QEMU development tree https://git.zx2c4.com/qemu/atom/?h=master 2024-09-03T16:18:43Z 2024-09-03T16:18:43Z Richard Henderson richard.henderson@linaro.org 2024-09-03T16:18:43Z urn:sha1:e638d685ec2a0700fb9529cbd1b2823ac4120c53 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2024-09-03T16:18:26Z Richard Henderson richard.henderson@linaro.org 2024-09-03T16:18:26Z urn:sha1:fd1952d814da738ed107e05583b3e02ac11e88ff Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2024-08-28T12:28:42Z Richard Henderson richard.henderson@linaro.org 2024-08-28T12:28:42Z urn:sha1:cec99171931ea79215c79661d33423ac84e63b6e Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2024-08-27T21:16:03Z Richard Henderson richard.henderson@linaro.org 2024-08-27T21:16:03Z urn:sha1:23e67bd74021c47107c93622ac9b342df8291c9b QAPI patches patches for 2024-08-27 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmbNnv8SHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZTnfsP+gNO5z7mSHypAD/oGIfYD+HnBrpMK1bL # WIOH9hLiHEZmMH978WBuKH0Ry8mhEoSNi0jQBB67IzGD4qItSYOSUEfsNBL/VpOG # lfR8hIt/akdXshrAXB7zJ0D0phnXh93asUIjNpSQkItYxHkO+OphDBPU+anQy2oi # 71F8z1GSb8DP6rGgcSA7UXq0WUUERdLMrDz8++UAO2hQq9tvQvfNdRh3kTHWZMIP # urha0Qo6HEGsucQboLaBdJVDdJpkr+offr13CpOrNMFLxZWsnXnsJb3ym+svL4JV # 8jLp+QAcfomwvaWpNMlFBlgXoHMDkl8T0qhhp598aGdloc6iv9lHipeQOmi541QD # O/j6sEU4uQ6W3LjPodg/nfHhAyxJ/fI9dKbCVLcSLWHCXbc/yvV623EEWasJIFNE # lRykAWcZlUvX7UwKfkmqPUutZu1IFhPhSYKOdvw8NZ/llqUOgHcPA50q6wGdkMWC # wPlhkijo7VGOJf1XJqA9xWuUYikCoBg5mLituzyaCBYlkOv2QBLnj0Yogi2dv79L # x/tn5/2vDW6tlerCfvF/q5piwXzkDp7KS3i1YRuxnWvbD+b8VAjb7y/7QETpVWXU # 7fWDIWm5Op7c5KBcj5i/NbI8/guVnvBWsVWXtrJZU9E8vqivC7v93riFOUx3y/Qr # oBnbTwGgdilh # =GPSn # -----END PGP SIGNATURE----- # gpg: Signature made Tue 27 Aug 2024 07:40:15 PM AEST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] * tag 'pull-qapi-2024-08-27' of https://repo.or.cz/qemu/armbru: docs/sphinx: fix extra stuff in TOC after freeform QMP sections Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2024-08-27T09:10:58Z John Snow jsnow@redhat.com 2024-08-22T20:48:03Z urn:sha1:43e0d14ee09a0565adcf4ce5f35be79695958fb0 Freeform sections with titles are currently generating a TOC entry for the first paragraph in the section after the header, which is not what we want. (Easiest to observe directly in the QMP reference manual's "Introduction" section.) When freeform sections are parsed, we create both a section header *and* an empty, title-less section. This causes some problems with sphinx's post-parse tree transforms, see also 2664f317 - this is a similar issue: Sphinx doesn't like section-less titles and it also doesn't like title-less sections. Modify qapidoc.py to parse text directly into the preceding section title as child nodes, eliminating the section duplication. This removes the extra text from the TOC. Only very, very lightly tested: "it looks right at a glance" :tm:. I am still in the process of rewriting qapidoc, so I didn't give it much deeper thought. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Message-ID: <20240822204803.1649762-1-jsnow@redhat.com> 2024-08-26T21:06:42Z Richard Henderson richard.henderson@linaro.org 2024-08-26T21:06:42Z urn:sha1:afaee42f777bc359db95f692804f7fc7e12c0c02 NBD patches for 2024-08-26 - One more patch for CVE-2024-7409 (use-after-free on nbd-server-stop) # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmbMh9MACgkQp6FrSiUn # Q2ovfAf/TyHYtJUwSAQ3dgn4PlTym4FqN8CXa+EJQR9xSLJ5jAX3QgLBieUiIT31 # AFr9W6eqWNz4NksbeoHdwZVqUlkGJFsfiyTOK93k4/fYQdTbqSHPwo2FYlOXqdJB # bZN10zEvd7YRMrxTjGyPxNFCm2iIMZy8uEerOrY9hV1PVULHg6u3Pu8a6El4BK8k # k5S0SwluTkUkBLbqtEC6fHjdfFFr/dC8IB11Ly8FdxKHixIaUTVsZ20guNM0Q5Ca # kU2em2PcroDq3B0x3linD3xh3pVmlHdb4H+9runmGPnpJj5wjPL35aDzlU7GCT3B # kEGX5VzOJOJUXoHVyYrvJCD4I7YgMw== # =ZDYx # -----END PGP SIGNATURE----- # gpg: Signature made Mon 26 Aug 2024 11:49:07 PM AEST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] * tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb: nbd/server: CVE-2024-7409: Avoid use-after-free when closing server Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2024-08-26T13:42:42Z Eric Blake eblake@redhat.com 2024-08-22T14:35:29Z urn:sha1:3874f5f73c441c52f1c699c848d463b0eda01e4c Commit 3e7ef738 plugged the use-after-free of the global nbd_server object, but overlooked a use-after-free of nbd_server->listener. Although this race is harder to hit, notice that our shutdown path first drops the reference count of nbd_server->listener, then triggers actions that can result in a pending client reaching the nbd_blockdev_client_closed() callback, which in turn calls qio_net_listener_set_client_func on a potentially stale object. If we know we don't want any more clients to connect, and have already told the listener socket to shut down, then we should not be trying to update the listener socket's associated function. Reproducer: > #!