[Qemu-commits] [qemu/qemu] 123a06: MAINTAINERS: Assign some more files in the hw/arm/...
Branch: refs/heads/master Home: https://github.com/qemu/qemu Commit: 123a069ae69735e9d71c262061254838132b69d9 https://github.com/qemu/qemu/commit/123a069ae69735e9d71c262061254838132b69d9 Author: Thomas Huth Date: 2018-11-26 (Mon, 26 Nov 2018) Changed paths: M MAINTAINERS Log Message: --- MAINTAINERS: Assign some more files in the hw/arm/ directory I apparently missed some more files and even a complete machine (the "imx25-pdk") in my previous patch... but now we should hopefully have a completely coverage for all available ARM boards. Fixes: 95a5db3ae5698b49c63144610ad02913e780c828 Signed-off-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Message-id: 1542782568-20059-1-git-send-email-th...@redhat.com Signed-off-by: Peter Maydell Commit: 49154ea0bfdefa17e03bf927db38b8501deb294f https://github.com/qemu/qemu/commit/49154ea0bfdefa17e03bf927db38b8501deb294f Author: Eric Auger Date: 2018-11-26 (Mon, 26 Nov 2018) Changed paths: M MAINTAINERS Log Message: --- MAINTAINERS: Add an ARM SMMU section Add a new ARM SMMU section and set Eric Auger as the maintainer for ARM SMMU emulation sources. Signed-off-by: Eric Auger Message-id: 20181122180143.14237-1-eric.au...@redhat.com Suggested-by: Peter Maydell Signed-off-by: Peter Maydell Commit: 58102ce7fbb2362aa53984aabcf684d164da2d9d https://github.com/qemu/qemu/commit/58102ce7fbb2362aa53984aabcf684d164da2d9d Author: Edgar E. Iglesias Date: 2018-11-26 (Mon, 26 Nov 2018) Changed paths: M hw/net/cadence_gem.c Log Message: --- net: cadence_gem: Remove incorrect assert() Don't assert on RX descriptor settings when the receiver is disabled. This fixes an issue with incoming packets on an unused GEM. Reported-by: mbilal Signed-off-by: Edgar E. Iglesias Reviewed-by: Philippe Mathieu-Daudé Message-id: 20181123135450.24829-2-edgar.igles...@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell Commit: d522fba24478474911b0e6e488b6d1dcf1af54f8 https://github.com/qemu/qemu/commit/d522fba24478474911b0e6e488b6d1dcf1af54f8 Author: Peter Maydell Date: 2018-11-26 (Mon, 26 Nov 2018) Changed paths: M MAINTAINERS M hw/net/cadence_gem.c Log Message: --- Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20181126' into staging target-arm queue: * some updates to MAINTAINERS file entries * cadence_gem: Remove an incorrect assert() # gpg: Signature made Mon 26 Nov 2018 13:57:34 GMT # gpg:using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell " # gpg: aka "Peter Maydell " # gpg: aka "Peter Maydell " # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20181126: net: cadence_gem: Remove incorrect assert() MAINTAINERS: Add an ARM SMMU section MAINTAINERS: Assign some more files in the hw/arm/ directory Signed-off-by: Peter Maydell Compare: https://github.com/qemu/qemu/compare/72138f9bf5d8...d522fba24478 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
[Qemu-commits] [qemu/qemu] 1d2039: 9p: fix QEMU crash when renaming files
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 1d20398694a3b67a388d955b7a945ba4aa90a8a8
https://github.com/qemu/qemu/commit/1d20398694a3b67a388d955b7a945ba4aa90a8a8
Author: Greg Kurz
Date: 2018-11-23 (Fri, 23 Nov 2018)
Changed paths:
M hw/9pfs/9p.c
Log Message:
---
9p: fix QEMU crash when renaming files
When using the 9P2000.u version of the protocol, the following shell
command line in the guest can cause QEMU to crash:
while true; do rm -rf aa; mkdir -p a/b & touch a/b/c & mv a aa; done
With 9P2000.u, file renaming is handled by the WSTAT command. The
v9fs_wstat() function calls v9fs_complete_rename(), which calls
v9fs_fix_path() for every fid whose path is affected by the change.
The involved calls to v9fs_path_copy() may race with any other access
to the fid path performed by some worker thread, causing a crash like
shown below:
Thread 12 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x55a25da2 in local_open_nofollow (fs_ctx=0x57d958b8, path=0x0,
flags=65536, mode=0) at hw/9pfs/9p-local.c:59
59 while (*path && fd != -1) {
(gdb) bt
#0 0x55a25da2 in local_open_nofollow (fs_ctx=0x57d958b8,
path=0x0, flags=65536, mode=0) at hw/9pfs/9p-local.c:59
#1 0x55a25e0c in local_opendir_nofollow (fs_ctx=0x57d958b8,
path=0x0) at hw/9pfs/9p-local.c:92
#2 0x55a261b8 in local_lstat (fs_ctx=0x57d958b8,
fs_path=0x56b56858, stbuf=0x7fff84830ef0) at hw/9pfs/9p-local.c:185
#3 0x55a2b367 in v9fs_co_lstat (pdu=0x57d97498,
path=0x56b56858, stbuf=0x7fff84830ef0) at hw/9pfs/cofile.c:53
#4 0x55a1e9e2 in v9fs_stat (opaque=0x57d97498)
at hw/9pfs/9p.c:1083
#5 0x55e060a2 in coroutine_trampoline (i0=-669165424, i1=32767)
at util/coroutine-ucontext.c:116
#6 0x7fffef4f5600 in __start_context () at /lib64/libc.so.6
#7 0x in ()
(gdb)
The fix is to take the path write lock when calling v9fs_complete_rename(),
like in v9fs_rename().
