Google Git
Sign in
fuchsia / third_party / qemu / 915308bc3f0f4815ba95b27f424edc96f7853278^2..915308bc3f0f4815ba95b27f424edc96f7853278 / .
commit915308bc3f0f4815ba95b27f424edc96f7853278[log] [tgz]
authorPeter Maydell <peter.maydell@linaro.org>Wed Nov 29 16:25:23 2017 +0000
committerPeter Maydell <peter.maydell@linaro.org>Wed Nov 29 16:25:23 2017 +0000
tree183bbb703c578b493215e3c9b9af4f233d02588c
parent844496f3e55a2155200fdcf7f6320acef03d4e9f [diff]
parent5591c001a1056910afd903df3fc3c03f30746623 [diff]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.11.0-rc3

# gpg: Signature made Wed 29 Nov 2017 15:25:13 GMT
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  block/nfs: fix nfs_client_open for filesize greater than 1TB
  blockjob: reimplement block_job_sleep_ns to allow cancellation
  blockjob: introduce block_job_do_yield
  blockjob: remove clock argument from block_job_sleep_ns
  block: Expect graph changes in bdrv_parent_drained_begin/end
  blockjob: Remove the job from the list earlier in block_job_unref()
  QAPI & interop: Clarify events emitted by 'block-job-cancel'
  qemu-options: Mention locking option of file driver
  docs: Add image locking subsection
  iotests: fix 075 and 078

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 150fd07..38674b0 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c

@@ -288,7 +288,8 @@
                 qemu_bh_cancel(q->tx_bh);
             }
             if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
-                (queue_status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+                (queue_status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+                vdev->vm_running) {
                 /* if tx is waiting we are likely have some packets in tx queue
                  * and disabled notification */
                 q->tx_waiting = 0;

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 4d0a84f..9efddea 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c

@@ -1373,6 +1373,8 @@
             DIRTY_HPTE(HPTE(spapr->htab, i));
         }
     }
+    /* We're setting up a hash table, so that means we're not radix */
+    spapr->patb_entry = 0;
 }
 
 void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr)
@@ -1392,8 +1394,6 @@
         spapr->rma_size = kvmppc_rma_size(spapr_node0_size(MACHINE(spapr)),
                                           spapr->htab_shift);
     }
-    /* We're setting up a hash table, so that means we're not radix */
-    spapr->patb_entry = 0;
 }
 
 static void find_unknown_sysbus_device(SysBusDevice *sbdev, void *opaque)

diff --git a/nbd/server.c b/nbd/server.c
index 7d6801b..92c0fdd 100644
--- a/nbd/server.c
+++ b/nbd/server.c

@@ -386,6 +386,10 @@
         msg = "name length is incorrect";
         goto invalid;
     }
+    if (namelen >= sizeof(name)) {
+        msg = "name too long for qemu";
+        goto invalid;
+    }
     if (nbd_read(client->ioc, name, namelen, errp) < 0) {
         return -EIO;
     }
@@ -673,6 +677,12 @@
         }
         length = be32_to_cpu(length);
 
+        if (length > NBD_MAX_BUFFER_SIZE) {
+            error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)",
+                       length, NBD_MAX_BUFFER_SIZE);
+            return -EINVAL;
+        }
+
         trace_nbd_negotiate_options_check_option(option,
                                                  nbd_opt_lookup(option));
         if (client->tlscreds &&

diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 384caee..24117e8 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c

@@ -237,9 +237,11 @@
 
 #if defined(TARGET_PPC64)
     if (cpu->compat_pvr) {
+        uint32_t compat_pvr = cpu->compat_pvr;
         Error *local_err = NULL;
 
-        ppc_set_compat(cpu, cpu->compat_pvr, &local_err);
+        cpu->compat_pvr = 0;
+        ppc_set_compat(cpu, compat_pvr, &local_err);
         if (local_err) {
             error_report_err(local_err);
             return -1;

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 8b75541..a1cf47e 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c

@@ -1079,6 +1079,9 @@
     SocketAddress *addr;
 
     addr = socket_local_address(fd, errp);
+    if (!addr) {
+        return;
+    }
 
     if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
         && addr->u.q_unix.path) {