| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
4) CVE-2013-4529
hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is
too large
There are two issues in this file:
1. log_max from remote can be larger than on local
then buffer will overrun with data coming from state file.
2. log_num can be larger then we get data corruption
again with an overflow but not adversary controlled.
Fix both issues.
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4527 hw/timer/hpet.c buffer overrun
hpet is a VARRAY with a uint8 size but static array of 32
To fix, make sure num_timers is valid using VMSTATE_VALID hook.
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4526
Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So
we use the old version of ports to read the array but then allow any
value for ports. This can cause the code to overflow.
There's no reason to migrate ports - it never changes.
So just make sure it matches.
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in
virtio_load@hw/virtio/virtio.c
So we have this code since way back when:
num = qemu_get_be32(f);
for (i = 0; i < num; i++) {
vdev->vq[i].vring.num = qemu_get_be32(f);
array of vqs has size VIRTIO_PCI_QUEUE_MAX, so
on invalid input this will write beyond end of buffer.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in
virtio_net_load()@hw/net/virtio-net.c
This code is in hw/net/virtio-net.c:
if (n->max_queues > 1) {
if (n->max_queues != qemu_get_be16(f)) {
error_report("virtio-net: different max_queues ");
return -1;
}
n->curr_queues = qemu_get_be16(f);
for (i = 1; i < n->curr_queues; i++) {
n->vqs[i].tx_waiting = qemu_get_be32(f);
}
}
Number of vqs is max_queues, so if we get invalid input here,
for example if max_queues = 2, curr_queues = 3, we get
write beyond end of the buffer, with data that comes from
wire.
This might be used to corrupt qemu memory in hard to predict ways.
Since we have lots of function pointers around, RCE might be possible.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
'remotes/pmaydell/tags/pull-target-arm-20140501' into staging
target-arm queue:
* implement XScale cache lockdown cp15 ops
* fix v7M CPUID base register
* implement WFE and YIELD as yields for A64
* fix A64 "BLR LR"
* support Cortex-A57 in virt machine model
* a few other minor AArch64 bugfixes
# gpg: Signature made Thu 01 May 2014 15:42:17 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20140501:
hw/arm/virt: Add support for Cortex-A57
hw/arm/virt: Put GIC register banks on 64K boundaries
hw/arm/virt: Create the GIC ourselves rather than (ab)using a15mpcore_priv
target-arm: Correct a comment refering to EL0
target-arm: A64: Fix a typo when declaring TLBI ops
target-arm: A64: Handle blr lr
target-arm: Make vbar_write 64bit friendly on 32bit hosts
target-arm: implement WFE/YIELD as a yield for AArch64
armv7m_nvic: fix CPUID Base Register
target-arm: Implement XScale cache lockdown operations as NOPs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Support the Cortex-A57 in the virt machine model.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-4-git-send-email-peter.maydell@linaro.org
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For an AArch64 CPU which supports 64K pages, having the GIC
register banks at 4K offsets is potentially awkward. Move
them out to being at 64K offsets. (This is harmless for
AArch32 CPUs and for AArch64 CPUs with 4K pages, so it is simpler
to use the same offsets everywhere than to try to use 64K offsets
only for AArch64 host CPUs.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-3-git-send-email-peter.maydell@linaro.org
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rather than having the virt machine model create an a15mpcore_priv
device regardless of the actual CPU type in order to instantiate the GIC,
move to having the machine model create the GIC directly. This
corresponds to a system which uses a standalone GIC (eg the GIC-400)
rather than the one built in to the CPU core.
The primary motivation for this is to support the Cortex-A57,
which for a KVM configuration will use a GICv2, which is not
built into the CPU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1398362083-17737-2-git-send-email-peter.maydell@linaro.org
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
cp15.c0_cpuid is never initialized for ARMv7-M; take the value directly
from cpu->midr instead.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Message-id: 1398036308-32166-1-git-send-email-rabin@rab.in
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add helpers for enabling kvm capabilities and convert the existing
s390x and ppc users to use them.
