Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package qemu for openSUSE:Factory checked in
at 2023-02-12 19:13:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/qemu (Old)
and /work/SRC/openSUSE:Factory/.qemu.new.1848 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu"
Sun Feb 12 19:13:59 2023 rev:245 rq:1064332 version:7.1.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/qemu/qemu.changes 2023-01-29
14:16:39.932964047 +0100
+++ /work/SRC/openSUSE:Factory/.qemu.new.1848/qemu.changes 2023-02-12
19:14:05.536956479 +0100
@@ -1,0 +2,29 @@
+Fri Feb 10 12:12:28 UTC 2023 - Dario Faggioli <dfaggi...@suse.com>
+
+- Fixed: bsc#1205847 (CVE-2022-4172), bsc#1203788 (CVE-2022-3165),
+ bsc#1205808 (CVE-2022-4144), bsc#1206527, bsc#1208139
+- Improved handling of: bsc#1202282 (jsc#PED-2592)
+* Patches dropped:
+ pc-q35-Bump-max_cpus-to-1024.patch
+* Patches added:
+ accel-abort-if-we-fail-to-load-the-accel.patch
+ bios-tables-test-add-test-for-number-of-.patch
+ bios-tables-test-teach-test-to-use-smbio.patch
+ dmg-warn-when-opening-dmg-images-contain.patch
+ hw-acpi-erst.c-Fix-memory-handling-issue.patch
+ hw-display-qxl-Avoid-buffer-overrun-in-q.patch
+ hw-display-qxl-Document-qxl_phys2virt.patch
+ hw-display-qxl-Have-qxl_log_command-Retu.patch
+ hw-display-qxl-Pass-requested-buffer-siz.patch
+ hw-smbios-add-core_count2-to-smbios-tabl.patch
+ hw-smbios-support-for-type-8-port-connec.patch
+ module-add-Error-arguments-to-module_loa.patch
+ module-removed-unused-function-argument-.patch
+ module-rename-module_load_one-to-module_.patch
+ openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
+ s390x-tod-kvm-don-t-save-restore-the-TOD.patch
+ tests-acpi-allow-changes-for-core_count2.patch
+ tests-acpi-update-tables-for-new-core-co.patch
+ ui-vnc-clipboard-fix-integer-underflow-i.patch
+
+-------------------------------------------------------------------
Old:
----
pc-q35-Bump-max_cpus-to-1024.patch
New:
----
APIC.core-count2
DSDT.core-count2
FACP.core-count2
accel-abort-if-we-fail-to-load-the-accel.patch
bios-tables-test-add-test-for-number-of-.patch
bios-tables-test-teach-test-to-use-smbio.patch
dmg-warn-when-opening-dmg-images-contain.patch
hw-acpi-erst.c-Fix-memory-handling-issue.patch
hw-display-qxl-Avoid-buffer-overrun-in-q.patch
hw-display-qxl-Document-qxl_phys2virt.patch
hw-display-qxl-Have-qxl_log_command-Retu.patch
hw-display-qxl-Pass-requested-buffer-siz.patch
hw-smbios-add-core_count2-to-smbios-tabl.patch
hw-smbios-support-for-type-8-port-connec.patch
module-add-Error-arguments-to-module_loa.patch
module-removed-unused-function-argument-.patch
module-rename-module_load_one-to-module_.patch
openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
s390x-tod-kvm-don-t-save-restore-the-TOD.patch
tests-acpi-allow-changes-for-core_count2.patch
tests-acpi-update-tables-for-new-core-co.patch
ui-vnc-clipboard-fix-integer-underflow-i.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ qemu.spec ++++++
--- /var/tmp/diff_new_pack.eMjNEy/_old 2023-02-12 19:14:06.444962043 +0100
+++ /var/tmp/diff_new_pack.eMjNEy/_new 2023-02-12 19:14:06.452962092 +0100
@@ -152,6 +152,9 @@
Source15: 60-seabios-128k.json
Source200: qemu-rpmlintrc
Source201: DSDT.pcie
+Source202: APIC.core-count2
+Source203: DSDT.core-count2
+Source204: FACP.core-count2
Source300: bundles.tar.xz
Source301: update_git.sh
Source302: config.sh
@@ -194,15 +197,33 @@
Patch00031: meson-enforce-a-minimum-Linux-kernel-hea.patch
Patch00032: linux-user-drop-conditionals-for-obsolet.patch
Patch00033: block-io_uring-revert-Use-io_uring_regis.patch
-Patch00034: pc-q35-Bump-max_cpus-to-1024.patch
-Patch00035: configure-Add-Wno-gnu-variable-sized-typ.patch
-Patch00036: Update-linux-headers-to-v6.0-rc4.patch
-Patch00037: s390x-pci-add-routine-to-get-host-functi.patch
-Patch00038: s390x-pci-enable-for-load-store-interpre.patch
-Patch00039: s390x-pci-don-t-fence-interpreted-device.patch
-Patch00040: s390x-pci-enable-adapter-event-notificat.patch
-Patch00041: s390x-pci-let-intercept-devices-have-sep.patch
-Patch00042: s390x-pci-reflect-proper-maxstbl-for-gro.patch
+Patch00034: hw-smbios-support-for-type-8-port-connec.patch
+Patch00035: hw-smbios-add-core_count2-to-smbios-tabl.patch
+Patch00036: openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
+Patch00037: bios-tables-test-teach-test-to-use-smbio.patch
+Patch00038: tests-acpi-allow-changes-for-core_count2.patch
+Patch00039: bios-tables-test-add-test-for-number-of-.patch
+Patch00040: tests-acpi-update-tables-for-new-core-co.patch
+Patch00041: configure-Add-Wno-gnu-variable-sized-typ.patch
+Patch00042: Update-linux-headers-to-v6.0-rc4.patch
+Patch00043: s390x-pci-add-routine-to-get-host-functi.patch
+Patch00044: s390x-pci-enable-for-load-store-interpre.patch
+Patch00045: s390x-pci-don-t-fence-interpreted-device.patch
+Patch00046: s390x-pci-enable-adapter-event-notificat.patch
+Patch00047: s390x-pci-let-intercept-devices-have-sep.patch
+Patch00048: s390x-pci-reflect-proper-maxstbl-for-gro.patch
+Patch00049: module-removed-unused-function-argument-.patch
+Patch00050: module-rename-module_load_one-to-module_.patch
+Patch00051: module-add-Error-arguments-to-module_loa.patch
+Patch00052: dmg-warn-when-opening-dmg-images-contain.patch
+Patch00053: accel-abort-if-we-fail-to-load-the-accel.patch
+Patch00054: s390x-tod-kvm-don-t-save-restore-the-TOD.patch
+Patch00055: hw-display-qxl-Have-qxl_log_command-Retu.patch
+Patch00056: hw-display-qxl-Document-qxl_phys2virt.patch
+Patch00057: hw-display-qxl-Pass-requested-buffer-siz.patch
+Patch00058: hw-display-qxl-Avoid-buffer-overrun-in-q.patch
+Patch00059: ui-vnc-clipboard-fix-integer-underflow-i.patch
+Patch00060: hw-acpi-erst.c-Fix-memory-handling-issue.patch
# Patches applied in roms/seabios/:
Patch01000: openSUSE-switch-to-python3-as-needed.patch
Patch01001: openSUSE-build-enable-cross-compilation-.patch
@@ -2318,6 +2339,10 @@
# If that patch is removed, the following line needs to go as well.
cp %{SOURCE201} %{srcdir}/tests/data/acpi/microvm/
+# Patch 'tests/acpi: update tables for new core count test' requires some new
+# binaries to be introcuded too. Let's copy them in place as well
+cp %{SOURCE202} %{SOURCE203} %{SOURCE204} %{srcdir}/tests/data/acpi/q35/
+
%if 0%{?qemu_user_space_build}
# Seccomp is not supported by linux-user emulation
echo 'int main (void) { return 0; }' > %{srcdir}/tests/unit/test-seccomp.c
++++++ accel-abort-if-we-fail-to-load-the-accel.patch ++++++
From: Claudio Fontana <cfont...@suse.de>
Date: Thu, 29 Sep 2022 11:30:35 +0200
Subject: accel: abort if we fail to load the accelerator plugin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
if QEMU is configured with modules enabled, it is possible that the
load of an accelerator module will fail.
Exit in this case, relying on module_object_class_by_name to report
the specific load error if any.
Signed-off-by: Claudio Fontana <cfont...@suse.de>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
[claudio: changed abort() to exit(1)]
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Markus Armbruster <arm...@redhat.com>
Message-Id: <20220929093035.4231-6-cfont...@suse.de>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 5141e9a23fc9a890d66a5700920a5ffd8885121f)
Resolves: bsc#1208139
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
accel/accel-softmmu.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/accel/accel-softmmu.c b/accel/accel-softmmu.c
index 67276e4f522210baaf6a1c9090cd..f9cdafb148ac4281565e59d998cc 100644
--- a/accel/accel-softmmu.c
+++ b/accel/accel-softmmu.c
@@ -66,6 +66,7 @@ void accel_init_ops_interfaces(AccelClass *ac)
{
const char *ac_name;
char *ops_name;
+ ObjectClass *oc;
AccelOpsClass *ops;
ac_name = object_class_get_name(OBJECT_CLASS(ac));
@@ -73,8 +74,13 @@ void accel_init_ops_interfaces(AccelClass *ac)
ops_name = g_strdup_printf("%s" ACCEL_OPS_SUFFIX, ac_name);
ops = ACCEL_OPS_CLASS(module_object_class_by_name(ops_name));
+ oc = module_object_class_by_name(ops_name);
+ if (!oc) {
+ error_report("fatal: could not load module for type '%s'", ops_name);
+ exit(1);
+ }
g_free(ops_name);
-
+ ops = ACCEL_OPS_CLASS(oc);
/*
* all accelerators need to define ops, providing at least a mandatory
* non-NULL create_vcpu_thread operation.
++++++ bios-tables-test-add-test-for-number-of-.patch ++++++
From: Julia Suvorova <jus...@redhat.com>
Date: Tue, 11 Oct 2022 13:17:30 +0200
Subject: bios-tables-test: add test for number of cores > 255
The new test is run with a large number of cpus and checks if the
core_count field in smbios_cpu_test (structure type 4) is correct.
Choose q35 as it allows to run with -smp > 255.