/usr/bin/python3 > > import os > from threading import Thread > > def start_stop(): > while 1: > os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-start", +"arguments":{"addr":{"type":"unix","data":{"path":"/tmp/nbd-sock"}}}}\'') > os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-stop"}\'') > > def nbd_list(): > while 1: > os.system('/path/to/build/qemu-nbd -L -k /tmp/nbd-sock') > > def test(): > sst = Thread(target=start_stop) > sst.start() > nlt = Thread(target=nbd_list) > nlt.start() > > sst.join() > nlt.join() > > test() Fixes: CVE-2024-7409 Fixes: 3e7ef738c8 ("nbd/server: CVE-2024-7409: Close stray clients at server-stop") CC: qemu-stable@nongnu.org Reported-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-ID: <20240822143617.800419-2-eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> 2024-08-26T11:13:46Z Richard Henderson richard.henderson@linaro.org 2024-08-26T11:13:46Z urn:sha1:594ff839486fca7d588e2a11e70515193ce3a9f0 * Disable the broken qtests in the MSYS2 CI job * Replace deprecated keyword in the Cirrus-CI scripts * Fix a simple leak in the migration-test qtest # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmbMTQ4RHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbWLcA//eRd0MWEZNsDO712KKf6PErd+zY9pI5Wg # 0Vc74ggY1HkID2blsnqmPWgjlgsXoEC0HaDSfvKkF9F64Wmqv1EciYsTCVOqJFAw # WPzUhdchLKSIgIDR/W8GFJgUZ7kaK5pk5PNZBJK5/3Febrd/TQK0hGcWHRqQoelY # moNDuSs2T49wSk1ODbNAkMXJ1xl/nBp6+rCM6ao6dSyHc5wbwEMv954XciyA4Sfy # 3lRwH33CED3wyNFxebqYBiEpF+UVGy1aK9TeSIgjQJ06lS458sm7flozZ+BQD3u9 # wRdtlPi/YTQKbzru0dsIDqzq//M3OfxAcnVZ6R8ThNN6vaj99PdgGCEuy/QWVCth # MKy0CiqtF/RDTgA8I6JPlNOFhS0bq4jXzDbGfZwQJpU5ZyYlSZnWc1I87BV8TdzJ # TNT+rej15NwcsYzr1N4o83FRfJz7snFJjV9fxU49SixNQbl+UKfcZMuwgqpa6NaH # LqL7ocI3QL4TUFk1wqlzQZ9H8iIrCQQCE2Tu7PFgRsfGw7y38Csq101NL/6ABElN # chMTjTHubmi6+VEy4E2t1jpXd1kjoZWTigCFyLet3zIgZQAlz9RELEyYGO9r5h3f # T1KmkC10ANknd3DTNV3WH51WSlDonVHWycQUq1pvdr2HBLsVsekxIIWM8HZCK7aj # 9abyOkdKcpE= # =EjoS # -----END PGP SIGNATURE----- # gpg: Signature made Mon 26 Aug 2024 07:38:22 PM AEST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] * tag 'pull-request-2024-08-26' of https://gitlab.com/thuth/qemu: tests/qtest: Delete previous boot file .gitlab-ci.d/windows.yml: Disable the qtests in the MSYS2 job gitlab-ci: Replace build_script -> step_script in Cirrus jobs Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2024-08-26T08:58:11Z Akihiko Odaki akihiko.odaki@daynix.com 2024-08-23T06:13:12Z urn:sha1:aee07f2563d27167935ae3557a9f435937eb3f9f A test run may create boot files several times. Delete the previous boot file before creating a new one. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-ID: <20240823-san-v4-7-a24c6dfa4ceb@daynix.com> Signed-off-by: Thomas Huth <thuth@redhat.com> 2024-08-26T08:58:00Z Thomas Huth thuth@redhat.com 2024-08-20T17:01:42Z urn:sha1:8f97deb99c8b48a34322b5e21e8dc061855551a4 The qtests are broken since a while in the MSYS2 job in the gitlab-CI, likely due to some changes in the MSYS2 environment. So far nobody has neither a clue what's going wrong here, nor an idea how to fix this (in fact most QEMU developers even don't have a Windows environment available for properly analyzing this problem), so we should disable the qtests here for the time being to get at least test coverage again for the remaining tests that are run here. Since we already get compile-test coverage for the system emulation in the cross-win64-system job, and since the MSYS2 job is one of the longest running jobs in our CI (it takes more than 1 hour to complete), let's seize the opportunity and also cut the run time by disabling the system emulation completely here, including the libraries that are only useful for system emulation. In case somebody ever figures out the failure of the qtests on MSYS2, we can revert this patch to get everything back. Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20240820170142.55324-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>