From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoM-0005Rt-2C; Tue, 02 Jun 2015 14:04:58 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoK-0005Qq-LD; Tue, 02 Jun 2015 14:04:56 +0000 Received: from [85.158.137.68] by server-10.bemta-3.messagelabs.com id 84/78-03895-708BD655; Tue, 02 Jun 2015 14:04:55 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-6.tower-31.messagelabs.com!1433253893!7968773!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18766 invoked from network); 2 Jun 2015 14:04:54 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-6.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:04:54 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoC-0006Sy-MY; Tue, 02 Jun 2015 14:04:48 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YzmoC-0001pV-KC; Tue, 02 Jun 2015 14:04:48 +0000 Date: Tue, 02 Jun 2015 14:04:48 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 130 (CVE-2015-4105) - Guest triggerable qemu MSI-X pass-through error messages X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4105 / XSA-130 version 2 Guest triggerable qemu MSI-X pass-through error messages UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain (supposedly) invalid guest operations. IMPACT ====== A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-X capable. (Many modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI-X capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa130-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa130-qemuu-4.3.patch Xen 4.3.x xsa130-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa130*.patch 0ed6d75b6758c43a3042994f5127cb69d03796acf5c4d305d7ec2486500753da xsa130-qemut.patch fd6e835e945c2eee197f9e18501aeefb6e1d33a714f6ce66c16481d5aca8fcd0 xsa130-qemuu-4.3.patch 87fb70041d1fe9c997461c4a6fdaf9157667ec2eff7c77b8db6ee8f9d730753d xsa130-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdWAAoJEIP+FMlX6CvZhyIH/3VkV4yhOpHsYzHEdkcikqTP w3KzOsPqtZs2++XWN48Ewpt1Dy12vLkq65hljfvHj9AIWmB0qgWXNC51lkkIFffT KgcNuUbuJkyy+hNk7K/OWblXbehTrSIAWkl13xKymIQYiS+UN8TYp9kM7QIFkYh2 GGJlCzTljnxeKFZY0z7uW6OKnZzBkdcGmRS5tyH+cqikfAEDSGaV7ffSC0mukd0/ LrTodM+0+8C40znDAyjUiz91YfGXyXtTTEKvmPzdhiv9Fsp3FZ6kMkSGPhcAUUUh WJmP23QXwm1Tt0qZn9wp1w1DmgihkDoS9Jdw/as29qSCNE2UrfsXaPghGkujQTU= =KrtH -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa130-qemut.patch" Content-Disposition: attachment; filename="xsa130-qemut.patch" Content-Transfer-Encoding: base64 eGVuL01TSS1YOiBkaXNhYmxlIGxvZ2dpbmcgYnkgZGVmYXVsdAoKLi4uIHRv IGF2b2lkIGFsbG93aW5nIHRoZSBndWVzdCB0byBjYXVzZSB0aGUgY29udHJv bCBkb21haW4ncyBkaXNrIHRvCmZpbGwuCgpUaGlzIGlzIFhTQS0xMzAuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ ClJldmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3Rh YmVsbGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdo LmgKKysrIGIvaHcvcGFzcy10aHJvdWdoLmgKQEAgLTI3LDcgKzI3LDcgQEAK ICNpbmNsdWRlICJxZW11LXRpbWVyLmgiCiAKIC8qIExvZyBhY2Vzc3MgKi8K LSNkZWZpbmUgUFRfTE9HR0lOR19FTkFCTEVECisvKiAjZGVmaW5lIFBUX0xP R0dJTkdfRU5BQkxFRCAqLwogCiAvKiBQcmludCBlcnJvcnMgZXZlbiBpZiBs b2dnaW5nIGlzIGRpc2FibGVkICovCiAjZGVmaW5lIFBUX0VSUihfZiwgX2Eu Li4pICAgZnByaW50Zihsb2dmaWxlLCAiJXM6ICIgX2YsIF9fZnVuY19fLCAj I19hKQo= --=separator Content-Type: application/octet-stream; name="xsa130-qemuu-4.3.patch" Content-Disposition: attachment; filename="xsa130-qemuu-4.3.patch" Content-Transfer-Encoding: base64 eGVuL01TSS1YOiBsaW1pdCBlcnJvciBtZXNzYWdlcyByZXN1bHRpbmcgZnJv bSBiYWQgZ3Vlc3QgYmVoYXZpb3IKCi4uLiB0byBhdm9pZCBhbGxvd2luZyB0 aGUgZ3Vlc3QgdG8gY2F1c2UgdGhlIGNvbnRyb2wgZG9tYWluJ3MgZGlzayB0 bwpmaWxsLgoKVGhlIGZpcnN0IG1lc3NhZ2UgaW4gcGNpX21zaXhfd3JpdGUo KSBjYW4gc2ltcGx5IGJlIGRlbGV0ZWQsIGFzIHRoaXMKaXMgaW5kZWVkIGJh ZCBndWVzdCBiZWhhdmlvciwgYnV0IHN1Y2ggb3V0IG9mIGJvdW5kcyB3cml0 ZXMgZG9uJ3QKcmVhbGx5IG5lZWQgdG8gYmUgbG9nZ2VkLgoKVGhlIHNlY29u ZCBvbmUgaXMgbW9yZSBwcm9ibGVtYXRpYywgYXMgdGhlcmUgZ3Vlc3QgYmVo YXZpb3IgbWF5IG9ubHkKYXBwZWFyIHRvIGJlIHdyb25nOiBGb3Igb25lLCB0 aGUgb2xkIGxvZ2ljIGRpZG4ndCB0YWtlIHRoZSBtYXNrLWFsbCBiaXQKaW50 byBhY2NvdW50LiBBbmQgdGhlbiB0aGlzIHNob3VsZG4ndCBkZXBlbmQgb24g aG9zdCBkZXZpY2Ugc3RhdGUgKGkuZS4KdGhlIGhvc3QgbWF5IGhhdmUgbWFz a2VkIHRoZSBlbnRyeSB3aXRob3V0IHRoZSBndWVzdCBoYXZpbmcgZG9uZSBz bykuClBsdXMgdGhlc2Ugd3JpdGVzIHNob3VsZG4ndCBiZSBkcm9wcGVkIGV2 ZW4gd2hlbiBhbiBlbnRyeSBpcyB1bm1hc2tlZC4KSW5zdGVhZCwgaWYgdGhl eSBjYW4ndCBiZSBtYWRlIHRha2UgZWZmZWN0IHJpZ2h0IGF3YXksIHRoZXkg c2hvdWxkIHRha2UKZWZmZWN0IG9uIHRoZSBuZXh0IHVubWFza2luZyBvciBl bmFibGluZyBvcGVyYXRpb24gLSB0aGUgc3BlY2lmaWNhdGlvbgpleHBsaWNp dGx5IGRlc2NyaWJlcyBzdWNoIGNhY2hpbmcgYmVoYXZpb3IuIFVudGlsIHdl IGNhbiB2YWxpZGx5IGRyb3AKdGhlIG1lc3NhZ2UgKGltcGxlbWVudGluZyBz dWNoIGNhY2hpbmcvbGF0Y2hpbmcgYmVoYXZpb3IpLCBpc3N1ZSB0aGUKbWVz c2FnZSBqdXN0IG9uY2UgcGVyIE1TSS1YIHRhYmxlIGVudHJ5LgoKTm90ZSB0 aGF0IHRoZSBsb2cgbWVzc2FnZSBpbiBwY2lfbXNpeF9yZWFkKCkgc2ltaWxh ciB0byB0aGUgb25lIGJlaW5nCnJlbW92ZWQgaGVyZSBpcyBub3QgYW4gaXNz dWU6ICJhZGRyIiBiZWluZyBvZiB1bnNpZ25lZCB0eXBlLCBhbmQgdGhlCm1h eGltdW0gc2l6ZSBvZiB0aGUgTVNJLVggdGFibGUgYmVpbmcgMzJrLCBlbnRy eV9uciBzaW1wbHkgY2FuJ3QgYmUKbmVnYXRpdmUgYW5kIGhlbmNlIHRoZSBj b25kaXRvbmFsIGd1YXJkaW5nIGlzc3Vpbmcgb2YgdGhlIG1lc3NhZ2Ugd2ls bApuZXZlciBiZSB0cnVlLgoKVGhpcyBpcyBYU0EtMTMwLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbl9wdC5oCisrKyBiL2h3L3hl bl9wdC5oCkBAIC0xNzUsNiArMTc1LDcgQEAgdHlwZWRlZiBzdHJ1Y3QgWGVu UFRNU0lYRW50cnkgewogICAgIHVpbnQzMl90IGRhdGE7CiAgICAgdWludDMy X3QgdmVjdG9yX2N0cmw7CiAgICAgYm9vbCB1cGRhdGVkOyAvKiBpbmRpY2F0 ZSB3aGV0aGVyIE1TSSBBRERSIG9yIERBVEEgaXMgdXBkYXRlZCAqLworICAg IGJvb2wgd2FybmVkOyAgLyogYXZvaWQgaXNzdWluZyAoYm9ndXMpIHdhcm5p bmcgbW9yZSB0aGFuIG9uY2UgKi8KIH0gWGVuUFRNU0lYRW50cnk7CiB0eXBl ZGVmIHN0cnVjdCBYZW5QVE1TSVggewogICAgIHVpbnQzMl90IGN0cmxfb2Zm c2V0OwotLS0gYS9ody94ZW5fcHRfbXNpLmMKKysrIGIvaHcveGVuX3B0X21z aS5jCkBAIC00MzMsMTEgKzQzMywxMCBAQCBzdGF0aWMgdm9pZCBwY2lfbXNp eF93cml0ZSh2b2lkICpvcGFxdWUsCiAgICAgWGVuUENJUGFzc3Rocm91Z2hT dGF0ZSAqcyA9IG9wYXF1ZTsKICAgICBYZW5QVE1TSVggKm1zaXggPSBzLT5t c2l4OwogICAgIFhlblBUTVNJWEVudHJ5ICplbnRyeTsKLSAgICBpbnQgZW50 cnlfbnIsIG9mZnNldDsKKyAgICB1bnNpZ25lZCBpbnQgZW50cnlfbnIsIG9m ZnNldDsKIAogICAgIGVudHJ5X25yID0gYWRkciAvIFBDSV9NU0lYX0VOVFJZ X1NJWkU7Ci0gICAgaWYgKGVudHJ5X25yIDwgMCB8fCBlbnRyeV9uciA+PSBt c2l4LT50b3RhbF9lbnRyaWVzKSB7Ci0gICAgICAgIFhFTl9QVF9FUlIoJnMt PmRldiwgImFza2VkIE1TSS1YIGVudHJ5ICclaScgaW52YWxpZCFcbiIsIGVu dHJ5X25yKTsKKyAgICBpZiAoZW50cnlfbnIgPj0gbXNpeC0+dG90YWxfZW50 cmllcykgewogICAgICAgICByZXR1cm47CiAgICAgfQogICAgIGVudHJ5ID0g Jm1zaXgtPm1zaXhfZW50cnlbZW50cnlfbnJdOwpAQCAtNDU4LDggKzQ1Nywx MSBAQCBzdGF0aWMgdm9pZCBwY2lfbXNpeF93cml0ZSh2b2lkICpvcGFxdWUs CiAgICAgICAgICAgICArIFBDSV9NU0lYX0VOVFJZX1ZFQ1RPUl9DVFJMOwog CiAgICAgICAgIGlmIChtc2l4LT5lbmFibGVkICYmICEoKnZlY19jdHJsICYg UENJX01TSVhfRU5UUllfQ1RSTF9NQVNLQklUKSkgewotICAgICAgICAgICAg WEVOX1BUX0VSUigmcy0+ZGV2LCAiQ2FuJ3QgdXBkYXRlIG1zaXggZW50cnkg JWQgc2luY2UgTVNJLVggaXMiCi0gICAgICAgICAgICAgICAgICAgICAgICIg YWxyZWFkeSBlbmFibGVkLlxuIiwgZW50cnlfbnIpOworICAgICAgICAgICAg aWYgKCFlbnRyeS0+d2FybmVkKSB7CisgICAgICAgICAgICAgICAgZW50cnkt Pndhcm5lZCA9IHRydWU7CisgICAgICAgICAgICAgICAgWEVOX1BUX0VSUigm cy0+ZGV2LCAiQ2FuJ3QgdXBkYXRlIG1zaXggZW50cnkgJWQgc2luY2UgTVNJ LVggaXMiCisgICAgICAgICAgICAgICAgICAgICAgICAgICAiIGFscmVhZHkg ZW5hYmxlZC5cbiIsIGVudHJ5X25yKTsKKyAgICAgICAgICAgIH0KICAgICAg ICAgICAgIHJldHVybjsKICAgICAgICAgfQogCg== --=separator Content-Type: application/octet-stream; name="xsa130-qemuu.patch" Content-Disposition: attachment; filename="xsa130-qemuu.patch" Content-Transfer-Encoding: base64 eGVuL01TSS1YOiBsaW1pdCBlcnJvciBtZXNzYWdlcyByZXN1bHRpbmcgZnJv bSBiYWQgZ3Vlc3QgYmVoYXZpb3IKCi4uLiB0byBhdm9pZCBhbGxvd2luZyB0 aGUgZ3Vlc3QgdG8gY2F1c2UgdGhlIGNvbnRyb2wgZG9tYWluJ3MgZGlzayB0 bwpmaWxsLgoKVGhlIGZpcnN0IG1lc3NhZ2UgaW4gcGNpX21zaXhfd3JpdGUo KSBjYW4gc2ltcGx5IGJlIGRlbGV0ZWQsIGFzIHRoaXMKaXMgaW5kZWVkIGJh ZCBndWVzdCBiZWhhdmlvciwgYnV0IHN1Y2ggb3V0IG9mIGJvdW5kcyB3cml0 ZXMgZG9uJ3QKcmVhbGx5IG5lZWQgdG8gYmUgbG9nZ2VkLgoKVGhlIHNlY29u