1. 23 Nov, 2014 1 commit
    • Michael S. Tsirkin's avatar
      qemu-char: fix tcp_get_fds · c4095726
      Michael S. Tsirkin authored
      tcp_get_fds API discards fds if there's more than 1 of these.
      It's tricky to fix this without API changes in the generic case.
      However, this API is only used by tests ATM, and tests know how
      many fds they expect.
      So let's not waste cycles trying to fix this properly:
      simply assume at most 16 fds (tests use at most 8 now).
      assert if some test tries to get more.
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
  2. 21 Nov, 2014 8 commits
  3. 20 Nov, 2014 7 commits
  4. 18 Nov, 2014 19 commits
  5. 17 Nov, 2014 5 commits
    • Peter Maydell's avatar
      target-arm: handle address translations that start at level 3 · d6be29e3
      Peter Maydell authored
      The ARMv8 address translation system defines that a page table walk
      starts at a level which depends on the translation granule size
      and the number of bits of virtual address that need to be resolved.
      Where the translation granule is 64KB and the guest sets the
      TCR.TxSZ field to between 35 and 39, it's actually possible to
      start at level 3 (the final level). QEMU's implementation failed
      to handle this case, and so we would set level to 2 and behave
      incorrectly (including invoking the C undefined behaviour of
      shifting left by a negative number). Correct the code that
      determines the starting level to deal with the start-at-3 case,
      by replacing the if-else ladder with an expression derived from
      the ARM ARM pseudocode version.
      This error was detected by the Coverity scan, which spotted
      the potential shift by a negative number.
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      Message-id: 1415890569-7454-1-git-send-email-peter.maydell@linaro....
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging · 1aba4be9
      Peter Maydell authored
      A smattering of fixes for problems that Coverity reported.
      # gpg: Signature made Mon 17 Nov 2014 17:03:25 GMT using RSA key ID 78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
      # gpg: WARNING: This key is not certified with sufficiently trusted signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
      #      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83
      * remotes/bonzini/tags/for-upstream:
        hcd-musb: fix dereference null return value
        target-cris/translate.c: fix out of bounds read
        shpc: fix error propaagation
        qemu-char: fix MISSING_COMMA
        acl: fix memory leak
        nvme: remove superfluous check
        loader: fix NEGATIVE_RETURNS
        qga: fix false negative argument passing
        mips_mipssim: fix use-after-free for filename
        l2tpv3: fix fd leak
        l2tpv3: fix possible double free
        libcacard: fix resource leak
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
    • Paolo Bonzini's avatar
      hcd-musb: fix dereference null return value · a9be7657
      Paolo Bonzini authored
      usb_ep_get and usb_handle_packet can deal with a NULL device, but we have
      to avoid dereferencing NULL pointers when building the id.
      Thanks to Gonglei for an initial stab at fixing this.
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging · d8edf52a
      Peter Maydell authored
      Update OpenBIOS images
      # gpg: Signature made Sat 15 Nov 2014 13:12:02 GMT using RSA key ID AE0F321F
      # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
      * remotes/mcayland/tags/qemu-openbios-signed:
        Update OpenBIOS images
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
    • zhanghailiang's avatar
      target-cris/translate.c: fix out of bounds read · fae38221
      zhanghailiang authored
      In function t_gen_mov_TN_preg and t_gen_mov_preg_TN, The begin check about the
      validity of in-parameter 'r' is useless. We still access cpu_PR[r] in the
      follow code if it is invalid. Which will be an out-of-bounds read error.
      Fix it by using assert() to ensure it is valid before using it.
      Signed-off-by: default avatarzhanghailiang <zhang.zhanghailiang@huawei.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>