[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 4367a2: scsi/lsi53c895a: really fix use-after
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 4367a2: scsi/lsi53c895a: really fix use-after-free in lsi_... |
|
Date: |
Fri, 15 Jul 2022 03:33:48 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 4367a20cc442c56b05611b4224de9a61908f9eac
https://github.com/qemu/qemu/commit/4367a20cc442c56b05611b4224de9a61908f9eac
Author: Mauro Matteo Cascella <mcascell@redhat.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/lsi53c895a.c
M tests/qtest/fuzz-lsi53c895a-test.c
Log Message:
-----------
scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Set current_req to NULL, not current_req->req, to prevent reusing a free'd
buffer in case of repeated SCSI cancel requests. Also apply the fix to
CLEAR QUEUE and BUS DEVICE RESET messages as well, since they also cancel
the request.
Thanks to Alexander Bulekov for providing a reproducer.
Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20220711123316.421279-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: cf60ccc3306ca4726cbd286a156863863b00ff4f
https://github.com/qemu/qemu/commit/cf60ccc3306ca4726cbd286a156863863b00ff4f
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M Makefile
M docs/about/build-platforms.rst
M include/qemu/cutils.h
M meson.build
A scripts/symlink-install-tree.py
M util/cutils.c
M util/meson.build
Log Message:
-----------
cutils: Introduce bundle mechanism
Developers often run QEMU without installing. The bundle mechanism
allows to look up files which should be present in installation even in
such a situation.
It is a general mechanism and can find any files in the installation
tree. The build tree will have a new directory, qemu-bundle, to
represent what files the installation tree would have for reference by
the executables.
Note that it abandons compatibility with Windows older than 8. The
extended support for the prior version, 7 ended more than 2 years ago,
and it is unlikely that someone would like to run the latest QEMU on
such an old system.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220624145039.49929-3-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 882084a04ae9bec00e510a2319feba1d1a653fb1
https://github.com/qemu/qemu/commit/882084a04ae9bec00e510a2319feba1d1a653fb1
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M .travis.yml
M pc-bios/keymaps/meson.build
M pc-bios/meson.build
M scripts/oss-fuzz/build.sh
M softmmu/datadir.c
M tests/qtest/fuzz/fuzz.c
Log Message:
-----------
datadir: Use bundle mechanism
softmmu/datadir.c had its own implementation to find files in the
build tree, but now bundle mechanism provides the unified
implementation which works for datadir and the other files.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624145039.49929-4-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 98753e9a8fc1791b60f1a674452ceb1184eb613a
https://github.com/qemu/qemu/commit/98753e9a8fc1791b60f1a674452ceb1184eb613a
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M util/module.c
Log Message:
-----------
module: Use bundle mechanism
Before this change, the directory of the executable was being added to
resolve modules in the build tree. However, get_relocated_path() can now
resolve them with the new bundle mechanism.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624145039.49929-5-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 8154f5e64b0cfb836803ec6c11360075be66cd00
https://github.com/qemu/qemu/commit/8154f5e64b0cfb836803ec6c11360075be66cd00
Author: Akihiko Odaki <akihiko.odaki@gmail.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M configure
M meson.build
M meson_options.txt
M scripts/meson-buildoptions.py
M scripts/meson-buildoptions.sh
M softmmu/datadir.c
Log Message:
-----------
meson: Prefix each element of firmware path
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624154042.51512-1-akihiko.odaki@gmail.com>
[Rewrite shell function without using Bash extensions. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 3412f9c3b41c3a98f85f81476d5542ac7662bb06
https://github.com/qemu/qemu/commit/3412f9c3b41c3a98f85f81476d5542ac7662bb06
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
Log Message:
-----------
scsi-disk: add new quirks bitmap to SCSIDiskState
Since the MacOS SCSI implementation is quite old (and Apple added some firmware
customisations to their drives for m68k Macs) there is need to add a mechanism
to correctly handle Apple-specific quirks.
