[Qemu-commits] [qemu/qemu] a8ee39: update seabios source from 1.16.0 to

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] a8ee39: update seabios source from 1.16.0 to

From:	Paolo Bonzini
Subject:	[Qemu-commits] [qemu/qemu] a8ee39: update seabios source from 1.16.0 to 1.16.1
Date:	Tue, 29 Nov 2022 13:38:49 -0800

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: a8ee39388dc618a2a4e0084927e95e37373cf763
      
https://github.com/qemu/qemu/commit/a8ee39388dc618a2a4e0084927e95e37373cf763
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M roms/seabios

  Log Message:
  -----------
  update seabios source from 1.16.0 to 1.16.1

git shortlog rel-1.16.0..rel-1.16.1
===================================

Gerd Hoffmann (3):
      malloc: use variable for ZoneHigh size
      malloc: use large ZoneHigh when there is enough memory
      virtio-blk: use larger default request size

Igor Mammedov (1):
      acpi: parse Alias object

Volker Rümelin (2):
      pci: refactor the pci_config_*() functions
      reset: force standard PCI configuration access

Xiaofei Lee (1):
      virtio-blk: Fix incorrect type conversion in virtio_blk_op()

Xuan Zhuo (2):
      virtio-mmio: read/write the hi 32 features for mmio
      virtio: finalize features before using device

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 384a9df5a9ad55ae62dd5db016406e5c740f96b2
      
https://github.com/qemu/qemu/commit/384a9df5a9ad55ae62dd5db016406e5c740f96b2
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M pc-bios/bios-256k.bin
    M pc-bios/bios-microvm.bin
    M pc-bios/bios.bin
    M pc-bios/vgabios-ati.bin
    M pc-bios/vgabios-bochs-display.bin
    M pc-bios/vgabios-cirrus.bin
    M pc-bios/vgabios-qxl.bin
    M pc-bios/vgabios-ramfb.bin
    M pc-bios/vgabios-stdvga.bin
    M pc-bios/vgabios-virtio.bin
    M pc-bios/vgabios-vmware.bin
    M pc-bios/vgabios.bin

  Log Message:
  -----------
  update seabios binaries to 1.16.1

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: d39ebb032af71fee54fdaa14420137a9e3cc571a
      
https://github.com/qemu/qemu/commit/d39ebb032af71fee54fdaa14420137a9e3cc571a
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M hw/display/qxl-logger.c

  Log Message:
  -----------
  hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler

Only 3 command types are logged: no need to call qxl_phys2virt()
for the other types. Using different cases will help to pass
different structure sizes to qxl_phys2virt() in a pair of commits.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-2-philmd@linaro.org>


  Commit: 3fb14609f169695f968f53c1853bb93d371ba55b
      
https://github.com/qemu/qemu/commit/3fb14609f169695f968f53c1853bb93d371ba55b
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M hw/display/qxl.h

  Log Message:
  -----------
  hw/display/qxl: Document qxl_phys2virt()

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-3-philmd@linaro.org>


  Commit: a2b2be5334f2e533be5d9423aecfd09d45ae206c
      
https://github.com/qemu/qemu/commit/a2b2be5334f2e533be5d9423aecfd09d45ae206c
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M hw/display/qxl-logger.c
    M hw/display/qxl-render.c
    M hw/display/qxl.c
    M hw/display/qxl.h

  Log Message:
  -----------
  hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

Currently qxl_phys2virt() doesn't check for buffer overrun.
In order to do so in the next commit, pass the buffer size
as argument.

For QXLCursor in qxl_render_cursor() -> qxl_cursor() we
verify the size of the chunked data ahead, checking we can
access 'sizeof(QXLCursor) + chunk->data_size' bytes.
Since in the SPICE_CURSOR_TYPE_MONO case the cursor is
assumed to fit in one chunk, no change are required.
In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in
qxl_unpack_chunks().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-4-philmd@linaro.org>


  Commit: 3aadaa65a087c3df04b709120dc0f40826d1ab52
      
https://github.com/qemu/qemu/commit/3aadaa65a087c3df04b709120dc0f40826d1ab52
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M hw/display/qxl.c
    M hw/display/qxl.h

  Log Message:
  -----------
  hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)

Have qxl_get_check_slot_offset() return false if the requested
buffer size does not fit within the slot memory region.