Signed-off-by: Julia Suvorova <jus...@redhat.com>
Message-Id: <20220731162141.178443-5-jus...@redhat.com>
Message-Id: <20221011111731.101412-5-jus...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Reviewed-by: Igor Mammedov <imamm...@redhat.com>
(cherry picked from commit 2d80b33843c71dbe5c250d712a1ccafafb2b3520)
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
tests/qtest/bios-tables-test.c | 58 ++++++++++++++++++++++++++--------
1 file changed, 45 insertions(+), 13 deletions(-)
diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
index dcda3c508a77854415dad76998cc..29868a9c9486e0b18df5d96202ac 100644
--- a/tests/qtest/bios-tables-test.c
+++ b/tests/qtest/bios-tables-test.c
@@ -92,6 +92,8 @@ typedef struct {
SmbiosEntryPoint smbios_ep_table;
uint16_t smbios_cpu_max_speed;
uint16_t smbios_cpu_curr_speed;
+ uint8_t smbios_core_count;
+ uint16_t smbios_core_count2;
uint8_t *required_struct_types;
int required_struct_types_len;
QTestState *qts;
@@ -631,29 +633,42 @@ static inline bool smbios_single_instance(uint8_t type)
}
}
-static bool smbios_cpu_test(test_data *data, uint32_t addr)
+static void smbios_cpu_test(test_data *data, uint32_t addr,
+ SmbiosEntryPointType ep_type)
{
- uint16_t expect_speed[2];
- uint16_t real;
+ uint8_t core_count, expected_core_count = data->smbios_core_count;
+ uint16_t speed, expected_speed[2];
+ uint16_t core_count2, expected_core_count2 = data->smbios_core_count2;
int offset[2];
int i;
/* Check CPU speed for backward compatibility */
offset[0] = offsetof(struct smbios_type_4, max_speed);
offset[1] = offsetof(struct smbios_type_4, current_speed);
- expect_speed[0] = data->smbios_cpu_max_speed ? : 2000;
- expect_speed[1] = data->smbios_cpu_curr_speed ? : 2000;
+ expected_speed[0] = data->smbios_cpu_max_speed ? : 2000;
+ expected_speed[1] = data->smbios_cpu_curr_speed ? : 2000;
for (i = 0; i < 2; i++) {
- real = qtest_readw(data->qts, addr + offset[i]);
- if (real != expect_speed[i]) {
- fprintf(stderr, "Unexpected SMBIOS CPU speed: real %u expect %u\n",
- real, expect_speed[i]);
- return false;
- }
+ speed = qtest_readw(data->qts, addr + offset[i]);
+ g_assert_cmpuint(speed, ==, expected_speed[i]);
}
- return true;
+ core_count = qtest_readb(data->qts,
+ addr + offsetof(struct smbios_type_4, core_count));
+
+ if (expected_core_count) {
+ g_assert_cmpuint(core_count, ==, expected_core_count);
+ }
+
+ if (ep_type == SMBIOS_ENTRY_POINT_TYPE_64) {
+ core_count2 = qtest_readw(data->qts,
+ addr + offsetof(struct smbios_type_4, core_count2));
+
+ /* Core Count has reached its limit, checking Core Count 2 */
+ if (expected_core_count == 0xFF && expected_core_count2) {
+ g_assert_cmpuint(core_count2, ==, expected_core_count2);
+ }
+ }
}
static void test_smbios_structs(test_data *data, SmbiosEntryPointType ep_type)
@@ -686,7 +701,7 @@ static void test_smbios_structs(test_data *data,
SmbiosEntryPointType ep_type)
set_bit(type, struct_bitmap);
if (type == 4) {
- g_assert(smbios_cpu_test(data, addr));
+ smbios_cpu_test(data, addr, ep_type);
}
/* seek to end of unformatted string area of this struct ("\0\0") */
@@ -908,6 +923,21 @@ static void test_acpi_q35_tcg(void)
free_test_data(&data);
}
+static void test_acpi_q35_tcg_core_count2(void)
+{
+ test_data data = {
+ .machine = MACHINE_Q35,
+ .variant = ".core-count2",
+ .required_struct_types = base_required_struct_types,
+ .required_struct_types_len = ARRAY_SIZE(base_required_struct_types),
+ .smbios_core_count = 0xFF,
+ .smbios_core_count2 = 275,
+ };
+
+ test_acpi_one("-machine smbios-entry-point-type=64 -smp 275", &data);
+ free_test_data(&data);
+}
+
static void test_acpi_q35_tcg_bridge(void)
{
test_data data;
@@ -1876,6 +1906,8 @@ int main(int argc, char *argv[])
if (has_kvm) {
qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic);
qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar);
+ qtest_add_func("acpi/q35/core-count2",
+ test_acpi_q35_tcg_core_count2);
}
qtest_add_func("acpi/q35/viot", test_acpi_q35_viot);
qtest_add_func("acpi/q35/cxl", test_acpi_q35_cxl);
++++++ bios-tables-test-teach-test-to-use-smbio.patch ++++++
From: Julia Suvorova <jus...@redhat.com>
Date: Tue, 11 Oct 2022 13:17:28 +0200
Subject: bios-tables-test: teach test to use smbios 3.0 tables
Introduce the 64-bit entry point. Since we no longer have a total
number of structures, stop checking for the new ones at the EOF
structure (type 127).
Signed-off-by: Julia Suvorova <jus...@redhat.com>
Reviewed-by: Igor Mammedov <imamm...@redhat.com>
Message-Id: <20220731162141.178443-3-jus...@redhat.com>
Message-Id: <20221011111731.101412-3-jus...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit 33bff4a85a2e4ad94899ecb15b6a91c8b64a6dcf)
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
tests/qtest/bios-tables-test.c | 100 +++++++++++++++++++++++++--------
1 file changed, 76 insertions(+), 24 deletions(-)
diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
index 7c5f736b513abbda7803afb2d28f..dcda3c508a77854415dad76998cc 100644
--- a/tests/qtest/bios-tables-test.c
+++ b/tests/qtest/bios-tables-test.c
@@ -88,8 +88,8 @@ typedef struct {
uint64_t rsdp_addr;
uint8_t rsdp_table[36 /* ACPI 2.0+ RSDP size */];
GArray *tables;
- uint32_t smbios_ep_addr;
- struct smbios_21_entry_point smbios_ep_table;
+ uint64_t smbios_ep_addr[SMBIOS_ENTRY_POINT_TYPE__MAX];
+ SmbiosEntryPoint smbios_ep_table;
uint16_t smbios_cpu_max_speed;
uint16_t smbios_cpu_curr_speed;
uint8_t *required_struct_types;
@@ -533,10 +533,9 @@ static void test_acpi_asl(test_data *data)
free_test_data(&exp_data);
}
-static bool smbios_ep_table_ok(test_data *data)
+static bool smbios_ep2_table_ok(test_data *data, uint32_t addr)
{
- struct smbios_21_entry_point *ep_table = &data->smbios_ep_table;
- uint32_t addr = data->smbios_ep_addr;
+ struct smbios_21_entry_point *ep_table = &data->smbios_ep_table.ep21;
qtest_memread(data->qts, addr, ep_table, sizeof(*ep_table));
if (memcmp(ep_table->anchor_string, "_SM_", 4)) {
@@ -559,13 +558,29 @@ static bool smbios_ep_table_ok(test_data *data)
return true;
}
-static void test_smbios_entry_point(test_data *data)
+static bool smbios_ep3_table_ok(test_data *data, uint64_t addr)
+{
+ struct smbios_30_entry_point *ep_table = &data->smbios_ep_table.ep30;
+
+ qtest_memread(data->qts, addr, ep_table, sizeof(*ep_table));
+ if (memcmp(ep_table->anchor_string, "_SM3_", 5)) {
+ return false;
+ }
+
+ if (acpi_calc_checksum((uint8_t *)ep_table, sizeof *ep_table)) {
+ return false;
+ }
+
+ return true;
+}
+
+static SmbiosEntryPointType test_smbios_entry_point(test_data *data)
{
uint32_t off;
/* find smbios entry point structure */
for (off = 0xf0000; off < 0x100000; off += 0x10) {
- uint8_t sig[] = "_SM_";
+ uint8_t sig[] = "_SM_", sig3[] = "_SM3_";
int i;
for (i = 0; i < sizeof sig - 1; ++i) {
@@ -574,14 +589,30 @@ static void test_smbios_entry_point(test_data *data)
if (!memcmp(sig, "_SM_", sizeof sig)) {
/* signature match, but is this a valid entry point? */
- data->smbios_ep_addr = off;
- if (smbios_ep_table_ok(data)) {
+ if (smbios_ep2_table_ok(data, off)) {
+ data->smbios_ep_addr[SMBIOS_ENTRY_POINT_TYPE_32] = off;
+ }
+ }
+
+ for (i = 0; i < sizeof sig3 - 1; ++i) {
+ sig3[i] = qtest_readb(data->qts, off + i);
+ }
+
+ if (!memcmp(sig3, "_SM3_", sizeof sig3)) {
+ if (smbios_ep3_table_ok(data, off)) {
+ data->smbios_ep_addr[SMBIOS_ENTRY_POINT_TYPE_64] = off;
+ /* found 64-bit entry point, no need to look for 32-bit one */
break;
}
}
}
- g_assert_cmphex(off, <, 0x100000);
+ /* found at least one entry point */
+ g_assert_true(data->smbios_ep_addr[SMBIOS_ENTRY_POINT_TYPE_32] ||
+ data->smbios_ep_addr[SMBIOS_ENTRY_POINT_TYPE_64]);
+
+ return data->smbios_ep_addr[SMBIOS_ENTRY_POINT_TYPE_64] ?
