Hello community, here is the log from the commit of package qemu for openSUSE:Factory checked in at 2019-01-11 14:02:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qemu (Old) and /work/SRC/openSUSE:Factory/.qemu.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qemu" Fri Jan 11 14:02:55 2019 rev:149 rq:664460 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/qemu/qemu-linux-user.changes 2018-12-27 00:25:45.579841286 +0100 +++ /work/SRC/openSUSE:Factory/.qemu.new.28833/qemu-linux-user.changes 2019-01-11 14:04:12.031877850 +0100 @@ -1,0 +2,45 @@ +Thu Jan 10 18:03:30 UTC 2019 - Bruce Rogers <[email protected]> + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 +* Patches added: + 0041-vfio-ap-flag-as-compatible-with-bal.patch + 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch + 0043-pcie-set-link-state-inactive-active.patch + 0044-pc-piix4-Update-smbus-I-O-space-aft.patch + 0045-hw-usb-fix-mistaken-de-initializati.patch + 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch + 0047-pvrdma-release-device-resources-in-.patch + 0048-rdma-check-num_sge-does-not-exceed-.patch + 0049-pvrdma-add-uar_read-routine.patch + 0050-pvrdma-check-number-of-pages-when-c.patch + 0051-pvrdma-check-return-value-from-pvrd.patch + 0052-pvrdma-release-ring-object-in-case-.patch + 0053-block-Fix-hangs-in-synchronous-APIs.patch + +------------------------------------------------------------------- +Tue Jan 8 13:41:35 UTC 2019 - [email protected] + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 +* Patches added: + 0040-xen-ignore-live-parameter-from-xen-.patch + (bsc#1079730, bsc#1101982, bsc#1063993) + +------------------------------------------------------------------- +Fri Jan 4 19:53:55 UTC 2019 - Bruce Rogers <[email protected]> + +- Follow up on ideas prompted by last change: clean up the patches + generated by git workflow. There is no value to the first line + (mbox From line), or [PATCH] on subject line. Get rid of those +- Other minor fixes and improvements to update_git.sh + +------------------------------------------------------------------- +Thu Jan 3 14:12:56 UTC 2019 - [email protected] + +- Modify update_git.sh script: + pass --zero-commit to format-patch + This removes needless noise in the buildservice when the same set + of patches is imported/exported at different times by different users. + pass --no-signature to format-patch + Remove sed call which used to remove the signature, use mv instead + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/qemu/qemu-testsuite.changes 2018-12-27 00:25:45.647841230 +0100 +++ /work/SRC/openSUSE:Factory/.qemu.new.28833/qemu-testsuite.changes 2019-01-11 14:04:12.079877802 +0100 @@ -1,0 +2,56 @@ +Thu Jan 10 18:03:29 UTC 2019 - Bruce Rogers <[email protected]> + +- include post v3.1.0 patches marked for next stable release: + 0041-vfio-ap-flag-as-compatible-with-bal.patch + 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch + 0043-pcie-set-link-state-inactive-active.patch + 0044-pc-piix4-Update-smbus-I-O-space-aft.patch + 0045-hw-usb-fix-mistaken-de-initializati.patch +- Address various security/stability issues +* Fix host access vulnerability in usb-mtp infrastructure + (CVE-2018-16872 bsc#1119493) + 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch +* Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437) + 0047-pvrdma-release-device-resources-in-.patch +* Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840) + 0048-rdma-check-num_sge-does-not-exceed-.patch +* Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191 + bsc#1119979) + 0049-pvrdma-add-uar_read-routine.patch +* Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989) + 0050-pvrdma-check-number-of-pages-when-c.patch +* Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984) + 0051-pvrdma-check-return-value-from-pvrd.patch +* Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991) + 0052-pvrdma-release-ring-object-in-case-.patch +- one more post v3.1.0 patches marked for next stable release: + 0053-block-Fix-hangs-in-synchronous-APIs.patch +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 + +------------------------------------------------------------------- +Tue Jan 8 13:41:35 UTC 2019 - [email protected] + +- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 +* Patches added: + 0040-xen-ignore-live-parameter-from-xen-.patch + (bsc#1079730, bsc#1101982, bsc#1063993) + +------------------------------------------------------------------- +Fri Jan 4 19:53:55 UTC 2019 - Bruce Rogers <[email protected]> + +- Follow up on ideas prompted by last change: clean up the patches + generated by git workflow. There is no value to the first line + (mbox From line), or [PATCH] on subject line. Get rid of those +- Other minor fixes and improvements to update_git.sh + +------------------------------------------------------------------- +Thu Jan 3 14:12:56 UTC 2019 - [email protected] + +- Modify update_git.sh script: + pass --zero-commit to format-patch + This removes needless noise in the buildservice when the same set + of patches is imported/exported at different times by different users. + pass --no-signature to format-patch + Remove sed call which used to remove the signature, use mv instead + +------------------------------------------------------------------- qemu.changes: same change New: ---- 0040-xen-ignore-live-parameter-from-xen-.patch 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch 0047-pvrdma-release-device-resources-in-.patch 0048-rdma-check-num_sge-does-not-exceed-.patch 0049-pvrdma-add-uar_read-routine.patch 0050-pvrdma-check-number-of-pages-when-c.patch 0051-pvrdma-check-return-value-from-pvrd.patch 0052-pvrdma-release-ring-object-in-case-.patch 0053-block-Fix-hangs-in-synchronous-APIs.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qemu-linux-user.spec ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.023875845 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.027875841 +0100 @@ -1,7 +1,7 @@ # # spec file for package qemu-linux-user # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -71,6 +71,20 @@ Patch0037: 0037-tests-qemu-iotests-Triple-timeout-o.patch Patch0038: 0038-tests-block-io-test-130-needs-some-.patch Patch0039: 0039-xen_disk-Avoid-repeated-memory-allo.patch +Patch0040: 0040-xen-ignore-live-parameter-from-xen-.patch +Patch0041: 0041-vfio-ap-flag-as-compatible-with-bal.patch +Patch0042: 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch +Patch0043: 0043-pcie-set-link-state-inactive-active.patch +Patch0044: 0044-pc-piix4-Update-smbus-I-O-space-aft.patch +Patch0045: 0045-hw-usb-fix-mistaken-de-initializati.patch +Patch0046: 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch +Patch0047: 0047-pvrdma-release-device-resources-in-.patch +Patch0048: 0048-rdma-check-num_sge-does-not-exceed-.patch +Patch0049: 0049-pvrdma-add-uar_read-routine.patch +Patch0050: 0050-pvrdma-check-number-of-pages-when-c.patch +Patch0051: 0051-pvrdma-check-return-value-from-pvrd.patch +Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch +Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. ExcludeArch: s390 @@ -141,6 +155,20 @@ %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 +%patch0042 -p1 +%patch0043 -p1 +%patch0044 -p1 +%patch0045 -p1 +%patch0046 -p1 +%patch0047 -p1 +%patch0048 -p1 +%patch0049 -p1 +%patch0050 -p1 +%patch0051 -p1 +%patch0052 -p1 +%patch0053 -p1 %build ./configure \ ++++++ qemu-testsuite.spec ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.043875825 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.047875821 +0100 @@ -1,7 +1,7 @@ # # spec file for package qemu-testsuite # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -176,6 +176,20 @@ Patch0037: 0037-tests-qemu-iotests-Triple-timeout-o.patch Patch0038: 0038-tests-block-io-test-130-needs-some-.patch