ZCBvbmUgaXMgbW9yZSBwcm9ibGVtYXRpYywgYXMgdGhlcmUgZ3Vlc3QgYmVo YXZpb3IgbWF5IG9ubHkKYXBwZWFyIHRvIGJlIHdyb25nOiBGb3Igb25lLCB0 aGUgb2xkIGxvZ2ljIGRpZG4ndCB0YWtlIHRoZSBtYXNrLWFsbCBiaXQKaW50 byBhY2NvdW50LiBBbmQgdGhlbiB0aGlzIHNob3VsZG4ndCBkZXBlbmQgb24g aG9zdCBkZXZpY2Ugc3RhdGUgKGkuZS4KdGhlIGhvc3QgbWF5IGhhdmUgbWFz a2VkIHRoZSBlbnRyeSB3aXRob3V0IHRoZSBndWVzdCBoYXZpbmcgZG9uZSBz bykuClBsdXMgdGhlc2Ugd3JpdGVzIHNob3VsZG4ndCBiZSBkcm9wcGVkIGV2 ZW4gd2hlbiBhbiBlbnRyeSBpcyB1bm1hc2tlZC4KSW5zdGVhZCwgaWYgdGhl eSBjYW4ndCBiZSBtYWRlIHRha2UgZWZmZWN0IHJpZ2h0IGF3YXksIHRoZXkg c2hvdWxkIHRha2UKZWZmZWN0IG9uIHRoZSBuZXh0IHVubWFza2luZyBvciBl bmFibGluZyBvcGVyYXRpb24gLSB0aGUgc3BlY2lmaWNhdGlvbgpleHBsaWNp dGx5IGRlc2NyaWJlcyBzdWNoIGNhY2hpbmcgYmVoYXZpb3IuIFVudGlsIHdl IGNhbiB2YWxpZGx5IGRyb3AKdGhlIG1lc3NhZ2UgKGltcGxlbWVudGluZyBz dWNoIGNhY2hpbmcvbGF0Y2hpbmcgYmVoYXZpb3IpLCBpc3N1ZSB0aGUKbWVz c2FnZSBqdXN0IG9uY2UgcGVyIE1TSS1YIHRhYmxlIGVudHJ5LgoKTm90ZSB0 aGF0IHRoZSBsb2cgbWVzc2FnZSBpbiBwY2lfbXNpeF9yZWFkKCkgc2ltaWxh ciB0byB0aGUgb25lIGJlaW5nCnJlbW92ZWQgaGVyZSBpcyBub3QgYW4gaXNz dWU6ICJhZGRyIiBiZWluZyBvZiB1bnNpZ25lZCB0eXBlLCBhbmQgdGhlCm1h eGltdW0gc2l6ZSBvZiB0aGUgTVNJLVggdGFibGUgYmVpbmcgMzJrLCBlbnRy eV9uciBzaW1wbHkgY2FuJ3QgYmUKbmVnYXRpdmUgYW5kIGhlbmNlIHRoZSBj b25kaXRvbmFsIGd1YXJkaW5nIGlzc3Vpbmcgb2YgdGhlIG1lc3NhZ2Ugd2ls bApuZXZlciBiZSB0cnVlLgoKVGhpcyBpcyBYU0EtMTMwLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbi94ZW5fcHQuaAorKysgYi9o dy94ZW4veGVuX3B0LmgKQEAgLTE3NSw2ICsxNzUsNyBAQCB0eXBlZGVmIHN0 cnVjdCBYZW5QVE1TSVhFbnRyeSB7CiAgICAgdWludDMyX3QgZGF0YTsKICAg ICB1aW50MzJfdCB2ZWN0b3JfY3RybDsKICAgICBib29sIHVwZGF0ZWQ7IC8q IGluZGljYXRlIHdoZXRoZXIgTVNJIEFERFIgb3IgREFUQSBpcyB1cGRhdGVk ICovCisgICAgYm9vbCB3YXJuZWQ7ICAvKiBhdm9pZCBpc3N1aW5nIChib2d1 cykgd2FybmluZyBtb3JlIHRoYW4gb25jZSAqLwogfSBYZW5QVE1TSVhFbnRy eTsKIHR5cGVkZWYgc3RydWN0IFhlblBUTVNJWCB7CiAgICAgdWludDMyX3Qg Y3RybF9vZmZzZXQ7Ci0tLSBhL2h3L3hlbi94ZW5fcHRfbXNpLmMKKysrIGIv aHcveGVuL3hlbl9wdF9tc2kuYwpAQCAtNDM0LDExICs0MzQsMTAgQEAgc3Rh dGljIHZvaWQgcGNpX21zaXhfd3JpdGUodm9pZCAqb3BhcXVlLAogICAgIFhl blBDSVBhc3N0aHJvdWdoU3RhdGUgKnMgPSBvcGFxdWU7CiAgICAgWGVuUFRN U0lYICptc2l4ID0gcy0+bXNpeDsKICAgICBYZW5QVE1TSVhFbnRyeSAqZW50 cnk7Ci0gICAgaW50IGVudHJ5X25yLCBvZmZzZXQ7CisgICAgdW5zaWduZWQg aW50IGVudHJ5X25yLCBvZmZzZXQ7CiAKICAgICBlbnRyeV9uciA9IGFkZHIg LyBQQ0lfTVNJWF9FTlRSWV9TSVpFOwotICAgIGlmIChlbnRyeV9uciA8IDAg fHwgZW50cnlfbnIgPj0gbXNpeC0+dG90YWxfZW50cmllcykgewotICAgICAg ICBYRU5fUFRfRVJSKCZzLT5kZXYsICJhc2tlZCBNU0ktWCBlbnRyeSAnJWkn IGludmFsaWQhXG4iLCBlbnRyeV9ucik7CisgICAgaWYgKGVudHJ5X25yID49 IG1zaXgtPnRvdGFsX2VudHJpZXMpIHsKICAgICAgICAgcmV0dXJuOwogICAg IH0KICAgICBlbnRyeSA9ICZtc2l4LT5tc2l4X2VudHJ5W2VudHJ5X25yXTsK QEAgLTQ2MCw4ICs0NTksMTEgQEAgc3RhdGljIHZvaWQgcGNpX21zaXhfd3Jp dGUodm9pZCAqb3BhcXVlLAogICAgICAgICAgICAgKyBQQ0lfTVNJWF9FTlRS WV9WRUNUT1JfQ1RSTDsKIAogICAgICAgICBpZiAobXNpeC0+ZW5hYmxlZCAm JiAhKCp2ZWNfY3RybCAmIFBDSV9NU0lYX0VOVFJZX0NUUkxfTUFTS0JJVCkp IHsKLSAgICAgICAgICAgIFhFTl9QVF9FUlIoJnMtPmRldiwgIkNhbid0IHVw ZGF0ZSBtc2l4IGVudHJ5ICVkIHNpbmNlIE1TSS1YIGlzIgotICAgICAgICAg ICAgICAgICAgICAgICAiIGFscmVhZHkgZW5hYmxlZC5cbiIsIGVudHJ5X25y KTsKKyAgICAgICAgICAgIGlmICghZW50cnktPndhcm5lZCkgeworICAgICAg ICAgICAgICAgIGVudHJ5LT53YXJuZWQgPSB0cnVlOworICAgICAgICAgICAg ICAgIFhFTl9QVF9FUlIoJnMtPmRldiwgIkNhbid0IHVwZGF0ZSBtc2l4IGVu dHJ5ICVkIHNpbmNlIE1TSS1YIGlzIgorICAgICAgICAgICAgICAgICAgICAg ICAgICAgIiBhbHJlYWR5IGVuYWJsZWQuXG4iLCBlbnRyeV9ucik7CisgICAg ICAgICAgICB9CiAgICAgICAgICAgICByZXR1cm47CiAgICAgICAgIH0KIAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoS-0005Uc-P8; Tue, 02 Jun 2015 14:05:04 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoR-0005Tp-9A; Tue, 02 Jun 2015 14:05:03 +0000 Received: from [193.109.254.147] by server-4.bemta-14.messagelabs.com id A7/F3-27764-E08BD655; Tue, 02 Jun 2015 14:05:02 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-5.tower-27.messagelabs.com!1433253899!15017316!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 4184 invoked from network); 2 Jun 2015 14:05:00 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-5.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:05:00 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoG-0006TF-1x; Tue, 02 Jun 2015 14:04:52 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YzmoF-0001rG-Vs; Tue, 02 Jun 2015 14:04:52 +0000 Date: Tue, 02 Jun 2015 14:04:51 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 131 (CVE-2015-4106) - Unmediated PCI register access in qemu X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4106 / XSA-131 version 3 Unmediated PCI register access in qemu UPDATES IN VERSION 3 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Qemu allows guests to not only read, but also write all parts of the PCI config space (but not extended config space) of passed through PCI devices not explicitly dealt with for (partial) emulation purposes. IMPACT ====== Since the effect depends on the specific purpose of the the config space field, it's not possbile to give a general statement about the exact impact on the host or other guests. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa131-qemuu-$n.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa131-qemuu-4.4-1.patch Xen 4.4.x replacement for xsa131-qemuu-1.patch xsa131-qemuu-4.3-$n.patch Xen 4.3.x xsa131-qemut-$n.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x xsa131-qemut-4.2-1.patch Xen 4.2.x replacement for xsa131-qemut-1.patch $ sha256sum xsa131*.patch 2ff4aa092247ff0911d837adc5f4de1ffa8ed32a39eaea9b0bfc4a40b7921b06 xsa131-qemut-1.patch dafa524374d890e517d4e2600a594064b55af645172422b9e81a64b5f4a64575 xsa131-qemut-2.patch b37d3e22ce4410bf0db87217c60a543f0143a23ab0652f1746bd5fe17dbadd70 xsa131-qemut-3.patch b5f0882717129142f11297a62b2ed826da94ce5ed42f6b2ea60f9101b652aed9 xsa131-qemut-4.2-1.patch 3bfc58b6288bafb4c2039265be32c6bd9e048b63a4cae279ead3ec1154af9abe xsa131-qemut-4.patch 60c44b63d2c7bd7e12631db7fd05622d782e1a5ccd7dfa17a1671b36b5ff7bee xsa131-qemut-5.patch 8f2a9c4333155fac670ad3a932703051ce8a47f4f6d3a067458e5ab49da7e93a xsa131-qemut-6.patch ed4facfa80b2ab7ecfc9b232878d3f4d54ad93214c75f4b4af71c8f07a1d04c4 xsa131-qemut-7.patch d400d03ae792699fec9a54bbb6b08c2f5523427ef8af85b0c5ede497ba87f61c xsa131-qemut-8.patch 7a7f294303a8bcf9a316e3e6b8a0511dac3e92dbf7e373b21c94b97835c03f2f xsa131-qemuu-1.patch dc72bd4993fdcea3dc98d18f314da3ac1c7e73e0b99dac325b0e59d0229f67e5 xsa131-qemuu-2.patch 61524a47fd29406ba9a2983ea9cb59e45a56d716d65d78689177d9c8e95f76e6 xsa131-qemuu-3.patch 21493c5db68115d97a6aecf1159ee05023b59545627d7f03d7fdaa238bb3bd27 xsa131-qemuu-4.3-1.patch 5828647db6f090ce6c7ea20f90331008f2a0bba18b3a3a371f2ba9054871a7cb xsa131-qemuu-4.3-2.patch eab05df32e8a7c729cc52affd28b109a8f75cabb8fd4027934059d303b2232fa xsa131-qemuu-4.3-3.patch 8dc95a2a8a45d851476b938e4cab2e65d87b8dc28c721949824ce900552ba489 xsa131-qemuu-4.3-4.patch 7a358fba18ae9c0dde1134564151a97c8e6d6f5982ac74c450f81d2ed8e9d540 xsa131-qemuu-4.3-5.patch fcb77a8d2adde1daf03f8faeb6e92788b2727f5b11563b6f770c74251b0964a4 xsa131-qemuu-4.3-6.patch 79933b2744e7b69c4eb23f3974d242e2592cb4553be115a4aec1c6e30e7564cf xsa131-qemuu-4.3-7.patch bb4021a36a9f36dc0082cfd42869adc737ec4afea92ac1100f0971118174b58c xsa131-qemuu-4.3-8.patch f70516fa38a3d2e0cf906c41e3b7dfd7cf998c9189b232dac20633c7b0d1ab8b xsa131-qemuu-4.4-1.patch 041c82a341755bcbab18f834a0fccf9c031674d956958092cbfa5e64f05b6318 xsa131-qemuu-4.patch 91aeb9c0d3e9a251faf12840e0519a342cfb7e35af3fea429bedb452182fae47 xsa131-qemuu-5.patch 60482fe37fd405032b92de85ed5d333c210c85662b1645016dce2f0053aa6ec0 xsa131-qemuu-6.patch 05fc2e614620449e52a056ce6e5f4033970ade22fde623e3b789fc57b3e4143e xsa131-qemuu-7.patch 358849d7c0dff29bf96f49e56d00c4d7bd4c8d0c71c122a7b3655e10f45cb53b xsa131-qemuu-8.