[Qemu-devel] [PULL 0/8] Trivial patches for 8 to 10 November 2011

[Qemu-devel] [PULL 0/8] Trivial patches for 8 to 10 November 2011

[Stefan Hajnoczi]

The last trivial-patches pull on top of 1.0-rc1.  I have tried to include only
bug or user-visible fixes.

The following changes since commit 4f61927a41a098d06e642ffdea5fc285dc3a0e6b:

  hpet: fix infinite loop in qemu_run_timers with -icount enabled (2011-11-09 12:06:20 -0600)

are available in the git repository at:
  ssh://repo.or.cz/srv/git/qemu/stefanha.git trivial-patches

Markus Armbruster (5):
      qdev: Fix crash on -device '?=x'
      ui/vnc: Convert sasl.mechlist to g_malloc() & friends
      x86/cpuid: Convert remaining strdup() to g_strdup()
      x86/cpuid: Plug memory leak in cpudef_setfield()
      x86/cpuid: Fix crash on -cpu ""

Peter Maydell (1):
      hw/lan9118.c: Add missing 'break' to fix buffer overrun

陳韋任 (2):
      qemu-tech.texi: Update default code cache size
      configure: Show --cpu option on the help list

 configure           |    1 +
 hw/lan9118.c        |    1 +
 hw/qdev.c           |    2 +-
 qemu-tech.texi      |    2 +-
 target-i386/cpuid.c |   13 +++++++------
 ui/vnc-auth-sasl.c  |   19 +++++--------------
 6 files changed, 16 insertions(+), 22 deletions(-)

-- 
1.7.7.1

[Qemu-devel] [PATCH 1/8] qemu-tech.texi: Update default code cache size

[Stefan Hajnoczi]

From: 陳韋任 <chenwj@iis.sinica.edu.tw>

  Update the document since the default code cache size is 32 MB now.

Signed-off-by: chenwj <chenwj@cs.nctu.edu.tw>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 qemu-tech.texi |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/qemu-tech.texi b/qemu-tech.texi
index 397b070..62afe45 100644
--- a/qemu-tech.texi
+++ b/qemu-tech.texi
@@ -435,7 +435,7 @@ generate an addition for the segment base.
 @node Translation cache
 @section Translation cache
 
-A 16 MByte cache holds the most recently used translations. For
+A 32 MByte cache holds the most recently used translations. For
 simplicity, it is completely flushed when it is full. A translation unit
 contains just a single basic block (a block of x86 instructions
 terminated by a jump or by a virtual CPU state change which the
-- 
1.7.7.1

[Qemu-devel] [PATCH 2/8] configure: Show --cpu option on the help list

[Stefan Hajnoczi]

From: 陳韋任 <chenwj@iis.sinica.edu.tw>

Signed-off-by: Chen Wen-Ren (陳韋任) <chenwj@iis.sinica.edu.tw>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 configure |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/configure b/configure
index 401d9a6..8d85d23 100755
--- a/configure
+++ b/configure
@@ -1037,6 +1037,7 @@ echo "  --fmod-lib               path to FMOD library"
 echo "  --fmod-inc               path to FMOD includes"
 echo "  --oss-lib                path to OSS library"
 echo "  --enable-uname-release=R Return R for uname -r in usermode emulation"
+echo "  --cpu=CPU                Build for host CPU [$cpu]"
 echo "  --sparc_cpu=V            Build qemu for Sparc architecture v7, v8, v8plus, v8plusa, v9"
 echo "  --disable-uuid           disable uuid support"
 echo "  --enable-uuid            enable uuid support"
-- 
1.7.7.1

[Qemu-devel] [PATCH 3/8] qdev: Fix crash on -device '?=x'

[Stefan Hajnoczi]

From: Markus Armbruster <armbru@redhat.com>

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 hw/qdev.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/qdev.c b/hw/qdev.c
index 50976dd..106407f 100644
--- a/hw/qdev.c
+++ b/hw/qdev.c
@@ -186,7 +186,7 @@ int qdev_device_help(QemuOpts *opts)
         return 1;
     }
 