Patch0039: 0039-xen_disk-Avoid-repeated-memory-allo.patch +Patch0040: 0040-xen-ignore-live-parameter-from-xen-.patch +Patch0041: 0041-vfio-ap-flag-as-compatible-with-bal.patch +Patch0042: 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch +Patch0043: 0043-pcie-set-link-state-inactive-active.patch +Patch0044: 0044-pc-piix4-Update-smbus-I-O-space-aft.patch +Patch0045: 0045-hw-usb-fix-mistaken-de-initializati.patch +Patch0046: 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch +Patch0047: 0047-pvrdma-release-device-resources-in-.patch +Patch0048: 0048-rdma-check-num_sge-does-not-exceed-.patch +Patch0049: 0049-pvrdma-add-uar_read-routine.patch +Patch0050: 0050-pvrdma-check-number-of-pages-when-c.patch +Patch0051: 0051-pvrdma-check-return-value-from-pvrd.patch +Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch +Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -943,6 +957,20 @@ %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 +%patch0042 -p1 +%patch0043 -p1 +%patch0044 -p1 +%patch0045 -p1 +%patch0046 -p1 +%patch0047 -p1 +%patch0048 -p1 +%patch0049 -p1 +%patch0050 -p1 +%patch0051 -p1 +%patch0052 -p1 +%patch0053 -p1 pushd roms/seabios %patch1100 -p1 ++++++ qemu.spec ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.063875805 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.063875805 +0100 @@ -1,7 +1,7 @@ # # spec file for package qemu # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -176,6 +176,20 @@ Patch0037: 0037-tests-qemu-iotests-Triple-timeout-o.patch Patch0038: 0038-tests-block-io-test-130-needs-some-.patch Patch0039: 0039-xen_disk-Avoid-repeated-memory-allo.patch +Patch0040: 0040-xen-ignore-live-parameter-from-xen-.patch +Patch0041: 0041-vfio-ap-flag-as-compatible-with-bal.patch +Patch0042: 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch +Patch0043: 0043-pcie-set-link-state-inactive-active.patch +Patch0044: 0044-pc-piix4-Update-smbus-I-O-space-aft.patch +Patch0045: 0045-hw-usb-fix-mistaken-de-initializati.patch +Patch0046: 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch +Patch0047: 0047-pvrdma-release-device-resources-in-.patch +Patch0048: 0048-rdma-check-num_sge-does-not-exceed-.patch +Patch0049: 0049-pvrdma-add-uar_read-routine.patch +Patch0050: 0050-pvrdma-check-number-of-pages-when-c.patch +Patch0051: 0051-pvrdma-check-return-value-from-pvrd.patch +Patch0052: 0052-pvrdma-release-ring-object-in-case-.patch +Patch0053: 0053-block-Fix-hangs-in-synchronous-APIs.patch # Please do not add QEMU patches manually here. # Run update_git.sh to regenerate this queue. @@ -943,6 +957,20 @@ %patch0037 -p1 %patch0038 -p1 %patch0039 -p1 +%patch0040 -p1 +%patch0041 -p1 +%patch0042 -p1 +%patch0043 -p1 +%patch0044 -p1 +%patch0045 -p1 +%patch0046 -p1 +%patch0047 -p1 +%patch0048 -p1 +%patch0049 -p1 +%patch0050 -p1 +%patch0051 -p1 +%patch0052 -p1 +%patch0053 -p1 pushd roms/seabios %patch1100 -p1 ++++++ 0001-XXX-dont-dump-core-on-sigabort.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.079875789 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.083875785 +0100 @@ -1,7 +1,6 @@ -From 832434a783511ecfd30db4d718dcf15210da866e Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Mon, 21 Nov 2011 23:50:36 +0100 -Subject: [PATCH] XXX dont dump core on sigabort +Subject: XXX dont dump core on sigabort Signed-off-by: Bruce Rogers <[email protected]> --- ++++++ 0002-qemu-binfmt-conf-Modify-default-pat.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.087875781 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.087875781 +0100 @@ -1,7 +1,6 @@ -From ecb8f5651091fb6538366fefc43ecd095328194a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Wed, 10 Aug 2016 19:00:24 +0200 -Subject: [PATCH] qemu-binfmt-conf: Modify default path +Subject: qemu-binfmt-conf: Modify default path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0003-qemu-cvs-gettimeofday.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.091875776 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.095875773 +0100 @@ -1,7 +1,6 @@ -From 540d7a5df50656e9ec56cc78c909c36382814e54 Mon Sep 17 00:00:00 2001 From: Ulrich Hecht <[email protected]> Date: Tue, 14 Apr 2009 16:25:41 +0200 -Subject: [PATCH] qemu-cvs-gettimeofday +Subject: qemu-cvs-gettimeofday No clue what this is for. ++++++ 0004-qemu-cvs-ioctl_debug.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.103875765 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.103875765 +0100 @@ -1,7 +1,6 @@ -From 4b8064e9cf51af12d6c57a56fc795774eaf84ade Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Tue, 14 Apr 2009 16:26:33 +0200 -Subject: [PATCH] qemu-cvs-ioctl_debug +Subject: qemu-cvs-ioctl_debug Extends unsupported ioctl debug output. ++++++ 0005-qemu-cvs-ioctl_nodirection.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.111875756 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.111875756 +0100 @@ -1,7 +1,6 @@ -From ae20a979f7196eca1934f963b52a657374f1ac10 Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Tue, 14 Apr 2009 16:27:36 +0200 -Subject: [PATCH] qemu-cvs-ioctl_nodirection +Subject: qemu-cvs-ioctl_nodirection the direction given in the ioctl should be correct so we can assume the communication is uni-directional. The alsa developers did not like this ++++++ 0006-linux-user-add-binfmt-wrapper-for-a.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.115875753 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.115875753 +0100 @@ -1,7 +1,6 @@ -From 677597f3df31a00bfdfc515744a5acf20a20d204 Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Fri, 30 Sep 2011 19:40:36 +0200 -Subject: [PATCH] linux-user: add binfmt wrapper for argv[0] handling +Subject: linux-user: add binfmt wrapper for argv[0] handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0007-PPC-KVM-Disable-mmu-notifier-check.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.123875745 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.123875745 +0100 @@ -1,7 +1,6 @@ -From 698f8163ca702dd9b7c5e456907178579b7bf4a0 Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Fri, 6 Jan 2012 01:05:55 +0100 -Subject: [PATCH] PPC: KVM: Disable mmu notifier check +Subject: PPC: KVM: Disable mmu notifier check When using hugetlbfs (which is required for HV mode KVM on 970), we check for MMU notifiers that on 970 can not be implemented properly. ++++++ 0008-linux-user-binfmt-support-host-bina.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.131875737 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.131875737 +0100 @@ -1,7 +1,6 @@ -From 73f6e4c049e433b4f492916e7366aedd3a970edb Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Thu, 2 Feb 2012 18:02:33 +0100 -Subject: [PATCH] linux-user: binfmt: support host binaries +Subject: linux-user: binfmt: support host binaries When we have a working host binary equivalent for the guest binary we're trying to run, let's just use that instead as it will be a lot faster. ++++++ 0009-linux-user-Fake-proc-cpuinfo.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.139875729 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.139875729 +0100 @@ -1,7 +1,6 @@ -From 650ba31a809fe4d89bf3a0625c07729bbf5af035 Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Mon, 23 Jul 2012 10:24:14 +0200 -Subject: [PATCH] linux-user: Fake /proc/cpuinfo +Subject: linux-user: Fake /proc/cpuinfo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0010-Remove-problematic-evdev-86-key-fro.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.143875724 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.143875724 +0100 @@ -1,7 +1,6 @@ -From 1e6c62c45c22da52f13ab2c1aefd0544c0307549 Mon Sep 17 00:00:00 2001 From: Adam Williamson <[email protected]> Date: Wed, 20 Dec 2017 15:43:07 -0800 -Subject: [PATCH] Remove problematic 'evdev 86' key from en-us keymap +Subject: Remove problematic 'evdev 86' key from en-us keymap This causes LP#1738283. Gerd will have to come up with a better fix, but just hacking out the problematic key definition should ++++++ 0011-linux-user-use-target_ulong.