-
Tue Sep 19 2023 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-8.el8
- kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35822587]
- KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35822587]
- accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35822587]
- dump: kdump-zlib data pages not dumped with pvtime/aarch64 (Dongli Zhang) [Orabug: 35775461]
- target/i386: properly reset TSC on reset (Paolo Bonzini) [Orabug: 35767315]
-
Wed Aug 30 2023 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-7.el8
- CVE-2023-4135 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35752193] {CVE-2023-4135}
- virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35752194] {CVE-2023-3180}
- ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) [Orabug: 35752186] {CVE-2023-3255}
- io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrangé) [Orabug: 35752182] {CVE-2023-3354}
- 9pfs: prevent opening special files (CVE-2023-2861) (Christian Schoenebeck) [Orabug: 35752178] {CVE-2023-2861}
- hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35752171] {CVE-2023-0330}
- hw: Add compat machines for 6.2 (Yanan Wang) [Orabug: 35646490]
- vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug: 35662843] {CVE-2023-3301}
- dump: fix kdump to work over non-aligned blocks (Marc-André Lureau) [Orabug: 35557771]
- dump: simplify a bit kdump get_next_page() (Marc-André Lureau) [Orabug: 35557771]
- dump: Remove is_zero_page() (Juan Quintela) [Orabug: 35557771]
- qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [Orabug: 34510460]
- i386: do kvm_put_msr_feature_control() first thing when vCPU is reset (Vitaly Kuznetsov) [Orabug: 34319512]
- i386: reset KVM nested state upon CPU reset (Vitaly Kuznetsov) [Orabug: 34319512]
-
Tue Apr 18 2023 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-6.el8
- CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35305727] {CVE-2023-1544}
- virtio-gpu: do not byteswap padding (Paolo Bonzini) [Orabug: 35304723]
- KVM: x86: workaround invalid CPUID[0xD,9] info on some AMD processors (Paolo Bonzini) [Orabug: 35241527]
- qemu-kvm.spec: fix Linux io_uring support (Mark Kanda) [Orabug: 35265200]
- hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) [Orabug: 35219290]
-
Wed Feb 08 2023 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-5.el8
- hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35064352] {CVE-2022-1050}
- hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion (Philippe Mathieu-Daudé) [Orabug: 35060182]
- hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daudé) [Orabug: 35060182] {CVE-2022-4144}
- hw/display/qxl: Pass requested buffer size to qxl_phys2virt() (Philippe Mathieu-Daudé) [Orabug: 35060182]
- hw/display/qxl: Document qxl_phys2virt() (Philippe Mathieu-Daudé) [Orabug: 35060182]
- hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler (Philippe Mathieu-Daudé) [Orabug: 35060182]
- ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext (Mauro Matteo Cascella) [Orabug: 35060115] {CVE-2022-3165}
- hw/arm/virt: build SMBIOS 19 table (Mihai Carabas)
- vl: Add an -action option to override MCE handling (Mark Kanda) [Orabug: 34779160]
- hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779541] {CVE-2022-4172}
- target/i386: kvm: do not access uninitialized variable on older kernels (Paolo Bonzini) [Orabug: 34492975]
- x86: Support XFD and AMX xsave data migration (Zeng Guang) [Orabug: 34492975]
- x86: add support for KVM_CAP_XSAVE2 and AMX state migration (Jing Liu) [Orabug: 34492975]
- x86: Add AMX CPUIDs enumeration (Jing Liu) [Orabug: 34492975]
- x86: Add XFD faulting bit for state components (Jing Liu) [Orabug: 34492975]
- x86: Grant AMX permission for guest (Yang Zhong) [Orabug: 34492975]
- x86: Add AMX XTILECFG and XTILEDATA components (Jing Liu) [Orabug: 34492975]
- x86: Fix the 64-byte boundary enumeration for extended state (Jing Liu) [Orabug: 34492975]
- linux-headers: include missing changes from 5.17 (Paolo Bonzini) [Orabug: 34492975]
- linux-headers: Update headers to v5.17-rc1 (Vivek Goyal) [Orabug: 34492975]
- linux-headers: update to 5.16-rc1 (Paolo Bonzini) [Orabug: 34492975]
- i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type (Joao Martins)
- i386/pc: relocate 4g start to 1T where applicable (Joao Martins)
- i386/pc: bounds check phys-bits against max used GPA (Joao Martins)
- i386/pc: factor out device_memory base/size to helper (Joao Martins)
- i386/pc: factor out above-4g end to an helper (Joao Martins)
- i386/pc: pass pci_hole64_size to pc_memory_init() (Joao Martins)
- i386/pc: create pci-host qdev prior to pc_memory_init() (Joao Martins)
