packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
363 Commits 1 Branch 0 Tags
Commit Graph

363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yezengruan
9fadbb45fe Provides qemu-kvm for upgrade 2022-08-25 14:47:40 +08:00
openeuler-ci-bot
83cf98218b
!609 Fix CVE-2022-35414 
From: @yezengruan 
Reviewed-by: @aven6 
Signed-off-by: @aven6
 2022-07-20 06:08:53 +00:00
yezengruan
e5f762ef4e fix CVE-2022-35414 
softmmu: Always initialize xlat in address_space_translate_for_iotlb (CVE-2022-35414)
 2022-07-20 10:16:48 +08:00
openeuler-ci-bot
49549fdca2
!586 fix CVE-2021-3507 (openeuler !308) 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-06-06 02:11:40 +00:00
yezengruan
3319e4bf53 fix CVE-2021-3507 (openeuler !308) 
hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-06-02 10:52:18 +08:00
openeuler-ci-bot
051651f20a
!578 fix CVE-2021-20257/CVE-2020-13253 and fix gcc 10.3.1 compile error (openeuler !302!305) 
From: @sundongx 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2022-05-30 03:27:17 +00:00
Sun Dongxu
63c3424617 fix CVE-2021-20257/CVE-2020-13253 and fix gcc 10.3.1 compile error 
openeuler !302!305

e1000-fail-early-for-evil-descriptor.patch
e1000-fix-tx-re-entrancy-problem.patch
hw-sd-sdcard-Restrict-Class-6-commands-to-SCSD-cards.patch
hw-sd-sdcard-Simplify-realize-a-bit.patch
hw-sd-sdcard-Do-not-allow-invalid-SD-card-sizes.patch
hw-sd-sdcard-Update-coding-style-to-make-checkpatch..patch
hw-sd-sdcard-Do-not-switch-to-ReceivingData-if-addre.patch
scsi-qemu-pr-helper-Fix-out-of-bounds-access-to-trnp.patch
curses-Fixes-curses-compiling-errors.patch
net-dump.c-Suppress-spurious-compiler-warning.patch
tests-Replace-deprecated-ASN1-code.patch
 2022-05-30 10:24:24 +08:00
openeuler-ci-bot
bedb54d47e
!569 fix CVE-2021-3750 and Check that colo-compare is active (openeuler !290!297) 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-05-23 12:37:31 +00:00
yezengruan
3fc6a966db fix CVE-2021-3750 and Check that colo-compare is active (openeuler !290!297) 
hw/intc/arm_gicv3_dist: Rename 64-bit accessors with 'q' suffix
hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (CVE-2021-3750)
net/colo-compare.c: Check that colo-compare is active
 2022-05-21 14:27:53 +08:00
openeuler-ci-bot
f5bccf82f2
!560 fix CVE-2021-20196/CVE-2021-4207/CVE-2021-4206 (openeuler !286) 
From: @bobychen 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2022-05-16 10:22:26 +00:00
bobychen
40b9b28df1 fix CVE-2021-20196/CVE-2021-4207/CVE-2021-4206 (openeuler !286) 
hw/block/fdc: Extract blk_create_empty_drive()
hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
tests/fdc-test: Add a regression test for CVE-2021-20196
display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207)
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)

Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: bobychen <boby.chen@huawei.com>
 2022-05-16 10:06:22 +08:00
openeuler-ci-bot
2d64eecbca
!541 fix CVE-2022-26354 and CVE-2022-26353 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-04-16 01:18:09 +00:00
yezengruan
188d1bd76f fix CVE-2022-26354 and CVE-2022-26353 
vhost-vsock: detach the virqueue element in case of error (CVE-2022-26354)
virtio-net: fix map leaking on error during receive (CVE-2022-26353)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-04-15 17:00:22 +08:00
openeuler-ci-bot
389df97ed4
!530 fix CVE-2021-3930/CVE-2021-3582/CVE-2021-3607/CVE-2021-3608(!268!275) 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
 2022-04-07 08:58:02 +00:00
yezengruan
bc7b2dfda0 fix CVE-2021-3582/CVE-2021-3607/CVE-2021-3608 
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
pvrdma: Fix the ring init error flow (CVE-2021-3608)

Signed-off-by: yezengruan <yezengruan@huawei.com>
 2022-04-06 14:48:42 +08:00
Jinhao Gao
4abcbecf94 spec: Update release version with !268 
Signed-off-by: Jinhao Gao <gaojinhao@huawei.com>
 2022-04-06 14:48:29 +08:00
Jinhao Gao
675ed3bcfd hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands 
This avoids an off-by-one read of 'mode_sense_valid' buffer in
hw/scsi/scsi-disk.c:mode_sense_page().

