-
Wed Oct 09 2024 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-35.el8
- hw/vfio/pci-quirks: Sanitize capability pointer (Alex Williamson) [Orabug: 37096901]
- hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques (Alex Williamson) [Orabug: 37096901]
- hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (Philippe Mathieu-Daudé) [Orabug: 36659053] {CVE-2024-3447}
-
Thu May 23 2024 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-34.el8
- multifd: fix the multifd initialization (Elena Ufimtseva) [Orabug: 36598610]
- hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36604206]
- scsi: make io_timeout configurable (Hannes Reinecke) [Orabug: 36604206]
- target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607762]
-
Mon Apr 15 2024 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-32.el8
- Document CVEs as fixed (Mark Kanda) [Orabug: 36455470] [Orabug: 36455480] [Orabug: 36455529] [Orabug: 36455489] [Orabug: 36455500] [Orabug: 36455512] [Orabug: 36455520] {CVE-2023-4135} {CVE-2023-3255} {CVE-2023-6683} {CVE-2023-40360} {CVE-2023-42467} {CVE-2024-26327} {CVE-2024-24474}
- hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35250119] {CVE-2023-1544}
- hw/pflash_cfi01: allow smaller backing devices in postload_update_cb() (Mark Kanda) [Orabug: 36378764]
- hw/block/pflash: Check return value of blk_pwrite() (Mansour Ahmadi) [Orabug: 36378764]
- net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019}
- net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019}
- lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 36425307] {CVE-2021-3750}
- memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750}
- util/async: add a human-readable name to BHs for debugging (Stefan Hajnoczi) [Orabug: 36425307] {CVE-2021-3750}
- io: remove io watch if TLS channel is closed during handshake (Daniel Berrangé) [Orabug: 35595204] {CVE-2023-3354}
- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088}
- hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088}
- accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025) (Alex Bennée) [Orabug: 36327651] {CVE-2020-24165}
- physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35886091]
- qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091]
- qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091]
- qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35886091]
- aio_wait_kick: add missing memory barrier (Emanuele Giuseppe Esposito) [Orabug: 35886091]
- hw/smbios: Fix core count in type4 (Zhao Liu) [Orabug: 35876036]
- hw/smbios: Fix thread count in type4 (Zhao Liu) [Orabug: 35876036]
- hw/smbios: Fix smbios_smp_sockets caculation (Zhao Liu) [Orabug: 35876036]
- machine: Add helpers to get cores/threads per socket (Zhao Liu) [Orabug: 35876036]
- machine: move dies from X86MachineState to CpuTopology (Paolo Bonzini) [Orabug: 35876036]
- machine: move SMP initialization from vl.c (Paolo Bonzini) [Orabug: 35876036]
- machine: move UP defaults to class_base_init (Paolo Bonzini) [Orabug: 35876036]
- virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35724113] {CVE-2023-3180}
- hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35724112] {CVE-2023-0330}
-
Mon Aug 28 2023 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-27.1.el8
- kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35719844]
- KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35719844]
- accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35719844]
- KVM: Use a big lock to replace per-kml slots_lock (Peter Xu) [Orabug: 35719844]
-
Fri Jun 16 2023 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-27.el8
- hw/arm/virt: Add nvdimm hotplug support (Shameer Kolothum) [Orabug: 35505663]
- hw/arm/virt: Add nvdimm hot-plug infrastructure (Kwangwoo Lee) [Orabug: 35505663]
- nvdimm: Use configurable ACPI IO base and size (Kwangwoo Lee) [Orabug: 35505663]
- target/i386: define a new MSR based feature word - FEAT_PERF_CAPABILITIES (Like Xu) [Orabug: 35370615]
-
Thu Apr 20 2023 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-26.el8
- migration: check magic value for deciding the mapping of channels (Manish Mishra) [Orabug: 34735462]
- io: Add support for MSG_PEEK for socket channel (Manish Mishra) [Orabug: 34735462]
- migration: Move channel setup out of postcopy_try_recover() (Peter Xu) [Orabug: 34735462]
