ing
(2017-02-16 17:46:52 +)
are available in the git repository at:
git://git.kraxel.org/qemu tags/pull-input-20170220-1
for you to fetch changes up to 378af96155d62d90c876ee5e7648803247f1d864:
Add wctablet device (2017-02-20 11:2
From: Fabian Lesniak
Commit 8b0caab0 ("ps2: add support for mice with extra/side buttons")
accidentally swapped right and middle mouse buttons. This commit corrects
the mapping as expected by the ps2 controller.
Signed-off-by: Fabian Lesniak
Message-id: 20170204150319.8907-1-fab...@lesniak-it.d
From: Anatoli Huseu1
Add QEMU Wacom Penpartner serial tablet emulation.
GSoC 2016 project.
Signed-off-by: Anatoli Huseu1
Various cleanups.
Add line speed tracking.
Implement ST and SP commands.
Adapted to chardev QOMification.
Signed-off-by: Gerd Hoffmann
Message-id: 1486391007-10116-1-git-s
On 17 February 2017 at 14:25, Eric Auger wrote:
> In 2.9 ITS will block save/restore and migration use cases. As
> such let's introduce a user option that disallows its instantiation
> along with the GICv3. With no-its option turned true, migration will
> be possible, obviously at the expense of M
>
> On 20/02/2017 10:19, Gonglei (Arei) wrote:
> > Hi Paolo,
> >
> >>
> >>
> >> On 16/02/2017 02:31, Gonglei (Arei) wrote:
> >>> And the below patch works for me, I can support max 255 vcpus for
> WS2012
> >>> with hyper-v enlightenments.
> >>>
> >>> diff --git a/target/i386/kvm.c b/target/i386/kv
On 17 February 2017 at 19:53, Michael S. Tsirkin wrote:
> The following changes since commit ad584d37f2a86b392c25f3f00cc1f1532676c2d1:
>
> Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into
> staging (2017-02-16 17:46:52 +)
>
> are available in the git repository at:
>
>
20.02.2017 14:21, Denis V. Lunev wrote:
On 02/20/2017 12:15 PM, Kevin Wolf wrote:
Am 18.02.2017 um 11:54 hat Denis V. Lunev geschrieben:
On 02/17/2017 03:54 PM, Vladimir Sementsov-Ogievskiy wrote:
17.02.2017 17:24, Kevin Wolf wrote:
Am 17.02.2017 um 14:48 hat Denis V. Lunev geschrieben:
On 0
Paolo Bonzini writes:
> On 15/02/2017 14:10, Markus Armbruster wrote:
>> Paolo Bonzini writes:
>>
>>> On 15/02/2017 13:18, Markus Armbruster wrote:
Drives defined with if=scsi get connected to buses created with
-device, unlike other interface types. Deprecate this usage.
T
On 19 February 2017 at 20:02, Laurent Vivier wrote:
> f_fpregs is a 2d array, not 1d:
>
> typedef struct fpregset
> {
>int f_pcr;
>int f_psr;
>int f_fpiaddr;
> #ifdef __mcoldfire__
>int f_fpregs[8][2];
> #else
>int f_fpregs[8][3];
> #endif
> } fpregset_t;
>
> For the mome
Am 20.02.2017 um 12:21 hat Denis V. Lunev geschrieben:
> On 02/20/2017 12:15 PM, Kevin Wolf wrote:
> > Am 18.02.2017 um 11:54 hat Denis V. Lunev geschrieben:
> >> On 02/17/2017 03:54 PM, Vladimir Sementsov-Ogievskiy wrote:
> >>> 17.02.2017 17:24, Kevin Wolf wrote:
> Am 17.02.2017 um 14:48 hat
On 13.02.2017 18:22, Kevin Wolf wrote:
> This makes all device emulations with a qdev drive property request
> permissions on their BlockBackend. We don't block anything yet.
