packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
393 Commits 1 Branch 0 Tags
Commit Graph

170 Commits

Author SHA1 Message Date
Jiabo Feng
3d643587ea QEMU update to version 4.1.0-87: 
- nbd/server: CVE-2024-7409: Avoid use-after-free when closing server

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-09-18 15:45:18 +08:00
Jiabo Feng
c4360a84fc QEMU update to version 4.1.0-86: 
- nbd/server: CVE-2024-7409: Close stray clients at server-stop
- main-loop.h: introduce qemu_in_main_thread()
- aio-wait.h: introduce AIO_WAIT_WHILE_UNLOCKED
- nbd/server: CVE-2024-7409: Drop non-negotiating clients
- nbd/server: CVE-2024-7409: Cap default max-connections to 100
- nbd: Add max-connections to nbd-server-start
- nbd/server: Plumb in new args to nbd_client_add()
- nbd: Minor style and typo fixes

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-08-13 17:05:35 +08:00
Jiabo Feng
d0b1ef237c QEMU update to version 4.1.0-85: 
- block: Parse filenames only when explicitly requested (CVE-2024-4467)
- block: introduce bdrv_open_file_child() helper
- qcow2: Don't open data_file with BDRV_O_NO_IO (CVE-2024-4467)
- qcow2: Do not reopen data_file in invalidate_cache

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-07-11 14:41:35 +08:00
Jiabo Feng
1fe98a3a7b QEMU update to version 4.1.0-84: 
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fix CVE-2023-5088)
- hw/ide: reset: cancel async DMA operation before resetting state (Fix CVE-2023-5088)

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-06-15 09:54:38 +08:00
Jiabo Feng
9df0eb3b5b QEMU update to version 4.1.0-83 
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs(CVE-2024-3446)
- hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs(CVE-2024-3446)
- hw/display/virtio-gpu: Protect from DMA re-entrancy bugs(CVE-2024-3446)
- hw/virtio: Introduce virtio_bh_new_guarded() helper
- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded
- checkpatch: add qemu_bh_new/aio_bh_new checks
- async: avoid use-after-free on re-entrancy guard
- async: Add an optional reentrancy guard to the BH API
- util/async: add a human-readable name to BHs for debugging
- hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
- Include sysemu/sysemu.h a lot less

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-04-23 22:03:19 +08:00
Jiabo Feng
f25d5b2eaa QEMU update to version 4.1.0-82 
- hw/scsi/lsi53c895a: add missing decrement of reentrancy counter
- hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
- net: Update MemReentrancyGuard for NIC
- net: Provide MemReentrancyGuard * to qemu_new_nic()
- memory: prevent dma-reentracy issues
- softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
- Fixed the early version of CVE-2022-4144 patch is not fully adapted

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2024-03-09 16:13:39 +08:00
Jiabo Feng
8512b0ec13 QEMU update to version 4.1.0-81 
- hw/pvrdma: Protect against buggy or malicious guest driver

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
(cherry picked from commit 19a0ed56bf4220186e128c111567754cfe72c56d)
 2023-11-29 18:43:35 +08:00
Jiabo Feng
e4214041dc QEMU update to version 4.1.0-80 
- accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025)
  - pci: assert configuration access is within bounds
  - io: remove io watch if TLS channel is closed during handshake

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-09-11 19:54:51 +08:00
Jiabo Feng
1ece911d20 QEMU update to version 4.1.0-79 
- virtio-crypto: verify src&dst buffer length for sym request

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-08-16 09:32:34 +08:00
Jiabo Feng
0e9f137616 QEMU update to version 4.1.0-78 
- qga/win32: Use rundll for VSS installation
- qga/win32: Remove change action from MSI installer
- 9pfs: prevent opening special files (CVE-2023-2861)

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-07-28 10:19:04 +08:00
liuxiangdong
d8da2eaa57 hw/pvrdma: Protect against buggy or malicious guest driver (CVE-2022-1050) 
Fix CVE-2022-1050

Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
 2023-05-12 19:09:03 +08:00
yezengruan
cb6a9a42d3 fix CVE-2022-4144 
Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-12-05 20:03:27 +08:00
yezengruan
3154027d5b hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) 2022-09-30 19:10:07 +08:00
yezengruan
dd421f155f hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394) 
Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-09-07 17:21:55 +08:00
bobychen
1ff82de83b fix CVE-2022-0216 (openeuler !333) 
hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)
scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: bobychen <boby.chen@huawei.com>
 2022-08-30 19:33:20 +08:00
yezengruan
9fadbb45fe Provides qemu-kvm for upgrade 2022-08-25 14:47:40 +08:00
yezengruan
e5f762ef4e fix CVE-2022-35414 
softmmu: Always initialize xlat in address_space_translate_for_iotlb (CVE-2022-35414)
 2022-07-20 10:16:48 +08:00
yezengruan
3319e4bf53 fix CVE-2021-3507 (openeuler !308) 
hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-06-02 10:52:18 +08:00
Sun Dongxu
63c3424617 fix CVE-2021-20257/CVE-2020-13253 and fix gcc 10.3.1 compile error 
openeuler !302!305

e1000-fail-early-for-evil-descriptor.patch
e1000-fix-tx-re-entrancy-problem.patch
hw-sd-sdcard-Restrict-Class-6-commands-to-SCSD-cards.patch
hw-sd-sdcard-Simplify-realize-a-bit.patch
hw-sd-sdcard-Do-not-allow-invalid-SD-card-sizes.patch
hw-sd-sdcard-Update-coding-style-to-make-checkpatch..patch
hw-sd-sdcard-Do-not-switch-to-ReceivingData-if-addre.patch
scsi-qemu-pr-helper-Fix-out-of-bounds-access-to-trnp.patch
curses-Fixes-curses-compiling-errors.patch
net-dump.c-Suppress-spurious-compiler-warning.patch
tests-Replace-deprecated-ASN1-code.patch
 2022-05-30 10:24:24 +08:00
yezengruan
3fc6a966db fix CVE-2021-3750 and Check that colo-compare is active (openeuler !290!297) 
hw/intc/arm_gicv3_dist: Rename 64-bit accessors with 'q' suffix
hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (CVE-2021-3750)
net/colo-compare.c: Check that colo-compare is active
 2022-05-21 14:27:53 +08:00
bobychen
40b9b28df1 fix CVE-2021-20196/CVE-2021-4207/CVE-2021-4206 (openeuler !286) 
hw/block/fdc: Extract blk_create_empty_drive()
hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
tests/fdc-test: Add a regression test for CVE-2021-20196
display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207)
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)

Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: bobychen <boby.chen@huawei.com>
 2022-05-16 10:06:22 +08:00
yezengruan
188d1bd76f fix CVE-2022-26354 and CVE-2022-26353 
vhost-vsock: detach the virqueue element in case of error (CVE-2022-26354)
virtio-net: fix map leaking on error during receive (CVE-2022-26353)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-04-15 17:00:22 +08:00
yezengruan
bc7b2dfda0 fix CVE-2021-3582/CVE-2021-3607/CVE-2021-3608 
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
pvrdma: Fix the ring init error flow (CVE-2021-3608)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-04-06 14:48:42 +08:00
Jinhao Gao
4abcbecf94 spec: Update release version with !268 
Signed-off-by: Jinhao Gao <gaojinhao@huawei.com>
 2022-04-06 14:48:29 +08:00
imxcc
69103ffb29 add Phytium's CPU models: FT-2000+ and Tengyun-S2500 
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-12-21 17:44:54 +08:00
Chen Qun
daf121cbbe spec: Update release version with !214 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
(cherry picked from commit aa6375f79082ce4ea147ade518f88ef1360badd9)
 2021-12-20 15:00:49 +08:00
Chen Qun
9c598f0304 spec: Update patch and changelog with !214 virtio-balloon: apply upstream patch. !214 
virtio-balloon: apply upstream patch.

