On 17.11.21 17:34, Markus Armbruster wrote:
drive_get_next() is basically a bad idea. It returns the "next" block
backend of a certain interface type. "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.
This lets you define unit numbers implicitly by exe
On 16.11.21 13:57, Daniella Lee wrote:
Function vvfat_open called function enable_write_target and init_directories,
and these functions malloc new memory for BDRVVVFATState::qcow_filename,
BDRVVVFATState::used_clusters, and BDRVVVFATState::cluster_buff.
When the specified folder does not exist
On 12/11/2021 15:40, Hanna Reitz wrote:
On 25.10.21 12:17, Emanuele Giuseppe Esposito wrote:
We want to be sure that the functions that write the child and
parent list of a bs are under BQL and drain.
BQL prevents from concurrent writings from the GS API, while
drains protect from I/O.
TODO:
On 18/11/2021 10:55, Emanuele Giuseppe Esposito wrote:
On 12/11/2021 15:40, Hanna Reitz wrote:
On 25.10.21 12:17, Emanuele Giuseppe Esposito wrote:
We want to be sure that the functions that write the child and
parent list of a bs are under BQL and drain.
BQL prevents from concurrent writi
Hi Philippe,
A small nit below, but otherwise looks good.
On Thursday, 2021-11-18 at 00:24:21 +01, Philippe Mathieu-Daudé wrote:
> Guest might select another drive on the bus by setting the
> DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
> The current controller model doesn't expect a Block
Hi Philippe,
Apart from a nit on patch 1, all looks good, so:
Reviewed-by: Darren Kenny
Thanks,
Darren.
On Thursday, 2021-11-18 at 00:24:20 +01, Philippe Mathieu-Daudé wrote:
> I'm not sure what happened to v1 from Prasad, so since we are
> at rc2 I took a simpler approach to fix this CVE: cr
On 11/18/21 11:44, Darren Kenny wrote:
> Hi Philippe,
>
> A small nit below, but otherwise looks good.
>
> On Thursday, 2021-11-18 at 00:24:21 +01, Philippe Mathieu-Daudé wrote:
>> Guest might select another drive on the bus by setting the
>> DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
>>
Trivial fix for CVE-2021-3507.
Philippe Mathieu-Daudé (2):
hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
hw/block/fdc.c | 8
tests/qtest/fdc-test.c | 20
2 files changed, 28 inse
Per the 82078 datasheet, if the end-of-track (EOT byte in
the FIFO) is more than the number of sectors per side, the
command is terminated unsuccessfully:
* 5.2.5 DATA TRANSFER TERMINATION
The 82078 supports terminal count explicitly through
the TC pin and implicitly through the underrun/over
Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339
Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:
==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61962a00 at pc 0x5626d03
Guest might select another drive on the bus by setting the
DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
The current controller model doesn't expect a BlockBackend
to be NULL. A simple way to fix CVE-2021-20196 is to create
an empty BlockBackend when it is missing. All further
accesses will b
I'm not sure what happened to v1 from Prasad, so since we are
at rc2 I took a simpler approach to fix this CVE: create an
empty drive to satisfy the BlockBackend API calls.
Added Alexander's reproducer along.
Since v2:
- Reword comment (Darren)
- Add Darren R-b tag
v2:
https://lore.kernel.org/q
From: Alexander Bulekov
Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:
AddressSanitizer:DEADLYSIGNAL
=
==287878==ERROR: AddressSanitizer: SEGV on unkno
On 15/11/2021 13:00, Hanna Reitz wrote:
+
+ /*
+ * I/O API functions. These functions are thread-safe.
+ *
+ * See include/block/block-io.h for more information about
+ * the I/O API.
+ */
+
+ int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts,
+
On Tue, Nov 16, 2021 at 2:10 AM Thomas Huth wrote:
>
> On 15/11/2021 08.12, Alistair Francis wrote:
> > On Mon, Nov 15, 2021 at 3:32 PM Markus Armbruster wrote:
> >>
> >> Peter Maydell writes:
> >>
> >>> On Fri, 12 Nov 2021 at 13:34, Markus Armbruster wrote:
>
> Thomas Huth writes:
>
On Thu, 18 Nov 2021 at 13:04, Alistair Francis wrote:
>
> On Tue, Nov 16, 2021 at 2:10 AM Thomas Huth wrote:
> > What kind of device is that OTP exactly? If it is some kind of non-serial
> > flash device, maybe you could simply use IF_PFLASH instead?