- vdpa: commit all host notifier MRs in a single MR transaction (Mike Longpeng) [Orabug: 35252234]
- vhost: configure all host notifiers in a single MR transaction (Mike Longpeng) [Orabug: 35252234]
- vhost: simplify vhost_dev_enable_notifiers (Mike Longpeng) [Orabug: 35252234]
- pcie: Do not update hotplugged device power in RUN_STATE_INMIGRATE state (Annie Li) [Orabug: 35055290]
- qga/win32: Use rundll for VSS installation (Konstantin Kostiuk) [Orabug: 35206108] {CVE-2023-0664}
- qga/win32: Remove change action from MSI installer (Konstantin Kostiuk) [Orabug: 35206108] {CVE-2023-0664}
- hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion (Philippe Mathieu-Daudé) [Orabug: 34846087]
- hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daudé) [Orabug: 34846087] {CVE-2022-4144}
- hw/display/qxl: Pass requested buffer size to qxl_phys2virt() (Philippe Mathieu-Daudé) [Orabug: 34846087]
- hw/display/qxl: Document qxl_phys2virt() (Philippe Mathieu-Daudé) [Orabug: 34846087]
- hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler (Philippe Mathieu-Daudé) [Orabug: 34846087]
- virtio-blk: On restart, process queued requests in the proper context (Sergio Lopez) [Orabug: 35060530]
- virtio-blk: Refactor the code that processes queued requests (Sergio Lopez) [Orabug: 35060530]
- hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) [Orabug: 35219223]
- modules: load modules from /var/run/qemu/ directory firstly (Siddhi Katage) [Orabug: 34867783]
- qemu.spec: Add post-install script for block storage modules (Siddhi Katage) [Orabug: 34867783]
- qemu.spec: Enable '-module-upgrades' for OL7 (Siddhi Katage) [Orabug: 34867783]
- module: increase dirs array size by one (Bruce Rogers) [Orabug: 34867783]
- modules: load modules from versioned /var/run dir (Christian Ehrhardt) [Orabug: 34867783]
- blockjob: Fix crash with IOthread when block commit after snapshot (Michael Qiu) [Orabug: 35118668]
-
Fri Feb 10 2023 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-25.el8
- target/i386/kvm: get and put AMD pmu registers (Dongli Zhang) [Orabug: 34641255]
- i386/kvm: fix a use-after-free when vcpu plug/unplug (Pan Nengyuan) [Orabug: 34859902]
- memory: batch allocate ioeventfds[] in address_space_update_ioeventfds() (Stefan Hajnoczi) [Orabug: 34538900]
- virtio-blk: Fix clean up of host notifiers for single MR transaction (Mark Mielke) [Orabug: 34538900]
- virtio-scsi: Configure all host notifiers in a single MR transaction (Greg Kurz) [Orabug: 34538900]
- virtio-scsi: Set host notifiers and callbacks separately (Greg Kurz) [Orabug: 34538900]
- virtio-blk: Configure all host notifiers in a single MR transaction (Greg Kurz) [Orabug: 34538900]
- virtio-blk: Fix rollback path in virtio_blk_data_plane_start() (Greg Kurz) [Orabug: 34538900]
- event_notifier: Set ->initialized earlier in event_notifier_init() (Greg Kurz) [Orabug: 34538900]
- virtio-scsi: don't process IO on fenced dataplane (Maxim Levitsky) [Orabug: 34538900]
- virtio-scsi: don't uninitialize queues that we didn't initialize (Maxim Levitsky) [Orabug: 34538900]
- hw/arm/virt: build SMBIOS 19 table (Mihai Carabas)
-
Thu Jan 05 2023 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-24.el8
- hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) (Philippe Mathieu-Daudé) [Orabug: 33930374] {CVE-2021-3638}
- tests/acpi: virt: update ACPI MADT and FADT binaries (Miguel Luis)
- acpi: arm/virt: madt: bump to revision 4 accordingly to ACPI 6.0 Errata A (Miguel Luis)
- acpi: arm/virt: madt: use build_append_int_noprefix() API to compose MADT table (Igor Mammedov)
- acpi: madt: arm/x86: use acpi_table_begin()/acpi_table_end() instead of build_header() (Igor Mammedov)
- hw/arm/virt-acpi-build:Remove dead assignment in build_madt() (Chen Qun)
- acpi: build_fadt: adapt FADT table names (Miguel Luis)
- acpi: fadt: support revision 6.0 of the ACPI specification (Miguel Luis)
- tests/acpi: virt: allow acpi MADT and FADT changes (Miguel Luis)
- Document CVE-2022-3165 as not applicable (Mark Kanda) [Orabug: 34713999] {CVE-2022-3165}
- Document CVE-2022-1050 as not applicable (Mark Kanda) [Orabug: 34132133] {CVE-2022-1050}
- hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779472] {CVE-2022-4172}
- vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu)
- net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell)
- vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu)
