* Mon Sep 16 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-10.el8
- kvm-spapr-xive-Mask-the-EAS-when-allocating-an-IRQ.patch [bz#1748725] - kvm-block-create-Do-not-abort-if-a-block-driver-is-not-a.patch [bz#1746267] - kvm-virtio-blk-Cancel-the-pending-BH-when-the-dataplane-.patch [bz#1717321] - kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749737] - Resolves: bz#1717321 (qemu-kvm core dumped when repeat "system_reset" multiple times during guest boot) - Resolves: bz#1746267 (qemu coredump: qemu-kvm: block/create.c:68: qmp_blockdev_create: Assertion `drv' failed) - Resolves: bz#1748725 ([ppc][migration][v6.3-rc1-p1ce8930]basic migration failed with "qemu-kvm: KVM_SET_DEVICE_ATTR failed: Group 3 attr 0x0000000000001309: Device or resource busy") - Resolves: bz#1749737 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-av-8])
This commit is contained in:
parent
200e3560ab
commit
a05903a904
|
@ -0,0 +1,61 @@
|
||||||
|
From 01e95b17878444859b15e79f7690d32a3532907e Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||||
|
Date: Mon, 16 Sep 2019 17:07:00 +0100
|
||||||
|
Subject: [PATCH 4/4] Using ip_deq after m_free might read pointers from an
|
||||||
|
allocation reuse.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Message-id: <20190916170700.647-2-philmd@redhat.com>
|
||||||
|
Patchwork-id: 90470
|
||||||
|
O-Subject: [RHEL-AV-8.1.0 qemu-kvm PATCH 1/1] Using ip_deq after m_free might read pointers from an allocation reuse.
|
||||||
|
Bugzilla: 1749737
|
||||||
|
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
||||||
|
RH-Acked-by: John Snow <jsnow@redhat.com>
|
||||||
|
|
||||||
|
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||||
|
|
||||||
|
This would be difficult to exploit, but that is still related with
|
||||||
|
CVE-2019-14378 which generates fragmented IP packets that would trigger this
|
||||||
|
issue and at least produce a DoS.
|
||||||
|
|
||||||
|
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||||
|
(cherry picked from libslirp commit c59279437eda91841b9d26079c70b8a540d41204)
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
slirp/src/ip_input.c | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/slirp/src/ip_input.c b/slirp/src/ip_input.c
|
||||||
|
index 8c75d91..df1c846 100644
|
||||||
|
--- a/slirp/src/ip_input.c
|
||||||
|
+++ b/slirp/src/ip_input.c
|
||||||
|
@@ -292,6 +292,7 @@ static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp)
|
||||||
|
*/
|
||||||
|
while (q != (struct ipasfrag *)&fp->frag_link &&
|
||||||
|
ip->ip_off + ip->ip_len > q->ipf_off) {
|
||||||
|
+ struct ipasfrag *prev;
|
||||||
|
i = (ip->ip_off + ip->ip_len) - q->ipf_off;
|
||||||
|
if (i < q->ipf_len) {
|
||||||
|
q->ipf_len -= i;
|
||||||
|
@@ -299,9 +300,11 @@ static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp)
|
||||||
|
m_adj(dtom(slirp, q), i);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ prev = q;
|
||||||
|
q = q->ipf_next;
|
||||||
|
- m_free(dtom(slirp, q->ipf_prev));
|
||||||
|
- ip_deq(q->ipf_prev);
|
||||||
|
+ ip_deq(prev);
|
||||||
|
+ m_free(dtom(slirp, prev));
|
||||||
|
+
|
||||||
|
}
|
||||||
|
|
||||||
|
insert:
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -0,0 +1,107 @@
|
||||||
|
From df8fadfd9450c8709864db44c2f676d40f323f95 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||||
|
Date: Fri, 13 Sep 2019 14:12:25 +0100
|
||||||
|
Subject: [PATCH 2/4] block/create: Do not abort if a block driver is not
|
||||||
|
available
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Message-id: <20190913141225.12022-2-philmd@redhat.com>
|
||||||
|
Patchwork-id: 90451
|
||||||
|
O-Subject: [RHEL-7.7 qemu-kvm-rhev + RHEL-AV-8.1.0 qemu-kvm PATCH v2 1/1] block/create: Do not abort if a block driver is not available
|
||||||
|
Bugzilla: 1746267
|
||||||
|
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
RH-Acked-by: John Snow <jsnow@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
|
||||||
|
The 'blockdev-create' QMP command was introduced as experimental
|
||||||
|
feature in commit b0292b851b8, using the assert() debug call.