>
> Signed-off-by: Kevin Wolf
> ---
> hw/block/block.c | 19 ++-
> hw/block/fdc.c
On 13.02.2017 18:22, Kevin Wolf wrote:
> By default, don't allow another writer for block devices that are
> attached to a guest device. For the cases where this setup is intended
> (e.g. using a cluster filesystem on the disk), the new option can be
> used to allow it.
>
> This change affects onl
On Fri, Feb 03, 2017 at 10:01:53PM +0100, Max Reitz wrote:
> On 03.02.2017 13:02, Daniel P. Berrange wrote:
> > The qemu-img dd command added --image-opts support, but missed
> > the corresponding --object support. This prevented passing
> > secrets (eg auth passwords) needed by certain disk images
On Fri, Feb 03, 2017 at 11:07:13PM +0100, Max Reitz wrote:
> On 03.02.2017 13:02, Daniel P. Berrange wrote:
> > The -o arg to the convert command allows specification of format/protocol
> > options for the newly created image. This adds a -o arg to the dd command
> > to get feature parity.
> >
> >
* Laszlo Ersek (ler...@redhat.com) wrote:
> On 02/20/17 12:00, Dr. David Alan Gilbert wrote:
> > * Laszlo Ersek (ler...@redhat.com) wrote:
> >> On 02/20/17 11:23, Dr. David Alan Gilbert wrote:
> >>> * Laszlo Ersek (ler...@redhat.com) wrote:
> CC Dave
> >>>
> >>> This isn't an area I really und
On Fri, Feb 03, 2017 at 10:44:46PM +0100, Max Reitz wrote:
> On 03.02.2017 13:02, Daniel P. Berrange wrote:
> > The -n arg to the convert command allows use of a pre-existing image,
> > rather than creating a new image. This adds equivalent functionality
> > to the dd command using the 'conv' arg.
Le 20/02/2017 à 13:14, Peter Maydell a écrit :
> On 19 February 2017 at 20:02, Laurent Vivier wrote:
>> f_fpregs is a 2d array, not 1d:
>>
>> typedef struct fpregset
>> {
>>int f_pcr;
>>int f_psr;
>>int f_fpiaddr;
>> #ifdef __mcoldfire__
>>int f_fpregs[8][2];
>> #else
>>int
On Fri, Feb 03, 2017 at 11:32:13PM +0100, Max Reitz wrote:
> On 03.02.2017 13:02, Daniel P. Berrange wrote:
> > The '--image-opts' flags indicates whether the source filename
> > includes options. The target filename has to remain in the
> > plain filename format though, since it needs to be passed
On Fri, Feb 03, 2017 at 11:39:35PM +0100, Max Reitz wrote:
> On 03.02.2017 13:02, Daniel P. Berrange wrote:
> > The qemu-img dd/convert commands will create a image file and
> > then try to open it. Historically it has been possible to open
> > new files without passing any options. With encrypted
On 20 February 2017 at 12:41, Laurent Vivier wrote:
> I have some problems with risugen since some functions have been moved
> to common:
>
> $ ./risugen --numinsns 1 --pattern ABCD m68k.risu ABCD.out
> Generating code using patterns: ABCD M68000...
> Syntax error detected evaluating ABCD M680
On 13.02.2017 18:22, Kevin Wolf wrote:
> For meaningful error messages in the permission system, we want to allow
> the parent of a BdrvChild to generate some kind of human-readable
> identifier for the link represented by the BdrvChild.
>
> Signed-off-by: Kevin Wolf
> ---
> block.c
On 20/02/2017 13:07, Markus Armbruster wrote:
> Paolo Bonzini writes:
>
>> On 15/02/2017 14:10, Markus Armbruster wrote:
>>> Paolo Bonzini writes:
>>>
On 15/02/2017 13:18, Markus Armbruster wrote:
> Drives defined with if=scsi get connected to buses created with
> -device, unlike
On 20/02/2017 12:54, Gonglei (Arei) wrote:
>>
>> On 20/02/2017 10:19, Gonglei (Arei) wrote:
>>> Hi Paolo,
>>>
On 16/02/2017 02:31, Gonglei (Arei) wrote:
> And the below patch works for me, I can support max 255 vcpus for
>> WS2012
> with hyper-v enlightenments.
