qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14


From: Dr. David Alan Gilbert
Subject: Re: [Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14
Date: Wed, 9 Jul 2014 18:43:49 +0100
User-agent: Mutt/1.5.23 (2014-03-12)

* Michael Roth (address@hidden) wrote:
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v1.7.2:
> 
>   https://github.com/mdroth/qemu/commits/stable-1.7-staging
> 
> The release is planned for 2014-07-21:
> 
>   http://wiki.qemu.org/Planning/1.7
> 
> Please respond here or CC address@hidden on any patches
> you think should be included in the release.

You might want to include:
a890a2f9137ac3cf5b607649e66a6f3a5512d8dc - virtio: validate config_len on load

which guards against a mismatched config len on the migration stream
overwriting things.

however, if you do you should also include:
2f5732e9648fcddc8759a8fd25c0b41a38352be6 - Allow mismatched virtio config-len
which instead of erroring, just discards the data to cope with
changes in the config len.

Dave


> Testing/feedback is greatly appreciated.
> 
> 
> As you maybe have noticed, the 1.7.2 stable release is late by
> almost an entire release cycle. There were some important fixes
> planned for 1.7.2 however, so hopefully better late than never.
> Due to the delay the patch queue for this release is quite a bit
> longer than usual, so anyone interested in this release is highly
> encouraged to review/test.
> 
> 2.0.1 has similarly slipped by half a release cycle, so 2.0.1 will
> be going out during the originally planned date release date for
> 2.0.2, and is the only planned stable release for the 2.0 series:
> 
>   http://wiki.qemu.org/Planning/2.0
> 
> My apologies for the delays. For 2.1.x, we should be back on track
> for the normal stable release schedule (2.1.1 midway through 2.2
> development, and 2.1.2 roughly coinciding with 2.2 release).
> 
> Thanks! 
> 
> ----------------------------------------------------------------
> Alexander Graf (3):
>       kvmclock: Ensure time in migration never goes backward
>       KVM: Fix GSI number space limit
>       virtio-serial: don't migrate the config space
> 
> Alexey Kardashevskiy (1):
>       spapr_pci: Fix number of returned vectors in ibm, change-msi
> 
> Andreas Färber (2):
>       sdhci: Fix misuse of qemu_free_irqs()
>       hw: Fix qemu_allocate_irqs() leaks
> 
> Benoît Canet (2):
>       ide: Correct improper smart self test counter reset in ide core.
>       block: Prevent coroutine stack overflow when recursing in 
> bdrv_open_backing_file.
> 
> ChenLiang (1):
>       migration: remove duplicate code
> 
> Cornelia Huck (1):
>       s390x/css: handle emw correctly for tsch
> 
> Cédric Le Goater (1):
>       virtio-net: byteswap virtio-net header
> 
> David Hildenbrand (1):
>       s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG
> 
> Dmitry Fleytman (4):
>       vmxnet3: validate interrupt indices coming from guest
>       vmxnet3: validate queues configuration coming from guest
>       vmxnet3: validate interrupt indices read on migration
>       vmxnet3: validate queues configuration read on migration
> 
> Dr. David Alan Gilbert (1):
>       Fix vmstate_info_int32_le comparison/assign
> 
> Edgar E. Iglesias (1):
>       target-arm: Make vbar_write 64bit friendly on 32bit hosts
> 
> Eduardo Habkost (1):
>       target-i386: Filter FEAT_7_0_EBX TCG features too
> 
> Fam Zheng (2):
>       scsi: Change scsi sense buf size to 252
>       curl: check data size before memcpy to local buffer. (CVE-2014-0144)
> 
> Gal Hammer (1):
>       char: restore read callback on a reattached (hotplug) chardev
> 
> Gonglei (1):
>       qga: Fix handle fd leak in acquire_privilege()
> 
> Hani Benhabiles (5):
>       usb: Fix usb-bt-dongle initialization.
>       nbd: Don't export a block device with no medium.
>       nbd: Don't validate from and len in NBD_CMD_DISC.
>       nbd: Close socket on negotiation failure.
>       nbd: Shutdown socket before closing.
> 
> Hannes Reinecke (1):
>       megasas: Implement LD_LIST_QUERY
> 
> Hu Tao (1):
>       qcow2: fix offset overflow in qcow2_alloc_clusters_at()
> 
> Jeff Cody (3):
>       vpc/vhd: add bounds check for max_table_entries and block_size 
> (CVE-2014-0144)
>       vdi: add bounds checks for blocks_in_image and disk_size header fields 
> (CVE-2014-0144)
>       vhdx: Bounds checking for block_size and logical_sector_size 
> (CVE-2014-0148)
> 