|
||||||
|
It got promoted to 'stable' command in 3fb588a0f2c, but the
|
||||||
|
assert call was not removed.
|
||||||
|
|
||||||
|
Some block drivers are optional, and bdrv_find_format() might
|
||||||
|
return a NULL value, triggering the assertion.
|
||||||
|
|
||||||
|
Stable code is not expected to abort, so return an error instead.
|
||||||
|
|
||||||
|
This is easily reproducible when libnfs is not installed:
|
||||||
|
|
||||||
|
./configure
|
||||||
|
[...]
|
||||||
|
module support no
|
||||||
|
Block whitelist (rw)
|
||||||
|
Block whitelist (ro)
|
||||||
|
libiscsi support yes
|
||||||
|
libnfs support no
|
||||||
|
[...]
|
||||||
|
|
||||||
|
Start QEMU:
|
||||||
|
|
||||||
|
$ qemu-system-x86_64 -S -qmp unix:/tmp/qemu.qmp,server,nowait
|
||||||
|
|
||||||
|
Send the 'blockdev-create' with the 'nfs' driver:
|
||||||
|
|
||||||
|
$ ( cat << 'EOF'
|
||||||
|
{'execute': 'qmp_capabilities'}
|
||||||
|
{'execute': 'blockdev-create', 'arguments': {'job-id': 'x', 'options': {'size': 0, 'driver': 'nfs', 'location': {'path': '/', 'server': {'host': '::1', 'type': 'inet'}}}}, 'id': 'x'}
|
||||||
|
EOF
|
||||||
|
) | socat STDIO UNIX:/tmp/qemu.qmp
|
||||||
|
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 1, "major": 4}, "package": "v4.1.0-733-g89ea03a7dc"}, "capabilities": ["oob"]}}
|
||||||
|
{"return": {}}
|
||||||
|
|
||||||
|
QEMU crashes:
|
||||||
|
|
||||||
|
$ gdb qemu-system-x86_64 core
|
||||||
|
Program received signal SIGSEGV, Segmentation fault.
|
||||||
|
(gdb) bt
|
||||||
|
#0 0x00007ffff510957f in raise () at /lib64/libc.so.6
|
||||||
|
#1 0x00007ffff50f3895 in abort () at /lib64/libc.so.6
|
||||||
|
#2 0x00007ffff50f3769 in _nl_load_domain.cold.0 () at /lib64/libc.so.6
|
||||||
|
#3 0x00007ffff5101a26 in .annobin_assert.c_end () at /lib64/libc.so.6
|
||||||
|
#4 0x0000555555d7e1f1 in qmp_blockdev_create (job_id=0x555556baee40 "x", options=0x555557666610, errp=0x7fffffffc770) at block/create.c:69
|
||||||
|
#5 0x0000555555c96b52 in qmp_marshal_blockdev_create (args=0x7fffdc003830, ret=0x7fffffffc7f8, errp=0x7fffffffc7f0) at qapi/qapi-commands-block-core.c:1314
|
||||||
|
#6 0x0000555555deb0a0 in do_qmp_dispatch (cmds=0x55555645de70 <qmp_commands>, request=0x7fffdc005c70, allow_oob=false, errp=0x7fffffffc898) at qapi/qmp-dispatch.c:131
|
||||||
|
#7 0x0000555555deb2a1 in qmp_dispatch (cmds=0x55555645de70 <qmp_commands>, request=0x7fffdc005c70, allow_oob=false) at qapi/qmp-dispatch.c:174
|
||||||
|
|
||||||
|
With this patch applied, QEMU returns a QMP error:
|
||||||
|
|
||||||
|
{'execute': 'blockdev-create', 'arguments': {'job-id': 'x', 'options': {'size': 0, 'driver': 'nfs', 'location': {'path': '/', 'server': {'host': '::1', 'type': 'inet'}}}}, 'id': 'x'}
