[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14 |
Date: |
Wed, 9 Jul 2014 18:43:49 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
* Michael Roth (address@hidden) wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v1.7.2:
>
> https://github.com/mdroth/qemu/commits/stable-1.7-staging
>
> The release is planned for 2014-07-21:
>
> http://wiki.qemu.org/Planning/1.7
>
> Please respond here or CC address@hidden on any patches
> you think should be included in the release.
You might want to include:
a890a2f9137ac3cf5b607649e66a6f3a5512d8dc - virtio: validate config_len on load
which guards against a mismatched config len on the migration stream
overwriting things.
however, if you do you should also include:
2f5732e9648fcddc8759a8fd25c0b41a38352be6 - Allow mismatched virtio config-len
which instead of erroring, just discards the data to cope with
changes in the config len.
Dave
> Testing/feedback is greatly appreciated.
>
>
> As you maybe have noticed, the 1.7.2 stable release is late by
> almost an entire release cycle. There were some important fixes
> planned for 1.7.2 however, so hopefully better late than never.
> Due to the delay the patch queue for this release is quite a bit
> longer than usual, so anyone interested in this release is highly
> encouraged to review/test.
>
> 2.0.1 has similarly slipped by half a release cycle, so 2.0.1 will
> be going out during the originally planned date release date for
> 2.0.2, and is the only planned stable release for the 2.0 series:
>
> http://wiki.qemu.org/Planning/2.0
>
> My apologies for the delays. For 2.1.x, we should be back on track
> for the normal stable release schedule (2.1.1 midway through 2.2
> development, and 2.1.2 roughly coinciding with 2.2 release).
>
> Thanks!
>
> ----------------------------------------------------------------
> Alexander Graf (3):
> kvmclock: Ensure time in migration never goes backward
> KVM: Fix GSI number space limit
> virtio-serial: don't migrate the config space
>
> Alexey Kardashevskiy (1):
> spapr_pci: Fix number of returned vectors in ibm, change-msi
>
> Andreas Färber (2):
> sdhci: Fix misuse of qemu_free_irqs()
> hw: Fix qemu_allocate_irqs() leaks
>
> Benoît Canet (2):
> ide: Correct improper smart self test counter reset in ide core.
> block: Prevent coroutine stack overflow when recursing in
> bdrv_open_backing_file.
>
> ChenLiang (1):
> migration: remove duplicate code
>
> Cornelia Huck (1):
> s390x/css: handle emw correctly for tsch
>
> Cédric Le Goater (1):
> virtio-net: byteswap virtio-net header
>
> David Hildenbrand (1):
> s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG
>
> Dmitry Fleytman (4):
> vmxnet3: validate interrupt indices coming from guest
> vmxnet3: validate queues configuration coming from guest
> vmxnet3: validate interrupt indices read on migration
> vmxnet3: validate queues configuration read on migration
>
> Dr. David Alan Gilbert (1):
> Fix vmstate_info_int32_le comparison/assign
>
> Edgar E. Iglesias (1):
> target-arm: Make vbar_write 64bit friendly on 32bit hosts
>
> Eduardo Habkost (1):
> target-i386: Filter FEAT_7_0_EBX TCG features too
>
> Fam Zheng (2):
> scsi: Change scsi sense buf size to 252
> curl: check data size before memcpy to local buffer. (CVE-2014-0144)
>
> Gal Hammer (1):
> char: restore read callback on a reattached (hotplug) chardev
>
> Gonglei (1):
> qga: Fix handle fd leak in acquire_privilege()
>
> Hani Benhabiles (5):
> usb: Fix usb-bt-dongle initialization.
> nbd: Don't export a block device with no medium.
> nbd: Don't validate from and len in NBD_CMD_DISC.
> nbd: Close socket on negotiation failure.
> nbd: Shutdown socket before closing.
