[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 2b6a75: hw/ide/piix: properly initialize the
|
From: |
Viktor Prutyanov |
|
Subject: |
[Qemu-commits] [qemu/qemu] 2b6a75: hw/ide/piix: properly initialize the BMIBA register |
|
Date: |
Tue, 25 Jul 2023 07:37:15 -0700 |
Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: 2b6a75b78e5f6ec89a640a29379c749ca2651610
https://github.com/qemu/qemu/commit/2b6a75b78e5f6ec89a640a29379c749ca2651610
Author: Olaf Hering <olaf@aepfle.de>
Date: 2023-07-15 (Sat, 15 Jul 2023)
Changed paths:
M hw/ide/piix.c
Log Message:
-----------
hw/ide/piix: properly initialize the BMIBA register
According to the 82371FB documentation (82371FB.pdf, 2.3.9. BMIBA-BUS
MASTER INTERFACE BASE ADDRESS REGISTER, April 1997), the register is
32bit wide. To properly reset it to default values, all 32bit need to be
cleared. Bit #0 "Resource Type Indicator (RTE)" needs to be enabled.
The initial change wrote just the lower 8 bit, leaving parts of the "Bus
Master Interface Base Address" address at bit 15:4 unchanged.
Fixes: e6a71ae327 ("Add support for 82371FB (Step A1) and Improved support for
82371SB (Function 1)")
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230712074721.14728-1-olaf@aepfle.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 230dfd9257e92259876c113e58b5f0d22b056d2e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8f8a8f20f48e0710d040112ad667b3297b1cd6d5
https://github.com/qemu/qemu/commit/8f8a8f20f48e0710d040112ad667b3297b1cd6d5
Author: Mauro Matteo Cascella <mcascell@redhat.com>
Date: 2023-07-18 (Tue, 18 Jul 2023)
Changed paths:
M ui/vnc-clipboard.c
Log Message:
-----------
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).
Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230704084210.101822-1-mcascell@redhat.com>
(cherry picked from commit d921fea338c1059a27ce7b75309d7a2e485f710b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6e216d21b56a7545a05080a370b5ca7491fecfb3
https://github.com/qemu/qemu/commit/6e216d21b56a7545a05080a370b5ca7491fecfb3
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
We are going to pass additional flag inside next patch.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: <qemu-stable@nongnu.org>
Message-ID: <20230717145544.194786-2-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 03b67621445d601c9cdc7dfe25812e9f19b81488)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 742612345a1e6ac8b3408ee1cd1d77bc07e74180
https://github.com/qemu/qemu/commit/742612345a1e6ac8b3408ee1cd1d77bc07e74180
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: fix regression with qemu-nbd --fork run over ssh
Commit e6df58a5578fee7a50bbf36f4a50a2781cff855d
Author: Hanna Reitz <hreitz@redhat.com>
Date: Wed May 8 23:18:18 2019 +0200
qemu-nbd: Do not close stderr
has introduced an interesting regression. Original behavior of
ssh somehost qemu-nbd /home/den/tmp/file -f raw --fork
was the following:
* qemu-nbd was started as a daemon
* the command execution is done and ssh exited with success
The patch has changed this behavior and 'ssh' command now hangs forever.
According to the normal specification of the daemon() call, we should
endup with STDERR pointing to /dev/null. That should be done at the
very end of the successful startup sequence when the pipe to the
bootstrap process (used for diagnostics) is no longer needed.
This could be achived in the same way as done for 'qemu-nbd -c' case.
That was commit 0eaf453e, also fixing up e6df58a5. STDOUT copying to
STDERR does the trick.
This also leads to proper 'ssh' connection closing which fixes my
original problem.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: Hanna Reitz <hreitz@redhat.com>
CC: <qemu-stable@nongnu.org>
Message-ID: <20230717145544.194786-3-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 5c56dd27a2c905c9cf2472d2fd057621ce5fd00d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 792396e507d60616b099faedea5333ec148daf4e
https://github.com/qemu/qemu/commit/792396e507d60616b099faedea5333ec148daf4e
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Make CKSM raise an exception if R2 is odd
R2 designates an even-odd register pair; the instruction should raise
a specification exception when R2 is not even.
Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-2-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 761b0aa9381e2f755b9b594f7f3033d564561751)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a0da44f5a2377f1557853d4021eea15e12ed324e
https://github.com/qemu/qemu/commit/a0da44f5a2377f1557853d4021eea15e12ed324e
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/s390x/tcg/mem_helper.c
Log Message:
-----------
target/s390x: Fix CLM with M3=0
When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 4b6e4c0b8223681ae85462794848db4386de1a8d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 44d491a219cc6f120f094c05bed10d5568a948be
https://github.com/qemu/qemu/commit/44d491a219cc6f120f094c05bed10d5568a948be
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/s390x/tcg/fpu_helper.c
Log Message:
-----------
target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs
CONVERT TO LOGICAL/FIXED deviate from IEEE 754 in that they raise an
inexact exception on out-of-range inputs. float_flag_invalid_cvti
aligns nicely with that behavior, so convert it to
S390_IEEE_MASK_INEXACT.
Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 53684e344a27da770acc9012740334154ddea24f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 23d5b5ceff25cb7e9737dc8f4dc3c921eda9d40b
https://github.com/qemu/qemu/commit/23d5b5ceff25cb7e9737dc8f4dc3c921eda9d40b
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix ICM with M3=0
When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a2025557ed4d8d5e6a4d0dd681717c390f51f5be)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 384be9e10e302ae82bfe77860ae157a4c3d7442e
https://github.com/qemu/qemu/commit/384be9e10e302ae82bfe77860ae157a4c3d7442e
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/s390x/tcg/excp_helper.c
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Make MC raise specification exception when class >= 16
MC requires bit positions 8-11 (upper 4 bits of class) to be zeros,
otherwise it must raise a specification exception.
Cc: qemu-stable@nongnu.org
Fixes: 20d143e2cab8 ("s390x/tcg: Implement MONITOR CALL")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-6-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 9c028c057adce49304c6e4a51f6b426bd4f8f6b8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context edit in target/s390x/tcg/translate.c)
Commit: 2e2dae8044249c942073c4ef0b8a64bc2abee122
https://github.com/qemu/qemu/commit/2e2dae8044249c942073c4ef0b8a64bc2abee122
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/s390x/tcg/translate_vx.c.inc
Log Message:
-----------
target/s390x: Fix assertion failure in VFMIN/VFMAX with type 13
Type 13 is reserved, so using it should result in specification
exception. Due to an off-by-1 error the code triggers an assertion at a
later point in time instead.
Cc: qemu-stable@nongnu.org
Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-8-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit ff537b0370ab5918052b8d8a798e803c47272406)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8c9e81754a3c8b0c09bef5e140df21e885a5b88d
https://github.com/qemu/qemu/commit/8c9e81754a3c8b0c09bef5e140df21e885a5b88d
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M target/loongarch/cpu.h
M target/loongarch/csr_helper.c
M target/loongarch/helper.h
M target/loongarch/insn_trans/trans_privileged.c.inc
Log Message:
-----------
target/loongarch: Fix the CSRRD CPUID instruction on big endian hosts
The test in tests/avocado/machine_loongarch.py is currently failing
on big endian hosts like s390x. By comparing the traces between running
the QEMU_EFI.fd bios on a s390x and on a x86 host, it's quickly obvious
that the CSRRD instruction for the CPUID is behaving differently. And
indeed: The code currently does a long read (i.e. 64 bit) from the
address that points to the CPUState->cpu_index field (with tcg_gen_ld_tl()
in the trans_csrrd() function). But this cpu_index field is only an "int"
(i.e. 32 bit). While this dirty pointer magic works on little endian hosts,
it of course fails on big endian hosts. Fix it by using a proper helper
function instead.
Message-Id: <20230720175307.854460-1-thuth@redhat.com>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit c34ad459926f6c600a55fe6782a27edfa405d60b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8b2cdebb77dcfab041b48c0636221da730a3168c
https://github.com/qemu/qemu/commit/8b2cdebb77dcfab041b48c0636221da730a3168c
Author: Viktor Prutyanov <viktor@daynix.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M hw/virtio/vhost-stub.c
M hw/virtio/vhost.c
M include/hw/virtio/vhost.h
Log Message:
-----------
vhost: register and change IOMMU flag depending on Device-TLB state
The guest can disable or never enable Device-TLB. In these cases,
it can't be used even if enabled in QEMU. So, check Device-TLB state
before registering IOMMU notifier and select unmap flag depending on
that. Also, implement a way to change IOMMU notifier flag if Device-TLB
state is changed.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2001312
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230626091258.24453-2-viktor@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit ee071f67f7a103c66f85f68ffe083712929122e3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a543b30740f6f07edf3d5d5b44218b90cbf72390
https://github.com/qemu/qemu/commit/a543b30740f6f07edf3d5d5b44218b90cbf72390
Author: Viktor Prutyanov <viktor@daynix.com>
Date: 2023-07-25 (Tue, 25 Jul 2023)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: pass Device-TLB enable/disable events to vhost
If vhost is enabled for virtio-net, Device-TLB enable/disable events
must be passed to vhost for proper IOMMU unmap flag selection.
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230626091258.24453-3-viktor@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit cd9b8346884353ba9ae6560b44b7cccdf00a6633)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/681858ea1424...a543b30740f6
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 2b6a75: hw/ide/piix: properly initialize the BMIBA register,
Viktor Prutyanov <=