[PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[Marcelo Tosatti]

The following changes since commit 748a4ee311b8353292e85851034cb917906aac14:
  Blue Swirl (1):
        sparc32: use FW_CFG_CMDLINE_SIZE

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master

Alex Williamson (1):
      kvm: Don't walk memory_size == 0 slots in kvm_client_migration_log

Gleb Natapov (1):
      kvm: remove guest triggerable abort()

 kvm-all.c |   19 +++++++------------
 1 files changed, 7 insertions(+), 12 deletions(-)

[PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[Marcelo Tosatti]

The following changes since commit 578c7b2ca8ee9e97fa8693b1a83d517e8e3f962e:

  audio: fix integer overflow expression (2011-06-01 00:14:07 +0400)

are available in the git repository at:
  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master

Yang, Wei Y (1):
      kvm: Enable CPU SMEP feature

brillywu@viatech.com.cn (1):
      kvm: Add CPUID support for VIA CPU

 target-i386/cpu.h   |    9 ++++++-
 target-i386/cpuid.c |   66 +++++++++++++++++++++++++++++++++++++++++++++++++-
 target-i386/kvm.c   |   15 +++++++++++
 3 files changed, 87 insertions(+), 3 deletions(-)

[PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[Marcelo Tosatti]

The following changes since commit ce34cf72fe508b27a78f83c184142e8d1e6a048a:

  Merge remote-tracking branch 'awilliam/tags/vfio-pci-for-qemu-1.3.0-rc0' into staging (2012-11-14 08:53:40 -0600)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master

Jan Kiszka (1):
      kvm: Actually remove software breakpoints from list on cleanup

Marcelo Tosatti (1):
      acpi_piix4: fix migration of gpe fields

 hw/acpi_piix4.c |   50 ++++++++++++++++++++++++++++++++++++++++++++++----
 kvm-all.c       |    2 ++
 2 files changed, 48 insertions(+), 4 deletions(-)

[PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[Gleb Natapov]

The following changes since commit e376a788ae130454ad5e797f60cb70d0308babb6:

  Merge remote-tracking branch 'kwolf/for-anthony' into staging (2012-12-13 14:32:28 -0600)

are available in the git repository at:


  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master

for you to fetch changes up to 0a2a59d35cbabf63c91340a1c62038e3e60538c1:

  qemu-kvm/pci-assign: 64 bits bar emulation (2012-12-25 14:37:52 +0200)

----------------------------------------------------------------
Will Auld (1):
      target-i386: Enabling IA32_TSC_ADJUST for QEMU KVM guest VMs

Xudong Hao (1):
      qemu-kvm/pci-assign: 64 bits bar emulation

 hw/kvm/pci-assign.c   |   14 ++++++++++----
 target-i386/cpu.h     |    2 ++
 target-i386/kvm.c     |   14 ++++++++++++++
 target-i386/machine.c |   21 +++++++++++++++++++++
 4 files changed, 47 insertions(+), 4 deletions(-)

Re: [PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[Anthony Liguori]

Gleb Natapov <gleb@redhat.com> writes:

> The following changes since commit e376a788ae130454ad5e797f60cb70d0308babb6:
>
>   Merge remote-tracking branch 'kwolf/for-anthony' into staging (2012-12-13 14:32:28 -0600)
>
> are available in the git repository at:
>
>
>   git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master
>
> for you to fetch changes up to 0a2a59d35cbabf63c91340a1c62038e3e60538c1:
>
>   qemu-kvm/pci-assign: 64 bits bar emulation (2012-12-25 14:37:52 +0200)
>

Pulled. Thanks.

Regards,

Anthony Liguori

> ----------------------------------------------------------------
> Will Auld (1):
>       target-i386: Enabling IA32_TSC_ADJUST for QEMU KVM guest VMs
>
> Xudong Hao (1):
>       qemu-kvm/pci-assign: 64 bits bar emulation
>
>  hw/kvm/pci-assign.c   |   14 ++++++++++----
>  target-i386/cpu.h     |    2 ++
>  target-i386/kvm.c     |   14 ++++++++++++++
>  target-i386/machine.c |   21 +++++++++++++++++++++
>  4 files changed, 47 insertions(+), 4 deletions(-)
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 0/2] [PULL] qemu-kvm.git uq/master queue

[Gleb Natapov]

The following changes since commit 1356b98d3e95a85071e6bf9a99e8799e1ae1bbee:

  sysbus: Drop sysbus_from_qdev() cast macro (2013-01-21 13:52:24 -0600)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master

for you to fetch changes up to f8bb056564ed719b2fa5e05028bc70aeb0cc5c6c:

  target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big (2013-01-29 08:57:56 +0200)

