qemu_put_be64s(f, &env->mce_banks[4*i + 3]); - } - } -+ -+ qemu_put_be64s(f, &env->system_time_msr); -+ qemu_put_be64s(f, &env->wall_clock_msr); - } - - #ifdef USE_X86LDOUBLE -@@ -405,5 +408,10 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id) - kvm_arch_load_mpstate(env); - } - } -+ -+ if (version_id >= 11) { -+ qemu_get_be64s(f, &env->system_time_msr); -+ qemu_get_be64s(f, &env->wall_clock_msr); -+ } - return 0; - } --- -1.6.2.2 - diff --git a/qemu-slirp-use-after-free.patch b/qemu-slirp-use-after-free.patch deleted file mode 100644 index 4e1d527..0000000 --- a/qemu-slirp-use-after-free.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 56d370091cb01878c580f528011cd1717f8077fa Mon Sep 17 00:00:00 2001 -From: Mark McLoughlin -Date: Fri, 20 Nov 2009 18:07:15 +0000 -Subject: [PATCH] slirp: fix use-after-free - -460fec67ee introduced a use-after free in slirp. - -Cc: Jan Kiszka -Signed-off-by: Mark McLoughlin -Fedora-patch: qemu-slirp-use-after-free.patch ---- - slirp/mbuf.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/slirp/mbuf.c b/slirp/mbuf.c -index 7652fea..87508ba 100644 ---- a/slirp/mbuf.c -+++ b/slirp/mbuf.c -@@ -95,8 +95,8 @@ m_free(struct mbuf *m) - * Either free() it or put it on the free list - */ - if (m->m_flags & M_DOFREE) { -- free(m); - m->slirp->mbuf_alloced--; -+ free(m); - } else if ((m->m_flags & M_FREELIST) == 0) { - insque(m,&m->slirp->m_freelist); - m->m_flags = M_FREELIST; /* Clobber other flags */ --- -1.6.2.5 - diff --git a/qemu-usb-linux-fix-buffer-overflow.patch b/qemu-usb-linux-fix-buffer-overflow.patch deleted file mode 100644 index 129dc5b..0000000 --- a/qemu-usb-linux-fix-buffer-overflow.patch +++ /dev/null @@ -1,79 +0,0 @@ -From a7c87c869ac75a076fa5552f9604f73f710cff80 Mon Sep 17 00:00:00 2001 -From: Jim Paris -Date: Mon, 24 Aug 2009 14:56:12 -0400 -Subject: [PATCH] usb-linux.c: fix buffer overflow - -In usb-linux.c:usb_host_handle_control, we pass a 1024-byte buffer and -length to the kernel. However, the length was provided by the caller -of dev->handle_packet, and is not checked, so the kernel might provide -too much data and overflow our buffer. - -For example, hw/usb-uhci.c could set the length to 2047. -hw/usb-ohci.c looks like it might go up to 4096 or 8192. - -This causes a qemu crash, as reported here: - http://www.mail-archive.com/kvm@vger.kernel.org/msg18447.html - -This patch increases the usb-linux.c buffer size to 2048 to fix the -specific device reported, and adds a check to avoid the overflow in -any case. - -Signed-off-by: Jim Paris -Signed-off-by: Anthony Liguori - -The WLAN USB stick ZyXEL NWD271N (0586:3417) uses very large -usb control transfers of more than 2048 bytes. Increasing the -buffer size to 8192. - -Signed-off-by: Christian Krause ---- - usb-linux.c | 12 ++++++++++-- - 1 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/usb-linux.c b/usb-linux.c -index f19f0c4..298f342 100644 ---- a/usb-linux.c -+++ b/usb-linux.c -@@ -115,7 +115,7 @@ struct ctrl_struct { - uint16_t offset; - uint8_t state; - struct usb_ctrlrequest req; -- uint8_t buffer[1024]; -+ uint8_t buffer[8192]; - }; - - typedef struct USBHostDevice { -@@ -552,6 +552,7 @@ static int usb_host_handle_control(USBHostDevice *s, USBPacket *p) - struct usbdevfs_urb *urb; - AsyncURB *aurb; - int ret, value, index; -+ int buffer_len; - - /* - * Process certain standard device requests. -@@ -580,6 +581,13 @@ static int usb_host_handle_control(USBHostDevice *s, USBPacket *p) - - /* The rest are asynchronous */ - -+ buffer_len = 8 + s->ctrl.len; -+ if (buffer_len > sizeof(s->ctrl.buffer)) { -+ fprintf(stderr, "husb: ctrl buffer too small (%u > %lu)\n", -+ buffer_len, sizeof(s->ctrl.buffer)); -+ return USB_RET_STALL; -+ } -+ - aurb = async_alloc(); - aurb->hdev = s; - aurb->packet = p; -@@ -596,7 +604,7 @@ static int usb_host_handle_control(USBHostDevice *s, USBPacket *p) - urb->endpoint = p->devep; - - urb->buffer = &s->ctrl.req; -- urb->buffer_length = 8 + s->ctrl.len; -+ urb->buffer_length = buffer_len; - - urb->usercontext = s; - --- -1.6.2.5 - diff --git a/qemu.spec b/qemu.spec index 112f6f8..b394572 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,7 +1,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu -Version: 0.11.0 -Release: 13%{?dist} +Version: 0.12.3 +Release: 1%{?dist} # Epoch