-
Wed Jun 29 2022 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-18.el7
- block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Orabug: 33785156]
- file-posix: try BLKSECTGET on block devices too, do not round to power of 2 (Paolo Bonzini) [Orabug: 33785156]
- block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785156]
- block-backend: align max_transfer to request alignment (Paolo Bonzini) [Orabug: 33785156]
- osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156]
- scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo Bonzini) [Orabug: 33785156]
- file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 33785156]
- display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207}
- ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34049509] {CVE-2021-4206}
- hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Mathieu-Daudé) [Orabug: 32860387] {CVE-2021-3507}
- pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249]
- tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763]
- libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug: 34284758]
- libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) [Orabug: 34284768]
- target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615]
- i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost) [Orabug: 33860224]
- ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug: 25327652]
- tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 34132842]
-
Sun May 01 2022 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-17.el7
- arm/acpi: fix an out of spec _UID for PCI root (Michael S. Tsirkin)
- arm/acpi: fix duplicated _UID of PCI interrupt link devices (Heyi Guo)
- arm/acpi: fix PCI _PRT definition (Heyi Guo)
- docs: fix references to docs/devel/atomics.rst (Stefano Garzarella) [Orabug: 33659123]
- rcu: do not mention atomic_mb_read/set in documentation (Paolo Bonzini) [Orabug: 33659123]
- atomics: update documentation (Paolo Bonzini) [Orabug: 33659123]
- atomics: convert to reStructuredText (Paolo Bonzini) [Orabug: 33659123]
- async: use explicit memory barriers (Paolo Bonzini) [Orabug: 33659123]
- aio-wait: delegate polling of main AioContext if BQL not held (Paolo Bonzini) [Orabug: 33659123]
- qapi: Add '@allow-write-only-overlay' feature for 'blockdev-snapshot' (Peter Krempa) [Orabug: 33888021]
- iotests: Add iothread cases to 155 (Kevin Wolf) [Orabug: 33888021]
- block: Fix cross-AioContext blockdev-snapshot (Kevin Wolf) [Orabug: 33888021]
- iotests: Test mirror with temporarily disabled target backing file (Kevin Wolf) [Orabug: 33888021]
- iotests: Fix run_job() with use_log=False (Kevin Wolf) [Orabug: 33888021]
- block: Relax restrictions for blockdev-snapshot (Kevin Wolf) [Orabug: 33888021]
- block: Make bdrv_get_cumulative_perm() public (Kevin Wolf) [Orabug: 33888021]
- iotests: Use complete_and_wait() in 155 (Max Reitz) [Orabug: 33888021]
- iotests: Support job-complete in run_job() (Kevin Wolf) [Orabug: 33888021]
- linux-headers: update again to 5.8 (Paolo Bonzini) [Orabug: 34022218]
- virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 33941879] {CVE-2022-26353}
- vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941844] {CVE-2022-26354}
- virtio-net: fix use after unmap/free for sg (Jason Wang) [Orabug: 33972912] {CVE-2021-3748}
- migration: Report the error returned when save_live_iterate fails (David Edmondson)
-
Mon Mar 07 2022 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-16.el7
- Document CVE-2021-4145 as fixed (Mark Kanda) [Orabug: 33791496] {CVE-2021-4145}
- migration: Tally pre-copy, downtime and post-copy bytes independently (David Edmondson)
- migration: Introduce ram_transferred_add() (David Edmondson)
- ACPI ERST: specification for ERST support (Eric DeVolder)
- ACPI ERST: step 6 of bios-tables-test.c (Eric DeVolder)
- ACPI ERST: bios-tables-test testcase (Eric DeVolder)
- ACPI ERST: qtest for ERST (Eric DeVolder)
- ACPI ERST: create ACPI ERST table for pc/x86 machines (Eric DeVolder)
- ACPI ERST: build the ACPI ERST table (Eric DeVolder)
- ACPI ERST: support for ACPI ERST feature (Eric DeVolder)
- ACPI ERST: header file for ERST (Eric DeVolder)
- ACPI ERST: PCI device_id for ERST (Eric DeVolder)
- ACPI ERST: bios-tables-test.c steps 1 and 2 (Eric DeVolder)
- ACPI: cleanup bios-tables-test state (Eric DeVolder)
- KVM: x86: believe what KVM says about WAITPKG (Paolo Bonzini) [Orabug: 33832295]
- cputlb: destroy CPUTLB with tlb_destroy (Emilio G. Cota) [Orabug: 33428107]
-
Wed Jan 19 2022 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-15.el7
- Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-3947} {CVE-2021-4158}
- hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daudé) [Orabug: 32439466] {CVE-2021-20196}
- hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daudé) [Orabug: 32439466] {CVE-2021-20196}
- net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203}
- lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (David Edmondson)
- target/i386: Observe XSAVE state area offsets (David Edmondson)
- target/i386: Make x86_ext_save_areas visible outside cpu.c (David Edmondson)