- hw/i386: add 4g boundary start to X86MachineState (Joao Martins)
- vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu)
- net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell)
- vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu)
-
Tue Sep 13 2022 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-4.el8
- display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34591445] {CVE-2021-4207}
- ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34591281] {CVE-2021-4206}
- scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216}
- scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216}
- tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216}
- hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216}
- virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 34538375] {CVE-2022-26353}
- vfio: defer to commit kvm irq routing when enable msi/msix (Mike Longpeng) [Orabug: 34528963]
- Revert "vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration" (Mike Longpeng) [Orabug: 34528963]
- vfio: simplify the failure path in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963]
- vfio: move re-enabling INTX out of the common helper (Mike Longpeng) [Orabug: 34528963]
- vfio: simplify the conditional statements in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963]
- kvm/msi: do explicit commit when adding msi routes (Mike Longpeng) [Orabug: 34528963]
- kvm-irqchip: introduce new API to support route change (Mike Longpeng) [Orabug: 34528963]
- event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34528963]
- virtio-net: don't handle mq request in userspace handler for vhost-vdpa (Si-Wei Liu)
- vhost-vdpa: change name and polarity for vhost_vdpa_one_time_request() (Si-Wei Liu)
- vhost-vdpa: backend feature should set only once (Si-Wei Liu)
- vhost-net: fix improper cleanup in vhost_net_start (Si-Wei Liu)
- vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa (Si-Wei Liu)
- virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa (Si-Wei Liu)
- virtio-net: setup vhost_dev and notifiers for cvq only when feature is negotiated (Si-Wei Liu)
- virtio: fix the condition for iommu_platform not supported (Halil Pasic)
- vdpa: Make ncs autofree (Eugenio Perez)
- vhost-vdpa: make notifiers _init()/_uninit() symmetric (Laurent Vivier)
- hw/virtio: vdpa: Fix leak of host-notifier memory-region (Laurent Vivier)
- vhost-vdpa: stick to -errno error return convention (Roman Kagan)
- vdpa: Add dummy receive callback (Eugenio Perez)
- vdpa: Check for existence of opts.vhostdev (Eugenio Perez)
- vdpa: Replace qemu_open_old by qemu_open at (Eugenio Perez)
- vhost: Fix last vq queue index of devices with no cvq (Eugenio Perez)
- vhost: Rename last_index to vq_index_end (Eugenio Perez)
- net/vhost-vdpa: fix memory leak in vhost_vdpa_get_max_queue_pairs() (Stefano Garzarella)
- vhost-vdpa: Set discarding of RAM broken when initializing the backend (David Hildenbrand)
- vhost-vdpa: multiqueue support (Jason Wang)
- virtio-net: vhost control virtqueue support (Jason Wang)
- vhost: record the last virtqueue index for the virtio device (Jason Wang)
- virtio-net: use "queue_pairs" instead of "queues" when possible (Jason Wang)
- vhost-net: control virtqueue support (Jason Wang)
- net: introduce control client (Jason Wang)
- vhost-vdpa: let net_vhost_vdpa_init() returns NetClientState * (Jason Wang)
- vhost-vdpa: prepare for the multiqueue support (Jason Wang)
- vhost-vdpa: classify one time request (Jason Wang)
- vhost-vdpa: open device fd in net_init_vhost_vdpa() (Jason Wang)
- vdpa: Check for iova range at mappings changes (Eugenio Perez)
- vdpa: Add vhost_vdpa_section_end (Eugenio Perez)
- net/vhost-vdpa: Fix device compatibility check (Kevin Wolf)
- net/vhost-user: Fix device compatibility check (Kevin Wolf)
- net: Introduce NetClientInfo.check_peer_type() (Kevin Wolf)
- memory: Name all the memory listeners (Peter Xu)
- vhost-vdpa: remove the unncessary queue_index assignment (Jason Wang)
- vhost-vdpa: fix the wrong assertion in vhost_vdpa_init() (Jason Wang)
- vhost-vdpa: tweak the error label in vhost_vdpa_add() (Jason Wang)
- vhost-vdpa: fix leaking of vhost_net in vhost_vdpa_add() (Jason Wang)
- vhost-vdpa: don't cleanup twice in vhost_vdpa_add() (Jason Wang)
- vhost-vdpa: remove the unnecessary check in vhost_vdpa_add() (Jason Wang)
- vhost_net: do not assume nvqs is always 2 (Jason Wang)
- vhost: use unsigned int for nvqs (Jason Wang)
- vhost_net: remove the meaningless assignment in vhost_net_start_one() (Jason Wang)
- vhost-vdpa: correctly return err in vhost_vdpa_set_backend_cap() (Jason Wang)
- vhost-vdpa: remove unused variable "acked_features" (Jason Wang)
