mirror
/
qemu
mirror of https://gitlab.com/qemu-project/qemu
Code Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
stable-7.2
staging-7.2
stable-10.0
staging-10.0
stable-10.1
staging-10.1
staging
master
tracing
stable-9.2
staging-9.2
staging-8.2
stable-8.2
stable-9.1
staging-9.1
stable-9.0
staging-9.0
stable-8.1
staging-8.1
stable-8.0
staging-8.0
block
stable-6.1
stable-6.0
stable-5.0
stable-4.2
stable-4.1
stable-4.0
stable-3.1
stable-3.0
stable-2.12
stable-2.11
stable-2.10
stable-2.9
stable-2.8
stable-2.7
stable-2.6
stable-2.5
stable-2.4
stable-2.3
stable-2.2
stable-2.1
stable-2.0
stable-1.7
stable-1.6
stable-1.5
stable-1.4
stable-1.3
stable-1.2
stable-1.1
stable-1.0
stable-0.15
stable-0.14
stable-0.13
stable-0.12
stable-0.11
stable-0.10
v7.2.22
v10.0.7
v10.1.3
v10.2.0-rc2
v10.2.0-rc1
v10.0.6
v10.1.2
v7.2.21
v10.1.1
v10.0.5
v7.2.20
v10.0.4
v10.1.0
v10.1.0-rc4
v10.1.0-rc3
v10.1.0-rc2
v10.1.0-rc1
v10.1.0-rc0
v7.2.19
v10.0.3
v10.0.2
v10.0.1
v9.2.4
v7.2.18
v10.0.0
v10.0.0-rc4
v10.0.0-rc3
v10.0.0-rc2
v7.2.17
v8.2.10
v9.2.3
v10.0.0-rc1
v10.0.0-rc0
v9.2.2
v8.2.9
v7.2.16
v9.2.1
v9.1.3
v9.2.0
v9.2.0-rc3
v9.2.0-rc2
v9.1.2
v9.0.4
v8.2.8
v7.2.15
v9.2.0-rc1
v9.2.0-rc0
v9.1.1
v9.0.3
v8.2.7
v7.2.14
v9.1.0
v9.1.0-rc4
v9.1.0-rc3
v9.1.0-rc2
v9.1.0-rc1
v9.1.0-rc0
v9.0.2
v8.2.6
v7.2.13
v9.0.1
v8.2.5
v7.2.12
v8.2.4
v8.2.3
v7.2.11
v9.0.0
v9.0.0-rc4
v9.0.0-rc3
v9.0.0-rc2
v9.0.0-rc1
v9.0.0-rc0
v8.2.2
v7.2.10
v8.2.1
v8.1.5
v7.2.9
v8.1.4
v7.2.8
v8.2.0
v8.2.0-rc4
v8.2.0-rc3
v8.2.0-rc2
v8.2.0-rc1
v7.2.7
v8.1.3
v8.2.0-rc0
v8.1.2
v8.1.1
v7.2.6
v8.0.5
v8.1.0
v8.1.0-rc4
v8.1.0-rc3
v7.2.5
v8.0.4
v8.1.0-rc2
v8.1.0-rc1
v8.1.0-rc0
v8.0.3
v7.2.4
v8.0.2
v8.0.1
v7.2.3
v7.2.2
v8.0.0
v8.0.0-rc4
v8.0.0-rc3
v7.2.1
v8.0.0-rc2
v8.0.0-rc1
v8.0.0-rc0
v7.2.0
v7.2.0-rc4
v7.2.0-rc3
v7.2.0-rc2
v7.2.0-rc1
v7.2.0-rc0
v7.1.0
v7.1.0-rc4
v7.1.0-rc3
v7.1.0-rc2
v7.1.0-rc1
v7.1.0-rc0
v7.0.0
v7.0.0-rc4
v7.0.0-rc3
v7.0.0-rc2
v7.0.0-rc1
v7.0.0-rc0
v6.1.1
v6.2.0
v6.2.0-rc4
v6.2.0-rc3
v6.2.0-rc2
v6.2.0-rc1
v6.2.0-rc0
v6.0.1
v6.1.0
v6.1.0-rc4
v6.1.0-rc3
v6.1.0-rc2
v6.1.0-rc1
v6.1.0-rc0
v6.0.0
v6.0.0-rc5
v6.0.0-rc4
v6.0.0-rc3
