Set current_req to NULL to prevent reusing a free'd buffer in case of repeated
SCSI cancel requests. Thanks to Thomas Huth for suggesting the first version of
the patch and Alexander Bulekov for providing a reproducer.
Fixes: CVE-2022-0216
Resolves:
On Thu, 7 Jul 2022, at 17:50, Joel Stanley wrote:
> On Thu, 7 Jul 2022 at 07:17, Peter Delevoryas wrote:
>>
>> It seems that aspeed_gpio_update is allowing the value for input pins to be
>> modified through register writes and QOM property modification.
>>
>> The QOM property modification is
Am 11/07/2022 um 14:04 schrieb Vladimir Sementsov-Ogievskiy:
> On 7/6/22 23:15, Emanuele Giuseppe Esposito wrote:
>> Just as done with job.h, create _locked() functions in blockjob.h
>>
>> These functions will be later useful when caller has already taken
>> the lock. All blockjob _locked
On 7/6/22 23:15, Emanuele Giuseppe Esposito wrote:
Both blockdev.c and job-qmp.c have TOC/TOU conditions, because
they first search for the job and then perform an action on it.
Therefore, we need to do the search + action under the same
job mutex critical section.
Note: at this stage,
On Mon, 11 Jul 2022, Mark Cave-Ayland wrote:
On 06/07/2022 08:45, Cédric Le Goater wrote:
I gave KVM a try on a :
cpu : PPC970MP, altivec supported
clock : 2000.00MHz
revision : 1.0 (pvr 0044 0100)
processor : 1
cpu : PPC970MP, altivec
On 7/6/22 23:15, Emanuele Giuseppe Esposito wrote:
Just as done with job.h, create _locked() functions in blockjob.h
These functions will be later useful when caller has already taken
the lock. All blockjob _locked functions call job _locked functions.
Note: at this stage, job_{lock/unlock}
On 08/07/2022 05:57, Kito Cheng wrote:
Add new option for -d vu to dump the content of vector unit, many target
has vector register, but there is no easy way to dump the content, we
use this on downstream for a while to help debug, and I feel that's
really useful, so I think it would be great to
On Wed, 22 Jun 2022 at 17:06, Daniel P. Berrangé wrote:
>
> On Wed, Jun 22, 2022 at 03:43:54PM +0100, Alex Bennée wrote:
> >
> > Peter Maydell writes:
> >
> > > On Wed, 22 Jun 2022 at 13:33, Alex Bennée wrote:
> > >>
> > >> There have been requests from other projects such LKFT to have
> > >>
On Mon, 11 Jul 2022 at 12:09, Daniel P. Berrangé wrote:
>
> On Mon, Jul 11, 2022 at 11:32:35AM +0100, Peter Maydell wrote:
> > I'm pretty sure that nothing needs sparse array elements like
> > that. The major reason for the len-PROP field is an implementation
> > one: because there is currently
On Mon, Jul 11, 2022 at 11:32:35AM +0100, Peter Maydell wrote:
> On Fri, 8 Jul 2022 at 12:01, Daniel P. Berrangé wrote:
> > What alternative options do we have for addressing this scenario.
> >
> > I can think of
> >
> > - Auto-create array elements, if seeing an element set before length.
> >
Commit 5f76a7aac156ca75680dad5df4a385fd0b58f6b1 is looking harmless from
the first glance, but it has changed things a lot. 'libvirt' uses it to
detect that it should follow new initialization way and this changes
things considerably. With this procedure followed, blockdev_init() is
not called
* Expected ACPI Data Table [HMAT]
[000h 4]Signature : "HMAT"[Heterogeneous Memory
Attributes Table]
[004h 0004 4] Table Length : 0120
[008h 0008 1] Revision : 02
[009h 0009 1] Checksum : 4F
[00Ah 0010
This patch imitates the "tests: acpi: q35: add test for hmat nodes
without initiators" commit to test numa nodes with different HMAT
attributes, but on AArch64/virt.
