~ubuntu-virt/qemu/+git/qemu-lp-import:stable-2.7

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

0d83fcc... by Michael Roth on 2016-12-23

Update version for 2.7.1 release

Signed-off-by: Michael Roth <email address hidden>

4dde694... by Ashijeet Acharya <email address hidden> on 2016-09-27

ide: Fix memory leak in ide_register_restart_cb()

Fix a memory leak in ide_register_restart_cb() in hw/ide/core.c and add
idebus_unrealize() in hw/ide/qdev.c to have calls to
qemu_del_vm_change_state_handler() to deal with the dangling change
state handler during hot-unplugging ide devices which might lead to a
crash.

Signed-off-by: Ashijeet Acharya <email address hidden>
Reviewed-by: John Snow <email address hidden>
Message-id: <email address hidden>
[Minor whitespace fix --js]
Signed-off-by: John Snow <email address hidden>
(cherry picked from commit ca44141d5fb801dd5903102acefd0f2d8e8bb6a1)
Signed-off-by: Michael Roth <email address hidden>

7d17d68... by =?utf-8?q?Marc-Andr=C3=A9_Lureau?= <email address hidden> on 2016-07-13

portio: keep references on portio

The isa_register_portio_list() function allocates ioports
data/state. Let's keep the reference to this data on some owner. This
isn't enough to fix leaks, but at least, ASAN stops complaining of
direct leaks. Further cleanup would require calling
portio_list_del/destroy().

Signed-off-by: Marc-André Lureau <email address hidden>
Reviewed-by: Paolo Bonzini <email address hidden>
(cherry picked from commit e305a16510afa74eec20390479e349402e55ef4c)
Signed-off-by: Michael Roth <email address hidden>

345f1cd... by John Snow on 2016-11-14

block-backend: Always notify on blk_eject

blk_eject is only used by scsi-disk and atapi, and in both cases we
only attempt to invoke blk_eject if we have a bona-fide change in
tray state.

The "issue" here is that the tray state does not generate a QMP event
unless there is a medium/BDS attached to the device, so if libvirt et al
are waiting for a tray event to occur from an empty-but-closed drive,
software opening that drive will not emit an event and libvirt will
wait forever.

Change this by modifying blk_eject to always emit an event, instead of
conditionally on a "real" backend eject.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1373264

Reported-by: Peter Krempa <email address hidden>
Signed-off-by: John Snow <email address hidden>
Reviewed-by: Eric Blake <email address hidden>
Reviewed-by: Kevin Wolf <email address hidden>
Message-id: <email address hidden>
Signed-off-by: John Snow <email address hidden>
(cherry picked from commit c47ee043dc2cc85da710e87524144a720598c096)

* dropped functional depedenecy on 2d76e724

Signed-off-by: Michael Roth <email address hidden>

8d5f2a7... by Mark Cave-Ayland on 2016-10-27

dma-helpers: explicitly pass alignment into DMA helpers

The hard-coded default alignment is BDRV_SECTOR_SIZE, however this is not
necessarily the case for all platforms. Use this as the default alignment for
all current callers.

Signed-off-by: Mark Cave-Ayland <email address hidden>
Reviewed-by: Eric Blake <email address hidden>
Acked-by: John Snow <email address hidden>
Message-id: <email address hidden>
Signed-off-by: John Snow <email address hidden>
(cherry picked from commit 99868af3d0a75cf6a515a9aa81bf0d7bcb39eadb)
Signed-off-by: Michael Roth <email address hidden>

5f20161... by John Snow on 2016-11-14

atapi: classify read_cd as conditionally returning data

For the purposes of byte_count_limit verification, add a new flag that
identifies read_cd as sometimes returning data, then check the BCL in
its command handler after we know that it will indeed return data.

Reported-by: Hervé Poussineau <email address hidden>
Signed-off-by: John Snow <email address hidden>
Reviewed-by: Kevin Wolf <email address hidden>
Message-id: <email address hidden>
Signed-off-by: John Snow <email address hidden>
(cherry picked from commit e7bd708ec85e40fd51569bb90c52d6613ffd8f45)
Signed-off-by: Michael Roth <email address hidden>

05838b4... by Stefan Hajnoczi <email address hidden> on 2016-12-14

ui/gtk: fix "Copy" menu item segfault

The "Copy" menu item copies VTE terminal text to the clipboard. This
only works with VTE terminals, not with graphics consoles.