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or migitations is NOT permitted (except on systems used and administered only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployent on public cloud systems is NOT permitted. This is because the altered PCI config space access behavior is visible to guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdZAAoJEIP+FMlX6CvZ1yEIAKWoq6O8Nk8zewvKojXnmt0J irQ4p9uXBDN682d9Vloq+y86PSt5NLs83ZfAHWSkWPkkgyDXy4tmnte9LGMLmVI+ Z7nZs4dsH2bixFMJfqjKWE//py37TIVmI4M37xOgkNV8HTQJ0ZHWgYur5ilNJu9x HJ1duL3//+zkelA+zUQQSNMPvc2OUCSRGW5UVDwn95xJDAgURWe2d6c6bg8yG7T6 ufwO0x1CWTRaVsbLRSCST3NEVl7bxmYR5RBxlBaUIpgzT53aK3XHoiAezjTdK1Ul TiZ3Hb0XVtFbNEz2cCWQBEdQPKYhJjxpUBdRi9zlsiFwHa+lG+CA3i1IcqXIXQo= =tNVc -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa131-qemut-1.patch" Content-Disposition: attachment; filename="xsa131-qemut-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMK KysrIGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTY0OCw3ICs2NDgsNyBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAsCiAgICAgICAgIC5yb19tYXNrICAgID0gMHhGRjhFLAotICAgICAg ICAuZW11X21hc2sgICA9IDB4MDE3RiwKKyAgICAgICAgLmVtdV9tYXNrICAg PSAweDAxN0UsCiAgICAgICAgIC5pbml0ICAgICAgID0gcHRfbXNnY3RybF9y ZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19y ZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHB0X21zZ2N0cmxfcmVnX3dy aXRlLApAQCAtMzkwMSw2ICszOTAxLDkgQEAgc3RhdGljIGludCBwdF9tc2dj dHJsX3JlZ193cml0ZShzdHJ1Y3QgcAogCiAgICAgLyogbW9kaWZ5IGVtdWxh dGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVf bWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOworICAgIC8qIGFs c28gZW11bGF0ZSBNU0lfRU5BQkxFIGJpdCBmb3IgTVNJLUlOVHggdHJhbnNs YXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1zaV90cmFuc19lbikKKyAgICAg ICAgd3JpdGFibGVfbWFzayB8PSBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSAmIHZh bGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwog ICAgIC8qIHVwZGF0ZSB0aGUgbXNpX2luZm8gdG9vICovCiAgICAgcHRkZXYt Pm1zaS0+ZmxhZ3MgfD0gY2ZnX2VudHJ5LT5kYXRhICYKQEAgLTM5MDksNiAr MzkxMiw5IEBAIHN0YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3Ry dWN0IHAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9P IGRldmljZSByZWdpc3RlciAqLwogICAgIHZhbCA9ICp2YWx1ZTsKICAgICB0 aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNr OworICAgIC8qIGRvbid0IHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxFIGJpdCBm b3IgTVNJLUlOVHggdHJhbnNsYXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1z aV90cmFuc19lbikKKyAgICAgICAgdGhyb3VnaGFibGVfbWFzayAmPSB+UENJ X01TSV9GTEFHU19FTkFCTEU7CiAgICAgKnZhbHVlID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAg ICAgLyogdXBkYXRlIE1TSSAqLwpAQCAtMzk1MiwxMiArMzk1OCw2IEBAIHN0 YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAKICAgICAg ICAgfQogICAgIH0KIAotICAgIC8qIHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxF IGJpdCB3aGVuIG5vIE1TSS1JTlR4IHRyYW5zbGF0aW9uICovCi0gICAgaWYg KCFwdGRldi0+bXNpX3RyYW5zX2VuKSB7Ci0gICAgICAgICp2YWx1ZSAmPSB+ UENJX01TSV9GTEFHU19FTkFCTEU7Ci0gICAgICAgICp2YWx1ZSB8PSB2YWwg JiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKLSAgICB9Ci0KICAgICByZXR1cm4g MDsKIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-2.patch" Content-Disposition: attachment; filename="xsa131-qemut-2.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb25zb2xpZGF0ZSBQTSBjYXBhYmlsaXR5IGVtdV9tYXNrCgpU aGVyZSdzIG5vIHBvaW50IGluIHhlbl9wdF9wbWNzcl9yZWdfe3JlYWQsd3Jp dGV9KCkgZWFjaCBPUmluZwpQQ0lfUE1fQ1RSTF9TVEFURV9NQVNLIGFuZCBQ Q0lfUE1fQ1RSTF9OT19TT0ZUX1JFU0VUIGludG8gYSBsb2NhbAplbXVfbWFz ayB2YXJpYWJsZSAtIHdlIGNhbiBoYXZlIHRoZSBzYW1lIGVmZmVjdCBieSBz ZXR0aW5nIHRoZSBmaWVsZApkZXNjcmlwdG9yJ3MgZW11X21hc2sgbWVtYmVy IHN1aXRhYmx5IHJpZ2h0IGF3YXkuIE5vdGUgdGhhdAp4ZW5fcHRfcG1jc3Jf cmVnX3dyaXRlKCkgaXMgYmVpbmcgcmV0YWluZWQgaW4gb3JkZXIgdG8gYWxs b3cgbGF0ZXIKcGF0Y2hlcyB0byBiZSBsZXNzIGludHJ1c2l2ZS4KClRoaXMg aXMgYSBwcmVwYXJhdG9yeSBwYXRjaCBmb3IgWFNBLTEzMS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQt Ynk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFiZWxsaW5pQGV1 LmNpdHJpeC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1w YmVsbEBjaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMKKysr IGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTE3OSw5ICsxNzksNiBAQCBzdGF0 aWMgaW50IHB0X2xvbmdfcmVnX3JlYWQoc3RydWN0IHB0X2RlCiBzdGF0aWMg aW50IHB0X2Jhcl9yZWdfcmVhZChzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKICAg ICBzdHJ1Y3QgcHRfcmVnX3RibCAqY2ZnX2VudHJ5LAogICAgIHVpbnQzMl90 ICp2YWx1ZSwgdWludDMyX3QgdmFsaWRfbWFzayk7Ci1zdGF0aWMgaW50IHB0 X3BtY3NyX3JlZ19yZWFkKHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAotICAgIHN0 cnVjdCBwdF9yZWdfdGJsICpjZmdfZW50cnksCi0gICAgdWludDE2X3QgKnZh bHVlLCB1aW50MTZfdCB2YWxpZF9tYXNrKTsKIHN0YXRpYyBpbnQgcHRfYnl0 ZV9yZWdfd3JpdGUoc3RydWN0IHB0X2RldiAqcHRkZXYsCiAgICAgc3RydWN0 IHB0X3JlZ190YmwgKmNmZ19lbnRyeSwKICAgICB1aW50OF90ICp2YWx1ZSwg dWludDhfdCBkZXZfdmFsdWUsIHVpbnQ4X3QgdmFsaWRfbWFzayk7CkBAIC00 OTQsNyArNDkxLDcgQEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190Ymwg cHRfZW11X3JlZwogICAgICAgICAudS53LndyaXRlICA9IHB0X3dvcmRfcmVn X3dyaXRlLAogICAgICAgICAudS53LnJlc3RvcmUgID0gTlVMTCwKICAgICB9 LAotICAgIC8qIFBDSSBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wvU3RhdHVz IHJlZyAqLworICAgIC8qIFBDSSBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wv U3RhdHVzIHJlZyAoLT5wb3dlcl9tZ210IG9uKSAqLwogICAgIHsKICAgICAg ICAgLm9mZnNldCAgICAgPSBQQ0lfUE1fQ1RSTCwKICAgICAgICAgLnNpemUg ICAgICAgPSAyLApAQCAtNTAyLDcgKzQ5OSwxOSBAQCBzdGF0aWMgc3RydWN0 IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAgICAgIC5yb19tYXNr ICAgID0gMHhFMUZDLAogICAgICAgICAuZW11X21hc2sgICA9IDB4ODEwMCwK ICAgICAgICAgLmluaXQgICAgICAgPSBwdF9wbWNzcl9yZWdfaW5pdCwKLSAg ICAgICAgLnUudy5yZWFkICAgPSBwdF9wbWNzcl9yZWdfcmVhZCwKKyAgICAg ICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19yZWFkLAorICAgICAgICAu dS53LndyaXRlICA9IHB0X3BtY3NyX3JlZ193cml0ZSwKKyAgICAgICAgLnUu dy5yZXN0b3JlICA9IHB0X3BtY3NyX3JlZ19yZXN0b3JlLAorICAgIH0sCisg ICAgLyogUENJIFBvd2VyIE1hbmFnZW1lbnQgQ29udHJvbC9TdGF0dXMgcmVn ICgtPnBvd2VyX21nbXQgb2ZmKSAqLworICAgIHsKKyAgICAgICAgLm9mZnNl dCAgICAgPSBQQ0lfUE1fQ1RSTCwKKyAgICAgICAgLnNpemUgICAgICAgPSAy LAorICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwOCwKKyAgICAgICAgLnJv X21hc2sgICAgPSAweEUxRkMsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHg4 MTBCLAorICAgICAgICAuaW5pdCAgICAgICA9IHB0X3BtY3NyX3JlZ19pbml0 LAorICAgICAgICAudS53LnJlYWQgICA9IHB0X3dvcmRfcmVnX3JlYWQsCiAg ICAgICAgIC51Lncud3JpdGUgID0gcHRfcG1jc3JfcmVnX3dyaXRlLAogICAg ICAgICAudS53LnJlc3RvcmUgID0gcHRfcG1jc3JfcmVnX3Jlc3RvcmUsCiAg ICAgfSwKQEAgLTI5MTksNiArMjkyOCw3IEBAIHN0YXRpYyB1aW50MzJfdCBw dF9wbWNfcmVnX2luaXQoc3RydWN0IHAKICAgICByZXR1cm4gcmVnLT5pbml0 X3ZhbDsKIH0KIAorLyogdGhpcyBmdW5jdGlvbiB3aWxsIGJlIGNhbGxlZCB0 d2ljZSAoZm9yIC0+cG93ZXJfbWdtdCBvbiBhbmQgb2ZmIGNhc2VzKSAqLwog LyogaW5pdGlhbGl6ZSBQQ0kgUG93ZXIgTWFuYWdlbWVudCBDb250cm9sL1N0 YXR1cyByZWdpc3RlciAqLwogc3RhdGljIHVpbnQzMl90IHB0X3BtY3NyX3Jl Z19pbml0KHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAogICAgICAgICBzdHJ1Y3Qg cHRfcmVnX2luZm9fdGJsICpyZWcsIHVpbnQzMl90IHJlYWxfb2Zmc2V0KQpA QCAtMjkyNiw4ICsyOTM2LDIzIEBAIHN0YXRpYyB1aW50MzJfdCBwdF9wbWNz cl9yZWdfaW5pdChzdHJ1Y3QKICAgICBQQ0lEZXZpY2UgKmQgPSAmcHRkZXYt PmRldjsKICAgICB1aW50MTZfdCBjYXBfdmVyICA9IDA7CiAKLSAgICBpZiAo IXB0ZGV2LT5wb3dlcl9tZ210KQotICAgICAgICByZXR1cm4gcmVnLT5pbml0 X3ZhbDsKKyAgICBzd2l0Y2ggKHJlZy0+ZW11X21hc2sgJiAoUENJX1BNX0NU UkxfU1RBVEVfTUFTSyB8CisgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFBDSV9QTV9DVFJMX05PX1NPRlRfUkVTRVQpKQorICAgIHsKKyAgICBjYXNl IDA6CisgICAgICAgIGlmICghcHRkZXYtPnBvd2VyX21nbXQpCisgICAgICAg ICAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7CisgICAgICAgIGJyZWFrOwor ICAgIGNhc2UgUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9QTV9DVFJM X05PX1NPRlRfUkVTRVQ6CisgICAgICAgIGlmICghcHRkZXYtPnBvd2VyX21n bXQpCisgICAgICAgICAgICByZXR1cm4gcmVnLT5pbml0X3ZhbDsKKyAgICAg ICAgcmV0dXJuIFBUX0lOVkFMSURfUkVHOworICAgIGRlZmF1bHQ6CisgICAg ICAgIC8qIGV4aXQgSS9PIGVtdWxhdG9yICovCisgICAgICAgIFBUX0xPRygi