Tested with:
qemu-system-aarch64 -accel tcg \
-machine virt,hmat=on,gic-version=3 -cpu cortex-a57 \
-bios
Signed-off-by: Hesham Almatary
---
tests/data/acpi/virt/DSDT.acpihmatvirt | 0
tests/data/acpi/virt/FACP.acpihmatvirt | 0
tests/data/acpi/virt/HMAT.acpihmatvirt | 0
tests/data/acpi/virt/SRAT.acpihmatvirt | 0
tests/qtest/bios-tables-test-allowed-diff.h | 4
5 files
From: Xiang Chen
Since the patchset ("Build ACPI Heterogeneous Memory Attribute Table (HMAT)"),
HMAT is supported, but only x86 is enabled. Enable HMAT on arm virt machine.
Signed-off-by: Xiang Chen
---
hw/arm/Kconfig | 1 +
hw/arm/virt-acpi-build.c | 7 +++
2 files changed, 8
On Fri, 8 Jul 2022 at 12:40, Markus Armbruster wrote:
>
> Cc'ing QOM maintainers.
>
> Peter Maydell writes:
>
> > On Mon, 4 Jul 2022 at 05:50, Markus Armbruster wrote:
> >> My initial (knee-jerk) reaction to breaking array properties: Faster,
> >> Pussycat! Kill! Kill!
> >
> > In an ideal
From: Brice Goglin
expected HMAT:
[000h 4]Signature : "HMAT"[Heterogeneous Memory
Attributes Table]
[004h 0004 4] Table Length : 0120
[008h 0008 1] Revision : 02
[009h 0009 1] Checksum : 4F
[00Ah
From: Brice Goglin
expected HMAT:
[000h 4]Signature : "HMAT"[Heterogeneous Memory
Attributes Table]
[004h 0004 4] Table Length : 0120
[008h 0008 1] Revision : 02
[009h 0009 1] Checksum : 4F
[00Ah
This patch set adds support for AArch64/HMAT including a test.
It relies on other two patch sets from:
Brice Goglin: to support -numa without initiators on q35/x86.
https://lore.kernel.org/all/ed23accb-2c8b-90f4-a7a3-f81cc57bf...@inria.fr/
Xiang Chen: to enable/support HMAT on AArch64.
From: Brice Goglin
The "Memory Proximity Domain Attributes" structure of the ACPI HMAT
has a "Processor Proximity Domain Valid" flag that is currently
always set because Qemu -numa requires an initiator=X value
when hmat=on. Unsetting this flag allows to create more complex
memory topologies by
From: Brice Goglin
.. which will be used by follow up hmat-noinitiator test-case.
Signed-off-by: Brice Goglin
---
tests/data/acpi/q35/APIC.acpihmat-noinitiator | 0
tests/data/acpi/q35/DSDT.acpihmat-noinitiator | 0
tests/data/acpi/q35/FACP.acpihmat-noinitiator | 0
On 7/11/22 10:30, Emanuele Giuseppe Esposito wrote:
Am 08/07/2022 um 21:25 schrieb Vladimir Sementsov-Ogievskiy:
static bool job_started(Job *job)
So we can call it both with mutex locked and without. Hope it never race
with job_start.
Where exactly do you see it called with mutex not
On Fri, 8 Jul 2022 at 12:01, Daniel P. Berrangé wrote:
> What alternative options do we have for addressing this scenario.
>
> I can think of
>
> - Auto-create array elements, if seeing an element set before length.
>
> This is based on the theory that 'len-PROP' field is largely
>
Hi Alexander,
Thanks for the reproducer! It looks like ABORT, CLEAR QUEUE and BUS
DEVICE RESET messages can all cancel the current request, so yes I
guess a similar change is needed there, too. Will try to send a v2
soon.
Best regards.
On Sat, Jul 9, 2022 at 2:22 AM Alexander Bulekov wrote:
>
On 7/9/22 21:51, B wrote:
> Am 1. Juli 2022 16:10:07 UTC schrieb Joao Martins :
>> Use the pre-initialized pci-host qdev and fetch the
>> pci-hole64-size into pc_memory_init() newly added argument.
