Quoting Michael Roth (2020-06-16 09:14:29) > Hi everyone, > > The following new patches are queued for QEMU stable v4.2.1: > > https://github.com/mdroth/qemu/commits/stable-4.2-staging > > The release is planned for 2020-06-25: > > https://wiki.qemu.org/Planning/4.2 > > Due to delays on my part this release is going out beyond the normal > ~4 month support window. v5.0.1 is scheduled to be released as normal. > > Please respond here or CC qemu-sta...@nongnu.org on any additional patches > you think should be included in the release.
The following additional patches have been added to the staging tree: iotests/283: Use consistent size for source and target Fix tulip breakage tcg/mips: mips sync* encode error target/xtensa: fix pasto in pfwait.r opcode name vpc: Don't round up already aligned BAT sizes spapr: Fix failure path for attempting to hot unplug PCI bridges net: tulip: check frame size and r/w data length sheepdog: Consistently set bdrv_has_zero_init_truncate qcow2: List autoclear bit names in header migration/ram: fix use after free of local_err migration/colo: fix use after free of local_err hmp/vnc: Fix info vnc list leak block: bdrv_set_backing_bs: fix use-after-free block: Avoid memleak on qcow2 image info failure ppc/ppc405_boards: Remove unnecessary NULL check iotests: Fix nonportable use of od --endian pc-bios: s390x: Save iplb location in lowcore hw/arm/cubieboard: use ARM Cortex-A8 as the default CPU in machine definition vhost-user-blk: delete virtioqueues in unrealize to fix memleaks virtio-crypto: do delete ctrl_vq in virtio_crypto_device_unrealize virtio-pmem: do delete rq_vq in virtio_pmem_unrealize target/arm: Correct definition of PMCRDP block: Fix VM size field width in snapshot dump block: fix crash on zero-length unaligned write and read target/arm/monitor: query-cpu-model-expansion crashed qemu when using machine type none iotests: add test for backup-top failure on permission activation block/backup-top: fix failure path block: fix memleaks in bdrv_refresh_filename target/arm: fix TCG leak for fcvt half->double audio/oss: fix buffer pos calculation hw/intc/arm_gicv3_kvm: Stop wrongly programming GICR_PENDBASER.PTZ bit tpm-ppi: page-align PPI RAM block/backup: fix memory leak in bdrv_backup_top_append() s390x: adapter routes error handling target/i386: kvm: initialize feature MSRs very early target/arm: Fix PAuth sbox functions m68k: Fix regression causing Single-Step via GDB/RSP to not single step Revert "vnc: allow fall back to RAW encoding" migration: Rate limit inside host pages runstate: ignore finishmigrate -> prelaunch transition target/arm: Return correct IL bit in merge_syn_data_abort migration-test: ppc64: fix FORTH test program blkdebug: Allow taking/unsharing permissions block: Add bdrv_qapi_perm_to_blk_perm() hw/arm/smmuv3: Report F_STE_FETCH fault address in correct word position hw/arm/smmuv3: Use correct bit positions in EVT_SET_ADDR2 macro hw/arm/smmuv3: Align stream table base address to table size hw/arm/smmuv3: Check stream IDs against actual table LOG2SIZE hw/arm/smmuv3: Correct SMMU_BASE_ADDR_MASK value hw/arm/smmuv3: Apply address mask to linear strtab base address display/bochs-display: fix memory leak vhost-user-gpu: Drop trailing json comma iotests: Fix IMGOPTSSYNTAX for nbd Fix double free issue in qemu_set_log_filename(). Revert "qemu-options.hx: Update for reboot-timeout parameter" iotests/026: Move v3-exclusive test to new file dp8393x: Mask EOL bit from descriptor addresses, take 2 slirp: update to fix CVE-2020-1983 kvm: Reallocate dirty_bmap when we change a slot es1370: check total frame count against current frame ati-vga: check mm_index before recursive call (CVE-2020-13800) ati-vga: Fix checks in ati_2d_blt() to avoid crash iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) target/i386: do not set unsupported VMX secondary execution controls target/riscv: update