SW50ZXJuYWwgZXJyb3I6IEludmFsaWQgUE1DU1IgZW11bGF0aW9uIG1hc2sg JTA0eC4iCisgICAgICAgICAgICAgICAiIEkvTyBlbXVsYXRvciBleGl0Llxu IiwgcmVnLT5lbXVfbWFzayk7CisgICAgICAgIGV4aXQoMSk7CisgICAgfQog CiAgICAgLyogY2hlY2sgUENJIFBvd2VyIE1hbmFnZW1lbnQgc3VwcG9ydCB2 ZXJzaW9uICovCiAgICAgY2FwX3ZlciA9IHB0ZGV2LT5wbV9zdGF0ZS0+cG1j X2ZpZWxkICYgUENJX1BNX0NBUF9WRVJfTUFTSzsKQEAgLTM0MTcsMjQgKzM0 NDIsNiBAQCBzdGF0aWMgaW50IHB0X2Jhcl9yZWdfcmVhZChzdHJ1Y3QgcHRf ZGV2CiB9CiAKIAotLyogcmVhZCBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wv U3RhdHVzIHJlZ2lzdGVyICovCi1zdGF0aWMgaW50IHB0X3BtY3NyX3JlZ19y ZWFkKHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAotICAgICAgICBzdHJ1Y3QgcHRf cmVnX3RibCAqY2ZnX2VudHJ5LAotICAgICAgICB1aW50MTZfdCAqdmFsdWUs IHVpbnQxNl90IHZhbGlkX21hc2spCi17Ci0gICAgc3RydWN0IHB0X3JlZ19p bmZvX3RibCAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7Ci0gICAgdWludDE2X3Qg dmFsaWRfZW11X21hc2sgPSByZWctPmVtdV9tYXNrOwotCi0gICAgaWYgKCFw dGRldi0+cG93ZXJfbWdtdCkKLSAgICAgICAgdmFsaWRfZW11X21hc2sgfD0g UENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9QTV9DVFJMX05PX1NPRlRf UkVTRVQ7Ci0KLSAgICB2YWxpZF9lbXVfbWFzayA9IHZhbGlkX2VtdV9tYXNr ICYgdmFsaWRfbWFzayA7Ci0gICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUo KnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIH52YWxpZF9lbXVfbWFzayk7Ci0K LSAgICByZXR1cm4gMDsKLX0KLQotCiAvKiB3cml0ZSBieXRlIHNpemUgZW11 bGF0ZSByZWdpc3RlciAqLwogc3RhdGljIGludCBwdF9ieXRlX3JlZ193cml0 ZShzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKICAgICAgICAgc3RydWN0IHB0X3Jl Z190YmwgKmNmZ19lbnRyeSwKQEAgLTM3NjgsMjEgKzM3NzUsMTcgQEAgc3Rh dGljIGludCBwdF9wbWNzcl9yZWdfd3JpdGUoc3RydWN0IHB0XwogewogICAg IHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZyA9IGNmZ19lbnRyeS0+cmVn OwogICAgIFBDSURldmljZSAqZCA9ICZwdGRldi0+ZGV2OwotICAgIHVpbnQx Nl90IGVtdV9tYXNrID0gcmVnLT5lbXVfbWFzazsKICAgICB1aW50MTZfdCB3 cml0YWJsZV9tYXNrID0gMDsKICAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9t YXNrID0gMDsKICAgICBzdHJ1Y3QgcHRfcG1faW5mbyAqcG1fc3RhdGUgPSBw dGRldi0+cG1fc3RhdGU7CiAgICAgdWludDE2X3QgcmVhZF92YWwgPSAwOwog Ci0gICAgaWYgKCFwdGRldi0+cG93ZXJfbWdtdCkKLSAgICAgICAgZW11X21h c2sgfD0gUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9QTV9DVFJMX05P X1NPRlRfUkVTRVQ7Ci0KICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3Rl ciAqLwotICAgIHdyaXRhYmxlX21hc2sgPSBlbXVfbWFzayAmIH5yZWctPnJv X21hc2sgJiB2YWxpZF9tYXNrOworICAgIHdyaXRhYmxlX21hc2sgPSByZWct PmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7CiAgICAg Y2ZnX2VudHJ5LT5kYXRhID0gUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdf ZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwogCiAgICAgLyogY3JlYXRl IHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8K LSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfmVtdV9tYXNrICYgdmFsaWRfbWFz azsKKyAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2 YWxpZF9tYXNrOwogICAgICp2YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1 ZSwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIGlmICgh cHRkZXYtPnBvd2VyX21nbXQpCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemut-3.patch" Content-Disposition: attachment; filename="xsa131-qemut-3.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb3JyZWN0bHkgaGFuZGxlIFBNIHN0YXR1cyBiaXQKCnhlbl9w dF9wbWNzcl9yZWdfd3JpdGUoKSBuZWVkcyBhbiBhZGp1c3RtZW50IHRvIGRl YWwgd2l0aCB0aGUgUlcxQwpuYXR1cmUgb2YgdGhlIG5vdCBwYXNzZWQgdGhy b3VnaCBiaXQgMTUgKFBDSV9QTV9DVFJMX1BNRV9TVEFUVVMpLgoKVGhpcyBp cyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0EtMTMxLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5jCisrKyBi L2h3L3Bhc3MtdGhyb3VnaC5jCkBAIC0zNzg2LDcgKzM3ODYsOCBAQCBzdGF0 aWMgaW50IHB0X3BtY3NyX3JlZ193cml0ZShzdHJ1Y3QgcHRfCiAKICAgICAv KiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdp c3RlciAqLwogICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFz ayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUo KnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOworICAgICp2 YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlICYgflBD SV9QTV9DVFJMX1BNRV9TVEFUVVMsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICBpZiAoIXB0ZGV2LT5w b3dlcl9tZ210KQogICAgICAgICByZXR1cm4gMDsK --=separator Content-Type: application/octet-stream; name="xsa131-qemut-4.2-1.patch" Content-Disposition: attachment; filename="xsa131-qemut-4.2-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMK KysrIGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTY0OCw3ICs2NDgsNyBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAsCiAgICAgICAgIC5yb19tYXNrICAgID0gMHhGRjhFLAotICAgICAg ICAuZW11X21hc2sgICA9IDB4MDE3RiwKKyAgICAgICAgLmVtdV9tYXNrICAg PSAweDAxN0UsCiAgICAgICAgIC5pbml0ICAgICAgID0gcHRfbXNnY3RybF9y ZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19y ZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHB0X21zZ2N0cmxfcmVnX3dy aXRlLApAQCAtMzg5OSw2ICszODk5LDkgQEAgc3RhdGljIGludCBwdF9tc2dj dHJsX3JlZ193cml0ZShzdHJ1Y3QgcAogCiAgICAgLyogbW9kaWZ5IGVtdWxh dGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVf bWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOworICAgIC8qIGFs c28gZW11bGF0ZSBNU0lfRU5BQkxFIGJpdCBmb3IgTVNJLUlOVHggdHJhbnNs YXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1zaV90cmFuc19lbikKKyAgICAg ICAgd3JpdGFibGVfbWFzayB8PSBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSAmIHZh bGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwog ICAgIC8qIHVwZGF0ZSB0aGUgbXNpX2luZm8gdG9vICovCiAgICAgcHRkZXYt Pm1zaS0+ZmxhZ3MgfD0gY2ZnX2VudHJ5LT5kYXRhICYKQEAgLTM5MDcsNiAr MzkxMCw5IEBAIHN0YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3Ry dWN0IHAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9P IGRldmljZSByZWdpc3RlciAqLwogICAgIHZhbCA9ICp2YWx1ZTsKICAgICB0 aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNr OworICAgIC8qIGRvbid0IHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxFIGJpdCBm b3IgTVNJLUlOVHggdHJhbnNsYXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1z aV90cmFuc19lbikKKyAgICAgICAgdGhyb3VnaGFibGVfbWFzayAmPSB+UENJ X01TSV9GTEFHU19FTkFCTEU7CiAgICAgKnZhbHVlID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAg ICAgLyogdXBkYXRlIE1TSSAqLwpAQCAtMzk0NiwxMiArMzk1Miw2IEBAIHN0 YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAKICAgICBl bHNlCiAgICAgICAgIHB0ZGV2LT5tc2ktPmZsYWdzICY9IH5QQ0lfTVNJX0ZM QUdTX0VOQUJMRTsKIAotICAgIC8qIHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxF IGJpdCB3aGVuIG5vIE1TSS1JTlR4IHRyYW5zbGF0aW9uICovCi0gICAgaWYg KCFwdGRldi0+bXNpX3RyYW5zX2VuKSB7Ci0gICAgICAgICp2YWx1ZSAmPSB+ UENJX01TSV9GTEFHU19FTkFCTEU7Ci0gICAgICAgICp2YWx1ZSB8PSB2YWwg JiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKLSAgICB9Ci0KICAgICByZXR1cm4g MDsKIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-4.patch" Content-Disposition: attachment; filename="xsa131-qemut-4.