Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2019-06-11-v3' into staging

Miscellaneous patches for 2019-06-11

# gpg: Signature made Wed 12 Jun 2019 12:20:41 BST
# gpg:

Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2019-06-11-v3' into staging

Miscellaneous patches for 2019-06-11

# gpg: Signature made Wed 12 Jun 2019 12:20:41 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-misc-2019-06-11-v3:
MAINTAINERS: Polish headline decorations
MAINTAINERS: Improve section headlines
MAINTAINERS: Remove duplicate entries of qemu-devel@nongnu.org
Clean up a header guard symbols (again)
Supply missing header guards
Clean up a few header guard symbols
scripts/clean-header-guards: Fix handling of trailing comments
Normalize position of header guard
Include qemu-common.h exactly where needed
Include qemu/module.h where needed, drop it from qemu-common.h
qemu-common: Move qemu_isalnum() etc. to qemu/ctype.h
qemu-common: Move tcg_enabled() etc. to sysemu/tcg.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Include qemu/module.h where needed, drop it from qemu-common.h

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-4-armbru@redhat.com>
[Rebased with conflicts res

Include qemu/module.h where needed, drop it from qemu-common.h

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-4-armbru@redhat.com>
[Rebased with conflicts resolved automatically, except for
hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c
hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c;
ui/cocoa.m fixed up]

show more ...

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180903-pull-request' into staging

vga: virtio reset fix, virtio iommu support.

# gpg: Signature made Mon 03 Sep 2018 07:57:32 BST
# gpg:

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180903-pull-request' into staging

vga: virtio reset fix, virtio iommu support.

# gpg: Signature made Mon 03 Sep 2018 07:57:32 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180903-pull-request:
virtio-gpu: add iommu support
virtio-gpu: pass down VirtIOGPU pointer to a bunch of functions
use dpy_gfx_update_full
Revert "virtio-gpu: fix crashes upon warm reboot with vga mode"
virtio-vga: fix reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

use dpy_gfx_update_full

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20180810132856.22833-1-kraxel@redhat.com

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180703-pull-request' into staging

vga: disable global_vmstate, virtio-gpu scanout tracking fixes.

# gpg: Signature made Tue 03 Jul 2018 10:44

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180703-pull-request' into staging

vga: disable global_vmstate, virtio-gpu scanout tracking fixes.

# gpg: Signature made Tue 03 Jul 2018 10:44:56 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180703-pull-request:
vga: disable global_vmstate for 3.0+ machine types
virtio-gpu: disable scanout when backing resource is destroyed
virtio-gpu: update old resource too.
virtio-gpu: tweak scanout disable.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
# hw/display/qxl.c
# hw/display/vga-isa-mm.c

show more ...

vga: disable global_vmstate for 3.0+ machine types

Move global_vmstate from vga_common_init() parameter to VGACommonState
field. Set global_vmstate to true for isa vga devices, so nothing
changes h

vga: disable global_vmstate for 3.0+ machine types

Move global_vmstate from vga_common_init() parameter to VGACommonState
field. Set global_vmstate to true for isa vga devices, so nothing
changes here. virtio-vga and secondary-vga already set global_vmstate
to false so no change here either. All other pci vga devices get a new
global-vmstate property, defaulting to false. A compat property flips
it to true for older machine types.

With this in place you don't get a vmstate section naming conflict any
more when adding multiple pci vga devices to your vm.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20180702163345.17892-1-kraxel@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* IEC units series (Philippe)
* Hyper-V PV TLB flush (Vitaly)
* git archive detection (Daniel)
* host serial passthrough

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* IEC units series (Philippe)
* Hyper-V PV TLB flush (Vitaly)
* git archive detection (Daniel)
* host serial passthrough fix (David)
* NPT support for SVM emulation (Jan)
* x86 "info mem" and "info tlb" fix (Doug)