>
>
Am 20.02.2017 um 13:25 hat Max Reitz geschrieben:
> On 13.02.2017 18:22, Kevin Wolf wrote:
> > This makes all device emulations with a qdev drive property request
> > permissions on their BlockBackend. We don't block anything yet.
> >
> > Signed-off-by: Kevin Wolf
> > ---
> > hw/block/block.c
Am 20.02.2017 um 13:28 hat Max Reitz geschrieben:
> On 13.02.2017 18:22, Kevin Wolf wrote:
> > By default, don't allow another writer for block devices that are
> > attached to a guest device. For the cases where this setup is intended
> > (e.g. using a cluster filesystem on the disk), the new opti
Marc-André Lureau writes:
> When we build qemu-qmp-ref.txt this causes texinfo to complain several
> times:
> "Negative repeat count does nothing at
> /usr/share/texinfo/Texinfo/Convert/Line.pm line 124."
>
> It also doesn't display correctly, because the "Notes" text disappears
> entirely in the
Le 20/02/2017 à 13:49, Peter Maydell a écrit :
> On 20 February 2017 at 12:41, Laurent Vivier wrote:
>> I have some problems with risugen since some functions have been moved
>> to common:
>>
>> $ ./risugen --numinsns 1 --pattern ABCD m68k.risu ABCD.out
>> Generating code using patterns: ABCD
On Mon, 20 Feb 2017 12:38:06 +0100
Laszlo Ersek wrote:
> On 02/20/17 12:00, Dr. David Alan Gilbert wrote:
> > * Laszlo Ersek (ler...@redhat.com) wrote:
> >> On 02/20/17 11:23, Dr. David Alan Gilbert wrote:
> >>> * Laszlo Ersek (ler...@redhat.com) wrote:
> CC Dave
> >>>
> >>> This isn
On 13.02.2017 18:22, Kevin Wolf wrote:
> Instead of just telling that there was some conflict, we can be specific
> and tell which permissions were in conflict and which way the conflict
> is.
>
> Signed-off-by: Kevin Wolf
> ---
> block.c | 66
> +
On 20.02.2017 14:05, Kevin Wolf wrote:
> Am 20.02.2017 um 13:28 hat Max Reitz geschrieben:
>> On 13.02.2017 18:22, Kevin Wolf wrote:
>>> By default, don't allow another writer for block devices that are
>>> attached to a guest device. For the cases where this setup is intended
>>> (e.g. using a clu
On 20 February 2017 at 13:08, Laurent Vivier wrote:
> Le 20/02/2017 à 13:49, Peter Maydell a écrit :
>> Oops, that was unintended. We definitely don't want to require
>> decorating all the function calls in the .risu files. Reverting
>> commit 6a3647ae8918 should fix this, but I'll see if there's
>
>
> On 20/02/2017 12:54, Gonglei (Arei) wrote:
> >>
> >> On 20/02/2017 10:19, Gonglei (Arei) wrote:
> >>> Hi Paolo,
> >>>
>
>
> On 16/02/2017 02:31, Gonglei (Arei) wrote:
> > And the below patch works for me, I can support max 255 vcpus for
> >> WS2012
> > with hyper-v en
On 18 February 2017 at 23:48, Thomas Huth wrote:
> The following changes since commit ad584d37f2a86b392c25f3f00cc1f1532676c2d1:
>
> Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into
> staging (2017-02-16 17:46:52 +)
>
> are available in the git repository at:
>
> https
Paolo Bonzini writes:
> On 20/02/2017 13:07, Markus Armbruster wrote:
>> Paolo Bonzini writes:
>>
>>> On 15/02/2017 14:10, Markus Armbruster wrote:
Paolo Bonzini writes:
> On 15/02/2017 13:18, Markus Armbruster wrote:
>> Drives defined with if=scsi get connected to buses crea
From: Marc-André Lureau
When multiple GPU are available, picking the first one isn't always the
best choice. Learn to specify a device rendernode.
