qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] f6abce: backends/cryptodev-builtin: Fix local

From: Philippe Mathieu-Daudé
Subject: [Qemu-commits] [qemu/qemu] f6abce: backends/cryptodev-builtin: Fix local_error leaks
Date: Tue, 07 May 2024 00:04:19 -0700 
  Branch: refs/heads/staging-8.2
  Home:   https://github.com/qemu/qemu
  Commit: f6abce29cc4afa0445cb3b29a265a114ac9fa744
      
https://github.com/qemu/qemu/commit/f6abce29cc4afa0445cb3b29a265a114ac9fa744
  Author: Li Zhijian <lizhijian@fujitsu.com>
  Date:   2024-04-30 (Tue, 30 Apr 2024)

  Changed paths:
    M backends/cryptodev-builtin.c

  Log Message:
  -----------
  backends/cryptodev-builtin: Fix local_error leaks

It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: zhenwei pi <pizhenwei@bytedance.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 06479dbf3d7d245572c4b3016e5a1d923ff04d66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 7e5f59326ddfef04154a9f4ae1f97893ce8aa142
      
https://github.com/qemu/qemu/commit/7e5f59326ddfef04154a9f4ae1f97893ce8aa142
  Author: Michael Tokarev <mjt@tls.msk.ru>
  Date:   2024-04-30 (Tue, 30 Apr 2024)

  Changed paths:
    M target/loongarch/cpu.c

  Log Message:
  -----------
  target/loongarch/cpu.c: typo fix: expection

Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert 
failed with the option '-d int'")
Fixes: ef9b43bb8e2d (in stable-8.2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 0cbb322f70e8a87e4acbffecef5ea8f9448f3513)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 5b5655fdb75f9b31dbfc65697349b3cc7d52330a
      
https://github.com/qemu/qemu/commit/5b5655fdb75f9b31dbfc65697349b3cc7d52330a
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-05-01 (Wed, 01 May 2024)

  Changed paths:
    M tests/avocado/boot_linux_console.py
    M tests/avocado/replay_kernel.py

  Log Message:
  -----------
  tests/avocado: update sunxi kernel from armbian to 6.6.16

The Linux kernel 5.10.16 binary for sunxi has been removed from
apt.armbian.com. This means that the avocado tests for these machines
will be skipped (status CANCEL) if the old binary isn't present in
the avocado cache.

Update to 6.6.16, in the same way we did in commit e384db41d8661
when we moved to 5.10.16 in 2021.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2284
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Strahinja Jankovic <strahinja.p.jankovic@gmail.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Message-id: 20240415151845.1564201-1-peter.maydell@linaro.org
(cherry picked from commit dcc5c018c7e6acddf81951bcbdf1019b9ab45f56)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 5479d911bc8f769a914668f65bf04f30fb64627d
      
https://github.com/qemu/qemu/commit/5479d911bc8f769a914668f65bf04f30fb64627d
  Author: Thomas Huth <thuth@redhat.com>
  Date:   2024-05-01 (Wed, 01 May 2024)

  Changed paths:
    M .gitlab-ci.d/cirrus.yml

  Log Message:
  -----------
  .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs

Cirrus-CI introduced limitations to the free CI minutes. To avoid that
we are consuming them too fast, let's drop the usual targets that are
not that important since they are either a subset of another target
(like i386 or ppc being a subset of x86_64 or ppc64 respectively), or
since there is still a similar target with the opposite endianness
(like xtensa/xtensael, microblaze/microblazeel etc.).

Message-ID: <20240429100113.53357-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a88a04906b966ffdcda23a5a456abe10aa8c826e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: d5cf8bed29870b6f9f2c26892acdc889033894d9
      
https://github.com/qemu/qemu/commit/d5cf8bed29870b6f9f2c26892acdc889033894d9
  Author: Jeuk Kim <jeuk20.kim@samsung.com>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M hw/ufs/ufs.c

  Log Message:
  -----------
  hw/ufs: Fix buffer overflow bug

It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.

You can reproduce it by:

cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000058 0x1 0xa7
write 0xa 0x1 0x50
EOF

Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
(cherry picked from commit f2c8aeb1afefcda92054c448b21fc59cdd99db30)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: dfcbb9ef240378e5a97566bdad0296a7b7fd7c60
      
https://github.com/qemu/qemu/commit/dfcbb9ef240378e5a97566bdad0296a7b7fd7c60
  Author: Alexandra Diupina <adiupina@astralinux.ru>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M hw/dma/xlnx_dpdma.c

  Log Message:
  -----------
  hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields

The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
 https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field

However, we misimplemented this address extension in several ways:
 * we only extracted 12 bits of the extension fields, not 16
 * we didn't shift the extension field up far enough
 * we accidentally did the shift as 32-bit arithmetic, which
   meant that we would have an overflow instead of setting
   bits [47:32] of the resulting 64-bit address

Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Cc: qemu-stable@nongnu.org
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Message-id: 20240428181131.23801-1-adiupina@astralinux.ru
[PMM: adjusted commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4b00855f0ee2e2eee8fd2500ffef27c108be6dc3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 7b4804c965643d30ad0aed8cafe9b762381cfeb5
      
https://github.com/qemu/qemu/commit/7b4804c965643d30ad0aed8cafe9b762381cfeb5
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-02 (Thu, 02 May 2024)

  Changed paths:
    M hw/arm/npcm7xx.c

  Log Message:
  -----------
  hw/arm/npcm7xx: Store derivative OTP fuse key in little endian

Use little endian for derivative OTP fuse key.

Cc: qemu-stable@nongnu.org
Fixes: c752bb079b ("hw/nvram: NPCM7xx OTP device model")
Suggested-by: Avi Fishman <Avi.Fishman@nuvoton.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240422125813.1403-1-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit eb656a60fd93262b1e519b3162888bf261df7f68)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: dc5390a0ca23e3811f793fe15b40ba2a47c4729b
      
https://github.com/qemu/qemu/commit/dc5390a0ca23e3811f793fe15b40ba2a47c4729b
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-04 (Sat, 04 May 2024)

  Changed paths:
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-addv.c

  Log Message:
  -----------
  target/sh4: Fix ADDV opcode

The documentation says:

  ADDV Rm, Rn        Rn + Rm -> Rn, overflow -> T

But QEMU implementation was:

  ADDV Rm, Rn        Rn + Rm -> Rm, overflow -> T

Fix by filling the correct Rm register.

Add tests provided by Paul Cercueil.

Cc: qemu-stable@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <paul@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2317
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-2-philmd@linaro.org>
(cherry picked from commit c365e6b0705788866a65e7b8206bd4c5332595cd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 07d46408cb9837c54a449d56c9af1b6a2d69ec60
      
https://github.com/qemu/qemu/commit/07d46408cb9837c54a449d56c9af1b6a2d69ec60
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-04 (Sat, 04 May 2024)

  Changed paths:
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-subv.c

  Log Message:
  -----------
  target/sh4: Fix SUBV opcode

The documentation says:

  SUBV Rm, Rn        Rn - Rm -> Rn, underflow -> T

The overflow / underflow can be calculated as:

  T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31

However we were using the incorrect:

  T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31

Fix by using the Rn register instead of Rm.

Add tests provided by Paul Cercueil.

Cc: qemu-stable@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <paul@crapouillou.net>
Suggested-by: Paul Cercueil <paul@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-3-philmd@linaro.org>
(cherry picked from commit e88a856efd1d3c3ffa8e53da4831eff8da290808)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/37751067b175...07d46408cb98

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications
reply via email to
[Prev in Thread] Current Thread [Next in Thread]