>
> Hannes Reinecke (1):
> megasas: Implement LD_LIST_QUERY
>
> Hu Tao (1):
> qcow2: fix offset overflow in qcow2_alloc_clusters_at()
>
> Jeff Cody (3):
> vpc/vhd: add bounds check for max_table_entries and block_size
> (CVE-2014-0144)
> vdi: add bounds checks for blocks_in_image and disk_size header fields
> (CVE-2014-0144)
> vhdx: Bounds checking for block_size and logical_sector_size
> (CVE-2014-0148)
>
> Kevin Wolf (35):
> qcow2: Flush metadata during read-only reopen
> block: Use BDRV_O_NO_BACKING where appropriate
> qemu-iotests: Support for bochs format
> bochs: Unify header structs and make them QEMU_PACKED
> bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147)
> bochs: Check catalog_size header field (CVE-2014-0143)
> bochs: Check extent_size header field (CVE-2014-0142)
> bochs: Fix bitmap offset calculation
> vpc: Validate block size (CVE-2014-0142)
> qcow2: Check header_length (CVE-2014-0144)
> qcow2: Check backing_file_offset (CVE-2014-0144)
> qcow2: Check refcount table size (CVE-2014-0144)
> qcow2: Validate refcount table offset
> qcow2: Validate snapshot table offset/size (CVE-2014-0144)
> qcow2: Validate active L1 table offset and size (CVE-2014-0144)
> qcow2: Fix backing file name length check
> qcow2: Zero-initialise first cluster for new images
> qcow2: Don't rely on free_cluster_index in alloc_refcount_block()
> (CVE-2014-0147)
> qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143)
> qcow2: Check new refcount table size on growth
> qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref
> qcow2: Protect against some integer overflows in bdrv_check
> qcow2: Fix new L1 table size check (CVE-2014-0143)
> block: Limit request size (CVE-2014-0143)
> qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146)
> qcow2: Fix copy_sectors() with VM state
> qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp()
> (CVE-2014-0145)
> qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp()
> (CVE-2014-0143)
> parallels: Fix catalog size integer overflow (CVE-2014-0143)
> parallels: Sanity check for s->tracks (CVE-2014-0142)
> qcow1: Make padding in the header explicit
> qcow1: Check maximum cluster size
> qcow1: Validate L2 table size (CVE-2014-0222)
> qcow1: Validate image size (CVE-2014-0223)
> qcow1: Stricter backing file length check
>
> Le Tan (1):
> pci: assign devfn to pci_dev before calling
> pci_device_iommu_address_space()
>
> Marcelo Tosatti (1):
> kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec
> calculation
>
> Markus Armbruster (10):
> scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b
> virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path
> blockdev: Plug memory leak in blockdev_init()
> blockdev: Plug memory leak in drive_init()
> block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR
> block/vvfat: Plug memory leak in check_directory_consistency()
> block/vvfat: Plug memory leak in read_directory()
> block/sheepdog: Plug memory leak in sd_snapshot_create()
> qemu-img: Plug memory leak in convert command
> vnc: Fix tight_detect_smooth_image() for lossless case
>
> Max Filippov (1):
> target-xtensa: fix cross-page jumps/calls at the end of TB
>
> Max Reitz (1):
> block-commit: speed is an optional parameter
>
> Michael R. Hines (1):
> rdma: bug fixes
>
> Michael Roth (3):
> virtio: avoid buffer overrun on incoming migration
> openpic: avoid buffer overrun on incoming migration
> qapi: zero-initialize all QMP command parameters
>
> Michael S. Tsirkin (27):
> acpi: fix tables for no-hpet configuration
> vmstate: reduce code duplication
> vmstate: add VMS_MUST_EXIST
> vmstate: add VMSTATE_VALIDATE