|
||||||
|
{"id": "x", "error": {"class": "GenericError", "desc": "Block driver 'nfs' not found or not supported"}}
|
||||||
|
|
||||||
|
Cc: qemu-stable@nongnu.org
|
||||||
|
Reported-by: Xu Tian <xutian@redhat.com>
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Reviewed-by: Eric Blake <eblake@redhat.com>
|
||||||
|
Reviewed-by: John Snow <jsnow@redhat.com>
|
||||||
|
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
||||||
|
(cherry picked from commit d90d5cae2b10efc0e8d0b3cc91ff16201853d3ba)
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
block/create.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/block/create.c b/block/create.c
|
||||||
|
index 9534121..de5e97b 100644
|
||||||
|
--- a/block/create.c
|
||||||
|
+++ b/block/create.c
|
||||||
|
@@ -63,9 +63,13 @@ void qmp_blockdev_create(const char *job_id, BlockdevCreateOptions *options,
|
||||||
|
const char *fmt = BlockdevDriver_str(options->driver);
|
||||||
|
BlockDriver *drv = bdrv_find_format(fmt);
|
||||||
|
|
||||||
|
+ if (!drv) {
|
||||||
|
+ error_setg(errp, "Block driver '%s' not found or not supported", fmt);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* If the driver is in the schema, we know that it exists. But it may not
|
||||||
|
* be whitelisted. */
|
||||||
|
- assert(drv);
|
||||||
|
if (bdrv_uses_whitelist() && !bdrv_is_whitelisted(drv, false)) {
|
||||||
|
error_setg(errp, "Driver is not whitelisted");
|
||||||
|
return;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
From 6a7245ed7802dff5479228376a4119e095db33b2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Date: Wed, 11 Sep 2019 09:43:17 +0100
|
||||||
|
Subject: [PATCH 1/4] spapr/xive: Mask the EAS when allocating an IRQ
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
Message-id: <20190911094317.21266-1-lvivier@redhat.com>
|
||||||
|
Patchwork-id: 90392
|
||||||
|
O-Subject: [RHEL-AV-8.1.0 qemu-kvm PATCH] spapr/xive: Mask the EAS when allocating an IRQ
|
||||||
|
Bugzilla: 1748725
|
||||||
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
||||||
|
|
||||||
|
From: Cédric Le Goater <clg@kaod.org>
|
||||||
|
|
||||||
|
If an IRQ is allocated and not configured, such as a MSI requested by
|
||||||
|
a PCI driver, it can be saved in its default state and possibly later
|
||||||
|
on restored using the same state. If not initially MASKED, KVM will
|
||||||
|
try to find a matching priority/target tuple for the interrupt and
|
||||||
|
fail to restore the VM because 0/0 is not a valid target.
|
||||||
|
|
||||||
|
When allocating a IRQ number, the EAS should be set to a sane default :
|
||||||
|
VALID and MASKED.