> Kevin Wolf (35):
>       qcow2: Flush metadata during read-only reopen
>       block: Use BDRV_O_NO_BACKING where appropriate
>       qemu-iotests: Support for bochs format
>       bochs: Unify header structs and make them QEMU_PACKED
>       bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
>       bochs: Check catalog_size header field (CVE-2014-0143)
>       bochs: Check extent_size header field (CVE-2014-0142)
>       bochs: Fix bitmap offset calculation
>       vpc: Validate block size (CVE-2014-0142)
>       qcow2: Check header_length (CVE-2014-0144)
>       qcow2: Check backing_file_offset (CVE-2014-0144)
>       qcow2: Check refcount table size (CVE-2014-0144)
>       qcow2: Validate refcount table offset
>       qcow2: Validate snapshot table offset/size (CVE-2014-0144)
>       qcow2: Validate active L1 table offset and size (CVE-2014-0144)
>       qcow2: Fix backing file name length check
>       qcow2: Zero-initialise first cluster for new images
>       qcow2: Don't rely on free_cluster_index in alloc_refcount_block() 
> (CVE-2014-0147)
>       qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
>       qcow2: Check new refcount table size on growth
>       qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref
>       qcow2: Protect against some integer overflows in bdrv_check
>       qcow2: Fix new L1 table size check (CVE-2014-0143)
>       block: Limit request size (CVE-2014-0143)
>       qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
>       qcow2: Fix copy_sectors() with VM state
>       qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() 
> (CVE-2014-0145)
>       qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() 
> (CVE-2014-0143)
>       parallels: Fix catalog size integer overflow (CVE-2014-0143)
>       parallels: Sanity check for s->tracks (CVE-2014-0142)
>       qcow1: Make padding in the header explicit
>       qcow1: Check maximum cluster size
>       qcow1: Validate L2 table size (CVE-2014-0222)
>       qcow1: Validate image size (CVE-2014-0223)
>       qcow1: Stricter backing file length check
> 
> Le Tan (1):
>       pci: assign devfn to pci_dev before calling 
> pci_device_iommu_address_space()
> 
> Marcelo Tosatti (1):
>       kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec 
> calculation
> 
> Markus Armbruster (10):
>       scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
>       virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path
>       blockdev: Plug memory leak in blockdev_init()
>       blockdev: Plug memory leak in drive_init()
>       block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR
>       block/vvfat: Plug memory leak in check_directory_consistency()
>       block/vvfat: Plug memory leak in read_directory()
>       block/sheepdog: Plug memory leak in sd_snapshot_create()
>       qemu-img: Plug memory leak in convert command
>       vnc: Fix tight_detect_smooth_image() for lossless case
> 
> Max Filippov (1):
>       target-xtensa: fix cross-page jumps/calls at the end of TB
> 
> Max Reitz (1):
>       block-commit: speed is an optional parameter
> 
> Michael R. Hines (1):
>       rdma: bug fixes
> 
> Michael Roth (3):
>       virtio: avoid buffer overrun on incoming migration
>       openpic: avoid buffer overrun on incoming migration
>       qapi: zero-initialize all QMP command parameters
> 
> Michael S. Tsirkin (27):
>       acpi: fix tables for no-hpet configuration
>       vmstate: reduce code duplication
>       vmstate: add VMS_MUST_EXIST
>       vmstate: add VMSTATE_VALIDATE
>       virtio-net: fix buffer overflow on invalid state load
>       virtio-net: out-of-bounds buffer write on invalid state load
>       virtio-net: out-of-bounds buffer write on load
>       virtio: out-of-bounds buffer write on invalid state load
>       ahci: fix buffer overrun on invalid state load
>       hpet: fix buffer overrun on invalid state load
>       hw/pci/pcie_aer.c: fix buffer overruns on invalid state load
>       pl022: fix buffer overun on invalid state load
>       vmstate: fix buffer overflow in target-arm/machine.c
>       virtio: validate num_sg when mapping
>       pxa2xx: avoid buffer overrun on incoming migration
>       ssi-sd: fix buffer overrun on invalid state load
>       ssd0323: fix buffer overun on invalid state load
>       tsc210x: fix buffer overrun on invalid state load
>       zaurus: fix buffer overrun on invalid state load