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.151875717 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.151875717 +0100 @@ -1,7 +1,6 @@ -From a4464c46f03789eae3abf93281f1addcbdb53da0 Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Tue, 9 Oct 2012 09:06:49 +0200 -Subject: [PATCH] linux-user: use target_ulong +Subject: linux-user: use target_ulong Linux syscalls pass pointers or data length or other information of that sort to the kernel. This is all stuff you don't want to have sign extended. ++++++ 0012-Make-char-muxer-more-robust-wrt-sma.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.159875709 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.159875709 +0100 @@ -1,7 +1,6 @@ -From 35506374079e31a526a7206813ef8f89aecaa04c Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Thu, 1 Apr 2010 17:36:23 +0200 -Subject: [PATCH] Make char muxer more robust wrt small FIFOs +Subject: Make char muxer more robust wrt small FIFOs Virtio-Console can only process one character at a time. Using it on S390 gave me strage "lags" where I got the character I pressed before when ++++++ 0013-linux-user-lseek-explicitly-cast-no.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.163875704 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.167875700 +0100 @@ -1,7 +1,6 @@ -From 02ce2ef5ff260d7ef395aa31dabd757776a6b67f Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Thu, 13 Dec 2012 14:29:22 +0100 -Subject: [PATCH] linux-user: lseek: explicitly cast non-set offsets to signed +Subject: linux-user: lseek: explicitly cast non-set offsets to signed When doing lseek, SEEK_SET indicates that the offset is an unsigned variable. Other seek types have parameters that can be negative. ++++++ 0014-AIO-Reduce-number-of-threads-for-32.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.171875696 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.171875696 +0100 @@ -1,7 +1,6 @@ -From a2de9e871de89fe1b188dfdb13cc6701eb302b00 Mon Sep 17 00:00:00 2001 From: Alexander Graf <[email protected]> Date: Wed, 14 Jan 2015 01:32:11 +0100 -Subject: [PATCH] AIO: Reduce number of threads for 32bit hosts +Subject: AIO: Reduce number of threads for 32bit hosts On hosts with limited virtual address space (32bit pointers), we can very easily run out of virtual memory with big thread pools. ++++++ 0015-xen_disk-Add-suse-specific-flush-di.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.175875692 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.175875692 +0100 @@ -1,8 +1,7 @@ -From 59d91f48a4a839456fcff66ba375f5c01dd6c42c Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Wed, 9 Mar 2016 15:18:11 -0700 -Subject: [PATCH] xen_disk: Add suse specific flush disable handling and map to - QEMU equiv +Subject: xen_disk: Add suse specific flush disable handling and map to QEMU + equiv Add code to read the suse specific suse-diskcache-disable-flush flag out of xenstore, and set the equivalent flag within QEMU. ++++++ 0016-qemu-bridge-helper-reduce-security-.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.183875684 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.183875684 +0100 @@ -1,7 +1,6 @@ -From 12e80a565b210d70bc2a230e808ed6102ec3b123 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Tue, 2 Aug 2016 11:36:02 -0600 -Subject: [PATCH] qemu-bridge-helper: reduce security profile +Subject: qemu-bridge-helper: reduce security profile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.187875680 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.187875680 +0100 @@ -1,7 +1,6 @@ -From 8d32cd58427d7207c1ab44b666a7faf09e270c1b Mon Sep 17 00:00:00 2001 From: Andreas Schwab <[email protected]> Date: Fri, 12 Aug 2016 18:20:49 +0200 -Subject: [PATCH] qemu-binfmt-conf: use qemu-ARCH-binfmt +Subject: qemu-binfmt-conf: use qemu-ARCH-binfmt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0018-linux-user-properly-test-for-infini.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.195875672 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.195875672 +0100 @@ -1,7 +1,6 @@ -From 28321798381384bff19f886b167e25dc15e9fcdf Mon Sep 17 00:00:00 2001 From: Andreas Schwab <[email protected]> Date: Thu, 8 Sep 2016 11:21:05 +0200 -Subject: [PATCH] linux-user: properly test for infinite timeout in poll (#8) +Subject: linux-user: properly test for infinite timeout in poll (#8) After "linux-user: use target_ulong" the poll syscall was no longer handling infinite timeout. ++++++ 0019-roms-Makefile-pass-a-packaging-time.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.203875664 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.203875664 +0100 @@ -1,8 +1,7 @@ -From 2df2bfd0ca9aabad27114bb778863cfeb76ca111 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Sat, 19 Nov 2016 08:06:30 -0700 -Subject: [PATCH] roms/Makefile: pass a packaging timestamp to subpackages with - date info +Subject: roms/Makefile: pass a packaging timestamp to subpackages with date + info Certain rom subpackages build from qemu git-submodules call the date program to include date information in the packaged binaries. This ++++++ 0020-Raise-soft-address-space-limit-to-h.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.207875660 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.211875656 +0100 @@ -1,7 +1,6 @@ -From 544752d713e0a6a8a00cae1cbd902d95944d68a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Sun, 15 Jan 2012 19:53:49 +0100 -Subject: [PATCH] Raise soft address space limit to hard limit +Subject: Raise soft address space limit to hard limit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0021-increase-x86_64-physical-bits-to-42.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.215875651 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.215875651 +0100 @@ -1,7 +1,6 @@ -From da91336daba1034e76118bb089beb312124f0e90 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Fri, 17 May 2013 16:49:58 -0600 -Subject: [PATCH] increase x86_64 physical bits to 42 +Subject: increase x86_64 physical bits to 42 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.219875648 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.219875648 +0100 @@ -1,7 +1,6 @@ -From 3643b477312298e50ad42cc9ee4b0e047521c1cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Wed, 12 Jun 2013 19:26:37 +0200 -Subject: [PATCH] vga: Raise VRAM to 16 MiB for pc-0.15 and below +Subject: vga: Raise VRAM to 16 MiB for pc-0.15 and below MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0023-i8254-Fix-migration-from-SLE11-SP2.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.223875644 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.227875640 +0100 @@ -1,7 +1,6 @@ -From 52eec29e3edc64659edd2911aae28d82a8893528 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Wed, 31 Jul 2013 17:05:29 +0200 -Subject: [PATCH] i8254: Fix migration from SLE11 SP2 +Subject: i8254: Fix migration from SLE11 SP2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0024-acpi_piix4-Fix-migration-from-SLE11.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.231875636 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.231875636 +0100 @@ -1,7 +1,6 @@ -From 292bd3fb22d5487b3deecd660d2ab8d0d24d0c82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Wed, 31 Jul 2013 17:32:35 +0200 -Subject: [PATCH] acpi_piix4: Fix migration from SLE11 SP2 +Subject: acpi_piix4: Fix migration from SLE11 SP2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0025-Fix-tigervnc-long-press-issue.