Fix "failed to set up stack guard page: Cannot allocate memory"

(rhbz#2143006)
This commit is contained in:
Richard W.M. Jones 2022-11-16 11:33:35 +00:00
parent 1176069249
commit daaab58bcb
17 changed files with 286 additions and 21 deletions

View File

@ -1,10 +1,10 @@
From 375a476bcdefe65057a38fe6ae3f50b941e63ddd Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 1 Feb 2022 20:09:37 +0100
Subject: [PATCH] target/i386: the sgx_epc_get_section stub is reachable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain
The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
should not assert, instead it should just return true just like
@ -28,3 +28,6 @@ index 26833eb233..16b1dfd90b 100644
- g_assert_not_reached();
+ return true;
}
--
2.37.0.rc2

View File

@ -1,8 +1,8 @@
From 7a5a6dbbf40f7d2313173573b99dd26069f7e309 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 27 Apr 2022 15:35:36 +0100
Subject: [PATCH] virtio-scsi: fix ctrl and event handler functions in
dataplane mode
Content-type: text/plain
Commit f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare
virtio_scsi_handle_cmd for dataplane") prepared the virtio-scsi cmd
@ -106,3 +106,6 @@ index 34a968ecfb..417fbc71d6 100644
virtio_scsi_acquire(s);
virtio_scsi_handle_event_vq(s, vq);
virtio_scsi_release(s);
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 5a595325d84fe48fcef921b0810073906ff9284b Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Tue, 17 May 2022 09:27:45 +0100
Subject: [PATCH] virtio-scsi: don't waste CPU polling the event virtqueue
Content-type: text/plain
The virtio-scsi event virtqueue is not emptied by its handler function.
This is typical for rx virtqueues where the device uses buffers when
@ -89,3 +89,6 @@ index b31c4507f5..b62a35fdca 100644
void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 5edca84f63de972dd08e0c63c7c67003df237f23 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Tue, 17 May 2022 09:28:06 +0100
Subject: [PATCH] virtio-scsi: clean up virtio_scsi_handle_event_vq()
Content-type: text/plain
virtio_scsi_handle_event_vq() is only called from hw/scsi/virtio-scsi.c
now and its return value is no longer used. Remove the function
@ -49,3 +49,6 @@ index 543681bc18..5957597825 100644
bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq);
bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq);
void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 4c4bec46e2ccbcb1e8360b118b46681369e3f05c Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Tue, 17 May 2022 09:28:12 +0100
Subject: [PATCH] virtio-scsi: clean up virtio_scsi_handle_ctrl_vq()
Content-type: text/plain
virtio_scsi_handle_ctrl_vq() is only called from hw/scsi/virtio-scsi.c
now and its return value is no longer used. Remove the function
@ -52,3 +52,6 @@ index 5957597825..44dc3b81ec 100644
void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
void virtio_scsi_free_req(VirtIOSCSIReq *req);
void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 67a97290efc0e89c7c48bba46ed68de35121b9de Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Tue, 17 May 2022 09:28:19 +0100
Subject: [PATCH] virtio-scsi: clean up virtio_scsi_handle_cmd_vq()
Content-type: text/plain
virtio_scsi_handle_cmd_vq() is only called from hw/scsi/virtio-scsi.c
now and its return value is no longer used. Remove the function
@ -64,3 +64,6 @@ index 44dc3b81ec..2497530064 100644
void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req);
void virtio_scsi_free_req(VirtIOSCSIReq *req);
void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 8c2d952c608b15e188db90e26b7238d35f5cf289 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Tue, 17 May 2022 09:28:26 +0100
Subject: [PATCH] virtio-scsi: move request-related items from .h to .c
Content-type: text/plain
There is no longer a need to expose the request and related APIs in
virtio-scsi.h since there are no callers outside virtio-scsi.c.
@ -155,3 +155,6 @@ index 2497530064..abdda2cbd0 100644
void virtio_scsi_dataplane_setup(VirtIOSCSI *s, Error **errp);
int virtio_scsi_dataplane_start(VirtIODevice *s);
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 7bbf88bfd6b5200926294788386398193afe623f Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Sat, 4 Jun 2022 20:28:58 -0400
Subject: [PATCH] Disable flakey dbus-display-test
Content-type: text/plain
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
@ -34,3 +34,6 @@ index d25f82bb5a..d085604727 100644
qtest_executables = {}
foreach dir : target_dirs
if not dir.endswith('-softmmu')
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 1917ca47ce2234b7d279f16aa7ef1ff165902d1f Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Sat, 4 Jun 2022 20:29:46 -0400
Subject: [PATCH] Fix iotests with modules and qemu-system-s390x
Content-type: text/plain
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
@ -30,3 +30,6 @@ index 227e0a5be9..97f8e0a15f 100644
grep ^name | sed -e 's/^name "//' -e 's/".*$//')
for device
do
--
2.37.0.rc2

