pool/qemu
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 886771 from home:bfrogers:branches:Virtualization

Browse Source 
- Include upstream patch designated as stable material and reviewed
  for applicability to include here
  mptsas-Remove-unused-MPTSASState-pending.patch
- Clarify in support documents that cpu-add was removed in this
  release from both the human monitor protocol (HMP) and QMP
  interfaces

OBS-URL: https://build.opensuse.org/request/show/886771
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=637
This commit is contained in:
Bruce Rogers 2021-04-19 20:23:47 +00:00 committed by Git OBS Bridge
parent 4d7bbe2c05
commit 1e47dbc5c1
8 changed files with 171 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.PACKAGING
View File

@ -30,14 +30,16 @@ The qemu major and minor release numbers are part of the name, prefixed by
'opensuse-', so, for example, for the v5.2.0 based SLE-15-SP3 qemu, the branch
would be named 'opensuse-5.2'. You want to start your work based on the current
patchqueue as contained in 'frombundle', so one approach is to do (depending on
your local repo's current state), 'branch -B opensuse-5.2 frombundle', and then
cherry-pick upstream patches into it, or interactive rebase it to modify or
delete patches, etc. Be careful to keep the branch based on the upstream tag
which represents the package tarball however! Once you have the patch queue
ready to go, simply run 'bash ./update_git.sh git2pkg' (in your local obs branch
directory) to refresh the bundles.tar.xz file, as well as the package spec and
patch files. The package qemu.changes file is modified to list added or removed
patches as a starting point for documenting the change.
your local repo's current state), 'git checkout -f --recurse-submodules -B
opensuse-5.2 frombundle', and then cherry-pick upstream patches into it, or
interactive rebase it to modify or delete patches, etc. Be careful to keep the
branch based on the upstream tag which represents the package tarball however!
Once you have the patch queue ready to go, simply run 'bash ./update_git.sh
git2pkg' (in your local obs branch directory) to refresh the bundles.tar.xz
file, as well as the package spec and patch files. The package qemu.changes file
is modified to list added or removed patches as a starting point for documenting
the change.
When you are ready to check in the package, using 'bash update_git.sh ci' is
provided as a convenience (and to help preserve correct spec file formatting,

4
bundles.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:571e056a525b5f1ac55c4e4784a831f3bddb8cd1e0fa6fee750792a92681eb9b
size 108908
oid sha256:e1f7600d95e9f7dc6b5e62a251aae661d059047af6173f631a76494df16423c8
size 109580

86
mptsas-Remove-unused-MPTSASState-pending.patch Normal file
View File

@ -0,0 +1,86 @@
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Mon, 19 Apr 2021 15:42:47 +0200
Subject: mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
While processing SCSI i/o requests in mptsas_process_scsi_io_request(),
the Megaraid emulator appends new MPTSASRequest object 'req' to
the 's->pending' queue. In case of an error, this same object gets
dequeued in mptsas_free_request() only if SCSIRequest object
'req->sreq' is initialised. This may lead to a use-after-free issue.
Since s->pending is actually not used, simply remove it from
MPTSASState.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Message-id: 20210419134247.1467982-1-f4bug@amsat.org
Message-Id: <20210416102243.1293871-1-mjt@msgid.tls.msk.ru>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
BugLink: https://bugs.launchpad.net/qemu/+bug/1914236 (CVE-2021-3392)
Fixes: e351b826112 ("hw: Add support for LSI SAS1068 (mptsas) device")
[PMD: Reworded description, added more tags]
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/mptsas.c | 6 ------
hw/scsi/mptsas.h | 1 -
2 files changed, 7 deletions(-)
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index f86616544bacf71da60270ad06ed..12c957e06be41e80963bcabae1f8 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -251,13 +251,10 @@ static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr)
static void mptsas_free_request(MPTSASRequest *req)
{
- MPTSASState *s = req->dev;
-
if (req->sreq != NULL) {
req->sreq->hba_private = NULL;
scsi_req_unref(req->sreq);
req->sreq = NULL;
- QTAILQ_REMOVE(&s->pending, req, next);
}
qemu_sglist_destroy(&req->qsg);
g_free(req);
@@ -303,7 +300,6 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
}
req = g_new0(MPTSASRequest, 1);
- QTAILQ_INSERT_TAIL(&s->pending, req, next);
req->scsi_io = *scsi_io;
req->dev = s;
@@ -1318,8 +1314,6 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp)
s->request_bh = qemu_bh_new(mptsas_fetch_requests, s);
- QTAILQ_INIT(&s->pending);
-
scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, NULL);
}
diff --git a/hw/scsi/mptsas.h b/hw/scsi/mptsas.h
index b85ac1a5fcc7ad3ffc72923c734c..c046497db71989a564ed46481036 100644
--- a/hw/scsi/mptsas.h
+++ b/hw/scsi/mptsas.h
@@ -79,7 +79,6 @@ struct MPTSASState {
uint16_t reply_frame_size;
SCSIBus bus;
- QTAILQ_HEAD(, MPTSASRequest) pending;
};
void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req);

