Hi everyone, The following new patches are queued for QEMU stable v6.0.1:
https://gitlab.com/qemu-project/qemu/-/commits/stable-6.0-staging/ Patch freeze is 2021-10-26, and the release is planned for 2021-10-28: https://wiki.qemu.org/Planning/6.0 Please respond here or CC qemu-sta...@nongnu.org on any additional patches you think should (or shouldn't) be included in the release. Thanks! ---------------------------------------------------------------- David Hildenbrand (2): virtio-balloon: don't start free page hinting if postcopy is possible virtio-mem-pci: Fix memory leak when creating MEMORY_DEVICE_SIZE_CHANGE event Dr. David Alan Gilbert (1): audio: Never send migration section Gerd Hoffmann (3): uas: add stream number sanity checks. usb/redir: avoid dynamic stack allocation (CVE-2021-3527) usb: limit combined packets to 1 MiB (CVE-2021-3527) Giuseppe Musacchio (1): target/ppc: Fix load endianness for lxvwsx/lxvdsx Gollu Appalanaidu (1): hw/block/nvme: align with existing style Greg Kurz (1): docs/system: Document the removal of "compat" property for POWER CPUs Igor Mammedov (3): tests: acpi: prepare for changing DSDT tables acpi: pc: revert back to v5.2 PCI slot enumeration tests: acpi: pc: update expected DSDT blobs Jason Wang (2): vhost-vdpa: don't initialize backend_features virtio-net: fix use after unmap/free for sg Kevin Wolf (1): hmp: Fix loadvm to resume the VM on success instead of failure Klaus Jensen (2): hw/nvme: fix missing check for PMR capability hw/nvme: fix pin-based interrupt behavior (again) Kunkun Jiang (1): vfio: Fix unregister SaveVMHandler in vfio_migration_finalize Leonardo Bras (1): yank: Unregister function when using TLS migration Li Qiang (7): vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545) vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544) vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544) vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546) Li Zhijian (1): migration/rdma: Fix cm_event used before being initialized Marcel Apfelbaum (3): hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) pvrdma: Ensure correct input on ring init (CVE-2021-3607) pvrdma: Fix the ring init error flow (CVE-2021-3608) Mark Cave-Ayland (2): esp: only assert INTR_DC interrupt flag if selection fails esp: only set ESP_RSEQ at the start of the select sequence Markus Armbruster (1): hmp: Unbreak "change vnc" Max Filippov (1): target/xtensa: fix access ring in l32ex Nir Soffer (1): qemu-nbd: Change default cache mode to writeback Paolo Bonzini (7): vl: allow not specifying size in -m when using -M memory-backend qemu-option: support accept-any QemuOptsList in qemu_opts_absorb_qdict qemu-config: load modules when instantiating option groups qemu-config: parse configuration files to a QDict vl: plumb keyval-based options into -readconfig vl: plug -object back into -readconfig configure: fix detection of gdbus-codegen Pavel Pisa (1): hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes Peng Liang (1): runstate: Initialize Error * to NULL Peter Maydell (1): target/arm: Don't skip M-profile reset entirely in user mode Philippe Mathieu-Daudé (11): hw/pci-host/q35: Ignore write of reserved PCIEXBAR LENGTH field block/nvme: Fix VFIO_MAP_DMA failed: No space left on device crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper block/nbd: Use qcrypto_tls_creds_check_endpoint() qemu-nbd: Use qcrypto_tls_creds_check_endpoint() chardev/socket: Use qcrypto_tls_creds_check_endpoint() migration/tls: Use