[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14 |
|
Date: |
Tue, 8 Jul 2014 12:16:31 -0500 |
Hi everyone,
The following new patches are queued for QEMU stable v1.7.2:
https://github.com/mdroth/qemu/commits/stable-1.7-staging
The release is planned for 2014-07-21:
http://wiki.qemu.org/Planning/1.7
Please respond here or CC address@hidden on any patches
you think should be included in the release.
Testing/feedback is greatly appreciated.
As you maybe have noticed, the 1.7.2 stable release is late by
almost an entire release cycle. There were some important fixes
planned for 1.7.2 however, so hopefully better late than never.
Due to the delay the patch queue for this release is quite a bit
longer than usual, so anyone interested in this release is highly
encouraged to review/test.
2.0.1 has similarly slipped by half a release cycle, so 2.0.1 will
be going out during the originally planned date release date for
2.0.2, and is the only planned stable release for the 2.0 series:
http://wiki.qemu.org/Planning/2.0
My apologies for the delays. For 2.1.x, we should be back on track
for the normal stable release schedule (2.1.1 midway through 2.2
development, and 2.1.2 roughly coinciding with 2.2 release).
Thanks!
----------------------------------------------------------------
Alexander Graf (3):
kvmclock: Ensure time in migration never goes backward
KVM: Fix GSI number space limit
virtio-serial: don't migrate the config space
Alexey Kardashevskiy (1):
spapr_pci: Fix number of returned vectors in ibm, change-msi
Andreas Färber (2):
sdhci: Fix misuse of qemu_free_irqs()
hw: Fix qemu_allocate_irqs() leaks
Benoît Canet (2):
ide: Correct improper smart self test counter reset in ide core.
block: Prevent coroutine stack overflow when recursing in
bdrv_open_backing_file.
ChenLiang (1):
migration: remove duplicate code
Cornelia Huck (1):
s390x/css: handle emw correctly for tsch
Cédric Le Goater (1):
virtio-net: byteswap virtio-net header
David Hildenbrand (1):
s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG
Dmitry Fleytman (4):
vmxnet3: validate interrupt indices coming from guest
vmxnet3: validate queues configuration coming from guest
vmxnet3: validate interrupt indices read on migration
vmxnet3: validate queues configuration read on migration
Dr. David Alan Gilbert (1):
Fix vmstate_info_int32_le comparison/assign
Edgar E. Iglesias (1):
target-arm: Make vbar_write 64bit friendly on 32bit hosts
Eduardo Habkost (1):
target-i386: Filter FEAT_7_0_EBX TCG features too
Fam Zheng (2):
scsi: Change scsi sense buf size to 252
curl: check data size before memcpy to local buffer. (CVE-2014-0144)
Gal Hammer (1):
char: restore read callback on a reattached (hotplug) chardev
Gonglei (1):
qga: Fix handle fd leak in acquire_privilege()
Hani Benhabiles (5):
usb: Fix usb-bt-dongle initialization.
nbd: Don't export a block device with no medium.
nbd: Don't validate from and len in NBD_CMD_DISC.
nbd: Close socket on negotiation failure.
nbd: Shutdown socket before closing.
Hannes Reinecke (1):
megasas: Implement LD_LIST_QUERY
Hu Tao (1):
qcow2: fix offset overflow in qcow2_alloc_clusters_at()
Jeff Cody (3):
vpc/vhd: add bounds check for max_table_entries and block_size
(CVE-2014-0144)
vdi: add bounds checks for blocks_in_image and disk_size header fields
(CVE-2014-0144)
vhdx: Bounds checking for block_size and logical_sector_size
(CVE-2014-0148)
Kevin Wolf (35):
qcow2: Flush metadata during read-only reopen
block: Use BDRV_O_NO_BACKING where appropriate
qemu-iotests: Support for bochs format
bochs: Unify header structs and make them QEMU_PACKED
bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
bochs: Check catalog_size header field (CVE-2014-0143)
bochs: Check extent_size header field (CVE-2014-0142)
bochs: Fix bitmap offset calculation
vpc: Validate block size (CVE-2014-0142)