+ SMBIOS_ENTRY_POINT_TYPE_64 : SMBIOS_ENTRY_POINT_TYPE_32;
}
static inline bool smbios_single_instance(uint8_t type)
@@ -625,16 +656,23 @@ static bool smbios_cpu_test(test_data *data, uint32_t
addr)
return true;
}
-static void test_smbios_structs(test_data *data)
+static void test_smbios_structs(test_data *data, SmbiosEntryPointType ep_type)
{
DECLARE_BITMAP(struct_bitmap, SMBIOS_MAX_TYPE+1) = { 0 };
- struct smbios_21_entry_point *ep_table = &data->smbios_ep_table;
- uint32_t addr = le32_to_cpu(ep_table->structure_table_address);
- int i, len, max_len = 0;
+
+ SmbiosEntryPoint *ep_table = &data->smbios_ep_table;
+ int i = 0, len, max_len = 0;
uint8_t type, prv, crt;
+ uint64_t addr;
+
+ if (ep_type == SMBIOS_ENTRY_POINT_TYPE_32) {
+ addr = le32_to_cpu(ep_table->ep21.structure_table_address);
+ } else {
+ addr = le64_to_cpu(ep_table->ep30.structure_table_address);
+ }
/* walk the smbios tables */
- for (i = 0; i < le16_to_cpu(ep_table->number_of_structures); i++) {
+ do {
/* grab type and formatted area length from struct header */
type = qtest_readb(data->qts, addr);
@@ -660,19 +698,33 @@ static void test_smbios_structs(test_data *data)
}
/* keep track of max. struct size */
- if (max_len < len) {
+ if (ep_type == SMBIOS_ENTRY_POINT_TYPE_32 && max_len < len) {
max_len = len;
- g_assert_cmpuint(max_len, <=, ep_table->max_structure_size);
+ g_assert_cmpuint(max_len, <=, ep_table->ep21.max_structure_size);
}
/* start of next structure */
addr += len;
- }
- /* total table length and max struct size must match entry point values */
- g_assert_cmpuint(le16_to_cpu(ep_table->structure_table_length), ==,
- addr - le32_to_cpu(ep_table->structure_table_address));
- g_assert_cmpuint(le16_to_cpu(ep_table->max_structure_size), ==, max_len);
+ /*
+ * Until all structures have been scanned (ep21)
+ * or an EOF structure is found (ep30)
+ */
+ } while (ep_type == SMBIOS_ENTRY_POINT_TYPE_32 ?
+ ++i < le16_to_cpu(ep_table->ep21.number_of_structures) :
+ type != 127);
+
+ if (ep_type == SMBIOS_ENTRY_POINT_TYPE_32) {
+ /*
+ * Total table length and max struct size
+ * must match entry point values
+ */
+ g_assert_cmpuint(le16_to_cpu(ep_table->ep21.structure_table_length),
==,
+ addr - le32_to_cpu(ep_table->ep21.structure_table_address));
+
+ g_assert_cmpuint(le16_to_cpu(ep_table->ep21.max_structure_size), ==,
+ max_len);
+ }
/* required struct types must all be present */
for (i = 0; i < data->required_struct_types_len; i++) {
@@ -756,8 +808,8 @@ static void test_acpi_one(const char *params, test_data
*data)
* https://bugs.launchpad.net/qemu/+bug/1821884
*/
if (!use_uefi) {
- test_smbios_entry_point(data);
- test_smbios_structs(data);
+ SmbiosEntryPointType ep_type = test_smbios_entry_point(data);
+ test_smbios_structs(data, ep_type);
}
qtest_quit(data->qts);
++++++ bundles.tar.xz ++++++
Binary files old/621da7789083b80d6f1ff1c0fb499334007b4f51.bundle and
new/621da7789083b80d6f1ff1c0fb499334007b4f51.bundle differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/repo new/repo
--- old/repo 2023-01-27 12:17:20.000000000 +0100
+++ new/repo 2023-01-27 12:17:20.000000000 +0100
@@ -1 +1 @@
-https://git.qemu.org/git/qemu.git
+g...@github.com:openSUSE/qemu.git
++++++ dmg-warn-when-opening-dmg-images-contain.patch ++++++
From: Kevin Wolf <kw...@redhat.com>
Date: Thu, 29 Sep 2022 11:30:34 +0200
Subject: dmg: warn when opening dmg images containing blocks of unknown type
Signed-off-by: Kevin Wolf <kw...@redhat.com>
Signed-off-by: Claudio Fontana <cfont...@suse.de>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-Id: <20220929093035.4231-5-cfont...@suse.de>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 971974f0a9745a5163e1c825d38da03118054ae2)
Resolves: bsc#1208139
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
block/dmg.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/block/dmg.c b/block/dmg.c
index 837f18aa20ff7ebb35f961a9626c..96f8c2d14f004d0901d72d00b551 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -254,6 +254,25 @@ static int dmg_read_mish_block(BDRVDMGState *s,
DmgHeaderState *ds,
for (i = s->n_chunks; i < s->n_chunks + chunk_count; i++) {
s->types[i] = buff_read_uint32(buffer, offset);
if (!dmg_is_known_block_type(s->types[i])) {
+ switch (s->types[i]) {
+ case UDBZ:
+ warn_report_once("dmg-bzip2 module is missing, accessing bzip2
"
+ "compressed blocks will result in I/O
errors");
+ break;
+ case ULFO:
+ warn_report_once("dmg-lzfse module is missing, accessing lzfse
"
+ "compressed blocks will result in I/O
errors");
+ break;
+ case UDCM:
+ case UDLE:
+ /* Comments and last entry can be ignored without problems */
+ break;
+ default:
+ warn_report_once("Image contains chunks of unknown type %x, "
+ "accessing them will result in I/O errors",
+ s->types[i]);
+ break;
+ }
chunk_count--;
i--;
offset += 40;
++++++ hw-acpi-erst.c-Fix-memory-handling-issue.patch ++++++
From: "Christian A. Ehrhardt" <l...@c--e.de>
Date: Mon, 24 Oct 2022 17:42:33 +0200
Subject: hw/acpi/erst.c: Fix memory handling issues
- Fix memset argument order: The second argument is
the value, the length goes last.
- Fix an integer overflow reported by Alexander Bulekov.
Both issues allow the guest to overrun the host buffer
allocated for the ERST memory device.
Cc: Eric DeVolder <eric.devol...@oracle.com
Cc: Alexander Bulekov <alx...@bu.edu>
Cc: qemu-sta...@nongnu.org
Fixes: f7e26ffa590 ("ACPI ERST: support for ACPI ERST feature")
Tested-by: Alexander Bulekov <alx...@bu.edu>
Signed-off-by: Christian A. Ehrhardt <l...@c--e.de>
Message-Id: <20221024154233.1043347-1...@c--e.de>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1268
Reviewed-by: Alexander Bulekov <alx...@bu.edu>
Reviewed-by: Eric DeVolder <eric.devol...@oracle.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit defb70980f6bed36100b74e84220f1764c0dd544)
Resolves: bsc#1205847
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/acpi/erst.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/acpi/erst.c b/hw/acpi/erst.c
index df856b2669a6c198d0019b846e03..aefcc03ad6b68f2b3de7dfebf609 100644
--- a/hw/acpi/erst.c
+++ b/hw/acpi/erst.c
@@ -635,7 +635,7 @@ static unsigned read_erst_record(ERSTDeviceState *s)
if (record_length < UEFI_CPER_RECORD_MIN_SIZE) {
rc = STATUS_FAILED;
}
- if ((s->record_offset + record_length) > exchange_length) {
+ if (record_length > exchange_length - s->record_offset) {
rc = STATUS_FAILED;
}
/* If all is ok, copy the record to the exchange buffer */
@@ -684,7 +684,7 @@ static unsigned write_erst_record(ERSTDeviceState *s)
if (record_length < UEFI_CPER_RECORD_MIN_SIZE) {
return STATUS_FAILED;
}
- if ((s->record_offset + record_length) > exchange_length) {
+ if (record_length > exchange_length - s->record_offset) {
return STATUS_FAILED;
}
@@ -716,7 +716,7 @@ static unsigned write_erst_record(ERSTDeviceState *s)
if (nvram) {
/* Write the record into the slot */
memcpy(nvram, exchange, record_length);
- memset(nvram + record_length, exchange_length - record_length, 0xFF);
+ memset(nvram + record_length, 0xFF, exchange_length - record_length);
/* If a new record, increment the record_count */
if (!record_found) {
uint32_t record_count;
++++++ hw-display-qxl-Avoid-buffer-overrun-in-q.patch ++++++
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <phi...@linaro.org>
Date: Mon, 28 Nov 2022 21:27:40 +0100
Subject: hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Have qxl_get_check_slot_offset() return false if the requested
buffer size does not fit within the slot memory region.
Similarly qxl_phys2virt() now returns NULL in such case, and
qxl_dirty_one_surface() aborts.
This avoids buffer overrun in the host pointer returned by
memory_region_get_ram_ptr().
Fixes: CVE-2022-4144 (out-of-bounds read)
Reported-by: Wenxu Yin (@awxylitol)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
Message-Id: <20221128202741.4945-5-phi...@linaro.org>
(cherry picked from commit 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622)
Resolves: bsc#1205808
Fixes: CVE-2022-4144
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/display/qxl.c | 27 +++++++++++++++++++++++----
hw/display/qxl.h | 2 +-
2 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 231d733250032a8ad93a1caa507d..0b21626aadead230847899be8069 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -1424,11 +1424,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d)
/* can be also called from spice server thread context */
static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
- uint32_t *s, uint64_t *o)
+ uint32_t *s, uint64_t *o,
+ size_t size_requested)
{
uint64_t phys = le64_to_cpu(pqxl);
uint32_t slot = (phys >> (64 - 8)) & 0xff;
uint64_t offset = phys & 0xffffffffffff;
+ uint64_t size_available;
if (slot >= NUM_MEMSLOTS) {
qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
@@ -1452,6 +1454,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl,
QXLPHYSICAL pqxl,
slot, offset, qxl->guest_slots[slot].size);
return false;
}
+ size_available = memory_region_size(qxl->guest_slots[slot].mr);
+ if (qxl->guest_slots[slot].offset + offset >= size_available) {
+ qxl_set_guest_bug(qxl,
+ "slot %d offset %"PRIu64" > region size %"PRIu64"\n",
+ slot, qxl->guest_slots[slot].offset + offset,
+ size_available);
+ return false;
+ }
+ size_available -= qxl->guest_slots[slot].offset + offset;
+ if (size_requested > size_available) {
+ qxl_set_guest_bug(qxl,
+ "slot %d offset %"PRIu64" size %zu: "
+ "overrun by %"PRIu64" bytes\n",
+ slot, offset, size_requested,
+ size_requested - size_available);
+ return false;
+ }
*s = slot;
*o = offset;
@@ -1471,7 +1490,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
int group_id,
offset = le64_to_cpu(pqxl) & 0xffffffffffff;
return (void *)(intptr_t)offset;
case MEMSLOT_GROUP_GUEST:
- if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
+ if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
return NULL;
}
ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
@@ -1937,9 +1956,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl,
QXLPHYSICAL pqxl,
uint32_t slot;
bool rc;
- rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
- assert(rc == true);
size = (uint64_t)height * abs(stride);
+ rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size);
+ assert(rc == true);
trace_qxl_surfaces_dirty(qxl->id, offset, size);
qxl_set_dirty(qxl->guest_slots[slot].mr,
qxl->guest_slots[slot].offset + offset,
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
index bf03138ab477a2adc7bf23f4e662..7894bd5134e67742fbfcecb5b970 100644
--- a/hw/display/qxl.h
+++ b/hw/display/qxl.h
@@ -157,7 +157,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
*
* Returns a host pointer to a buffer placed at offset @phys within the
* active slot @group_id of the PCI VGA RAM memory region associated with
- * the @qxl device. If the slot is inactive, or the offset is out
+ * the @qxl device. If the slot is inactive, or the offset + size are out
* of the memory region, returns NULL.