mstatus.SD when FS is set dirty target/riscv: fsd/fsw doesn't dirty FP state target/riscv: Fix tb->flags FS status riscv: Set xPIE to 1 after xRET riscv/sifive_u: fix a memory leak in soc_realize() tests: fix modules-test 'duplicate test case' error Thanks everyone for the suggestions. > > Thanks! > > > ---------------------------------------------------------------- > Alex Bennée (2): > target/arm: ensure we use current exception state after SCR update > tcg: save vaddr temp for plugin usage > > Alexander Popov (2): > tests/ide-test: Create a single unit-test covering more PRDT cases > ide: Fix incorrect handling of some PRDTs in ide_dma_cb() > > Anthony PERARD (1): > xen-block: Fix double qlist remove and request leak > > Basil Salman (2): > qga: Installer: Wait for installation to finish > qga-win: prevent crash when executing guest-file-read with large count > > Christian Borntraeger (1): > s390/sclp: improve special wait psw logic > > Christophe de Dinechin (1): > scsi/qemu-pr-helper: Fix out-of-bounds access to trnptid_list[] > > Cornelia Huck (1): > compat: disable edid on correct virtio-gpu device > > Daniel P. Berrangé (1): > qapi: better document NVMe blockdev @device parameter > > David Hildenbrand (3): > virtio-balloon: fix free page hinting without an iothread > virtio-balloon: fix free page hinting check on unrealize > virtio-balloon: unref the iothread when unrealizing > > Denis Plotnikov (1): > virtio-mmio: update queue size on guest write > > Eduardo Habkost (1): > i386: Resolve CPU models to v1 by default > > Emilio G. Cota (1): > plugins/core: add missing break in cb_to_tcg_flags > > Eric Blake (3): > qga: Fix undefined C behavior > nbd/server: Avoid long error message assertions CVE-2020-10761 > block: Call attention to truncation of long NBD exports > > Finn Thain (14): > dp8393x: Mask EOL bit from descriptor addresses > dp8393x: Always use 32-bit accesses > dp8393x: Clean up endianness hacks > dp8393x: Have dp8393x_receive() return the packet size > dp8393x: Update LLFA and CRDA registers from rx descriptor > dp8393x: Clear RRRA command register bit only when appropriate > dp8393x: Implement packet size limit and RBAE interrupt > dp8393x: Don't clobber packet checksum > dp8393x: Use long-word-aligned RRA pointers in 32-bit mode > dp8393x: Pad frames to word or long word boundary > dp8393x: Clear descriptor in_use field to release packet > dp8393x: Always update RRA pointers and sequence numbers > dp8393x: Don't reset Silicon Revision register > dp8393x: Don't stop reception upon RBE interrupt assertion > > Greg Kurz (1): > 9p: Lock directory streams with a CoMutex > > Igor Mammedov (3): > numa: remove not needed check > numa: properly check if numa is supported > hostmem: don't use mbind() if host-nodes is empty > > Kevin Wolf (4): > block: Activate recursively even for already active nodes > qcow2: update_refcount(): Reset old_table_index after qcow2_cache_put() > qcow2: Fix qcow2_alloc_cluster_abort() for external data file > iotests: Test copy offloading with external data file > > Li Hangjing (1): > virtio-blk: fix out-of-bounds access to bitmap in notify_guest_bh > > Liu Yi L (2): > intel_iommu: a fix to vtd_find_as_from_bus_num() > intel_iommu: add present bit check for pasid table entries > > Max Reitz (4): > backup-top: Begin drain earlier > qcow2: Fix alloc_cluster_abort() for pre-existing clusters > iotests/026: Test EIO on preallocated zero cluster > iotests/026: Test EIO on allocation in a data-file > > Michael S. Tsirkin (3): > virtio: update queue size on guest write > virtio: add ability to delete vq through a pointer > virtio: make virtio_delete_queue idempotent > > Nicholas Piggin (1): > target/ppc: Fix mtmsr(d) L=1 variant that loses interrupts > > Niek Linnenbank (2): > arm/arm-powerctl: set NSACR.