qcow2: Check header_length (CVE-2014-0144)
qcow2: Check backing_file_offset (CVE-2014-0144)
qcow2: Check refcount table size (CVE-2014-0144)
qcow2: Validate refcount table offset
qcow2: Validate snapshot table offset/size (CVE-2014-0144)
qcow2: Validate active L1 table offset and size (CVE-2014-0144)
qcow2: Fix backing file name length check
qcow2: Zero-initialise first cluster for new images
qcow2: Don't rely on free_cluster_index in alloc_refcount_block()
(CVE-2014-0147)
qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
qcow2: Check new refcount table size on growth
qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref
qcow2: Protect against some integer overflows in bdrv_check
qcow2: Fix new L1 table size check (CVE-2014-0143)
block: Limit request size (CVE-2014-0143)
qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
qcow2: Fix copy_sectors() with VM state
qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145)
qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143)
parallels: Fix catalog size integer overflow (CVE-2014-0143)
parallels: Sanity check for s->tracks (CVE-2014-0142)
qcow1: Make padding in the header explicit
qcow1: Check maximum cluster size
qcow1: Validate L2 table size (CVE-2014-0222)
qcow1: Validate image size (CVE-2014-0223)
qcow1: Stricter backing file length check
Le Tan (1):
pci: assign devfn to pci_dev before calling
pci_device_iommu_address_space()
Marcelo Tosatti (1):
kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec
calculation
Markus Armbruster (10):
scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path
blockdev: Plug memory leak in blockdev_init()
blockdev: Plug memory leak in drive_init()
block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR
block/vvfat: Plug memory leak in check_directory_consistency()
block/vvfat: Plug memory leak in read_directory()
block/sheepdog: Plug memory leak in sd_snapshot_create()
qemu-img: Plug memory leak in convert command
vnc: Fix tight_detect_smooth_image() for lossless case
Max Filippov (1):
target-xtensa: fix cross-page jumps/calls at the end of TB
Max Reitz (1):
block-commit: speed is an optional parameter
Michael R. Hines (1):
rdma: bug fixes
Michael Roth (3):
virtio: avoid buffer overrun on incoming migration
openpic: avoid buffer overrun on incoming migration
qapi: zero-initialize all QMP command parameters
Michael S. Tsirkin (27):
acpi: fix tables for no-hpet configuration
vmstate: reduce code duplication
vmstate: add VMS_MUST_EXIST
vmstate: add VMSTATE_VALIDATE
virtio-net: fix buffer overflow on invalid state load
virtio-net: out-of-bounds buffer write on invalid state load
virtio-net: out-of-bounds buffer write on load
virtio: out-of-bounds buffer write on invalid state load
ahci: fix buffer overrun on invalid state load
hpet: fix buffer overrun on invalid state load
hw/pci/pcie_aer.c: fix buffer overruns on invalid state load
pl022: fix buffer overun on invalid state load
vmstate: fix buffer overflow in target-arm/machine.c
virtio: validate num_sg when mapping
pxa2xx: avoid buffer overrun on incoming migration
ssi-sd: fix buffer overrun on invalid state load
ssd0323: fix buffer overun on invalid state load
tsc210x: fix buffer overrun on invalid state load
zaurus: fix buffer overrun on invalid state load
virtio-scsi: fix buffer overrun on invalid state load
vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
usb: sanity check setup_index+setup_len in post_load
virtio: validate config_len on load
stellaris_enet: block migration
pci-assign: limit # of msix vectors
virtio: allow mapping up to max queue size
vhost: fix resource leak in error handling
Michael Tokarev (1):
po/Makefile: fix $SRC_PATH reference
Paolo Bonzini (2):
mirror: fix throttling delay calculation
target-i386: fix set of registers zeroed on reset
Peter Crosthwaite (1):
arm: translate.c: Fix smlald Instruction
Peter Lieven (2):