10
qemu.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Mon Apr 19 15:40:22 UTC 2021 - Bruce Rogers <brogers@suse.com>
- Include upstream patch designated as stable material and reviewed
for applicability to include here
mptsas-Remove-unused-MPTSASState-pending.patch
- Clarify in support documents that cpu-add was removed in this
release from both the human monitor protocol (HMP) and QMP
interfaces
-------------------------------------------------------------------
Thu Apr 15 17:19:42 UTC 2021 - Bruce Rogers <brogers@suse.com>

104
qemu.spec
View File

@ -213,52 +213,53 @@ Patch00077: cpu-core-Fix-help-of-CPU-core-device-typ.patch
Patch00078: hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
Patch00079: hw-isa-Kconfig-Add-missing-dependency-VI.patch
Patch00080: hw-isa-piix4-Migrate-Reset-Control-Regis.patch
Patch00081: net-vmxnet3-validate-configuration-value.patch
Patch00082: XXX-dont-dump-core-on-sigabort.patch
Patch00083: qemu-binfmt-conf-Modify-default-path.patch
Patch00084: qemu-cvs-gettimeofday.patch
Patch00085: qemu-cvs-ioctl_debug.patch
Patch00086: qemu-cvs-ioctl_nodirection.patch
Patch00087: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00088: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00089: linux-user-binfmt-support-host-binaries.patch
Patch00090: linux-user-Fake-proc-cpuinfo.patch
Patch00091: linux-user-use-target_ulong.patch
Patch00092: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00093: linux-user-lseek-explicitly-cast-non-set.patch
Patch00094: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00095: xen_disk-Add-suse-specific-flush-disable.patch
Patch00096: qemu-bridge-helper-reduce-security-profi.patch
Patch00097: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00098: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00099: Raise-soft-address-space-limit-to-hard-l.patch
Patch00100: increase-x86_64-physical-bits-to-42.patch
Patch00101: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00102: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00103: Make-installed-scripts-explicitly-python.patch
Patch00104: hw-smbios-handle-both-file-formats-regar.patch
Patch00105: xen-add-block-resize-support-for-xen-dis.patch
Patch00106: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00107: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00108: xen-ignore-live-parameter-from-xen-save-.patch
Patch00109: tests-change-error-message-in-test-162.patch
Patch00110: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00111: configure-only-populate-roms-if-softmmu.patch
Patch00112: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00113: roms-change-cross-compiler-naming-to-be-.patch
Patch00114: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00115: configure-remove-pkgversion-from-CONFIG_.patch
Patch00116: docs-add-SUSE-support-statements-to-html.patch
Patch00117: s390x-Fix-stringop-truncation-issue-repo.patch
Patch00118: Revert-qht-constify-qht_statistics_init.patch
Patch00119: qht-Revert-some-constification-in-qht.c.patch
Patch00120: meson-install-ivshmem-client-and-ivshmem.patch
Patch00121: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00122: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00123: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00124: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00125: module-for-virtio-gpu-pre-load-module-to.patch