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.235875631 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.235875631 +0100 @@ -1,7 +1,6 @@ -From 8616cd9931328170f8a4a3ecae6dda9d180601b8 Mon Sep 17 00:00:00 2001 From: Chunyan Liu <[email protected]> Date: Thu, 3 Mar 2016 16:48:17 +0800 -Subject: [PATCH] Fix tigervnc long press issue +Subject: Fix tigervnc long press issue Using xen tools 'xl vncviewer' with tigervnc (default on SLE-12), found that: the display of the guest is unexpected while keep ++++++ 0026-string-input-visitor-Fix-uint64-par.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.239875628 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.243875623 +0100 @@ -1,7 +1,6 @@ -From 259d16f0a869f9d2371036a20fb5ff19980e61b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Thu, 24 Sep 2015 19:21:11 +0200 -Subject: [PATCH] string-input-visitor: Fix uint64 parsing +Subject: string-input-visitor: Fix uint64 parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0027-test-string-input-visitor-Add-int-t.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.247875620 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.247875620 +0100 @@ -1,7 +1,6 @@ -From 1729f9280988abd42f94d5f9a4bae20febac90cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Thu, 24 Sep 2015 19:23:50 +0200 -Subject: [PATCH] test-string-input-visitor: Add int test case +Subject: test-string-input-visitor: Add int test case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0028-test-string-input-visitor-Add-uint6.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.251875615 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.255875611 +0100 @@ -1,7 +1,6 @@ -From 327e8a8a3e53dd39c6966dac5428e440ec376514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Thu, 24 Sep 2015 19:24:23 +0200 -Subject: [PATCH] test-string-input-visitor: Add uint64 test +Subject: test-string-input-visitor: Add uint64 test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0029-tests-Add-QOM-property-unit-tests.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.259875608 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.259875608 +0100 @@ -1,7 +1,6 @@ -From 310ea98c034bd4c957375b3ebb02b6d43e8d8c09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Sun, 6 Sep 2015 20:12:42 +0200 -Subject: [PATCH] tests: Add QOM property unit tests +Subject: tests: Add QOM property unit tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0030-tests-Add-scsi-disk-test.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.263875603 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.267875600 +0100 @@ -1,7 +1,6 @@ -From 3c695b87e039baa1539d8855aeda4ee072bc6a42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <[email protected]> Date: Fri, 25 Sep 2015 12:31:11 +0200 -Subject: [PATCH] tests: Add scsi-disk test +Subject: tests: Add scsi-disk test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ++++++ 0031-Switch-order-of-libraries-for-mpath.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.271875595 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.271875595 +0100 @@ -1,7 +1,6 @@ -From bd18c7118a50c88b572a0df2f7cc24562ea20767 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Fri, 3 Nov 2017 11:12:40 -0600 -Subject: [PATCH] Switch order of libraries for mpath support +Subject: Switch order of libraries for mpath support Signed-off-by: Bruce Rogers <[email protected]> --- ++++++ 0032-Make-installed-scripts-explicitly-p.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.275875592 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.275875592 +0100 @@ -1,7 +1,6 @@ -From fac5e1c088d083876e9a707e0f7e9d6d05d092c0 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Thu, 25 Jan 2018 14:16:10 -0700 -Subject: [PATCH] Make installed scripts explicitly python3 +Subject: Make installed scripts explicitly python3 We want to expliitly reference python3 in the scripts we install. ++++++ 0033-smbios-Add-1-terminator-if-any-stri.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.283875583 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.283875583 +0100 @@ -1,8 +1,6 @@ -From f6b18bb5a86c6bcff0589078e156c116fb3a95af Mon Sep 17 00:00:00 2001 From: Lin Ma <[email protected]> Date: Wed, 14 Mar 2018 14:31:26 +0800 -Subject: [PATCH] smbios: Add 1 terminator if any string fields defined in - given table. +Subject: smbios: Add 1 terminator if any string fields defined in given table. If user specifies smbios table files through qemu command line, Then will get error messages while decoding those table content in guest. ++++++ 0034-qemu-io-tests-comment-out-problemat.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.287875580 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.287875580 +0100 @@ -1,7 +1,6 @@ -From 9684904be240ac18d63e9b1e8f3293d80a028abe Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Fri, 6 Apr 2018 13:33:31 -0600 -Subject: [PATCH] qemu-io tests: comment out problematic block io tests issues +Subject: qemu-io tests: comment out problematic block io tests issues The following issues are seen: 153 - error resulting from failed to get "write" lock ++++++ 0035-tests-test-thread-pool-is-racy-add-.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.291875575 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.291875575 +0100 @@ -1,7 +1,6 @@ -From d58238438527d65192caa54feac77221880b3ba2 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Fri, 13 Apr 2018 11:46:47 -0600 -Subject: [PATCH] tests: test-thread-pool is racy - add some barriers +Subject: tests: test-thread-pool is racy - add some barriers I imagine there is more to be done to fix the memory consistency races here, but these added barriers at least let it pass on ppc64le, ++++++ 0036-xen-add-block-resize-support-for-xe.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.299875567 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.299875567 +0100 @@ -1,7 +1,6 @@ -From 197d3a02669dce7d0ac0207cea5c989cc12b391d Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Fri, 8 Jun 2018 11:04:36 -0600 -Subject: [PATCH] xen: add block resize support for xen disks +Subject: xen: add block resize support for xen disks Provide monitor naming of xen disks, and plumb guest driver notification through xenstore of resizing instigated via the ++++++ 0037-tests-qemu-iotests-Triple-timeout-o.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.303875564 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.303875564 +0100 @@ -1,7 +1,6 @@ -From ea96fb81295d2c6e5ed20201dc3c9583d2b8bb4c Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Tue, 20 Nov 2018 15:46:41 -0700 -Subject: [PATCH] tests/qemu-iotests: Triple timeout of i/o tests due to obs +Subject: tests/qemu-iotests: Triple timeout of i/o tests due to obs environment Executing tests in obs is very fickle, since you aren't guaranteed ++++++ 0038-tests-block-io-test-130-needs-some-.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.307875559 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.307875559 +0100 @@ -1,7 +1,6 @@ -From 20ab0810e2eab9dc47fab57bb1949e1a84c8cba5 Mon Sep 17 00:00:00 2001 From: Bruce Rogers <[email protected]> Date: Sun, 25 Nov 2018 18:01:36 -0700 -Subject: [PATCH] tests: block-io test 130 needs some delays +Subject: tests: block-io test 130 needs some delays I haven't figured out exactly the best solution, but we need some delays in this test. ++++++ 0039-xen_disk-Avoid-repeated-memory-allo.patch ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.315875551 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.315875551 +0100 @@ -1,7 +1,6 @@ -From f88c2f1b54da7a92420724189a6df37e6b3faed3 Mon Sep 17 00:00:00 2001 From: Tim Smith <[email protected]> Date: Fri, 2 Nov 2018 10:01:09 +0000 -Subject: [PATCH] xen_disk: Avoid repeated memory allocation +Subject: xen_disk: Avoid repeated memory allocation xen_disk currently allocates memory to hold the data for each ioreq as that ioreq is used, and frees it afterwards. Because it requires @@ -15,14 +14,14 @@ should actually improve memory usage. Signed-off-by: Tim Smith <[email protected]> -[BSC#1100408] +[BR: BSC#1100408] Signed-off-by: Bruce Rogers <[email protected]> --- - hw/block/xen_disk.c | 7 ++----- - 1 file changed, 2 insertions(+), 5 deletions(-) + hw/block/xen_disk.