because we pushed a qemu-1.0 package Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD @@ -24,52 +24,13 @@ Source6: ksmtuned.init Source7: ksmtuned Source8: ksmtuned.conf -# Not upstream, why? -Patch01: qemu-bios-bigger-roms.patch - -# Works around broken linux-user build on ppc -Patch02: qemu-fix-linux-user-build-on-ppc.patch - -# Allow the pulseudio backend to be the default -Patch03: qemu-allow-pulseaudio-to-be-the-default.patch - -# Add KSM support - see https://fedoraproject.org/wiki/Features/KSM -Patch04: qemu-add-ksm-support.patch - -# Fix issue causing NIC hotplug confusion when no model is specified (#524022) -Patch05: qemu-correctly-free-nic-info-structure.patch - -# Do not exit during PCI hotplug when an invalid NIC model is passed (#524022) -Patch06: qemu-do-not-exit-on-pci-hotplug-invalid-nic1.patch -Patch07: qemu-do-not-exit-on-pci-hotplug-invalid-nic2.patch - -# Improve error reporting on file access -Patch08: qemu-improve-error-reporting-on-file-access.patch - -# Fix fs errors with virtio and qcow2 backing file (#524734) -Patch09: qemu-fix-qcow2-backing-file-with-virtio.patch - -# Fix potential segfault from too small MSR_COUNT (#528901) -Patch10: qemu-fix-msr-count-potential-segfault.patch - -# Properly save kvm time registers (#524229) -Patch11: qemu-properly-save-kvm-system-time-registers.patch - -# Fix dropped packets with non-virtio NICs (#531419) -Patch12: qemu-fix-dropped-packets-with-non-virtio-nics.patch - -# Fix buffer overflow in usb-linux.c (#546483) -Patch13: qemu-usb-linux-fix-buffer-overflow.patch - -# Fix a use-after-free crasher in the slirp code (#539583) -Patch14: qemu-slirp-use-after-free.patch - -# Fix overflow in the parallels image format support (#533573) -Patch15: qemu-parallels-image-format-overflow.patch +Patch01: 0001-block-avoid-creating-too-large-iovecs-in-multiwrite_.patch +Patch02: 0002-migration-Clear-fd-also-in-error-cases.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel -BuildRequires: rsync dev86 iasl +BuildRequires: libaio-devel +BuildRequires: rsync BuildRequires: pciutils-devel BuildRequires: pulseaudio-libs-devel BuildRequires: ncurses-devel @@ -155,7 +116,7 @@ Requires: %{name}-common = %{epoch}:%{version}-%{release} Provides: kvm = 85 Obsoletes: kvm < 85 Requires: vgabios -Requires: bochs-bios >= 2.3.8-0.8 +Requires: seabios Requires: /usr/share/gpxe/e1000-0x100e.rom Requires: /usr/share/gpxe/rtl8029.rom Requires: /usr/share/gpxe/pcnet32.rom @@ -256,19 +217,6 @@ such as kvmtrace and kvm_stat. %patch01 -p1 %patch02 -p1 -%patch03 -p1 -%patch04 -p1 -%patch05 -p1 -%patch06 -p1 -%patch07 -p1 -%patch08 -p1 -%patch09 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 %build # --build-id option is used fedora 8 onwards for giving info to the debug packages. @@ -385,7 +333,7 @@ pxe_link rtl8139 rtl8139 pxe_link virtio virtio-net ln -s ../vgabios/VGABIOS-lgpl-latest.bin %{buildroot}/%{_datadir}/%{name}/vgabios.bin ln -s ../vgabios/VGABIOS-lgpl-latest.cirrus.bin %{buildroot}/%{_datadir}/%{name}/vgabios-cirrus.bin -ln -s ../bochs/BIOS-bochs-kvm %{buildroot}/%{_datadir}/%{name}/bios.bin +ln -s ../seabios/bios.bin %{buildroot}/%{_datadir}/%{name}/bios.bin ln -s ../openbios/openbios-ppc %{buildroot}/%{_datadir}/%{name}/openbios-ppc ln -s ../openbios/openbios-sparc32 %{buildroot}/%{_datadir}/%{name}/openbios-sparc32 ln -s ../openbios/openbios-sparc64 %{buildroot}/%{_datadir}/%{name}/openbios-sparc64 @@ -490,7 +438,9 @@ fi %{_bindir}/qemu %{_bindir}/qemu-system-x86_64 %{_datadir}/%{name}/bios.bin +%{_datadir}/%{name}/linuxboot.bin %{_datadir}/%{name}/multiboot.bin +%{_datadir}/%{name}/vapic.bin %{_datadir}/%{name}/vgabios.bin %{_datadir}/%{name}/vgabios-cirrus.bin %{_datadir}/%{name}/pxe-e1000.bin @@ -550,6 +500,11 @@ fi %{_mandir}/man1/qemu-img.1* %changelog +* Wed Mar 10 2010 Justin M. Forbes - 2:0.12.3-1 +- Update to 0.12.3 upstream +- Require seabios +- Migration clear the fd in error cases (#518032) + * Wed Jan 20 2010 Justin M. Forbes - 2:0.11.0-13 - Re-enable preadv/pwritev support (#545006) - Fix buffer overflow in usb-linux.c (#546483) diff --git a/sources b/sources index 4545a9d..c17d439 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -440837a062967102a68e634d57eaf719 qemu-kvm-0.11.0.tar.gz +ab484975004f66fb48cb5589bd9b9dcb qemu-kvm-0.12.3.tar.gz