# gpg: Signature made Mon 02 Jul 2018 16:18:21 BST
# gpg: using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (50 commits)
tcg: simplify !CONFIG_TCG handling of tb_invalidate_*
i386/monitor.c: make addresses canonical for "info mem" and "info tlb"
target-i386: Add NPT support
serial: Open non-block
bsd-user: Use the IEC binary prefix definitions
linux-user: Use the IEC binary prefix definitions
tests/crypto: Use the IEC binary prefix definitions
vl: Use the IEC binary prefix definitions
monitor: Use the IEC binary prefix definitions
cutils: Do not include "qemu/units.h" directly
hw/rdma: Use the IEC binary prefix definitions
hw/virtio: Use the IEC binary prefix definitions
hw/vfio: Use the IEC binary prefix definitions
hw/sd: Use the IEC binary prefix definitions
hw/usb: Use the IEC binary prefix definitions
hw/net: Use the IEC binary prefix definitions
hw/i386: Use the IEC binary prefix definitions
hw/ppc: Use the IEC binary prefix definitions
hw/mips: Use the IEC binary prefix definitions
hw/mips/r4k: Constify params_size
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

hw/display: Use the IEC binary prefix definitions

It eases code review, unit is explicit.

Patch generated using:

$ git grep -E '(1024|2048|4096|8192|(<<|>>).?(10|20|30))' hw/ include/hw/

and mo

hw/display: Use the IEC binary prefix definitions

It eases code review, unit is explicit.

Patch generated using:

$ git grep -E '(1024|2048|4096|8192|(<<|>>).?(10|20|30))' hw/ include/hw/

and modified manually.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20180625124238.25339-15-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge remote-tracking branch 'origin/master' into HEAD

Resolve conflicts around apb.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging

trivial patches for 2017-12-18

# gpg: Signature made Mon 18 Dec 2017 14:08:51 GMT
# gpg: using RSA

Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into staging

trivial patches for 2017-12-18

# gpg: Signature made Mon 18 Dec 2017 14:08:51 GMT
# gpg: using RSA key 0x701B4F6B1A693E59
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5
# Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59

* remotes/mjt/tags/trivial-patches-fetch: (60 commits)
misc: drop old i386 dependency
i386/pc: move vmmouse.c to hw/i386/
i386/pc: move vmport.c to hw/i386/
hw/misc/pvpanic: extract public API from i386/pc to "hw/misc/pvpanic.h"
hw/net/ne2000: extract ne2k-isa code from i386/pc to ne2000-isa.c
hw/display/vga: extract public API from i386/pc to "hw/display/vga.h"
hw/display/vga: "vga_int.h" requires "ui/console.h"
hw/display/vga: "vga.h" only contains registers defs, rename it "vga_regs.h"
hw/acpi/ich9: extract ACPI_PM_PROP_TCO_ENABLED from i386/pc
hw/acpi: ACPI_PM_* defines are not restricted to i386 arch
hw/timer/mc146818: rename rtc_init() -> mc146818_rtc_init()
hw/timer/i8254: rename pit_init() -> i8254_pit_init()
hw/unicore32: restrict hw addr defines to source file
hw/virtio-balloon: remove old i386 dependency
hw/tpm: remove old i386 dependency
hw/i2c: remove old i386 dependency
hw/ipmi: remove old i386 dependency
hw/ide: remove old i386 dependency
misc: remove old i386 dependency
amd_iommu: avoid needless includes in header file
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

hw/display/vga: "vga_int.h" requires "ui/console.h"

since The VGACommonState struct has a GraphicHwOps *hw_ops member,
then remove the now unnecessary includes.

Signed-off-by: Philippe Mathieu-Daud

hw/display/vga: "vga_int.h" requires "ui/console.h"

since The VGACommonState struct has a GraphicHwOps *hw_ops member,
then remove the now unnecessary includes.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20171110-pull-request' into staging

vga: bugfixes for 2.11

# gpg: Signature made Fri 10 Nov 2017 13:26:30 GMT
# gpg: using RSA k

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20171110-pull-request' into staging

vga: bugfixes for 2.11

# gpg: Signature made Fri 10 Nov 2017 13:26:30 GMT
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20171110-pull-request:
vmsvga: use ARRAY_SIZE macro
vga: fix region checks in wraparound case
virtio-gpu: fix bug in host memory calculation.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

vmsvga: use ARRAY_SIZE macro

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170718061005.29518

vmsvga: use ARRAY_SIZE macro

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170718061005.29518-23-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, pci, virtio: fixes, features