|
||||||
|
|
||||||
|
Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
|
||||||
|
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
||||||
|
Message-Id: <20190813164420.9829-1-clg@kaod.org>
|
||||||
|
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
(cherry picked from commit f55750e4e4fb35b6a12c81c485f16494e2c61ad2)
|
||||||
|
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
|
||||||
|
|
||||||
|
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1748725
|
||||||
|
BRANCH: rhel-av-8.1.0/master-4.1.0
|
||||||
|
UPSTREAM: merged
|
||||||
|
BREW: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23451934
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/intc/spapr_xive.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
|
||||||
|
index 3ae311d..1f9c624 100644
|
||||||
|
--- a/hw/intc/spapr_xive.c
|
||||||
|
+++ b/hw/intc/spapr_xive.c
|
||||||
|
@@ -534,7 +534,10 @@ bool spapr_xive_irq_claim(SpaprXive *xive, uint32_t lisn, bool lsi)
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- xive->eat[lisn].w |= cpu_to_be64(EAS_VALID);
|
||||||
|
+ /*
|
||||||
|
+ * Set default values when allocating an IRQ number
|
||||||
|
+ */
|
||||||
|
+ xive->eat[lisn].w |= cpu_to_be64(EAS_VALID | EAS_MASKED);
|
||||||
|
if (lsi) {
|
||||||
|
xive_source_irq_set_lsi(xsrc, lisn);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -0,0 +1,92 @@
|
||||||
|
From df7d91dda24b27c89ff8ce1b9cc72c7ed7350be2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||||
|
Date: Fri, 13 Sep 2019 14:16:25 +0100
|
||||||
|
Subject: [PATCH 3/4] virtio-blk: Cancel the pending BH when the dataplane is
|
||||||
|
reset
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Message-id: <20190913141625.12521-2-philmd@redhat.com>
|
||||||
|
Patchwork-id: 90453
|
||||||
|
O-Subject: [RHEL-7.7.z qemu-kvm-rhev + RHEL-8.1.0 qemu-kvm + RHEL-AV-8.1.0 qemu-kvm PATCH v2 1/1] virtio-blk: Cancel the pending BH when the dataplane is reset
|
||||||
|
Bugzilla: 1717321
|
||||||
|
RH-Acked-by: John Snow <jsnow@redhat.com>
|
||||||
|
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
|
||||||
|
|
||||||
|
When 'system_reset' is called, the main loop clear the memory
|
||||||
|
region cache before the BH has a chance to execute. Later when
|
||||||
|
the deferred function is called, some assumptions that were
|
||||||
|
made when scheduling them are no longer true when they actually
|
||||||
|
execute.
|
||||||
|
|
||||||
|
This is what happens using a virtio-blk device (fresh RHEL7.8 install):
|
||||||
|
|
||||||
|
$ (sleep 12.3; echo system_reset; sleep 12.3; echo system_reset; sleep 1; echo q) \
|
||||||
|
| qemu-system-x86_64 -m 4G -smp 8 -boot menu=on \
|
||||||
|
-device virtio-blk-pci,id=image1,drive=drive_image1 \
|
||||||
|
-drive file=/var/lib/libvirt/images/rhel78.qcow2,if=none,id=drive_image1,format=qcow2,cache=none \
|
||||||
|
-device virtio-net-pci,netdev=net0,id=nic0,mac=52:54:00:c4:e7:84 \
|
||||||
|
-netdev tap,id=net0,script=/bin/true,downscript=/bin/true,vhost=on \
|
||||||
|
-monitor stdio -serial null -nographic
|
||||||
|
(qemu) system_reset
|
||||||
|
(qemu) system_reset
|
||||||
|
(qemu) qemu-system-x86_64: hw/virtio/virtio.c:225: vring_get_region_caches: Assertion `caches != NULL' failed.