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c -index d9a55faf27..e9501ee34c 100644 +index d9a55faf27..df99162520 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -110,7 +110,6 @@ static void ioreq_reset(struct ioreq *ioreq) @@ -33,15 +32,17 @@ ioreq->size = 0; ioreq->presync = 0; -@@ -135,6 +134,7 @@ static struct ioreq *ioreq_start(struct XenBlkDev *blkdev) +@@ -135,6 +134,9 @@ static struct ioreq *ioreq_start(struct XenBlkDev *blkdev) /* allocate new struct */ ioreq = g_malloc0(sizeof(*ioreq)); ioreq->blkdev = blkdev; -+ ioreq->buf = qemu_memalign(XC_PAGE_SIZE, BLKIF_MAX_SEGMENTS_PER_REQUEST * XC_PAGE_SIZE); ++ ioreq->buf = qemu_memalign(XC_PAGE_SIZE, ++ BLKIF_MAX_SEGMENTS_PER_REQUEST * ++ XC_PAGE_SIZE); blkdev->requests_total++; qemu_iovec_init(&ioreq->v, 1); } else { -@@ -317,14 +317,12 @@ static void qemu_aio_complete(void *opaque, int ret) +@@ -317,14 +319,12 @@ static void qemu_aio_complete(void *opaque, int ret) if (ret == 0) { ioreq_grant_copy(ioreq); } @@ -56,7 +57,7 @@ break; default: break; -@@ -392,12 +390,10 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq) +@@ -392,12 +392,10 @@ static int ioreq_runio_qemu_aio(struct ioreq *ioreq) { struct XenBlkDev *blkdev = ioreq->blkdev; @@ -69,7 +70,7 @@ goto err; } -@@ -1007,6 +1003,7 @@ static int blk_free(struct XenDevice *xendev) +@@ -1007,6 +1005,7 @@ static int blk_free(struct XenDevice *xendev) ioreq = QLIST_FIRST(&blkdev->freelist); QLIST_REMOVE(ioreq, list); qemu_iovec_destroy(&ioreq->v); ++++++ 0040-xen-ignore-live-parameter-from-xen-.patch ++++++ From: Olaf Hering <[email protected]> Date: Tue, 8 Jan 2019 14:20:08 +0100 Subject: xen: ignore live parameter from xen-save-devices-state The final step of xl migrate|save for an HVM domU is saving the state of qemu. This also involves releasing all block devices. While releasing backends ought to be a separate step, such functionality is not implemented. Unfortunately, releasing the block devices depends on the optional 'live' option. This breaks offline migration with 'virsh migrate domU dom0' because the sending side does not release the disks, as a result the receiving side can not properly claim write access to the disks. As a minimal fix, remove the dependency on the 'live' option. Upstream may fix this in a different way, like removing the newly added 'live' parameter entirely. Fixes: 5d6c599fe1 ("migration, xen: Fix block image lock issue on live migration") Signed-off-by: Olaf Hering <[email protected]> [BSC#1079730, BSC#1101982, BSC#1063993] --- migration/savevm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migration/savevm.c b/migration/savevm.c index 9e45fb4f3f..47d4c51186 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -2602,7 +2602,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live, * So call bdrv_inactivate_all (release locks) here to let the other * side of the migration take controle of the images. */ - if (live && !saved_vm_running) { + if (!saved_vm_running) { ret = bdrv_inactivate_all(); if (ret) { error_setg(errp, "%s: bdrv_inactivate_all() failed (%d)", ++++++ 0041-vfio-ap-flag-as-compatible-with-bal.patch ++++++ From: Cornelia Huck <[email protected]> Date: Wed, 5 Dec 2018 15:35:03 +0100 Subject: vfio-ap: flag as compatible with balloon vfio-ap devices do not pin any pages in the host. Therefore, they are compatible with memory ballooning. Flag them as compatible, so both vfio-ap and a balloon can be used simultaneously. Cc: [email protected] Acked-by: Christian Borntraeger <[email protected]> Tested-by: Tony Krowiak <[email protected]> Reviewed-by: Halil Pasic <[email protected]> Signed-off-by: Cornelia Huck <[email protected]> (cherry picked from commit 1883e8fc8005e9ef452890a075bae98e8c432968) Signed-off-by: Bruce Rogers <[email protected]> --- hw/vfio/ap.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/vfio/ap.c b/hw/vfio/ap.c index 65de952f44..0a25f5e096 100644 --- a/hw/vfio/ap.c +++ b/hw/vfio/ap.c @@ -104,6 +104,14 @@ static void vfio_ap_realize(DeviceState *dev, Error **errp) vapdev->vdev.name = g_strdup_printf("%s", mdevid); vapdev->vdev.dev = dev; + /* + * vfio-ap devices operate in a way compatible with + * memory ballooning, as no pages are pinned in the host. + * This needs to be set before vfio_get_device() for vfio common to + * handle the balloon inhibitor. + */ + vapdev->vdev.balloon_allowed = true; + ret = vfio_get_device(vfio_group, mdevid, &vapdev->vdev, &local_err); if (ret) { goto out_get_dev_err; ++++++ 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch ++++++ From: Thomas Huth <[email protected]> Date: Fri, 14 Dec 2018 14:08:07 +0100 Subject: hw/s390x: Fix bad mask in time2tod() Since "s390x/tcg: avoid overflows in time2tod/tod2time", the time2tod() function tries to deal with the 9 uppermost bits in the time value, but uses the wrong mask for this: 0xff80000000000000 should be used instead of 0xff10000000000000 here. Fixes: 14055ce53c2d901d826ffad7fb7d6bb8ab46bdfd Cc: [email protected] Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> [CH: tweaked commit message] (cherry picked from commit aba7a5a2de3dba5917024df25441f715b9249e31) Signed-off-by: Cornelia Huck <[email protected]> Signed-off-by: Bruce Rogers <[email protected]> --- include/hw/s390x/tod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/s390x/tod.h b/include/hw/s390x/tod.h index 413c0d7c02..442f45b2f5 100644 --- a/include/hw/s390x/tod.h +++ b/include/hw/s390x/tod.h @@ -50,7 +50,7 @@ typedef struct S390TODClass { /* Converts ns to s390's clock format */ static inline uint64_t time2tod(uint64_t ns) { - return (ns << 9) / 125 + (((ns & 0xff10000000000000ull) / 125) << 9); + return (ns << 9) / 125 + (((ns & 0xff80000000000000ull) / 125) << 9); } /* Converts s390's clock format to ns */ ++++++ 0043-pcie-set-link-state-inactive-active.patch ++++++ From: Zheng Xiang <[email protected]> Date: Mon, 3 Dec 2018 15:05:17 +0800 Subject: pcie: set link state inactive/active after hot unplug/plug When VM boots from the latest version of linux kernel, after hot-unpluging virtio-blk disks which are hotplugged into pcie-root-port, the VM's dmesg log shows: [ 151.046242] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0001 from Slot Status [ 151.046365] pciehp 0000:00:05.0:pcie004: Slot(0-3): Attention button pressed [ 151.046369] pciehp 0000:00:05.0:pcie004: Slot(0-3): Powering off due to button press [ 151.046420] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 151.046425] pciehp 0000:00:05.0:pcie004: pciehp_green_led_blink: SLOTCTRL a8 write cmd 200 [ 151.046464] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 151.046468] pciehp 0000:00:05.0:pcie004: pciehp_set_attention_status: SLOTCTRL a8 write cmd c0 [ 156.163421] pciehp 0000:00:05.0:pcie004: pciehp_get_power_status: SLOTCTRL a8 value read 2f1 [ 156.163427] pciehp 0000:00:05.0:pcie004: pciehp_unconfigure_device: domain:bus:dev = 0000:06:00 [ 156.198736] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 156.198772] pciehp 0000:00:05.0:pcie004: pciehp_power_off_slot: SLOTCTRL a8 write cmd 400 [ 157.224124] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0018 from Slot Status [ 157.224194] pciehp 0000:00:05.0:pcie004: pciehp_green_led_off: SLOTCTRL a8 write cmd 300 [ 157.224220] pciehp 0000:00:05.0:pcie004: pciehp_check_link_active: lnk_status = 2011 [ 157.224223] pciehp 0000:00:05.0:pcie004: Slot(0-3): Link Up [ 157.224233] pciehp 0000:00:05.0:pcie004: pciehp_get_power_status: SLOTCTRL a8 value read 7f1 [ 