Similarly qxl_phys2virt() now returns NULL in such case, and
qxl_dirty_one_surface() aborts.

This avoids buffer overrun in the host pointer returned by
memory_region_get_ram_ptr().

Fixes: CVE-2022-4144 (out-of-bounds read)
Reported-by: Wenxu Yin (@awxylitol)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-5-philmd@linaro.org>


  Commit: 379541df725f85ad3891eabdbbbeb96efb13bcba
      
https://github.com/qemu/qemu/commit/379541df725f85ad3891eabdbbbeb96efb13bcba
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M hw/display/qxl.c

  Log Message:
  -----------
  hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-6-philmd@linaro.org>


  Commit: ce85b1638214ff43bbf2bbf802ee3510dda21d01
      
https://github.com/qemu/qemu/commit/ce85b1638214ff43bbf2bbf802ee3510dda21d01
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M block/block-backend.c

  Log Message:
  -----------
  block-backend: avoid bdrv_unregister_buf() NULL pointer deref

bdrv_*() APIs expect a valid BlockDriverState. Calling them with bs=NULL
leads to undefined behavior.

Jonathan Cameron reported this following NULL pointer dereference when a
VM with a virtio-blk device and a memory-backend-file object is
terminated:
1. qemu_cleanup() closes all drives, setting blk->root to NULL
2. qemu_cleanup() calls user_creatable_cleanup(), which results in a RAM
   block notifier callback because the memory-backend-file is destroyed.
3. blk_unregister_buf() is called by virtio-blk's BlockRamRegistrar
   notifier callback and undefined behavior occurs.

Fixes: baf422684d73 ("virtio-blk: use BDRV_REQ_REGISTERED_BUF optimization 
hint")
Co-authored-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221121211923.1993171-1-stefanha@redhat.com>


  Commit: 67cf28d7303e0c12eb6b6a8cf62737aabe4e6202
      
https://github.com/qemu/qemu/commit/67cf28d7303e0c12eb6b6a8cf62737aabe4e6202
  Author: Evgeny Ermakov <evgeny.v.ermakov@gmail.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M target/arm/cpu.c
    M target/arm/cpu_tcg.c
    M target/arm/internals.h

  Log Message:
  -----------
  target/arm: Set TCGCPUOps.restore_state_to_opc for v7m

This setting got missed, breaking v7m.

Fixes: 56c6c98df85c ("target/arm: Convert to tcg_ops restore_state_to_opc")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1347
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Evgeny Ermakov <evgeny.v.ermakov@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221129204146.550394-1-richard.henderson@linaro.org>


  Commit: e6ac7d5f8e2187ac67b604a116b426955acf8218
      
https://github.com/qemu/qemu/commit/e6ac7d5f8e2187ac67b604a116b426955acf8218
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M VERSION

  Log Message:
  -----------
  Update VERSION for v7.2.0-rc3

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>


Compare: https://github.com/qemu/qemu/compare/abcf39c456f5...e6ac7d5f8e21

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] a8ee39: update seabios source from 1.16.0 to 1.16.1, Paolo Bonzini <=

Prev by Date: [Qemu-commits] [qemu/qemu] a1f7ef: hw/display/qxl: Have qxl_log_command Return early ...
Next by Date: [Qemu-commits] [qemu/qemu] 61c34f: hw/display/qxl: Have qxl_log_command Return early ...
Previous by thread: [Qemu-commits] [qemu/qemu] a1f7ef: hw/display/qxl: Have qxl_log_command Return early ...
Next by thread: [Qemu-commits] [qemu/qemu] 61c34f: hw/display/qxl: Have qxl_log_command Return early ...
Index(es):
- Date
- Thread