Patch00126: qom-handle-case-of-chardev-spice-module-.patch
Patch00081: mptsas-Remove-unused-MPTSASState-pending.patch
Patch00082: net-vmxnet3-validate-configuration-value.patch
Patch00083: XXX-dont-dump-core-on-sigabort.patch
Patch00084: qemu-binfmt-conf-Modify-default-path.patch
Patch00085: qemu-cvs-gettimeofday.patch
Patch00086: qemu-cvs-ioctl_debug.patch
Patch00087: qemu-cvs-ioctl_nodirection.patch
Patch00088: linux-user-add-binfmt-wrapper-for-argv-0.patch
Patch00089: PPC-KVM-Disable-mmu-notifier-check.patch
Patch00090: linux-user-binfmt-support-host-binaries.patch
Patch00091: linux-user-Fake-proc-cpuinfo.patch
Patch00092: linux-user-use-target_ulong.patch
Patch00093: Make-char-muxer-more-robust-wrt-small-FI.patch
Patch00094: linux-user-lseek-explicitly-cast-non-set.patch
Patch00095: AIO-Reduce-number-of-threads-for-32bit-h.patch
Patch00096: xen_disk-Add-suse-specific-flush-disable.patch
Patch00097: qemu-bridge-helper-reduce-security-profi.patch
Patch00098: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
Patch00099: roms-Makefile-pass-a-packaging-timestamp.patch
Patch00100: Raise-soft-address-space-limit-to-hard-l.patch
Patch00101: increase-x86_64-physical-bits-to-42.patch
Patch00102: i8254-Fix-migration-from-SLE11-SP2.patch
Patch00103: acpi_piix4-Fix-migration-from-SLE11-SP2.patch
Patch00104: Make-installed-scripts-explicitly-python.patch
Patch00105: hw-smbios-handle-both-file-formats-regar.patch
Patch00106: xen-add-block-resize-support-for-xen-dis.patch
Patch00107: tests-qemu-iotests-Triple-timeout-of-i-o.patch
Patch00108: tests-Fix-block-tests-to-be-compatible-w.patch
Patch00109: xen-ignore-live-parameter-from-xen-save-.patch
Patch00110: tests-change-error-message-in-test-162.patch
Patch00111: hw-intc-exynos4210_gic-provide-more-room.patch
Patch00112: configure-only-populate-roms-if-softmmu.patch
Patch00113: pc-bios-s390-ccw-net-avoid-warning-about.patch
Patch00114: roms-change-cross-compiler-naming-to-be-.patch
Patch00115: test-add-mapping-from-arch-of-i686-to-qe.patch
Patch00116: configure-remove-pkgversion-from-CONFIG_.patch
Patch00117: docs-add-SUSE-support-statements-to-html.patch
Patch00118: s390x-Fix-stringop-truncation-issue-repo.patch
Patch00119: Revert-qht-constify-qht_statistics_init.patch
Patch00120: qht-Revert-some-constification-in-qht.c.patch
Patch00121: meson-install-ivshmem-client-and-ivshmem.patch
Patch00122: Revert-roms-efirom-tests-uefi-test-tools.patch
Patch00123: Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Patch00124: roms-Makefile-add-cross-file-to-qboot-me.patch
Patch00125: usb-Help-compiler-out-to-avoid-a-warning.patch
Patch00126: module-for-virtio-gpu-pre-load-module-to.patch
Patch00127: qom-handle-case-of-chardev-spice-module-.patch
# Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch
@ -1203,23 +1204,24 @@ This package records qemu testsuite results and represents successful testing.
%patch00113 -p1
%patch00114 -p1
%patch00115 -p1
%if %{legacy_qemu_kvm}
%patch00116 -p1
%endif
%if %{legacy_qemu_kvm}
%patch00117 -p1
%endif
%patch00118 -p1
%patch00119 -p1
%patch00120 -p1
%patch00121 -p1
%patch00122 -p1
%ifarch aarch64
%patch00123 -p1
%endif
%ifarch %arm %ix86 ppc
%ifarch aarch64
%patch00124 -p1
%endif
%ifarch %arm %ix86 ppc
%patch00125 -p1
%endif
%patch00126 -p1
%patch00127 -p1
%patch01000 -p1
%patch01001 -p1
%patch01002 -p1