157.224281] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 157.224285] pciehp 0000:00:05.0:pcie004: pciehp_power_on_slot: SLOTCTRL a8 write cmd 0 [ 157.224300] pciehp 0000:00:05.0:pcie004: __pciehp_link_set: lnk_ctrl = 0 [ 157.224336] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 157.224339] pciehp 0000:00:05.0:pcie004: pciehp_green_led_blink: SLOTCTRL a8 write cmd 200 [ 159.739294] pci 0000:06:00.0 id reading try 50 times with interval 20 ms to get ffffffff [ 159.739315] pciehp 0000:00:05.0:pcie004: pciehp_check_link_status: lnk_status = 2011 [ 159.739318] pciehp 0000:00:05.0:pcie004: Failed to check link status [ 159.739371] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 159.739394] pciehp 0000:00:05.0:pcie004: pciehp_power_off_slot: SLOTCTRL a8 write cmd 400 [ 160.771426] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 160.771452] pciehp 0000:00:05.0:pcie004: pciehp_green_led_off: SLOTCTRL a8 write cmd 300 [ 160.771495] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 160.771499] pciehp 0000:00:05.0:pcie004: pciehp_set_attention_status: SLOTCTRL a8 write cmd 40 [ 160.771535] pciehp 0000:00:05.0:pcie004: pending interrupts 0x0010 from Slot Status [ 160.771539] pciehp 0000:00:05.0:pcie004: pciehp_green_led_off: SLOTCTRL a8 write cmd 300 After analyzing the log information, it seems that qemu doesn't change the Link Status from active to inactive after hot-unplug. This results in the abnormal log after the linux kernel commit d331710ea78fea merged. Furthermore, If I hotplug the same virtio-blk disk after hot-unplug, the virtio-blk would turn on and then back off. So this patch set the Link Status inactive after hot-unplug and active after hot-plug. Signed-off-by: Zheng Xiang <[email protected]> Signed-off-by: Zheng Xiang <[email protected]> Cc: Wang Haibin <[email protected]> Cc: [email protected] Reviewed-by: Marcel Apfelbaum <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> (cherry picked from commit 2f2b18f60bf17453b4c01197a9316615a3c1f1de) Signed-off-by: Bruce Rogers <[email protected]> --- hw/pci/pcie.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c index 6c91bd44a0..66b73b87c8 100644 --- a/hw/pci/pcie.c +++ b/hw/pci/pcie.c @@ -345,6 +345,10 @@ void pcie_cap_slot_hotplug_cb(HotplugHandler *hotplug_dev, DeviceState *dev, if (!dev->hotplugged) { pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA, PCI_EXP_SLTSTA_PDS); + if (pci_dev->cap_present & QEMU_PCIE_LNKSTA_DLLLA) { + pci_word_test_and_set_mask(exp_cap + PCI_EXP_LNKSTA, + PCI_EXP_LNKSTA_DLLLA); + } return; } @@ -355,6 +359,10 @@ void pcie_cap_slot_hotplug_cb(HotplugHandler *hotplug_dev, DeviceState *dev, if (pci_get_function_0(pci_dev)) { pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA, PCI_EXP_SLTSTA_PDS); + if (pci_dev->cap_present & QEMU_PCIE_LNKSTA_DLLLA) { + pci_word_test_and_set_mask(exp_cap + PCI_EXP_LNKSTA, + PCI_EXP_LNKSTA_DLLLA); + } pcie_cap_slot_event(PCI_DEVICE(hotplug_dev), PCI_EXP_HP_EV_PDC | PCI_EXP_HP_EV_ABP); } @@ -531,6 +539,10 @@ void pcie_cap_slot_write_config(PCIDevice *dev, pci_word_test_and_clear_mask(exp_cap + PCI_EXP_SLTSTA, PCI_EXP_SLTSTA_PDS); + if (dev->cap_present & QEMU_PCIE_LNKSTA_DLLLA) { + pci_word_test_and_clear_mask(exp_cap + PCI_EXP_LNKSTA, + PCI_EXP_LNKSTA_DLLLA); + } pci_word_test_and_set_mask(exp_cap + PCI_EXP_SLTSTA, PCI_EXP_SLTSTA_PDC); } ++++++ 0044-pc-piix4-Update-smbus-I-O-space-aft.patch ++++++ From: Corey Minyard <[email protected]> Date: Mon, 26 Nov 2018 12:28:44 -0600 Subject: pc:piix4: Update smbus I/O space after a migration Otherwise it won't be set up correctly and won't work after miigration. Signed-off-by: Corey Minyard <[email protected]> Cc: Igor Mammedov <[email protected]> Cc: [email protected] Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> (cherry picked from commit 2b4e573c7c7b9a698ba6931ba456bbd8d3d8c84c) Signed-off-by: Bruce Rogers <[email protected]> --- hw/acpi/piix4.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c index b0bd10b3f9..fb3620e6c0 100644 --- a/hw/acpi/piix4.c +++ b/hw/acpi/piix4.c @@ -173,6 +173,7 @@ static int vmstate_acpi_post_load(void *opaque, int version_id) PIIX4PMState *s = opaque; pm_io_space_update(s); + smbus_io_space_update(s); return 0; } ++++++ 0045-hw-usb-fix-mistaken-de-initializati.patch ++++++ From: Gerd Hoffmann <[email protected]> Date: Wed, 9 Jan 2019 11:07:15 -0700 Subject: hw/usb: fix mistaken de-initialization of CCID state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Daniel P. Berrangé <[email protected]> In previous commit: commit 7dea29e4af17fc1d27478de9f8ea38144deac54a Author: Li Qiang <[email protected]> Date: Fri Oct 19 03:50:36 2018 -0700 hw: ccid-card-emulated: cleanup resource when realize in error path The emulated_realize method was changed so that it jumps to a cleanup label to de-initialize state upon error. This change failed to ensure the success path exited the method before this point though. So the mutexes are always destroyed even in normal operation. The result is as crashtastic as expected: $ qemu-system-x86_64 -usb -device usb-ccid,id=ccid0 -device ccid-card-emulated,backend=nss-emulated,id=smartcard0,bus=ccid0.0 qemu-system-x86_64: util/qemu-thread-posix.c:64: qemu_mutex_lock_impl: Assertion `mutex->initialized' failed. Aborted (core dumped) Fixes: 7dea29e4af1 Reported-by: Michael Tokarev <[email protected]> Signed-off-by: Daniel P. Berrangé <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Tested-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: Gerd Hoffmann <[email protected]> (cherry picked from commit 3fd2092fd11b9e4220a08eca0663cc59178a6c3f) Signed-off-by: Bruce Rogers <[email protected]> --- hw/usb/ccid-card-emulated.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/usb/ccid-card-emulated.c b/hw/usb/ccid-card-emulated.c index 25976ed84f..e0457d305b 100644 --- a/hw/usb/ccid-card-emulated.c +++ b/hw/usb/ccid-card-emulated.c @@ -549,6 +549,8 @@ static void emulated_realize(CCIDCardState *base, Error **errp) qemu_thread_create(&card->apdu_thread_id, "ccid/apdu", handle_apdu_thread, card, QEMU_THREAD_JOINABLE); + return; + out2: clean_event_notifier(card); out1: ++++++ 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch ++++++ From: Gerd Hoffmann <[email protected]> Date: Thu, 13 Dec 2018 13:25:11 +0100 Subject: usb-mtp: use O_NOFOLLOW and O_CLOEXEC. Open files and directories with O_NOFOLLOW to avoid symlinks attacks. While being at it also add O_CLOEXEC. usb-mtp only handles regular files and directories and ignores everything else, so users should not see a difference. Because qemu ignores symlinks, carrying out a successful symlink attack requires swapping an existing file or directory below rootdir for a symlink and winning the race against the inotify notification to qemu. Fixes: CVE-2018-16872 Cc: Prasad J Pandit <[email protected]> Cc: Bandan Das <[email protected]> Reported-by: Michael Hanselmann <[email protected]> Signed-off-by: Gerd Hoffmann <[email protected]> Reviewed-by: Michael Hanselmann <[email protected]> Message-id: [email protected] (cherry picked from commit bab9df35ce73d1c8e19a37e2737717ea1c984dc1) [BR: BSC#1119493] Signed-off-by: Bruce Rogers <[email protected]> --- hw/usb/dev-mtp.