> virtio-net: fix buffer overflow on invalid state load
> virtio-net: out-of-bounds buffer write on invalid state load
> virtio-net: out-of-bounds buffer write on load
> virtio: out-of-bounds buffer write on invalid state load
> ahci: fix buffer overrun on invalid state load
> hpet: fix buffer overrun on invalid state load
> hw/pci/pcie_aer.c: fix buffer overruns on invalid state load
> pl022: fix buffer overun on invalid state load
> vmstate: fix buffer overflow in target-arm/machine.c
> virtio: validate num_sg when mapping
> pxa2xx: avoid buffer overrun on incoming migration
> ssi-sd: fix buffer overrun on invalid state load
> ssd0323: fix buffer overun on invalid state load
> tsc210x: fix buffer overrun on invalid state load
> zaurus: fix buffer overrun on invalid state load
> virtio-scsi: fix buffer overrun on invalid state load
> vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
> usb: sanity check setup_index+setup_len in post_load
> virtio: validate config_len on load
> stellaris_enet: block migration
> pci-assign: limit # of msix vectors
> virtio: allow mapping up to max queue size
> vhost: fix resource leak in error handling
>
> Michael Tokarev (1):
> po/Makefile: fix $SRC_PATH reference
>
> Paolo Bonzini (2):
> mirror: fix throttling delay calculation
> target-i386: fix set of registers zeroed on reset
>
> Peter Crosthwaite (1):
> arm: translate.c: Fix smlald Instruction
>
> Peter Lieven (2):
> block/iscsi: fix deadlock on scsi check condition
> migration: catch unknown flags in ram_load
>
> Peter Maydell (9):
> hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun
> hw/net/stellaris_enet: Correct handling of packet padding
> savevm: Ignore minimum_version_id_old if there is no load_state_old
> linux-user/elfload.c: Fix incorrect ARM HWCAP bits
> linux-user/elfload.c: Update ARM HWCAP bits
> linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32
> linux-user: Don't overrun guest buffer in sched_getaffinity
> target-arm: Fix errors in writes to generic timer control registers
> coroutine-win32.c: Add noinline attribute to work around gcc bug
>
> Richard Henderson (3):
> target-i386: Fix CC_OP_CLR vs PF
> target-i386: Fix ucomis and comis memory access
> tcg-i386: Fix win64 qemu store
>
> Stefan Fritsch (1):
> virtio-net: Do not filter VLANs without F_CTRL_VLAN
>
> Stefan Hajnoczi (18):
> qom: Avoid leaking str and bool properties on failure
> tap: avoid deadlocking rx
> mirror: fix early wake from sleep due to aio
> qemu-iotests: add ./check -cloop support
> qemu-iotests: add cloop input validation tests
> block/cloop: validate block_size header field (CVE-2014-0144)
> block/cloop: prevent offsets_size integer overflow (CVE-2014-0143)
> block/cloop: refuse images with huge offsets arrays (CVE-2014-0144)
> block/cloop: refuse images with bogus offsets (CVE-2014-0144)
> block/cloop: fix offsets[] size off-by-one
> dmg: coding style and indentation cleanup
> dmg: prevent out-of-bounds array access on terminator
> dmg: drop broken bdrv_pread() loop
> dmg: use appropriate types when reading chunks
> dmg: sanitize chunk length and sectorcount (CVE-2014-0145)
> dmg: use uint64_t consistently for sectors and lengths
> dmg: prevent chunk buffer overflow (CVE-2014-0145)
> aio: fix qemu_bh_schedule() bh->ctx race condition
>
> Stefan Weil (3):
> tests: Fix 'make test' for i686 hosts (build regression)
> configure: Don't use __int128_t for clang versions before 3.2
> cputlb: Fix regression with TCG interpreter (bug 1310324)
>
> Thomas Huth (2):
> s390x/virtio-hcall: Add range check for hypervisor call
