Experimental fork of QEMU with video encoding patches https://git.openslx.org/bwlp/qemu.git/atom/hw/rdma/vmw?h=spice_video_codecs 2022-11-07T19:08:17+00:00 2022-11-07T19:08:17+00:00 Akihiko Odaki 2022-08-29T08:35:24+00:00 urn:sha1:15377f6e79cc6aa08dbafe82607e0bda13ca44b5 There were several different ways to deal with the situation where the vector specified for a msix function is out of bound: - early return a function and keep progresssing - propagate the error to the caller - mark msix unusable - assert it is in bound - just ignore An out-of-bound vector should not be specified if the device implementation is correct so let msix functions always assert that the specified vector is in range. An exceptional case is virtio-pci, which allows the guest to configure vectors. For virtio-pci, it is more appropriate to introduce its own checks because it is sometimes too late to check the vector range in msix functions. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20220829083524.143640-1-akihiko.odaki@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Signed-off-by: Akihiko Odaki &lt;<a href="mailto:akihiko.odaki@daynix.com" target="_blank">akihiko.odaki@daynix.com</a>&gt;<br> 2022-04-26T10:25:14+00:00 Yuval Shaia 2022-04-03T09:58:37+00:00 urn:sha1:46c1ea01312b13b8aa4da286c9d868fe9b702758 Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Message-Id: <20220403095837.2378-1-yuval.shaia.ml@gmail.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu> 2022-04-06T08:50:38+00:00 Marc-André Lureau 2022-03-23T15:57:22+00:00 urn:sha1:8e3b0cbb7212a1e5707ed2d4c26b4e3d2483768d Replace the global variables with inlined helper functions. getpagesize() is very likely annotated with a "const" function attribute (at least with glibc), and thus optimization should apply even better. This avoids the need for a constructor initialization too. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220323155743.1585078-12-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-03-21T14:44:44+00:00 Markus Armbruster 2022-03-15T14:41:56+00:00 urn:sha1:b21e2380376c470900fcadf47507f4d5ade75e85 g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Patch created mechanically with: $ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \ --macro-file scripts/cocci-macro-file.h FILES... Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20220315144156.1595462-4-armbru@redhat.com> Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> 2021-11-02T15:55:14+00:00 Daniel P. Berrangé 2021-09-08T09:35:43+00:00 urn:sha1:8dbbca5c056842d53498f643a15cac8593d51424 This is a counterpart to the HMP "info rdma" command. It is being added with an "x-" prefix because this QMP command is intended as an adhoc debugging tool and will thus not be modelled in QAPI as fully structured data, nor will it have long term guaranteed stability. The existing HMP command is rewritten to call the QMP command. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> 2021-07-04T19:47:51+00:00 Marcel Apfelbaum 2021-06-30T11:52:46+00:00 urn:sha1:66ae37d8cc313f89272e711174a846a229bcdbd3 Do not unmap uninitialized dma addresses. Fixes: CVE-2021-3608 Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Message-Id: <20210630115246.2178219-1-marcel@redhat.com> Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> 2021-07-04T19:47:51+00:00 Marcel Apfelbaum 2021-06-30T11:46:34+00:00 urn:sha1:32e5703cfea07c91e6e84bcb0313f633bb146534 Check the guest passed a non zero page count for pvrdma device ring buffers. Fixes: CVE-2021-3607 Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Message-Id: <20210630114634.2168872-1-marcel@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> 2021-07-04T19:47:51+00:00 Marcel Apfelbaum 2021-06-16T11:06:00+00:00 urn:sha1:284f191b4abad213aed04cb0458e1600fd18d7c4 Ensure mremap boundaries not trusting the guest kernel to pass the correct buffer length. Fixes: CVE-2021-3582 Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com> Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> 2021-06-02T04:51:09+00:00 Stefano Garzarella 2021-05-17T15:16:58+00:00 urn:sha1:d0fb9657a33dd3d1db1b492c4dcc7c778e40e5c0 Commit e50caf4a5c ("tracing: convert documentation to rST") converted docs/devel/tracing.txt to docs/devel/tracing.rst. We still have several references to the old file, so let's fix them with the following command: sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt) Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210517151702.109066-2-sgarzare@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> 2021-03-15T08:41:22+00:00 Cornelia Huck 2021-01-22T18:00:29+00:00 urn:sha1:3aa1b7af0f5fbfdf1b4759658e1445bda680b40d The pvrdma code relies on the pvrdma_ring.h kernel header for some basic ring buffer handling. The content of that header isn't very exciting, but contains some (q)atomic_*() invocations that (a) cause manual massaging when doing a headers update, and (b) are an indication that we probably should not be importing that header at all. Let's reimplement the ring buffer handling directly in the pvrdma code instead. This arguably also improves readability of the code. Importing the header can now be dropped. Signed-off-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>