Commit 30a9fd5d authored Dec 02, 2015 by Peter Maydell

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging



* exec.c use after free
* Xen 32-on-64 breakage
* missing EINTR
* naughty warning under qtest

# gpg: Signature made Wed 02 Dec 2015 12:13:55 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream:
  translate-all: ensure host page mask is always extended with 1's
  main-loop: suppress warnings under qtest
  qemu-char: retry g_poll on EINTR
  exec: Stop using memory after free

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

parents 9d7b969e 0c2d70c4

bsd-user/elfload.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -740,8 +740,7 @@ static void padzero(abi_ulong elf_bss, abi_ulong last_bss)
		size must be known */
		if (qemu_real_host_page_size < qemu_host_page_size) {
		abi_ulong end_addr, end_addr1;
		end_addr1 = (elf_bss + qemu_real_host_page_size - 1) &
		~(qemu_real_host_page_size - 1);
		end_addr1 = REAL_HOST_PAGE_ALIGN(elf_bss);
		end_addr = HOST_PAGE_ALIGN(elf_bss);
		if (end_addr1 < end_addr) {
		mmap((void *)g2h(end_addr1), end_addr - end_addr1,

exec.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -1064,9 +1064,11 @@ static uint16_t phys_section_add(PhysPageMap *map,

		static void phys_section_destroy(MemoryRegion *mr)
		{
		bool have_sub_page = mr->subpage;

		memory_region_unref(mr);

		if (mr->subpage) {
		if (have_sub_page) {
		subpage_t *subpage = container_of(mr, subpage_t, iomem);
		object_unref(OBJECT(&subpage->iomem));
		g_free(subpage);

include/exec/cpu-all.h

+5 −3

Original line number	Diff line number	Diff line
		@@ -174,11 +174,13 @@ extern unsigned long reserved_va;
		#define TARGET_PAGE_MASK ~(TARGET_PAGE_SIZE - 1)
		#define TARGET_PAGE_ALIGN(addr) (((addr) + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK)

		/* ??? These should be the larger of uintptr_t and target_ulong. */
		/* Using intptr_t ensures that qemu_*_page_mask is sign-extended even
		* when intptr_t is 32-bit and we are aligning a long long.
		*/
		extern uintptr_t qemu_real_host_page_size;
		extern uintptr_t qemu_real_host_page_mask;
		extern intptr_t qemu_real_host_page_mask;
		extern uintptr_t qemu_host_page_size;
		extern uintptr_t qemu_host_page_mask;
		extern intptr_t qemu_host_page_mask;

		#define HOST_PAGE_ALIGN(addr) (((addr) + qemu_host_page_size - 1) & qemu_host_page_mask)
		#define REAL_HOST_PAGE_ALIGN(addr) (((addr) + qemu_real_host_page_size - 1) & \

linux-user/elfload.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -1478,8 +1478,7 @@ static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)

		host_start = (uintptr_t) g2h(elf_bss);
		host_end = (uintptr_t) g2h(last_bss);
		host_map_start = (host_start + qemu_real_host_page_size - 1);
		host_map_start &= -qemu_real_host_page_size;
		host_map_start = REAL_HOST_PAGE_ALIGN(host_start);

		if (host_map_start < host_end) {
		void p = mmap((void )host_map_start, host_end - host_map_start,

linux-user/mmap.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -444,9 +444,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
		/* If so, truncate the file map at eof aligned with
		the hosts real pagesize. Additional anonymous maps
		will be created beyond EOF. */
		len = (sb.st_size - offset);
		len += qemu_real_host_page_size - 1;
		len &= ~(qemu_real_host_page_size - 1);
		len = REAL_HOST_PAGE_ALIGN(sb.st_size - offset);
		}
		}