Fixes CVE-2019-12068
fixes#2388
shortlog:
99c5874a9b Update version for 4.1.1 release
e092a17d38 mirror: Keep mirror_top_bs drained after dropping permissions
088f1e8fd9 block/create: Do not abort if a block driver is not available
145b562990 vhost: Fix memory region section comparison
42b6571357 memory: Provide an equality function for MemoryRegionSections
c0aca9352d memory: Align MemoryRegionSections fields
54c130493c tests: make filemonitor test more robust to event ordering
3d018ff3bd block: posix: Always allocate the first block
f0d3fa265d file-posix: Handle undetectable alignment
7db05c8a73 block/file-posix: Let post-EOF fallocate serialize
d9b88f7e0d block: Add bdrv_co_get_self_request()
590cff8230 block: Make wait/mark serialising requests public
2e2ad02f2c block/io: refactor padding
b3b76fc643 util/iov: improve qemu_iovec_is_zero
cff024fe85 util/iov: introduce qemu_iovec_init_extended
40df4a1bf7 qcow2-bitmap: Fix uint64_t left-shift overflow
b156178553 iotests: Add peek_file* functions
15f5e8c367 iotests: Add test for 4G+ compressed qcow2 write
405deba14f qcow2: Fix QCOW2_COMPRESSED_SECTOR_MASK
01be50603b virtio-blk: Cancel the pending BH when the dataplane is reset
051c9b3cbc scsi: lsi: exit infinite loop while executing script
(CVE-2019-12068)
b387531323 target/xtensa: regenerate and re-import test_mmuhifi_c3 core
cdc6896659 target/arm: Allow reading flags from FPSCR for M-profile
c0b35d87de hbitmap: handle set/reset with zero length
fcd7cba6ac util/hbitmap: strict hbitmap_reset
aea18ef938 COLO-compare: Fix incorrect `if` logic
4887acf574 virtio-net: prevent offloads reset on migration
8010d3fce0 virtio: new post_load hook
6705b9344f ui: Fix hanging up Cocoa display on macOS 10.15 (Catalina)
c0e2fbf124 mirror: Do not dereference invalid pointers
b077ac637d iotests: Test large write request to qcow2 file
9e51c5306c qcow2: Limit total allocation range to INT_MAX
aae0faa5d3 hw/core/loader: Fix possible crash in rom_copy()
7b404cae7f vhost-user: save features if the char dev is closed
d868d30db6 iotests: Test internal snapshots with -blockdev
7a8aa6c734 block/snapshot: Restrict set of snapshot nodes
331c08d300 s390: PCI: fix IOMMU region init
fc5afb1a92 roms/Makefile.edk2: don't pull in submodules when building from
tarball
c5c9b1362d make-release: pull in edk2 submodules so we can build it from
tarballs
220816989c hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots
783e7eb52c block/backup: fix backup_cow_with_offload for last cluster
e01ed1a1ae block/backup: fix max_transfer handling for copy_range
416a692e51 qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation()
e9bb3d942e coroutine: Add qemu_co_mutex_assert_locked()
84f22c7285 block/qcow2: Fix corruption introduced by commit 8ac0f15f335
86b0f4022b blockjob: update nodes head while removing all bdrv
2d86df1f78 curl: Handle success in multi_check_completion
18e1b71937 curl: Report only ready sockets
0888ddac8e curl: Pass CURLSocket to curl_multi_do()
4be97ef966 curl: Check completion in curl_multi_do()
78ea94e389 curl: Keep *socket until the end of curl_sock_cb()
3648493495 curl: Keep pointer to the CURLState in CURLSocket
0694c489cd block/nfs: tear down aio before nfs_close
c9ffb12754 qcow2: Fix the calculation of the maximum L2 cache size
28a9a3558a libvhost-user: fix SLAVE_SEND_FD handling
9027d3fba6 target/arm: Don't abort on M-profile exception return in linux-user
mode
38fb634853 target/arm: Free TCG temps in trans_VMOV_64_sp()
ad95e0573e iotests: Test blockdev-create for vpc
593beeaf81 iotests: Restrict nbd Python tests to nbd
eee776fbc0 iotests: Restrict file Python tests to file
819ba23575 iotests: Add supported protocols to execute_test()
4d9bdd3149 iotests: add testing shim for script-style python tests
97c478c355 vpc: Return 0 from vpc_co_create() on success
725dfa851f x86: do not advertise die-id in query-hotpluggbale-cpus if
'-smp dies' is not set
57fdf4a13f pr-manager: Fix invalid g_free() crash bug
3361d03ff0 iotests: Test reverse sub-cluster qcow2 writes
6f1a94035b block/file-posix: Reduce xfsctl() use
c12adfd8f6 xen-bus: check whether the frontend is active during device reset...