Add a new quirks bitmap to SCSIDiskState that can be used to enable these
features as required.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 09d37867627a86f23248c138f380bd38bada4073
https://github.com/qemu/qemu/commit/09d37867627a86f23248c138f380bd38bada4073
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
M include/hw/scsi/scsi.h
M include/scsi/constants.h
Log Message:
-----------
scsi-disk: add MODE_PAGE_APPLE_VENDOR quirk for Macintosh
One of the mechanisms MacOS uses to identify CDROM drives compatible with MacOS
is to send a custom MODE SELECT command for page 0x30 to the drive. The
response to this is a hard-coded manufacturer string which must match in order
for the CDROM to be usable within MacOS.
Add an implementation of the MODE SELECT page 0x30 response guarded by a newly
defined SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR quirk bit so that CDROM drives
attached to non-Apple machines function exactly as before.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: f358241029d6c3b8a4a292880cc6857eb520f4a8
https://github.com/qemu/qemu/commit/f358241029d6c3b8a4a292880cc6857eb520f4a8
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/m68k/q800.c
Log Message:
-----------
q800: implement compat_props to enable quirk_mode_page_apple_vendor for
scsi-cd devices
By default quirk_mode_page_apple_vendor should be enabled for all scsi-cd
devices
connected to the q800 machine to enable MacOS to detect and use them.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: f43c2b94cd1764ba0a47fc1f848681b0e89d4892
https://github.com/qemu/qemu/commit/f43c2b94cd1764ba0a47fc1f848681b0e89d4892
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
M include/hw/scsi/scsi.h
Log Message:
-----------
scsi-disk: add SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk for Macintosh
During SCSI bus enumeration A/UX sends a MODE SENSE command to the CDROM with
the DBD bit unset and expects the response to include a block descriptor. As per
the latest SCSI documentation, QEMU currently force-disables the block
descriptor for CDROM devices but the A/UX driver expects the requested block
descriptor to be returned.
If the block descriptor is not returned in the response then A/UX becomes
confused, since the block descriptor returned in the MODE SENSE response is
used to generate a subsequent MODE SELECT command which is then invalid.
Add a new SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk to allow this behaviour
to be enabled as required. Note that an additional workaround is required for
the previous SCSI_DISK_QUIRK_MODE_PAGE_APPLE_VENDOR quirk which must never
return a block descriptor even though the DBD bit is left unset.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-5-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: f7c30a0f4197ec5604386e91cb39ea19a82ea224
https://github.com/qemu/qemu/commit/f7c30a0f4197ec5604386e91cb39ea19a82ea224
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/m68k/q800.c
Log Message:
-----------
q800: implement compat_props to enable quirk_mode_sense_rom_use_dbd for
scsi-cd devices
By default quirk_mode_sense_rom_use_dbd should be enabled for all scsi-cd
devices
connected to the q800 machine to correctly report the CDROM block descriptor
back
to A/UX.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-6-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 09274de1f70e0773b95f865ef4980599e51aa67d
https://github.com/qemu/qemu/commit/09274de1f70e0773b95f865ef4980599e51aa67d
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
M include/hw/scsi/scsi.h
M include/scsi/constants.h
Log Message:
-----------
scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk for
Macintosh
Both MacOS and A/UX make use of vendor-specific MODE SELECT commands with PF=0
to identify SCSI devices:
- MacOS sends a MODE SELECT command with PF=0 for the MODE_PAGE_VENDOR_SPECIFIC
(0x0) mode page containing 2 bytes before initialising a disk
- A/UX (installed on disk) sends a MODE SELECT command with PF=0 during SCSI
bus enumeration, and gets stuck in an infinite loop if it fails
Add a new SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk to allow both
PF=0 MODE SELECT commands and implement a MODE_PAGE_VENDOR_SPECIFIC (0x0)
mode page which is compatible with MacOS.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-7-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: d9a107d153bf7e00c0e05c2e9cbc42621a42c44c
https://github.com/qemu/qemu/commit/d9a107d153bf7e00c0e05c2e9cbc42621a42c44c
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/m68k/q800.c
Log Message:
-----------
q800: implement compat_props to enable quirk_mode_page_vendor_specific_apple
for scsi devices
By default quirk_mode_page_vendor_specific_apple should be enabled for both
scsi-hd
and scsi-cd devices to allow MacOS to format SCSI disk devices, and A/UX to
enumerate SCSI CDROM devices succesfully without getting stuck in a loop.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-8-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 6ab717610fe7ef791454df6c61e2b5736d26c8bf
https://github.com/qemu/qemu/commit/6ab717610fe7ef791454df6c61e2b5736d26c8bf
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
M hw/scsi/trace-events
Log Message:
-----------
scsi-disk: add FORMAT UNIT command
When initialising a drive ready to install MacOS, Apple HD SC Setup first
attempts
to format the drive. Add a simple FORMAT UNIT command which simply returns
success
to allow the format to succeed.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220622105314.802852-9-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 389e18eb9aa4877f33326afa426643769185d014
https://github.com/qemu/qemu/commit/389e18eb9aa4877f33326afa426643769185d014
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
M hw/scsi/trace-events
M include/hw/scsi/scsi.h
Log Message:
-----------
scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk for Macintosh
When A/UX configures the CDROM device it sends a truncated MODE SELECT request
for page 1 (MODE_PAGE_R_W_ERROR) which is only 6 bytes in length rather than
10. This seems to be due to bug in Apple's code which calculates the CDB message
length incorrectly.