*
* Use with care; by the time this function returns, the returned pointer is
++++++ hw-display-qxl-Document-qxl_phys2virt.patch ++++++
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <phi...@linaro.org>
Date: Mon, 28 Nov 2022 21:27:38 +0100
Subject: hw/display/qxl: Document qxl_phys2virt()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
Message-Id: <20221128202741.4945-3-phi...@linaro.org>
(cherry picked from commit b1901de83a9456cde26fc755f71ca2b7b3ef50fc)
Resolves: bsc#1205808
Fixes: CVE-2022-4144
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/display/qxl.h | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
index e74de9579df3db6e3b6924b1a8c2..78b3a6c9ba8e3a598d6553867a6c 100644
--- a/hw/display/qxl.h
+++ b/hw/display/qxl.h
@@ -147,6 +147,25 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
#define QXL_DEFAULT_REVISION (QXL_REVISION_STABLE_V12 + 1)
/* qxl.c */
+/**
+ * qxl_phys2virt: Get a pointer within a PCI VRAM memory region.
+ *
+ * @qxl: QXL device
+ * @phys: physical offset of buffer within the VRAM
+ * @group_id: memory slot group
+ *
+ * Returns a host pointer to a buffer placed at offset @phys within the
+ * active slot @group_id of the PCI VGA RAM memory region associated with
+ * the @qxl device. If the slot is inactive, or the offset is out
+ * of the memory region, returns NULL.
+ *
+ * Use with care; by the time this function returns, the returned pointer is
+ * not protected by RCU anymore. If the caller is not within an RCU critical
+ * section and does not hold the iothread lock, it must have other means of
+ * protecting the pointer, such as a reference to the region that includes
+ * the incoming ram_addr_t.
+ *
+ */
void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
G_GNUC_PRINTF(2, 3);
++++++ hw-display-qxl-Have-qxl_log_command-Retu.patch ++++++
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <phi...@linaro.org>
Date: Mon, 28 Nov 2022 21:27:37 +0100
Subject: hw/display/qxl: Have qxl_log_command Return early if no log_cmd
handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Only 3 command types are logged: no need to call qxl_phys2virt()
for the other types. Using different cases will help to pass
different structure sizes to qxl_phys2virt() in a pair of commits.
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
Message-Id: <20221128202741.4945-2-phi...@linaro.org>
(cherry picked from commit 61c34fc194b776ecadc39fb26b061331107e5599)
Resolves: bsc#1205808
Fixes: CVE-2022-4144
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/display/qxl-logger.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
index 68bfa47568025b292cf2f39e65a8..1bcf803db6dabe558aaf1a0df0cd 100644
--- a/hw/display/qxl-logger.c
+++ b/hw/display/qxl-logger.c
@@ -247,6 +247,16 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring,
QXLCommandExt *ext)
qxl_name(qxl_type, ext->cmd.type),
compat ? "(compat)" : "");
+ switch (ext->cmd.type) {
+ case QXL_CMD_DRAW:
+ break;
+ case QXL_CMD_SURFACE:
+ break;
+ case QXL_CMD_CURSOR:
+ break;
+ default:
+ goto out;
+ }
data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
if (!data) {
return 1;
@@ -269,6 +279,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring,
QXLCommandExt *ext)
qxl_log_cmd_cursor(qxl, data, ext->group_id);
break;
}
+out:
fprintf(stderr, "\n");
return 0;
}
++++++ hw-display-qxl-Pass-requested-buffer-siz.patch ++++++
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <phi...@linaro.org>
Date: Mon, 28 Nov 2022 21:27:39 +0100
Subject: hw/display/qxl: Pass requested buffer size to qxl_phys2virt()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Currently qxl_phys2virt() doesn't check for buffer overrun.
In order to do so in the next commit, pass the buffer size
as argument.
For QXLCursor in qxl_render_cursor() -> qxl_cursor() we
verify the size of the chunked data ahead, checking we can
access 'sizeof(QXLCursor) + chunk->data_size' bytes.
Since in the SPICE_CURSOR_TYPE_MONO case the cursor is
assumed to fit in one chunk, no change are required.
In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in
qxl_unpack_chunks().
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
Message-Id: <20221128202741.4945-4-phi...@linaro.org>
(cherry picked from commit 8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f)
Resolves: bsc#1205808
Fixes: CVE-2022-4144
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/display/qxl-logger.c | 11 ++++++++---
hw/display/qxl-render.c | 20 ++++++++++++++++----
hw/display/qxl.c | 14 +++++++++-----
hw/display/qxl.h | 4 +++-
4 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
index 1bcf803db6dabe558aaf1a0df0cd..35c38f62525deb89f11fa7fda3a4 100644
--- a/hw/display/qxl-logger.c
+++ b/hw/display/qxl-logger.c
@@ -106,7 +106,7 @@ static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL
addr, int group_id)
QXLImage *image;
QXLImageDescriptor *desc;
- image = qxl_phys2virt(qxl, addr, group_id);
+ image = qxl_phys2virt(qxl, addr, group_id, sizeof(QXLImage));
if (!image) {
return 1;
}
@@ -214,7 +214,8 @@ int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd
*cmd, int group_id)
cmd->u.set.position.y,
cmd->u.set.visible ? "yes" : "no",
cmd->u.set.shape);
- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id);
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id,
+ sizeof(QXLCursor));
if (!cursor) {
return 1;
}
@@ -236,6 +237,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring,
QXLCommandExt *ext)
{
bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT;
void *data;
+ size_t datasz;
int ret;
if (!qxl->cmdlog) {
@@ -249,15 +251,18 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring,
QXLCommandExt *ext)
switch (ext->cmd.type) {
case QXL_CMD_DRAW:
+ datasz = compat ? sizeof(QXLCompatDrawable) : sizeof(QXLDrawable);
break;
case QXL_CMD_SURFACE:
+ datasz = sizeof(QXLSurfaceCmd);
break;
case QXL_CMD_CURSOR:
+ datasz = sizeof(QXLCursorCmd);
break;
default:
goto out;
}
- data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, datasz);
if (!data) {
return 1;
}
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
index ca217004bf72e7d394ed7ee9c948..fcfd40c3ac1d622b6d27279e25be 100644
--- a/hw/display/qxl-render.c
+++ b/hw/display/qxl-render.c
@@ -107,7 +107,9 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice
*qxl)
qxl->guest_primary.resized = 0;
qxl->guest_primary.data = qxl_phys2virt(qxl,
qxl->guest_primary.surface.mem,
- MEMSLOT_GROUP_GUEST);
+ MEMSLOT_GROUP_GUEST,
+ qxl->guest_primary.abs_stride
+ * height);
if (!qxl->guest_primary.data) {
goto end;
}
@@ -228,7 +230,8 @@ static void qxl_unpack_chunks(void *dest, size_t size,
PCIQXLDevice *qxl,
if (offset == size) {
return;
}
- chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id);
+ chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id,
+ sizeof(QXLDataChunk) + chunk->data_size);
if (!chunk) {
return;
}
@@ -295,7 +298,8 @@ fail:
/* called from spice server thread context only */
int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
{
- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
+ sizeof(QXLCursorCmd));
QXLCursor *cursor;
QEMUCursor *c;
@@ -314,7 +318,15 @@ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt
*ext)
}
switch (cmd->type) {
case QXL_CURSOR_SET:
- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
+ /* First read the QXLCursor to get QXLDataChunk::data_size ... */
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id,
+ sizeof(QXLCursor));
+ if (!cursor) {
+ return 1;
+ }
+ /* Then read including the chunked data following QXLCursor. */
+ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id,
+ sizeof(QXLCursor) + cursor->chunk.data_size);
if (!cursor) {
return 1;
}
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 5b10f697f1872751730114b73331..231d733250032a8ad93a1caa507d 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -274,7 +274,8 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice
*qxl, int replay)
QXL_IO_MONITORS_CONFIG_ASYNC));
}
- cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST);
+ cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST,
+ sizeof(QXLMonitorsConfig));
if (cfg != NULL && cfg->count == 1) {
qxl->guest_primary.resized = 1;
qxl->guest_head0_width = cfg->heads[0].width;
@@ -459,7 +460,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct
QXLCommandExt *ext)
switch (le32_to_cpu(ext->cmd.type)) {
case QXL_CMD_SURFACE:
{
- QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
+ sizeof(QXLSurfaceCmd));
if (!cmd) {
return 1;
@@ -494,7 +496,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct
QXLCommandExt *ext)
}
case QXL_CMD_CURSOR:
{
- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
+ sizeof(QXLCursorCmd));
if (!cmd) {
return 1;
@@ -1456,7 +1459,8 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl,
QXLPHYSICAL pqxl,
}
/* can be also called from spice server thread context */
-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
+void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
+ size_t size)
{
uint64_t offset;
uint32_t slot;
@@ -1964,7 +1968,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
}
cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
- MEMSLOT_GROUP_GUEST);
+ MEMSLOT_GROUP_GUEST, sizeof(QXLSurfaceCmd));
assert(cmd);
assert(cmd->type == QXL_SURFACE_CMD_CREATE);
qxl_dirty_one_surface(qxl, cmd->u.surface_create.data,
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
index 78b3a6c9ba8e3a598d6553867a6c..bf03138ab477a2adc7bf23f4e662 100644
--- a/hw/display/qxl.h
+++ b/hw/display/qxl.h
@@ -153,6 +153,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
* @qxl: QXL device
* @phys: physical offset of buffer within the VRAM
* @group_id: memory slot group
+ * @size: size of the buffer
*
* Returns a host pointer to a buffer placed at offset @phys within the
* active slot @group_id of the PCI VGA RAM memory region associated with
@@ -166,7 +167,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
* the incoming ram_addr_t.