> s390x/helper: Added format control bit to MMU translation
>
> Ulrich Obergfell (1):
> scsi-disk: fix bug in scsi_block_new_request() introduced by commit
> 137745c
>
> arch_init.c | 96 ++++----
> async.c | 14 +-
> block.c | 40 ++--
> block/bochs.c | 109 +++++----
> block/cloop.c | 81 ++++++-
> block/curl.c | 5 +
> block/dmg.c | 275
> +++++++++++++---------
> block/iscsi.c | 5 +-
> block/mirror.c | 37 +--
> block/parallels.c | 14 +-
> block/qapi.c | 1 +
> block/qcow.c | 43 +++-
> block/qcow2-cluster.c | 11 +-
> block/qcow2-refcount.c | 119 ++++++----
> block/qcow2-snapshot.c | 35 +--
> block/qcow2.c | 198 ++++++++++++----
> block/qcow2.h | 48 +++-
> block/sheepdog.c | 4 +-
> block/vdi.c | 31 ++-
> block/vhdx.c | 12 +-
> block/vmdk.c | 2 +-
> block/vpc.c | 32 ++-
> block/vvfat.c | 6 +-
> blockdev-nbd.c | 9 +-
> blockdev.c | 11 +-
> configure | 5 +
> coroutine-win32.c | 13 +-
> cputlb.c | 6 +-
> docs/migration.txt | 12 +-
> hw/arm/omap1.c | 14 +-
> hw/arm/omap2.c | 2 +-
> hw/arm/pxa2xx.c | 12 +-
> hw/arm/spitz.c | 4 +-
> hw/arm/z2.c | 2 +-
> hw/char/virtio-serial-bus.c | 16 +-
> hw/core/irq.c | 4 +-
> hw/display/ssd0323.c | 24 ++
> hw/dma/omap_dma.c | 4 +-
> hw/gpio/zaurus.c | 10 +
> hw/i386/acpi-build.c | 7 +-
> hw/i386/kvm/clock.c | 52 ++++
> hw/i386/kvm/pci-assign.c | 12 +-
> hw/ide/ahci.c | 2 +-
> hw/ide/core.c | 2 +-
> hw/ide/microdrive.c | 2 +-
> hw/input/tsc210x.c | 12 +
> hw/intc/openpic.c | 16 +-
> hw/misc/cbus.c | 6 +-
> hw/net/stellaris_enet.c | 23 +-
> hw/net/virtio-net.c | 43 +++-
> hw/net/vmxnet3.c | 58 ++++-
> hw/pci/pci.c | 6 +-
> hw/pci/pcie_aer.c | 10 +-
> hw/pcmcia/pxa2xx.c | 2 +-
> hw/ppc/spapr_pci.c | 16 ++
> hw/s390x/css.c | 24 +-
> hw/s390x/s390-virtio-hcall.c | 11 +-
> hw/scsi/megasas.c | 17 ++
> hw/scsi/mfi.h | 9 +
> hw/scsi/scsi-bus.c | 2 +-
> hw/scsi/scsi-disk.c | 2 +-
> hw/scsi/scsi-generic.c | 2 -
> hw/scsi/spapr_vscsi.c | 1 -
> hw/scsi/virtio-scsi.c | 12 +-
> hw/sd/omap_mmc.c | 2 +-
> hw/sd/sdhci.c | 8 +-
> hw/sd/ssi-sd.c | 9 +
> hw/sh4/sh7750.c | 3 +-
> hw/ssi/pl022.c | 14 ++
> hw/timer/hpet.c | 13 +
> hw/timer/omap_gptimer.c | 4 +-
> hw/usb/bus.c | 4 +-
> hw/usb/dev-bluetooth.c | 24 +-
> hw/virtio/vhost.c | 10 +-
> hw/virtio/virtio.c | 25 +-
> include/hw/scsi/scsi.h | 2 +-
> include/hw/virtio/virtio-net.h | 4 +-
> include/migration/vmstate.h | 11 +-
> kvm-all.c | 2 +-
> linux-user/elfload.c | 115 +++++++--
> linux-user/syscall.c | 16 ++
> migration-rdma.c | 20 +-
> migration.c | 2 +-
> nbd.c | 7 +-
> net/tap.c | 7 +-
> po/Makefile | 4 +-
> qemu-char.c | 17 +-
> qemu-img.c | 2 +-
> qemu-nbd.c | 5 +-
> qga/commands-win32.c | 6 +-
> qom/object.c | 14 +-
> savevm.c | 136 ++++++-----
> scripts/qapi-commands.py | 2 +-
> target-arm/helper.c | 8 +-
> target-arm/machine.c | 2 +-
> target-arm/translate.c | 34 ++-
> target-i386/cc_helper.c | 2 +-
> target-i386/cpu.c | 5 +-
> target-i386/cpu.h | 4 +-
> target-i386/translate.c | 46 +++-
> target-s390x/cpu.h | 4 +
> target-s390x/helper.c | 70 ++++--
> target-s390x/kvm.c | 28 +++
> target-xtensa/translate.c | 4 +-
> tcg/i386/tcg-target.c | 3 +-
> tests/qemu-iotests/026.out | 6 +-
> tests/qemu-iotests/029 | 40 +++-
> tests/qemu-iotests/029.out | 17 ++
> tests/qemu-iotests/039 | 20 ++
> tests/qemu-iotests/039.out | 11 +
> tests/qemu-iotests/044.out | 2 +-
> tests/qemu-iotests/075 | 106 +++++++++
> tests/qemu-iotests/075.out | 38 +++
> tests/qemu-iotests/076 | 76 ++++++
> tests/qemu-iotests/076.out | 18 ++
> tests/qemu-iotests/078 | 87 +++++++
> tests/qemu-iotests/078.out | 26 ++
> tests/qemu-iotests/080 | 180 ++++++++++++++
> tests/qemu-iotests/080.out | 83 +++++++
> tests/qemu-iotests/088 | 64 +++++
