Commit Graph

110 Commits

Author SHA1 Message Date
Thomas Lamprecht
6402d96100 update submodule and patches for 4.2.0
The long overdue nice rebase+cleanup was done by Dietmar

Originally-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-11 07:26:21 +01:00
Oguz Bektas
284d3b2cab security patches for libslirp CVE-2020-8608
original commits and email can be found here[0]

A out-of-bounds heap buffer access issue was found in the SLiRP
networking implementation of the QEMU emulator. It occurs in tcp_emu()
routine while emulating IRC and other protocols due to unsafe usage of
snprintf(3) function.

A user/process could use this flaw to crash the Qemu process on the host
resulting in DoS or potentially execute arbitrary code with privileges
of the QEMU process on the host.

[0]: https://seclists.org/oss-sec/2020/q1/64

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-03-06 15:17:29 +01:00
Oguz Bektas
ee8bd5bfbe add patch for CVE-2019-20382 (vnc disconnect memory leak)
oss-security email can be found here[0]

upstream commit here[1]

this effects our vncproxy. dominik and me tested if the issue is present
on our branch and it appears that it is.
in essence when we disconnect from a vnc connection, the memory isn't
free'd afterwards which causes the qemu process to use more and more
memory with each disconnect, which could lead to a dos scenario.

we tested the patch and it seems to mitigate the problem.

[0]: https://seclists.org/oss-sec/2020/q1/105
[1]: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0

Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2020-03-05 13:34:29 +01:00
Dietmar Maurer
84403c2d53 improve qemu backup by reducing lock contention
- reducing lock contention by using CoRwLock
- correctly call aio_wait_kick()
2020-02-18 10:47:21 +01:00
Thomas Lamprecht
2c67b15290 followup: fix indentation
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-01-25 16:17:23 +01:00
Tim Marx
f47a9db42a fix hmp info backup command
Signed-off-by: Tim Marx <t.marx@proxmox.com>
2020-01-25 16:09:47 +01:00
Thomas Lamprecht
9714cead2c grammar fix: s/does not exists/does not exist/g
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-12-13 12:10:51 +01:00
Stefan Reiter
d090eaa209 fix #2486: include fix for disk hot-resize regression (w/ iothread=1)
See: https://lists.nongnu.org/archive/html/qemu-devel/2019-09/msg03201.html

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-25 13:50:28 +01:00
Thomas Lamprecht
a0866d18a5 fixup patch author
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-25 11:49:06 +01:00
Thomas Lamprecht
ac2969b218 allow to pass PVE version to machine
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-25 09:12:48 +01:00
Thomas Lamprecht
99b86f4f9d handle virtio-balloon cfg size compat with our 4.0 machines
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-22 10:07:39 +01:00
Thomas Lamprecht
917265984c update diffs/indexes from patches
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-22 10:07:39 +01:00
Stefan Reiter
1dc952cf51 Update and rebase to QEMU 4.1.1
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-21 07:59:09 +01:00
Stefan Reiter
a9b8206ded Apply fixups for 4.1
* Fix VMA tool build
* Change PVE code to new blockjob API
* Acquire missing lock for block_job_add_bdrv

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-21 07:59:05 +01:00
Stefan Reiter
be901f6656 Update and rebase to QEMU 4.1
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2019-11-21 07:58:57 +01:00
Wolfgang Bumiller
d4824fa37a fix backup speed regression
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-04 14:23:17 +01:00
Thomas Lamprecht
22ff24871d various small pve backup co-routine related fixes
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-30 16:03:56 +01:00
Thomas Lamprecht
a5db0e22d7 backup: add various cleanups
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-24 08:49:09 +02:00
Thomas Lamprecht
cbb547903c run backup related code inside co-routines and improve locking
Patches-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-23 09:14:51 +02:00
Thomas Lamprecht
b8d43c594b update sources for v4.0.1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-10-22 09:52:03 +02:00
Dietmar Maurer
69cb18950a fix #1071: use correct AioContext to cope with IOThreads
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2019-10-21 15:51:43 +02:00
Wolfgang Bumiller
23ea029343 disable oob again
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-10-10 11:03:20 +02:00
Wolfgang Bumiller
3b1986f02f merge monitor oob fixup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-10-02 10:16:40 +02:00
Wolfgang Bumiller
d09c80068a merge fix for CVE-2019-14378
merge: slirp: Fix heap overflow in ip_reass on big packet input