A bunch of fixes all over the place.
A new vmcore device - the user interface around it is

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, pci, virtio: fixes, features

A bunch of fixes all over the place.
A new vmcore device - the user interface around it is still somewhat
controversial, but I feel most of the code is fine, suggestions can be
addressed by adding patches on top.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Sun 15 Oct 2017 04:02:23 BST
# gpg: using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (26 commits)
tests/pxe: Test more NICs when running in SPEED=slow mode
pc: remove useless hot_add_cpu initialisation
isapc: Remove unnecessary migration compatibility code
virtio-pci: Replace modern_as with direct access to modern_bar
virtio: fix descriptor counting in virtqueue_pop
hw/gen_pcie_root_port: make IO RO 0 on IO disabled
pci: Validate interfaces on base_class_init
xen/pt: Mark TYPE_XEN_PT_DEVICE as hybrid
pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices
pci: Add INTERFACE_PCIE_DEVICE to all PCIe devices
pci: Add interface names to hybrid PCI devices
pci: conventional-pci-device and pci-express-device interfaces
PCI: PCIe access should always be little endian
virtio/pci/migration: Convert to VMState
hw/pci-bridge/pcie_pci_bridge: properly handle MSI unavailability case
pci: allow 32-bit PCI IO accesses to pass through the PCI bridge
virtio/vhost: reset dev->log after syncing
MAINTAINERS: add Dump maintainers
scripts/dump-guest-memory.py: add vmcoreinfo
kdump: set vmcoreinfo location
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices

Add INTERFACE_CONVENTIONAL_PCI_DEVICE to all direct subtypes of
TYPE_PCI_DEVICE, except:

1) The ones that already have INTERFA

pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices

Add INTERFACE_CONVENTIONAL_PCI_DEVICE to all direct subtypes of
TYPE_PCI_DEVICE, except:

1) The ones that already have INTERFACE_PCIE_DEVICE set:

* base-xhci
* e1000e
* nvme
* pvscsi
* vfio-pci
* virtio-pci
* vmxnet3

2) base-pci-bridge

Not all PCI bridges are Conventional PCI devices, so
INTERFACE_CONVENTIONAL_PCI_DEVICE is added only to the subtypes
that are actually Conventional PCI:

* dec-21154-p2p-bridge
* i82801b11-bridge
* pbm-bridge
* pci-bridge

The direct subtypes of base-pci-bridge not touched by this patch
are:

* xilinx-pcie-root: Already marked as PCIe-only.
* pcie-pci-bridge: Already marked as PCIe-only.
* pcie-port: all non-abstract subtypes of pcie-port are already
marked as PCIe-only devices.

3) megasas-base

Not all megasas devices are Conventional PCI devices, so the
interface names are added to the subclasses registered by
megasas_register_types(), according to information in the
megasas_devices[] array.

"megasas-gen2" already implements INTERFACE_PCIE_DEVICE, so add
INTERFACE_CONVENTIONAL_PCI_DEVICE only to "megasas".

Acked-by: Alberto Garcia <berto@igalia.com>
Acked-by: John Snow <jsnow@redhat.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

hw: Use new memory_region_init_{ram, rom, rom_device}() functions

Use the new functions memory_region_init_{ram,rom,rom_device}()
instead of manually calling the _nomigrate() version and then
vmstat

hw: Use new memory_region_init_{ram, rom, rom_device}() functions

Use the new functions memory_region_init_{ram,rom,rom_device}()
instead of manually calling the _nomigrate() version and then
vmstate_register_ram_global().