# gpg: Signature made Wed 30 Apr 2014 14:48:45 BST using RSA key ID C6F02FAF
# gpg: Can't check signature: public key not found
* remotes/cohuck/tags/kvm_cap_helpers:
ppc: use kvm_vcpu_enable_cap()
s390x: use kvm_vcpu_enable_cap()
kvm: add kvm_{vm,vcpu}_enable_cap
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Convert existing users of KVM_ENABLE_CAP to new helper.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
|
| |\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
vga: add secondary stdvga variant
# gpg: Signature made Mon 28 Apr 2014 10:11:44 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-vga-2:
add secondary-vga to display-vga test
add display-vga test
vga: add secondary stdvga variant
vga: allow non-global vmstate
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a standard vga variant which doesn't occupy any legacy
resources and thus can easily be used as secondary (or legacy-free)
graphics adapter. Programming must be done using the MMIO bar.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Need a way to opt-out from vga.vram being global vmstate, for
secondary vga cards. Add a bool parameter to vga_common_init
to support this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| | |
They don't advertise mixer support, but still allow the guest change
mixer settings. Add a check to avoid it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
into staging
trivial patches for 2014-04-28
# gpg: Signature made Mon 28 Apr 2014 05:56:01 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 6F67 E18E 7C91 C5B1 5514 66A7 BEE5 9D74 A4C3 D7DB
* remotes/mjt/tags/trivial-patches-2014-04-28:
slirp/smb: Move ncalrpc directory to tmp
po: add proper Language: tags to .po files
po/Makefile: fix $SRC_PATH reference
init_paths: fix minor memory leak
virtfs-proxy-helper: fix call to accept
net/net.c: remove unnecessary semicolon
Add QEMU logo (SVG file)
vl: avoid closing stdout with 'writeconfig'
xilinx: Fix typo in comment (Marvel -> Marvell)
vl: Eliminate a superfluous local variable
vl: Remove useless 'continue'
gitignore: cleanups #2
tests/.gitignore: Ignore test-rfifolock
move test-* from .gitignore to tests/.gitignore
configure: Improve help behavior
vl: convert -m to QemuOpts
qemu-option: introduce qemu_find_opts_singleton
misc: Use cpu_physical_memory_read and cpu_physical_memory_write
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
These functions don't need type casts (as does cpu_physical_memory_rw)
and also make the code better readable.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* remotes/qmp-unstable/queue/qmp:
monitor: fix qmp_getfd() fd leak in error case
HMP: support specifying dump format for dump-guest-memory
HMP: fix doc of dump-guest-memory
qmp: object-add: Validate class before creating object
monitor: Add device_add and device_del completion.
monitor: Add command_completion callback to mon_cmd_t.
monitor: Fix drive_del id argument type completion.
error: Remove some unused headers
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
qerror.h: Remove QERR defines that are only used once
qerror.h: Remove unused error classes
error: Print error_report() to stderr if using qmp
monitor: Remove unused monitor_print_filename
error: Privatize error_print_loc
vnc: Remove default_mon usage
slirp: Remove default_mon usage
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Just hardcode them in the callers
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
staging
Net patches
# gpg: Signature made Fri 25 Apr 2014 15:07:31 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
net: Don't use error_is_set() to suppress additional errors
net: Make qmp_query_rx_filter() with name argument more obvious
net: xilinx_axienet.c: Add phy soft reset bit clearing
net/net.c: Remove unnecessary semicolon
pcnet: remove duplicate assignment
tap: Avoid extra iterations while closing file fd
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clear the BMCR Reset when writing to registers.
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
[ PC:
* Trivial style fixes to commit message
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Prasad Joshi <prasadjoshi.linux@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Block patches
# gpg: Signature made Wed 23 Apr 2014 11:02:29 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
block/cloop: use PRIu32 format specifier for uint32_t
vmdk: Fix "%x" to PRIx32 in format strings for cid
qemu-img: Improve error messages
qemu-iotests: Check common namespace for id and node-name
block: Catch duplicate IDs in bdrv_new()
qemu-img: Avoid duplicate block device IDs
block: Add errp to bdrv_new()
convert fprintf() calls to error_setg() in block/qed.c:bdrv_qed_create()
block: Remove -errno return value from bdrv_assign_node_name
curl: Replaced old error handling with error reporting API.
block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap
vmdk: Fix %d and %lld to PRI* in format strings
block: Check bdrv_getlength() return value in bdrv_make_zero()
block: Catch integer overflow in bdrv_rw_co()
block: Limit size to INT_MAX in bdrv_check_byte_request()
block: Fix nb_sectors check in bdrv_check_byte_request()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds an errp parameter to bdrv_new() and updates all its
callers. The next patches will make use of this in order to check for
duplicate IDs. Most of the callers know that their ID is fine, so they
can simply assert that there is no error.
