Hi everyone, The QEMU v8.0.4 stable release is now available.
You can grab the tarball from our download page here: https://www.qemu.org/download/#source v8.0.4 is now tagged in the official qemu.git repository, and the stable-8.0 branch has been updated accordingly: https://gitlab.com/qemu-project/qemu/-/commits/stable-8.0?ref_type=heads This update contains general fixes for various architectures/subsystems, including the following CVE fixes: virtio-crypto (CVE-2023-3180) QIOChannel (CVE-2023-3354) VNC (CVE-2023-3255) Thank you to everyone involved! CHANGELOG: 83a9cdbd65: Update version for 8.0.4 release (Michael Tokarev) 7cb0210fcc: target/i386: Check CR0.TS before enter_mmx (Matt Borgerson) 979cdfbbfd: target/ppc: Fix VRMA page size for ISA v3.0 (Nicholas Piggin) b96bb74e3a: target/ppc: Fix pending HDEC when entering PM state (Nicholas Piggin) bfe876cb30: target/ppc: Implement ASDR register for ISA v3.0 for HPT (Nicholas Piggin) 1d711f97a5: vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mq() (Hawkins Jiawei) f43e4e2594: vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mac() (Hawkins Jiawei) ade1bed2b7: vdpa: Fix possible use-after-free for VirtQueueElement (Hawkins Jiawei) e85ab8f753: vfio/pci: Disable INTx in vfio_realize error path (Zhenzhong Duan) 48be003029: include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts (Thomas Huth) dab9a65dfa: hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message() (Thomas Huth) e0711f74b2: hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi() (Thomas Huth) 4f558fd185: hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts (Thomas Huth) b3c94ecf3c: hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableEntry (Thomas Huth) bc5740e178: hw/i386/intel_iommu: Fix trivial endianness problems (Thomas Huth) 715e8123ed: pci: do not respond config requests after PCI device eject (Yuri Benditovich) 868b90e44a: target/hppa: Move iaoq registers and thus reduce generated code size (Helge Deller) 60c42b8623: cryptodev: Handle unexpected request to avoid crash (zhenwei pi) 49f1e02bac: virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) fd902c54e5: vhost: fix the fd leak (Li Feng) 18963f458f: hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command() (Eric Auger) 71e05c42cc: target/m68k: Fix semihost lseek offset computation (Peter Maydell) 3d81ba8da4: target/nios2: Fix semihost lseek offset computation (Keith Packard) adef4fe350: target/nios2: Pass semihosting arg to exit (Keith Packard) f8592e9431: hw/xen: fix off-by-one in xen_evtchn_set_gsi() (David Woodhouse) 5300472ec0: io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrangé) ca93a302a0: xen-block: Avoid leaks on new error path (Anthony PERARD) 157529eee6: thread-pool: signal "request_cond" while locked (Anthony PERARD) 5a87bcee89: linux-user/armeb: Fix __kernel_cmpxchg() for armeb (Helge Deller) f8e673df7e: target/ppc: Disable goto_tb with architectural singlestep (Richard Henderson) 357b42486c: util/interval-tree: Use qatomic_set_mb in rb_link_node (Richard Henderson) b2ec463649: util/interval-tree: Use qatomic_read for left/right while searching (Richard Henderson) 2eee26f579: target/arm: Avoid writing to constant TCGv in trans_CSEL() (Peter Maydell) 2bff614256: target/arm: Special case M-profile in debug_helper.c code (Peter Maydell) 220869aae1: hw/arm/smmu: Handle big-endian hosts correctly (Peter Maydell) 123b4291f9: virtio-net: pass Device-TLB enable/disable events to vhost (Viktor Prutyanov) 8eed78e2bf: vhost: register and change IOMMU flag depending on Device-TLB state (Viktor Prutyanov) 5f3fe5657d: virtio-pci: add handling of PCI ATS and Device-TLB enable/disable (Viktor Prutyanov) 0827053612: target/loongarch: Fix the CSRRD CPUID instruction on big endian hosts (Thomas Huth) c8b714f047: target/s390x: Fix assertion failure in VFMIN/VFMAX with type 13 (Ilya Leoshkevich) c5498fdda0: target/s390x: Make MC raise specification exception when class >= 16 (Ilya Leoshkevich) 76507abbe1: target/s390x: Fix ICM with M3=0 (Ilya Leoshkevich) e5e8a86064: target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs (Ilya Leoshkevich) 6bd56e0f82: target/s390x: Fix CLM with M3=0 (Ilya Leoshkevich) bdbf5e1016: target/s390x: Make CKSM raise an exception if R2 is odd (Ilya Leoshkevich) 6f7c39a912: tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output (Ilya Leoshkevich) 59a728a031: tcg/ppc: Fix race in goto_tb implementation (Jordan Niethe) 5a61789df8: qemu-nbd: regression with arguments passing into nbd_client_thread() (Denis V. Lunev) bdfecfbc1d: qemu-nbd: fix regression with qemu-nbd --fork run over ssh (Denis V. Lunev) feb0814b3b: qemu-nbd: pass structure into nbd_client_thread instead of plain char* (Denis V. Lunev) f90a8b9357: linux-user: Fix signed math overflow in brk() syscall (Helge Deller) c4a4731408: linux-user: Prohibit brk() to to shrink below initial heap address (Helge Deller) 0102c92a1c: linux-user: Fix qemu brk() to not zero bytes on current page (Helge Deller) 5de88d6e10: hw/nvme: fix endianness issue for shadow doorbells (Klaus Jensen) 0167759c9a: linux-user: Make sure initial brk(0) is page-aligned (Andreas Schwab) 35720b3d90: ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) d1063b6551: linux-user/arm: Do not allocate a commpage at all for M-profile CPUs (Philippe Mathieu-Daudé) fa72d8bcf4: tcg: Fix info_in_idx increment in layout_arg_by_ref (Richard Henderson) 7b336dcd06: linux-user/syscall: Implement execve without execveat (Pierrick Bouvier) c280ac3b60: hw/ide/piix: properly initialize the BMIBA register (Olaf Hering) 520d5fb4cb: target/mips: enable GINVx support for I6400 and I6500 (Marcin Nowakowski) b2b1b99da9: target/s390x: Fix LRA when DAT is off (Ilya Leoshkevich) 523f529d40: target/s390x: Fix LRA overwriting the top 32 bits on DAT error (Ilya Leoshkevich) eefa524832: target/s390x: Fix MVCRL with a large value in R0 (Ilya Leoshkevich) aa308958e6: target/s390x: Fix MDEB and MDEBR (Ilya Leoshkevich) 70ba7cbf50: target/s390x: Fix EPSW CC reporting (Ilya Leoshkevich) f48e3ec581: vfio: Fix null pointer dereference bug in vfio_bars_finalize() (Avihai Horon) 43462f7706: linux-user: Fix accept4(SOCK_NONBLOCK) syscall (Helge Deller) 741df485e8: linux-user: Fix fcntl() and fcntl64() to return O_LARGEFILE for 32-bit targets (Helge Deller) 73d6ac24c8: hw/ppc: Fix clock update drift (Nicholas Piggin) 720db12b8b: qemu_cleanup: begin drained section after vm_shutdown() (Fiona Ebner) bcb1e0522e: virtio-net: correctly report maximum tx_queue_size value (Laurent Vivier)