----------------------------------------------------------------
Igor Mammedov (1):
      target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big

Marcelo Tosatti (1):
      vmxcap: bit 9 of VMX_PROCBASED_CTLS2 is 'virtual interrupt delivery'

 scripts/kvm/vmxcap |    1 +
 target-i386/kvm.c  |   25 ++++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

[PATCH 1/2] vmxcap: bit 9 of VMX_PROCBASED_CTLS2 is 'virtual interrupt delivery'

[Gleb Natapov]

From: Marcelo Tosatti <mtosatti@redhat.com>

Bit 9 of MSR_IA32_VMX_PROCBASED_CTLS2 is
virtual interrupt delivery.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
---
 scripts/kvm/vmxcap |    1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap
index cbe6440..0b23f77 100755
--- a/scripts/kvm/vmxcap
+++ b/scripts/kvm/vmxcap
@@ -147,6 +147,7 @@ controls = [
             5: 'Enable VPID',
             6: 'WBINVD exiting',
             7: 'Unrestricted guest',
+            9: 'Virtual interrupt delivery',
             10: 'PAUSE-loop exiting',
             11: 'RDRAND exiting',
             12: 'Enable INVPCID',
-- 
1.7.10.4

[PATCH 2/2] target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big

[Gleb Natapov]

From: Igor Mammedov <imammedo@redhat.com>

Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().

reproduces with:
 qemu -enable-kvm -cpu qemu64,level=4294967295
or
 qemu -enable-kvm -cpu qemu64,xlevel=4294967295

Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 target-i386/kvm.c |   25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 3acff40..4ecb728 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -411,11 +411,12 @@ static void cpu_update_state(void *opaque, int running, RunState state)
     }
 }
 
+#define KVM_MAX_CPUID_ENTRIES  100
 int kvm_arch_init_vcpu(CPUState *cs)
 {
     struct {
         struct kvm_cpuid2 cpuid;
-        struct kvm_cpuid_entry2 entries[100];
+        struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES];
     } QEMU_PACKED cpuid_data;
     X86CPU *cpu = X86_CPU(cs);
     CPUX86State *env = &cpu->env;
@@ -502,6 +503,10 @@ int kvm_arch_init_vcpu(CPUState *cs)
     cpu_x86_cpuid(env, 0, 0, &limit, &unused, &unused, &unused);
 
     for (i = 0; i <= limit; i++) {
+        if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+            fprintf(stderr, "unsupported level value: 0x%x\n", limit);
+            abort();
+        }
         c = &cpuid_data.entries[cpuid_i++];
 
         switch (i) {
@@ -516,6 +521,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
             times = c->eax & 0xff;
 
             for (j = 1; j < times; ++j) {
+                if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+                    fprintf(stderr, "cpuid_data is full, no space for "
+                            "cpuid(eax:2):eax & 0xf = 0x%x\n", times);
+                    abort();
+                }
                 c = &cpuid_data.entries[cpuid_i++];
                 c->function = i;
                 c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC;
@@ -544,6 +554,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
                 if (i == 0xd && c->eax == 0) {
                     continue;
                 }
+                if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+                    fprintf(stderr, "cpuid_data is full, no space for "
+                            "cpuid(eax:0x%x,ecx:0x%x)\n", i, j);
+                    abort();
+                }
                 c = &cpuid_data.entries[cpuid_i++];
             }
             break;
@@ -557,6 +572,10 @@ int kvm_arch_init_vcpu(CPUState *cs)
     cpu_x86_cpuid(env, 0x80000000, 0, &limit, &unused, &unused, &unused);
 
     for (i = 0x80000000; i <= limit; i++) {
+        if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+            fprintf(stderr, "unsupported xlevel value: 0x%x\n", limit);
+            abort();
+        }
         c = &cpuid_data.entries[cpuid_i++];
 
         c->function = i;
@@ -569,6 +588,10 @@ int kvm_arch_init_vcpu(CPUState *cs)
         cpu_x86_cpuid(env, 0xC0000000, 0, &limit, &unused, &unused, &unused);
 
         for (i = 0xC0000000; i <= limit; i++) {
+            if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+                fprintf(stderr, "unsupported xlevel2 value: 0x%x\n", limit);
+                abort();
+            }
             c = &cpuid_data.entries[cpuid_i++];
 
             c->function = i;
-- 
1.7.10.4