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 100b7171f4..36c43b8c20 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -653,13 +653,18 @@ static void usb_mtp_object_readdir(MTPState *s, MTPObject *o) { struct dirent *entry; DIR *dir; + int fd; if (o->have_children) { return; } o->have_children = true; - dir = opendir(o->path); + fd = open(o->path, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); + if (fd < 0) { + return; + } + dir = fdopendir(fd); if (!dir) { return; } @@ -1007,7 +1012,7 @@ static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c, trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path); - d->fd = open(o->path, O_RDONLY); + d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); if (d->fd == -1) { usb_mtp_data_free(d); return NULL; @@ -1031,7 +1036,7 @@ static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, c->argv[1], c->argv[2]); d = usb_mtp_data_alloc(c); - d->fd = open(o->path, O_RDONLY); + d->fd = open(o->path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); if (d->fd == -1) { usb_mtp_data_free(d); return NULL; @@ -1658,7 +1663,7 @@ static void usb_mtp_write_data(MTPState *s) 0, 0, 0, 0); goto done; } - d->fd = open(path, O_CREAT | O_WRONLY, mask); + d->fd = open(path, O_CREAT | O_WRONLY | O_CLOEXEC | O_NOFOLLOW, mask); if (d->fd == -1) { usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, 0, 0, 0, 0); ++++++ 0047-pvrdma-release-device-resources-in-.patch ++++++ From: Prasad J Pandit <[email protected]> Date: Wed, 12 Dec 2018 23:28:17 +0530 Subject: pvrdma: release device resources in case of an error If during pvrdma device initialisation an error occurs, pvrdma_realize() does not release memory resources, leading to memory leakage. Reported-by: Li Qiang <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Message-Id: <[email protected]> Reviewed-by: Yuval Shaia <[email protected]> Signed-off-by: Marcel Apfelbaum <[email protected]> (cherry picked from commit cce648613bc802be1b894227f7fd94d88476ea07) [BR: BSC#1119437] Signed-off-by: Bruce Rogers <[email protected]> --- hw/rdma/vmw/pvrdma_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c index ca5fa8d981..34d8cc4694 100644 --- a/hw/rdma/vmw/pvrdma_main.c +++ b/hw/rdma/vmw/pvrdma_main.c @@ -572,7 +572,7 @@ static int pvrdma_check_ram_shared(Object *obj, void *opaque) static void pvrdma_realize(PCIDevice *pdev, Error **errp) { - int rc; + int rc = 0; PVRDMADev *dev = PVRDMA_DEV(pdev); Object *memdev_root; bool ram_shared = false; @@ -632,6 +632,7 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp) out: if (rc) { + pvrdma_fini(pdev); error_append_hint(errp, "Device fail to load\n"); } } ++++++ 0048-rdma-check-num_sge-does-not-exceed-.patch ++++++ From: Prasad J Pandit <[email protected]> Date: Thu, 13 Dec 2018 01:00:34 +0530 Subject: rdma: check num_sge does not exceed MAX_SGE rdma back-end has scatter/gather array ibv_sge[MAX_SGE=4] set to have 4 elements. A guest could send a 'PvrdmaSqWqe' ring element with 'num_sge' set to > MAX_SGE, which may lead to OOB access issue. Add check to avoid it. Reported-by: Saar Amar <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Reviewed-by: Yuval Shaia <[email protected]> Signed-off-by: Marcel Apfelbaum <[email protected]> (cherry picked from commit 0e68373cc2b3a063ce067bc0cc3edaf370752890) [BR: BSC#1119840, modified complete_work() calls to be comp_handler()] Signed-off-by: Bruce Rogers <[email protected]> --- hw/rdma/rdma_backend.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c index d7a4bbd91f..0b3b98a94c 100644 --- a/hw/rdma/rdma_backend.c +++ b/hw/rdma/rdma_backend.c @@ -311,8 +311,8 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev, } pr_dbg("num_sge=%d\n", num_sge); - if (!num_sge) { - pr_dbg("num_sge=0\n"); + if (!num_sge || num_sge > MAX_SGE) { + pr_dbg("invalid num_sge=%d\n", num_sge); comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); return; } @@ -390,8 +390,8 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev, } pr_dbg("num_sge=%d\n", num_sge); - if (!num_sge) { - pr_dbg("num_sge=0\n"); + if (!num_sge || num_sge > MAX_SGE) { + pr_dbg("invalid num_sge=%d\n", num_sge); comp_handler(IBV_WC_GENERAL_ERR, VENDOR_ERR_NO_SGE, ctx); return; } ++++++ 0049-pvrdma-add-uar_read-routine.patch ++++++ From: Prasad J Pandit <[email protected]> Date: Thu, 13 Dec 2018 01:00:35 +0530 Subject: pvrdma: add uar_read routine Define skeleton 'uar_read' routine. Avoid NULL dereference. Reported-by: Li Qiang <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Reviewed-by: Marcel Apfelbaum <[email protected]> Signed-off-by: Marcel Apfelbaum <[email protected]> (cherry picked from commit 2aa86456fb938a11f2b7bd57c8643c213218681c) [BR: BSC#1119979 CVE-2018-20191] Signed-off-by: Bruce Rogers <[email protected]> --- hw/rdma/vmw/pvrdma_main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c index 34d8cc4694..c9d9631769 100644 --- a/hw/rdma/vmw/pvrdma_main.c +++ b/hw/rdma/vmw/pvrdma_main.c @@ -455,6 +455,11 @@ static const MemoryRegionOps regs_ops = { }, }; +static uint64_t uar_read(void *opaque, hwaddr addr, unsigned size) +{ + return 0xffffffff; +} + static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) { PVRDMADev *dev = opaque; @@ -496,6 +501,7 @@ static void uar_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) } static const MemoryRegionOps uar_ops = { + .read = uar_read, .write = uar_write, .endianness = DEVICE_LITTLE_ENDIAN, .impl = { ++++++ 0050-pvrdma-check-number-of-pages-when-c.patch ++++++ From: Prasad J Pandit <[email protected]> Date: Thu, 13 Dec 2018 01:00:36 +0530 Subject: pvrdma: check number of pages when creating rings When creating CQ/QP rings, an object can have up to PVRDMA_MAX_FAST_REG_PAGES 8 pages. Check 'npages' parameter to avoid excessive memory allocation or a null dereference. Reported-by: Li Qiang <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Reviewed-by: Yuval Shaia <[email protected]> Signed-off-by: Marcel Apfelbaum <[email protected]> (cherry picked from commit 2c858ce5da8ae6689c75182b73bc455a291cad41) [BR: BSC#1119989 CVE-2018-20125] Signed-off-by: Bruce Rogers <[email protected]> --- hw/rdma/vmw/pvrdma_cmd.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c index 4faeb21631..ce2514aacb 100644 --- a/hw/rdma/vmw/pvrdma_cmd.c +++ b/hw/rdma/vmw/pvrdma_cmd.c @@ -261,6 +261,11 @@ static int create_cq_ring(PCIDevice *pci_dev , PvrdmaRing **ring, int rc = -EINVAL; char ring_name[MAX_RING_NAME_SZ]; + if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) { + pr_dbg("invalid nchunks: %d\n", nchunks); + return rc; + } + pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma); dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE); if (!dir) { @@ -377,6 +382,12 @@ static int create_qp_rings(PCIDevice *pci_dev, uint64_t pdir_dma, char ring_name[MAX_RING_NAME_SZ]; uint32_t wqe_sz; + if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES + || !rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES) { + pr_dbg("invalid pages: %d, %d\n", spages, rpages); + return rc; + } + pr_dbg("pdir_dma=0x%llx\n", (long long unsigned int)pdir_dma); dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE); if (!dir) { ++++++ 0051-pvrdma-check-return-value-from-pvrd.patch ++++++ From: Prasad J Pandit <[email protected]> Date: Thu, 13 Dec 2018 01:00:39 +0530 Subject: pvrdma: check return value from pvrdma_idx_ring_has_ routines pvrdma_idx_ring_has_[data/space] routines also return invalid index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check return value from these routines to avoid plausible infinite loops. Reported-by: Li Qiang <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Reviewed-by: Yuval Shaia <[email protected]> Signed-off-by: Marcel Apfelbaum <[email protected]> (cherry picked from commit f1e2e38ee0136b7710a2caa347049818afd57a1b) [BR: BSC#1119984 CVE-2018-20216] Signed-off-by: Bruce Rogers <[email protected]> --- hw/rdma/vmw/pvrdma_dev_ring.c | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c index 01247fc041..e8e5b502f6 100644 --- a/hw/rdma/vmw/pvrdma_dev_ring.c +++ b/hw/rdma/vmw/pvrdma_dev_ring.c @@ -73,23 +73,16 @@ out: void *pvrdma_ring_next_elem_read(PvrdmaRing *ring) { + int e; unsigned int idx = 0, offset; - /* - pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail, - ring->ring_state->cons_head); - */ - - if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) { + e = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx); + if (e <= 0) { pr_dbg("No more data in ring\n"); return NULL; } offset = idx * ring->elem_sz; - /* - pr_dbg("idx=%d\n", idx); - pr_dbg("offset=%d\n", offset); - */ return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE); } @@ -105,20 +98,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring) void *pvrdma_ring_next_elem_write(PvrdmaRing *ring) { - unsigned int idx, offset, tail; + int idx; + unsigned int offset, tail; - /* - pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail, - ring->ring_state->cons_head); - */ - - if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) { + idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail); + if (idx <= 0) { pr_dbg("CQ is full\n"); return NULL; } idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems); - /* TODO: tail == idx */ + if (idx < 0 || tail != idx) { + pr_dbg("invalid idx\n"); + return NULL; + } offset = idx * ring->elem_sz; return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE); ++++++ 0052-pvrdma-release-ring-object-in-case-.patch ++++++ From: Prasad J Pandit <[email protected]> Date: Thu, 13 Dec 2018 01:00:37 +0530 Subject: pvrdma: release ring object in case of an error create_cq and create_qp routines allocate ring object, but it's not released in case of an error, leading to memory leakage. Reported-by: Li Qiang <[email protected]> Signed-off-by: Prasad J Pandit <[email protected]> Reviewed-by: Yuval Shaia <[email protected]> Signed-off-by: Marcel Apfelbaum <[email protected]> (cherry picked from commit 509f57c98e7536905bb4902363d0cba66ce7e089) [BR: BSC#1119991 CVE-2018-20126] Signed-off-by: Bruce Rogers <[email protected]> --- hw/rdma/vmw/pvrdma_cmd.c | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c index ce2514aacb..51da4a1c40 100644 --- a/hw/rdma/vmw/pvrdma_cmd.c +++ b/hw/rdma/vmw/pvrdma_cmd.c @@ -315,6 +315,14 @@ out: return rc; } +static void destroy_cq_ring(PvrdmaRing *ring) +{ + pvrdma_ring_free(ring); + /* ring_state was in slot 1, not 0 so need to jump back */ + rdma_pci_dma_unmap(ring->dev, --ring->ring_state, TARGET_PAGE_SIZE); + g_free(ring); +} + static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, union pvrdma_cmd_resp *rsp) { @@ -338,6 +346,9 @@ static int create_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, resp->hdr.err = rdma_rm_alloc_cq(&dev->rdma_dev_res, &dev->backend_dev, cmd->cqe, &resp->cq_handle, ring); + if (resp->hdr.err) { + destroy_cq_ring(ring); + } resp->cqe = cmd->cqe; out: @@ -361,10 +372,7 @@ static int destroy_cq(PVRDMADev *dev, union pvrdma_cmd_req *req, } ring = (PvrdmaRing *)cq->opaque; - pvrdma_ring_free(ring); - /* ring_state was in slot 1, not 0 so need to jump back */ - rdma_pci_dma_unmap(PCI_DEVICE(dev), --ring->ring_state, TARGET_PAGE_SIZE); - g_free(ring); + destroy_cq_ring(ring); rdma_rm_dealloc_cq(&dev->rdma_dev_res, cmd->cq_handle); @@ -462,6 +470,17 @@ out: return rc; } +static void destroy_qp_rings(PvrdmaRing *ring) +{ + pr_dbg("sring=%p\n", &ring[0]); + pvrdma_ring_free(&ring[0]); + pr_dbg("rring=%p\n", &ring[1]); + pvrdma_ring_free(&ring[1]); + + rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE); + g_free(ring); +} + static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, union pvrdma_cmd_resp *rsp) { @@ -492,6 +511,10 @@ static int create_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, cmd->max_send_sge, cmd->send_cq_handle, cmd->max_recv_wr, cmd->max_recv_sge, cmd->recv_cq_handle, rings, &resp->qpn); + if (resp->hdr.err) { + destroy_qp_rings(rings); + return resp->hdr.err; + } resp->max_send_wr = cmd->max_send_wr; resp->max_recv_wr = cmd->max_recv_wr; @@ -566,13 +589,7 @@ static int destroy_qp(PVRDMADev *dev, union pvrdma_cmd_req *req, rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle); ring = (PvrdmaRing *)qp->opaque; - pr_dbg("sring=%p\n", &ring[0]); - pvrdma_ring_free(&ring[0]); - pr_dbg("rring=%p\n", &ring[1]); - pvrdma_ring_free(&ring[1]); - - rdma_pci_dma_unmap(PCI_DEVICE(dev), ring->ring_state, TARGET_PAGE_SIZE); - g_free(ring); + destroy_qp_rings(ring); return 0; } ++++++ 0053-block-Fix-hangs-in-synchronous-APIs.patch ++++++ ++++ 637 lines (skipped) ++++++ qemu-linux-user.spec.in ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.483875382 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.483875382 +0100 @@ -1,7 +1,7 @@ # # spec file for package qemu-linux-user # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ qemu.spec.in ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.515875350 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.519875346 +0100 @@ -1,7 +1,7 @@ # # spec file for package qemu # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ update_git.sh ++++++ --- /var/tmp/diff_new_pack.bwjiBk/_old 2019-01-11 14:04:14.603875262 +0100 +++ /var/tmp/diff_new_pack.bwjiBk/_new 2019-01-11 14:04:14.603875262 +0100 @@ -76,15 +76,14 @@ echo "Warning: No tarball found" fi -if [[ $QEMU_TARBALL =~ $BASE_RE$EXTRA_RE$SUFFIX_RE ]]; then - OLD_COMMIT_ISH=${BASH_REMATCH[3]} -else - #Assume release (or release candidate) tarball with equivalent tag: - OLD_COMMIT_ISH=$(cd $GIT_LOCAL_TREE && git rev-list --abbrev-commit \ - --abbrev=9 -1 v$OLD_SOURCE_VERSION_AND_EXTRA) -fi - if [ "$GIT_UPSTREAM_COMMIT_ISH" = "LATEST" ]; then + if [[ $QEMU_TARBALL =~ $BASE_RE$EXTRA_RE$SUFFIX_RE ]]; then + OLD_COMMIT_ISH=${BASH_REMATCH[3]} + else + #Assume release (or release candidate) tarball with equivalent tag: + OLD_COMMIT_ISH=$(cd $GIT_LOCAL_TREE && git rev-list --abbrev-commit \ + --abbrev=9 -1 v$OLD_SOURCE_VERSION_AND_EXTRA) + fi if [ ${#QEMU_TARBALL_SIG[@]} -ne 0 ]; then echo "INFO: Ignoring signature file: $QEMU_TARBALL_SIG" QEMU_TARBALL_SIG= @@ -213,8 +212,9 @@ WRITE_LOG=1 fi -(cd $GIT_DIR && git format-patch -N --stat=72 --indent-heuristic \ - $GIT_UPSTREAM_COMMIT_ISH --suffix= -o $CMP_DIR --no-renames >/dev/null) +(cd $GIT_DIR && git format-patch -N --suffix= --no-renames -o $CMP_DIR -k \ + --stat=72 --indent-heuristic --zero-commit --no-signature \ + $GIT_UPSTREAM_COMMIT_ISH >/dev/null) check_patch() { @@ -237,14 +237,10 @@ shopt -s nullglob - # Process patches to eliminate useless differences: limit file names to 40 - # chars before extension and remove git signature. ('30' below gets us past - # dir prefix) + # limit patch base file name to 40 chars ('30' is for path length) for i in $CMP_DIR/*; do - # format-patch may append a signature, which per default contains the - # git version. wipe everything starting from the signature tag - sed '/^-- $/Q' $i > $CMP_DIR/${i:30:40}.patch - rm $i + tail -n +2 $i > $CMP_DIR/${i:30:40}.patch + rm $i done for i in 0???-*.patch; do @@ -277,7 +273,7 @@ rm -f checkpatch.pl if [ -s checkpatch.log ]; then echo "WARNING: Issues reported by qemu patch checker. Please handle" \ - "ERRORS now:" + "ERROR items now:" cat checkpatch.log fi rm -f checkpatch.log @@ -316,8 +312,8 @@ elif [[ "$line" =~ ^Source: ]]; then echo "$line" if [ ${#QEMU_TARBALL_SIG[@]} -eq 1 ]; then - # We assume the signature file is right - echo "$(echo $line|sed 's/^Source*/&99/').sig" + # We assume the signature file corresponds - just add .sig + echo "$line.sig"|sed 's/^Source: /Source99:/' fi elif [ "$line" = "SEABIOS_VERSION" ]; then echo "Version: $SEABIOS_VERSION" @@ -372,8 +368,12 @@ sed -i 's/^# spec file for package qemu/&-testsuite/' qemu-testsuite.spec if [ "$1" = "-f" ]; then - echo "running osc service to format spec file" - osc service localrun format_spec_file + if [ "$(rpm -q --queryformat '%{VERSION}' obs-service-format_spec_file)" -lt "20180820" ]; then + echo "WARNING! Not running osc format-spec-file service - recent obs package needed" + else + echo "running osc service to format spec file" + osc service localrun format_spec_file + fi else echo "note: not running osc format_spec_file service. If desired, pass -f" fi
