Hi everyone, I am pleased to announce that the QEMU v2.11.1 stable release is now available:
You can grab the tarball from our download page here: https://www.qemu.org/download/#source v2.11.1 is now tagged in the official qemu.git repository, and the stable-2.11 branch has been updated accordingly: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.11 This update contains new functionality needed to enable mitigations for Spectre/Meltdown (CVE-2017-5715) in x86, pseries, and s390x QEMU/KVM guest operating systems. Documentation for the various options/requirements for enabling this functionality is available here: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ There are also security fixes for potential host DoS attacks via VGA devices (CVE-2018-5683) and VNC clients (CVE-2017-15124), as well as the normal range of general fixes. Please see the changelog for additional details and update accordingly. Thank you to everyone involved! CHANGELOG: 7c1beb52ed: Update version for 2.11.1 release (Michael Roth) 00e9fba2be: spapr: add missing break in h_get_cpu_characteristics() (Greg Kurz) 63112b16a6: vga: check the validation of memory addr when draw text (linzhecheng) 30c3b4823c: input: fix memory leak (linzhecheng) 88ab85384d: ui: correctly advance output buffer when writing SASL data (Daniel P. Berrangé) 64653b7fbe: ui: avoid sign extension using client width/height (Daniel P. Berrange) 9a26ca6b94: ui: mix misleading comments & return types of VNC I/O helper methods (Daniel P. Berrange) 172f4e5a31: ui: add trace events related to VNC client throttling (Daniel P. Berrange) 0c85a40e71: ui: place a hard cap on VNC server output buffer size (Daniel P. Berrange) f9e53c77ea: ui: fix VNC client throttling when forced update is requested (Daniel P. Berrange) f9c8767828: ui: fix VNC client throttling when audio capture is active (Daniel P. Berrange) 5af9f2504f: ui: refactor code for determining if an update should be sent to the client (Daniel P. Berrange) 2e6571e671: ui: correctly reset framebuffer update state after processing dirty regions (Daniel P. Berrange) 126617e6f8: ui: introduce enum to track VNC client framebuffer update request state (Daniel P. Berrange) 8a9c5c34ac: ui: track how much decoded data we consumed when doing SASL encoding (Daniel P. Berrange) 616d64ac06: ui: avoid pointless VNC updates if framebuffer isn't dirty (Daniel P. Berrange) a7b2537f8a: ui: remove redundant indentation in vnc_client_update (Daniel P. Berrange) de1e7a91c8: ui: remove unreachable code in vnc_update_client (Daniel P. Berrange) 0181686a98: ui: remove 'sync' parameter from vnc_update_client (Daniel P. Berrange) a3fd64f2fe: migration: incoming postcopy advise sanity checks (Greg Kurz) 68d7e24475: target/sh4: add missing tcg_temp_free() in _decode_opc() (Philippe Mathieu-Daudé) 2095c5a2e3: migration/savevm.c: set MAX_VM_CMD_PACKAGED_SIZE to 1ul << 32 (Daniel Henrique Barboza) c8847f5565: migration: Recover block devices if failure in device state (Dr. David Alan Gilbert) b9eec804f4: migration: Don't leak IO channels (Ross Lagerwall) b8aa511bc0: s390x/sclp: fix event mask handling (Christian Borntraeger) ab7b4f6734: memory: set ioeventfd_update_pending after address_space_update_ioeventfds (linzhecheng) ed8b4ecc68: target/ppc/spapr: Add H-Call H_GET_CPU_CHARACTERISTICS (Suraj Jitindar Singh) eab4b5170f: target/ppc/spapr_caps: Add new tristate cap safe_indirect_branch (Suraj Jitindar Singh) d7aa3d0a0a: target/ppc/spapr_caps: Add new tristate cap safe_bounds_check (Suraj Jitindar Singh) 3dc12273b7: target/ppc/spapr_caps: Add new tristate cap safe_cache (Suraj Jitindar Singh) e9a8747cd2: target/ppc/spapr_caps: Add support for tristate spapr_capabilities (Suraj Jitindar Singh) 49b1fa33a3: target/ppc/kvm: Add cap_ppc_safe_[cache/bounds_check/indirect_branch] (Suraj