{CP11, CP10} bits in arm_set_cpu_on() > arm/arm-powerctl: rebuild hflags after setting CP15 bits in > arm_set_cpu_on() > > Pan Nengyuan (2): > block/nbd: extract the common cleanup code > block/nbd: fix memory leak in nbd_open() > > Peter Maydell (2): > hw/i386/amd_iommu.c: Fix corruption of log events passed to guest > dump: Fix writing of ELF section > > Peter Wu (1): > hw/i386/pc: fix regression in parsing vga cmdline parameter > > Peter Xu (1): > vfio/pci: Don't remove irqchip notifier if not registered > > Philippe Mathieu-Daudé (1): > vhost-user-gpu: Release memory returned by vu_queue_pop() with free() > > Raphael Pour (1): > qemu-nbd: Close inherited stderr > > Richard Henderson (3): > target/arm: Set ISSIs16Bit in make_issinfo > tcg/i386: Fix INDEX_op_dup2_vec > target/arm: Clear tail in gvec_fmul_idx_*, gvec_fmla_idx_* > > Sameeh Jubran (1): > qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error > > Stefan Hajnoczi (2): > virtio: gracefully handle invalid region caches > qemu-ga: document vsock-listen in the man page > > Thomas Huth (1): > net: Do not include a newline in the id of -nic devices > > Vitaly Chikunov (1): > target/ppc: Fix rlwinm on ppc64 > > Vladimir Sementsov-Ogievskiy (5): > qcow2-bitmaps: fix qcow2_can_store_new_dirty_bitmap > block/qcow2-threads: fix qcow2_decompress > job: refactor progress to separate object > block/block-copy: fix progress calculation > block/io: fix bdrv_co_do_copy_on_readv > > Yuri Benditovich (2): > virtio: reset region cache when on queue deletion > virtio-net: delete also control queue when TX/RX deleted > > backends/hostmem.c | 6 +- > block.c | 57 +++++------ > block/backup-top.c | 4 +- > block/backup.c | 13 +-- > block/block-copy.c | 16 ++- > block/io.c | 2 +- > block/nbd.c | 48 +++++---- > block/qcow2-bitmap.c | 41 ++++---- > block/qcow2-cluster.c | 7 +- > block/qcow2-refcount.c | 1 + > block/qcow2-threads.c | 12 ++- > blockjob.c | 16 +-- > contrib/vhost-user-gpu/main.c | 4 +- > contrib/vhost-user-gpu/virgl.c | 2 +- > docs/interop/qemu-ga.rst | 5 +- > dump/dump.c | 2 +- > hw/9pfs/9p.h | 8 +- > hw/arm/sbsa-ref.c | 1 - > hw/block/dataplane/virtio-blk.c | 2 +- > hw/block/dataplane/xen-block.c | 48 +++------ > hw/core/machine.c | 6 +- > hw/core/numa.c | 7 +- > hw/i386/amd_iommu.c | 2 +- > hw/i386/intel_iommu.c | 93 +++++++++++++---- > hw/i386/intel_iommu_internal.h | 1 + > hw/i386/x86.c | 8 +- > hw/ide/core.c | 30 ++++-- > hw/net/dp8393x.c | 200 > ++++++++++++++++++++++++------------- > hw/net/virtio-net.c | 3 +- > hw/vfio/pci.c | 4 +- > hw/virtio/virtio-balloon.c | 36 +++---- > hw/virtio/virtio-mmio.c | 3 +- > hw/virtio/virtio-pci.c | 2 + > hw/virtio/virtio.c | 116 ++++++++++++++++++--- > include/block/block-copy.h | 15 +-- > include/hw/virtio/virtio.h | 2 + > include/qemu/job.h | 11 +- > include/qemu/progress_meter.h | 58 +++++++++++ > job-qmp.c | 4 +- > job.c | 6 +- > nbd/server.c | 23 ++++- > net/net.c | 2 +- > plugins/core.c | 1 + > qapi/block-core.json | 6 +- > qemu-deprecated.texi | 8 ++ > qemu-img.c | 6 +- > qemu-nbd.c | 6 +- > qga/commands-win32.c | 8 +- > qga/commands.c | 9 +- > qga/installer/qemu-ga.wxs | 2 +- > qga/main.c | 4 +- > qga/vss-win32/install.cpp | 11 ++ > scsi/qemu-pr-helper.c | 17 ++-- > target/arm/arm-powerctl.c | 6 ++ > target/arm/cpu.h | 8 +- > target/arm/helper.c | 14 ++- > target/arm/helper.h | 1 + > target/arm/translate.c | 9 +- > target/arm/vec_helper.c | 2 + > target/i386/cpu.c | 8 +- > target/ppc/translate.c | 66 ++++++------ > target/s390x/helper.c | 2 +- > tcg/i386/tcg-target.inc.c | 10 +- > tcg/tcg-op.c | 23 ++++- > tests/ide-test.c | 174 ++++++++++++++------------------ > tests/qemu-iotests/026 | 53 ++++++++++ > tests/qemu-iotests/026.out | 16 +++ > tests/qemu-iotests/026.out.nocache | 16 +++ > tests/qemu-iotests/143 | 4 + > tests/qemu-iotests/143.out | 2 + > tests/qemu-iotests/244 | 14 +++ > tests/qemu-iotests/244.out | 6 ++ > 72 files changed, 963 insertions(+), 476 deletions(-) > create mode 100644 include/qemu/progress_meter.h > >