* Fix CVE-2023-1544

* Deprecate the rdma code * Fix flaky npcm7xx_timer test * i2c-echo license statement and Kconfig switch * Disable the failing riscv64-debian-cross CI job by default -----BEGIN PGP SIGNATURE----- iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmUoI3IRHHRodXRoQHJl ZGhhdC5jb20ACgkQLtnXdP5wLbXl3A//dnuUf7cXrllZc9PyTRMg99c45DRrj058 e9iOIdQdMAxN8QQtG/6HHVGRBKP5q5LqcAHZE4DTbIxz9keyoVNQ7CiOL8Zm1GJx up5o/HGul8pAnlG0HrM21VJ6ZVSFW8j+50LQbxLTPOMdGAmzxBPvVIGonDOMBIJh GPMTFFbJcppSCY2i5ijZ1qmgWMjwErEdQ2kXxxWo5eczNUFT68A4UmQ4NzlA0DZ7 jG19+2DzigJxnLhYXIOPGCkKjVPcue7QjB1ka35ixU6AgQcW3WNrEwqVbf+FHNyN U1ONWqSTkpGlxB/3a+u/HecC4qN4bCRzVdfTNOArQpgNcc+NWr+jZlAoCZ9N72aH jZNfW4D1TcgLh+Etj2NWRJKe/2F8N03V/9sJta0eYekzwUqu15Lc1FhhG2zJUJzO QZxPik6J7PkxX28AoSLjyRx80g3V06eBh2YXqIZioZnbdRQrqX1GG7YpRk7YQRCF o77T85R64s/z/6GSvEee2f6e6c8O/WKMhLBBoI8fCN0TZVv5VlwHLipKxRQqUZIn +Iu/LpKsGtmQT259D+rqkCJMzdPFcc3S8e4MwWb8KMe3/rqZuGoCO3ecXQR+qto4 Gif0Z7T+us1hf6ExHDi+8FaRBMlbDpk1/Ebw1NvwcWqMaWipyeAY1yVmYzAMcQ9/ dm2e2YWb4mk= =aPMR -----END PGP SIGNATURE----- Merge tag 'pull-request-2023-10-12' of https://gitlab.com/thuth/qemu into staging * Fix CVE-2023-1544 * Deprecate the rdma code * Fix flaky npcm7xx_timer test * i2c-echo license statement and Kconfig switch * Disable the failing riscv64-debian-cross CI job by default * tag 'pull-request-2023-10-12' of https://gitlab.com/thuth/qemu: gitlab-ci: Disable the riscv64-debian-cross-container by default MAINTAINERS: Add include/sysemu/qtest.h to the qtest section hw/misc/Kconfig: add switch for i2c-echo hw/misc/i2c-echo: add copyright/license note tests/qtest: Fix npcm7xx_timer-test.c flaky test hw/rdma: Deprecate the pvrdma device and the rdma subsystem hw/pvrdma: Protect against buggy or malicious guest driver Conflicts: docs/about/deprecated.rst Context conflict between RISC-V and RDMA deprecation. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2024-07-21 10:24:33 +00:00 · 2023-10-16 12:35:21 -04:00 · 2023-10-16 12:35:21 -04:00 · 2a6299fb13
parent ce2f51697b f51f90c65e
commit 2a6299fb13
8 changed files with 46 additions and 3 deletions
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@ -95,6 +95,7 @@ riscv64-debian-cross-container:
  allow_failure: true
  variables:
    NAME: debian-riscv64-cross
+    QEMU_JOB_OPTIONAL: 1

 # we can however build TCG tests using a non-sid base
 riscv64-debian-test-cross-container:
--- a/3
+++ b/3
@ -3144,6 +3144,7 @@ M: Laurent Vivier <lvivier@redhat.com>
 R: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
 F: system/qtest.c
+F: include/sysemu/qtest.h
 F: accel/qtest/
 F: tests/qtest/
 F: docs/devel/qgraph.rst
@ -3865,7 +3866,7 @@ F: docs/block-replication.txt
 PVRDMA
 M: Yuval Shaia <yuval.shaia.ml@gmail.com>
 M: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
-S: Maintained
+S: Odd Fixes
 F: hw/rdma/*
 F: hw/rdma/vmw/*
 F: docs/pvrdma.txt
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@ -363,6 +363,15 @@ recommending to switch to their stable counterparts:
 - "Zve64f" should be replaced with "zve64f"
 - "Zve64d" should be replaced with "zve64d"