*
*/
-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
+void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id,
+ size_t size);
void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
G_GNUC_PRINTF(2, 3);
++++++ hw-smbios-add-core_count2-to-smbios-tabl.patch ++++++
From: Julia Suvorova <jus...@redhat.com>
Date: Tue, 11 Oct 2022 13:17:27 +0200
Subject: hw/smbios: add core_count2 to smbios table type 4
In order to use the increased number of cpus, we need to bring smbios
tables in line with the SMBIOS 3.0 specification. This allows us to
introduce core_count2 which acts as a duplicate of core_count if we have
fewer cores than 256, and contains the actual core number per socket if
we have more.
core_enabled2 and thread_count2 fields work the same way.
Signed-off-by: Julia Suvorova <jus...@redhat.com>
Reviewed-by: Igor Mammedov <imamm...@redhat.com>
Message-Id: <20220731162141.178443-2-jus...@redhat.com>
Message-Id: <20221011111731.101412-2-jus...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit 05e27d74c7dc5318367521f020bf0d4a32228dcc)
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/smbios/smbios.c | 19 ++++++++++++++++---
hw/smbios/smbios_build.h | 9 +++++++--
include/hw/firmware/smbios.h | 12 ++++++++++++
3 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 417d65471704ee6babaebb2ba02e..e55bca8e42c834508df820c05eb9 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -711,8 +711,14 @@ static void smbios_build_type_3_table(void)
static void smbios_build_type_4_table(MachineState *ms, unsigned instance)
{
char sock_str[128];
+ size_t tbl_len = SMBIOS_TYPE_4_LEN_V28;
- SMBIOS_BUILD_TABLE_PRE(4, T4_BASE + instance, true); /* required */
+ if (smbios_ep_type == SMBIOS_ENTRY_POINT_TYPE_64) {
+ tbl_len = SMBIOS_TYPE_4_LEN_V30;
+ }
+
+ SMBIOS_BUILD_TABLE_PRE_SIZE(4, T4_BASE + instance,
+ true, tbl_len); /* required */
snprintf(sock_str, sizeof(sock_str), "%s%2x", type4.sock_pfx, instance);
SMBIOS_TABLE_SET_STR(4, socket_designation_str, sock_str);
@@ -739,8 +745,15 @@ static void smbios_build_type_4_table(MachineState *ms,
unsigned instance)
SMBIOS_TABLE_SET_STR(4, serial_number_str, type4.serial);
SMBIOS_TABLE_SET_STR(4, asset_tag_number_str, type4.asset);
SMBIOS_TABLE_SET_STR(4, part_number_str, type4.part);
- t->core_count = t->core_enabled = ms->smp.cores;
- t->thread_count = ms->smp.threads;
+
+ t->core_count = (ms->smp.cores > 255) ? 0xFF : ms->smp.cores;
+ t->core_enabled = t->core_count;
+
+ t->core_count2 = t->core_enabled2 = cpu_to_le16(ms->smp.cores);
+
+ t->thread_count = (ms->smp.threads > 255) ? 0xFF : ms->smp.threads;
+ t->thread_count2 = cpu_to_le16(ms->smp.threads);
+
t->processor_characteristics = cpu_to_le16(0x02); /* Unknown */
t->processor_family2 = cpu_to_le16(0x01); /* Other */
diff --git a/hw/smbios/smbios_build.h b/hw/smbios/smbios_build.h
index 56b5a1e3f301b24a134141859076..351660024e6ecb599b88f4975042 100644
--- a/hw/smbios/smbios_build.h
+++ b/hw/smbios/smbios_build.h
@@ -27,6 +27,11 @@ extern unsigned smbios_table_max;
extern unsigned smbios_table_cnt;
#define SMBIOS_BUILD_TABLE_PRE(tbl_type, tbl_handle, tbl_required) \
+ SMBIOS_BUILD_TABLE_PRE_SIZE(tbl_type, tbl_handle, tbl_required, \
+ sizeof(struct smbios_type_##tbl_type))\
+
+#define SMBIOS_BUILD_TABLE_PRE_SIZE(tbl_type, tbl_handle, \
+ tbl_required, tbl_len) \
struct smbios_type_##tbl_type *t; \
size_t t_off; /* table offset into smbios_tables */ \
int str_index = 0; \
@@ -39,12 +44,12 @@ extern unsigned smbios_table_cnt;
/* use offset of table t within smbios_tables */ \
/* (pointer must be updated after each realloc) */ \
t_off = smbios_tables_len; \
- smbios_tables_len += sizeof(*t); \
+ smbios_tables_len += tbl_len; \
smbios_tables = g_realloc(smbios_tables, smbios_tables_len); \
t = (struct smbios_type_##tbl_type *)(smbios_tables + t_off); \
\
t->header.type = tbl_type; \
- t->header.length = sizeof(*t); \
+ t->header.length = tbl_len; \
t->header.handle = cpu_to_le16(tbl_handle); \
} while (0)
diff --git a/include/hw/firmware/smbios.h b/include/hw/firmware/smbios.h
index e7d386f7c837b16f341aba22bcf8..7f3259a6300af0d7b8a359b879f5 100644
--- a/include/hw/firmware/smbios.h
+++ b/include/hw/firmware/smbios.h
@@ -18,6 +18,8 @@
#define SMBIOS_MAX_TYPE 127
+#define offsetofend(TYPE, MEMBER) \
+ (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER))
/* memory area description, used by type 19 table */
struct smbios_phys_mem_area {
@@ -187,8 +189,18 @@ struct smbios_type_4 {
uint8_t thread_count;
uint16_t processor_characteristics;
uint16_t processor_family2;
+ /* SMBIOS spec 3.0.0, Table 21 */
+ uint16_t core_count2;
+ uint16_t core_enabled2;
+ uint16_t thread_count2;
} QEMU_PACKED;
+typedef enum smbios_type_4_len_ver {
+ SMBIOS_TYPE_4_LEN_V28 = offsetofend(struct smbios_type_4,
+ processor_family2),
+ SMBIOS_TYPE_4_LEN_V30 = offsetofend(struct smbios_type_4, thread_count2),
+} smbios_type_4_len_ver;
+
/* SMBIOS type 8 - Port Connector Information */
struct smbios_type_8 {
struct smbios_structure_header header;
++++++ hw-smbios-support-for-type-8-port-connec.patch ++++++
From: Hal Martin <hal.mar...@gmail.com>
Date: Fri, 12 Aug 2022 15:51:53 +0200
Subject: hw/smbios: support for type 8 (port connector)
PATCH v1: add support for SMBIOS type 8 to qemu
PATCH v2: incorporate patch v1 feedback and add smbios type=8 to qemu-options
internal_reference: internal reference designator
external_reference: external reference designator
connector_type: hex value for port connector type (see SMBIOS 7.9.2)
port_type: hex value for port type (see SMBIOS 7.9.3)
After studying various vendor implementationsi (Dell, Lenovo, MSI),
the value of internal connector type was hard-coded to 0x0 (None).
