Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches for 2.11.0-rc3
# gpg: Signature made Wed 29 Nov 2017 15:25:13 GMT
# gpg: using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream:
block/nfs: fix nfs_client_open for filesize greater than 1TB
blockjob: reimplement block_job_sleep_ns to allow cancellation
blockjob: introduce block_job_do_yield
blockjob: remove clock argument from block_job_sleep_ns
block: Expect graph changes in bdrv_parent_drained_begin/end
blockjob: Remove the job from the list earlier in block_job_unref()
QAPI & interop: Clarify events emitted by 'block-job-cancel'
qemu-options: Mention locking option of file driver
docs: Add image locking subsection
iotests: fix 075 and 078
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 150fd07..38674b0 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -288,7 +288,8 @@
qemu_bh_cancel(q->tx_bh);
}
if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
- (queue_status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ (queue_status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ vdev->vm_running) {
/* if tx is waiting we are likely have some packets in tx queue
* and disabled notification */
q->tx_waiting = 0;
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 4d0a84f..9efddea 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1373,6 +1373,8 @@
DIRTY_HPTE(HPTE(spapr->htab, i));
}
}
+ /* We're setting up a hash table, so that means we're not radix */
+ spapr->patb_entry = 0;
}
void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr)
@@ -1392,8 +1394,6 @@
spapr->rma_size = kvmppc_rma_size(spapr_node0_size(MACHINE(spapr)),
spapr->htab_shift);
}
- /* We're setting up a hash table, so that means we're not radix */
- spapr->patb_entry = 0;
}
static void find_unknown_sysbus_device(SysBusDevice *sbdev, void *opaque)
diff --git a/nbd/server.c b/nbd/server.c
index 7d6801b..92c0fdd 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -386,6 +386,10 @@
msg = "name length is incorrect";
goto invalid;
}
+ if (namelen >= sizeof(name)) {
+ msg = "name too long for qemu";
+ goto invalid;
+ }
if (nbd_read(client->ioc, name, namelen, errp) < 0) {
return -EIO;
}
@@ -673,6 +677,12 @@
}
length = be32_to_cpu(length);
+ if (length > NBD_MAX_BUFFER_SIZE) {
+ error_setg(errp, "len (%" PRIu32" ) is larger than max len (%u)",
+ length, NBD_MAX_BUFFER_SIZE);
+ return -EINVAL;
+ }
+
trace_nbd_negotiate_options_check_option(option,
nbd_opt_lookup(option));
if (client->tlscreds &&
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 384caee..24117e8 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -237,9 +237,11 @@
#if defined(TARGET_PPC64)
if (cpu->compat_pvr) {
+ uint32_t compat_pvr = cpu->compat_pvr;
Error *local_err = NULL;
- ppc_set_compat(cpu, cpu->compat_pvr, &local_err);
+ cpu->compat_pvr = 0;
+ ppc_set_compat(cpu, compat_pvr, &local_err);
if (local_err) {
error_report_err(local_err);
return -1;
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 8b75541..a1cf47e 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1079,6 +1079,9 @@
SocketAddress *addr;
addr = socket_local_address(fd, errp);
+ if (!addr) {
+ return;
+ }
if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
&& addr->u.q_unix.path) {