Fixes: CVE-2021-3930
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: a8f4bbe2900 ("scsi-disk: store valid mode pages in a table")
Fixes: #546
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: AlexChen <alex.chen@huawei.com>
Signed-off-by: yezengruan <yezengruan@huawei.com>
Signed-off-by: Jinhao Gao <gaojinhao@huawei.com>
 2022-04-06 14:48:16 +08:00
openeuler-ci-bot
59cb41c78f !408 add Phytium's CPU models: FT-2000+ and Tengyun-S2500. 
Merge pull request !408 from imxcc/openEuler-20.03-LTS-SP3
 2021-12-21 12:20:55 +00:00
imxcc
69103ffb29 add Phytium's CPU models: FT-2000+ and Tengyun-S2500 
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-12-21 17:44:54 +08:00
openeuler-ci-bot
beadee95f6 !405 [sync] PR-400: Automatically generate code patches with openeuler !214 
Merge pull request !405 from openeuler-sync-bot/sync-pr400-openEuler-20.03-LTS-Next-to-openEuler-20.03-LTS-SP3
 2021-12-20 12:19:21 +00:00
Chen Qun
daf121cbbe spec: Update release version with !214 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
(cherry picked from commit aa6375f79082ce4ea147ade518f88ef1360badd9)
 2021-12-20 15:00:49 +08:00
Chen Qun
9c598f0304 spec: Update patch and changelog with !214 virtio-balloon: apply upstream patch. !214 
virtio-balloon: apply upstream patch.

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
(cherry picked from commit 76bfa2efd5b5693a5eb3d87d15ed1e2686cc9f68)
 2021-12-20 15:00:49 +08:00
Chen Qun
e899504bfe virtio-balloon: apply upstream patch. 
Signed-off-by: Ming Yang <yangming73@huawei.com>
(cherry picked from commit 7dad9db1d63a3dc25ffc837c93eb0bde3ea612be)
 2021-12-20 15:00:49 +08:00
openeuler-ci-bot
8a5b41c0d0 !395 Automatically generate code patches with openeuler !207 
From: @kuhnchen18
Reviewed-by: @imxcc
Signed-off-by: @imxcc
 2021-10-28 01:06:49 +00:00
Chen Qun
2548877d9b spec: Update release version with !207 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-10-27 21:28:24 +08:00
Chen Qun
4f067031b1 spec: Update patch and changelog with !207 sync from SP1 !207 
fix cve-2020-35504
fix cve-2020-35505

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-10-27 21:28:20 +08:00
Chen Qun
757fe50cbd fix cve-2020-35505 
esp: ensure cmdfifo is not empty and current_dev is non-NULL

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-10-27 21:28:20 +08:00
Chen Qun
1d10eda8a7 fix cve-2020-35504 
esp: always check current_req is not NULL before use in DMA callbacks

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-10-27 21:28:20 +08:00
openeuler-ci-bot
7768d6f2bb !392 sync from SP2 
From: @imxcc
Reviewed-by: @kevinzhu1
Signed-off-by: @kevinzhu1
 2021-10-21 03:04:59 +00:00
imxcc
2104fc99f9 fix cve-2021-3592 cve-2021-3593 cve-2021-3595 
fix submodule slirp cve-2021-3592 cve-2021-3593 and cve-2021-3595

Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-10-20 11:35:39 +08:00
Zhongrui Tang
31cbaf0af0 Modify changelogs in spec file which are out of order that caused compile error. 
Signed-off-by:  Zhongrui Tang <tangzhongrui@cmss.chinamobile.com>
 2021-10-20 11:35:28 +08:00
openeuler-ci-bot
54767b579e !382 Automatically generate code patches with openeuler !203 
From: @kuhnchen18
Reviewed-by: @imxcc
Signed-off-by: @imxcc
 2021-09-26 09:18:06 +00:00
Chen Qun
d30bb48e38 spec: Update release version with !203 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-09-26 16:28:53 +08:00
Chen Qun
815a770bd3 spec: Update patch and changelog with !203 fix CVE-2021-3748 #I4BI3F !203 
virtio-net: fix use after unmap/free for sg

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-09-26 16:28:39 +08:00
Chen Qun
724941aa3d virtio-net: fix use after unmap/free for sg 
When mergeable buffer is enabled, we try to set the num_buffers after
the virtqueue elem has been unmapped. This will lead several issues,
E.g a use after free when the descriptor has an address which belongs
to the non direct access region. In this case we use bounce buffer
that is allocated during address_space_map() and freed during
address_space_unmap().