Impact: DoS triggered by unprivileged guest users.
Fixes: CVE-2018-19489
Cc: P J P
Reported-by: zhibin hu
Reviewed-by: Prasad J Pandit
Signed-off-by: Greg Kurz
Commit: 72138f9bf5d8c316043b0d2cc7a674f70930cf95
https://github.com/qemu/qemu/commit/72138f9bf5d8c316043b0d2cc7a674f70930cf95
Author: Peter Maydell
Date: 2018-11-26 (Mon, 26 Nov 2018)
Changed paths:
M hw/9pfs/9p.c
Log Message:
---
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Fixes a QEMU crash triggerable by guest userspace (CVE-2018-19489).
# gpg: Signature made Mon 26 Nov 2018 07:25:01 GMT
# gpg:using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz "
# gpg: aka "Gregory Kurz "
# gpg: aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6
* remotes/gkurz/tags/for-upstream:
9p: fix QEMU crash when renaming files
Signed-off-by: Peter Maydell
Compare: https://github.com/qemu/qemu/compare/b05730a876e8...72138f9bf5d8
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
[Qemu-commits] [qemu/qemu] 4614f0: target/xtensa: gdbstub fix register counting
Branch: refs/heads/master Home: https://github.com/qemu/qemu Commit: 4614f0f8bd2e40cbc27ab6b9a1fd6244259ade8d https://github.com/qemu/qemu/commit/4614f0f8bd2e40cbc27ab6b9a1fd6244259ade8d Author: Max Filippov Date: 2018-11-20 (Tue, 20 Nov 2018) Changed paths: M target/xtensa/gdbstub.c Log Message: --- target/xtensa: gdbstub fix register counting In order to communicate correctly with gdb xtensa gdbstub must provide expected number of registers in 'g' packet response. xtensa-elf-gdb expects both nonprivileged and privileged registers. xtensa-linux-gdb only expects nonprivileged registers. gdb only counts one contiguous stretch of registers, do the same for the core registers in the xtensa_count_regs. With this change qemu-system-xtensa is able to communicate with all xtensa-elf-gdb versions (versions prior to 8.2 require overlay fixup), and qemu-xtensa is able to communicate with all xtensa-linux-gdb versions, except 8.2. Signed-off-by: Max Filippov Commit: 7da9111e77b9cdb3a927dcd47642b79de636 https://github.com/qemu/qemu/commit/7da9111e77b9cdb3a927dcd47642b79de636 Author: Max Filippov Date: 2018-11-20 (Tue, 20 Nov 2018) Changed paths: M target/xtensa/core-dc232b.c M target/xtensa/core-dc232b/gdb-config.inc.c M target/xtensa/core-dc233c.c M target/xtensa/core-dc233c/gdb-config.inc.c Log Message: --- target/xtensa: drop num_[core_]regs from dc232b/dc233c configs Now that xtensa_count_regs does the right thing, remove manual initialization of these fields from the affected configurations and let xtensa_finalize_config initialize them. Add XTREG_END to terminate register lists. Signed-off-by: Max Filippov Commit: 59b5e9bbea89fa454674b77d365015d2578dfbcf https://github.com/qemu/qemu/commit/59b5e9bbea89fa454674b77d365015d2578dfbcf Author: Max Filippov Date: 2018-11-21 (Wed, 21 Nov 2018) Changed paths: M hw/xtensa/xtfpga.c Log Message: --- target/xtensa: xtfpga: provide default memory sizes Provide default RAM sizes for all XTFPGA boards, so that when started without -m option they do the right thing. Signed-off-by: Max Filippov Reviewed-by: Philippe Mathieu-Daudé Commit: 895e4897e278572e5265e0333f5e9864be2704a6 https://github.com/qemu/qemu/commit/895e4897e278572e5265e0333f5e9864be2704a6 Author: Max Filippov Date: 2018-11-22 (Thu, 22 Nov 2018) Changed paths: M MAINTAINERS Log Message: --- MAINTAINERS: add missing xtensa patterns Signed-off-by: Max Filippov Reviewed-by: Philippe Mathieu-Daudé Commit: b05730a876e899e8159878ba1c88fe5d1a3e8838 https://github.com/qemu/qemu/commit/b05730a876e899e8159878ba1c88fe5d1a3e8838 Author: Peter Maydell Date: 2018-11-26 (Mon, 26 Nov 2018) Changed paths: M MAINTAINERS M hw/xtensa/xtfpga.c M target/xtensa/core-dc232b.c M target/xtensa/core-dc232b/gdb-config.inc.c M target/xtensa/core-dc233c.c M target/xtensa/core-dc233c/gdb-config.inc.c M target/xtensa/gdbstub.c Log Message: --- Merge remote-tracking branch 'remotes/xtensa/tags/20181125-xtensa' into staging xtensa fixes for 3.1: - fix register counting logic for linux-user gdbserver; - provide default memory sizes for XTFPGA boards; - add missing xtensa patterns to MAINTAINTERS. # gpg: Signature made Sun 25 Nov 2018 23:07:54 GMT # gpg:using RSA key 51F9CC91F83FA044 # gpg: Good signature from "Max Filippov " # gpg: aka "Max Filippov " # gpg: aka "Max Filippov " # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20181125-xtensa: MAINTAINERS: add missing xtensa patterns target/xtensa: xtfpga: provide default memory sizes target/xtensa: drop num_[core_]regs from dc232b/dc233c configs target/xtensa: gdbstub fix register counting Signed-off-by: Peter Maydell Compare: https://github.com/qemu/qemu/compare/5298f4d67a91...b05730a876e8 **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
