.c files include .h files, so .o depends on .h,
and the linked result depends on .o.
We got it wrong for qga rules, fix it up.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qga/guest-agent-commands.c includes qga-qmp-commands.h,
but it was missing in its dependencies. Add it in QGALIB_GEN.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
We have a single rule generating .c and .h files,
so .h doesn't depend on .c: both depend on the
source schema.
Fix Makefile to reflect that - without this,
if .c is there and .h is missing, Makefile does
not know how to remake .h and assumes it's
a dummy target, triggering endless rebuilds.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
make clean missed the source qmp files generated
by python. Fix that.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
monitor: Fix file_completion() to check for stat() failure
stat() can fail for a file name just read with readdir(). Easiest way
to trigger is a dangling symbolic link --- look ma, no race! When it
fails, file_completion() uses sb.st_mode uninitialized. If the
directory bit happens to be set, it appends a "/" to the completed
name.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Peter Maydell [Mon, 7 Nov 2011 13:25:45 +0000 (13:25 +0000)]
hw/omap_gpio: Fix infinite recursion when doing 8/16 bit reads
Fix a long-standing bug which meant that any attempt to do an
8 or 16 bit read from the OMAP GPIO module would cause qemu to
crash due to an infinite recursion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
tcg: Use TCGReg for standard tcg-target entry points.
Including tcg_out_ld, tcg_out_st, tcg_out_mov, tcg_out_movi.
Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Alexander Graf <agraf@suse.de>
tcg: Standardize on TCGReg as the enum for hard registers
Most targets did not name the enum; tci used TCGRegister.
Signed-off-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Fri, 7 Oct 2011 07:51:50 +0000 (09:51 +0200)]
s390x: Add shutdown for TCG s390-virtio machine
Now that we have code in place to do refcounting of online CPUs, we
can drag the TCG code along and implement shutdown for that one too,
so it doesn't feel left out by its KVM counterpart.
On s390 a shutdown is the state of all CPUs being either stopped
or disabled (for interrupts) waiting. We have to track the overall
number of running CPUs to call the shutdown sequence accordingly.
This patch implements the counting and shutdown handling for the
kvm path in qemu.
Lets also wrap changes to env->halted and env->exception_index.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
The default kernel command line for s390 is
"root=/dev/ram0 ro"
When overriding this line, we have to ensure to also copy the \0 to
avoid false lines, for example, -append "root=/dev/vda" will result in
"root=/dev/vda0 ro" with the current code.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
Alexander Graf [Thu, 14 Jul 2011 09:52:08 +0000 (11:52 +0200)]
s390x: implement SIGP restart and shutdown
An s390x OS does reboot and shutdown triggers through hypercalls that
we didn't implement on the TCG backend yet. That means that so far we
couldn't shut down virtual machines for example, having them hang on
shutdown when not using KVM.
With this patch, this restriction is gone. We can now shut down and
reboot s390x virtual machines even when using the TCG backend.
Alexander Graf [Thu, 14 Jul 2011 09:50:33 +0000 (11:50 +0200)]
s390x: implement rrbe instruction properly
The rrbe instruction resets the reference bit in the given storage key.
So far, we merely made it a nop and also returned an invalid CC value,
so that the kernel never knew if a page actually got accessed.
This patch implements it properly, flushing the R bit and returning the
correct CC value.
Alexander Graf [Thu, 14 Jul 2011 09:49:08 +0000 (11:49 +0200)]
s390x: update R and C bits in storage key
When the s390x maps a page or writes happen to a page, the R and C
bits get updated. The easiest way to implement this in qemu is to
simply update them whenever we map a TLB translation and act according
to the permissions.
Alexander Graf [Thu, 14 Jul 2011 09:45:07 +0000 (11:45 +0200)]
s390x: make ipte 31-bit aware
When running 31-bit code we can potentially map the same virtual
address twice - once as 0x0yyyyyyy and once as 0x8yyyyyyy, because
the upper bit gets ignored.
This also should be reflected in the tlb invalidation path, so we
really invalidate also the transparently created tlb entries.