>> piix needs a bit of care given all the !pci_enabled()
>> and that the pci_hole64_size is private
'returns-whitelist' has been renamed to 'command-returns-exceptions' in
commit b86df3747848 ("qapi: Rename pragma *-whitelist to *-exceptions").
Signed-off-by: Thomas Huth
---
python/qemu/qmp/legacy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/qemu/qmp/legacy.py
On Mon, Jul 11, 2022 at 11:05 AM Jason Wang wrote:
>
>
> 在 2022/7/7 02:39, Eugenio Pérez 写道:
> > When qemu injects buffers to the vdpa device it will be used to maintain
> > contextual data. If SVQ has no operation, it will be used to maintain
> > the VirtQueueElement pointer.
> >
> >
Let's use more inclusive language here and avoid terms
that are frowned upon nowadays.
Signed-off-by: Thomas Huth
---
docs/devel/submitting-a-patch.rst | 2 +-
docs/tools/qemu-nbd.rst | 2 +-
scripts/vmstate-static-checker.py | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Gerd Hoffmann (2):
usb: document guest-reset and guest-reset-all
usb: document pcap (aka usb traffic capture)
docs/system/devices/usb.rst | 41 +
1 file changed, 41 insertions(+)
--
2.36.1
Suggested-by: Michal Prívozník
Signed-off-by: Gerd Hoffmann
---
docs/system/devices/usb.rst | 29 +
1 file changed, 29 insertions(+)
diff --git a/docs/system/devices/usb.rst b/docs/system/devices/usb.rst
index 872d9167589b..18e7c8b4d716 100644
---
Signed-off-by: Gerd Hoffmann
---
docs/system/devices/usb.rst | 12
1 file changed, 12 insertions(+)
diff --git a/docs/system/devices/usb.rst b/docs/system/devices/usb.rst
index 18e7c8b4d716..f39a88f080ff 100644
--- a/docs/system/devices/usb.rst
+++ b/docs/system/devices/usb.rst
@@
On Mon, Jul 11, 2022 at 11:14 AM Jason Wang wrote:
>
>
> 在 2022/7/7 02:39, Eugenio Pérez 写道:
> > This allows qemu to inject buffers to the device.
>
>
> Not a native speaker but we probably need a better terminology than
> inject here.
>
> Since the CVQ is totally under the control of the Qemu
On Sun, Jul 10, 2022 at 10:30:03PM +0530, Ani Sinha wrote:
> Changelog:
> v2:
> - a new class of python based tests introduced that is separate from avocado
>tests or qtests. Can be run by using "make check-pytest".
> - acpi biosbits tests are the first tests to use pytest environment.
> -
On Mon, Jul 11, 2022 at 11:00 AM Jason Wang wrote:
>
>
> 在 2022/7/7 02:39, Eugenio Pérez 写道:
> > This will allow SVQ to add metadata to the different queue elements. To
> > simplify changes, only store actual element at this patch.
> >
> > Signed-off-by: Eugenio Pérez
> > ---
> >
在 2022/7/7 02:40, Eugenio Pérez 写道:
Shadow CVQ will copy buffers on qemu VA, so we avoid TOCTOU attacks that
can set a different state in qemu device model and vdpa device.
Signed-off-by: Eugenio Pérez
Acked-by: Jason Wang
---
include/hw/virtio/vhost-vdpa.h | 4
在 2022/7/7 02:39, Eugenio Pérez 写道:
It allows the Shadow Control VirtQueue to wait the device to use the commands
that restore the net device state after a live migration.
Signed-off-by: Eugenio Pérez
---
hw/virtio/vhost-shadow-virtqueue.h | 1 +
hw/virtio/vhost-shadow-virtqueue.c | 54
在 2022/7/7 02:39, Eugenio Pérez 写道:
This allows qemu to inject buffers to the device.
Not a native speaker but we probably need a better terminology than
inject here.
Since the CVQ is totally under the control of the Qemu anyhow.
Signed-off-by: Eugenio Pérez
---
在 2022/7/7 02:39, Eugenio Pérez 写道:
When qemu injects buffers to the vdpa device it will be used to maintain
contextual data. If SVQ has no operation, it will be used to maintain
the VirtQueueElement pointer.