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-08-05 11:22:10 +02:00
Wolfgang Bumiller
99c47abaac update live migration patches
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-11 09:34:03 +02:00
Thomas Lamprecht
d5699f0388 virtio-balloon: use smaller config on older guests
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-07-04 16:14:49 +02:00
Thomas Lamprecht
b855dce76d update patches for v4.0.0
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-06-25 11:39:54 +02:00
Oguz Bektas
9be61fa466 add fixes for intel MDS CVEs
fixes for:
* CVE-2018-12126
* CVE-2018-12127
* CVE-2018-12130
* CVE-2019-11091

adds the md-clear cpuflag.

Not included by default in any Intel CPU model.

Must be explicitly turned on for all Intel CPU models.

Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-06-05 14:21:44 +02:00
Wolfgang Bumiller
c36c53f829 merge: make file locking optional also on creation
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-26 09:18:00 +02:00
Wolfgang Bumiller
0775f12b63 bump version to 3.0.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-19 10:32:03 +02:00
Wolfgang Bumiller
53e83913af bump version to 3.0.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-09-07 14:52:23 +02:00
Wolfgang Bumiller
9b05d1d427 bump version to 2.11.2-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-09 10:06:27 +02:00
Wolfgang Bumiller
e220dcddbc merge: vma & rbd changes
vma: remove forced NO_FLUSH option
rbd: fix cache mode behavior
vma: add cache option to device map

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-04-05 11:04:11 +02:00
Alexandre Derumier
46598e97c3 qemu-img : add -n option to dd to skip destination image create 2018-03-21 15:34:39 +01:00
Wolfgang Bumiller
c854115a5f merge: qemu-img dd: add isize parameter
to write small images from stdin to bigger destinations

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-23 10:33:09 +01:00
Wolfgang Bumiller
23f2c0ccb0 reapply: vma: add throttling options to drive mapping fifo protocol
This one got lost when rebasing

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-22 17:15:45 +01:00
Wolfgang Bumiller
6838f03890 bump version to 2.11.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-22 12:40:28 +01:00
Wolfgang Bumiller
507c6de3ce merge EPYC and EPYC-IPBP cpu models
and a patch format cleanup round

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:40:26 +01:00
Wolfgang Bumiller
b07d2367db vma: add throttling options to drive mapping fifo protocol
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:39:42 +01:00
Wolfgang Bumiller
23102ed6dc patch cleanup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-19 10:38:54 +01:00
Alexandre Derumier
b45e13fe5c fix qemu 2.9 drive mirroring to nbd target
cherry pick from qemu-kvm-ev-2.9.0-16.el7_4.11.1
https://cbs.centos.org/koji/buildinfo?buildID=21003

Tue Jun 13 2017 Miroslav Rezanina <mrezanin@redhat.com> - rhev-2.9.0-10.el7

- kvm-nbd-make-it-thread-safe-fix-qcow2-over-nbd.patch [bz#1454582]

Tue Aug 15 2017 Miroslav Rezanina <mrezanin@redhat.com> - rhev-2.9.0-16.el7_4.4
- kvm-nbd-strict-nbd_wr_syncv.patch [bz#1467509]
- kvm-nbd-read_sync-and-friends-return-0-on-success.patch [bz#1467509]
- kvm-nbd-make-nbd_drop-public.patch [bz#1467509]
- kvm-nbd-server-get-rid-of-nbd_negotiate_read-and-friends.patch [bz#1467509]