b6cedc911e xen-bus: Fix backend state transition on device reset
7ebcd375ad pc: Don't make die-id mandatory unless necessary
4bfd496be3 target/alpha: fix tlb_fill trap_arg2 value for instruction fetch
499a5d6bb4 s390x/tcg: Fix VERIM with 32/64 bit elements
73a5bf4729 Revert "ide/ahci: Check for -ECANCELED in aio callbacks"
fbde196c30 dma-helpers: ensure AIO callback is invoked after cancellation
Signed-off-by: Julio Montes <julio.montes@intel.com>
Update to latest master code.
Changes:
fa0fdc6 cargo: Update Cargo.lock for the 0.4.0 release
cec884e release: v0.4.0
6444e29 docs: Add CPU hot plug documentation
a002093 build(deps): bump anyhow from 1.0.23 to 1.0.25
43f0478 build(deps): bump thiserror from 1.0.6 to 1.0.9
664431f vsock: vhost_user: vfio: Fix potential host memory overflow
1e97d14 README: Update for newer distribution support
e8e21ae README: Update the --cpus command line examples
a40a70a ci: Rely on latest virtiofsd version
f0b7412 vmm: device_manager: Add all virtio devices to the migratable list
37557c8 vmm: vm: Implement the Pausable trait
9756fc2 vmm: cpu_manager: Implement the Pausable trait
35dd152 vmm: device_manager: Implement the Pausable trait
a122da4 vm-virtio: vhost: Implement the Pausable trait for all vhost-user devices
dae0b2e vm-virtio: Implement the Pausable trait for all virtio devices
35d7721 vmm: Convert virtio devices to Arc<Mutex<T>>
5450de0 cargo: Do not run fmt on anyhow's build code
0361df4 vm-device: Initial Migratable trait
36daf9c ci: Skip testing RFC or WIP PRs
64c5e3d vmm: api: Adjust FsConfig for OpenAPI
4bfd51c vmm: api: Match VhostUserBlkConfig defaults between CLI and HTTP API
1c2587f vmm: api: Match VhostUserNetConfig defaults between CLI and HTTP API
5e0bbf9 vmm: Don't factorize vhost-user configurations
793327c vmm: api: Make ConsoleConfig default match between CLI and HTTP API
cc08c44 vmm: api: Make MemoryConfig default match between CLI and HTTP API
5a72225 vmm: api: Update CpuConfig name to match the internal name
f7c215d cli: Fix default CPU argument
59ae01f ci: Cancel older builders on Jenkins
c61104d vmm: Port to latest vmm-sys-util
4c92f89 ci: Add OpenAPI validation
93bd88e ci: Simplify travis.yml
d42ef18 ci: Offload cargo tests to the worker node VM
ee528ae vmm: api: Make FsConfig defaults match between CLI and HTTP API
befd342 vmm: api: Make NetConfig defaults match between CLI and HTTP API
eff78f7 resources: Prevent kernel config interactive shell from showing up
99e608c openapi: Fix schema
f994665 vmm: Reduce the minimum IRQ constant
ba59c62 vmm, devices: Remove hardcoded IRQ number for GED device
ce1bd9c resources: turn on CONFIG_ACPI_REDUCED_HARDWARE_ONLY
0374c3d build(deps): bump ssh2 from 0.5.0 to 0.6.0
aa94e9b Revert "vmm: api: Modify FsConfig to be OpenAPI friendly"
9b1ba14 vmm: Delegate device related ACPI DSDT table work to DeviceManager
60e6609 vmm: Delegate CPU related ACPI tables to CpuManager
defc5dc vmm: api: Modify FsConfig to be OpenAPI friendly
66e00ce ci: Extend VFIO integration test
59d0171 vmm: Remove kernel based IOAPIC handling from the device manager
afea6a1 vmm: Stop initialising kernel based IOAPIC/PIC
9b1cb96 vmm: Remove pin based interrupt setup for virtio devices
72fb687 vmm: Check for required capabilities
904b1ea build(deps): bump unicode-width from 0.1.6 to 0.1.7
fcf92d8 tests: Add rebooting to the CPU hotplug test
f98b16f vmm: Update the configuration to preserve hot-plug CPUs after reboot