Fixing this by storing the elems temporarily in an array and delay the
unmap after we set the the num_buffers.

This addresses CVE-2021-3748.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: fbe78f4f55c6 ("virtio-net support")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-09-26 16:28:39 +08:00
openeuler-ci-bot
f1d4486abb !373 Automatically generate code patches with openeuler !197 
From: @kuhnchen18
Reviewed-by: 
Signed-off-by:
 2021-09-24 03:10:40 +00:00
Chen Qun
255e850459 spec: Update release version with !197 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-09-15 21:27:14 +08:00
Chen Qun
710bcb8e78 spec: Update patch and changelog with !197 fix CVE-2021-3713 #I49VTJ !197 
uas: add stream number sanity checks.

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-09-15 21:27:12 +08:00
Chen Qun
f5b4a7d1e3 uas: add stream number sanity checks. 
The device uses the guest-supplied stream number unchecked, which can
lead to guest-triggered out-of-band access to the UASDevice->data3 and
UASDevice->status3 fields.  Add the missing checks.

Fixes: CVE-2021-3713
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported-by: Chen Zhe <chenzhe@huawei.com>
Reported-by: Tan Jingguo <tanjingguo@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210818120505.1258262-2-kraxel@redhat.com>
 2021-09-15 21:27:12 +08:00
openeuler-ci-bot
9ad3374a09 !365 bugfix: 为热插的CPU初始化PMU 
From: @imxcc
Reviewed-by: 
Signed-off-by:
 2021-09-09 09:03:32 +00:00
imxcc
250f805a9d hw/arm/virt: Init PMU for hotplugged vCPU 
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-08-31 17:20:42 +08:00
openeuler-ci-bot
6f849eef65 !356 【SP1分支同步】block_curl: add bolck_curl package 
From: @lijiajie128
Reviewed-by: @imxcc
Signed-off-by: @imxcc
 2021-08-20 02:29:02 +00:00
Jiajie Li
0ff9050fca block_curl: add bolck_curl package 
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
 2021-08-19 13:44:20 +08:00
openeuler-ci-bot
abc1406e45 !352 Automatically generate code patches with openeuler !184 
From: @kuhnchen18
Reviewed-by: @imxcc
Signed-off-by: @imxcc
 2021-08-16 10:45:30 +00:00
Chen Qun
e98f83ffa3 spec: Update release version with !184 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-08-16 16:27:29 +08:00
Chen Qun
51a6e68cb5 spec: Update patch and changelog with !184 fix CVE-2021-3682 #I45H4H !184 
usbredir: fix free call

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-08-16 16:27:29 +08:00
Chen Qun
c837e689ec usbredir: fix free call 
data might point into the middle of a larger buffer, there is a separate
free_on_destroy pointer passed into bufp_alloc() to handle that.  It is
only used in the normal workflow though, not when dropping packets due
to the queue being full.  Fix that.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/491
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210722072756.647673-1-kraxel@redhat.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
 2021-08-16 16:27:28 +08:00
openeuler-ci-bot
0bacd5ae13 !327 Automatically generate code patches with openeuler !158 
From: @kuhnchen18
Reviewed-by: @imxcc
Signed-off-by: @imxcc
 2021-07-19 11:17:15 +00:00
Chen Qun
d2b9019f32 spec: Update release version with !158 
increase release verison by one

Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
 2021-07-16 16:27:06 +08:00
Chen Qun
fe9a52eade spec: Update patch and changelog with !158 [feature]add support for AVX512_BF16 and new CPU model Cooperlake !158 
x86: Intel AVX512_BF16 feature enabling
i386: Add MSR feature bit for MDS-NO
i386: Add macro for stibp
i386: Add new CPU model Cooperlake
target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES
target/i386: Add missed security features to Cooperlake CPU model
target/i386: add PSCHANGE_NO bit for the ARCH_CAPABILITIES MSR
target/i386: Export TAA_NO bit to guests

Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
 2021-07-16 16:27:03 +08:00