hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (CVE-2021-3750)
softmmu/physmem: Simplify flatview_write and address_space_access_valid
softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
(cherry picked from commit b39643dc6ee4fab61b1d840a1124cb407c7c0af1)
Change Ascend710's quirk regions to bar2 for internal causes.
And support Ascend710 2P format now.
Signed-off-by: Wu Binfeng <wubinfeng@huawei.com>
Signed-off-by: yezengruan <yezengruan@huawei.com>
(cherry picked from commit ce1ce575d621f918d1719f8d2fadbbcc68260ada)
vhost-vsock: detach the virqueue element in case of error (CVE-2022-26354)
virtio-net: fix map leaking on error during receive (CVE-2022-26353)
Signed-off-by: yezengruan <yezengruan@huawei.com>
The paramter 'cache' is invalid for host device(/dev/xxx). If
'qemu-img create' operator performed on host device, the host
device not support 'cache' would result 'qemu-img create excute'
failed.
Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
This option changes the thread local storage (TLS) model. Thread-local storage
is a mechanism by which variables are allocated in a way that causes one instance
of the variable per extant thread.
i.global-dynamic
Generates a generic TLS code. The code can be used everywhere and the code can access
variables defined anywhere else. This setting causes the largest size code to be generated
and uses the most run time to produce.
ii.local-dynamic
Generates an optimized TLS code. To use this setting, the thread-local variables must be
defined in the same object in which they are referenced.
iii.initial-exec
Generates a restrictive, optimized TLS code. To use this setting, the thread-local variables
accessed must be defined in one of the modules available to the program.
iv.local-exec
Generates the most restrictive TLS code. To use this setting, the thread-local variables
must be defined in the executable.
Optimize qemu cflags with '-ftls-model=initial-exec' which means we use initial-exec
mode.
pl011-reset-read-FIFO-when-UARTTIMSC-0-UARTICR-0xfff.patch
qcow2-fix-memory-leak-in-qcow2_read_extensions.patch
scsi-disk-define-props-in-scsi_block_disk-to-avoid-m.patch
pcie-Add-pcie-root-port-fast-plug-unplug-feature.patch
pcie-Compat-with-devices-which-do-not-support-Link-W.patch
Signed-off-by: Yan Wang <wangyan122@huawei.com>
acpi/madt: Factor out the building of MADT GICC struct
hw/arm/virt: Assign virt_madt_cpu_entry to acpi_ged madt_cpu hook
arm/virt/acpi: Factor out CPPC building from DSDT CPU aml
acpi/cpu: Prepare build_cpus_aml for arm virt
acpi/ged: Extend ACPI GED to support CPU hotplug
arm/cpu: assign arm_get_arch_id handler to get_arch_id hook
tests/acpi/bios-tables-test: Allow changes to virt/DSDT file
arm/virt: Attach ACPI CPU hotplug support to virt
tests/acpi/bios-table-test: Update expected virt/DSDT file
arm/virt: Add CPU hotplug framework
arm/virt: Add CPU topology support
test/numa: Adjust aarch64 numa test
hw/arm/virt: Factor out some CPU init codes to pre_plug hook
hw/arm/boot: Add manually register and trigger of CPU reset
arm/virt/gic: Construct irqs connection from create_gic
intc/gicv3_common: Factor out arm_gicv3_common_cpu_realize
intc/gicv3_cpuif: Factor out gicv3_init_one_cpuif
intc/kvm_gicv3: Factor out kvm_arm_gicv3_cpu_realize
hw/intc/gicv3: Add CPU hotplug realize hook
accel/kvm: Add pre-park vCPU support
intc/gicv3: Add pre-sizing capability to GICv3
acpi/madt: Add pre-sizing capability to MADT GICC struct
arm/virt: Add cpu_hotplug_enabled field
arm/virt/acpi: Extend cpufreq to support max_cpus
arm/virt: Pre-sizing MADT-GICC GICv3 and Pre-park KVM vCPU
arm/virt: Start up CPU hot-plug and cold-plug
Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
(cherry picked from commit 9390aa07e450024769ceb3bb3ab481af8911a77b)
virtio-scsi: bugfix: fix qemu crash for hotplug scsi disk with dataplane
virtio: net-tap: bugfix: del net client if net_init_tap_one failed
virtio: bugfix: clean up callback when del virtqueue
virtio-net: bugfix: do not delete netdev before virtio net
virtio-net: fix max vring buf size when set ring num
virtio: check descriptor numbers
virtio: bugfix: add rcu_read_lock when vring_avail_idx is called
virtio: print the guest virtio_net features that host does not support
virtio: bugfix: check the value of caches before accessing it
virtio-net: set the max of queue size to 4096
virtio-net: update the default and max of rx/tx_queue_size
vhost-user: add unregister_savevm when vhost-user cleanup
qemu-img: block: dont blk_make_zero if discard_zeroes false
vhost-user: Add support reconnect vhost-user socket
vhost-user: Set the acked_features to vm's featrue
vhost-user: add vhost_set_mem_table when vm load_setup at destination
vhost-user: add separate memslot counter for vhost-user
vhost-user: quit infinite loop while used memslots is more than the backend limit
qmp: add command to query used memslots of vhost-net and vhost-user
vhost-user-scsi: add support for SPDK hot upgrade
i6300esb watchdog: bugfix: Add a runstate transition
Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