View File

@ -1,7 +1,7 @@
From 830cda479ec661b752c9c2566bcca0ac22bb478b Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Sun, 5 Jun 2022 12:48:29 -0400
Subject: [PATCH] Skip iotests entirely
Content-type: text/plain
Getting sporadic failures like described here:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg887683.html
@ -24,3 +24,6 @@ index f59496396c..09cc735da4 100755
# QEMU_CHECK_BLOCK_AUTO is used to disable some unstable sub-tests
export QEMU_CHECK_BLOCK_AUTO=1
export PYTHONUTF8=1
--
2.37.0.rc2

View File

@ -1,4 +1,4 @@
From a7f14aae85022007a4c77e0792a1abb0509a08eb Mon Sep 17 00:00:00 2001
From 7605dc625bfd03c4f6bb8daddde909aac3e4badb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 2 Aug 2022 12:34:23 -0400
Subject: [PATCH] linux-user: fix compat with glibc >= 2.36 sys/mount.h
@ -53,7 +53,7 @@ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2 files changed, 20 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b27a6552aa..52d178afe7 100644
index f65045efe6..834a86183c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -95,7 +95,25 @@
@ -83,10 +83,10 @@ index b27a6552aa..52d178afe7 100644
#if defined(CONFIG_FIEMAP)
#include <linux/fiemap.h>
diff --git a/meson.build b/meson.build
index 294e9a8f32..30a380752c 100644
index 861de93c4f..8ca99671ec 100644
--- a/meson.build
+++ b/meson.build
@@ -1963,6 +1963,8 @@ config_host_data.set('HAVE_OPTRESET',
@@ -1686,6 +1686,8 @@ config_host_data.set('HAVE_OPTRESET',
cc.has_header_symbol('getopt.h', 'optreset'))
config_host_data.set('HAVE_IPPROTO_MPTCP',
cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP'))
@ -96,5 +96,5 @@ index 294e9a8f32..30a380752c 100644
# has_member
config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID',
--
2.37.1
2.37.0.rc2

View File

@ -1,3 +1,4 @@
From ac42f1e87f4f963836461691be22e39128b4eff2 Mon Sep 17 00:00:00 2001
From: Guo Zhi <qtxuning1999@sjtu.edu.cn>
Date: Tue, 3 May 2022 17:17:24 +0800
Subject: [PATCH] vga: avoid crash if no default vga card
@ -21,7 +22,7 @@ index 6f646531a0..b16c1c48fa 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -974,7 +974,8 @@ static void select_vgahw(const MachineClass *machine_class, const char *p)
if (vga_interface_available(t) && ti->opt_name) {
printf("%-20s %s%s\n", ti->opt_name, ti->name ?: "",
- g_str_equal(ti->opt_name, def) ? " (default)" : "");
@ -30,3 +31,6 @@ index 6f646531a0..b16c1c48fa 100644
}
}
exit(0);
--
2.37.0.rc2