>
> It just says "one time programmable memory
On 11/15/21 17:03, Hanna Reitz wrote:
I only really see four solutions for this:
(1) We somehow make the amend job run in the main context under the BQL
and have it prevent all concurrent I/O access (seems bad)
(2) We can make the permission functions part of the I/O path (seems
wrong and prob
On 11/15/21 17:03, Hanna Reitz wrote:
and second fuse_do_truncate(), which calls blk_set_perm().
Here it seems that a non-growable export is still growable as long as
nobody is watching. :) Is this the desired behavior?
Paolo
Replace Qemu -> QEMU.
Signed-off-by: Philippe Mathieu-Daudé
---
docs/devel/modules.rst| 2 +-
docs/devel/multi-thread-tcg.rst | 2 +-
docs/devel/style.rst | 2 +-
docs/devel/ui.rst | 4 ++--
docs/interop/nbd.txt | 6
The docs still illustrate host key fingerprint checking using the old
md5 hashes which are considered insecure and obsolete. Change it to
illustrate using a sha256 hash. Also show how to extract the hash
value from the known_hosts file.
Signed-off-by: Daniel P. Berrangé
---
docs/system/qemu-bloc
When support for sha256 fingerprint checking was aded in
commit bf783261f0aee6e81af3916bff7606d71ccdc153
Author: Daniel P. Berrangé
Date: Tue Jun 22 12:51:56 2021 +0100
block/ssh: add support for sha256 host key fingerprints
it was only made to work with -blockdev. Getting it workin
* The docs were pointing people towards the obsolete and insecure
MD5 fingerprint config instead of preferred sha256
* The sha256 fingerprint handling wasn't wired up into the legacy
CLI parsing code
* Finger print check failures were hard to diagnose due to limited
info reported on err
When validating the server key fingerprint fails, it is difficult for
the user to know what they got wrong. The fingerprint accepted by QEMU
is received in a different format than openssh displays. There can also
be keys for multiple different ciphers in known_hosts. It may not be
obvious which cip
On 11/17/21 17:34, Markus Armbruster wrote:
drive_get_next() is basically a bad idea. It returns the "next" block
backend of a certain interface type. "Next" means bus=0,unit=N, where
subsequent calls count N up from zero, per interface type.
This lets you define unit numbers implicitly by exe
Signed-off-by: Philippe Mathieu-Daudé
---
docs/about/removed-features.rst| 8
docs/devel/build-system.rst| 6 +++---
docs/devel/multi-process.rst | 6 +++---
docs/devel/testing.rst | 8
docs/image-fuzzer.txt | 6
On Wed, Nov 17, 2021 at 05:34:06PM +0100, Markus Armbruster wrote:
> drive_get_next() is basically a bad idea. It returns the "next" block
> backend of a certain interface type. "Next" means bus=0,unit=N, where
> subsequent calls count N up from zero, per interface type.
>
> This lets you define
On Wed, Nov 17, 2021 at 05:34:07PM +0100, Markus Armbruster wrote:
> drive_get_next() is basically a bad idea. It returns the "next" block
> backend of a certain interface type. "Next" means bus=0,unit=N, where
> subsequent calls count N up from zero, per interface type.
>
> This lets you define
On Wed, Nov 17, 2021 at 05:34:05PM +0100, Markus Armbruster wrote:
> drive_get_next() is basically a bad idea. It returns the "next" block
> backend of a certain interface type. "Next" means bus=0,unit=N, where
> subsequent calls count N up from zero, per interface type.
>
> This lets you define
On Wed, Nov 17, 2021 at 05:34:04PM +0100, Markus Armbruster wrote:
> drive_get_next() is basically a bad idea. It returns the "next" block
> backend of a certain interface type. "Next" means bus=0,unit=N, where
> subsequent calls count N up from zero, per interface type.