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBzcGxpdCBvdXQgY2FsY3VsYXRpb24gb2YgdGhyb3VnaGFibGUg bWFzayBpbiBQQ0kgY29uZmlnIHNwYWNlIGhhbmRsaW5nCgpUaGlzIGlzIGp1 c3QgdG8gYXZvaWQgaGF2aW5nIHRvIGFkanVzdCB0aGF0IGNhbGN1bGF0aW9u IGxhdGVyIGluCm11bHRpcGxlIHBsYWNlcy4KCk5vdGUgdGhhdCBpbmNsdWRp bmcgLT5yb19tYXNrIGluIGdldF90aHJvdWdoYWJsZV9tYXNrKCkncyBjYWxj dWxhdGlvbgppcyBvbmx5IGFuIGFwcGFyZW50IChpLmUuIGJlbmlnbikgYmVo YXZpb3JhbCBjaGFuZ2U6IEZvciByL28gZmllbGRzIGl0CmRvZXNuJ3QgbWF0 dGVyID4gd2hldGhlciB0aGV5IGdldCBwYXNzZWQgdGhyb3VnaCAtIGVpdGhl ciB0aGUgc2FtZSBmbGFnCmlzIGFsc28gc2V0IGluIGVtdV9tYXNrICh0aGVu IHRoZXJlJ3Mgbm8gY2hhbmdlIGF0IGFsbCkgb3IgdGhlIGZpZWxkIGlzCnIv byBpbiBoYXJkd2FyZSAoYW5kIGhlbmNlIGEgd3JpdGUgd29uJ3QgY2hhbmdl IGl0IGFueXdheSkuCgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9y IFhTQS0xMzEuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0 ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpSZXZpZXdlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cgot LS0gYS9ody9wYXNzLXRocm91Z2guYworKysgYi9ody9wYXNzLXRocm91Z2gu YwpAQCAtMzQ0Miw2ICszNDQyLDE1IEBAIHN0YXRpYyBpbnQgcHRfYmFyX3Jl Z19yZWFkKHN0cnVjdCBwdF9kZXYKIH0KIAogCitzdGF0aWMgdWludDMyX3Qg Z2V0X3Rocm91Z2hhYmxlX21hc2soY29uc3Qgc3RydWN0IHB0X2RldiAqcHRk ZXYsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29u c3Qgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHVpbnQzMl90IHZhbGlkX21hc2sp Cit7CisgICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IH4ocmVnLT5l bXVfbWFzayB8IHJlZy0+cm9fbWFzayk7CisKKyAgICByZXR1cm4gdGhyb3Vn aGFibGVfbWFzayAmIHZhbGlkX21hc2s7Cit9CisKIC8qIHdyaXRlIGJ5dGUg c2l6ZSBlbXVsYXRlIHJlZ2lzdGVyICovCiBzdGF0aWMgaW50IHB0X2J5dGVf cmVnX3dyaXRlKHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAogICAgICAgICBzdHJ1 Y3QgcHRfcmVnX3RibCAqY2ZnX2VudHJ5LApAQCAtMzQ0OSwxNCArMzQ1OCwx MyBAQCBzdGF0aWMgaW50IHB0X2J5dGVfcmVnX3dyaXRlKHN0cnVjdCBwdF9k CiB7CiAgICAgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnID0gY2ZnX2Vu dHJ5LT5yZWc7CiAgICAgdWludDhfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAg ICB1aW50OF90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQ4X3Qg dGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHB0ZGV2 LCByZWcsIHZhbGlkX21hc2spOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUg cmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVfbWFz ayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOwogICAgIGNmZ19lbnRy eS0+ZGF0YSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgY2ZnX2VudHJ5LT5k YXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBm b3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAgdGhy b3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRfbWFzazsK ICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRldl92YWx1 ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICByZXR1cm4gMDsKQEAgLTM0 NjksMTQgKzM0NzcsMTMgQEAgc3RhdGljIGludCBwdF93b3JkX3JlZ193cml0 ZShzdHJ1Y3QgcHRfZAogewogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190Ymwg KnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQxNl90IHdyaXRhYmxl X21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAw OworICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3Vn aGFibGVfbWFzayhwdGRldiwgcmVnLCB2YWxpZF9tYXNrKTsKIAogICAgIC8q IG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAgICAgd3JpdGFibGVfbWFz ayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19tYXNrICYgdmFsaWRfbWFz azsKICAgICBjZmdfZW50cnktPmRhdGEgPSBQVF9NRVJHRV9WQUxVRSgqdmFs dWUsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAv KiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdp c3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFz ayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUo KnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAgICAg cmV0dXJuIDA7CkBAIC0zNDg5LDE0ICszNDk2LDEzIEBAIHN0YXRpYyBpbnQg cHRfbG9uZ19yZWdfd3JpdGUoc3RydWN0IHB0X2QKIHsKICAgICBzdHJ1Y3Qg cHRfcmVnX2luZm9fdGJsICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1 aW50MzJfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJv dWdoYWJsZV9tYXNrID0gMDsKKyAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9t YXNrID0gZ2V0X3Rocm91Z2hhYmxlX21hc2socHRkZXYsIHJlZywgdmFsaWRf bWFzayk7CiAKICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwog ICAgIHdyaXRhYmxlX21hc2sgPSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9f bWFzayAmIHZhbGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRf TUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxl X21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRv IEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNr ID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWx1ZSA9 IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJs ZV9tYXNrKTsKIAogICAgIHJldHVybiAwOwpAQCAtMzUwOSw3ICszNTE1LDcg QEAgc3RhdGljIGludCBwdF9jbWRfcmVnX3dyaXRlKHN0cnVjdCBwdF9kZQog ewogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZyA9IGNmZ19lbnRy eS0+cmVnOwogICAgIHVpbnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAg IHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90 IHRocm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhwdGRl diwgcmVnLCB2YWxpZF9tYXNrKTsKICAgICB1aW50MTZfdCB3cl92YWx1ZSA9 ICp2YWx1ZTsKIAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICov CkBAIC0zNTE3LDggKzM1MjMsNiBAQCBzdGF0aWMgaW50IHB0X2NtZF9yZWdf d3JpdGUoc3RydWN0IHB0X2RlCiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRf TUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxl X21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRv IEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNr ID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotCiAgICAgaWYgKCp2 YWx1ZSAmIFBDSV9DT01NQU5EX0RJU0FCTEVfSU5UeCkKICAgICB7CiAgICAg ICAgIGlmIChwdGRldi0+bXNpX3RyYW5zX2VuKQpAQCAtMzU2NCw3ICszNTY4 LDYgQEAgc3RhdGljIGludCBwdF9iYXJfcmVnX3dyaXRlKHN0cnVjdCBwdF9k ZQogICAgIFBDSURldmljZSAqZCA9IChQQ0lEZXZpY2UgKikmcHRkZXYtPmRl djsKICAgICBQQ0lJT1JlZ2lvbiAqcjsKICAgICB1aW50MzJfdCB3cml0YWJs ZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0g MDsKICAgICB1aW50MzJfdCBiYXJfZW11X21hc2sgPSAwOwogICAgIHVpbnQz Ml90IGJhcl9yb19tYXNrID0gMDsKICAgICB1aW50MzJfdCBuZXdfYWRkciwg bGFzdF9hZGRyOwpAQCAtMzY5MSw4ICszNjk0LDcgQEAgc3RhdGljIGludCBw dF9iYXJfcmVnX3dyaXRlKHN0cnVjdCBwdF9kZQogCiBleGl0OgogICAgIC8q IGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lz dGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5iYXJfZW11X21hc2sg JiB2YWxpZF9tYXNrOwotICAgICp2YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2 YWx1ZSwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKKyAgICAqdmFs dWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRldl92YWx1ZSwgMCk7CiAK ICAgICAvKiBBZnRlciBCQVIgcmVnIHVwZGF0ZSwgd2UgbmVlZCB0byByZW1h cCBCQVIqLwogICAgIHJlZ19ncnBfZW50cnkgPSBwdF9maW5kX3JlZ19ncnAo cHRkZXYsIFBDSV9DT01NQU5EKTsKQEAgLTM3MTksOSArMzcyMSw4IEBAIHN0 YXRpYyBpbnQgcHRfZXhwX3JvbV9iYXJfcmVnX3dyaXRlKHN0cnUKICAgICBQ Q0lEZXZpY2UgKmQgPSAoUENJRGV2aWNlICopJnB0ZGV2LT5kZXY7CiAgICAg UENJSU9SZWdpb24gKnI7CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFzayA9 IDA7Ci0gICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAg dWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9t YXNrKHB0ZGV2LCByZWcsIHZhbGlkX21hc2spOwogICAgIHVpbnQzMl90IHJf c2l6ZSA9IDA7Ci0gICAgdWludDMyX3QgYmFyX2VtdV9tYXNrID0gMDsKICAg ICB1aW50MzJfdCBiYXJfcm9fbWFzayA9IDA7CiAKICAgICByID0gJmQtPmlv X3JlZ2lvbnNbUENJX1JPTV9TTE9UXTsKQEAgLTM3MzEsNyArMzczMiw2IEBA IHN0YXRpYyBpbnQgcHRfZXhwX3JvbV9iYXJfcmVnX3dyaXRlKHN0cnUKICAg ICBQVF9HRVRfRU1VTF9TSVpFKGJhc2UtPmJhcl9mbGFnLCByX3NpemUpOwog CiAgICAgLyogc2V0IGVtdWxhdGUgbWFzayBhbmQgcmVhZC1vbmx5IG1hc2sg Ki8KLSAgICBiYXJfZW11X21hc2sgPSByZWctPmVtdV9tYXNrOwogICAgIGJh cl9yb19tYXNrID0gKHJlZy0+cm9fbWFzayB8IChyX3NpemUgLSAxKSkgJiB+ UENJX1JPTV9BRERSRVNTX0VOQUJMRTsKIAogICAgIC8qIG1vZGlmeSBlbXVs YXRlIHJlZ2lzdGVyICovCkBAIC0zNzUxLDcgKzM3NTEsNiBAQCBzdGF0aWMg aW50IHB0X2V4cF9yb21fYmFyX3JlZ193cml0ZShzdHJ1CiAgICAgICAgIHIt PmFkZHIgPSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFs dWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAg IHRocm91Z2hhYmxlX21hc2sgPSB+YmFyX2VtdV9tYXNrICYgdmFsaWRfbWFz azsKICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRldl92 YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiBBZnRlciBCQVIg cmVnIHVwZGF0ZSwgd2UgbmVlZCB0byByZW1hcCBCQVIqLwpAQCAtMzc3Niw3 ICszNzc1LDcgQEAgc3RhdGljIGludCBwdF9wbWNzcl9yZWdfd3JpdGUoc3Ry dWN0IHB0XwogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZyA9IGNm Z19lbnRyeS0+cmVnOwogICAgIFBDSURldmljZSAqZCA9ICZwdGRldi0+ZGV2 OwogICAgIHVpbnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQx Nl90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90IHRocm91 Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhwdGRldiwgcmVn LCB2YWxpZF9tYXNrKTsKICAgICBzdHJ1Y3QgcHRfcG1faW5mbyAqcG1fc3Rh dGUgPSBwdGRldi0+cG1fc3RhdGU7CiAgICAgdWludDE2X3QgcmVhZF92YWwg PSAwOwogCkBAIC0zNzg1LDcgKzM3ODQsNiBAQCBzdGF0aWMgaW50IHB0X3Bt Y3NyX3JlZ193cml0ZShzdHJ1Y3QgcHRfCiAgICAgY2ZnX2VudHJ5LT5kYXRh ID0gUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdy aXRhYmxlX21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0 aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJs ZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2 YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlICYgflBD SV9QTV9DVFJMX1BNRV9TVEFUVVMsCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdGhyb3VnaGFibGVfbWFzayk7CiAKQEAgLTM4OTQsNyArMzg5Miw3 IEBAIHN0YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAK IHsKICAgICBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsICpyZWcgPSBjZmdfZW50 cnktPnJlZzsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAg ICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKKyAgICB1aW50MTZf dCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Rocm91Z2hhYmxlX21hc2socHRk ZXYsIHJlZywgdmFsaWRfbWFzayk7CiAgICAgdWludDE2X3Qgb2xkX2N0cmwg PSBjZmdfZW50cnktPmRhdGE7CiAgICAgUENJRGV2aWNlICpwZCA9IChQQ0lE ZXZpY2UgKilwdGRldjsKICAgICB1aW50MTZfdCB2YWw7CkBAIC0zOTA2LDgg KzM5MDQsMTAgQEAgc3RhdGljIGludCBwdF9tc2djdHJsX3JlZ193cml0ZShz dHJ1Y3QgcAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAg ICAgd3JpdGFibGVfbWFzayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19t YXNrICYgdmFsaWRfbWFzazsKICAgICAvKiBhbHNvIGVtdWxhdGUgTVNJX0VO QUJMRSBiaXQgZm9yIE1TSS1JTlR4IHRyYW5zbGF0aW9uICovCi0gICAgaWYg KHB0ZGV2LT5tc2lfdHJhbnNfZW4pCisgICAgaWYgKHB0ZGV2LT5tc2lfdHJh bnNfZW4pIHsKICAgICAgICAgd3JpdGFibGVfbWFzayB8PSBQQ0lfTVNJX0ZM QUdTX0VOQUJMRSAmIHZhbGlkX21hc2s7CisgICAgICAgIHRocm91Z2hhYmxl X21hc2sgJj0gflBDSV9NU0lfRkxBR1NfRU5BQkxFOworICAgIH0KICAgICBj ZmdfZW50cnktPmRhdGEgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGNmZ19l bnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAgICAgLyogdXBkYXRlIHRo ZSBtc2lfaW5mbyB0b28gKi8KICAgICBwdGRldi0+bXNpLT5mbGFncyB8PSBj ZmdfZW50cnktPmRhdGEgJgpAQCAtMzkxNSwxMCArMzkxNSw2IEBAIHN0YXRp YyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAKIAogICAgIC8q IGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lz dGVyICovCiAgICAgdmFsID0gKnZhbHVlOwotICAgIHRocm91Z2hhYmxlX21h c2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgLyogZG9u J3QgcGFzcyB0aHJvdWdoIE1TSV9FTkFCTEUgYml0IGZvciBNU0ktSU5UeCB0 cmFuc2xhdGlvbiAqLwotICAgIGlmIChwdGRldi0+bXNpX3RyYW5zX2VuKQot ICAgICAgICB0aHJvdWdoYWJsZV9tYXNrICY9IH5QQ0lfTVNJX0ZMQUdTX0VO QUJMRTsKICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiB1cGRhdGUg TVNJICovCkBAIC0zOTcyLDcgKzM5NjgsNiBAQCBzdGF0aWMgaW50IHB0X21z Z2FkZHIzMl9yZWdfd3JpdGUoc3RydWN0CiB7CiAgICAgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDMy X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDMyX3QgdGhyb3VnaGFi bGVfbWFzayA9IDA7CiAgICAgdWludDMyX3Qgb2xkX2FkZHIgPSBjZmdfZW50 cnktPmRhdGE7CiAKICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAq LwpAQCAtMzk4Miw4ICszOTc3LDcgQEAgc3RhdGljIGludCBwdF9tc2dhZGRy MzJfcmVnX3dyaXRlKHN0cnVjdAogICAgIHB0ZGV2LT5tc2ktPmFkZHJfbG8g PSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9y IHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91 Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0g ICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBkZXZfdmFsdWUs IHRocm91Z2hhYmxlX21hc2spOworICAgICp2YWx1ZSA9IFBUX01FUkdFX1ZB TFVFKCp2YWx1ZSwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBN U0kgKi8KICAgICBpZiAoY2ZnX2VudHJ5LT5kYXRhICE9IG9sZF9hZGRyKQpA QCAtNDAwMiw3ICszOTk2LDYgQEAgc3RhdGljIGludCBwdF9tc2dhZGRyNjRf cmVnX3dyaXRlKHN0cnVjdAogewogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190 YmwgKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQzMl90IHdyaXRh YmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21hc2sg PSAwOwogICAgIHVpbnQzMl90IG9sZF9hZGRyID0gY2ZnX2VudHJ5LT5kYXRh OwogCiAgICAgLyogY2hlY2sgd2hldGhlciB0aGUgdHlwZSBpcyA2NCBiaXQg b3Igbm90ICovCkBAIC00MDIwLDggKzQwMTMsNyBAQCBzdGF0aWMgaW50IHB0 X21zZ2FkZHI2NF9yZWdfd3JpdGUoc3RydWN0CiAgICAgcHRkZXYtPm1zaS0+ YWRkcl9oaSA9IGNmZ19lbnRyeS0+ZGF0YTsKIAogICAgIC8qIGNyZWF0ZSB2 YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0g ICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRf bWFzazsKLSAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CisgICAgKnZhbHVlID0gUFRf TUVSR0VfVkFMVUUoKnZhbHVlLCBkZXZfdmFsdWUsIDApOwogCiAgICAgLyog dXBkYXRlIE1TSSAqLwogICAgIGlmIChjZmdfZW50cnktPmRhdGEgIT0gb2xk X2FkZHIpCkBAIC00MDQxLDcgKzQwMzMsNiBAQCBzdGF0aWMgaW50IHB0X21z Z2RhdGFfcmVnX3dyaXRlKHN0cnVjdCBwCiB7CiAgICAgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDE2 X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3VnaGFi bGVfbWFzayA9IDA7CiAgICAgdWludDE2X3Qgb2xkX2RhdGEgPSBjZmdfZW50 cnktPmRhdGE7CiAgICAgdWludDMyX3QgZmxhZ3MgPSBwdGRldi0+bXNpLT5m bGFnczsKICAgICB1aW50MzJfdCBvZmZzZXQgPSByZWctPm9mZnNldDsKQEAg LTQwNjIsOCArNDA1Myw3IEBAIHN0YXRpYyBpbnQgcHRfbXNnZGF0YV9yZWdf d3JpdGUoc3RydWN0IHAKICAgICBwdGRldi0+bXNpLT5kYXRhID0gY2ZnX2Vu dHJ5LT5kYXRhOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5n IHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9t YXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWx1 ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlLCB0aHJvdWdo YWJsZV9tYXNrKTsKKyAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFs dWUsIGRldl92YWx1ZSwgMCk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCiAg ICAgaWYgKGNmZ19lbnRyeS0+ZGF0YSAhPSBvbGRfZGF0YSkKQEAgLTQwODIs NyArNDA3Miw3IEBAIHN0YXRpYyBpbnQgcHRfbXNpeGN0cmxfcmVnX3dyaXRl KHN0cnVjdCAKIHsKICAgICBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsICpyZWcg PSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNr ID0gMDsKLSAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKKyAg ICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Rocm91Z2hhYmxl X21hc2socHRkZXYsIHJlZywgdmFsaWRfbWFzayk7CiAgICAgdWludDE2X3Qg b2xkX2N0cmwgPSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBtb2RpZnkg ZW11bGF0ZSByZWdpc3RlciAqLwpAQCAtNDA5MCw3ICs0MDgwLDYgQEAgc3Rh dGljIGludCBwdF9tc2l4Y3RybF9yZWdfd3JpdGUoc3RydWN0IAogICAgIGNm Z19lbnRyeS0+ZGF0YSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgY2ZnX2Vu dHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNyZWF0ZSB2 YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0g ICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRf bWFzazsKICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiB1cGRhdGUg TVNJLVggKi8K --=separator Content-Type: application/octet-stream; name="xsa131-qemut-5.patch" Content-Disposition: attachment; filename="xsa131-qemut-5.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIGFsbCBQQ0llIGNhcGFiaWxpdHkgYml0cyByZWFkLW9u bHkKCnhlbl9wdF9lbXVfcmVnX3BjaWVbXSdzIFBDSV9FWFBfREVWQ0FQIG5l ZWRzIHRvIGNvdmVyIGFsbCBiaXRzIGFzIHJlYWQtCm9ubHkgdG8gYXZvaWQg dW5pbnRlbmRlZCB3cml0ZS1iYWNrIChqdXN0IGEgcHJlY2F1dGlvbiwgdGhl IGZpZWxkIG91Z2h0CnRvIGJlIHJlYWQtb25seSBpbiBoYXJkd2FyZSkuCgpU aGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpTaWdu ZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMK KysrIGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTU3Nyw3ICs1NzcsNyBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5vZmZzZXQgICAgID0gUENJX0VYUF9ERVZDQVAsCiAgICAgICAgIC5z aXplICAgICAgID0gNCwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAw MDAwLAotICAgICAgICAucm9fbWFzayAgICA9IDB4MUZGQ0ZGRkYsCisgICAg ICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZGRiwKICAgICAgICAgLmVtdV9t YXNrICAgPSAweDEwMDAwMDAwLAogICAgICAgICAuaW5pdCAgICAgICA9IHB0 X2NvbW1vbl9yZWdfaW5pdCwKICAgICAgICAgLnUuZHcucmVhZCAgPSBwdF9s b25nX3JlZ19yZWFkLAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-6.patch" Content-Disposition: attachment; filename="xsa131-qemut-6.