>       virtio-scsi: fix buffer overrun on invalid state load
>       vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
>       usb: sanity check setup_index+setup_len in post_load
>       virtio: validate config_len on load
>       stellaris_enet: block migration
>       pci-assign: limit # of msix vectors
>       virtio: allow mapping up to max queue size
>       vhost: fix resource leak in error handling
> 
> Michael Tokarev (1):
>       po/Makefile: fix $SRC_PATH reference
> 
> Paolo Bonzini (2):
>       mirror: fix throttling delay calculation
>       target-i386: fix set of registers zeroed on reset
> 
> Peter Crosthwaite (1):
>       arm: translate.c: Fix smlald Instruction
> 
> Peter Lieven (2):
>       block/iscsi: fix deadlock on scsi check condition
>       migration: catch unknown flags in ram_load
> 
> Peter Maydell (9):
>       hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun
>       hw/net/stellaris_enet: Correct handling of packet padding
>       savevm: Ignore minimum_version_id_old if there is no load_state_old
>       linux-user/elfload.c: Fix incorrect ARM HWCAP bits
>       linux-user/elfload.c: Update ARM HWCAP bits
>       linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32
>       linux-user: Don't overrun guest buffer in sched_getaffinity
>       target-arm: Fix errors in writes to generic timer control registers
>       coroutine-win32.c: Add noinline attribute to work around gcc bug
> 
> Richard Henderson (3):
>       target-i386: Fix CC_OP_CLR vs PF
>       target-i386: Fix ucomis and comis memory access
>       tcg-i386: Fix win64 qemu store
> 
> Stefan Fritsch (1):
>       virtio-net: Do not filter VLANs without F_CTRL_VLAN
> 
> Stefan Hajnoczi (18):
>       qom: Avoid leaking str and bool properties on failure
>       tap: avoid deadlocking rx
>       mirror: fix early wake from sleep due to aio
>       qemu-iotests: add ./check -cloop support
>       qemu-iotests: add cloop input validation tests
>       block/cloop: validate block_size header field (CVE-2014-0144)
>       block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
>       block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
>       block/cloop: refuse images with bogus offsets (CVE-2014-0144)
>       block/cloop: fix offsets[] size off-by-one
>       dmg: coding style and indentation cleanup
>       dmg: prevent out-of-bounds array access on terminator
>       dmg: drop broken bdrv_pread() loop
>       dmg: use appropriate types when reading chunks
>       dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
>       dmg: use uint64_t consistently for sectors and lengths
>       dmg: prevent chunk buffer overflow (CVE-2014-0145)
>       aio: fix qemu_bh_schedule() bh->ctx race condition
> 
> Stefan Weil (3):
>       tests: Fix 'make test' for i686 hosts (build regression)
>       configure: Don't use __int128_t for clang versions before 3.2
>       cputlb: Fix regression with TCG interpreter (bug 1310324)
> 
> Thomas Huth (2):
>       s390x/virtio-hcall: Add range check for hypervisor call
>       s390x/helper: Added format control bit to MMU translation
> 
> Ulrich Obergfell (1):
>       scsi-disk: fix bug in scsi_block_new_request() introduced by commit 
> 137745c
> 
>  arch_init.c                                            |  96 ++++----
>  async.c                                                |  14 +-
>  block.c                                                |  40 ++--
>  block/bochs.c                                          | 109 +++++----
>  block/cloop.c                                          |  81 ++++++-
>  block/curl.c                                           |   5 +
>  block/dmg.c                                            | 275 
> +++++++++++++---------
>  block/iscsi.c                                          |   5 +-
>  block/mirror.c                                         |  37 +--
>  block/parallels.c                                      |  14 +-
>  block/qapi.c                                           |   1 +
>  block/qcow.c                                           |  43 +++-
>  block/qcow2-cluster.c                                  |  11 +-
>  block/qcow2-refcount.c                                 | 119 ++++++----
>  block/qcow2-snapshot.c                                 |  35 +--
>  block/qcow2.c                                          | 198 ++++++++++++----