block/iscsi: fix deadlock on scsi check condition
migration: catch unknown flags in ram_load
Peter Maydell (9):
hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun
hw/net/stellaris_enet: Correct handling of packet padding
savevm: Ignore minimum_version_id_old if there is no load_state_old
linux-user/elfload.c: Fix incorrect ARM HWCAP bits
linux-user/elfload.c: Update ARM HWCAP bits
linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32
linux-user: Don't overrun guest buffer in sched_getaffinity
target-arm: Fix errors in writes to generic timer control registers
coroutine-win32.c: Add noinline attribute to work around gcc bug
Richard Henderson (3):
target-i386: Fix CC_OP_CLR vs PF
target-i386: Fix ucomis and comis memory access
tcg-i386: Fix win64 qemu store
Stefan Fritsch (1):
virtio-net: Do not filter VLANs without F_CTRL_VLAN
Stefan Hajnoczi (18):
qom: Avoid leaking str and bool properties on failure
tap: avoid deadlocking rx
mirror: fix early wake from sleep due to aio
qemu-iotests: add ./check -cloop support
qemu-iotests: add cloop input validation tests
block/cloop: validate block_size header field (CVE-2014-0144)
block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
block/cloop: refuse images with bogus offsets (CVE-2014-0144)
block/cloop: fix offsets[] size off-by-one
dmg: coding style and indentation cleanup
dmg: prevent out-of-bounds array access on terminator
dmg: drop broken bdrv_pread() loop
dmg: use appropriate types when reading chunks
dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
dmg: use uint64_t consistently for sectors and lengths
dmg: prevent chunk buffer overflow (CVE-2014-0145)
aio: fix qemu_bh_schedule() bh->ctx race condition
Stefan Weil (3):
tests: Fix 'make test' for i686 hosts (build regression)
configure: Don't use __int128_t for clang versions before 3.2
cputlb: Fix regression with TCG interpreter (bug 1310324)
Thomas Huth (2):
s390x/virtio-hcall: Add range check for hypervisor call
s390x/helper: Added format control bit to MMU translation
Ulrich Obergfell (1):
scsi-disk: fix bug in scsi_block_new_request() introduced by commit
137745c
arch_init.c | 96 ++++----
async.c | 14 +-
block.c | 40 ++--
block/bochs.c | 109 +++++----
block/cloop.c | 81 ++++++-
block/curl.c | 5 +
block/dmg.c | 275
+++++++++++++---------
block/iscsi.c | 5 +-
block/mirror.c | 37 +--
block/parallels.c | 14 +-
block/qapi.c | 1 +
block/qcow.c | 43 +++-
block/qcow2-cluster.c | 11 +-
block/qcow2-refcount.c | 119 ++++++----
block/qcow2-snapshot.c | 35 +--
block/qcow2.c | 198 ++++++++++++----
block/qcow2.h | 48 +++-
block/sheepdog.c | 4 +-
block/vdi.c | 31 ++-
block/vhdx.c | 12 +-
block/vmdk.c | 2 +-
block/vpc.c | 32 ++-
block/vvfat.c | 6 +-
blockdev-nbd.c | 9 +-
blockdev.c | 11 +-
configure | 5 +
coroutine-win32.c | 13 +-
cputlb.c | 6 +-
docs/migration.txt | 12 +-
hw/arm/omap1.c | 14 +-
hw/arm/omap2.c | 2 +-
hw/arm/pxa2xx.c | 12 +-
hw/arm/spitz.c | 4 +-
hw/arm/z2.c | 2 +-
hw/char/virtio-serial-bus.c | 16 +-
hw/core/irq.c | 4 +-
hw/display/ssd0323.c | 24 ++
hw/dma/omap_dma.c | 4 +-
hw/gpio/zaurus.c | 10 +
hw/i386/acpi-build.c | 7 +-
hw/i386/kvm/clock.c | 52 ++++
hw/i386/kvm/pci-assign.c | 12 +-
hw/ide/ahci.c | 2 +-
hw/ide/core.c | 2 +-
hw/ide/microdrive.c | 2 +-
hw/input/tsc210x.c | 12 +
hw/intc/openpic.c | 16 +-
hw/misc/cbus.c | 6 +-
hw/net/stellaris_enet.c | 23 +-
hw/net/virtio-net.c | 43 +++-
hw/net/vmxnet3.c | 58 ++++-
hw/pci/pci.c | 6 +-
hw/pci/pcie_aer.c | 10 +-
hw/pcmcia/pxa2xx.c | 2 +-
hw/ppc/spapr_pci.c | 16 ++
hw/s390x/css.c | 24 +-
hw/s390x/s390-virtio-hcall.c | 11 +-
hw/scsi/megasas.c | 17 ++
hw/scsi/mfi.h | 9 +
hw/scsi/scsi-bus.c | 2 +-
hw/scsi/scsi-disk.c | 2 +-
hw/scsi/scsi-generic.c | 2 -
hw/scsi/spapr_vscsi.c | 1 -
hw/scsi/virtio-scsi.c | 12 +-
hw/sd/omap_mmc.c | 2 +-
hw/sd/sdhci.c | 8 +-
hw/sd/ssi-sd.c | 9 +
hw/sh4/sh7750.c | 3 +-
hw/ssi/pl022.c | 14 ++