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIHJlc2VydmVkIGJpdHMgaW4gUENJIGNvbmZpZyBzcGFj ZSBmaWVsZHMKClRoZSBhZGp1c3RtZW50cyBhcmUgc29sZWx5IHRvIG1ha2Ug dGhlIHN1YnNlcXVlbnQgcGF0Y2hlcyB3b3JrIHJpZ2h0CihhbmQgaGVuY2Ug bWFrZSB0aGUgcGF0Y2ggc2V0IGNvbnNpc3RlbnQpLCBuYW1lbHkgaWYgcGVy bWlzc2l2ZSBtb2RlCihpbnRyb2R1Y2VkIGJ5IHRoZSBsYXN0IHBhdGNoKSBn ZXRzIHVzZWQgKGFzIGJvdGggcmVzZXJ2ZWQgcmVnaXN0ZXJzCmFuZCByZXNl cnZlZCBmaWVsZHMgbXVzdCBiZSBzaW1pbGFybHkgcHJvdGVjdGVkIGZyb20g Z3Vlc3QgYWNjZXNzIGluCmRlZmF1bHQgbW9kZSwgYnV0IHRoZSBndWVzdCBz aG91bGQgYmUgYWxsb3dlZCBhY2Nlc3MgdG8gdGhlbSBpbgpwZXJtaXNzaXZl IG1vZGUpLgoKVGhpcyBpcyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMKKysrIGIvaHcvcGFz cy10aHJvdWdoLmMKQEAgLTI4Myw3ICsyODMsNyBAQCBzdGF0aWMgc3RydWN0 IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAgICAgIC5vZmZzZXQg ICAgID0gUENJX0NPTU1BTkQsCiAgICAgICAgIC5zaXplICAgICAgID0gMiwK ICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAsCi0gICAgICAgIC5yb19t YXNrICAgID0gMHhGODgwLAorICAgICAgICAucmVzX21hc2sgICA9IDB4Rjg4 MCwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDA3NDMsCiAgICAgICAgIC5p bml0ICAgICAgID0gcHRfY29tbW9uX3JlZ19pbml0LAogICAgICAgICAudS53 LnJlYWQgICA9IHB0X3dvcmRfcmVnX3JlYWQsCkBAIC0zMTAsNyArMzEwLDgg QEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwog ICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9TVEFUVVMsCiAgICAgICAgIC5z aXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAs Ci0gICAgICAgIC5yb19tYXNrICAgID0gMHgwNkZGLAorICAgICAgICAucmVz X21hc2sgICA9IDB4MDAwNywKKyAgICAgICAgLnJvX21hc2sgICAgPSAweDA2 RjgsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDEwLAogICAgICAgICAu aW5pdCAgICAgICA9IHB0X3N0YXR1c19yZWdfaW5pdCwKICAgICAgICAgLnUu dy5yZWFkICAgPSBwdF93b3JkX3JlZ19yZWFkLApAQCAtNDk2LDcgKzQ5Nyw4 IEBAIHN0YXRpYyBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsIHB0X2VtdV9yZWcK ICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfUE1fQ1RSTCwKICAgICAgICAg LnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAw OCwKLSAgICAgICAgLnJvX21hc2sgICAgPSAweEUxRkMsCisgICAgICAgIC5y ZXNfbWFzayAgID0gMHgwMEYwLAorICAgICAgICAucm9fbWFzayAgICA9IDB4 RTEwQywKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDgxMDAsCiAgICAgICAg IC5pbml0ICAgICAgID0gcHRfcG1jc3JfcmVnX2luaXQsCiAgICAgICAgIC51 LncucmVhZCAgID0gcHRfd29yZF9yZWdfcmVhZCwKQEAgLTUwOCw3ICs1MTAs OCBAQCBzdGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVn CiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX1BNX0NUUkwsCiAgICAgICAg IC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAw MDgsCi0gICAgICAgIC5yb19tYXNrICAgID0gMHhFMUZDLAorICAgICAgICAu cmVzX21hc2sgICA9IDB4MDBGMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eEUxMEMsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHg4MTBCLAogICAgICAg ICAuaW5pdCAgICAgICA9IHB0X3BtY3NyX3JlZ19pbml0LAogICAgICAgICAu dS53LnJlYWQgICA9IHB0X3dvcmRfcmVnX3JlYWQsCkBAIC02NTYsNyArNjU5 LDggQEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3Jl ZwogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfRkxBR1MsIC8vIDIK ICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwg ICA9IDB4MDAwMCwKLSAgICAgICAgLnJvX21hc2sgICAgPSAweEZGOEUsCisg ICAgICAgIC5yZXNfbWFzayAgID0gMHhGRTAwLAorICAgICAgICAucm9fbWFz ayAgICA9IDB4MDE4RSwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDAxN0Us CiAgICAgICAgIC5pbml0ICAgICAgID0gcHRfbXNnY3RybF9yZWdfaW5pdCwK ICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19yZWFkLApAQCAt Nzc5LDcgKzc4Myw4IEBAIHN0YXRpYyBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJs IHB0X2VtdV9yZWcKICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfTVNJX0ZM QUdTLCAvLyAyCiAgICAgICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAg LmluaXRfdmFsICAgPSAweDAwMDAsCi0gICAgICAgIC5yb19tYXNrICAgID0g MHgzRkZGLAorICAgICAgICAucmVzX21hc2sgICA9IDB4MzgwMCwKKyAgICAg ICAgLnJvX21hc2sgICAgPSAweDA3RkYsCiAgICAgICAgIC5lbXVfbWFzayAg ID0gMHgwMDAwLAogICAgICAgICAuaW5pdCAgICAgICA9IHB0X21zaXhjdHJs X3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9IHB0X3dvcmRfcmVn X3JlYWQsCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5oCisrKyBiL2h3L3Bhc3Mt dGhyb3VnaC5oCkBAIC0zNzYsNiArMzc2LDggQEAgc3RydWN0IHB0X3JlZ19p bmZvX3RibCB7CiAgICAgdWludDMyX3Qgc2l6ZTsKICAgICAvKiByZWcgaW5p dGlhbCB2YWx1ZSAqLwogICAgIHVpbnQzMl90IGluaXRfdmFsOworICAgIC8q IHJlZyByZXNlcnZlZCBmaWVsZCBtYXNrIChPTjpyZXNlcnZlZCwgT0ZGOmRl ZmluZWQpICovCisgICAgdWludDMyX3QgcmVzX21hc2s7CiAgICAgLyogcmVn IHJlYWQgb25seSBmaWVsZCBtYXNrIChPTjpSTy9ST1MsIE9GRjpvdGhlcikg Ki8KICAgICB1aW50MzJfdCByb19tYXNrOwogICAgIC8qIHJlZyBlbXVsYXRl IGZpZWxkIG1hc2sgKE9OOmVtdSwgT0ZGOnBhc3N0aHJvdWdoKSAqLwo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-7.patch" Content-Disposition: attachment; filename="xsa131-qemut-7.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBhZGQgYSBmZXcgUENJIGNvbmZpZyBzcGFjZSBmaWVsZCBkZXNj cmlwdGlvbnMKClNpbmNlIHRoZSBuZXh0IHBhdGNoIHdpbGwgdHVybiBhbGwg bm90IGV4cGxpY2l0bHkgZGVzY3JpYmVkIGZpZWxkcwpyZWFkLW9ubHkgYnkg ZGVmYXVsdCwgdGhvc2UgZmllbGRzIHRoYXQgaGF2ZSBndWVzdCB3cml0YWJs ZSBiaXRzIG5lZWQKdG8gYmUgZ2l2ZW4gZXhwbGljaXQgZGVzY3JpcHRvcnMu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CgotLS0gYS9ody9wYXNzLXRocm91Z2guYworKysgYi9ody9wYXNzLXRocm91 Z2guYwpAQCAtNTM4LDYgKzUzOCwxNiBAQCBzdGF0aWMgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAgICAgIC51LmIucmVzdG9yZSAg PSBOVUxMLAogICAgIH0sCiAgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9WUERfQUREUiwKKyAgICAgICAgLnNpemUgICAgICAgPSAyLAorICAg ICAgICAucm9fbWFzayAgICA9IDB4MDAwMywKKyAgICAgICAgLmVtdV9tYXNr ICAgPSAweDAwMDMsCisgICAgICAgIC5pbml0ICAgICAgID0gcHRfY29tbW9u X3JlZ19pbml0LAorICAgICAgICAudS53LnJlYWQgICA9IHB0X3dvcmRfcmVn X3JlYWQsCisgICAgICAgIC51Lncud3JpdGUgID0gcHRfd29yZF9yZWdfd3Jp dGUsCisgICAgICAgIC51LncucmVzdG9yZSA9IHB0X3dvcmRfcmVnX3Jlc3Rv cmUsCisgICAgfSwKKyAgICB7CiAgICAgICAgIC5zaXplID0gMCwKICAgICB9 LAogfTsKQEAgLTU5OSw2ICs2MDksMTcgQEAgc3RhdGljIHN0cnVjdCBwdF9y ZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAudS53LndyaXRlICA9 IHB0X3dvcmRfcmVnX3dyaXRlLAogICAgICAgICAudS53LnJlc3RvcmUgID0g cHRfd29yZF9yZWdfcmVzdG9yZSwKICAgICB9LAorICAgIC8qIERldmljZSBT dGF0dXMgcmVnICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9IFBD SV9FWFBfREVWU1RBLAorICAgICAgICAuc2l6ZSAgICAgICA9IDIsCisgICAg ICAgIC5yZXNfbWFzayAgID0gMHhGRkMwLAorICAgICAgICAucm9fbWFzayAg ICA9IDB4MDAzMCwKKyAgICAgICAgLmluaXQgICAgICAgPSBwdF9jb21tb25f cmVnX2luaXQsCisgICAgICAgIC51LncucmVhZCAgID0gcHRfd29yZF9yZWdf cmVhZCwKKyAgICAgICAgLnUudy53cml0ZSAgPSBwdF93b3JkX3JlZ193cml0 ZSwKKyAgICAgICAgLnUudy5yZXN0b3JlICA9IHB0X3dvcmRfcmVnX3Jlc3Rv cmUsCisgICAgfSwKICAgICAvKiBMaW5rIENvbnRyb2wgcmVnICovCiAgICAg ewogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9FWFBfTE5LQ1RMLApAQCAt NjExLDYgKzYzMiwxNiBAQCBzdGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3Ri bCBwdF9lbXVfcmVnCiAgICAgICAgIC51Lncud3JpdGUgID0gcHRfd29yZF9y ZWdfd3JpdGUsCiAgICAgICAgIC51LncucmVzdG9yZSAgPSBwdF93b3JkX3Jl Z19yZXN0b3JlLAogICAgIH0sCisgICAgLyogTGluayBTdGF0dXMgcmVnICov CisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9FWFBfTE5LU1RB LAorICAgICAgICAuc2l6ZSAgICAgICA9IDIsCisgICAgICAgIC5yb19tYXNr ICAgID0gMHgzRkZGLAorICAgICAgICAuaW5pdCAgICAgICA9IHB0X2NvbW1v bl9yZWdfaW5pdCwKKyAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3Jl Z19yZWFkLAorICAgICAgICAudS53LndyaXRlICA9IHB0X3dvcmRfcmVnX3dy aXRlLAorICAgICAgICAudS53LnJlc3RvcmUgPSBwdF93b3JkX3JlZ19yZXN0 b3JlLAorICAgIH0sCiAgICAgLyogRGV2aWNlIENvbnRyb2wgMiByZWcgKi8K ICAgICB7CiAgICAgICAgIC5vZmZzZXQgICAgID0gMHgyOCwKLS0tIGEvaHcv cGFzcy10aHJvdWdoLmgKKysrIGIvaHcvcGFzcy10aHJvdWdoLmgKQEAgLTEw NSw2ICsxMDUsMTQgQEAKICNkZWZpbmUgUENJX0VYUF9UWVBFX1JPT1RfRUMg ICAgIDB4YQogI2VuZGlmCiAKKyNpZm5kZWYgUENJX1ZQRF9BRERSCisvKiBW aXRhbCBQcm9kdWN0IERhdGEgKi8KKyNkZWZpbmUgUENJX1ZQRF9BRERSCQky CS8qIEFkZHJlc3MgdG8gYWNjZXNzICgxNSBiaXRzISkgKi8KKyNkZWZpbmUg IFBDSV9WUERfQUREUl9NQVNLCTB4N2ZmZgkvKiBBZGRyZXNzIG1hc2sgKi8K KyNkZWZpbmUgIFBDSV9WUERfQUREUl9GCQkweDgwMDAJLyogV3JpdGUgMCwg MSBpbmRpY2F0ZXMgY29tcGxldGlvbiAqLworI2RlZmluZSBQQ0lfVlBEX0RB VEEJCTQJLyogMzItYml0cyBvZiBkYXRhIHJldHVybmVkIGhlcmUgKi8KKyNl bmRpZgorCiAjaWZuZGVmIFBDSV9FUlJfVU5DT1JfTUFTSwogLyogVW5jb3Jy ZWN0YWJsZSBFcnJvciBNYXNrICovCiAjZGVmaW5lIFBDSV9FUlJfVU5DT1Jf TUFTSyAgICAgIDgK --=separator Content-Type: application/octet-stream; name="xsa131-qemut-8.patch" Content-Disposition: attachment; filename="xsa131-qemut-8.