+``-device pvrdma`` and the rdma subsystem (since 8.2)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The pvrdma device and the whole rdma subsystem are in a bad shape and
+without active maintenance. The QEMU project intends to remove this
+device and subsystem from the code base in a future release without
+replacement unless somebody steps up and improves the situation.
+
+
 Block device options
 ''''''''''''''''''''

--- a/hw/misc/Kconfig
+++ b/hw/misc/Kconfig
@ -34,6 +34,11 @@ config PCA9552
    bool
    depends on I2C

+config I2C_ECHO
+    bool
+    default y if TEST_DEVICES
+    depends on I2C
+
 config PL310
    bool

--- a/hw/misc/i2c-echo.c
+++ b/hw/misc/i2c-echo.c
@ -1,3 +1,13 @@
+/*
+ * Example I2C device using asynchronous I2C send.
+ *
+ * Copyright (C) 2023 Samsung Electronics Co., Ltd. All Rights Reserved.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
 #include "qemu/osdep.h"
 #include "qemu/timer.h"
 #include "qemu/main-loop.h"
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@ -138,7 +138,7 @@ system_ss.add(when: 'CONFIG_NRF51_SOC', if_true: files('nrf51_rng.c'))

 system_ss.add(when: 'CONFIG_GRLIB', if_true: files('grlib_ahb_apb_pnp.c'))

-system_ss.add(when: 'CONFIG_I2C', if_true: files('i2c-echo.c'))
+system_ss.add(when: 'CONFIG_I2C_ECHO', if_true: files('i2c-echo.c'))

 specific_ss.add(when: 'CONFIG_AVR_POWER', if_true: files('avr_power.c'))

--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@ -91,19 +91,33 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState **ring_state,
                         dma_addr_t dir_addr, uint32_t num_pages)
 {
    uint64_t *dir, *tbl;
-    int rc = 0;
+    int max_pages, rc = 0;

    if (!num_pages) {
        rdma_error_report("Ring pages count must be strictly positive");
        return -EINVAL;
    }

+    /*
+     * Make sure we can satisfy the requested number of pages in a single
+     * TARGET_PAGE_SIZE sized page table (taking into account that first entry
+     * is reserved for ring-state)
+     */
+    max_pages = TARGET_PAGE_SIZE / sizeof(dma_addr_t) - 1;
+    if (num_pages > max_pages) {
+        rdma_error_report("Maximum pages on a single directory must not exceed %d\n",
+                          max_pages);
+        return -EINVAL;
+    }
+
    dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
    if (!dir) {
        rdma_error_report("Failed to map to page directory (ring %s)", name);
        rc = -ENOMEM;
        goto out;
    }
+
+    /* We support only one page table for a ring */
    tbl = rdma_pci_dma_map(pci_dev, dir[0], TARGET_PAGE_SIZE);
    if (!tbl) {
        rdma_error_report("Failed to map to page table (ring %s)", name);
@ -601,6 +615,8 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp)
    bool ram_shared = false;
    PCIDevice *func0;

+    warn_report_once("pvrdma is deprecated and will be removed in a future release");
+
    rdma_info_report("Initializing device %s %x.%x", pdev->name,
                     PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));

--- a/tests/qtest/npcm7xx_timer-test.c
+++ b/tests/qtest/npcm7xx_timer-test.c
@ -465,6 +465,7 @@ static void test_periodic_interrupt(gconstpointer test_data)
    int i;

    tim_reset(td);
+    clock_step_next();

    tim_write_ticr(td, count);
    tim_write_tcsr(td, CEN | IE | MODE_PERIODIC | PRESCALE(ps));