v6.0.0-rc2
v6.0.0-rc1
v6.0.0-rc0
v5.2.0
v5.2.0-rc4
v5.2.0-rc3
v5.2.0-rc2
v5.2.0-rc1
v5.2.0-rc0
v5.0.1
v5.1.0
v5.1.0-rc3
v5.1.0-rc2
v5.1.0-rc1
v5.1.0-rc0
v4.2.1
v5.0.0
v5.0.0-rc4
v5.0.0-rc3
v5.0.0-rc2
v5.0.0-rc1
v5.0.0-rc0
v4.2.0
v4.2.0-rc5
v4.2.0-rc4
v4.2.0-rc3
v4.2.0-rc2
v4.1.1
v4.2.0-rc1
v4.2.0-rc0
v4.0.1
v3.1.1.1
v4.1.0
v4.1.0-rc5
v4.1.0-rc4
v3.1.1
v4.1.0-rc3
v4.1.0-rc2
v4.1.0-rc1
v4.1.0-rc0
v4.0.0
v4.0.0-rc4
v3.0.1
v4.0.0-rc3
v4.0.0-rc2
v4.0.0-rc1
v4.0.0-rc0
v3.1.0
v3.1.0-rc5
v3.1.0-rc4
v3.1.0-rc3
v3.1.0-rc2
v3.1.0-rc1
v3.1.0-rc0
v3.0.0
v3.0.0-rc4
v2.12.1
v3.0.0-rc3
v3.0.0-rc2
v3.0.0-rc1
v3.0.0-rc0
v2.11.2
v2.12.0
v2.12.0-rc4
v2.12.0-rc3
v2.12.0-rc2
v2.12.0-rc1
v2.12.0-rc0
v2.11.1
v2.10.2
v2.11.0
v2.11.0-rc5
v2.11.0-rc4
v2.11.0-rc3
v2.11.0-rc2
v2.11.0-rc1
v2.11.0-rc0
v2.10.1
v2.9.1
v2.10.0
v2.10.0-rc4
v2.10.0-rc3
v2.10.0-rc2
v2.10.0-rc1
v2.10.0-rc0
v2.8.1.1
v2.9.0
v2.9.0-rc5
v2.9.0-rc4
v2.9.0-rc3
v2.8.1
v2.9.0-rc2
v2.9.0-rc1
v2.9.0-rc0
v2.7.1
v2.8.0
v2.8.0-rc4
v2.8.0-rc3
v2.8.0-rc2
v2.8.0-rc1
v2.8.0-rc0
v2.6.2
v2.7.0
v2.7.0-rc5
v2.7.0-rc4
v2.6.1
v2.7.0-rc3
v2.7.0-rc2
v2.7.0-rc1
v2.7.0-rc0
v2.6.0
v2.5.1.1
v2.6.0-rc5
v2.6.0-rc4
v2.6.0-rc3
v2.6.0-rc2
v2.6.0-rc1
v2.6.0-rc0
v2.5.1
v2.5.0
v2.5.0-rc4
v2.5.0-rc3
v2.5.0-rc2
v2.5.0-rc1
v2.5.0-rc0
v2.4.1
v2.4.0.1
v2.3.1
v2.4.0
v2.4.0-rc4
v2.4.0-rc3
v2.4.0-rc2
v2.4.0-rc1
v2.4.0-rc0
v2.3.0
v2.3.0-rc4
v2.3.0-rc3
v2.3.0-rc2
v2.3.0-rc1
v2.3.0-rc0
v2.2.1
v2.1.3
v2.2.0
v2.2.0-rc5
v2.2.0-rc4
v2.2.0-rc3
v2.2.0-rc2
v2.2.0-rc1
v2.2.0-rc0
v2.1.2
v2.1.1
v2.1.0
v2.1.0-rc5
v2.1.0-rc4
v2.1.0-rc3
v2.1.0-rc2
v2.1.0-rc1
v2.1.0-rc0
v2.0.0
v2.0.0-rc3
v2.0.0-rc2
v2.0.0-rc1
v2.0.0-rc0
v1.4.0
v1.4.0-rc2
v1.4.0-rc1
v1.4.0-rc0
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.2.0-rc1
v1.0
v1.0-rc4
v0.14.1
initial
release_0_10_0
release_0_10_1
release_0_10_2
release_0_5_1
release_0_6_0
release_0_6_1
release_0_7_0
release_0_7_1
release_0_8_1
release_0_8_2
release_0_9_0
release_0_9_1
v0.1.0
v0.1.1
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.11.0
v0.11.0-rc0
v0.11.0-rc1
v0.11.0-rc2
v0.11.1
v0.12.0
v0.12.0-rc0
v0.12.0-rc1
v0.12.0-rc2
