Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: 201c9701f58cd02e86de249d9dcf01dfc71c4cb1
https://github.com/qemu/qemu/commit/201c9701f58cd02e86de249d9dcf01dfc71c4cb1
Author: Klaus Jensen <k.jen...@samsung.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: clean up confusing use of errp/local_err
Remove an unnecessary local Error value in nvme_realize(). In the
process, change nvme_check_constraints() to return a bool.
Reviewed-by: Markus Armbruster <arm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Klaus Jensen <k.jen...@samsung.com>
(cherry picked from commit 784fd35387e9e6b42e3f365ddf44263eb25de8f7)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: needed for v8.2.0-2319-gfa905f65c5
"hw/nvme: add machine compatibility parameter to enable msix exclusive bar")
Commit: 5c3889be15676d7071d5458c1f055bf0871c4300
https://github.com/qemu/qemu/commit/5c3889be15676d7071d5458c1f055bf0871c4300
Author: Klaus Jensen <k.jen...@samsung.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: cleanup error reporting in nvme_init_pci()
Replace the local Error variable with errp and ERRP_GUARD() and change
the return value to bool.
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Klaus Jensen <k.jen...@samsung.com>
(cherry picked from commit 973f76cf7743545a5d8a0a8bfdfe2cd02aa3e238)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: needed for v8.2.0-2319-gfa905f65c5
"hw/nvme: add machine compatibility parameter to enable msix exclusive bar")
Commit: 424e6209e51f244110ebf02e409cf0278f8b11c0
https://github.com/qemu/qemu/commit/424e6209e51f244110ebf02e409cf0278f8b11c0
Author: Minwoo Im <minwoo...@samsung.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: separate 'serial' property for VFs
Currently, when a VF is created, it uses the 'params' object of the PF
as it is. In other words, the 'params.serial' string memory area is also
shared. In this situation, if the VF is removed from the system, the
PF's 'params.serial' object is released with object_finalize() followed
by object_property_del_all() which release the memory for 'serial'
property. If that happens, the next VF created will inherit a serial
from a corrupted memory area.
If this happens, an error will occur when comparing subsys->serial and
n->params.serial in the nvme_subsys_register_ctrl() function.
Cc: qemu-sta...@nongnu.org
Fixes: 44c2c09488db ("hw/nvme: Add support for SR-IOV")
Signed-off-by: Minwoo Im <minwoo...@samsung.com>
Reviewed-by: Klaus Jensen <k.jen...@samsung.com>
Signed-off-by: Klaus Jensen <k.jen...@samsung.com>
(cherry picked from commit 4f0a4a3d5854824e5c5eccf353d4a1f4f749a29d)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 6a5d6849d13dd453fad18d516ca9531642204aaa
https://github.com/qemu/qemu/commit/6a5d6849d13dd453fad18d516ca9531642204aaa
Author: Klaus Jensen <k.jen...@samsung.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: generalize the mbar size helper
Generalize the mbar size helper such that it can handle cases where the
MSI-X table and PBA are expected to be in an exclusive bar.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Jesper Wendel Devantier <f...@defmacro.it>
Signed-off-by: Klaus Jensen <k.jen...@samsung.com>
(cherry picked from commit ee7bda4d38cda3eaf114c850a723dd12e23d3abc)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 0b7ccfd1d228f905099079e67f18c04d21a9f97b
https://github.com/qemu/qemu/commit/0b7ccfd1d228f905099079e67f18c04d21a9f97b
Author: Klaus Jensen <k.jen...@samsung.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/core/machine.c
M hw/nvme/ctrl.c
M hw/nvme/nvme.h
Log Message:
-----------
hw/nvme: add machine compatibility parameter to enable msix exclusive bar
Commit 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0")
moved the MSI-X table and PBA to BAR 0 to make room for enabling CMR and
PMR at the same time. As reported by Julien Grall in #2184, this breaks
migration through system hibernation.
Add a machine compatibility parameter and set it on machines pre 6.0 to
enable the old behavior automatically, restoring the hibernation
migration support.
