- thread-pool: optimize scheduling of completion bottom half
- migration/rdma: zore out head.repeat to make the error more clear
- vhost-user-fs: Back up vqs before cleaning up vhost_dev
- hw/vfio/pci-quirks: Sanitize capability pointer
- hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques
- replay: fix event queue flush for qemu shutdown
- hw/net: Fix read of uninitialized memory in ftgmac100
- target/ppc: Fix tlbie
- target/i386: fix INVD vmexit
- qtest/npcm7xx_pwm-test: Fix memory leak in mft_qom_set
- aio-posix: zero out io_uring sqe user_data
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
- hw/nvme: Avoid dynamic stack allocation
- ppc/vof: Fix missed fields in VOF cleanup
- ui: fix crash when there are no active_console
- tests/qtest/pflash: Clean up local variable shadowing
- target/ppc: Fix the order of kvm_enable judgment about kvmppc_set_interrupt()
- tulip: Assign default MAC address if not specified
- hw/char: fix qcode array bounds check in ESCC impl
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
- io: remove io watch if TLS channel is closed during handshake
- hw/ssi: Fix Linux driver init issue with xilinx_spi
- chardev: report the handshake error
- vhost: Drop unused eventfd_add|del hooks
- virtio-iommu: use-after-free fix
- hw/arm/virt: Check for attempt to use TrustZone with KVM or HVF
- hw/rx: rx-gdbsim DTB load address aligned of 16byte
- vhost-user: Use correct macro name TARGET_PPC64
- accel/kvm: Make kvm_dirty_ring_reaper_init() void
- accel/kvm: Free as when an error occurred
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
- sw_64: Added sw64 architecture related updates
- virtio-crypto: verify src&dst buffer length for sym request
- vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
- qga: Fix suspend on Linux guests without systemd
- tests: vhost-user-test: release mutex on protocol violation
- qapi: support updating expected test output via make
- block: Fix misleading hexadecimal format
- block/rbd: fix write zeroes with growing images
- block/nbd.c: Fixed IO request coroutine not being wakeup when kill NBD server
- block/nfs: Fix 32-bit Windows build
- qapi/qdev: Tidy up device_add documentation
- hw/xen/xen_pt: fix uninitialized variable
- migration/ram: Fix error handling in ram_write_tracking_start()
- docs/about/build-platforms: Refine the distro support policy
- xen-block: Avoid leaks on new error path
- QGA VSS: Add wrapper to send log to debugger and stderr
- chardev/char-socket: set s->listener = NULL in char_socket_finalize
- qapi/block: Tidy up block-latency-histogram-set documentation
- disas/riscv Fix ctzw disassemble
- vfio: Fix vfio_get_dev_region() trace event
- migration/ram: Fix populate_read_range()
- Check and report for incomplete 'global' option format
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
- Add lbt support for kvm.
- Fix smp.cores value and Fix divide 0 error
- hw/nvme: Change alignment in dma functions for nvme_blk_*
- virtio: fix reachable assertion due to stale value of cached region size
- hw/nvme: fix missing DNR on compare failure
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
Files man8/qemu-ga.8* are packaged in qemu-help package.
Delete it from qemu-guest-agent package.
Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
"%exclude" only means not packaging these three files but they
are still existing in buildroot directory. "ERROR: No build ID
not found in XXXXX" will be reported when generating debug package.
Delete them directly in buildroot directory.
Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
- migration/xbzrle: fix out-of-bounds write with axv512
- migration/xbzrle: use ctz64 to avoid undefined result
- Update bench-code for addressing CI problem
- AVX512 support for xbzrle_encode_buffer
- configure, meson: move AVX tests to meson
- target/i386: KVM: allow fast string operations if host supports them
- target/i386: add FSRM to TCG
- hw/nvme: fix memory leak in nvme_dsm
- aio-posix: fix race between epoll upgrade and aio_set_fd_handler()
- target/i386: Add SGX aex-notify and EDECCSSA support
- hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
- target/i386: Set maximum APIC ID to KVM prior to vCPU creation
- target/i386: Fix sanity check on max APIC ID / X2APIC enablement
Signed-off-by: Fei Xu <xufei30@huawei.com>
-vhost-user-blk: fix the resize crash
-plugins: make qemu_plugin_user_exit's locking order consistent with fork_start's
-linux-user: fix strace build w/out munlockall
-ui: fix crash on serial reset, during init
-qga/win/vss: requester_freeze changes
-migration: fix populate_vfio_info
-block/rbd: workaround for ceph issue #53784
-target/i386: add FZRM, FSRS, FSRC
-i386: Add new CPU model SapphireRapids
-core/cpu-common: Fix the wrong '#ifdef __aarch64__'
Signed-off-by: Fei Xu <xufei30@huawei.com>
-bugfix: fix qmp command migrate-set-parameters
-some bugfixs about ARM hot-plugged CPUs
-hw/core/machine:Fix the missing consideration of cluster-id
-test/tcg:Fix target-specific Makefile variable path for user-mode
-tests:add (riscv virt) machine mapping to testenv
-Make a litte improvement in curl and hw/riscv
-qemu support for loongarch
-hw/pvrdma: Protect against buggy or malious guest driver
-hw/audio/intel-hda:fix stream reset
-dsoundaudio:fix crackling audio recordings
-add notify-vm-exit support for i386
-blok-backend: prevent dangling BDS pointers across aio_poll()
-net:Fix uninitialized data usage
-net/eth:Don't consider ESP to be an IPv6 option header
-hw/net/vmxnet3:Log guest-triggerable errors using LOG_GUEST_ERROR
Signed-off-by: FeiXu <xufei30@huawei.com>
- linux-user: Add strace output for timer_settime64() syscall
- fix qemu-core when vhost-user-net config with server mode
Signed-off-by: yezengruan <yezengruan@huawei.com>
It is more clear about conditonal build.
Signed-off-by: Qiang Wei <qiang.wei@suse.com>
(cherry picked from commit c00bd7dc70f700b90db24c324d2e2333282130b9)
- sync some bugfix patches from upstream
- fix the virtio features negotiation flaw
- fix CVE-2022-4144
Signed-off-by: yezengruan <yezengruan@huawei.com>
- arm/virt: Fix vcpu hotplug idx_from_topo_ids
- Revert patches related to the vSVA
- sync some bugfix patches from upstream
- add generic vDPA device support
Signed-off-by: yezengruan <yezengruan@huawei.com>
(cherry picked from commit b99dbfd9847104300672fb4f559f1c2abba8aa33)
The download url is dead and needs to be updated.
Signed-off-by: yezengruan <yezengruan@huawei.com>
(cherry picked from commit 60ac7eb978859584cfa877bade4168a7ae60968c)
net-tulip-Restrict-DMA-engine-to-memories.patch was named with CVE-XX
surfixes, the spec remains that old name, change the name there.
Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
fix CVE-2022-2962.
The DMA engine is started by I/O access and then itself accesses the
I/O registers, triggering a teentrancy bug.
Fix this bug by restricting the DMA engine to memories regions.
Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
tests/qtest: Add fuzz-lsi53c895a-test
scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Signed-off-by: yezengruan <yezengruan@huawei.com>
block-nbd was refacted during release 6.2.0, but we didn't induced
all the needed patches within the 6.2.0 baseline, which leads to
vm crash during migration.
the reasons are as below:
when iothread is configured, the coroutines should get back to
the exact iothread that was out of. But within the 6.2.0 baseline,
patches were missing, nbd related coroutine didn't have its related
aio_context. It in fact get to the mainline aio_context, the mistaken
context leads to vm crash.
hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (CVE-2021-3750)
softmmu/physmem: Simplify flatview_write and address_space_access_valid
softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