Example usage:
-smbios
type=8,internal_reference=JUSB1,external_reference=USB1,connector_type=0x12,port_type=0x10
\
-smbios type=8,internal_reference=JAUD1,external_reference="Audio
Jack",connector_type=0x1f,port_type=0x1d \
-smbios
type=8,internal_reference=LAN,external_reference=Ethernet,connector_type=0x0b,port_type=0x1f
\
-smbios
type=8,internal_reference=PS2,external_reference=Mouse,connector_type=0x0f,port_type=0x0e
\
-smbios
type=8,internal_reference=PS2,external_reference=Keyboard,connector_type=0x0f,port_type=0x0d
Signed-off-by: Hal Martin <hal.mar...@gmail.com>
Message-Id: <20220812135153.17859-1-hal.mar...@gmail.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit fd8caa253c56ed126c09d3b9cc682753ff12218f)
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/smbios/smbios.c | 63 ++++++++++++++++++++++++++++++++++++
include/hw/firmware/smbios.h | 10 ++++++
qemu-options.hx | 2 ++
3 files changed, 75 insertions(+)
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 59091c8454bf6d8d05c4c8313753..417d65471704ee6babaebb2ba02e 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -111,6 +111,13 @@ static struct {
.processor_id = 0,
};
+struct type8_instance {
+ const char *internal_reference, *external_reference;
+ uint8_t connector_type, port_type;
+ QTAILQ_ENTRY(type8_instance) next;
+};
+static QTAILQ_HEAD(, type8_instance) type8 = QTAILQ_HEAD_INITIALIZER(type8);
+
static struct {
size_t nvalues;
char **values;
@@ -337,6 +344,29 @@ static const QemuOptDesc qemu_smbios_type4_opts[] = {
{ /* end of list */ }
};
+static const QemuOptDesc qemu_smbios_type8_opts[] = {
+ {
+ .name = "internal_reference",
+ .type = QEMU_OPT_STRING,
+ .help = "internal reference designator",
+ },
+ {
+ .name = "external_reference",
+ .type = QEMU_OPT_STRING,
+ .help = "external reference designator",
+ },
+ {
+ .name = "connector_type",
+ .type = QEMU_OPT_NUMBER,
+ .help = "connector type",
+ },
+ {
+ .name = "port_type",
+ .type = QEMU_OPT_NUMBER,
+ .help = "port type",
+ },
+};
+
static const QemuOptDesc qemu_smbios_type11_opts[] = {
{
.name = "value",
@@ -718,6 +748,26 @@ static void smbios_build_type_4_table(MachineState *ms,
unsigned instance)
smbios_type4_count++;
}
+static void smbios_build_type_8_table(void)
+{
+ unsigned instance = 0;
+ struct type8_instance *t8;
+
+ QTAILQ_FOREACH(t8, &type8, next) {
+ SMBIOS_BUILD_TABLE_PRE(8, T0_BASE + instance, true);
+
+ SMBIOS_TABLE_SET_STR(8, internal_reference_str,
t8->internal_reference);
+ SMBIOS_TABLE_SET_STR(8, external_reference_str,
t8->external_reference);
+ /* most vendors seem to set this to None */
+ t->internal_connector_type = 0x0;
+ t->external_connector_type = t8->connector_type;
+ t->port_type = t8->port_type;
+
+ SMBIOS_BUILD_TABLE_POST;
+ instance++;
+ }
+}
+
static void smbios_build_type_11_table(void)
{
char count_str[128];
@@ -1030,6 +1080,7 @@ void smbios_get_tables(MachineState *ms,
smbios_build_type_4_table(ms, i);
}
+ smbios_build_type_8_table();
smbios_build_type_11_table();
#define MAX_DIMM_SZ (16 * GiB)
@@ -1381,6 +1432,18 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
UINT16_MAX);
}
return;
+ case 8:
+ if (!qemu_opts_validate(opts, qemu_smbios_type8_opts, errp)) {
+ return;
+ }
+ struct type8_instance *t;
+ t = g_new0(struct type8_instance, 1);
+ save_opt(&t->internal_reference, opts, "internal_reference");
+ save_opt(&t->external_reference, opts, "external_reference");
+ t->connector_type = qemu_opt_get_number(opts, "connector_type", 0);
+ t->port_type = qemu_opt_get_number(opts, "port_type", 0);
+ QTAILQ_INSERT_TAIL(&type8, t, next);
+ return;
case 11:
if (!qemu_opts_validate(opts, qemu_smbios_type11_opts, errp)) {
return;
diff --git a/include/hw/firmware/smbios.h b/include/hw/firmware/smbios.h
index 4b7ad77a44f0622dccda24e41eb6..e7d386f7c837b16f341aba22bcf8 100644
--- a/include/hw/firmware/smbios.h
+++ b/include/hw/firmware/smbios.h
@@ -189,6 +189,16 @@ struct smbios_type_4 {
uint16_t processor_family2;
} QEMU_PACKED;
+/* SMBIOS type 8 - Port Connector Information */
+struct smbios_type_8 {
+ struct smbios_structure_header header;
+ uint8_t internal_reference_str;
+ uint8_t internal_connector_type;
+ uint8_t external_reference_str;
+ uint8_t external_connector_type;
+ uint8_t port_type;
+} QEMU_PACKED;
+
/* SMBIOS type 11 - OEM strings */
struct smbios_type_11 {
struct smbios_structure_header header;
diff --git a/qemu-options.hx b/qemu-options.hx
index 31c04f7eea0b2401249eee86ac3b..ba5a3226d7e5d3550583b0fe1e2b 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2548,6 +2548,8 @@ DEF("smbios", HAS_ARG, QEMU_OPTION_smbios,
" [,asset=str][,part=str][,max-speed=%d][,current-speed=%d]\n"
" [,processor-id=%d]\n"
" specify SMBIOS type 4 fields\n"
+ "-smbios
type=8[,external_reference=str][,internal_reference=str][,connector_type=%d][,port_type=%d]\n"
+ " specify SMBIOS type 8 fields\n"
"-smbios type=11[,value=str][,path=filename]\n"
" specify SMBIOS type 11 fields\n"
"-smbios
type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n"
++++++ module-add-Error-arguments-to-module_loa.patch ++++++
++++ 699 lines (skipped)
++++++ module-removed-unused-function-argument-.patch ++++++
From: Claudio Fontana <cfont...@suse.de>
Date: Thu, 29 Sep 2022 11:30:31 +0200
Subject: module: removed unused function argument "mayfail"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
mayfail is always passed as false for every invocation throughout the program.
It controls whether to printf or not to printf an error on
g_module_open failure.
Remove this unused argument.
Signed-off-by: Claudio Fontana <cfont...@suse.de>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Message-Id: <20220929093035.4231-2-cfont...@suse.de>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 2106106d80489fb9b10cd3ccfaec811988e797cb)
Resolves: bsc#1208139
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
include/qemu/module.h | 8 ++++----
softmmu/qtest.c | 2 +-
util/module.c | 20 +++++++++-----------
3 files changed, 14 insertions(+), 16 deletions(-)
diff --git a/include/qemu/module.h b/include/qemu/module.h
index bd73607104c951a34512a156cff0..8c012bbe038d3c67ccc7f0795287 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -61,15 +61,15 @@ typedef enum {
#define fuzz_target_init(function) module_init(function, \
MODULE_INIT_FUZZ_TARGET)
#define migration_init(function) module_init(function, MODULE_INIT_MIGRATION)
-#define block_module_load_one(lib) module_load_one("block-", lib, false)
-#define ui_module_load_one(lib) module_load_one("ui-", lib, false)
-#define audio_module_load_one(lib) module_load_one("audio-", lib, false)
+#define block_module_load_one(lib) module_load_one("block-", lib)
+#define ui_module_load_one(lib) module_load_one("ui-", lib)
+#define audio_module_load_one(lib) module_load_one("audio-", lib)
void register_module_init(void (*fn)(void), module_init_type type);
void register_dso_module_init(void (*fn)(void), module_init_type type);
void module_call_init(module_init_type type);
-bool module_load_one(const char *prefix, const char *lib_name, bool mayfail);
+bool module_load_one(const char *prefix, const char *lib_name);
void module_load_qom_one(const char *type);
void module_load_qom_all(void);
void module_allow_arch(const char *arch);
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index f8acef2628d33760906e7b7b890a..76eb7bac563ea9608e1272f923cc 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -756,7 +756,7 @@ static void qtest_process_command(CharBackend *chr, gchar
**words)
g_assert(words[1] && words[2]);
qtest_send_prefix(chr);
- if (module_load_one(words[1], words[2], false)) {
+ if (module_load_one(words[1], words[2])) {
qtest_sendf(chr, "OK\n");
} else {
qtest_sendf(chr, "FAIL\n");
diff --git a/util/module.c b/util/module.c
index 8ddb0e18f517809282ffb45a0a14..8563edd6267cc6e2fbea2cb61e65 100644
--- a/util/module.c
+++ b/util/module.c
@@ -144,7 +144,7 @@ static bool module_check_arch(const QemuModinfo *modinfo)
return true;
}
-static int module_load_file(const char *fname, bool mayfail, bool
export_symbols)
+static int module_load_file(const char *fname, bool export_symbols)
{
GModule *g_module;
void (*sym)(void);
@@ -172,10 +172,8 @@ static int module_load_file(const char *fname, bool
mayfail, bool export_symbols
}
g_module = g_module_open(fname, flags);
if (!g_module) {
- if (!mayfail) {
- fprintf(stderr, "Failed to open module: %s\n",
- g_module_error());
- }
+ fprintf(stderr, "Failed to open module: %s\n",
+ g_module_error());
ret = -EINVAL;
goto out;
}
@@ -208,7 +206,7 @@ out:
}
#endif
-bool module_load_one(const char *prefix, const char *lib_name, bool mayfail)
+bool module_load_one(const char *prefix, const char *lib_name)
{
bool success = false;
@@ -256,7 +254,7 @@ bool module_load_one(const char *prefix, const char
*lib_name, bool mayfail)
if (strcmp(modinfo->name, module_name) == 0) {
/* we depend on other module(s) */
for (sl = modinfo->deps; *sl != NULL; sl++) {
- module_load_one("", *sl, false);
+ module_load_one("", *sl);
}
} else {
for (sl = modinfo->deps; *sl != NULL; sl++) {
@@ -287,7 +285,7 @@ bool module_load_one(const char *prefix, const char
*lib_name, bool mayfail)
for (i = 0; i < n_dirs; i++) {
fname = g_strdup_printf("%s/%s%s",
dirs[i], module_name, CONFIG_HOST_DSOSUF);
- ret = module_load_file(fname, mayfail, export_symbols);
+ ret = module_load_file(fname, export_symbols);
g_free(fname);
fname = NULL;
/* Try loading until loaded a module file */
@@ -333,7 +331,7 @@ void module_load_qom_one(const char *type)
}
for (sl = modinfo->objs; *sl != NULL; sl++) {
if (strcmp(type, *sl) == 0) {
- module_load_one("", modinfo->name, false);
+ module_load_one("", modinfo->name);
}
}
}
@@ -354,7 +352,7 @@ void module_load_qom_all(void)
if (!module_check_arch(modinfo)) {
continue;
}
- module_load_one("", modinfo->name, false);
+ module_load_one("", modinfo->name);
}
module_loaded_qom_all = true;
}
@@ -370,7 +368,7 @@ void qemu_load_module_for_opts(const char *group)
}
for (sl = modinfo->opts; *sl != NULL; sl++) {
if (strcmp(group, *sl) == 0) {
- module_load_one("", modinfo->name, false);
+ module_load_one("", modinfo->name);
}
}
}
++++++ module-rename-module_load_one-to-module_.patch ++++++
From: Claudio Fontana <cfont...@suse.de>
Date: Thu, 29 Sep 2022 11:30:32 +0200
Subject: module: rename module_load_one to module_load
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Claudio Fontana <cfont...@suse.de>