-    if (!qemu_opt_get(opts, "?")) {
+    if (!driver || !qemu_opt_get(opts, "?")) {
         return 0;
     }
 
-- 
1.7.7.1

[Qemu-devel] [PATCH 4/8] ui/vnc: Convert sasl.mechlist to g_malloc() & friends

[Stefan Hajnoczi]

From: Markus Armbruster <armbru@redhat.com>

Fixes protocol_client_auth_sasl_mechname() not to crash when malloc()
fails.  Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 ui/vnc-auth-sasl.c |   19 +++++--------------
 1 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
index 23b1bf5..e2045fc 100644
--- a/ui/vnc-auth-sasl.c
+++ b/ui/vnc-auth-sasl.c
@@ -35,7 +35,7 @@ void vnc_sasl_client_cleanup(VncState *vs)
         vs->sasl.encodedLength = vs->sasl.encodedOffset = 0;
         vs->sasl.encoded = NULL;
         g_free(vs->sasl.username);
-        free(vs->sasl.mechlist);
+        g_free(vs->sasl.mechlist);
         vs->sasl.username = vs->sasl.mechlist = NULL;
         sasl_dispose(&vs->sasl.conn);
         vs->sasl.conn = NULL;
@@ -430,11 +430,7 @@ static int protocol_client_auth_sasl_start_len(VncState *vs, uint8_t *data, size
 
 static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_t len)
 {
-    char *mechname = malloc(len + 1);
-    if (!mechname) {
-        VNC_DEBUG("Out of memory reading mechname\n");
-        vnc_client_error(vs);
-    }
+    char *mechname = g_malloc(len + 1);
     strncpy(mechname, (char*)data, len);
     mechname[len] = '\0';
     VNC_DEBUG("Got client mechname '%s' check against '%s'\n",
@@ -460,7 +456,7 @@ static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_
         }
     }
 
-    free(vs->sasl.mechlist);
+    g_free(vs->sasl.mechlist);
     vs->sasl.mechlist = mechname;
 
     VNC_DEBUG("Validated mechname '%s'\n", mechname);
@@ -469,7 +465,7 @@ static int protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_
 
  fail:
     vnc_client_error(vs);
-    free(mechname);
+    g_free(mechname);
     return -1;
 }
 
@@ -608,12 +604,7 @@ void start_auth_sasl(VncState *vs)
     }
     VNC_DEBUG("Available mechanisms for client: '%s'\n", mechlist);
 
-    if (!(vs->sasl.mechlist = strdup(mechlist))) {
-        VNC_DEBUG("Out of memory");
-        sasl_dispose(&vs->sasl.conn);
-        vs->sasl.conn = NULL;
-        goto authabort;
-    }
+    vs->sasl.mechlist = g_strdup(mechlist);
     mechlistlen = strlen(mechlist);
     vnc_write_u32(vs, mechlistlen);
     vnc_write(vs, mechlist, mechlistlen);
-- 
1.7.7.1

[Qemu-devel] [PATCH 5/8] x86/cpuid: Convert remaining strdup() to g_strdup()

[Stefan Hajnoczi]

From: Markus Armbruster <armbru@redhat.com>

Fixes missing error checking.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 target-i386/cpuid.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index edac377..352c390 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -581,7 +581,7 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
     unsigned int i;
     x86_def_t *def;
 
-    char *s = strdup(cpu_model);
+    char *s = g_strdup(cpu_model);
     char *featurestr, *name = strtok(s, ",");
     /* Features to be added*/
     uint32_t plus_features = 0, plus_ext_features = 0;
@@ -727,11 +727,11 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
         if (check_features_against_host(x86_cpu_def) && enforce_cpuid)
             goto error;
     }
-    free(s);
+    g_free(s);
     return 0;
 
 error:
-    free(s);
+    g_free(s);
     return -1;
 }
 
@@ -950,7 +950,7 @@ static int cpudef_setfield(const char *name, const char *str, void *opaque)
     int err = 0;
 
     if (!strcmp(name, "name")) {
-        def->name = strdup(str);
+        def->name = g_strdup(str);
     } else if (!strcmp(name, "model_id")) {
         strncpy(def->model_id, str, sizeof (def->model_id));
     } else if (!strcmp(name, "level")) {
-- 
1.7.7.1