6
supported.arm.txt
View File

@ -227,7 +227,6 @@ Deprecated, Superseded, Modified and Dropped Features
- These previously supported QMP commands are now deprecated:
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add
migrate-set-cache-size (use migrate-set-parameters instead)
migrate_set_downtime (use migrate-set-parameters instead)
migrate_set_speed (use migrate-set-parameters instead)
@ -236,15 +235,15 @@ Deprecated, Superseded, Modified and Dropped Features
query-migrate-cache-size (use query-migrate-parameters instead)
- This previously supported QMP command is no longer recognized:
cpu-add (use device_add instead)
- These previously supported monitor commands are now deprecated:
change
cpu-add
migrate_set_downtime
migrate_set_speed
- These previously supported monitor commands are no longer recognized:
cpu-add
cpu-add (use device_add instead)
pci_add (use device_add instead)
pci_del (use device_del instead)
usb_add (use device_add instead)
@ -547,7 +546,6 @@ QEMU Command-Line and Monitor Syntax and Support
closefd
cont
cpu
cpu-add
device_add
device_del
device-list-properties

7
supported.s390.txt
View File

@ -220,7 +220,6 @@ Deprecated, Superseded, Modified and Dropped Features
- These previously supported QMP commands are now deprecated:
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add
migrate-set-cache-size (use migrate-set-parameters instead)
migrate_set_downtime (use migrate-set-parameters instead)
migrate_set_speed (use migrate-set-parameters instead)
@ -228,13 +227,16 @@ Deprecated, Superseded, Modified and Dropped Features
query-events
query-migrate-cache-size (use query-migrate-parameters instead)
- This previously supported QMP command is no longer recognized:
cpu-add (use device_add instead)
- These previously supported monitor commands are now deprecated:
change
migrate_set_downtime
migrate_set_speed
- These previously supported monitor commands are no longer recognized:
cpu-add
cpu-add (use device_add instead)
pci_add (use device_add instead)
pci_del (use device_del instead)
@ -540,7 +542,6 @@ QEMU Command-Line and Monitor Syntax and Support
closefd
cont
cpu
cpu-add
device_add
device_del
device-list-properties

7
supported.x86.txt
View File

@ -305,7 +305,6 @@ Deprecated, Superseded, Modified and Dropped Features
- These previously supported QMP commands are now deprecated:
change (use blockdev-change-medium or change-vnc-password instead)
cpu-add
migrate-set-cache-size (use migrate-set-parameters instead)
migrate_set_downtime (use migrate-set-parameters instead)
migrate_set_speed (use migrate-set-parameters instead)
@ -313,13 +312,16 @@ Deprecated, Superseded, Modified and Dropped Features
query-events
query-migrate-cache-size (use query-migrate-parameters instead)
- This previously supported QMP command is no longer recognized:
cpu-add (use device_add instead)
- These previously supported monitor commands are now deprecated:
change
migrate_set_downtime
migrate_set_speed
- These previously supported monitor commands are no longer recognized:
cpu-add
cpu-add (use device_add instead)
cpu_set
pci_add (use device_add instead)
pci_del (use device_del instead)
@ -666,7 +668,6 @@ QEMU Command-Line and Monitor Syntax and Support
closefd
cont
cpu
cpu-add
device_add
device_del
device-list-properties