ati: use vga_read_byte in ati_cursor_define
sd: sdhci: assert data_count is within fifo_buffer
msix: add valid.accepts methods to check address
Signed-off-by: Alex Chen <alex.chen@huawei.com>
scsi-bus: Refactor the code that retries requests
scsi-disk: Add support for retry on errors
qapi/block-core: Add retry option for error action
block-backend: Introduce retry timer
block-backend: Add device specific retry callback
block-backend: Enable retry action on errors
block-backend: Add timeout support for retry
block: Add error retry param setting
virtio-blk: Refactor the code that processes queued requests
virtio-blk: On restart, process queued requests in the proper context
virtio_blk: Add support for retry on errors
Signed-off-by: Alex Chen <alex.chen@huawei.com>
hw: usb: hcd-ohci: check for processed TD before retire
hw: ehci: check return value of 'usb_packet_map'
hw: usb: hcd-ohci: check len and frame_number variables
hw/net/e1000e: advance desc_offset in case of null descriptor
Signed-off-by: Alex Chen <alex.chen@huawei.com>
While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
routines, ensure that pkt_len is large enough to accommodate the
respective protocol headers, lest it should do an OOB access.
Add check to avoid it.
CVE-2020-29129 CVE-2020-29130
QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
-> https://www.openwall.com/lists/oss-security/2020/11/27/1
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20201126135706.273950-1-ppandit@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry-picked from 2e1dcbc0)
Signed-off-by: Alex Chen <alex.chen@huawei.com>
migration/tls: save hostname into MigrationState
migration/tls: extract migration_tls_client_create for common-use
migration/tls: add tls_hostname into MultiFDSendParams
migration/tls: extract cleanup function for common-use
migration/tls: add support for multifd tls-handshake
migration/tls: add trace points for multifd-tls
qemu-file: Don't do IO after shutdown
multifd: Make sure that we don't do any IO after an error
migration: Don't send data if we have stopped
migration: Create migration_is_running()
migration: fix COLO broken caused by a previous commit
migration/multifd: fix hangup with TLS-Multifd due to blocking handshake
multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration
Signed-off-by: Alex Chen <alex.chen@huawei.com>
migration/dirtyrate: setup up query-dirtyrate framwork
migration/dirtyrate: add DirtyRateStatus to denote calculation status
migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info
migration/dirtyrate: Add dirtyrate statistics series functions
migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h
migration/dirtyrate: Record hash results for each sampled page
migration/dirtyrate: Compare page hash results for recorded sampled page
migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE
migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid()
migration/dirtyrate: Implement calculate_dirtyrate() function
migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function
migration/dirtyrate: Add trace_calls to make it easier to debug
migration/dirtyrate: record start_time and calc_time while at the measuring state
migration/dirtyrate: present dirty rate only when querying the rate has completed
migration/dirtyrate: simplify includes in dirtyrate.c
Signed-off-by: Alex Chen <alex.chen@huawei.com>
elf2dmp: Fix memory leak on main() error paths
io: Don't use '#' flag of printf format
hw/display/omap_lcdc: Fix potential NULL pointer dereference
hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
block/vvfat: Fix bad printf format specifiers
block: Remove unused include
ssi: Fix bad printf format specifiers
net/l2tpv3: Remove redundant check in net_init_l2tpv3()
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Drop IPv6 message shorter than what's mentioned in the payload
length header (+ the size of the IPv6 header). They're invalid and could
lead to data leakage in icmp6_send_echoreply().
evtstrm and cpuid cann't be controlled by VMM:
1. evtstrm: The generic timer is configured to generate events at a
frequency of approximately 100KHz. It's controlled by the linux
kernel config CONFIG_ARM_ARCH_TIMER_EVTSTREAM.
2. cpuid: EL0 access to certain ID registers is available. It's always
set by linux kernel after 77c97b4ee2129 ("arm64: cpufeature: Expose
CPUID registers by emulation").
However, they are exposed by getauxval() and /proc/cpuinfo. Hence,
let's report and ignore the CPU features if someone set them.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
QEMU does not support disable/enable CPU features in AArch64 for now.
This patch series add support for CPU features in AArch64.
Firstly, we change the isar struct in ARMCPU to an array for
convenience. Secondly, we add support to configure CPU feautres in
AArch64 and make sure that the ID registers can be synchronized to KVM
so that guest can read the value we configure. Thirdly, we add a
mechanism to solve the dependency relationship of some CPU features.
Last, we add a KVM_CAP_ARM_CPU_FEATURE to check whether KVM supports to
set CPU features in AArch64.
Also export CPU features to the result of qmp query-cpu-model-expansion
so that libvirt can get the supported CPU features.
Update the ID fields to ARMv8.6 and add some CPU features according to
the new ID fields.
With related KVM patch set[1], we can disable/enable CPU features in
AArch64.
[1] https://patchwork.kernel.org/cover/11711693/
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
To support CPU feature in AArch64, we need to move some field from
ARMCPU to ARMISARegisters, add more definitions of ID fields, and add
suport query-cpu-model-expansion qmp command. Let's backport upstream
patches to do these.
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
if vcpu support smt, create new smt hierarchy according to
Processor Properties Topology Table(PPTT) in acpi spec 6.3.
Threads sharing a core must be grouped under a unique Processor
hierarchy node structure for each group of threads
Signed-off-by: Henglong Fan <fanhenglong@huawei.com>