The work at [1] suggests that this truncated request is accepted on real
hardware whereas in QEMU it generates an INVALID_PARAM_LEN sense code which
causes A/UX to get stuck in a loop retrying the command in an attempt to
succeed.
Alter the mode page request length check so that truncated requests are allowed
if the SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk is enabled, whilst also adding
a
trace event to enable the condition to be detected.
[1]
https://68kmla.org/bb/index.php?threads/scsi2sd-project-anyone-interested.29040/page-7#post-316444
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-10-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 2724b90dfbdde98cd681d6bb62e835029ca4e9e2
https://github.com/qemu/qemu/commit/2724b90dfbdde98cd681d6bb62e835029ca4e9e2
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/m68k/q800.c
Log Message:
-----------
q800: implement compat_props to enable quirk_mode_page_truncated for scsi-cd
devices
By default quirk_mode_page_truncated should be enabled for all scsi-cd devices
connected to the q800 machine to allow A/UX to enumerate SCSI CDROM devices
without hanging.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-11-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 4536fba00ad5a6018ee3c0451808f5c5698796ee
https://github.com/qemu/qemu/commit/4536fba00ad5a6018ee3c0451808f5c5698796ee
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
Log Message:
-----------
scsi-disk: allow the MODE_PAGE_R_W_ERROR AWRE bit to be changeable for CDROM
drives
A/UX sends a MODE_PAGE_R_W_ERROR command with the AWRE bit set to 0 when
enumerating
CDROM drives. Since the bit is currently hardcoded to 1 then indicate that the
AWRE
bit can be changed (even though we don't care about the value) so that
the MODE_PAGE_R_W_ERROR page can be set successfully.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-12-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 356c4c441ec01910314c5867c680bef80d1dd373
https://github.com/qemu/qemu/commit/356c4c441ec01910314c5867c680bef80d1dd373
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/scsi/scsi-disk.c
M hw/scsi/trace-events
Log Message:
-----------
scsi-disk: allow MODE SELECT block descriptor to set the block size
The MODE SELECT command can contain an optional block descriptor that can be
used
to set the device block size. If the block descriptor is present then update the
block size on the SCSI device accordingly.
This allows CDROMs to be used with A/UX which requires a CDROM drive which is
capable of switching from a 2048 byte sector size to a 512 byte sector size.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220622105314.802852-13-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 0fc37adac6a8445a06802d0dd4b5dd639758e660
https://github.com/qemu/qemu/commit/0fc37adac6a8445a06802d0dd4b5dd639758e660
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/m68k/q800.c
Log Message:
-----------
q800: add default vendor and product information for scsi-hd devices
The Apple HD SC Setup program uses a SCSI INQUIRY command to check that any SCSI
hard disks detected match a whitelist of vendors and products before allowing
the "Initialise" button to prepare an empty disk.