View File

@ -1,3 +1,4 @@
From 754371b1f2f872156dda4cb4aa16b510c142c381 Mon Sep 17 00:00:00 2001
From: Mauro Matteo Cascella <mcascell@redhat.com>
Date: Tue, 5 Jul 2022 22:05:43 +0200
Subject: [PATCH] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout
@ -39,7 +40,7 @@ index c8773f73f7..ad5f5e5f39 100644
scsi_req_cancel(s->current->req);
+ current_req = NULL;
}
/* As the current implemented devices scsi_disk and scsi_generic
diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c
index ba5d468970..0f968024c8 100644
@ -48,7 +49,7 @@ index ba5d468970..0f968024c8 100644
@@ -8,6 +8,79 @@
#include "qemu/osdep.h"
#include "libqos/libqtest.h"
+/*
+ * This used to trigger a UAF in lsi_do_msgout()
+ * https://gitlab.com/qemu-project/qemu/-/issues/972
@ -132,5 +133,8 @@ index ba5d468970..0f968024c8 100644
+ qtest_add_func("fuzz/lsi53c895a/lsi_do_msgout_cancel_req",
+ test_lsi_do_msgout_cancel_req);
}
return g_test_run();
--
2.37.0.rc2

View File

@ -1,3 +1,4 @@
From effa979582e34687688df36c9a10b33862f2581f Mon Sep 17 00:00:00 2001
From: Mauro Matteo Cascella <mcascell@redhat.com>
Date: Sun, 25 Sep 2022 22:45:11 +0200
Subject: [PATCH] ui/vnc-clipboard: fix integer underflow in
@ -35,7 +36,7 @@ index 310a873c21..8a2e176b64 100644
" which exceeds our limit of 1MB.", dlen);
@@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
}
if (read_s32(data, 4) < 0) {
- vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
- read_u32(data, 8), data + 12);
@ -49,3 +50,6 @@ index 310a873c21..8a2e176b64 100644
break;
}
vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
--
2.37.0.rc2

View File

@ -0,0 +1,92 @@
From 9be9b8e36940756582c453c6bf08daa6955f916e Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Tue, 10 May 2022 17:10:19 +0200
Subject: [PATCH] coroutine: Rename qemu_coroutine_inc/dec_pool_size()
It's true that these functions currently affect the batch size in which
coroutines are reused (i.e. moved from the global release pool to the
allocation pool of a specific thread), but this is a bug and will be
fixed in a separate patch.
In fact, the comment in the header file already just promises that it
influences the pool size, so reflect this in the name of the functions.
As a nice side effect, the shorter function name makes some line
wrapping unnecessary.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220510151020.105528-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 98e3ab35054b946f7c2aba5408822532b0920b53)
---
hw/block/virtio-blk.c | 6 ++----
include/qemu/coroutine.h | 6 +++---
util/qemu-coroutine.c | 4 ++--
3 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 540c38f829..6a1cc41877 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -1215,8 +1215,7 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
for (i = 0; i < conf->num_queues; i++) {
virtio_add_queue(vdev, conf->queue_size, virtio_blk_handle_output);
}
- qemu_coroutine_increase_pool_batch_size(conf->num_queues * conf->queue_size
- / 2);
+ qemu_coroutine_inc_pool_size(conf->num_queues * conf->queue_size / 2);
virtio_blk_data_plane_create(vdev, conf, &s->dataplane, &err);
if (err != NULL) {
error_propagate(errp, err);
@@ -1253,8 +1252,7 @@ static void virtio_blk_device_unrealize(DeviceState *dev)
for (i = 0; i < conf->num_queues; i++) {
virtio_del_queue(vdev, i);
}
- qemu_coroutine_decrease_pool_batch_size(conf->num_queues * conf->queue_size
- / 2);
+ qemu_coroutine_dec_pool_size(conf->num_queues * conf->queue_size / 2);
qemu_del_vm_change_state_handler(s->change);
blockdev_mark_auto_del(s->blk);
virtio_cleanup(vdev);
diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
index c828a95ee0..5b621d1295 100644
--- a/include/qemu/coroutine.h
+++ b/include/qemu/coroutine.h
@@ -334,12 +334,12 @@ void coroutine_fn yield_until_fd_readable(int fd);
/**
* Increase coroutine pool size
*/
-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size);
+void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size);
/**
- * Devcrease coroutine pool size
+ * Decrease coroutine pool size
*/
-void qemu_coroutine_decrease_pool_batch_size(unsigned int additional_pool_size);
+void qemu_coroutine_dec_pool_size(unsigned int additional_pool_size);
#include "qemu/lockable.h"
diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
index c03b2422ff..faca0ca97c 100644
--- a/util/qemu-coroutine.c
+++ b/util/qemu-coroutine.c
@@ -205,12 +205,12 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
return co->ctx;
}
-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size)
+void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
{
qatomic_add(&pool_batch_size, additional_pool_size);
}
-void qemu_coroutine_decrease_pool_batch_size(unsigned int removing_pool_size)
+void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
{
qatomic_sub(&pool_batch_size, removing_pool_size);
}
--
2.37.0.rc2