Cc: qemu-sta...@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2184
Fixes: 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0")
Reported-by: Julien Grall jul...@xen.org
Tested-by: Julien Grall jul...@xen.org
Reviewed-by: Jesper Wendel Devantier <f...@defmacro.it>
Signed-off-by: Klaus Jensen <k.jen...@samsung.com>
(cherry picked from commit fa905f65c5549703279f68c253914799b10ada47)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: e00b062da7bbf642378e3379387801effe17349f
https://github.com/qemu/qemu/commit/e00b062da7bbf642378e3379387801effe17349f
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/pci/pcie_sriov.c
M include/hw/pci/pcie_sriov.h
Log Message:
-----------
pcie: Introduce pcie_sriov_num_vfs
igb can use this function to change its behavior depending on the
number of virtual functions currently enabled.
Signed-off-by: Gal Hammer <gal.ham...@sap.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelb...@gmail.com>
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Jason Wang <jasow...@redhat.com>
(cherry picked from commit 31180dbdca2859ae9841939f85158908453ea01d)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: needed for v8.2.0-2290-g91bb64a8d2
"hw/nvme: Use pcie_sriov_num_vfs()" (CVE-2024-26328))
Commit: 3f7892be2404335b1ff94902727612e4df47ae58
https://github.com/qemu/qemu/commit/3f7892be2404335b1ff94902727612e4df47ae58
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: Use pcie_sriov_num_vfs()
nvme_sriov_pre_write_ctrl() used to directly inspect SR-IOV
configurations to know the number of VFs being disabled due to SR-IOV
configuration writes, but the logic was flawed and resulted in
out-of-bound memory access.
It assumed PCI_SRIOV_NUM_VF always has the number of currently enabled
VFs, but it actually doesn't in the following cases:
- PCI_SRIOV_NUM_VF has been set but PCI_SRIOV_CTRL_VFE has never been.
- PCI_SRIOV_NUM_VF was written after PCI_SRIOV_CTRL_VFE was set.
- VFs were only partially enabled because of realization failure.
It is a responsibility of pcie_sriov to interpret SR-IOV configurations
and pcie_sriov does it correctly, so use pcie_sriov_num_vfs(), which it
provides, to get the number of enabled VFs before and after SR-IOV
configuration writes.
Cc: qemu-sta...@nongnu.org
Fixes: CVE-2024-26328
Fixes: 11871f53ef8e ("hw/nvme: Add support for the Virtualization Management
command")
Suggested-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Message-Id: <20240228-reuse-v8-1-282660281...@daynix.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit 91bb64a8d2014fda33a81fcf0fce37340f0d3b0c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 309051ac4028547d8d7647262e79d16c667976fe
https://github.com/qemu/qemu/commit/309051ac4028547d8d7647262e79d16c667976fe
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/pci/pcie_sriov.c
Log Message:
-----------
pcie_sriov: Validate NumVFs
The guest may write NumVFs greater than TotalVFs and that can lead
to buffer overflow in VF implementations.
Cc: qemu-sta...@nongnu.org
Fixes: CVE-2024-26327
Fixes: 7c0fa8dff811 ("pcie: Add support for Single Root I/O Virtualization
(SR/IOV)")
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Message-Id: <20240228-reuse-v8-2-282660281...@daynix.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnara...@ericsson.com>
(cherry picked from commit 6081b4243cd64dff1b2cf5b0c215c71e9d7e753b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 04b3d34d5c4204501a3cc10ad13bc24aaf9a5afb
https://github.com/qemu/qemu/commit/04b3d34d5c4204501a3cc10ad13bc24aaf9a5afb
Author: Jonathan Cameron <jonathan.came...@huawei.com>
Date: 2024-03-14 (Thu, 14 Mar 2024)
Changed paths:
M hw/acpi/hmat.c
Log Message:
-----------
hmat acpi: Fix out of bounds access due to missing use of indirection
With a numa set up such as
-numa nodeid=0,cpus=0 \
-numa nodeid=1,memdev=mem \
-numa nodeid=2,cpus=1
and appropriate hmat_lb entries the initiator list is correctly
computed and writen to HMAT as 0,2 but then the LB data is accessed
using the node id (here 2), landing outside the entry_list array.
Stash the reverse lookup when writing the initiator list and use
it to get the correct array index index.
Fixes: 4586a2cb83 ("hmat acpi: Build System Locality Latency and Bandwidth
Information Structure(s)")
Signed-off-by: Jonathan Cameron <jonathan.came...@huawei.com>
Message-Id: <20240307160326.31570-3-jonathan.came...@huawei.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit 74e2845c5f95b0c139c79233ddb65bb17f2dd679)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/f90ce5281bd1...04b3d34d5c42
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