- target/i386: Pass buffer and length to XSAVE helper (David Edmondson)
- target/i386: Clarify the padding requirements of X86XSaveArea (David Edmondson)
- target/i386: Consolidate the X86XSaveArea offset checks (David Edmondson)
- target/i386: Declare constants for XSAVE offsets (David Edmondson)
-
Wed Dec 22 2021 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-14.el7
- scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443]
- scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443]
- scsi: inline sg_io_sense_from_errno() into the callers. (Hannes Reinecke) [Orabug: 33537443]
- scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443]
- scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443]
- scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443]
- scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443]
- scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443]
- scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443]
-
Tue Dec 14 2021 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-13.el7
- pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug:
33642532]
-
Wed Dec 01 2021 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-12.1.el7
- Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- Revert "Update libslirp to v4.6.1" (Mark Kanda) [Orabug: 33607100]
-
Wed Nov 24 2021 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-12.el7
- hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson)
- pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706]
- pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706]
- pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706]
- pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706]
- pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706]
- pci: implement power state (Gerd Hoffmann) [Orabug: 33450706]
- hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706]
- hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706]
- hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706]
- pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706]
- qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706]
- i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard)
- uas: add stream number sanity checks. (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713}
- usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682}
- hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930}
- e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257}
- Update libslirp to v4.6.1 (Marc-André Lureau) [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-10756} {CVE-2020-1983} {CVE-2020-29129} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595}
- virtio-net-pci: Don't use "efi-virtio.rom" on AArch64 (Mark Kanda)
- MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng)
- target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng)
- ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng)
- KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng)
- ACPI: Record the Generic Error Status Block address (Dongjiu Geng)
- ACPI: Build Hardware Error Source Table (Dongjiu Geng)
- ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng)
- docs: APEI GHES generation and CPER record description (Dongjiu Geng)
- hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng)
- acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng)
- block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589]
- block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589]
-
Sun Jul 25 2021 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-11.el7
- pvrdma: Fix the ring init error flow (CVE-2021-3608) (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608}
- pvrdma: Ensure correct input on ring init (CVE-2021-3607) (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607}
- hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582}
- vhost-user-gpu: reorder free calls. (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
- vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546) (Li Qiang) [Orabug: 32950716] {CVE-2021-3546}
- vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544) (Li Qiang) [Orabug: 32950701] {CVE-2021-3544}
- vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545) (Li Qiang) [Orabug: 32950708] {CVE-2021-3545}
- usb: limit combined packets to 1 MiB (CVE-2021-3527) (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
- usb/redir: avoid dynamic stack allocation (CVE-2021-3527) (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527}
- mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392}
-
Mon Jun 14 2021 Mark Kanda <mark.kanda@oracle.com> - 15:4.2.1-10.el7
- e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257}
- Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661}
- block: Avoid stale pointer dereference in blk_get_aio_context() (Greg Kurz)
- block: Fix blk->in_flight during blk_wait_while_drained() (Kevin Wolf)
- block: Increase BB.in_flight for coroutine and sync interfaces (Kevin Wolf)
- block-backend: Reorder flush/pdiscard function definitions (Kevin Wolf)