Commit c9158547 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 



* NMI cleanups (Bandan)
* RAMBlock/Memory cleanups and fixes (Dominik, Gonglei, Fam, me)
* first part of linuxboot support for fw_cfg DMA (Richard)
* IOAPIC fix (Peter Xu)
* iSCSI SG_IO fix (Vadim)
* Various infrastructure bug fixes (Zhijian, Peter M., Stefan)
* CVE fixes (Prasad)

# gpg: Signature made Mon 23 May 2016 16:06:18 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream: (24 commits)
  cpus: call the core nmi injection function
  nmi: remove x86 specific nmi handling
  target-i386: add a generic x86 nmi handler
  coccinelle: add g_assert_cmp* to macro file
  iscsi: pass SCSI status back for SG_IO
  esp: check dma length before reading scsi command(CVE-2016-4441)
  esp: check command buffer length before write(CVE-2016-4439)
  scripts/signrom.py: Check for magic in option ROMs.
  scripts/signrom.py: Allow option ROM checksum script to write the size header.
  Remove config-devices.mak on 'make clean'
  cpus.c: Use pthread_sigmask() rather than sigprocmask()
  memory: remove unnecessary masking of MemoryRegion ram_addr
  memory: Drop FlatRange.romd_mode
  memory: Remove code for mr->may_overlap
  exec: adjust rcu_read_lock requirement
  memory: drop find_ram_block()
  vl: change runstate only if new state is different from current state
  ioapic: clear remote irr bit for edge-triggered interrupts
  ioapic: keep RO bits for IOAPIC entry
  target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2
  ...

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 2b5f4777 1453e662

Makefile

+1 −0
Original line number Diff line number Diff line
@@ -356,6 +356,7 @@ clean: 
	if test -d $$d; then $(MAKE) -C $$d $@ || exit 1; fi; \

	rm -f $$d/qemu-options.def; \

        done

	rm -f $(SUBDIR_DEVICES_MAK) config-all-devices.mak



VERSION ?= $(shell cat VERSION)

block/iscsi.c

+1 −0
Original line number Diff line number Diff line
@@ -761,6 +761,7 @@ iscsi_aio_ioctl_cb(struct iscsi_context *iscsi, int status, 
    acb->ioh->driver_status = 0;

    acb->ioh->host_status   = 0;

    acb->ioh->resid         = 0;

    acb->ioh->status        = status;



#define SG_ERR_DRIVER_SENSE    0x08

configure

+1 −1
Original line number Diff line number Diff line
@@ -2985,7 +2985,7 @@ int main(void) { 
}

EOF



if ! compile_prog "-Werror $CFLAGS" "$LIBS" ; then

if ! compile_prog "$CFLAGS" "$LIBS" ; then

    error_exit "sizeof(size_t) doesn't match GLIB_SIZEOF_SIZE_T."\

               "You probably need to set PKG_CONFIG_LIBDIR"\

	       "to point to the right pkg-config files for your"\

cpus.c

+1 −15
Original line number Diff line number Diff line
@@ -780,7 +780,7 @@ static void sigbus_reraise(void) 
        raise(SIGBUS);

        sigemptyset(&set);

        sigaddset(&set, SIGBUS);

        sigprocmask(SIG_UNBLOCK, &set, NULL);

        pthread_sigmask(SIG_UNBLOCK, &set, NULL);

    }

    perror("Failed to re-raise SIGBUS!\n");

    abort();
@@ -1693,21 +1693,7 @@ exit: 


void qmp_inject_nmi(Error **errp)

{

#if defined(TARGET_I386)

    CPUState *cs;



    CPU_FOREACH(cs) {

        X86CPU *cpu = X86_CPU(cs);



        if (!cpu->apic_state) {

            cpu_interrupt(cs, CPU_INTERRUPT_NMI);

        } else {

            apic_deliver_nmi(cpu->apic_state);

        }

    }

#else

    nmi_monitor_handle(monitor_get_cpu_index(), errp);

#endif

}



void dump_drift_info(FILE *f, fprintf_function cpu_fprintf)

docs/atomics.txt

+2 −2
Original line number Diff line number Diff line
@@ -62,7 +62,7 @@ operations: 
    typeof(*ptr) atomic_fetch_sub(ptr, val)

    typeof(*ptr) atomic_fetch_and(ptr, val)

    typeof(*ptr) atomic_fetch_or(ptr, val)

    typeof(*ptr) atomic_xchg(ptr, val

    typeof(*ptr) atomic_xchg(ptr, val)

    typeof(*ptr) atomic_cmpxchg(ptr, old, new)



all of which return the old value of *ptr.  These operations are
@@ -328,7 +328,7 @@ and memory barriers, and the equivalents in QEMU: 


- atomic_read and atomic_set in Linux give no guarantee at all;

  atomic_read and atomic_set in QEMU include a compiler barrier

  (similar to the ACCESS_ONCE macro in Linux).

  (similar to the READ_ONCE/WRITE_ONCE macros in Linux).



- most atomic read-modify-write operations in Linux return void;

  in QEMU, all of them return the old value of the variable.