View File

@ -0,0 +1,123 @@
From f1ea4c55f0e9bb05db980f27b392617ef6615954 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Tue, 10 May 2022 17:10:20 +0200
Subject: [PATCH] coroutine: Revert to constant batch size
Commit 4c41c69e changed the way the coroutine pool is sized because for
virtio-blk devices with a large queue size and heavy I/O, it was just
too small and caused coroutines to be deleted and reallocated soon
afterwards. The change made the size dynamic based on the number of
queues and the queue size of virtio-blk devices.
There are two important numbers here: Slightly simplified, when a
coroutine terminates, it is generally stored in the global release pool
up to a certain pool size, and if the pool is full, it is freed.
Conversely, when allocating a new coroutine, the coroutines in the
release pool are reused if the pool already has reached a certain
minimum size (the batch size), otherwise we allocate new coroutines.
The problem after commit 4c41c69e is that it not only increases the
maximum pool size (which is the intended effect), but also the batch
size for reusing coroutines (which is a bug). It means that in cases
with many devices and/or a large queue size (which defaults to the
number of vcpus for virtio-blk-pci), many thousand coroutines could be
sitting in the release pool without being reused.
This is not only a waste of memory and allocations, but it actually
makes the QEMU process likely to hit the vm.max_map_count limit on Linux
because each coroutine requires two mappings (its stack and the guard
page for the stack), causing it to abort() in qemu_alloc_stack() because
when the limit is hit, mprotect() starts to fail with ENOMEM.
In order to fix the problem, change the batch size back to 64 to avoid
uselessly accumulating coroutines in the release pool, but keep the
dynamic maximum pool size so that coroutines aren't freed too early
in heavy I/O scenarios.
Note that this fix doesn't strictly make it impossible to hit the limit,
but this would only happen if most of the coroutines are actually in use
at the same time, not just sitting in a pool. This is the same behaviour
as we already had before commit 4c41c69e. Fully preventing this would
require allowing qemu_coroutine_create() to return an error, but it
doesn't seem to be a scenario that people hit in practice.
Cc: qemu-stable@nongnu.org
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2079938
Fixes: 4c41c69e05fe28c0f95f8abd2ebf407e95a4f04b
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220510151020.105528-3-kwolf@redhat.com>
Tested-by: Hiroki Narukawa <hnarukaw@yahoo-corp.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9ec7a59b5aad4b736871c378d30f5ef5ec51cb52)
---
util/qemu-coroutine.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
index faca0ca97c..804f672e0a 100644
--- a/util/qemu-coroutine.c
+++ b/util/qemu-coroutine.c
@@ -20,14 +20,20 @@
#include "qemu/coroutine_int.h"
#include "block/aio.h"
-/** Initial batch size is 64, and is increased on demand */
+/**
+ * The minimal batch size is always 64, coroutines from the release_pool are
+ * reused as soon as there are 64 coroutines in it. The maximum pool size starts
+ * with 64 and is increased on demand so that coroutines are not deleted even if
+ * they are not immediately reused.
+ */
enum {
- POOL_INITIAL_BATCH_SIZE = 64,
+ POOL_MIN_BATCH_SIZE = 64,
+ POOL_INITIAL_MAX_SIZE = 64,
};
/** Free list to speed up creation */
static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
-static unsigned int pool_batch_size = POOL_INITIAL_BATCH_SIZE;
+static unsigned int pool_max_size = POOL_INITIAL_MAX_SIZE;
static unsigned int release_pool_size;
static __thread QSLIST_HEAD(, Coroutine) alloc_pool = QSLIST_HEAD_INITIALIZER(pool);
static __thread unsigned int alloc_pool_size;
@@ -51,7 +57,7 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
if (CONFIG_COROUTINE_POOL) {
co = QSLIST_FIRST(&alloc_pool);
if (!co) {
- if (release_pool_size > qatomic_read(&pool_batch_size)) {
+ if (release_pool_size > POOL_MIN_BATCH_SIZE) {
/* Slow path; a good place to register the destructor, too. */
if (!coroutine_pool_cleanup_notifier.notify) {
coroutine_pool_cleanup_notifier.notify = coroutine_pool_cleanup;
@@ -88,12 +94,12 @@ static void coroutine_delete(Coroutine *co)
co->caller = NULL;
if (CONFIG_COROUTINE_POOL) {
- if (release_pool_size < qatomic_read(&pool_batch_size) * 2) {
+ if (release_pool_size < qatomic_read(&pool_max_size) * 2) {
QSLIST_INSERT_HEAD_ATOMIC(&release_pool, co, pool_next);
qatomic_inc(&release_pool_size);
return;
}
- if (alloc_pool_size < qatomic_read(&pool_batch_size)) {
+ if (alloc_pool_size < qatomic_read(&pool_max_size)) {
QSLIST_INSERT_HEAD(&alloc_pool, co, pool_next);
alloc_pool_size++;
return;
@@ -207,10 +213,10 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
{
- qatomic_add(&pool_batch_size, additional_pool_size);
+ qatomic_add(&pool_max_size, additional_pool_size);
}
void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
{
- qatomic_sub(&pool_batch_size, removing_pool_size);
+ qatomic_sub(&pool_max_size, removing_pool_size);
}
--
2.37.0.rc2