bugfix: fix some illegal memory access and memory leak
bugfix: fix possible memory leak
bugfix: fix eventfds may double free when vm_id reused in ivshmem
block/mirror: fix file-system went to read-only after block-mirror
bugfix: fix mmio information leak and ehci vm escape 0-day vulnerability
target-i386: Fix the RES memory inc which caused by the coroutine created
Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
linux-headers: update against 5.10 and manual clear vfio dirty log series
vfio: Maintain DMA mapping range for the container
vfio/migration: Add support for manual clear vfio dirty log
update-linux-headers: Import iommu.h
vfio.h and iommu.h header update against 5.10
memory: Add new fields in IOTLBEntry
hw/arm/smmuv3: Improve stage1 ASID invalidation
hw/arm/smmu-common: Allow domain invalidation for NH_ALL/NSNH_ALL
memory: Add IOMMU_ATTR_VFIO_NESTED IOMMU memory region attribute
memory: Add IOMMU_ATTR_MSI_TRANSLATE IOMMU memory region attribute
memory: Introduce IOMMU Memory Region inject_faults API
iommu: Introduce generic header
pci: introduce PCIPASIDOps to PCIDevice
vfio: Force nested if iommu requires it
vfio: Introduce hostwin_from_range helper
vfio: Introduce helpers to DMA map/unmap a RAM section
vfio: Set up nested stage mappings
vfio: Pass stage 1 MSI bindings to the host
vfio: Helper to get IRQ info including capabilities
vfio/pci: Register handler for iommu fault
vfio/pci: Set up the DMA FAULT region
vfio/pci: Implement the DMA fault handler
hw/arm/smmuv3: Advertise MSI_TRANSLATE attribute
hw/arm/smmuv3: Store the PASID table GPA in the translation config
hw/arm/smmuv3: Fill the IOTLBEntry arch_id on NH_VA invalidation
hw/arm/smmuv3: Fill the IOTLBEntry leaf field on NH_VA invalidation
hw/arm/smmuv3: Pass stage 1 configurations to the host
hw/arm/smmuv3: Implement fault injection
hw/arm/smmuv3: Allow MAP notifiers
pci: Add return_page_response pci ops
vfio/pci: Implement return_page_response page response callback
vfio/common: Avoid unmap ram section at vfio_listener_region_del() in nested mode
vfio: Introduce helpers to mark dirty pages of a RAM section
vfio: Add vfio_prereg_listener_log_sync in nested stage
vfio: Add vfio_prereg_listener_log_clear to re-enable mark dirty pages
vfio: Add vfio_prereg_listener_global_log_start/stop in nested stage
hw/arm/smmuv3: Post-load stage 1 configurations to the host
vfio/common: Fix incorrect address alignment in vfio_dma_map_ram_section
vfio/common: Add address alignment check in vfio_listener_region_del
Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
(cherry picked from commit 45d983f4507f9f6089de83fcd4d3a2136876b566)
log: Add some logs on VM runtime path
qdev/monitors: Fix reundant error_setg of qdev_add_device
bios-tables-test: Allow changes to q35/SSDT.dimmpxm file
smbios: Add missing member of type 4 for smbios 3.0
bios-tables-test: Update expected q35/SSDT.dimmpxm file
net: eepro100: validate various address valuesi(CVE-2021-20255)
pci: check bus pointer before dereference
ide: ahci: add check to avoid null dereference (CVE-2019-12067)
tap: return err when tap TUNGETIFF fail
xhci: check reg to avoid OOB read
monitor: Discard BLOCK_IO_ERROR event when VM rebooted
monitor: limit io error qmp event to at most once per 60s
Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
Signed-off-by: imxcc <xingchaochao@huawei.com>
(cherry picked from commit 3cc842b5237fe9681d6eb2f59fca0652eb0ab0c3)
seabios-convert-value-of-be16_to_cpu-to-u64-before-s.patch:
be16_to_cpu(scsi_lun->lun[i]) is 16 bits and left shifting by more than 16
will have undefined behaviour. convert it to u64 before shifting.
seabios-do-not-give-back-high-ram.patch:
fix bug of Oracle 6 and 7 series virtual machines using the high ram returned by
sebios.
seabios-drop-yield-in-smp_setup.patch:
Fix SeaBIOS stuck problem becuase SeaBIOS open hardware interrupt
by invoking yield(). That's dangerous and unnecessary. Let's drop
it, and make the processing of setup smp more security in SeaBIOS.
seabios-fix-memory-leak-when-pci-check.patch:
fix code memory leak when pci check failed
free busses memory when pci_bios_check_devices function returns error in pci_setup()
seabios-increase-the-seabios-high-mem-zone-size.patch:
In terms of version and specification, under the maximum configuration
specification of the number of vcpus, virtio blocks and other features,
there exists bottleneck in seabios high_mem_zone, which results in the
memory application failure and causes the vm to fail to start.
Increase BUILD_MAX_HIGHTABLE to 512k.
seabios-increase-the-seabios-minibiostable.patch:
Increase the BUILD_MIN_BIOSTABLE to 4096;
support 25 virtio-blk(data) + 1 virtio-scsi(sys) + 1 virtio-net
Increase the BUILD_MIN_BIOSTABLE to 5120;
support 18 virtio-scsi while vm starts with IDE boot disk
Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
freeclock: add qmp command to get time offset of vm in seconds
freeclock: set rtc_date_diff for arm
freeclock: set rtc_date_diff for X86
Signed-off-by: Chen Qun<kuhn.chenqun@huawei.com>