Reviewed-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-Id: <20220929093035.4231-3-cfont...@suse.de>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit dbc0e80553c067f56cb236d9de2cd0d50f3c6131)
Resolves: bsc#1208139
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
audio/audio.c | 2 +-
block.c | 4 ++--
block/dmg.c | 4 ++--
hw/core/qdev.c | 2 +-
include/qemu/module.h | 10 +++++-----
qom/object.c | 4 ++--
softmmu/qtest.c | 2 +-
ui/console.c | 6 +++---
util/module.c | 14 +++++++-------
9 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/audio/audio.c b/audio/audio.c
index a02f3ce5c6192542544c9c8017b1..9e2609707d7f4adecfb6e9f45670 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -79,7 +79,7 @@ audio_driver *audio_driver_lookup(const char *name)
}
}
- audio_module_load_one(name);
+ audio_module_load(name);
QLIST_FOREACH(d, &audio_drivers, next) {
if (strcmp(name, d->name) == 0) {
return d;
diff --git a/block.c b/block.c
index bc85f46eed690321657cf1de5d27..72c7f6d47d590657472b036a5847 100644
--- a/block.c
+++ b/block.c
@@ -464,7 +464,7 @@ BlockDriver *bdrv_find_format(const char *format_name)
/* The driver isn't registered, maybe we need to load a module */
for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
if (!strcmp(block_driver_modules[i].format_name, format_name)) {
- block_module_load_one(block_driver_modules[i].library_name);
+ block_module_load(block_driver_modules[i].library_name);
break;
}
}
@@ -976,7 +976,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
if (block_driver_modules[i].protocol_name &&
!strcmp(block_driver_modules[i].protocol_name, protocol)) {
- block_module_load_one(block_driver_modules[i].library_name);
+ block_module_load(block_driver_modules[i].library_name);
break;
}
}
diff --git a/block/dmg.c b/block/dmg.c
index 98db18d82a0e56e340db4373d967..007b8d9996d61be8370699f3d81f 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -446,8 +446,8 @@ static int dmg_open(BlockDriverState *bs, QDict *options,
int flags,
return -EINVAL;
}
- block_module_load_one("dmg-bz2");
- block_module_load_one("dmg-lzfse");
+ block_module_load("dmg-bz2");
+ block_module_load("dmg-lzfse");
s->n_chunks = 0;
s->offsets = s->lengths = s->sectors = s->sectorcounts = NULL;
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 0806d8fcaaaca5a1566c1791bd14..25dfc08468011b2d63f032526919 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -148,7 +148,7 @@ bool qdev_set_parent_bus(DeviceState *dev, BusState *bus,
Error **errp)
DeviceState *qdev_new(const char *name)
{
if (!object_class_by_name(name)) {
- module_load_qom_one(name);
+ module_load_qom(name);
}
return DEVICE(object_new(name));
}
diff --git a/include/qemu/module.h b/include/qemu/module.h
index 8c012bbe038d3c67ccc7f0795287..b7911ce7916148ba9c3245878350 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -61,16 +61,16 @@ typedef enum {
#define fuzz_target_init(function) module_init(function, \
MODULE_INIT_FUZZ_TARGET)
#define migration_init(function) module_init(function, MODULE_INIT_MIGRATION)
-#define block_module_load_one(lib) module_load_one("block-", lib)
-#define ui_module_load_one(lib) module_load_one("ui-", lib)
-#define audio_module_load_one(lib) module_load_one("audio-", lib)
+#define block_module_load(lib) module_load("block-", lib)
+#define ui_module_load(lib) module_load("ui-", lib)
+#define audio_module_load(lib) module_load("audio-", lib)
void register_module_init(void (*fn)(void), module_init_type type);
void register_dso_module_init(void (*fn)(void), module_init_type type);
void module_call_init(module_init_type type);
-bool module_load_one(const char *prefix, const char *lib_name);
-void module_load_qom_one(const char *type);
+bool module_load(const char *prefix, const char *lib_name);
+void module_load_qom(const char *type);
void module_load_qom_all(void);
void module_allow_arch(const char *arch);
diff --git a/qom/object.c b/qom/object.c
index d34608558e9e5e53f4b363774f06..4f834f3bf66c6672138d9bfc9e55 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -526,7 +526,7 @@ void object_initialize(void *data, size_t size, const char
*typename)
#ifdef CONFIG_MODULES
if (!type) {
- module_load_qom_one(typename);
+ module_load_qom(typename);
type = type_get_by_name(typename);
}
#endif
@@ -1033,7 +1033,7 @@ ObjectClass *module_object_class_by_name(const char
*typename)
oc = object_class_by_name(typename);
#ifdef CONFIG_MODULES
if (!oc) {
- module_load_qom_one(typename);
+ module_load_qom(typename);
oc = object_class_by_name(typename);
}
#endif
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 76eb7bac563ea9608e1272f923cc..fc5b733c630035785732610c920c 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -756,7 +756,7 @@ static void qtest_process_command(CharBackend *chr, gchar
**words)
g_assert(words[1] && words[2]);
qtest_send_prefix(chr);
- if (module_load_one(words[1], words[2])) {
+ if (module_load(words[1], words[2])) {
qtest_sendf(chr, "OK\n");
} else {
qtest_sendf(chr, "FAIL\n");
diff --git a/ui/console.c b/ui/console.c
index 765892f84f1c3bb6335887bc4889..4913c55684cb9b9d8c8ab0df5b22 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -2632,7 +2632,7 @@ bool qemu_display_find_default(DisplayOptions *opts)
for (i = 0; i < (int)ARRAY_SIZE(prio); i++) {
if (dpys[prio[i]] == NULL) {
- ui_module_load_one(DisplayType_str(prio[i]));
+ ui_module_load(DisplayType_str(prio[i]));
}
if (dpys[prio[i]] == NULL) {
continue;
@@ -2650,7 +2650,7 @@ void qemu_display_early_init(DisplayOptions *opts)
return;
}
if (dpys[opts->type] == NULL) {
- ui_module_load_one(DisplayType_str(opts->type));
+ ui_module_load(DisplayType_str(opts->type));
}
if (dpys[opts->type] == NULL) {
error_report("Display '%s' is not available.",
@@ -2680,7 +2680,7 @@ void qemu_display_help(void)
printf("none\n");
for (idx = DISPLAY_TYPE_NONE; idx < DISPLAY_TYPE__MAX; idx++) {
if (!dpys[idx]) {
- ui_module_load_one(DisplayType_str(idx));
+ ui_module_load(DisplayType_str(idx));
}
if (dpys[idx]) {
printf("%s\n", DisplayType_str(dpys[idx]->type));
diff --git a/util/module.c b/util/module.c
index 8563edd6267cc6e2fbea2cb61e65..ad89cd50dc2a03ea6f8431849137 100644
--- a/util/module.c
+++ b/util/module.c
@@ -206,7 +206,7 @@ out:
}
#endif
-bool module_load_one(const char *prefix, const char *lib_name)
+bool module_load(const char *prefix, const char *lib_name)
{
bool success = false;
@@ -254,7 +254,7 @@ bool module_load_one(const char *prefix, const char
*lib_name)
if (strcmp(modinfo->name, module_name) == 0) {
/* we depend on other module(s) */
for (sl = modinfo->deps; *sl != NULL; sl++) {
- module_load_one("", *sl);
+ module_load("", *sl);
}
} else {
for (sl = modinfo->deps; *sl != NULL; sl++) {
@@ -312,7 +312,7 @@ bool module_load_one(const char *prefix, const char
*lib_name)
static bool module_loaded_qom_all;
-void module_load_qom_one(const char *type)
+void module_load_qom(const char *type)
{
const QemuModinfo *modinfo;
const char **sl;
@@ -331,7 +331,7 @@ void module_load_qom_one(const char *type)
}
for (sl = modinfo->objs; *sl != NULL; sl++) {
if (strcmp(type, *sl) == 0) {
- module_load_one("", modinfo->name);
+ module_load("", modinfo->name);
}
}
}
@@ -352,7 +352,7 @@ void module_load_qom_all(void)
if (!module_check_arch(modinfo)) {
continue;
}
- module_load_one("", modinfo->name);
+ module_load("", modinfo->name);
}
module_loaded_qom_all = true;
}
@@ -368,7 +368,7 @@ void qemu_load_module_for_opts(const char *group)
}
for (sl = modinfo->opts; *sl != NULL; sl++) {
if (strcmp(group, *sl) == 0) {
- module_load_one("", modinfo->name);
+ module_load("", modinfo->name);
}
}
}
@@ -378,7 +378,7 @@ void qemu_load_module_for_opts(const char *group)
void module_allow_arch(const char *arch) {}
void qemu_load_module_for_opts(const char *group) {}
-void module_load_qom_one(const char *type) {}
+void module_load_qom(const char *type) {}
void module_load_qom_all(void) {}
#endif
++++++ openSUSE-pc-q35-Bump-max_cpus-to-1024.patch ++++++
From: Dario Faggioli <dfaggi...@suse.com>
Date: Wed, 16 Nov 2022 13:24:36 +0100
Subject: [openSUSE] pc: q35: Bump max_cpus to 1024
And use the new limit for machine version 7.1 too.
Keep the old limit of 288 for machine versions 7.0 and earlier.
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
(cherry picked from commit
https://lore.kernel.org/qemu-devel/166876173513.24238.8968021290016401421.stgit@tumbleweed.Wayrath/)
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/i386/pc_q35.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 2e5dae9a89faaf0d9c285b030ed7..6875e27b508cccd6891e2db58b68 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -367,7 +367,7 @@ static void pc_q35_machine_options(MachineClass *m)
machine_class_allow_dynamic_sysbus_dev(m, TYPE_INTEL_IOMMU_DEVICE);
machine_class_allow_dynamic_sysbus_dev(m, TYPE_RAMFB_DEVICE);
machine_class_allow_dynamic_sysbus_dev(m, TYPE_VMBUS_BRIDGE);
- m->max_cpus = 288;
+ m->max_cpus = 1024;
}
static void pc_q35_7_1_machine_options(MachineClass *m)
@@ -388,6 +388,7 @@ static void pc_q35_7_0_machine_options(MachineClass *m)
pc_q35_7_1_machine_options(m);
m->alias = NULL;
pcmc->enforce_amd_1tb_hole = false;
+ m->max_cpus = 288;
compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len);
compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len);
}
++++++ qemu.spec.in ++++++
--- /var/tmp/diff_new_pack.eMjNEy/_old 2023-02-12 19:14:08.356973760 +0100
+++ /var/tmp/diff_new_pack.eMjNEy/_new 2023-02-12 19:14:08.396974005 +0100
@@ -152,6 +152,9 @@
Source15: 60-seabios-128k.json
Source200: qemu-rpmlintrc
Source201: DSDT.pcie
+Source202: APIC.core-count2
+Source203: DSDT.core-count2
+Source204: FACP.core-count2
Source300: bundles.tar.xz
Source301: update_git.sh
Source302: config.sh
@@ -2251,6 +2254,10 @@
# If that patch is removed, the following line needs to go as well.
cp %{SOURCE201} %{srcdir}/tests/data/acpi/microvm/
+# Patch 'tests/acpi: update tables for new core count test' requires some new
+# binaries to be introcuded too. Let's copy them in place as well
+cp %{SOURCE202} %{SOURCE203} %{SOURCE204} %{srcdir}/tests/data/acpi/q35/
+
%if 0%{?qemu_user_space_build}
# Seccomp is not supported by linux-user emulation
echo 'int main (void) { return 0; }' > %{srcdir}/tests/unit/test-seccomp.c
++++++ s390x-tod-kvm-don-t-save-restore-the-TOD.patch ++++++
From: Nico Boehr <n...@linux.ibm.com>
Date: Wed, 12 Oct 2022 14:32:29 +0200
Subject: s390x/tod-kvm: don't save/restore the TOD in PV guests
Under PV, the guest's TOD clock is under control of the ultravisor and the
hypervisor cannot change it.