Juha Riihimäki [Thu, 20 Oct 2011 12:53:35 +0000 (14:53 +0200)]
hw/onenand: reject read-only drives
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Juha Riihimäki [Thu, 20 Oct 2011 12:53:34 +0000 (14:53 +0200)]
hw/nand: reject read-only drives
also gracefully fail on nand_device_init() for unsupported block
size instead of aborting.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Peter Maydell [Sun, 13 Nov 2011 14:18:39 +0000 (14:18 +0000)]
hw/pxa2xx.c: Fix handling of RW bits in PMCR
Fix an error in commit afd4a6522 which meant that writing a zero
to the RW bits in the PMCR wouldn't actually clear them. (Error
spotted by Andrzej Zaborowski.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Max Filippov [Thu, 10 Nov 2011 11:38:42 +0000 (15:38 +0400)]
vl.c: prohibit simultaneous use of -icount with kvm or xen
With -icount, The vm_clock is updated with help from TCG (it counts
instructions at 2^ICOUNT ns/instructions). With KVM, the instruction
count is not available so KVM cannot provide this help.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Fri, 11 Nov 2011 13:30:15 +0000 (13:30 +0000)]
hw/arm_timer.c: Fix bounds check for Integrator timer accesses
There are only three counter/timers on the integrator board:
correct the bounds check to avoid an array overrun. (Spotted
by Coverity, see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Wed, 9 Nov 2011 20:46:35 +0000 (20:46 +0000)]
hw/pxa2xx.c: Fix handling of R/WC bits in PMCR
Fix a bug in handling the write-one-to-clear bits in the PMCR
which meant that we would always clear the bit even if the
value written was a zero. Spotted by Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Wed, 9 Nov 2011 20:04:54 +0000 (20:04 +0000)]
hw/pl061: Remove pointless comparison of array to null
Remove a pointless comparison of an array to null. (There is
no need to check whether s->out[i] is non-null as qemu_set_irq
will do that for us.) Spotted by Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Wed, 9 Nov 2011 19:34:28 +0000 (19:34 +0000)]
hw/tc58128.c: Remove unnecessary check for g_malloc failure
Remove a check for g_malloc failing: this never happens.
Also use g_malloc rather than g_malloc0 as we immediately
memset the entire region and so zero-initialising it is pointless.
Spotted by Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Wed, 9 Nov 2011 19:22:11 +0000 (19:22 +0000)]
linux-user/elfload.c: Don't memset(NULL..) if malloc() failed
If a malloc() in copy_elf_strings() failed we would call memset()
before the "did malloc fail?" check. Fix this by moving to the
glib alloc/free routines for this memory so we can use g_try_malloc0
rather than having a separate memset(). Spotted by Coverity (see
bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Peter Maydell [Wed, 9 Nov 2011 18:45:38 +0000 (18:45 +0000)]
hw/omap_intc.c: Avoid crash on access to nonexistent banked registers
Avoid a crash due to null pointer dereference if a guest attempts
to access banked registers for a nonexistent bank. Spotted by
Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Juan Quintela [Wed, 9 Nov 2011 20:29:01 +0000 (21:29 +0100)]
migration: fix detached migration with fd
Migration with fd uses s->mon to pass the fd. But we only assign the
s->mon for !detached migration. Fix it. Once there add a comment
indicating that s->mon has two uses.
Pavel Borzenkov [Thu, 10 Nov 2011 20:26:59 +0000 (00:26 +0400)]
configure: Do not use 'sed -i'
'sed -i' is not defined in POSIX. It doesn't work on Mac OS X the way
it's used in configure (without suffix argument). This patch implements
Peter Maydell's idea of xattr.h detection.
Cc: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
David Gibson [Sun, 30 Oct 2011 19:57:33 +0000 (19:57 +0000)]
tcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6
tcg/ppc64/tcg-target.c has a couple of places where variables are set
unconditionally, but otherwise used only for softmmu builds, not
userspace only builds. This causes compiler warnings (which are fatal
by default) when compiling for a ppc64 host with gcc 4.6. This patch
fixes the problem by moving the code which defines and sets the
variables into the CONFIG_SOFTMMU guarded regions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Tue, 1 Nov 2011 16:49:05 +0000 (16:49 +0000)]
pseries: Fix initialization of sPAPREnvironment structure
Since we added PCI support to the pseries machine, we include a qlist of
PCI host bridges in the sPAPREnvironment structure. However this list
was never properly initialized it. Somehow we got away with this until
some other recent change broke it, and we now segfault immediately on
startup.
This patch adds the required QLIST_INIT(), and while we're at it makes sure
we initialize the rest of the sPAPREnvironment structure to 0, to avoid
future nasty surprises.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
Kevin Wolf [Thu, 10 Nov 2011 17:13:59 +0000 (18:13 +0100)]
block: Make cache=unsafe flush to the OS
cache=unsafe completely ignored bdrv_flush, because flushing the host disk
costs a lot of performance. However, this means that qcow2 images (and
potentially any other format) can lose data even after the guest has issued a
flush if the qemu process crashes/is killed. In case of a host crash, data loss
is certainly expected with cache=unsafe, but if just the qemu process dies this
is a bit too unsafe.
Now that we have two separate flush functions, we can choose to flush
everythign to the OS, but don't enforce that it's physically written to the
disk.