Mon Oct 09 2017 Miroslav Rezanina <mrezanin@redhat.com> - rhev-2.9.0-16.el7_4.9
- kvm-nbd-client-Fix-regression-when-server-sends-garbage.patch [bz#1495474]
- kvm-fix-build-failure-in-nbd_read_reply_entry.patch [bz#1495474]
- kvm-nbd-client-avoid-spurious-qio_channel_yield-re-entry.patch [bz#1495474]
- kvm-nbd-client-avoid-read_reply_co-entry-if-send-failed.patch [bz#1495474]
- kvm-qemu-iotests-improve-nbd-fault-injector.py-startup-p.patch [bz#1495474]
- kvm-qemu-iotests-test-NBD-over-UNIX-domain-sockets-in-08.patch [bz#1495474]
- kvm-block-nbd-client-nbd_co_send_request-fix-return-code.patch [bz#1495474]
- Resolves: bz#1495474
2018-02-08 10:12:21 +01:00
Wolfgang Bumiller
22ea5045c3 fix #1642: merge: ratelimit: don't align wait time with slices
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-02-08 10:03:10 +01:00
Wolfgang Bumiller
3dcc8d3ba2 merge SPEC_CTRL MSR and -IBRS CPU model patches
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-01-15 15:26:07 +01:00
Wolfgang Bumiller
e49090106b merge gluster fixes
* block/gluster: glfs_lseek() workaround
     https://bugzilla.redhat.com/show_bug.cgi?id=1425293
     https://bugzilla.redhat.com/show_bug.cgi?id=1451191

* gluster: add support for PREALLOC_MODE_FALLOC

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-06 11:46:25 +01:00
Wolfgang Bumiller
c25a222062 merge CVE-2017-17381 fix and backup race condition fix
* CVE-2017-17381: virtio: divide by zero exception while updating rings
* race condition when issuing a 'backup-stop' command

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-12-06 09:06:59 +01:00
Wolfgang Bumiller
c53dfb5728 bump version to 2.9.1-3 2017-11-29 10:15:04 +01:00
Wolfgang Bumiller
fb8b489c87 fix #1107: merge: virtio: fix descriptor counting in virtqueue_pop 2017-10-16 09:54:18 +02:00
Wolfgang Bumiller
ddbcf45e51 bump version to 2.9.1-1 2017-09-08 09:44:31 +02:00
Wolfgang Bumiller
507c2194b2 cleanups & style fixups 2017-09-05 10:05:47 +02:00
Fabian Grünbichler
027092309e fix #1420: fix stop mode backup with virtio-blk
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2017-09-05 09:51:36 +02:00
Wolfgang Bumiller
2ab9b48ef8 vma: fix regression in backup with non-cluster-aligned sizes 2017-08-14 13:29:14 +02:00
Wolfgang Bumiller
e74c0f316d add CVE fixes
CVE-2017-7539:
   qemu-nbd crashes due to undefined I/O coroutine
 CVE-2017-11434:
   slirp: out-of-bounds read while parsing dhcp options
 CVE-2017-11334:
   exec: oob access during dma operation
 CVE-2017-10806:
   usb-redirect: stack buffer overflow in debug logging
 CVE-2017-10664:
   qemu-nbd: server breaks with SIGPIPE upon client abort
 CVE-2017-9524:
   nbd: segmentation fault due to client non-negotiation
 CVE-2017-9503:
   scsi: null pointer dereference while processing megasas command
2017-08-07 10:32:32 +02:00
Wolfgang Bumiller
67af0fa481 rebased pve patches 2017-08-07 10:16:57 +02:00
Wolfgang Bumiller
3c6facff3f add qemu-img dd stdin/stdout pipe patch 2017-06-23 12:12:36 +02:00
Wolfgang Bumiller
90a6d95729 merge various stable fixes 2017-06-06 13:27:30 +02:00
Wolfgang Bumiller
f185a9695e update to 2.9.0 2017-04-21 11:08:44 +02:00
Wolfgang Bumiller
076b402685 update to 2.9.0-rc5 2017-04-19 12:11:00 +02:00
Wolfgang Bumiller
4516929316 bump version to 2.9.0-1~rc3 2017-04-05 12:15:08 +02:00
Wolfgang Bumiller
a544966dce update to 2.9.0-rc2 build files 2017-04-05 11:40:20 +02:00
Wolfgang Bumiller
9525982417 import stable-4 build files 2017-04-05 11:39:09 +02:00