1722708 vmm: Switch to storing VmConfig inside an Arc<Mutex<>>
c063bb8 vmm: acpi: Make GED interrupt edge triggered
e1af17d vmm: Restore tty to canonical mode when SIGTERM or SIGINT received
44d026b build(deps): bump serde_json from 1.0.43 to 1.0.44
a1285ea build(deps): bump cc from 1.0.47 to 1.0.48
23929f4 vfio: Don't override MSI Enable bit through VFIO ioctl
1dfd60b vfio: use correct flags to disable interrupts
5208ff8 vmm: Detect and handle AMD SME (Secure Memory Encryption)
dcfd6ff build(deps): bump serde_json from 1.0.42 to 1.0.43
08258d5 vfio: pci: Allow multiple devices to be passed through
4115fa8 vfio: pci: Update irqfd registration
1379abb pci: msi: Fix MSG_CTL update through 32 bits write
c81e808 docs: Update instructions regarding virtiofsd
17badfb vmm: cpu: Call vcpu configure() on the vCPU thread
1350306 api: Fix OpenAPI specification entries
e1ff142 tests: Remove MSI only test from test_serial_off
e083064 tests: Add integration test for hotplugging vCPUs
66a31c1 vmm: acpi: Upon GED interrupt notify on all vCPUs
48bf141 vmm: Trigger a hotplug device notification when resizing
b629727 vmm: acpi: Add a CTFY method to notify on all CPU objects
ae9359c vmm: acpi: Create the CPU entries in the DSDT for all vCPUs
791ca33 vmm: device_manager: Add ability to notify via GED device
623755c devices: Add ACPI GED device
7ad68d4 vmm: device_manager: Allocate I/O port for ACPI shutdown device
86339b4 vmm: Add HTTP API to resize the VM
e7d4eae vmm: cpu: Add support for starting more vCPU threads
0ef9999 vmm: cpu: Support only partially configuring the vCPU
c8b3041 vmm: openapi: Update OpenAPI for CpuConfig struct
b6801e3 vmm: cpu: Refactor vCPU thread starting
66d5163 vmm: cpu: Encapsulate vCPU state into its own struct
ea19bb0 tests: Add a test to check that the boot vs max cpus work
1bbe48b vmm: acpi: Mark non-boot vCPUs as disabled in the MADT table
4bc8635 tests: Use new "--cpus" syntax for integration tests
82bc07c vmm: Add boot and max vCPU handling to command line parser
7543e00 vmm: Use new CpuManager accessor to get boot vCPUs
df09078 vmm: cpu: Introduce concept of maximum vs boot vCPUs in CpuManager
669d9a8 vhost_user_backend: fix memory region offsetting
d378da6 build(deps): bump vcpkg from 0.2.7 to 0.2.8
b1cfdc7 build(deps): bump syn from 1.0.9 to 1.0.11
0f21781 cargo: Bump the kvm and vmm-sys-util crates
Fixes: #2343
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
NEMU deprecation was announced in 1.8 of Kata. Removing from tree.
Thanks for all the fish!
Fixes: #2195
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
cri-tools version was managed in the tests repository, but as
we define here cri-o, containerd and kubernetes versions, it
make sense to have the cri-tools version defined in this repo.
conmon has now to be installed/built separately. So add it
to the list.
Depends-on: github.com/kata-containers/tests#2057
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Update k8s supported version from 1.15.3 to 1.16.2
and cri-o from 1.15.0 to 1.16.0
Fixes: #2166.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
These include features like privileged containers without host devices
and support for per runtime annotations.
Depends-on: github.com/kata-containers/tests#2029
Fixes#2099
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Update the version used for testing the cni plugins to the latest
0.8.2 release. This way we make sure CI tests with latest CNI plugins.