Kevin Wolf [Thu, 10 Nov 2011 17:10:11 +0000 (18:10 +0100)]
block: Introduce bdrv_co_flush_to_os
qcow2 has a writeback metadata cache, so flushing a qcow2 image actually
consists of writing back that cache to the protocol and only then flushes the
protocol in order to get everything stable on disk.
This introduces a separate bdrv_co_flush_to_os to reflect the split.
Kevin Wolf [Thu, 10 Nov 2011 16:25:44 +0000 (17:25 +0100)]
block: Rename bdrv_co_flush to bdrv_co_flush_to_disk
There are two different types of flush that you can do: Flushing one level up
to the OS (i.e. writing data to the host page cache) or flushing it all the way
down to the disk. The existing functions flush to the disk, reflect this in the
function name.
Peter Maydell [Wed, 9 Nov 2011 21:59:50 +0000 (21:59 +0000)]
hw/pc.c: Fix use-while-uninitialized of fd_type[]
Fix a use-while-uninitialized of the fd_type[] array (introduced
in commit 34d4260e1, noticed by Coverity). This is more theoretical
than practical, since it's quite hard to get here with floppy==NULL
(the qdev_try_create() of the isa-fdc device has to fail).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Charles Arnold [Wed, 9 Nov 2011 16:32:25 +0000 (09:32 -0700)]
block: Fix vpc initialization of the Dynamic Disk Header
The Data Offset field in the Dynamic Disk Header is an 8 byte field.
Although the specification (2006-10-11) gives an example of initializing
only the first 4 bytes, images generated by Microsoft on Windows initialize
all 8 bytes.
Failure to initialize all 8 bytes results in errors from utilities
like Citrix's vhd-util which checks specifically for the proper Data
Offset field initialization.
Signed-off-by: Charles Arnold <carnold@suse.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 4 Nov 2011 14:51:24 +0000 (15:51 +0100)]
qemu-nbd: open the block device after starting the client thread
This is cleaner, because we do not need to close the block device when
there is an error opening /dev/nbdX. It was done this way only to
print errors before daemonizing.
At the same time, use atexit to ensure that the block device is closed
whenever we exit.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 4 Nov 2011 14:51:23 +0000 (15:51 +0100)]
qemu-nbd: fix socket creation race
Now that the client and server are in the same process, there is
no need to race on the creation of the socket. We can open the
listening socket before starting the client thread.
This avoids that "qemu-nbd -v -c" prints this once before connecting
successfully to the socket:
connect(unix:/var/lock/qemu-nbd-nbd0): No such file or directory
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 4 Nov 2011 14:51:22 +0000 (15:51 +0100)]
qemu-nbd: print error messages from the daemon through a pipe
In order to get nice error messages, keep the qemu-nbd process running
until before issuing NBD_DO_IT and connected to the daemon with a pipe.
This lets the qemu-nbd process relay error messages from the daemon and
exit with a nonzero status if appropriate.
Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 4 Nov 2011 14:51:21 +0000 (15:51 +0100)]
qemu-nbd: move client to a thread
This avoids that qemu-nbd uses both forking and threads, which do
not behave well together.
qemu-nbd is already Unix only, and there is no qemu_thread_join,
so for now use pthreads.
Since the parent and child no longer have separate file descriptors,
we can open the NBD device before daemonizing, instead of checking
with access(2) and restricting the open to the client only.
Reported-by: Pierre Riteau <pierre.riteau@irisa.fr> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Fri, 4 Nov 2011 14:51:19 +0000 (15:51 +0100)]
qemu-nbd: trap SIGTERM
The client process right now uses SIGTERM to interrupt the server side.
This does not affect the exit status of "qemu-nbd -v -c" because the
server is a child process. This will change when both sides will be
in the same process, and anyway cleaning up things nicely upon SIGTERM
is good practice.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Mon, 7 Nov 2011 16:50:13 +0000 (17:50 +0100)]
block: add eject request callback
Recent versions of udev always keep the tray locked so that the kernel
can observe "eject request" events (aka tray button presses) even on
discs that aren't mounted. Add support for these events in the ATAPI
and SCSI cd drive device models.
To let management cope with the behavior of udev, an event should also
be added for "tray opened/closed". This way, after issuing an "eject"
command, management can poll until the guests actually reacts to the
command. They can then issue the "change" command after the tray has been
opened, or try with "eject -f" after a (configurable?) timeout. However,
with this patch and the corresponding support in the device models,
at least it is possible to do a manual two-step eject+change sequence.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Max Filippov [Wed, 9 Nov 2011 01:18:09 +0000 (05:18 +0400)]
hpet: fix infinite loop in qemu_run_timers with -icount enabled
hpet_timer timer callback rearms itself based on difference between
current HPET tick counter and comparator value. Difference calculated by
the hpet_calculate_diff function is limited to non-negative values.
cur_tick is calculated via hpet_get_ticks that uses qemu_get_clock_ns(vm_clock).