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.13.0
v0.13.0-rc0
v0.13.0-rc1
v0.13.0-rc2
v0.13.0-rc3
v0.14.0
v0.14.0-rc0
v0.14.0-rc1
v0.14.0-rc2
v0.15.0
v0.15.0-rc0
v0.15.0-rc1
v0.15.0-rc2
v0.15.1
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.8.1
v0.8.2
v0.9.0
v0.9.1
v1.0-rc0
v1.0-rc1
v1.0-rc2
v1.0-rc3
v1.0.1
v1.1-rc0
v1.1-rc1
v1.1-rc2
v1.1.0
v1.1.0-rc2
v1.1.0-rc3
v1.1.0-rc4
v1.1.1
v1.1.2
v1.2.0-rc0
v1.2.1
v1.2.2
v1.3.0
v1.3.0-rc0
v1.3.0-rc1
v1.3.0-rc2
v1.3.1
v1.4.1
v1.4.2
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.5.0-rc2
v1.5.0-rc3
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.2
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.0-rc2
v1.7.1
v1.7.2
v2.0.1
v2.0.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
qemu/hw/s390x
History
Thomas Huth e5cb62e7b6 hw/s390x: Fix a possible crash with passed-through virtio devices 
Consider the following nested setup: An L1 host uses some virtio device
(e.g. virtio-keyboard) for the L2 guest, and this L2 guest passes this
device through to the L3 guest. Since the L3 guest sees a virtio device,
it might send virtio notifications to the QEMU in L2 for that device.
But since the QEMU in L2 defined this device as vfio-ccw, the function
handle_virtio_ccw_notify() cannot handle this and crashes: It calls
virtio_ccw_get_vdev() that casts sch->driver_data into a VirtioCcwDevice,
but since "sch" belongs to a vfio-ccw device, that driver_data rather
points to a CcwDevice instead. So as soon as QEMU tries to use some
VirtioCcwDevice specific data from that device, we've lost.

We must not take virtio notifications for such devices. Thus fix the
issue by adding a check to the handle_virtio_ccw_notify() handler to
refuse all devices that are not our own virtio devices. Like in the
other branches that detect wrong settings, we return -EINVAL from the
function, which will later be placed in GPR2 to inform the guest about
the error.

Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Tested-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251118174047.73103-1-thuth@redhat.com>
 		2 weeks ago
..