qcrypto_tls_creds_check_endpoint() ui/vnc: Use qcrypto_tls_creds_check_endpoint() crypto: Make QCryptoTLSCreds* structures private hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30 Richard Henderson (4): linux-user/aarch64: Enable hwcap for RND, BTI, and MTE target/i386: Exit tb after wrmsr tcg/sparc: Fix temp_allocate_frame vs sparc stack bias tcg: Allocate sufficient storage in temp_allocate_frame Stefan Hajnoczi (1): sockets: update SOCKET_ADDRESS_TYPE_FD listen(2) backlog Stefan Reiter (1): monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB Zenghui Yu (1): multi-process: Initialize variables declared with g_auto* Zhenzhong Duan (1): vl: Fix an assert failure in error path audio/audio.c | 10 +++ block/nbd.c | 6 +- block/nvme.c | 22 ++++++ blockdev-nbd.c | 6 +- chardev/char-socket.c | 18 ++--- configure | 4 +- contrib/vhost-user-gpu/vhost-user-gpu.c | 7 ++ contrib/vhost-user-gpu/virgl.c | 17 ++++- crypto/tls-cipher-suites.c | 7 ++ crypto/tlscreds.c | 12 +++ crypto/tlscredsanon.c | 2 + crypto/tlscredspriv.h | 45 +++++++++++ crypto/tlscredspsk.c | 2 + crypto/tlscredsx509.c | 1 + crypto/tlssession.c | 1 + docs/system/removed-features.rst | 6 ++ docs/tools/qemu-nbd.rst | 6 +- hw/block/nvme-ns.c | 2 +- hw/block/nvme.c | 89 ++++++++++++++-------- hw/block/nvme.h | 1 + hw/i386/acpi-build.c | 9 ++- hw/net/can/can_sja1000.c | 8 ++ hw/net/virtio-net.c | 39 ++++++++-- hw/pci-host/q35.c | 3 + hw/rdma/vmw/pvrdma_cmd.c | 7 ++ hw/rdma/vmw/pvrdma_dev_ring.c | 2 +- hw/rdma/vmw/pvrdma_main.c | 5 ++ hw/remote/memory.c | 5 +- hw/remote/proxy.c | 3 +- hw/scsi/esp.c | 13 +++- hw/sd/sd.c | 9 ++- hw/usb/combined-packet.c | 4 +- hw/usb/dev-uas.c | 11 +++ hw/usb/redirect.c | 6 +- hw/vfio/migration.c | 1 + hw/virtio/vhost-vdpa.c | 3 - hw/virtio/virtio-balloon.c | 13 ++++ hw/virtio/virtio-mem-pci.c | 7 +- include/block/nvme.h | 10 +-- include/block/qdict.h | 2 - include/crypto/tls-cipher-suites.h | 6 -- include/crypto/tlscreds.h | 30 ++++---- include/crypto/tlscredsanon.h | 12 --- include/crypto/tlscredspsk.h | 12 --- include/crypto/tlscredsx509.h | 10 --- include/qapi/qmp/qdict.h | 3 + include/qemu/config-file.h | 7 +- linux-user/elfload.c | 13 ++++ migration/channel.c | 26 ++++--- migration/multifd.c | 3 +- migration/qemu-file-channel.c | 4 +- migration/rdma.c | 1 - migration/tls.c | 6 +- monitor/hmp-cmds.c | 4 +- monitor/qmp.c | 40 +++++----- qemu-nbd.c | 25 +++--- softmmu/runstate.c | 2 +- softmmu/vl.c | 130 +++++++++++++++++++++++--------- stubs/meson.build | 1 + stubs/module-opts.c | 6 ++ target/arm/cpu.c | 19 +++++ target/i386/tcg/translate.c | 2 + target/ppc/translate/vsx-impl.c.inc | 4 +- target/xtensa/translate.c | 2 +- tcg/sparc/tcg-target.c.inc | 16 ++-- tcg/tcg.c | 40 +++++++--- tests/data/acpi/pc/DSDT | Bin 6002 -> 6002 bytes tests/data/acpi/pc/DSDT.acpihmat | Bin 7327 -> 7327 bytes tests/data/acpi/pc/DSDT.bridge | Bin 8668 -> 8668 bytes tests/data/acpi/pc/DSDT.cphp | Bin 6466 -> 6466 bytes tests/data/acpi/pc/DSDT.dimmpxm | Bin 7656 -> 7656 bytes tests/data/acpi/pc/DSDT.hpbridge | Bin 5969 -> 5969 bytes tests/data/acpi/pc/DSDT.ipmikcs | Bin 6074 -> 6074 bytes tests/data/acpi/pc/DSDT.memhp | Bin 7361 -> 7361 bytes tests/data/acpi/pc/DSDT.nohpet | Bin 5860 -> 5860 bytes tests/data/acpi/pc/DSDT.numamem | Bin 6008 -> 6008 bytes ui/vnc.c | 7 +- util/qemu-config.c | 99 ++++++++++++++++-------- util/qemu-option.c | 3 +- util/qemu-sockets.c | 29 +++++-- 80 files changed, 685 insertions(+), 301 deletions(-) create mode 100644 stubs/module-opts.c