View File

@ -317,7 +317,7 @@ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release}
%endif
# To prevent rpmdev-bumpspec breakage
%global baserelease 10
%global baserelease 11
Summary: QEMU is a FAST! processor emulator
Name: qemu
@ -360,6 +360,10 @@ Patch: 0012-vga-avoid-crash-if-no-default-vga-card.patch
Patch: 0013-scsi-lsi53c895a-fix-use-after-free-in-lsi_do_msgout.patch
# vnc-clipboard: fix integer underflow (CVE-2022-3165)
Patch: 0014-ui-vnc-clipboard-fix-integer-underflow-in-vnc_client.patch
# Fix "failed to set up stack guard page: Cannot allocate memory"
# https://bugzilla.redhat.com/show_bug.cgi?id=2143006
Patch: 0015-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
Patch: 0016-coroutine-Revert-to-constant-batch-size.patch
BuildRequires: meson >= %{meson_version}
BuildRequires: zlib-devel
@ -2724,6 +2728,10 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%changelog
* Wed Nov 16 2022 Richard W.M. Jones <rjones@redhat.com> - 7.0.0-11
- Fix "failed to set up stack guard page: Cannot allocate memory"
(rhbz#2143006)
* Tue Oct 18 2022 Mauro Matteo Cascella <mcascell@redhat.com> - 2:7.0.0-10
- vga: avoid crash if no default vga card (rhbz#2095639)
- lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (rhbz#2070902)