[Qemu-devel] [PATCH 6/8] x86/cpuid: Plug memory leak in cpudef_setfield()

[Stefan Hajnoczi]

From: Markus Armbruster <armbru@redhat.com>

To reproduce the leak, put two name options into the same [cpudef]
section of target-x86_64.conf.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 target-i386/cpuid.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 352c390..99cff65 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -950,6 +950,7 @@ static int cpudef_setfield(const char *name, const char *str, void *opaque)
     int err = 0;
 
     if (!strcmp(name, "name")) {
+        g_free((void *)def->name);
         def->name = g_strdup(str);
     } else if (!strcmp(name, "model_id")) {
         strncpy(def->model_id, str, sizeof (def->model_id));
-- 
1.7.7.1

[Qemu-devel] [PATCH 7/8] x86/cpuid: Fix crash on -cpu ""

[Stefan Hajnoczi]

From: Markus Armbruster <armbru@redhat.com>

Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 target-i386/cpuid.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 99cff65..21e5896 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -594,9 +594,9 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, const char *cpu_model)
     uint32_t numvalue;
 
     for (def = x86_defs; def; def = def->next)
-        if (!strcmp(name, def->name))
+        if (name && !strcmp(name, def->name))
             break;
-    if (kvm_enabled() && strcmp(name, "host") == 0) {
+    if (kvm_enabled() && name && strcmp(name, "host") == 0) {
         cpu_x86_fill_host(x86_cpu_def);
     } else if (!def) {
         goto error;
-- 
1.7.7.1

[Qemu-devel] [PATCH 8/8] hw/lan9118.c: Add missing 'break' to fix buffer overrun

[Stefan Hajnoczi]

From: Peter Maydell <peter.maydell@linaro.org>

Add a missing 'break' statement to fix a buffer overrun when
executing the EEPROM write-all command. Spotted by Coverity
(see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 hw/lan9118.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/lan9118.c b/hw/lan9118.c
index 634b88e..f8149e6 100644
--- a/hw/lan9118.c
+++ b/hw/lan9118.c
@@ -863,6 +863,7 @@ static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
         } else {
             DPRINTF("EEPROM Write All (ignored)\n");
         }
+        break;
     case 5: /* ERASE */
         if (s->eeprom_writable) {
             s->eeprom[addr] = 0xff;
-- 
1.7.7.1

Re: [Qemu-devel] [PULL 0/8] Trivial patches for 8 to 10 November 2011

[Anthony Liguori]

On 11/10/2011 06:36 AM, Stefan Hajnoczi wrote:
> The last trivial-patches pull on top of 1.0-rc1.  I have tried to include only
> bug or user-visible fixes.
>
> The following changes since commit 4f61927a41a098d06e642ffdea5fc285dc3a0e6b:
>
>    hpet: fix infinite loop in qemu_run_timers with -icount enabled (2011-11-09 12:06:20 -0600)
>
> are available in the git repository at:
>    ssh://repo.or.cz/srv/git/qemu/stefanha.git trivial-patches

Pulled.  Thanks.

Regards

Anthony Liguori

>
> Markus Armbruster (5):
>        qdev: Fix crash on -device '?=x'
>        ui/vnc: Convert sasl.mechlist to g_malloc()&  friends
>        x86/cpuid: Convert remaining strdup() to g_strdup()
>        x86/cpuid: Plug memory leak in cpudef_setfield()
>        x86/cpuid: Fix crash on -cpu ""
>
> Peter Maydell (1):
>        hw/lan9118.c: Add missing 'break' to fix buffer overrun
>
> 陳韋任 (2):
>        qemu-tech.texi: Update default code cache size
>        configure: Show --cpu option on the help list
>
>   configure           |    1 +
>   hw/lan9118.c        |    1 +
>   hw/qdev.c           |    2 +-
>   qemu-tech.texi      |    2 +-
>   target-i386/cpuid.c |   13 +++++++------
>   ui/vnc-auth-sasl.c  |   19 +++++--------------
>   6 files changed, 16 insertions(+), 22 deletions(-)
>