- hw/acpi/aml-build: Improve scalability of PPTT generation (Yanan Wang)
- tests/data/acpi/virt: update empty file for PPTT (Miguel Luis)
- hw/arm/virt-acpi-build: Generate PPTT table (Yanan Wang)
- tests/data/acpi/virt: Add an empty expected file for PPTT (Yanan Wang)
- hw/acpi/aml-build: Add PPTT table (Andrew Jones)
- hw/acpi/aml-build: Add Processor hierarchy node structure (Yanan Wang)
- machine: Add SMP Sockets in CpuTopology (Babu Moger)
- bios-tables-test: generate table for virt/DBG2 (Miguel Luis)
- hw/arm/virt_acpi_build: Generate DBG2 table (Eric Auger)
- tests/acpi: Add void table for virt/DBG2 bios-tables-test (Eric Auger)
- tests/acpi: virt: update ACPI GTDT binaries (Miguel Luis) [Orabug: 34711916]
- acpi: arm/virt: build_gtdt: fix invalid 64-bit physical addresses (Miguel Luis) [Orabug: 34711916]
- tests/acpi: virt: allow acpi GTDT changes (Miguel Luis) [Orabug: 34711916]
- acpi: fix OEM ID/OEM Table ID padding (Igor Mammedov) [Orabug: 34711916]
- acpi: arm/virt: build_gtdt: use acpi_table_begin()/acpi_table_end() instead of build_header() (Igor Mammedov) [Orabug: 34711916]
- acpi: add helper routines to initialize ACPI tables (Igor Mammedov) [Orabug: 34711916]
- acpi: declare the default assignable value for the ACPI table header (Miguel Luis) [Orabug: 34711916]
-
Tue Nov 29 2022 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-22.el8
- Revert "block: Set the name of BlockBackend if possible" (Joe Jin) [Orabug: 34841102]
- Revert "iotests: Adjust 186.out to account for 'null' node-name" (Joe Jin) [Orabug: 34841102]
-
Mon Oct 10 2022 Karl Heubaum <karl.heubaum@oracle.com> - 4.2.1-21.el8
- qemu-kvm.spec: Fix the qemu-regdump sos report plugin path (Mark Kanda) [Orabug: 34680062]
- qmp-regdump: Require python3 on OL8 (Mark Kanda) [Orabug: 34672256]
- iotests: Adjust 186.out to account for 'null' node-name (Mark Kanda) [Orabug: 34447388]
- block: Set the name of BlockBackend if possible (Annie Li) [Orabug: 34447388]
- acpi: Update _DSM method in expected files (Mark Kanda) [Orabug: 34616322]
- acpi/gpex: Fix cca attribute check for pxb device (Xingang Wang) [Orabug: 34616322]
- acpi: Enable pxb unit-test for ARM virt machine (Jiahui Cen) [Orabug: 34616322]
- Kconfig: Compile PXB for ARM_VIRT (Jiahui Cen) [Orabug: 34616322]
- acpi/gpex: Exclude pxb's resources from PCI0 (Jiahui Cen) [Orabug: 34616322]
- acpi/gpex: Inform os to keep firmware resource map (Jiahui Cen) [Orabug: 34616322]
- acpi: Add addr offset in build_crs (Jiahui Cen) [Orabug: 34616322]
- unit-test: Add testcase for pxb (Yubo Miao) [Orabug: 34616322]
- acpi: Align the size to 128k (Yubo Miao) [Orabug: 34616322]
- acpi/gpex: Build tables for pxb (Yubo Miao) [Orabug: 34616322]
- acpi: Extract crs build form acpi_build.c (Yubo Miao) [Orabug: 34616322]
- hw/arm/virt: Write extra pci roots into fw_cfg (Jiahui Cen) [Orabug: 34616322]
- fw_cfg: Refactor extra pci roots addition (Jiahui Cen) [Orabug: 34616322]
- acpi/gpex: Extract two APIs from acpi_dsdt_add_pci (Yubo Miao) [Orabug: 34616322]
- arm: use acpi_dsdt_add_gpex (Gerd Hoffman) [Orabug: 34616322]
- acpi: add acpi_dsdt_add_gpex (Gerd Hoffman) [Orabug: 34616322]
- acpi: Allow DSDT acpi table changes (Jiahui Cen) [Orabug: 34616322]
- move MemMapEntry (Gerd Hoffman) [Orabug: 34616322]
- scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34353672] {CVE-2022-0216}
- scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34353672] {CVE-2022-0216}
- tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daudé) [Orabug: 34353672] {CVE-2022-0216}
- hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daudé) [Orabug: 34353672] {CVE-2022-0216}
- vfio: defer to commit kvm irq routing when enable msi/msix (Mike Longpeng) [Orabug: 34419422]
- vfio: simplify the failure path in vfio_msi_enable (Mike Longpeng) [Orabug: 34419422]
- vfio: move re-enabling INTX out of the common helper (Mike Longpeng) [Orabug: 34419422]
- vfio: simplify the conditional statements in vfio_msi_enable (Mike Longpeng) [Orabug: 34419422]
- kvm/msi: do explicit commit when adding msi routes (Mike Longpeng) [Orabug: 34419422]
- kvm-irqchip: introduce new API to support route change (Mike Longpeng) [Orabug: 34419422]
- event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34419422]
- qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [Orabug: 34510460]