Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: df3768b1a4817ba0ac454cf67826f2dd722db7a4
https://github.com/qemu/qemu/commit/df3768b1a4817ba0ac454cf67826f2dd722db7a4
Author: Richard Henderson <[email protected]>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M target/arm/vec_helper.c
Log Message:
-----------
target/arm: Fix VCMLA Dd, Dn, Dm[idx]
The inner loop, bounded by eltspersegment, must not be
larger than the outer loop, bounded by elements.
Cc: [email protected]
Fixes: 18fc2405781 ("target/arm: Implement SVE fp complex multiply add
(indexed)")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2376
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 76bccf3cb9d9383da0128bbc6d1300cddbe3ae8f)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 149bc216f295380b1a7b96e518f34bdbc9aecd6e
https://github.com/qemu/qemu/commit/149bc216f295380b1a7b96e518f34bdbc9aecd6e
Author: Kevin Wolf <[email protected]>
Date: 2024-07-03 (Wed, 03 Jul 2024)
Changed paths:
M block/qcow2.c
M tests/qemu-iotests/061
M tests/qemu-iotests/061.out
Log Message:
-----------
qcow2: Don't open data_file with BDRV_O_NO_IO
One use case for 'qemu-img info' is verifying that untrusted images
don't reference an unwanted external file, be it as a backing file or an
external data file. To make sure that calling 'qemu-img info' can't
already have undesired side effects with a malicious image, just don't
open the data file at all with BDRV_O_NO_IO. If nothing ever tries to do
I/O, we don't need to have it open.
This changes the output of iotests case 061, which used 'qemu-img info'
to show that opening an image with an invalid data file fails. After
this patch, it succeeds. Replace this part of the test with a qemu-io
call, but keep the final 'qemu-img info' to show that the invalid data
file is correctly displayed in the output.
Fixes: CVE-2024-4467
Cc: [email protected]
Signed-off-by: Kevin Wolf <[email protected]>
Reviewed-by: Eric Blake <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
(cherry picked from commit bd385a5298d7062668e804d73944d52aec9549f1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7e3a2a0ee636d76723b63eaf304306bfa04939ae
https://github.com/qemu/qemu/commit/7e3a2a0ee636d76723b63eaf304306bfa04939ae
Author: Kevin Wolf <[email protected]>
Date: 2024-07-03 (Wed, 03 Jul 2024)
Changed paths:
M tests/qemu-iotests/244
Log Message:
-----------
iotests/244: Don't store data-file with protocol in image
We want to disable filename parsing for data files because it's too easy
to abuse in malicious image files. Make the test ready for the change by
passing the data file explicitly in command line options.
Cc: [email protected]
Signed-off-by: Kevin Wolf <[email protected]>
Reviewed-by: Eric Blake <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
(cherry picked from commit 2eb42a728d27a43fdcad5f37d3f65706ce6deba5)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 35eb3e49a76a85fe889d2fa25af7cbfbd2b5833c
https://github.com/qemu/qemu/commit/35eb3e49a76a85fe889d2fa25af7cbfbd2b5833c
Author: Kevin Wolf <[email protected]>
Date: 2024-07-03 (Wed, 03 Jul 2024)
Changed paths:
M tests/qemu-iotests/270
Log Message:
-----------
iotests/270: Don't store data-file with json: prefix in image
We want to disable filename parsing for data files because it's too easy
to abuse in malicious image files. Make the test ready for the change by
passing the data file explicitly in command line options.
Cc: [email protected]
Signed-off-by: Kevin Wolf <[email protected]>
Reviewed-by: Eric Blake <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
(cherry picked from commit 7e1110664ecbc4826f3c978ccb06b6c1bce823e6)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 0408443ecb8785a20652b529aa61f020e304112c
https://github.com/qemu/qemu/commit/0408443ecb8785a20652b529aa61f020e304112c
Author: Kevin Wolf <[email protected]>
Date: 2024-07-04 (Thu, 04 Jul 2024)
Changed paths:
M block.c
Log Message:
-----------
block: Parse filenames only when explicitly requested
When handling image filenames from legacy options such as -drive or from
tools, these filenames are parsed for protocol prefixes, including for
the json:{} pseudo-protocol.
This behaviour is intended for filenames that come directly from the
command line and for backing files, which may come from the image file
itself. Higher level management tools generally take care to verify that
untrusted images don't contain a bad (or any) backing file reference;
'qemu-img info' is a suitable tool for this.
However, for other files that can be referenced in images, such as
qcow2 data files or VMDK extents, the string from the image file is
usually not verified by management tools - and 'qemu-img info' wouldn't
be suitable because in contrast to backing files, it already opens these
other referenced files. So here the string should be interpreted as a
literal local filename. More complex configurations need to be specified
explicitly on the command line or in QMP.
This patch changes bdrv_open_inherit() so that it only parses filenames
if a new parameter parse_filename is true. It is set for the top level
in bdrv_open(), for the file child and for the backing file child. All
other callers pass false and disable filename parsing this way.
Cc: [email protected]
Signed-off-by: Kevin Wolf <[email protected]>
Reviewed-by: Eric Blake <[email protected]>
Reviewed-by: Stefan Hajnoczi <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
(cherry picked from commit 7ead946998610657d38d1a505d5f25300d4ca613)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: backport patch to 7.2, without:
v8.0.0-2069-g8394c35ee148 "block: Fix AioContext locking in bdrv_open_child()"
v8.1.0-801-gafdaeb9ea06e "block: Mark bdrv_attach_child() GRAPH_WRLOCK"
v8.2.0-rc0-59-g6bc0bcc89f84 "block: Fix deadlocks in bdrv_graph_wrunlock()"
v8.2.0-132-g6bc30f194985 "graph-lock: remove AioContext locking"
v8.2.0-133-gb49f4755c7fa "block: remove AioContext locking")
Compare: https://github.com/qemu/qemu/compare/9804d797b9f9...0408443ecb87
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