With -icount enabled vm_clock doesn't advance during qemu_run_timers
loop thus once difference is zero, qemu_run_timers loops forever
handling hpet_timer.
Limit hpet_calculate_diff results to positive only values to avoid that
infinite loop.
This fixes the following qemu-system-x86_64 hang when it reaches
timer_irq_works() in the linux bootup:
Peter Maydell [Wed, 9 Nov 2011 17:20:06 +0000 (17:20 +0000)]
hw/omap_dss.c: Fix !-vs-~ bug in handling DISPC_CONTROL
Fix a bug revealed by a coverity scan (see bug 887883) which meant
that we would never print the warning about unpredictable behaviour
if a nonexistent overlay is enabled.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Wed, 9 Nov 2011 13:44:36 +0000 (15:44 +0200)]
i386: derive '-cpu host' from KVM_GET_SUPPORTED_CPUID
The fact that a host cpu supports a feature doesn't mean that QEMU and KVM
will also support it, yet -cpuid host brings host features wholesale.
We need to whitelist each feature separately to make sure we support it.
This patch adds KVM whitelisting (by simply using KVM_GET_SUPPORTED_CPUID
instead of the CPUID instruction).
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fabien Chouteau [Mon, 7 Nov 2011 14:36:14 +0000 (15:36 +0100)]
Replace WriteFileEx with WriteFile in qemu_create_pidfile
The function that writes pidfile for win32 uses WriteFileEx which is an
asynchronous IO function. The arguments given to WriteFileEx are allocated on
the stack and one of them is "in out". When the IO operation is actually
executed the calling function has already returned, so the arguments are no
longer allocated or allocated to another frame.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fabien Chouteau <chouteau@adacore.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
vga_putcharxy()'s underline code sets font_data to 0xffff instead of
0xff. vga_putcharxy() then reads dmask16[0xffff >> 4] and
dmask4[0xffff >> 6]. In practice, these out-of-bounds subscripts
"only" put a few crap bits into the display surface.
For 32 bit pixels, there's no array access. font_data's extra bits go
straight into the display surface.
Broken when commit 6d6f7c28 implemented underline.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Gleb Natapov [Sun, 6 Nov 2011 16:00:22 +0000 (18:00 +0200)]
qemu_timedate_diff() shouldn't modify its argument.
The caller of qemu_timedate_diff() does not expect that tm it passes to
the function will be modified, but mktime() is destructive and modifies
its argument. Pass a copy of tm to it and set tm_isdst so that mktime()
will not rely on it since its value may be outdated.
Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Gerd Hoffmann [Thu, 3 Nov 2011 17:21:54 +0000 (18:21 +0100)]
qxl: fix vga port initialization.
Commit 0a039dc70096b768d3810afa50ba1d214768aaf4 broke vga modes for
qxl-vga by loosing vga_ioport_read windup. qxl needs to hook into
vga port writes only and used to realize that by letting vga_init() do
the work for both reads and writes, then overwrite the write function.
That little detail was missed while doing the conversion ...
This patch fixes it. It also switch qxl vga ioport registration to
portio lists while being at it.
Cc: Hans de Goede <hdegoede@redhat.com> Acked-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Gerd Hoffmann [Mon, 7 Nov 2011 15:33:09 +0000 (16:33 +0100)]
ac97: don't override the pci subsystem id
This patch removes the code lines which set the subsystem id for the
emulated ac97 card to 8086:0000. Due to the device id being zero the
subsystem id isn't vaild anyway. With the patch applied the sound card
gets the default qemu subsystem id (1af4:1100) instead.
[ v2: old & broken id is maintained for -M pc-$oldqemuversion ]
Paolo Bonzini [Thu, 3 Nov 2011 15:00:22 +0000 (16:00 +0100)]
disable automatic loading of sgabios when -nographic
sgabios hasn't gotten a lot of coverage since it was not shipped. For 1.0,
let's disable the automatic loading of the option ROM in -nographic
mode. We can put it back for 1.1.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
readline_hist_add() moves the history entry to the end of history. It
uses memmove() to move rs->history[idx + 1..] to rs->history[idx..].
However, its size argument is off by two array elements, so it writes
one element beyond rs->history[], and reads two.
On my system, this clobbers rs->hist_entry and the hole right after
it. Since the function assigns to rs->hist_entry in time, the bug has
no ill effects for me.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
projects / qemu.git / log