- vhost: correctly detect the enabling IOMMU (Jason Wang)
- virtio-pci: implement iommu_enabled() (Jason Wang)
- virtio-bus: introduce iommu_enabled() (Jason Wang)
- hw/virtio: Fix leak of host-notifier memory-region (Yajun Wu)
- vhost-vdpa: Do not send empty IOTLB update batches (Eugenio Perez)
- target/i386/kvm: Fix disabling MPX on "-cpu host" with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615]
-
Fri Apr 08 2022 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-3.el8
- acpi: pcihp: pcie: set power on cap on parent slot (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665]
- pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665]
- pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665]
- pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665]
- pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665]
- pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665]
- pci: implement power state (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665]
- tests: bios-tables-test update expected blobs (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665]
- hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665]
- bios-tables-test: Allow changes in DSDT ACPI tables (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665]
- hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665]
-
Wed Mar 09 2022 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-2.el8
- vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941752] {CVE-2022-26354}
- qemu_regdump.py/qmp-regdump: Switch to Python 3 (Karl Heubaum)
- block/mirror: fix NULL pointer dereference in mirror_wait_on_conflicts() (Stefano Garzarella) [Orabug: 33916572] {CVE-2021-4145}
-
Fri Feb 25 2022 Karl Heubaum <karl.heubaum@oracle.com> - 6.1.1-1.el8
- ACPI ERST: step 6 of bios-tables-test.c (Eric DeVolder)
- ACPI ERST: bios-tables-test testcase (Eric DeVolder)
- ACPI ERST: qtest for ERST (Eric DeVolder)
- ACPI ERST: create ACPI ERST table for pc/x86 machines (Eric DeVolder)
- ACPI ERST: build the ACPI ERST table (Eric DeVolder)
- ACPI ERST: support for ACPI ERST feature (Eric DeVolder)
- ACPI ERST: header file for ERST (Eric DeVolder)
- ACPI ERST: PCI device_id for ERST (Eric DeVolder)
- hw/nvme: fix CVE-2021-3929 (Klaus Jensen) [Orabug: 33866395] {CVE-2021-3929}
- oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402]
- oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402]
- tests/plugin/syscall.c: fix compiler warnings (Juro Bystricky)
- virtio-net-pci: Don't use "efi-virtio.rom" on AArch64 (Mark Kanda)
- migration: increase listening socket backlog (Elena Ufimtseva)
- virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum)
- virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) (Vivek Goyal) [Orabug: 33816690] {CVE-2022-0358}
- acpi: validate hotplug selector on access (Michael S. Tsirkin) [Orabug: 33816625] {CVE-2021-4158}
- Update to QEMU 6.1.1 (Karl Heubaum)
-
Wed Jan 19 2022 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1.15.el8
- qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340]
- Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947}
- hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daudé) [Orabug: 32439466] {CVE-2021-20196}
- hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daudé) [Orabug: 32439466] {CVE-2021-20196}
- net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203}
- lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416}
- tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416}
- target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini)
- target/i386: Observe XSAVE state area offsets (Paolo Bonzini)
- target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini)
- target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini)
- target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini)
- target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini)
- target/i386: Declare constants for XSAVE offsets (Paolo Bonzini)
-
Wed Dec 22 2021 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-14.el8
- scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443]
- scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443]
- scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443]
- scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443]
- scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443]
- scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443]
- scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443]
- scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443]
- scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443]
- scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443]