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
(cherry picked from commit 76bfa2efd5b5693a5eb3d87d15ed1e2686cc9f68)
 2021-12-20 15:00:49 +08:00
Chen Qun
2548877d9b spec: Update release version with !207 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-10-27 21:28:24 +08:00
Chen Qun
4f067031b1 spec: Update patch and changelog with !207 sync from SP1 !207 
fix cve-2020-35504
fix cve-2020-35505

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-10-27 21:28:20 +08:00
imxcc
2104fc99f9 fix cve-2021-3592 cve-2021-3593 cve-2021-3595 
fix submodule slirp cve-2021-3592 cve-2021-3593 and cve-2021-3595

Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-10-20 11:35:39 +08:00
Zhongrui Tang
31cbaf0af0 Modify changelogs in spec file which are out of order that caused compile error. 
Signed-off-by:  Zhongrui Tang <tangzhongrui@cmss.chinamobile.com>
 2021-10-20 11:35:28 +08:00
Chen Qun
d30bb48e38 spec: Update release version with !203 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-09-26 16:28:53 +08:00
Chen Qun
815a770bd3 spec: Update patch and changelog with !203 fix CVE-2021-3748 #I4BI3F !203 
virtio-net: fix use after unmap/free for sg

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-09-26 16:28:39 +08:00
Chen Qun
255e850459 spec: Update release version with !197 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-09-15 21:27:14 +08:00
Chen Qun
710bcb8e78 spec: Update patch and changelog with !197 fix CVE-2021-3713 #I49VTJ !197 
uas: add stream number sanity checks.

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-09-15 21:27:12 +08:00
imxcc
250f805a9d hw/arm/virt: Init PMU for hotplugged vCPU 
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-08-31 17:20:42 +08:00
Jiajie Li
0ff9050fca block_curl: add bolck_curl package 
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
 2021-08-19 13:44:20 +08:00
Chen Qun
e98f83ffa3 spec: Update release version with !184 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-08-16 16:27:29 +08:00
Chen Qun
51a6e68cb5 spec: Update patch and changelog with !184 fix CVE-2021-3682 #I45H4H !184 
usbredir: fix free call

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-08-16 16:27:29 +08:00
Chen Qun
d2b9019f32 spec: Update release version with !158 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-07-16 16:27:06 +08:00
Chen Qun
fe9a52eade spec: Update patch and changelog with !158 [feature]add support for AVX512_BF16 and new CPU model Cooperlake !158 
x86: Intel AVX512_BF16 feature enabling
i386: Add MSR feature bit for MDS-NO
i386: Add macro for stibp
i386: Add new CPU model Cooperlake
target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES
target/i386: Add missed security features to Cooperlake CPU model
target/i386: add PSCHANGE_NO bit for the ARCH_CAPABILITIES MSR
target/i386: Export TAA_NO bit to guests

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-07-16 16:27:03 +08:00
Chen Qun
b0ff231b14 spec: Update release version with !155 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-07-13 11:46:46 +08:00
Chen Qun
051ed0f96d spec: Update patch and changelog with !155 hw/net/rocker_of_dpa: fix double free bug of rocker device !155 
hw/net/rocker_of_dpa: fix double free bug of rocker device

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-07-13 11:46:29 +08:00
Chen Qun
cefa4454f7 spec: Update release version with !149 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-06-21 16:27:40 +08:00
Chen Qun
707acdc80c spec: Update patch and changelog with !149 fix CVE-2021-3527 #I3U9T9 && CVE-2019-12067#I3VG5H && CVE-2021-20221 #I3UFOP !149 
ide: ahci: add check to avoid null dereference (CVE-2019-12067)
hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register
usb: limit combined packets to 1 MiB (CVE-2021-3527)

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-06-21 16:27:23 +08:00
Chen Qun
5b7ae0b1df spec: Update release version with !143 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-06-15 16:27:32 +08:00
Chen Qun
0c0d733627 spec: Update patch and changelog with !143 fix CVE-2021-3544 #I3VG5I && fix CVE-2021-3545 #I3V9I8 && fix CVE-2021-3546 #I3V9I7 !143 
vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)
vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544)
vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544)
vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)
vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544)
vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545)
vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546)

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-06-15 16:27:14 +08:00
Chen Qun
85ba290b27 spec: Update release version with !138 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-06-08 16:27:44 +08:00
Chen Qun
8b1f98e2e7 spec: Update patch and changelog with !138 fix CVE-2021-20181 #I3UFOQ !138 
9pfs: Fully restart unreclaim loop (CVE-2021-20181)

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-06-08 16:27:33 +08:00
imxcc
768f8c34c5 add strip for block-iscsi.so, block-rbd.so and block-ssh.so 
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-06-02 20:37:56 +08:00