Jitindar Singh) 43a29f0025: target/ppc/spapr_caps: Add macro to generate spapr_caps migration vmstate (Suraj Jitindar Singh) d72e0a69ea: target/ppc: introduce the PPC_BIT() macro (Cédric Le Goater) 4374cbca95: spapr: fix device tree properties when using compatibility mode (Greg Kurz) a1f33a5b93: ppc: Change Power9 compat table to support at most 8 threads/core (Jose Ricardo Ziviani) 6a47136799: hw/ppc/spapr_caps: Rework spapr_caps to use uint8 internal representation (Suraj Jitindar Singh) e4f4fa00eb: spapr: Handle Decimal Floating Point (DFP) as an optional capability (David Gibson) ff6f7e10c6: spapr: Handle VMX/VSX presence as an spapr capability flag (David Gibson) 7c578cbc37: target/ppc: Clean up probing of VMX, VSX and DFP availability on KVM (David Gibson) 804e5ea9ed: spapr: Validate capabilities on migration (David Gibson) 9070f408f4: spapr: Treat Hardware Transactional Memory (HTM) as an optional capability (David Gibson) 78a38cd47e: spapr: Capabilities infrastructure (David Gibson) 0fac4aa930: spapr: Add pseries-2.12 machine type (David Gibson) 97d17551b5: spapr: don't initialize PATB entry if max-cpu-compat < power9 (Laurent Vivier) 7e25155a7b: linux-user/signal.c: Rename MC_* defines (Peter Maydell) 80277d7cd5: spapr_pci: fix MSI/MSIX selection (Greg Kurz) 50c6998c20: usb-storage: Fix share-rw option parsing (Fam Zheng) dccdaacc3d: osdep: Retry SETLK upon EINTR (Fam Zheng) 5683983e99: s390x/kvm: provide stfle.81 (Christian Borntraeger) 4d79c0e434: s390x/kvm: Handle bpb feature (Christian Borntraeger) 098132386d: linux-headers: update (Cornelia Huck) 61c8e67a66: linux-headers: update to 4.15-rc1 (Eric Auger) e7857ad997: s390x: fix storage attributes migration for non-small guests (Claudio Imbrenda) 9327a8e2d6: linux-user: Fix locking order in fork_start() (Peter Maydell) 8ebfafa796: i386: Add EPYC-IBPB CPU model (Eduardo Habkost) 61efbbf869: i386: Add new -IBRS versions of Intel CPU models (Eduardo Habkost) 1ade973f52: i386: Add FEAT_8000_0008_EBX CPUID feature word (Eduardo Habkost) 803d42fa65: i386: Add spec-ctrl CPUID bit (Eduardo Habkost) cb2637a5ae: i386: Add support for SPEC_CTRL MSR (Paolo Bonzini) 4b220d88ba: i386: Change X86CPUDefinition::model_id to const char* (Eduardo Habkost) 1027f3419b: hw/pci-bridge: fix QEMU crash because of pcie-root-port (Marcel Apfelbaum) ccf82aee58: scsi-disk: release AioContext in unaligned WRITE SAME case (Stefan Hajnoczi) 1e14820884: hw/sd/ssi-sd: Reset SD card on controller reset (Peter Maydell) a22b8096b6: hw/sd/milkymist-memcard: Reset SD card on controller reset (Peter Maydell) 3f44190cb6: hw/sd/pl181: Reset SD card on controller reset (Peter Maydell) 88bf4a70df: vhost: remove assertion to prevent crash (Jay Zhou) f793121539: virtio_error: don't invoke status callbacks (Michael S. Tsirkin) 0af294d774: hw/intc/arm_gic: reserved register addresses are RAZ/WI (Peter Maydell) 62425350b5: hw/intc/arm_gicv3: Make reserved register addresses RAZ/WI (Peter Maydell) d6f1448277: vfio: Fix vfio-kvm group registration (Alex Williamson) 7f53a81073: block: Open backing image in force share mode for size probe (Fam Zheng) 2b0c34cf61: block: Call .drain_begin only once in bdrv_drain_all_begin() (Kevin Wolf) 057364da77: block: Make bdrv_drain_invoke() recursive (Kevin Wolf) b9da3c1de7: block/nbd: fix segmentation fault when .desc is not null-terminated (Murilo Opsfelder Araujo) c184e17c75: qemu-pr-helper: miscellaneous fixes (Paolo Bonzini) 5ba945f1cb: qemu-options: Remove stray colons from output of --help (Markus Armbruster) ea311a9959: target/sh4: fix TCG leak during gusa sequence (Alex Bennée) fd89d93e85: block/iscsi: dont leave allocmap in an invalid state on UNMAP failure (Peter Lieven) 817a9fcba8: target/i386: Fix handling of VEX prefixes (Peter Maydell)