Signed-off-by: Marc-André Lureau
Message-id: 20170212112118.16044-1-marcandre.lur...@redhat.com
Signed-off-by: Gerd Hoffmann
---
include/ui/egl-he
On Mon, Feb 13, 2017 at 10:33:09PM -0500, Programmingkid wrote:
>
> On Feb 13, 2017, at 10:25 PM, Richard Henderson wrote:
>
> > On 02/10/2017 11:39 AM, Stafford Horne wrote:
> >> On Thu, Feb 09, 2017 at 09:10:51AM -0500, G 3 wrote:
> >>>
> >>> On Feb 8, 2017, at 11:52 PM, qemu-devel-requ...@non
> Is that an Acked-by?
> >>>
> >>> Not a sufficient one because the patch touches files outside my area of
> >>> maintenance, but for hw/scsi you can treat it as one.
> >>
> >> Okay, that covers PATCH 1/3.
> >>
> >> What about PATCH 3/3? It's actually your idea...
> >
> > Yep, hw/i386 too I
Marc-André Lureau writes:
> When no number is provided, return an invalid number error.
> (note: this may break some users relying on default 0 value)
>
> Fixes:
> https://bugzilla.redhat.com/show_bug.cgi?id=1417864
>
> Signed-off-by: Marc-André Lureau
> ---
> util/qemu-option.c | 2 +-
> 1 fil
ository at:
git://git.kraxel.org/qemu tags/pull-ui-20170220-1
for you to fetch changes up to 0ea1523fb6703aa0dcd65e66b59e96fec028e60a:
egl-helpers: Support newer MESA versions (2017-02-20 12:46:09 +0100)
ui: opengl fixes, for spi
From: Frediano Ziglio
According to
https://www.khronos.org/registry/EGL/extensions/MESA/EGL_MESA_platform_gbm.txt
if MESA_platform_gbm is supported display should be initialized
from a GBM handle using eglGetPlatformDisplayEXT.
Signed-off-by: Frediano Ziglio
Message-id: 20170220095055.4234-1-fz
From: Peter Maydell
Unfortunately some older versions of makeinfo don't correctly
handle the -D command line option and fail to set the variable.
This then causes them to complain
docs/qemu-ga-ref.texi:41: warning: undefined flag: VERSION
Work around this by doing as the autotools do, and writi
From: Marc-André Lureau
When we build qemu-qmp-ref.txt this causes texinfo to complain several
times:
"Negative repeat count does nothing at
/usr/share/texinfo/Texinfo/Convert/Line.pm line 124."
It also doesn't display correctly, because the "Notes" text disappears
entirely in the HTML version b
On 02/20/17 14:13, Igor Mammedov wrote:
> On Mon, 20 Feb 2017 12:38:06 +0100
> Laszlo Ersek wrote:
>
>> On 02/20/17 12:00, Dr. David Alan Gilbert wrote:
>>> * Laszlo Ersek (ler...@redhat.com) wrote:
On 02/20/17 11:23, Dr. David Alan Gilbert wrote:
> * Laszlo Ersek (ler...@redhat.com)
The following changes since commit d514cfd763b271b4e97a9fc6adaabc8fd50084ab:
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
(2017-02-20 09:53:59 +)
are available in the git repository at:
git://repo.or.cz/qemu/armbru.git tags/pull-qapi-2017-02-20
for you to f
Peter Maydell writes:
> Unfortunately some older versions of makeinfo don't correctly
> handle the -D command line option and fail to set the variable.