Patch automatically created using coccinelle script:
spatch --in-place -sp_file scripts/coccinelle/memory-region-init-ram.cocci -dir hw

(As it turns out, there are no instances of the rom and
rom_device functions that are caught by this script.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1499438577-7674-8-git-send-email-peter.maydell@linaro.org

show more ...

memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate()

Rename memory_region_init_ram() to memory_region_init_ram_nomigrate().
This leaves the way clear for us to provide a mem

memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate()

Rename memory_region_init_ram() to memory_region_init_ram_nomigrate().
This leaves the way clear for us to provide a memory_region_init_ram()
which does handle migration.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1499438577-7674-4-git-send-email-peter.maydell@linaro.org

show more ...

vmstate: error hint for failed equal checks

In some cases a failing VMSTATE_*_EQUAL does not mean we detected a bug,
but it's actually the best we can do. Especially in these cases a verbose
error m

vmstate: error hint for failed equal checks

In some cases a failing VMSTATE_*_EQUAL does not mean we detected a bug,
but it's actually the best we can do. Especially in these cases a verbose
error message is required.

Let's introduce infrastructure for specifying a error hint to be used if
equal check fails. Let's do this by adding a parameter to the _EQUAL
macros called _err_hint. Also change all current users to pass NULL as
last parameter so nothing changes for them.

Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>

Message-Id: <20170623144823.42936-1-pasic@linux.vnet.ibm.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

show more ...

vmsvga: fix vmsvga_update_display

Fix standard vga mode check: Both s->config and s->enabled must be set
to enable vmware command fifo processing.

Drop dirty tracking code from the fifo rendering

vmsvga: fix vmsvga_update_display

Fix standard vga mode check: Both s->config and s->enabled must be set
to enable vmware command fifo processing.

Drop dirty tracking code from the fifo rendering code path, it isn't
used anyway because vmsvga turns off dirty tracking when leaving
standard vga mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170421091632.30900-9-kraxel@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

show more ...

vmsvga: correct bitmap and pixmap size checks

When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
the computed BITMAP and PIXMAP size are checked against the
'cursor.mask[]' and 'cursor.i

vmsvga: correct bitmap and pixmap size checks

When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
the computed BITMAP and PIXMAP size are checked against the
'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
Correct these checks to avoid OOB memory access.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

show more ...

vmsvga: don't process more than 1024 fifo commands at once

vmsvga_fifo_run is called in regular intervals (on each display update)
and will resume where it left off. So we can simply exit the loop,

vmsvga: don't process more than 1024 fifo commands at once

vmsvga_fifo_run is called in regular intervals (on each display update)
and will resume where it left off. So we can simply exit the loop,
without having to worry about how processing will continue.

Fixes: CVE-2016-4453
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-5-git-send-email-kraxel@redhat.com

show more ...

vmsvga: shadow fifo registers

The fifo is normal ram. So kvm vcpu threads and qemu iothread can
access the fifo in parallel without syncronization. Which in turn
implies we can't use the fifo poin

vmsvga: shadow fifo registers

The fifo is normal ram. So kvm vcpu threads and qemu iothread can
access the fifo in parallel without syncronization. Which in turn
implies we can't use the fifo pointers in-place because the guest
can try changing them underneath us. So add shadows for them, to
make sure the guest can't modify them after we've applied sanity
checks.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-4-git-send-email-kraxel@redhat.com

show more ...

vmsvga: add more fifo checks

Make sure all fifo ptrs are within range.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-

vmsvga: add more fifo checks

Make sure all fifo ptrs are within range.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-3-git-send-email-kraxel@redhat.com

show more ...

vmsvga: move fifo sanity checks to vmsvga_fifo_length

Sanity checks are applied when the fifo is enabled by the guest
(SVGA_REG_CONFIG_DONE write). Which doesn't help much if the guest
changes the

vmsvga: move fifo sanity checks to vmsvga_fifo_length

Sanity checks are applied when the fifo is enabled by the guest
(SVGA_REG_CONFIG_DONE write). Which doesn't help much if the guest
changes the fifo registers afterwards. Move the checks to
vmsvga_fifo_length so they are done each time qemu is about to read
from the fifo.

Fixes: CVE-2016-4454
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-2-git-send-email-kraxel@redhat.com

show more ...

include/qemu/osdep.h: Don't include qapi/error.h

Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its fi

include/qemu/osdep.h: Don't include qapi/error.h

Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.

Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.

Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.

This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...