Signed-off-by: Eugenio Pérez
---
hw/virtio/vhost-shadow-virtqueue.h | 3 ++-
在 2022/7/7 02:39, Eugenio Pérez 写道:
We will allow SVQ user to store opaque data for each element, so its
easier if we store this kind of information just at avail.
Signed-off-by: Eugenio Pérez
Note that kernel driver doesn't have this optimization so far. I wonder
if this is not a must,
在 2022/7/7 02:39, Eugenio Pérez 写道:
This will allow SVQ to add metadata to the different queue elements. To
simplify changes, only store actual element at this patch.
Signed-off-by: Eugenio Pérez
---
hw/virtio/vhost-shadow-virtqueue.h | 8 --
hw/virtio/vhost-shadow-virtqueue.c | 41
On 7/6/22 23:15, Emanuele Giuseppe Esposito wrote:
This comment applies more on job, it was left in blockjob as in the past
the whole job logic was implemented there.
Note: at this stage, job_{lock/unlock} and job lock guard macros
are*nop*.
No functional change intended.
Signed-off-by:
On Mon, Jul 11, 2022 at 10:00 AM Jason Wang wrote:
>
>
> 在 2022/7/7 02:39, Eugenio Pérez 写道:
> > VirtQueueElement comes from the guest, but we're heading SVQ to be able
> > to inject element without the guest's knowledge.
> >
> > To do so, make this accept sg buffers directly, instead of using
>
On Fri, Jul 8, 2022 at 4:57 PM Kito Cheng wrote:
> Add new option for -d vu to dump the content of vector unit, many target
> has vector register, but there is no easy way to dump the content, we
> use this on downstream for a while to help debug, and I feel that's
> really useful, so I think it
On 7/7/22 21:04, Peter Delevoryas wrote:
On Thu, Jul 07, 2022 at 10:53:57AM -0700, Peter Delevoryas wrote:
On Thu, Jul 07, 2022 at 10:56:02AM +0200, Cédric Le Goater wrote:
On 7/7/22 09:17, Peter Delevoryas wrote:
It seems that aspeed_gpio_update is allowing the value for input pins to be
On Fri, Jul 8, 2022 at 3:39 PM Kito Cheng wrote:
> Default ELEN is setting to 64 for now, which is incorrect setting for
> Zve32*, and spec has mention minimum VLEN and supported EEW in chapter
> "Zve*: Vector Extensions for Embedded Processors" is 32 for Zve32.
>
> ELEN actaully could be
Fixes: c09c1ce7e9 ("configure: switch directory options to automatic parsing",
2022-05-07)
Signed-off-by: Paolo Bonzini
---
meson_options.txt | 2 +-
scripts/meson-buildoptions.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson_options.txt
在 2022/7/7 02:39, Eugenio Pérez 写道:
VirtQueueElement comes from the guest, but we're heading SVQ to be able
to inject element without the guest's knowledge.
To do so, make this accept sg buffers directly, instead of using
VirtQueueElement.
Add vhost_svq_add_element to maintain element
From: Marc-André Lureau
Signed-off-by: Marc-André Lureau
---
.gitlab-ci.d/windows.yml | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml
index 1b2ede49e1ac..4e5c348e59ba 100644
--- a/.gitlab-ci.d/windows.yml
+++
From: Marc-André Lureau
Signed-off-by: Marc-André Lureau
---
.gitlab-ci.d/windows.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml
index 4e5c348e59ba..63d89fbefe08 100644
--- a/.gitlab-ci.d/windows.yml
+++ b/.gitlab-ci.d/windows.yml
From: Marc-André Lureau
Hi
This is a small series to attempt to debug "Intermittent meson failures on
msys2" and improve a bit msys2/gitlab reports.