> tests/qemu-iotests/088.out | 17 ++
> tests/qemu-iotests/092 | 98 ++++++++
> tests/qemu-iotests/092.out | 38 +++
> tests/qemu-iotests/common | 21 ++
> tests/qemu-iotests/common.rc | 3 +
> tests/qemu-iotests/group | 6 +
> tests/qemu-iotests/sample_images/empty.bochs.bz2 | Bin 0 -> 118 bytes
> tests/qemu-iotests/sample_images/fake.parallels.bz2 | Bin 0 -> 141 bytes
> .../sample_images/simple-pattern.cloop.bz2 | Bin 0 -> 488 bytes
> tests/tcg/test_path.c | 13 +-
> trace-events | 3 +-
> ui/vnc-enc-tight.c | 2 +-
> 132 files changed, 2692 insertions(+), 696 deletions(-)
> create mode 100755 tests/qemu-iotests/075
> create mode 100644 tests/qemu-iotests/075.out
> create mode 100755 tests/qemu-iotests/076
> create mode 100644 tests/qemu-iotests/076.out
> create mode 100755 tests/qemu-iotests/078
> create mode 100644 tests/qemu-iotests/078.out
> create mode 100755 tests/qemu-iotests/080
> create mode 100644 tests/qemu-iotests/080.out
> create mode 100755 tests/qemu-iotests/088
> create mode 100644 tests/qemu-iotests/088.out
> create mode 100755 tests/qemu-iotests/092
> create mode 100644 tests/qemu-iotests/092.out
> create mode 100644 tests/qemu-iotests/sample_images/empty.bochs.bz2
> create mode 100644 tests/qemu-iotests/sample_images/fake.parallels.bz2
> create mode 100644 tests/qemu-iotests/sample_images/simple-pattern.cloop.bz2
>
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
- [Qemu-devel] [PATCH 008/156] qom: Avoid leaking str and bool properties on failure, (continued)
- [Qemu-devel] [PATCH 008/156] qom: Avoid leaking str and bool properties on failure, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 011/156] configure: Don't use __int128_t for clang versions before 3.2, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 015/156] hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun, Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 119/156] qcow1: Validate image size (CVE-2014-0223), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 118/156] qcow1: Validate L2 table size (CVE-2014-0222), Michael Roth, 2014/07/08
- [Qemu-devel] [PATCH 090/156] qcow2: Validate refcount table offset, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 121/156] virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 044/156] vmstate: fix buffer overflow in target-arm/machine.c, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 112/156] qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145), Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 147/156] virtio-serial: don't migrate the config space, Michael Roth, 2014/07/09
- Re: [Qemu-devel] Patch Round-up for stable 1.7.2, freeze on 2014-07-14,
Dr. David Alan Gilbert <=
- [Qemu-devel] [PATCH 066/156] virtio: allow mapping up to max queue size, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 083/156] vpc: Validate block size (CVE-2014-0142), Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 078/156] bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147), Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 151/156] nbd: Shutdown socket before closing., Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 047/156] virtio: validate num_sg when mapping, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 117/156] qcow1: Check maximum cluster size, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 016/156] hw/net/stellaris_enet: Correct handling of packet padding, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 026/156] po/Makefile: fix $SRC_PATH reference, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 120/156] qcow1: Stricter backing file length check, Michael Roth, 2014/07/09