> This then causes them to complain
> docs/qemu-ga-ref.texi:41: warning: undefined flag: VERSION
>
> Work around this by doing as the autotools
On 13.02.2017 18:22, Kevin Wolf wrote:
> Block jobs don't actually do I/O through the the reference they create
> with block_job_add_bdrv(), but they might want to use the permisssion
> system to express what the block job does to intermediate nodes. This
> adds permissions to block_job_add_bdrv()
On 20 February 2017 at 09:32, Stefan Hajnoczi wrote:
> The following changes since commit 5dae13cd71f0755a1395b5a4cde635b8a6ee3f58:
>
> Merge remote-tracking branch 'remotes/rth/tags/pull-or-20170214' into
> staging (2017-02-14 09:55:48 +)
>
> are available in the git repository at:
>
> g
On 16/02/2017 15:51, Janosch Frank wrote:
> While trying to fix a bug in the s390 migration code, I noticed that
> QEMU ignores practically all errors returned from that VM ioctl. QEMU
> behaves as specified in the KVM api and only processes -1 (-EPERM) as an
> error.
>
> Unfortunately the docum
On 20/02/2017 11:07, Daniel P. Berrange wrote:
>> +if (qemu_uuid_is_null(&qemu_uuid)) {
> This is the wrong check - QEMU provides a 'qemu_uuid_set' boolean
> to determine if 'qemu_uuid' is set or not. If it is not set, then
> the code should return an error, not use a hardcoded uuid.
Or
On 13 February 2017 at 14:44, Cédric Le Goater wrote:
> The setting of the DRAM address of the DMA transaction depends on the
> DRAM base address of the SoC. Let's add a property to give this
> information to the SMC controller model.
>
> Signed-off-by: Cédric Le Goater
> Reviewed-by: Joel Stanle
On 20/02/2017 14:37, Peter Maydell wrote:
>
> -void virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq)
> +bool virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq)
> {
> + virtio_scsi_acquire(s);
> if (s->events_dropped) {
> virtio_scsi_push_event(s, NULL, VIR
5:37 +)
are available in the git repository at:
git://git.kraxel.org/qemu tags/pull-audio-20170220-1
for you to fetch changes up to 255a694376960826ead9a6e47c5c661d51b5e25b:
audio/sdlaudio: Allow audio playback with SDL2 (2017-02-20 14:2
From: Thomas Huth
When compiling with SDL2, the semaphore trick used in sdlaudio.c
does not work - QEMU locks up completely in this case. To avoid
the hang and get at least some audio playback up and running (it's
a little bit crackling, but better than nothing), we can use the
SDL locking functi
From: Pavel Dovgalyuk
This patch changes resetting strategy of the audio polling timer.
It does not change expiration time if the timer is already set.
This patch is needed to make this timer deterministic and to use execution
record/replay for audio devices.
audio_reset_timer is used in the fun
From: Pavel Dovgalyuk
This patch adds recording and replaying audio data. Is saves synchronization
information for audio out and inputs from the microphone.
v2: removed unneeded whitespace change
Signed-off-by: Pavel Dovgalyuk
Message-id: 20170202055054.4848.94901.st...@pasha-isp.lan02.inno
Si
On Mon, 02/20 10:51, Alex Bennée wrote:
> Hi Fam,
>
> Hopefully this is the final iteration. A couple of minor typos fixes
> and your suggestions taken into account. I have also added some
> review/tesing tags from Philippe.
Looks good to me, Thanks! Let me know if you want to merge it yourself,
From: Farhan Ali
The current QEMU ROM infrastructure rejects late loading of ROMs.
And ELFs are currently loaded as ROM, this prevents delayed loading
of ELFs. So when loading ELF, allow the user to specify if ELF should
be loaded as ROM or not.
If an ELF is not loaded as ROM, then they are not
This patchset implements network boot for s390x. You need to build
a s390-netboot.img to actually perform the work (not included).
Basically, we add support for virtio-net devices into the ipl code
and update the ccw bios to handle this as well.
For the first patch (elf loading) I'd like to get a
From: Farhan Ali
Add new field to S390IPLState to store the name of the network boot
loader.