|
||||||
|
Aborted
|
||||||
|
|
||||||
|
(gdb) bt
|
||||||
|
Thread 1 (Thread 0x7f109c17b680 (LWP 10939)):
|
||||||
|
#0 0x00005604083296d1 in vring_get_region_caches (vq=0x56040a24bdd0) at hw/virtio/virtio.c:227
|
||||||
|
#1 0x000056040832972b in vring_avail_flags (vq=0x56040a24bdd0) at hw/virtio/virtio.c:235
|
||||||
|
#2 0x000056040832d13d in virtio_should_notify (vdev=0x56040a240630, vq=0x56040a24bdd0) at hw/virtio/virtio.c:1648
|
||||||
|
#3 0x000056040832d1f8 in virtio_notify_irqfd (vdev=0x56040a240630, vq=0x56040a24bdd0) at hw/virtio/virtio.c:1662
|
||||||
|
#4 0x00005604082d213d in notify_guest_bh (opaque=0x56040a243ec0) at hw/block/dataplane/virtio-blk.c:75
|
||||||
|
#5 0x000056040883dc35 in aio_bh_call (bh=0x56040a243f10) at util/async.c:90
|
||||||
|
#6 0x000056040883dccd in aio_bh_poll (ctx=0x560409161980) at util/async.c:118
|
||||||
|
#7 0x0000560408842af7 in aio_dispatch (ctx=0x560409161980) at util/aio-posix.c:460
|
||||||
|
#8 0x000056040883e068 in aio_ctx_dispatch (source=0x560409161980, callback=0x0, user_data=0x0) at util/async.c:261
|
||||||
|
#9 0x00007f10a8fca06d in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
|
||||||
|
#10 0x0000560408841445 in glib_pollfds_poll () at util/main-loop.c:215
|
||||||
|
#11 0x00005604088414bf in os_host_main_loop_wait (timeout=0) at util/main-loop.c:238
|
||||||
|
#12 0x00005604088415c4 in main_loop_wait (nonblocking=0) at util/main-loop.c:514
|
||||||
|
#13 0x0000560408416b1e in main_loop () at vl.c:1923
|
||||||
|
#14 0x000056040841e0e8 in main (argc=20, argv=0x7ffc2c3f9c58, envp=0x7ffc2c3f9d00) at vl.c:4578
|
||||||
|
|
||||||
|
Fix this by cancelling the BH when the virtio dataplane is stopped.
|
||||||
|
|
||||||
|
[This is version of the patch was modified as discussed with Philippe on
|
||||||
|
the mailing list thread.
|
||||||
|
--Stefan]
|
||||||
|
|
||||||
|
Reported-by: Yihuang Yu <yihyu@redhat.com>
|
||||||
|
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
Fixes: https://bugs.launchpad.net/qemu/+bug/1839428
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Message-Id: <20190816171503.24761-1-philmd@redhat.com>
|
||||||
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||||
|
(cherry picked from commit ebb6ff25cd888a52a64a9adc3692541c6d1d9a42)
|
||||||
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||||
|
---
|
||||||
|
hw/block/dataplane/virtio-blk.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
|
||||||
|
index 158c78f..5fea76d 100644
|
||||||
|
--- a/hw/block/dataplane/virtio-blk.c
|
||||||
|
+++ b/hw/block/dataplane/virtio-blk.c
|
||||||
|
@@ -297,6 +297,9 @@ void virtio_blk_data_plane_stop(VirtIODevice *vdev)
|
||||||
|
virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ qemu_bh_cancel(s->bh);
|
||||||
|
+ notify_guest_bh(s); /* final chance to notify guest */
|
||||||
|
+
|
||||||
|
/* Clean up guest notifier (irq) */
|
||||||
|
k->set_guest_notifiers(qbus->parent, nvqs, false);
|
||||||
|
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
|
@ -67,7 +67,7 @@ Obsoletes: %1-rhev
|
||||||
Summary: QEMU is a machine emulator and virtualizer
|
Summary: QEMU is a machine emulator and virtualizer
|
||||||
Name: qemu-kvm
|
Name: qemu-kvm
|
||||||
Version: 4.1.0
|
Version: 4.1.0
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
|
||||||
Epoch: 15
|
Epoch: 15
|
||||||