hw/timer/hpet.c | 13 +
hw/timer/omap_gptimer.c | 4 +-
hw/usb/bus.c | 4 +-
hw/usb/dev-bluetooth.c | 24 +-
hw/virtio/vhost.c | 10 +-
hw/virtio/virtio.c | 25 +-
include/hw/scsi/scsi.h | 2 +-
include/hw/virtio/virtio-net.h | 4 +-
include/migration/vmstate.h | 11 +-
kvm-all.c | 2 +-
linux-user/elfload.c | 115 +++++++--
linux-user/syscall.c | 16 ++
migration-rdma.c | 20 +-
migration.c | 2 +-
nbd.c | 7 +-
net/tap.c | 7 +-
po/Makefile | 4 +-
qemu-char.c | 17 +-
qemu-img.c | 2 +-
qemu-nbd.c | 5 +-
qga/commands-win32.c | 6 +-
qom/object.c | 14 +-
savevm.c | 136 ++++++-----
scripts/qapi-commands.py | 2 +-
target-arm/helper.c | 8 +-
target-arm/machine.c | 2 +-
target-arm/translate.c | 34 ++-
target-i386/cc_helper.c | 2 +-
target-i386/cpu.c | 5 +-
target-i386/cpu.h | 4 +-
target-i386/translate.c | 46 +++-
target-s390x/cpu.h | 4 +
target-s390x/helper.c | 70 ++++--
target-s390x/kvm.c | 28 +++
target-xtensa/translate.c | 4 +-
tcg/i386/tcg-target.c | 3 +-
tests/qemu-iotests/026.out | 6 +-
tests/qemu-iotests/029 | 40 +++-
tests/qemu-iotests/029.out | 17 ++
tests/qemu-iotests/039 | 20 ++
tests/qemu-iotests/039.out | 11 +
tests/qemu-iotests/044.out | 2 +-
tests/qemu-iotests/075 | 106 +++++++++
tests/qemu-iotests/075.out | 38 +++
tests/qemu-iotests/076 | 76 ++++++
tests/qemu-iotests/076.out | 18 ++
tests/qemu-iotests/078 | 87 +++++++
tests/qemu-iotests/078.out | 26 ++
tests/qemu-iotests/080 | 180 ++++++++++++++
tests/qemu-iotests/080.out | 83 +++++++
tests/qemu-iotests/088 | 64 +++++
tests/qemu-iotests/088.out | 17 ++
tests/qemu-iotests/092 | 98 ++++++++
tests/qemu-iotests/092.out | 38 +++
tests/qemu-iotests/common | 21 ++
tests/qemu-iotests/common.rc | 3 +
tests/qemu-iotests/group | 6 +
tests/qemu-iotests/sample_images/empty.bochs.bz2 | Bin 0 -> 118 bytes
tests/qemu-iotests/sample_images/fake.parallels.bz2 | Bin 0 -> 141 bytes
.../sample_images/simple-pattern.cloop.bz2 | Bin 0 -> 488 bytes
tests/tcg/test_path.c | 13 +-
trace-events | 3 +-
ui/vnc-enc-tight.c | 2 +-
132 files changed, 2692 insertions(+), 696 deletions(-)
create mode 100755 tests/qemu-iotests/075
create mode 100644 tests/qemu-iotests/075.out
create mode 100755 tests/qemu-iotests/076
create mode 100644 tests/qemu-iotests/076.out
create mode 100755 tests/qemu-iotests/078
create mode 100644 tests/qemu-iotests/078.out
create mode 100755 tests/qemu-iotests/080
create mode 100644 tests/qemu-iotests/080.out
create mode 100755 tests/qemu-iotests/088
create mode 100644 tests/qemu-iotests/088.out
create mode 100755 tests/qemu-iotests/092
create mode 100644 tests/qemu-iotests/092.out
create mode 100644 tests/qemu-iotests/sample_images/empty.bochs.bz2
create mode 100644 tests/qemu-iotests/sample_images/fake.parallels.bz2
create mode 100644 tests/qemu-iotests/sample_images/simple-pattern.cloop.bz2
- [Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14,
Michael Roth <=
- [Qemu-devel] [PATCH 002/156] scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 001/156] char: restore read callback on a reattached (hotplug) chardev, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 005/156] target-i386: Fix CC_OP_CLR vs PF, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 020/156] megasas: Implement LD_LIST_QUERY, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 021/156] arm: translate.c: Fix smlald Instruction, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 017/156] qcow2: Flush metadata during read-only reopen, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 013/156] mirror: fix early wake from sleep due to aio, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 022/156] block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file., Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 025/156] s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 018/156] block-commit: speed is an optional parameter, Michael Roth, 2014/07/08