Signed-off-by: Farhan Ali
Reviewed-by: Christian Borntraeger
Reviewed-by: Cornelia Huck
Signed-off-by: Cornelia Huck
---
hw/s390x/ipl.c | 1 +
hw/s390x/ipl.h | 1 +
hw/s390x/
Contains the following commits:
- pc-bios/s390-ccw: Use the ccw bios to start the network boot
Signed-off-by: Cornelia Huck
---
pc-bios/s390-ccw.img | Bin 26392 -> 26456 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/pc-bios/s390-ccw.img b/pc-bios/s390-ccw.img
index
cf05bf
From: Farhan Ali
Load the network boot image into guest RAM when the boot
device selected is a network device. Use some of the reserved
space in IplBlockCcw to store the start address of the netboot
image.
A user could also use 'chreipl'(diag 308/5) to change the boot device.
So every time we up
From: Farhan Ali
We want to use the ccw bios to start final network boot. To do
this we use ccw bios to detect if the boot device is a virtio
network device and retrieve the start address of the
network boot image.
Signed-off-by: Farhan Ali
Reviewed-by: Christian Borntraeger
Signed-off-by: Cor
On 13.02.2017 18:22, Kevin Wolf wrote:
> This function allows to create more or less normal BlockDriverStates
> even for BlockDrivers that aren't globally registered (e.g. helper
> filters for block jobs).
>
> Signed-off-by: Kevin Wolf
> ---
> block.c | 31 +
On Sun, Feb 19, 2017 at 02:30:53PM -0800, Ashish Mittal wrote:
> v9 changelog:
> (1) Fixes for all the review comments from v8. I have left the definition
> of VXHS_UUID_DEF unchanged pending a better suggestion.
If I understand correctly libvxhs has a global instance ID for choosing
the SSL c
On Feb 20, 2017 8:49 AM, "Paolo Bonzini" wrote:
On 20/02/2017 11:07, Daniel P. Berrange wrote:
>> +if (qemu_uuid_is_null(&qemu_uuid)) {
> This is the wrong check - QEMU provides a 'qemu_uuid_set' boolean
> to determine if 'qemu_uuid' is set or not. If it is not set, then
> the code shou
On Mon, Feb 20, 2017 at 02:21:43PM +, Stefan Hajnoczi wrote:
> On Sun, Feb 19, 2017 at 02:30:53PM -0800, Ashish Mittal wrote:
> > v9 changelog:
> > (1) Fixes for all the review comments from v8. I have left the definition
> > of VXHS_UUID_DEF unchanged pending a better suggestion.
>
> If I
On 20.02.2017 14:46, Paolo Bonzini wrote:
>
>
> On 16/02/2017 15:51, Janosch Frank wrote:
>> While trying to fix a bug in the s390 migration code, I noticed that
>> QEMU ignores practically all errors returned from that VM ioctl. QEMU
>> behaves as specified in the KVM api and only processes -1 (
On Mon, Feb 20, 2017 at 09:25:25AM -0500, Jeff Cody wrote:
> On Feb 20, 2017 8:49 AM, "Paolo Bonzini" wrote:
>
>
>
> On 20/02/2017 11:07, Daniel P. Berrange wrote:
> >> +if (qemu_uuid_is_null(&qemu_uuid)) {
> > This is the wrong check - QEMU provides a 'qemu_uuid_set' boolean
> > to det
These functions are always called indirectly. It really doesn't make sense
for them to sit in a header file.
Signed-off-by: Greg Kurz
---
hw/9pfs/9p-xattr.c | 61
hw/9pfs/9p-xattr.h | 80 +---
2 files ch
If these functions fail, they should not change *fs. Let's use local
variables to fix this.
Signed-off-by: Greg Kurz
---
hw/9pfs/9p-local.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 55903e5d7745..c2239bfafce
On 20 February 2017 at 14:30, Cédric Le Goater wrote:
> On 02/20/2017 02:51 PM, Peter Maydell wrote:
>> On 13 February 2017 at 14:44, Cédric Le Goater wrote:
>>> The setting of the DRAM address of the DMA transaction depends on the
>>> DRAM base address of the SoC. Let's add a property to give th
If this function fails, it should not modify *ctx.
