hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR (CVE-2021-3750)
softmmu/physmem: Simplify flatview_write and address_space_access_valid
softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
(cherry picked from commit b39643dc6ee4fab61b1d840a1124cb407c7c0af1)
Change Ascend710's quirk regions to bar2 for internal causes.
And support Ascend710 2P format now.
Signed-off-by: Wu Binfeng <wubinfeng@huawei.com>
Signed-off-by: yezengruan <yezengruan@huawei.com>
(cherry picked from commit ce1ce575d621f918d1719f8d2fadbbcc68260ada)
vhost-vsock: detach the virqueue element in case of error (CVE-2022-26354)
virtio-net: fix map leaking on error during receive (CVE-2022-26353)
Signed-off-by: yezengruan <yezengruan@huawei.com>
scsi-bus: fix incorrect call for blk_error_retry_reset_timeout()
Revert "monitor: limit io error qmp event to at most once per 60s"
Signed-off-by: Yan Wang <wangyan122@huawei.com>
Signed-off-by: yezengruan <yezengruan@huawei.com>
(cherry picked from commit 054b20fa4e67f996662bcb8cf12c305bcea83303)
The paramter 'cache' is invalid for host device(/dev/xxx). If
'qemu-img create' operator performed on host device, the host
device not support 'cache' would result 'qemu-img create excute'
failed.
Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
Description:
For coroutine live patch, we need find all coroutines stack and check them
before patching. There is no structure to manage all coroutines in qemu. So we
add a list which contain all running coroutines to accelerate libcare live
patch.
Signed-off-by: jiang-dawei15 <jiangdawei15@huawei.com>
Signed-off-by: yezengruan <yezengruan@huawei.com>
This option changes the thread local storage (TLS) model. Thread-local storage
is a mechanism by which variables are allocated in a way that causes one instance
of the variable per extant thread.
i.global-dynamic
Generates a generic TLS code. The code can be used everywhere and the code can access
variables defined anywhere else. This setting causes the largest size code to be generated
and uses the most run time to produce.
ii.local-dynamic
Generates an optimized TLS code. To use this setting, the thread-local variables must be
defined in the same object in which they are referenced.
iii.initial-exec
Generates a restrictive, optimized TLS code. To use this setting, the thread-local variables
accessed must be defined in one of the modules available to the program.
iv.local-exec
Generates the most restrictive TLS code. To use this setting, the thread-local variables
must be defined in the executable.
Optimize qemu cflags with '-ftls-model=initial-exec' which means we use initial-exec
mode.
The virtiofsd currently crashes when used with glibc 2.35.
That is due to the rseq system call being added to every thread
creation [1][2].
[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
This happens not at daemon start, but when a guest connects
/usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
-o source=/var/guests/j-virtiofs --socket-group=kvm
virtio_session_mount: Waiting for vhost-user socket connection...
# start ok, now guest will connect
virtio_session_mount: Received vhost-user socket connection
virtio_loop: Entry
fv_queue_set_started: qidx=0 started=1
fv_queue_set_started: qidx=1 started=1
Bad system call (core dumped)
We have to put rseq on the seccomp allowlist to avoid that the daemon
is crashing in this case.
Reported-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com
[Moved rseq to its alphabetically ordered position in the seccomp
allowlist.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: qinyu <qinyu16@huawei.com>
Fix commit 391dd8f1("scsi-bus: Refactor the code that retries requests"),
which split scsi_dma_restart_bh(), but the object_unref() belongs to
scsi_dma_restart_bh().
So, we should mv object_unref() from scsi_retry_requests() to
scsi_dma_restart_bh().
Signed-off-by: Yan Wang <wangyan122@huawei.com>