>
> This lets you define
On 18.11.21 10:33, Daniella Lee wrote:
Thanks for your reply and your suggestion is useful.
This is my first submission, and I will pay attention to these issues
in the future.
There are many other places you mentioned need to be modified,
do I need to resubmit the patch, or you want to modify
On 18.11.21 10:55, Emanuele Giuseppe Esposito wrote:
On 12/11/2021 15:40, Hanna Reitz wrote:
On 25.10.21 12:17, Emanuele Giuseppe Esposito wrote:
We want to be sure that the functions that write the child and
parent list of a bs are under BQL and drain.
BQL prevents from concurrent writings f
On 18.11.21 15:04, Paolo Bonzini wrote:
On 11/15/21 17:03, Hanna Reitz wrote:
and second fuse_do_truncate(), which calls blk_set_perm().
Here it seems that a non-growable export is still growable as long as
nobody is watching. :) Is this the desired behavior?
Yes, absolutely. “Growable” i
On 18.11.21 14:50, Paolo Bonzini wrote:
On 11/15/21 17:03, Hanna Reitz wrote:
I only really see four solutions for this:
(1) We somehow make the amend job run in the main context under the
BQL and have it prevent all concurrent I/O access (seems bad)
(2) We can make the permission functions pa
On Thursday, 2021-11-18 at 15:43:17 +01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
> ---
> docs/about/removed-features.rst| 8
> docs/devel/build-system.rst| 6 +++---
> docs/devel/multi-process.rst
On Thursday, 2021-11-18 at 15:34:01 +01, Philippe Mathieu-Daudé wrote:
> Replace Qemu -> QEMU.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Darren Kenny
> ---
> docs/devel/modules.rst| 2 +-
> docs/devel/multi-thread-tcg.rst | 2 +-
> docs/devel/style.rst
Philippe Mathieu-Daudé writes:
> Replace Qemu -> QEMU.
>
> Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Markus Armbruster
On Thu, Nov 18, 2021 at 03:43:17PM +0100, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> +++ b/docs/about/removed-features.rst
> @@ -658,8 +658,8 @@ enforce that any failure to open the backing image
> (including if the
> backing file is missing or an incorrect fo
On Thu, Nov 18, 2021 at 1:46 AM Gerd Hoffmann wrote:
> Hi,
>
> > - Split python/qemu/qmp out into its own repository and begin uploading
> it
> > to PyPI, as a test. (Do not delete python/qemu/qmp yet at this phase.)
>
> I think you can do that as two separate steps.
>
> pip can install from vc
On 17.11.21 16:46, Daniel P. Berrangé wrote:
On Wed, Nov 17, 2021 at 04:17:07PM +0100, Hanna Reitz wrote:
Whenever qemu-img or qemu-io report that some cipher is unsupported,
skip the whole test, because that is probably because qemu has been
configured with the gnutls crypto backend.
We could
On 11/18/21 16:46, Eric Blake wrote:
> On Thu, Nov 18, 2021 at 03:43:17PM +0100, Philippe Mathieu-Daudé wrote:
>> Signed-off-by: Philippe Mathieu-Daudé
>> ---
>
>> +++ b/docs/about/removed-features.rst
>> @@ -658,8 +658,8 @@ enforce that any failure to open the backing image
>> (including if the
Reviewed-by: Darren Kenny
Signed-off-by: Philippe Mathieu-Daudé
---
v2: Addressed Eric comments
---
docs/about/removed-features.rst| 8
docs/devel/build-system.rst| 6 +++---
docs/devel/multi-process.rst | 6 +++---
docs/devel/testing.rst
El jue., 18 nov. 2021 16:31, Hanna Reitz escribió:
> On 18.11.21 14:50, Paolo Bonzini wrote:
> > On 11/15/21 17:03, Hanna Reitz wrote:
> >>
> >> I only really see four solutions for this:
> >> (1) We somehow make the amend job run in the main context under the
> >> BQL and have it prevent all con
42 matches
Mail list logo