Signed-off-by: Greg Kurz
---
hw/9pfs/9p-local.c | 37 +++--
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 7de07e1ba67f..55903e5d7745 100644
--- a/h
When using the passthrough security mode, symbolic links created by the
guest are actual symbolic links on the host file system.
Since the resolution of symbolic links during path walk is supposed to
occur on the client side. The server should hence never receive any path
pointing to an actual sym
The local_open() and local_opendir() callbacks are vulnerable to symlink
attacks because they call:
(1) open(O_NOFOLLOW) which follows symbolic links in all path elements but
the rightmost one
(2) opendir() which follows symbolic links in all path elements
This patch converts both callbacks t
This series tries to fix CVE-2016-9602 reported by Jann Horn of Google
Project Zero:
https://bugzilla.redhat.com/show_bug.cgi?id=1413929
This vulnerability affects all accesses to the underlying filesystem in
the "local" backend code.
If QEMU is started with:
-fsdev local,security_model=,path=/
On 02/20/2017 02:51 PM, Peter Maydell wrote:
> On 13 February 2017 at 14:44, Cédric Le Goater wrote:
>> The setting of the DRAM address of the DMA transaction depends on the
>> DRAM base address of the SoC. Let's add a property to give this
>> information to the SMC controller model.
>>
>> Signed-
Yes, I mean '-cpu host' in the bare metal. There is no workaround; it
worked by chance and it triggered other hard to find bugs.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1665389
Title:
Nested
The local_lsetxattr() callback is vulnerable to symlink attacks because
it calls lsetxattr() which follows symbolic links in all path elements but
the rightmost one.
This patch converts local_lsetxattr() to rely on opendir_nofollow() and
fsetxattrat_nofollow() instead.
This partly fixes CVE-2016-
This patch opens the shared folder and caches the file descriptor, so that
it can be used to do symlink-safe path walk.
Signed-off-by: Greg Kurz
---
hw/9pfs/9p-local.c | 30 --
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9p
The local_lgetxattr() callback is vulnerable to symlink attacks because
it calls lgetxattr() which follows symbolic links in all path elements but
the rightmost one.
This patch converts local_lgetxattr() to rely on opendir_nofollow() and
fgetxattrat_nofollow() instead.
This partly fixes CVE-2016-
All operations dealing with extended attributes are vulnerable to symlink
attacks because they use path-based syscalls which can traverse symbolic
links while walking through the dirname part of the path.
The solution is to introduce helpers based on opendir_nofollow(). This
calls for "at" version
On Mon, 20 Feb 2017 14:28:11 +0100
Laszlo Ersek wrote:
> On 02/20/17 14:13, Igor Mammedov wrote:
> > On Mon, 20 Feb 2017 12:38:06 +0100
> > Laszlo Ersek wrote:
[...]
> >> Interesting! I hope Igor can double-check this!
> > I've retested v7, and it reliably fails (vmgenid_wait doesn't see chang
The local_llistxattr() callback is vulnerable to symlink attacks because
it calls llistxattr() which follows symbolic links in all path elements but
the rightmost one.
This patch converts local_llistxattr() to rely on opendir_nofollow() and
flistxattrat_nofollow() instead.
This partly fixes CVE-2
The local_lstat() callback is vulnerable to symlink attacks because it
calls:
(1) lstat() which follows symbolic links in all path elements but the
rightmost one
(2) getxattr() which follows symbolic links in all path elements
(3) local_mapped_file_attr()->local_fopen()->openat(O_NOFOLLOW) whi
The local_unlinkat() callback is vulnerable to symlink attacks because it
calls remove() which follows symbolic links in all path elements but the
rightmost one.
This patch converts local_unlinkat() to rely on opendir_nofollow() and
unlinkat() instead.
Most of the code is moved to a separate loca
The local_lremovexattr() callback is vulnerable to symlink attacks because
it calls lremovexattr() which follows symbolic links in all path elements but
the rightmost one.