Behaviour doesn't change with this patch yet as bdrv_new() doesn't
actually assign errors to errp.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
usb: mtp filesharing
# gpg: Signature made Wed 23 Apr 2014 09:28:37 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-5:
usb: mtp filesharing
usb: add CompatibleID support to msos
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Implementation of a USB Media Transfer Device device for easy
filesharing. Read-only. No access control inside qemu, it will
happily export any file it is able to open to the guest, i.e.
standard unix access rights for the qemu process apply.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| | |/
| |
| |
| | |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
| |/
|
|
|
|
|
|
| |
Add U suffix to avoid shifting left into the sign bit, which
is undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
| |
|
|
|
|
|
|
|
|
| |
Phys must respond to address 0 by specification. Implement.
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 6f4d53b04ddbfb19895bfb61a595e69f1c08859a.1396594056.git.peter.crosthwaite@xilinx.com
Reviewed-by: Beniamino Galvani <b.galvani@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
| |
Change the DB_PRINT macro over to a regular if() rather than
conditional compilation to give constant compile testing of formats.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 942477847353c5cff5f45a228cc88c633dc012f3.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
| |
To bring it up to date with styling guidelines.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 2e837af80a18216c21e73241032e048f39d78b99.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Near total rewrite of this device model. It is stylistically
obsolete, has numerous coverity fails and is not up to date with latest
Xilinx documentation. Fix.
The registers are flattened into a single array. This greatly simplifies
the MMIO accessor functions.
We take the oppurtunity to update the register Macro definitions to
match the latest TRM. Xilinx has de-documented some regs hence there are
some straight deletions. We only do this however in the case or a stock
read-as-written reset-zero register. Non-zero resets are always
preserved. New register definitions are added as needed.
This all comes with a VMSD version break as the union layout from before
was a bit strange and we are better off without it.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 3aa016167b352ed224666909217137285fd3351d.1396503037.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
| |
The irq line status must be updated after writes to the INT_CTL and
INT_STA registers.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-8-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
| |
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-7-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This implements the prescaler and source fields of the timer control
register. The source for each timer can be selected among 4 clock
inputs whose frequencies are set through model properties.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-6-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
| |
Convert the interrupt generation logic to the use of level triggered
interrupts.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-5-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The model was generating interrupts for all enabled timers after the
expiration of one of them. Avoid this by passing explicitly the timer
index to the callback function.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Li Guang <lig.fnst@cn.fujitsu.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-4-git-send-email-b.galvani@gmail.com
[PMM: avoid duplicate typedef of AwA10PITState]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The pending register is read-only and the value returned upon a read
reflects the state of irq input pins (interrupts are level triggered).
This patch implements such behaviour.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Li Guang <lig.fnst@cn.fujitsu.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1395771730-16882-3-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements proper updating of the vector register which
should hold, according to the A10 user manual, the vector address for
the interrupt currently active on the CPU IRQ input.
Interrupt priority is not implemented at the moment and thus the first
pending interrupt is returned.
Signed-off-by: Beniamino Galvani <b.galvani@gmail.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Li Guang <lig.fnst@cn.fujitsu.com>
Message-id: 1395771730-16882-2-git-send-email-b.galvani@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
| |
This switch logic should not fall through. Fix.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 74147b4c017c904364955cc73107f90e6ac8ba74.1396326389.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
acpi: SSDT update
This has a fix by Igor for a regression introduced by
bridge hotplug code.
Expected test files were updated accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 14 Apr 2014 13:13:35 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
acpi-test: update expected files
acpi: fix incorrect encoding for 0x{F-1}FFFF
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix typo in build_append_int() which causes integer
truncation when it's in range 0x{F-1}FFFF by packing it
as WordConst instead of required DWordConst.
In partucular this fixes a regression: hotplug in slots 16,17,18 and 19
didn't work, since SSDT had code like this:
If (And (Arg0, 0x0000))
{
Notify (S80, Arg1)
}
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SMART self test counter was incorrectly being reset to zero,
not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE:
* We would write off the beginning of a dynamically allocated buffer
* We forgot the SMART history
Fix this.
Signed-off-by: Benoit Canet <benoit@irqsave.net>
Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Acked-by: Kevin Wolf <kwolf@redhat.com>
[PMM: tweaked commit message as per suggestions from Markus]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-5-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-4-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-3-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4544
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1396604722-11902-2-git-send-email-dmitry@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