>  block/qcow2.h                                          |  48 +++-
>  block/sheepdog.c                                       |   4 +-
>  block/vdi.c                                            |  31 ++-
>  block/vhdx.c                                           |  12 +-
>  block/vmdk.c                                           |   2 +-
>  block/vpc.c                                            |  32 ++-
>  block/vvfat.c                                          |   6 +-
>  blockdev-nbd.c                                         |   9 +-
>  blockdev.c                                             |  11 +-
>  configure                                              |   5 +
>  coroutine-win32.c                                      |  13 +-
>  cputlb.c                                               |   6 +-
>  docs/migration.txt                                     |  12 +-
>  hw/arm/omap1.c                                         |  14 +-
>  hw/arm/omap2.c                                         |   2 +-
>  hw/arm/pxa2xx.c                                        |  12 +-
>  hw/arm/spitz.c                                         |   4 +-
>  hw/arm/z2.c                                            |   2 +-
>  hw/char/virtio-serial-bus.c                            |  16 +-
>  hw/core/irq.c                                          |   4 +-
>  hw/display/ssd0323.c                                   |  24 ++
>  hw/dma/omap_dma.c                                      |   4 +-
>  hw/gpio/zaurus.c                                       |  10 +
>  hw/i386/acpi-build.c                                   |   7 +-
>  hw/i386/kvm/clock.c                                    |  52 ++++
>  hw/i386/kvm/pci-assign.c                               |  12 +-
>  hw/ide/ahci.c                                          |   2 +-
>  hw/ide/core.c                                          |   2 +-
>  hw/ide/microdrive.c                                    |   2 +-
>  hw/input/tsc210x.c                                     |  12 +
>  hw/intc/openpic.c                                      |  16 +-
>  hw/misc/cbus.c                                         |   6 +-
>  hw/net/stellaris_enet.c                                |  23 +-
>  hw/net/virtio-net.c                                    |  43 +++-
>  hw/net/vmxnet3.c                                       |  58 ++++-
>  hw/pci/pci.c                                           |   6 +-
>  hw/pci/pcie_aer.c                                      |  10 +-
>  hw/pcmcia/pxa2xx.c                                     |   2 +-
>  hw/ppc/spapr_pci.c                                     |  16 ++
>  hw/s390x/css.c                                         |  24 +-
>  hw/s390x/s390-virtio-hcall.c                           |  11 +-
>  hw/scsi/megasas.c                                      |  17 ++
>  hw/scsi/mfi.h                                          |   9 +
>  hw/scsi/scsi-bus.c                                     |   2 +-
>  hw/scsi/scsi-disk.c                                    |   2 +-
>  hw/scsi/scsi-generic.c                                 |   2 -
>  hw/scsi/spapr_vscsi.c                                  |   1 -
>  hw/scsi/virtio-scsi.c                                  |  12 +-
>  hw/sd/omap_mmc.c                                       |   2 +-
>  hw/sd/sdhci.c                                          |   8 +-
>  hw/sd/ssi-sd.c                                         |   9 +
>  hw/sh4/sh7750.c                                        |   3 +-
>  hw/ssi/pl022.c                                         |  14 ++
>  hw/timer/hpet.c                                        |  13 +
>  hw/timer/omap_gptimer.c                                |   4 +-
>  hw/usb/bus.c                                           |   4 +-
>  hw/usb/dev-bluetooth.c                                 |  24 +-
>  hw/virtio/vhost.c                                      |  10 +-
>  hw/virtio/virtio.c                                     |  25 +-
>  include/hw/scsi/scsi.h                                 |   2 +-
>  include/hw/virtio/virtio-net.h                         |   4 +-
>  include/migration/vmstate.h                            |  11 +-
>  kvm-all.c                                              |   2 +-
>  linux-user/elfload.c                                   | 115 +++++++--
>  linux-user/syscall.c                                   |  16 ++
>  migration-rdma.c                                       |  20 +-