This patch converts local_lremovexattr() to rely on opendir_nofollow() and
fremovexattrat_nofollow() instead.
This partly fix
The local_statfs() callback is vulnerable to symlink attacks because it
calls statfs() which follows symbolic links in all path elements.
This patch converts local_statfs() to rely on open_nofollow() and fstatfs()
instead.
This partly fixes CVE-2016-9602.
Signed-off-by: Greg Kurz
---
hw/9pfs/9
The local_remove() callback is vulnerable to symlink attacks because it
calls:
(1) lstat() which follows symbolic links in all path elements but the
rightmost one
(2) remove() which follows symbolic links in all path elements but the
rightmost one
This patch converts local_remove() to rel
The local_link() callback is vulnerable to symlink attacks because it calls:
(1) link() which follows symbolic links for all path elements but the
rightmost one
(2) local_create_mapped_attr_dir()->mkdir() which follows symbolic links
for all path elements but the rightmost one
This patch
The local_truncate() callback is vulnerable to symlink attacks because
it calls truncate() which follows symbolic links in all path elements.
This patch converts local_truncate() to rely on open_nofollow() and
ftruncate() instead.
This partly fixes CVE-2016-9602.
Signed-off-by: Greg Kurz
---
h
The local_utimensat() callback is vulnerable to symlink attacks because it
calls qemu_utimens()->utimensat(AT_SYMLINK_NOFOLLOW) which follows symbolic
links in all path elements but the rightmost one or qemu_utimens()->utimes()
which follows symbolic links for all path elements.
This patch convert
The local_chmod() callback is vulnerable to symlink attacks because it
calls:
(1) chmod() which follows symbolic links for all path elements
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3) local_set_mapped_file_attr() which calls in turn local_fopen() a
The local_renameat() callback is currently a wrapper around local_rename()
which is vulnerable to symlink attacks.
This patch rewrites local_renameat() to have its own implementation, based
on local_opendir_nofollow() and renameat().
This partly fixes CVE-2016-9602.
Signed-off-by: Greg Kurz
---
The local_readlink() callback is vulnerable to symlink attacks because it
calls:
(1) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the rightmost one
(2) readlink() which follows symbolic links for all path elements but the
rightmost one
This patch converts local_
The local_rename() callback is vulnerable to symlink attacks because it
uses rename() which follows symbolic links in all path elements but the
rightmost one.
This patch simply transforms local_rename() into a wrapper around
local_renameat() which is symlink-attack safe.
This partly fixes CVE-201
The local_symlink() callback is vulnerable to symlink attacks because it
calls:
(1) symlink() which follows symbolic links for all path elements but the
rightmost one
(2) open(O_NOFOLLOW) which follows symbolic links for all path elements but
the rightmost one
(3) local_set_xattr()->setxat
The local_mkdir() callback is vulnerable to symlink attacks because it
calls:
(1) mkdir() which follows symbolic links for all path elements but the
rightmost one
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3) local_set_mapped_file_attr() which cal
On Thu, 16 Feb 2017 15:15:39 -0800
b...@skyportsystems.com wrote:
> From: Ben Warren
>
> The following tests are implemented:
> * test that a GUID passed in by command line is propagated to the guest.
> Read the GUID from guest memory
> * test that the "auto" argument to the GUID generates a v
The local_mknod() callback is vulnerable to symlink attacks because it
calls:
(1) mknod() which follows symbolic links for all path elements but the
rightmost one
(2) local_set_xattr()->setxattr() which follows symbolic links for all
path elements
(3) local_set_mapped_file_attr() which cal
When using the mapped-file security model, we also have to create a link
for the metadata file if it exists. In case of failure, we should rollback.
That's what this patch does.
Signed-off-by: Greg Kurz
---
hw/9pfs/9p-local.c | 26 +++---
1 file changed, 19 insertions(+),
101 - 200 of 400 matches
Mail list logo