Add known-good default vendor and product information using the existing
compat_prop mechanism so the user doesn't have to use long command lines to set
the qdev properties manually.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-14-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 74518fb615d5bf84d3fea3abf7b3f465d0ffbfe6
https://github.com/qemu/qemu/commit/74518fb615d5bf84d3fea3abf7b3f465d0ffbfe6
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M hw/m68k/q800.c
Log Message:
-----------
q800: add default vendor and product information for scsi-cd devices
The MacOS CDROM driver uses a SCSI INQUIRY command to check that any SCSI CDROMs
detected match a whitelist of vendors and products before adding them to the
list of available devices.
Add known-good default vendor and product information using the existing
compat_prop mechanism so the user doesn't have to use long command lines to set
the qdev properties manually.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220622105314.802852-15-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: c0b3607d5938f5ee7fd16ff1e102afe938fd4b39
https://github.com/qemu/qemu/commit/c0b3607d5938f5ee7fd16ff1e102afe938fd4b39
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2022-07-13 (Wed, 13 Jul 2022)
Changed paths:
M pc-bios/s390-ccw/Makefile
Log Message:
-----------
pc-bios/s390-ccw: add -Wno-array-bounds
The option generates a lot of warnings for integers casted to pointers,
for example:
/home/pbonzini/work/upstream/qemu/pc-bios/s390-ccw/dasd-ipl.c:174:19: warning:
array subscript 0 is outside array bounds of ‘CcwSeekData[0]’ [-Warray-bounds]
174 | seekData->cyl = 0x00;
| ~~~~~~~~~~~~~~^~~~~~
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 285f64fcbf86dac2be6dbd0a8a32872bcff3cacb
https://github.com/qemu/qemu/commit/285f64fcbf86dac2be6dbd0a8a32872bcff3cacb
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2022-07-14 (Thu, 14 Jul 2022)
Changed paths:
M .travis.yml
M Makefile
M configure
M docs/about/build-platforms.rst
M hw/m68k/q800.c
M hw/scsi/lsi53c895a.c
M hw/scsi/scsi-disk.c
M hw/scsi/trace-events
M include/hw/scsi/scsi.h
M include/qemu/cutils.h
M include/scsi/constants.h
M meson.build
M meson_options.txt
M pc-bios/keymaps/meson.build
M pc-bios/meson.build
M pc-bios/s390-ccw/Makefile
M scripts/meson-buildoptions.py
M scripts/meson-buildoptions.sh
M scripts/oss-fuzz/build.sh
A scripts/symlink-install-tree.py
M softmmu/datadir.c
M tests/qtest/fuzz-lsi53c895a-test.c
M tests/qtest/fuzz/fuzz.c
M util/cutils.c
M util/meson.build
M util/module.c
Log Message:
-----------
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* SCSI fuzzing fix (Mauro)
* pre-install data files in the build directory (Akihiko)
* SCSI fixes for Mac OS (Mark)
# gpg: Signature made Wed 13 Jul 2022 15:59:00 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
pc-bios/s390-ccw: add -Wno-array-bounds
q800: add default vendor and product information for scsi-cd devices
q800: add default vendor and product information for scsi-hd devices
scsi-disk: allow MODE SELECT block descriptor to set the block size
scsi-disk: allow the MODE_PAGE_R_W_ERROR AWRE bit to be changeable for CDROM
drives
q800: implement compat_props to enable quirk_mode_page_truncated for scsi-cd
devices
scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_TRUNCATED quirk for Macintosh
scsi-disk: add FORMAT UNIT command
q800: implement compat_props to enable quirk_mode_page_vendor_specific_apple
for scsi devices
scsi-disk: add SCSI_DISK_QUIRK_MODE_PAGE_VENDOR_SPECIFIC_APPLE quirk for
Macintosh
q800: implement compat_props to enable quirk_mode_sense_rom_use_dbd for
scsi-cd devices
scsi-disk: add SCSI_DISK_QUIRK_MODE_SENSE_ROM_USE_DBD quirk for Macintosh
q800: implement compat_props to enable quirk_mode_page_apple_vendor for
scsi-cd devices
scsi-disk: add MODE_PAGE_APPLE_VENDOR quirk for Macintosh
scsi-disk: add new quirks bitmap to SCSIDiskState
meson: Prefix each element of firmware path
module: Use bundle mechanism
datadir: Use bundle mechanism
cutils: Introduce bundle mechanism
scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/8482ab545e52...285f64fcbf86