License: GPLv2 and GPLv2+ and CC-BY
|
License: GPLv2 and GPLv2+ and CC-BY
|
||||||
|
@ -190,6 +190,14 @@ Patch53: kvm-migration-update-ram_counters-for-multifd-sync-packe.patch
|
||||||
Patch54: kvm-spapr-pci-Consolidate-de-allocation-of-MSIs.patch
|
Patch54: kvm-spapr-pci-Consolidate-de-allocation-of-MSIs.patch
|
||||||
# For bz#1750200 - [RHEL8.1][QEMU4.1]boot up guest with vf device,then system_reset guest,error prompt(qemu-kvm: Can't allocate MSIs for device 2800: IRQ 4904 is not free)
|
# For bz#1750200 - [RHEL8.1][QEMU4.1]boot up guest with vf device,then system_reset guest,error prompt(qemu-kvm: Can't allocate MSIs for device 2800: IRQ 4904 is not free)
|
||||||
Patch55: kvm-spapr-pci-Free-MSIs-during-reset.patch
|
Patch55: kvm-spapr-pci-Free-MSIs-during-reset.patch
|
||||||
|
# For bz#1748725 - [ppc][migration][v6.3-rc1-p1ce8930]basic migration failed with "qemu-kvm: KVM_SET_DEVICE_ATTR failed: Group 3 attr 0x0000000000001309: Device or resource busy"
|
||||||
|
Patch56: kvm-spapr-xive-Mask-the-EAS-when-allocating-an-IRQ.patch
|
||||||
|
# For bz#1746267 - qemu coredump: qemu-kvm: block/create.c:68: qmp_blockdev_create: Assertion `drv' failed
|
||||||
|
Patch57: kvm-block-create-Do-not-abort-if-a-block-driver-is-not-a.patch
|
||||||
|
# For bz#1717321 - qemu-kvm core dumped when repeat "system_reset" multiple times during guest boot
|
||||||
|
Patch58: kvm-virtio-blk-Cancel-the-pending-BH-when-the-dataplane-.patch
|
||||||
|
# For bz#1749737 - CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-av-8]
|
||||||
|
Patch59: kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch
|
||||||
|
|
||||||
BuildRequires: wget
|
BuildRequires: wget
|
||||||
BuildRequires: rpm-build
|
BuildRequires: rpm-build
|
||||||
|
@ -1131,6 +1139,20 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 16 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-10.el8
|
||||||
|
- kvm-spapr-xive-Mask-the-EAS-when-allocating-an-IRQ.patch [bz#1748725]
|
||||||
|
- kvm-block-create-Do-not-abort-if-a-block-driver-is-not-a.patch [bz#1746267]
|
||||||
|
- kvm-virtio-blk-Cancel-the-pending-BH-when-the-dataplane-.patch [bz#1717321]
|
||||||
|
- kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749737]
|
||||||
|
- Resolves: bz#1717321
|
||||||
|
(qemu-kvm core dumped when repeat "system_reset" multiple times during guest boot)
|
||||||
|
- Resolves: bz#1746267
|
||||||
|
(qemu coredump: qemu-kvm: block/create.c:68: qmp_blockdev_create: Assertion `drv' failed)
|
||||||
|
- Resolves: bz#1748725
|
||||||
|
([ppc][migration][v6.3-rc1-p1ce8930]basic migration failed with "qemu-kvm: KVM_SET_DEVICE_ATTR failed: Group 3 attr 0x0000000000001309: Device or resource busy")
|
||||||
|
- Resolves: bz#1749737
|
||||||
|
(CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-av-8])
|
||||||
|
|
||||||
* Tue Sep 10 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-9.el8
|
* Tue Sep 10 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-9.el8
|
||||||
- kvm-migration-always-initialise-ram_counters-for-a-new-m.patch [bz#1734316]
|
- kvm-migration-always-initialise-ram_counters-for-a-new-m.patch [bz#1734316]
|
||||||
- kvm-migration-add-qemu_file_update_transfer-interface.patch [bz#1734316]
|
- kvm-migration-add-qemu_file_update_transfer-interface.patch [bz#1734316]
|
||||||
|
|
Loading…
Reference in New Issue