Depends-on: github.com/kata-containers/tests#1984
Fixes#2111
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This adds QEMU and the kernel with virtiofs 3.0 at the versions.yaml
file.
Depends-on: github.com/kata-containers/packaging#710
Fixes#2051
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Update qemu version to bring the latest fixes and improvements:
* migration: allow private destination ram with x-ignore-shared
* hw/i386: Fix linker error when ISAPC is disabled
* hw/i386: turn off vmport if CONFIG_VMPORT is disabled
Depends-on: github.com/kata-containers/packaging#680
fixes#1978
Signed-off-by: Julio Montes <julio.montes@intel.com>
- Changes:
- version: v1.14.6
- Add username and homedir to generated password
- Close temporary image in PullImage
- Version 1.14.6-dev
- Version 1.14.5
- version: if git commit is empty, silently ignore
- enable inline exec and attach test
- Bump up minMemoryLimit to 12Mb
- Backport CircleCI config
- Fix up machine os content version and cri-o version in spec
- Add state of infracontainer to disk when stopped
- Use GlobalAuthFile when pulling the pause image if
PauseImageAuthFile is not set
- Don't discard copy.Options.SourceCtx when credentials are provided
- Don't set non-default copy.Options in imageService.PullImage if it is nil
- Add global_auth_file option to crio.image config
- Create network and plugins directory if they do not exist
- Disable file locking by default
- Update containers/image to v2.0.0, buildah to 1.8.4, libpod to 1.4.1, ...
- Bump github.com/containers/libpod from 1.2.0 to 1.3.1
- Vendor containers/storage v1.12.4
- update github.com/containers/* dependencies
- Changes to rpm build and Dockerfile for ci
- When plugin_dir is set, only use that value
- Update Makefile to be usable without git
- bump to version 1.14.5-dev
- bump to version 1.14.4
- Default to runc is default_runtime is not set
- Fix missing images names on list
- Add crio-wipe
- Add logic for running OpenShift CI on cri-o PRs
- Update device cgroup permissions for configured devices.
- version: v1.14.4-dev
- version: v1.14.3
- Fix runtime panic when having concurrent writes to runtime impl map
- server: do not add default /sys if bind mounted
- Change plugin_dir to plugin_dirs
- Added unit tests
- Add version file functionality
- fix build issues on 32-bit arches
- conmon: use sd_journal_sendv
- make vendor generated
- Move to v1.14.3-dev
- Tag v1.14.2
- Vendor in c/storage release-1.13
- Revert "update github.com/containers/* dependencies"
- Update test suites
- Fix logic of server.restore()
- version: v1.14.2-dev
Fixes#1866
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Upgrade Firecracker to 0.17.0. This is required to pick up
bug fixes needed in jailer, to allow kata to run firecracker
constrained by a jailer in Kata.
Fixes: #1746
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
virtio-fs is now available in 1.7 release and needs hugepages enabled.
Updating version of NEMU that ships with kata by default which contains
the fixes for hugepages, machine_type=virt and network access.
Fixes: #1709
Depends-on: github.com/kata-containers/tests#1595
Depends-on: github.com/kata-containers/packaging#522
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
Use only one version to install cri-contaienrd
- version could be a containerd version or a commit of the cri
repository.
Depends-on: github.com/kata-containers/tests#1400
Fixes: #1464
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Set the minimum golang version to 1.11.10, the latest stable 1.11 version
at the time of writing. Go 1.11 is required to build the agent with working
vsock support.
Fixes: #1693
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
This will update the k8s version to 1.14.1 and CRI-O to
commit 3ddde3dee35a239712ee26fa542abe5609c4f44f.
We are using this commit as crio 1.14 has an issue: cri-o/cri-o#2221
and also does not include test fixes of cri-o/cri-o@7b8c298.
Depends-on: github.com/kata-containers/tests#1528
Fixes#1617
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This commit bumps the golang version to remove the go modules hash
mismatch between 1.11 and 1.12.
Fixes: #1520
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
cri-o was moved to a new organization. The new URL
of the project is https://github.com/cri-o/cri-o
Update URL references.
Fixes: #1478.
Depends-on: github.com/kata-containers/tests#1409
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
gometalinter is deprecated and will be archived April '19. The
suggestion is to switch to golangci-lint which is apparently 5x faster
than gometalinter.
Partially Fixes: #1377
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