With upcoming kernel changes[1], the Linux kernel will reject QEMU's
request to adjust the guest's clock in this case, so don't attempt to set
the clock.
This avoids the following warning message on save/restore of a PV guest:
warning: Unable to set KVM guest TOD clock: Operation not supported
[1] https://lore.kernel.org/all/20221011160712.928239-2-...@linux.ibm.com/
Fixes: c3347ed0d2ee ("s390x: protvirt: Support unpack facility")
Signed-off-by: Nico Boehr <n...@linux.ibm.com>
Message-Id: <20221012123229.1196007-1-...@linux.ibm.com>
[thuth: Add curly braces]
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit 38621181ae3cbec62e3490fbc14f6ac01642d07a)
Resolves: bsc#1206527
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
hw/s390x/tod-kvm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/s390x/tod-kvm.c b/hw/s390x/tod-kvm.c
index 9d0cbfbce2bf56b3593d712bd082..e2202dae2dc203a2848a3d0faaaf 100644
--- a/hw/s390x/tod-kvm.c
+++ b/hw/s390x/tod-kvm.c
@@ -13,6 +13,7 @@
#include "qemu/module.h"
#include "sysemu/runstate.h"
#include "hw/s390x/tod.h"
+#include "hw/s390x/pv.h"
#include "kvm/kvm_s390x.h"
static void kvm_s390_get_tod_raw(S390TOD *tod, Error **errp)
@@ -84,6 +85,14 @@ static void kvm_s390_tod_vm_state_change(void *opaque, bool
running,
S390TODState *td = opaque;
Error *local_err = NULL;
+ /*
+ * Under PV, the clock is under ultravisor control, hence we cannot restore
+ * it on resume.
+ */
+ if (s390_is_pv()) {
+ return;
+ }
+
if (running && td->stopped) {
/* Set the old TOD when running the VM - start the TOD clock. */
kvm_s390_set_tod_raw(&td->base, &local_err);
++++++ tests-acpi-allow-changes-for-core_count2.patch ++++++
From: Julia Suvorova <jus...@redhat.com>
Date: Tue, 11 Oct 2022 13:17:29 +0200
Subject: tests/acpi: allow changes for core_count2 test
Signed-off-by: Julia Suvorova <jus...@redhat.com>
Message-Id: <20220731162141.178443-4-jus...@redhat.com>
Message-Id: <20221011111731.101412-4-jus...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Acked-by: Igor Mammedov <imamm...@redhat.com>
(cherry picked from commit 159a0da5b0bd660f8a70bca4e3c2bd4c863eaf1a)
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
tests/data/acpi/q35/APIC.core-count2 | 0
tests/data/acpi/q35/DSDT.core-count2 | 0
tests/data/acpi/q35/FACP.core-count2 | 0
tests/qtest/bios-tables-test-allowed-diff.h | 3 +++
4 files changed, 3 insertions(+)
diff --git a/tests/data/acpi/q35/APIC.core-count2
b/tests/data/acpi/q35/APIC.core-count2
new file mode 100644
index
0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/tests/data/acpi/q35/DSDT.core-count2
b/tests/data/acpi/q35/DSDT.core-count2
new file mode 100644
index
0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/tests/data/acpi/q35/FACP.core-count2
b/tests/data/acpi/q35/FACP.core-count2
new file mode 100644
index
0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h
b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8bf457c471cea8d860ef..e81dc67a2e52bc6553494325d248 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,4 @@
/* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/q35/APIC.core-count2",
+"tests/data/acpi/q35/DSDT.core-count2",
+"tests/data/acpi/q35/FACP.core-count2",
++++++ tests-acpi-update-tables-for-new-core-co.patch ++++++
From: Julia Suvorova <jus...@redhat.com>
Date: Tue, 11 Oct 2022 13:17:31 +0200
Subject: tests/acpi: update tables for new core count test
Changes in the tables (for 275 cores):
FACP:
+ Use APIC Cluster Model (V4) : 1
APIC:
+[02Ch 0044 1] Subtable Type : 00 [Processor Local APIC]
+[02Dh 0045 1] Length : 08
+[02Eh 0046 1] Processor ID : 00
+[02Fh 0047 1] Local Apic ID : 00
+[030h 0048 4] Flags (decoded below) : 00000001
+ Processor Enabled : 1
...
+
+[81Ch 2076 1] Subtable Type : 00 [Processor Local APIC]
+[81Dh 2077 1] Length : 08
+[81Eh 2078 1] Processor ID : FE
+[81Fh 2079 1] Local Apic ID : FE
+[820h 2080 4] Flags (decoded below) : 00000001
+ Processor Enabled : 1
+ Runtime Online Capable : 0
+
+[824h 2084 1] Subtable Type : 09 [Processor Local x2APIC]
+[825h 2085 1] Length : 10
+[826h 2086 2] Reserved : 0000
+[828h 2088 4] Processor x2Apic ID : 000000FF
+[82Ch 2092 4] Flags (decoded below) : 00000001
+ Processor Enabled : 1
+[830h 2096 4] Processor UID : 000000FF
...
DSDT:
+ Processor (C001, 0x01, 0x00000000, 0x00)
+ {
+ Method (_STA, 0, Serialized) // _STA: Status
+ {
+ Return (CSTA (One))
+ }
+
+ Name (_MAT, Buffer (0x08) // _MAT: Multiple APIC Table Entry
+ {
+ 0x00, 0x08, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00 //
........
+ })
+ Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9
+ {
+ CEJ0 (One)
+ }
+
+ Method (_OST, 3, Serialized) // _OST: OSPM Status Indication
+ {
+ COST (One, Arg0, Arg1, Arg2)
+ }
+ }
...
+ Processor (C0FE, 0xFE, 0x00000000, 0x00)
+ {
+ Method (_STA, 0, Serialized) // _STA: Status
+ {
+ Return (CSTA (0xFE))
+ }
+
+ Name (_MAT, Buffer (0x08) // _MAT: Multiple APIC Table Entry
+ {
+ 0x00, 0x08, 0xFE, 0xFE, 0x01, 0x00, 0x00, 0x00 //
........
+ })
+ Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9
+ {
+ CEJ0 (0xFE)
+ }
+
+ Method (_OST, 3, Serialized) // _OST: OSPM Status Indication
+ {
+ COST (0xFE, Arg0, Arg1, Arg2)
+ }
+ }
+
+ Device (C0FF)
+ {
+ Name (_HID, "ACPI0007" /* Processor Device */) // _HID:
Hardware ID
+ Name (_UID, 0xFF) // _UID: Unique ID
+ Method (_STA, 0, Serialized) // _STA: Status
+ {
+ Return (CSTA (0xFF))
+ }
+
+ Name (_MAT, Buffer (0x10) // _MAT: Multiple APIC Table Entry
+ {
+ /* 0000 */ 0x09, 0x10, 0x00, 0x00, 0xFF, 0x00, 0x00,
0x00, // ........
+ /* 0008 */ 0x01, 0x00, 0x00, 0x00, 0xFF, 0x00, 0x00, 0x00
// ........
+ })
+ Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9
+ {
+ CEJ0 (0xFF)
+ }
+
+ Method (_OST, 3, Serialized) // _OST: OSPM Status Indication
+ {
+ COST (0xFF, Arg0, Arg1, Arg2)
+ }
+ }
+
...
Signed-off-by: Julia Suvorova <jus...@redhat.com>
Message-Id: <20220731162141.178443-6-jus...@redhat.com>
Message-Id: <20221011111731.101412-6-jus...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit b22fbc5bcb6bd2412889f2c48a29c86880a30552)
[Moved the updated binaries directly in RPM sources]
References: bsc#1202282, jsc#PED-2592
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
tests/qtest/bios-tables-test-allowed-diff.h | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h
b/tests/qtest/bios-tables-test-allowed-diff.h
index e81dc67a2e52bc6553494325d248..dfb8523c8bf457c471cea8d860ef 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1,4 +1 @@
/* List of comma-separated changed AML files to ignore */
-"tests/data/acpi/q35/APIC.core-count2",
-"tests/data/acpi/q35/DSDT.core-count2",
-"tests/data/acpi/q35/FACP.core-count2",
++++++ ui-vnc-clipboard-fix-integer-underflow-i.patch ++++++
From: Mauro Matteo Cascella <mcasc...@redhat.com>
Date: Sun, 25 Sep 2022 22:45:11 +0200
Subject: ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
Extended ClientCutText messages start with a 4-byte header. If len < 4,
an integer underflow occurs in vnc_client_cut_text_ext. The result is
used to decompress data in a while loop in inflate_buffer, leading to
CPU consumption and denial of service. Prevent this by checking dlen in
protocol_client_msg.
Fixes: CVE-2022-3165
Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support")
Reported-by: TangPeng <tangp...@qianxin.com>
Signed-off-by: Mauro Matteo Cascella <mcasc...@redhat.com>
Message-Id: <20220925204511.1103214-1-mcasc...@redhat.com>
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
(cherry picked from commit d307040b18bfcb1393b910f1bae753d5c12a4dc7)
Resolves: bsc#1203788
Signed-off-by: Dario Faggioli <dfaggi...@suse.com>
---
ui/vnc.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 6a05d061479e3bc38148e4647426..acb3629cd8e2643ff82e72d958dc 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t
*data, size_t len)
if (len == 1) {
return 8;
}
+ uint32_t dlen = abs(read_s32(data, 4));
if (len == 8) {
- uint32_t dlen = abs(read_s32(data, 4));
if (dlen > (1 << 20)) {
error_report("vnc: client_cut_text msg payload has %u bytes"
" which exceeds our limit of 1MB.", dlen);
@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t
*data, size_t len)
}
if (read_s32(data, 4) < 0) {
- vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
- read_u32(data, 8), data + 12);
+ if (dlen < 4) {
+ error_report("vnc: malformed payload (header less than 4
bytes)"
+ " in extended clipboard pseudo-encoding.");
+ vnc_client_error(vs);
+ break;
+ }
+ vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
break;
}
vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