Disable the menu item when the current notebook page isn't a VTE
terminal.

This patch fixes a segfault. Reproducer: Start QEMU and click the Copy
menu item when the guest display is visible.

Reported-by: Kevin Wolf <email address hidden>
Reviewed-by: Gerd Hoffmann <email address hidden>
Tested-by: Stefan Weil <email address hidden>
Signed-off-by: Stefan Hajnoczi <email address hidden>
Message-id: <email address hidden>
Cc: Michael S. Tsirkin <email address hidden>
Cc: Gerd Hoffmann <email address hidden>
Signed-off-by: Stefan Hajnoczi <email address hidden>
(cherry picked from commit a08156321ab9a7d2fed9ee77dbfeea2a61ffd153)
Signed-off-by: Michael Roth <email address hidden>

223d1a2... by Thorsten Kohfeldt on 2016-10-17

vfio/pci: Fix vfio_rtl8168_quirk_data_read address offset

Introductory comment for rtl8168 VFIO MSI-X quirk states:
At BAR2 offset 0x70 there is a dword data register,
         offset 0x74 is a dword address register.
vfio: vfio_bar_read(0000:05:00.0:BAR2+0x70, 4) = 0xfee00398 // read data

Thus, correct offset for data read is 0x70,
but function vfio_rtl8168_quirk_data_read() wrongfully uses offset 0x74.

Signed-off-by: Thorsten Kohfeldt <email address hidden>
Signed-off-by: Alex Williamson <email address hidden>
(cherry picked from commit 31e6a7b17b35711eb44f0e686b5ba68d15bfe4c1)
Signed-off-by: Michael Roth <email address hidden>

7f7ac21... by Lin Ma <email address hidden> on 2016-09-15

msmouse: Fix segfault caused by free the chr before chardev cleanup.

Segfault happens when leaving qemu with msmouse backend:

 #0 0x00007fa8526ac975 in raise () at /lib64/libc.so.6
 #1 0x00007fa8526add8a in abort () at /lib64/libc.so.6
 #2 0x0000558be78846ab in error_exit (err=16, msg=0x558be799da10 ...
 #3 0x0000558be7884717 in qemu_mutex_destroy (mutex=0x558be93be750) at ...
 #4 0x0000558be7549951 in qemu_chr_free_common (chr=0x558be93be750) at ...
 #5 0x0000558be754999c in qemu_chr_free (chr=0x558be93be750) at ...
 #6 0x0000558be7549a20 in qemu_chr_delete (chr=0x558be93be750) at ...
 #7 0x0000558be754a8ef in qemu_chr_cleanup () at qemu-char.c:4643
 #8 0x0000558be755843e in main (argc=5, argv=0x7ffe925d7118, ...

The chr was freed by msmouse close callback before chardev cleanup,
Then qemu_mutex_destroy triggered raise().

Because freeing chr is handled by qemu_chr_free_common, Remove the free from
msmouse_chr_close to avoid double free.

Fixes: c1111a24a3358ecd2f17be7c8b117cfe8bc5e5f8
Cc: <email address hidden>
Signed-off-by: Lin Ma <email address hidden>
Message-Id: <email address hidden>
Signed-off-by: Paolo Bonzini <email address hidden>
(cherry picked from commit 9e14037f05e99ca3b8a33d8be9a2a636bbf09326)
Signed-off-by: Michael Roth <email address hidden>

db1604c... by Paolo Bonzini <email address hidden> on 2016-09-08

Revert "megasas: remove useless check for cmd->frame"

This reverts commit 8cc46787b5b58f01a11c919c7ff939ed009e27fc.
It turns out that cmd->frame can be NULL and thus the commit
can cause a SIGSEGV

Reported-by: Holger Schranz <email address hidden>
Cc: <email address hidden>
Signed-off-by: Paolo Bonzini <email address hidden>
(cherry picked from commit 421cc3e7e89cb807d3c5f6de486abb2167c8e792)
Signed-off-by: Michael Roth <email address hidden>