3270-ccw.c qom: Have class_init() take a const data argument 7 months ago
Kconfig s390x: virtio-mem support 12 months ago
ap-bridge.c qom: Make InterfaceInfo[] uses const 7 months ago
ap-device.c qom: Have class_init() take a const data argument 7 months ago
ap-stub.c s390: implementing CHSC SEI for AP config change 6 months ago
ccw-device.c hw/s390x/ccw-device: Fix memory leak in loadparm setter 5 months ago
ccw-device.h hw/s390x: Restrict "loadparm" property to devices that can be used for booting 1 year ago
cpu-topology.c qapi: make s390x specific CPU commands unconditionally available 6 months ago
css-bridge.c qom: Make InterfaceInfo[] uses const 7 months ago
css.c include/system: Move exec/address-spaces.h to system/address-spaces.h 8 months ago
event-facility.c hw/s390x: add SCLP event type CPI 5 months ago
ipl.c hw/core/loader: capture Error from load_image_targphys 1 month ago
ipl.h target/s390x: Return UVC cmd code, RC and RRC value when DIAG 308 Subcode 10 fails to enter secure mode 7 months ago
meson.build hw/s390x: add SCLP event type CPI 5 months ago
s390-ccw.c qom: Have class_init() take a const data argument 7 months ago
s390-hypercall.c hw/s390x: Fix a possible crash with passed-through virtio devices 2 weeks ago
s390-hypercall.h s390x/s390-hypercall: introduce DIAG500 STORAGE_LIMIT 12 months ago
s390-pci-bus.c s390x/pci: set kvm_msi_via_irqfd_allowed 2 months ago
s390-pci-inst.c hw/s390x: Use memory_region_size() 1 month ago
s390-pci-kvm.c s390x/pci: refresh fh before disabling aif 2 years ago
s390-pci-vfio.c hw/vfio/types.h: rename TYPE_VFIO_PCI_BASE to TYPE_VFIO_PCI_DEVICE 2 months ago
s390-skeys-kvm.c qom: Have class_init() take a const data argument 7 months ago
s390-skeys.c qapi: remove the misc-target.json file 6 months ago
s390-stattrib-kvm.c hw/s390x/s390-stattrib: Include missing 'exec/target_page.h' header 2 months ago
s390-stattrib.c hw/s390x/s390-stattrib: Include missing 'exec/target_page.h' header 2 months ago
s390-virtio-ccw.c hw/s390x/ccw: Remove deprecated s390-ccw-virtio-4.2 machine 1 month ago
sclp.c hw/s390x/ccw: Remove SCLPDevice::increment_size field 1 month ago
sclpcpi.c qapi/machine-s390x: add QAPI event SCLP_CPI_INFO_AVAILABLE 1 month ago
sclpcpu.c qom: Have class_init() take a const data argument 7 months ago
sclpquiesce.c qom: Have class_init() take a const data argument 7 months ago
tod-kvm.c qom: Have class_init() take a const data argument 7 months ago
tod-tcg.c qom: Have class_init() take a const data argument 7 months ago
tod.c qom: Have class_init() take a const data argument 7 months ago
trace-events hw/s390x: Introduce s390_skeys_get|set() helpers 1 year ago
trace.h trace: switch position of headers to what Meson requires 5 years ago
vhost-scsi-ccw.c qom: Have class_init() take a const data argument 7 months ago
vhost-user-fs-ccw.c qom: Have class_init() take a const data argument 7 months ago
vhost-vsock-ccw.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-9p.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-balloon.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-blk.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-crypto.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-gpu.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-input.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-md-stubs.c s390x/virtio-ccw: add support for virtio based memory devices 12 months ago
virtio-ccw-md.c qom: Make InterfaceInfo[] uses const 7 months ago
virtio-ccw-md.h s390x/virtio-ccw: add support for virtio based memory devices 12 months ago
virtio-ccw-mem.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-mem.h s390x: virtio-mem support 12 months ago
virtio-ccw-net.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-rng.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-scsi.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw-serial.c qom: Have class_init() take a const data argument 7 months ago
virtio-ccw.c migration: Fix regression of passing error_fatal into vmstate_load_state() 1 month ago
virtio-ccw.h hw/s390/virtio-ccw: Convert to three-phase reset 1 year ago