>  migration.c                                            |   2 +-
>  nbd.c                                                  |   7 +-
>  net/tap.c                                              |   7 +-
>  po/Makefile                                            |   4 +-
>  qemu-char.c                                            |  17 +-
>  qemu-img.c                                             |   2 +-
>  qemu-nbd.c                                             |   5 +-
>  qga/commands-win32.c                                   |   6 +-
>  qom/object.c                                           |  14 +-
>  savevm.c                                               | 136 ++++++-----
>  scripts/qapi-commands.py                               |   2 +-
>  target-arm/helper.c                                    |   8 +-
>  target-arm/machine.c                                   |   2 +-
>  target-arm/translate.c                                 |  34 ++-
>  target-i386/cc_helper.c                                |   2 +-
>  target-i386/cpu.c                                      |   5 +-
>  target-i386/cpu.h                                      |   4 +-
>  target-i386/translate.c                                |  46 +++-
>  target-s390x/cpu.h                                     |   4 +
>  target-s390x/helper.c                                  |  70 ++++--
>  target-s390x/kvm.c                                     |  28 +++
>  target-xtensa/translate.c                              |   4 +-
>  tcg/i386/tcg-target.c                                  |   3 +-
>  tests/qemu-iotests/026.out                             |   6 +-
>  tests/qemu-iotests/029                                 |  40 +++-
>  tests/qemu-iotests/029.out                             |  17 ++
>  tests/qemu-iotests/039                                 |  20 ++
>  tests/qemu-iotests/039.out                             |  11 +
>  tests/qemu-iotests/044.out                             |   2 +-
>  tests/qemu-iotests/075                                 | 106 +++++++++
>  tests/qemu-iotests/075.out                             |  38 +++
>  tests/qemu-iotests/076                                 |  76 ++++++
>  tests/qemu-iotests/076.out                             |  18 ++
>  tests/qemu-iotests/078                                 |  87 +++++++
>  tests/qemu-iotests/078.out                             |  26 ++
>  tests/qemu-iotests/080                                 | 180 ++++++++++++++
>  tests/qemu-iotests/080.out                             |  83 +++++++
>  tests/qemu-iotests/088                                 |  64 +++++
>  tests/qemu-iotests/088.out                             |  17 ++
>  tests/qemu-iotests/092                                 |  98 ++++++++
>  tests/qemu-iotests/092.out                             |  38 +++
>  tests/qemu-iotests/common                              |  21 ++
>  tests/qemu-iotests/common.rc                           |   3 +
>  tests/qemu-iotests/group                               |   6 +
>  tests/qemu-iotests/sample_images/empty.bochs.bz2       | Bin 0 -> 118 bytes
>  tests/qemu-iotests/sample_images/fake.parallels.bz2    | Bin 0 -> 141 bytes
>  .../sample_images/simple-pattern.cloop.bz2             | Bin 0 -> 488 bytes
>  tests/tcg/test_path.c                                  |  13 +-
>  trace-events                                           |   3 +-
>  ui/vnc-enc-tight.c                                     |   2 +-
>  132 files changed, 2692 insertions(+), 696 deletions(-)
>  create mode 100755 tests/qemu-iotests/075
>  create mode 100644 tests/qemu-iotests/075.out
>  create mode 100755 tests/qemu-iotests/076
>  create mode 100644 tests/qemu-iotests/076.out
>  create mode 100755 tests/qemu-iotests/078
>  create mode 100644 tests/qemu-iotests/078.out
>  create mode 100755 tests/qemu-iotests/080
>  create mode 100644 tests/qemu-iotests/080.out
>  create mode 100755 tests/qemu-iotests/088
>  create mode 100644 tests/qemu-iotests/088.out
>  create mode 100755 tests/qemu-iotests/092
>  create mode 100644 tests/qemu-iotests/092.out
>  create mode 100644 tests/qemu-iotests/sample_images/empty.bochs.bz2
>  create mode 100644 tests/qemu-iotests/sample_images/fake.parallels.bz2
>  create mode 100644 tests/qemu-iotests/sample_images/simple-pattern.cloop.bz2
> 
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK



reply via email to

[Prev in Thread] Current Thread [Next in Thread]