Marc-André Lureau (2):
gitlab-ci: grab msys2 meson-logs as artifacts
gitlab-ci: add msys2 meson test to junit report
On 7/11/22 09:37, Mark Cave-Ayland wrote:
On 06/07/2022 08:45, Cédric Le Goater wrote:
On 7/5/22 08:57, Cédric Le Goater wrote:
On 7/5/22 08:51, Mark Cave-Ayland wrote:
On 04/07/2022 18:34, Cédric Le Goater wrote:
On 7/2/22 15:34, Daniel Henrique Barboza wrote:
On 7/2/22 03:24, Cédric
On 05/07/2022 15:58, Cédric Le Goater wrote:
Hello,
This replaces the IRQ array 'irq_inputs' with GPIO lines and removes
'irq_inputs' when all CPUs have been converted.
Thanks,
C.
Cédric Le Goater (5):
ppc64: Allocate IRQ lines with qdev_init_gpio_in()
ppc/40x: Allocate IRQ lines with
On 06/07/2022 08:45, Cédric Le Goater wrote:
On 7/5/22 08:57, Cédric Le Goater wrote:
On 7/5/22 08:51, Mark Cave-Ayland wrote:
On 04/07/2022 18:34, Cédric Le Goater wrote:
On 7/2/22 15:34, Daniel Henrique Barboza wrote:
On 7/2/22 03:24, Cédric Le Goater wrote:
On 6/30/22 21:42, Daniel
Am 08/07/2022 um 21:25 schrieb Vladimir Sementsov-Ogievskiy:
>> static bool job_started(Job *job)
>
> So we can call it both with mutex locked and without. Hope it never race
> with job_start.
Where exactly do you see it called with mutex not held?
I don't see it anywhere, and if you agree
On Fri, Jul 8, 2022 at 2:53 PM Markus Armbruster wrote:
>
> Eugenio Pérez writes:
>
> > Finally offering the possibility to enable SVQ from the command line.
> >
> > Signed-off-by: Eugenio Pérez
>
> Please carry forward Acked-by and Reviewed-by you received for prior
> revisions unless you
On Fri, Jul 8, 2022 at 2:51 PM Markus Armbruster wrote:
>
> Eugenio Perez Martin writes:
>
> > On Thu, Jul 7, 2022 at 8:23 AM Markus Armbruster wrote:
> >>
> >> Eugenio Pérez writes:
> >>
> >> > Finally offering the possibility to enable SVQ from the command line.
> >>
> >> QMP, too, I guess.
Gentle ping.
Regards,
eop Chen
> ~eopxd 於 2022年6月20日 下午2:50 寫道:
>
> According to v-spec, mask agnostic behavior can be either kept as
> undisturbed or set elements' bits to all 1s. To distinguish the
> difference of mask policies, QEMU should be able to simulate the mask
> agnostic behavior
On Sun, Jul 10, 2022 at 6:30 PM Weiwei Li wrote:
>
> Just add 1 to the effective privledge level when in HS mode, then reuse the
> check
> 'effective_priv < csr_priv' in riscv_csrrw_check to replace the privilege
> level
> related check in hmode. Then, hmode will only check whether H extension
On Sun, Jul 10, 2022 at 6:24 PM Weiwei Li wrote:
>
> - It seems that there is no explicitly description about whether
> the Hypervisor CSRs requires S extension
> - Csrs only existed in RV32 will not trigger virtual instruction fault
> when not in RV32
>
> Signed-off-by: Weiwei Li
>
On Sun, Jul 10, 2022 at 6:28 PM Weiwei Li wrote:
>
> - add umode/umode32 predicate for mcounteren,menvcfg/menvcfgh
>
> Signed-off-by: Weiwei Li
> Signed-off-by: Junqiang Wang
Reviewed-by: Alistair Francis
Alistair
> ---
> target/riscv/csr.c | 25 ++---
> 1 file changed,
On Sun, Jul 10, 2022 at 6:28 PM Weiwei Li wrote:
>
> - line over 80 characters will trigger warning when running checkpatch
>
> Signed-off-by: Weiwei Li
> Signed-off-by: Junqiang Wang
> ---
> target/riscv/csr.c | 362 -
> 1 file changed, 196
On Fri, Jul 8, 2022 at 8:16 PM John Snow wrote:
> In some container environments, there may be references to block devices
> witnessable from a container through /proc/self/mountinfo that reference
> devices we simply don't have access to in the container, and cannot
> provide information about.
201 - 262 of 262 matches
Mail list logo