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiB1bmtub3duIFBDSSBjb25maWcgc3BhY2UgZmllbGRzIHNob3Vs ZCBiZSByZWFkLW9ubHkKCi4uLiBieSBkZWZhdWx0LiBBZGQgYSBwZXItZGV2 aWNlICJwZXJtaXNzaXZlIiBtb2RlIHNpbWlsYXIgdG8gcGNpYmFjaydzCnRv IGFsbG93IHJlc3RvcmluZyBwcmV2aW91cyBiZWhhdmlvciAoYW5kIGhlbmNl IGJyZWFrIHNlY3VyaXR5IGFnYWluLAppLmUuIHNob3VsZCBiZSB1c2VkIG9u bHkgZm9yIHRydXN0ZWQgZ3Vlc3RzKS4KClRoaXMgaXMgcGFydCBvZiBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgpBY2tlZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5v LnN0YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEFudGhv bnkgUEVSQVJEIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPikKCi0tLSBh L2h3L3Bhc3MtdGhyb3VnaC5jCisrKyBiL2h3L3Bhc3MtdGhyb3VnaC5jCkBA IC0xNjEzLDEwICsxNjEzLDEwIEBAIHN0YXRpYyB2b2lkIHB0X3BjaV93cml0 ZV9jb25maWcoUENJRGV2aWMKICAgICB1aW50MzJfdCBmaW5kX2FkZHIgPSBh ZGRyZXNzOwogICAgIHVpbnQzMl90IHJlYWxfb2Zmc2V0ID0gMDsKICAgICB1 aW50MzJfdCB2YWxpZF9tYXNrID0gMHhGRkZGRkZGRjsKLSAgICB1aW50MzJf dCByZWFkX3ZhbCA9IDAsIHdiX21hc2s7CisgICAgdWludDMyX3QgcmVhZF92 YWwgPSAwLCB3Yl9tYXNrLCB3cF9tYXNrOwogICAgIHVpbnQ4X3QgKnB0cl92 YWwgPSBOVUxMOwogICAgIGludCBlbXVsX2xlbiA9IDA7Ci0gICAgaW50IGlu ZGV4ID0gMDsKKyAgICBpbnQgaW5kZXggPSAwLCB3cF9mbGFnID0gMDsKICAg ICBpbnQgcmV0ID0gMDsKIAogI2lmZGVmIFBUX0RFQlVHX1BDSV9DT05GSUdf QUNDRVNTCkBAIC0xNjk1LDcgKzE2OTUsMTQgQEAgc3RhdGljIHZvaWQgcHRf cGNpX3dyaXRlX2NvbmZpZyhQQ0lEZXZpYwogCiAgICAgLyogcGFzcyBkaXJl Y3RseSB0byBsaWJwY2kgZm9yIHBhc3N0aHJvdWdoIHR5cGUgcmVnaXN0ZXIg Z3JvdXAgKi8KICAgICBpZiAocmVnX2dycF9lbnRyeSA9PSBOVUxMKQorICAg IHsKKyAgICAgICAgaWYgKCFhc3NpZ25lZF9kZXZpY2UtPnBlcm1pc3NpdmUp CisgICAgICAgIHsKKyAgICAgICAgICAgIHdiX21hc2sgPSAwOworICAgICAg ICAgICAgd3BfZmxhZyA9IDE7CisgICAgICAgIH0KICAgICAgICAgZ290byBv dXQ7CisgICAgfQogCiAgICAgLyogYWRqdXN0IHRoZSByZWFkIGFuZCB3cml0 ZSB2YWx1ZSB0byBhcHByb3ByaWF0ZSBDRkMtQ0ZGIHdpbmRvdyAqLwogICAg IHJlYWRfdmFsIDw8PSAoKGFkZHJlc3MgJiAzKSA8PCAzKTsKQEAgLTE3MTQs MTEgKzE3MjEsMTIgQEAgc3RhdGljIHZvaWQgcHRfcGNpX3dyaXRlX2NvbmZp ZyhQQ0lEZXZpYwogICAgICAgICAgICAgdmFsaWRfbWFzayA9ICgweEZGRkZG RkZGID4+ICgoNCAtIGVtdWxfbGVuKSA8PCAzKSk7CiAgICAgICAgICAgICB2 YWxpZF9tYXNrIDw8PSAoKGZpbmRfYWRkciAtIHJlYWxfb2Zmc2V0KSA8PCAz KTsKICAgICAgICAgICAgIHB0cl92YWwgPSAoKHVpbnQ4X3QgKikmdmFsICsg KHJlYWxfb2Zmc2V0ICYgMykpOwotICAgICAgICAgICAgaWYgKHJlZy0+ZW11 X21hc2sgPT0gKDB4RkZGRkZGRkYgPj4gKCg0IC0gcmVnLT5zaXplKSA8PCAz KSkpIHsKLSAgICAgICAgICAgICAgICB3Yl9tYXNrICY9IH4oKHJlZy0+ZW11 X21hc2sKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4+ICgoZmlu ZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMpKQorICAgICAgICAgICAgd3Bf bWFzayA9IHJlZy0+ZW11X21hc2sgfCByZWctPnJvX21hc2s7CisgICAgICAg ICAgICBpZiAoIWFzc2lnbmVkX2RldmljZS0+cGVybWlzc2l2ZSkKKyAgICAg ICAgICAgICAgICB3cF9tYXNrIHw9IHJlZy0+cmVzX21hc2s7CisgICAgICAg ICAgICBpZiAod3BfbWFzayA9PSAoMHhGRkZGRkZGRiA+PiAoKDQgLSByZWct PnNpemUpIDw8IDMpKSkKKyAgICAgICAgICAgICAgICB3Yl9tYXNrICY9IH4o KHdwX21hc2sgPj4gKChmaW5kX2FkZHIgLSByZWFsX29mZnNldCkgPDwgMykp CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDw8ICgobGVuIC0gZW11 bF9sZW4pIDw8IDMpKTsKLSAgICAgICAgICAgIH0KIAogICAgICAgICAgICAg LyogZG8gZW11bGF0aW9uIGRlcGVuZCBvbiByZWdpc3RlciBzaXplICovCiAg ICAgICAgICAgICBzd2l0Y2ggKHJlZy0+c2l6ZSkgewpAQCAtMTc2Nyw2ICsx Nzc1LDE2IEBAIHN0YXRpYyB2b2lkIHB0X3BjaV93cml0ZV9jb25maWcoUENJ RGV2aWMKICAgICAgICAgICAgIC8qIG5vdGhpbmcgdG8gZG8gd2l0aCBwYXNz dGhyb3VnaCB0eXBlIHJlZ2lzdGVyLAogICAgICAgICAgICAgICogY29udGlu dWUgdG8gZmluZCBuZXh0IGJ5dGUKICAgICAgICAgICAgICAqLworICAgICAg ICAgICAgaWYgKCFhc3NpZ25lZF9kZXZpY2UtPnBlcm1pc3NpdmUpCisgICAg ICAgICAgICB7CisgICAgICAgICAgICAgICAgd2JfbWFzayAmPSB+KDB4ZmYg PDwgKChsZW4gLSBlbXVsX2xlbikgPDwgMykpOworICAgICAgICAgICAgICAg IC8qIFVudXNlZCBCQVJzIHdpbGwgbWFrZSBpdCBoZXJlLCBidXQgd2UgZG9u J3Qgd2FudCB0byBpc3N1ZQorICAgICAgICAgICAgICAgICAqIHdhcm5pbmdz IGZvciB3cml0ZXMgdG8gdGhlbSAoYm9ndXMgd3JpdGVzIGdldCBkZWFsdCB3 aXRoCisgICAgICAgICAgICAgICAgICogYWJvdmUpLgorICAgICAgICAgICAg ICAgICAqLworICAgICAgICAgICAgICAgIGlmIChpbmRleCA8IDApCisgICAg ICAgICAgICAgICAgICAgIHdwX2ZsYWcgPSAxOworICAgICAgICAgICAgfQog ICAgICAgICAgICAgZW11bF9sZW4tLTsKICAgICAgICAgICAgIGZpbmRfYWRk cisrOwogICAgICAgICB9CkBAIC0xNzc2LDYgKzE3OTQsMTUgQEAgc3RhdGlj IHZvaWQgcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lEZXZpYwogICAgIHZhbCA+ Pj0gKChhZGRyZXNzICYgMykgPDwgMyk7CiAKIG91dDoKKyAgICBpZiAod3Bf ZmxhZyAmJiAhYXNzaWduZWRfZGV2aWNlLT5wZXJtaXNzaXZlX3dhcm5lZCkK KyAgICB7CisgICAgICAgIGFzc2lnbmVkX2RldmljZS0+cGVybWlzc2l2ZV93 YXJuZWQgPSAxOworICAgICAgICBQVF9MT0coIldyaXRlLWJhY2sgdG8gdW5r bm93biBmaWVsZCAweCUwMnggKHBhcnRpYWxseSkgaW5oaWJpdGVkICgweCUw KngpXG4iLAorICAgICAgICAgICAgICAgYWRkciwgbGVuICogMiwgd2JfbWFz ayk7CisgICAgICAgIFBUX0xPRygiSWYgZGV2aWNlICUwMng6JTAyeC4lbyBk b2Vzbid0IHdvcmssIHRyeSBlbmFibGluZyBwZXJtaXNzaXZlXG4iLAorICAg ICAgICAgICAgICAgcGNpX2J1c19udW0oZC0+YnVzKSwgUENJX1NMT1QoZC0+ ZGV2Zm4pLCBQQ0lfRlVOQyhkLT5kZXZmbikpOworICAgICAgICBQVF9MT0co Im1vZGUgKHVuc2FmZSkgYW5kIGlmIGl0IGhlbHBzIHJlcG9ydCB0aGUgcHJv YmxlbSB0byB4ZW4tZGV2ZWxcbiIpOworICAgIH0KICAgICBmb3IgKGluZGV4 ID0gMDsgd2JfbWFzazsgaW5kZXggKz0gbGVuKSB7CiAgICAgICAgIC8qIHVu a25vd24gcmVncyBhcmUgcGFzc2VkIHRocm91Z2ggKi8KICAgICAgICAgd2hp bGUgKCEod2JfbWFzayAmIDB4ZmYpKSB7CkBAIC0zNDg0LDYgKzM1MTEsOSBA QCBzdGF0aWMgdWludDMyX3QgZ2V0X3Rocm91Z2hhYmxlX21hc2soY29uCiB7 CiAgICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IH4ocmVnLT5lbXVf bWFzayB8IHJlZy0+cm9fbWFzayk7CiAKKyAgICBpZiAoIXB0ZGV2LT5wZXJt aXNzaXZlKQorICAgICAgICB0aHJvdWdoYWJsZV9tYXNrICY9IH5yZWctPnJl c19tYXNrOworCiAgICAgcmV0dXJuIHRocm91Z2hhYmxlX21hc2sgJiB2YWxp ZF9tYXNrOwogfQogCkBAIC00MzIyLDcgKzQzNTIsNyBAQCBzdGF0aWMgc3Ry dWN0IHB0X2RldiAqIHJlZ2lzdGVyX3JlYWxfZGV2CiAgICAgdWludDhfdCBl X2RldmljZSwgZV9pbnR4OwogICAgIHVpbnQxNl90IGNtZCA9IDA7CiAgICAg Y2hhciAqa2V5LCAqdmFsOwotICAgIGludCBtc2lfdHJhbnNsYXRlLCBwb3dl cl9tZ210OworICAgIGludCBtc2lfdHJhbnNsYXRlLCBwb3dlcl9tZ210LCBw ZXJtaXNzaXZlID0gMDsKIAogICAgIFBUX0xPRygiQXNzaWduaW5nIHJlYWwg cGh5c2ljYWwgZGV2aWNlICUwMng6JTAyeC4leCAuLi5cbiIsCiAgICAgICAg IHJfYnVzLCByX2Rldiwgcl9mdW5jKTsKQEAgLTQzNjYsNiArNDM5Niw4IEBA IHN0YXRpYyBzdHJ1Y3QgcHRfZGV2ICogcmVnaXN0ZXJfcmVhbF9kZXYKICAg ICAgICAgICAgIGVsc2UKICAgICAgICAgICAgICAgICBQVF9MT0coIkVycm9y OiB1bnJlY29nbml6ZWQgdmFsdWUgZm9yIG1zaXRyYW5zbGF0ZT1cbiIpOwog ICAgICAgICB9CisgICAgICAgIGVsc2UgaWYgKHN0cmNtcChrZXksICJwZXJt aXNzaXZlIikgPT0gMCkKKyAgICAgICAgICAgIHBlcm1pc3NpdmUgPSAxOwog ICAgICAgICBlbHNlIGlmIChzdHJjbXAoa2V5LCAicG93ZXJfbWdtdCIpID09 IDApCiAgICAgICAgIHsKICAgICAgICAgICAgIGlmIChzdHJjbXAodmFsLCAi MCIpID09IDApCkBAIC00NDAzLDYgKzQ0MzUsNyBAQCBzdGF0aWMgc3RydWN0 IHB0X2RldiAqIHJlZ2lzdGVyX3JlYWxfZGV2CiAgICAgYXNzaWduZWRfZGV2 aWNlLT5tc2lfdHJhbnNfY2FwID0gbXNpX3RyYW5zbGF0ZTsKICAgICBhc3Np Z25lZF9kZXZpY2UtPnBvd2VyX21nbXQgPSBwb3dlcl9tZ210OwogICAgIGFz c2lnbmVkX2RldmljZS0+aXNfdmlydGZuID0gcHRfZGV2X2lzX3ZpcnRmbihw Y2lfZGV2KTsKKyAgICBhc3NpZ25lZF9kZXZpY2UtPnBlcm1pc3NpdmUgPSBw ZXJtaXNzaXZlOwogICAgIHB0X2lvbXVsX2luaXQoYXNzaWduZWRfZGV2aWNl LCByX2J1cywgcl9kZXYsIHJfZnVuYyk7CiAKICAgICAvKiBJbml0aWFsaXpl IHZpcnR1YWxpemVkIFBDSSBjb25maWd1cmF0aW9uIChFeHRlbmRlZCAyNTYg Qnl0ZXMpICovCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5oCisrKyBiL2h3L3Bh c3MtdGhyb3VnaC5oCkBAIC0yNDIsNiArMjQyLDggQEAgc3RydWN0IHB0X2Rl diB7CiAgICAgdW5zaWduZWQgcG93ZXJfbWdtdDoxOwogICAgIHN0cnVjdCBw dF9wbV9pbmZvICpwbV9zdGF0ZTsgICAgICAgICAgICAgICAgLyogUE0gdmly dHVhbGl6YXRpb24gKi8KICAgICB1bnNpZ25lZCBpc192aXJ0Zm46MTsKKyAg ICB1bnNpZ25lZCBwZXJtaXNzaXZlOjE7CisgICAgdW5zaWduZWQgcGVybWlz c2l2ZV93YXJuZWQ6MTsKIAogICAgIC8qIGlvIHBvcnQgbXVsdGlwbGV4aW5n ICovCiAjZGVmaW5lIFBDSV9JT01VTF9JTlZBTElEX0ZEICAgICgtMSkK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-1.patch" Content-Disposition: attachment; filename="xsa131-qemuu-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25m aWdfaW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpA QCAtMTA1OSw3ICsxMDU5LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnY3Ry bF9yZWdfd3JpdGUoWGVuUAogICAgIFhlblBUTVNJICptc2kgPSBzLT5tc2k7 CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7CiAgICAgdWludDE2 X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgcmF3X3Zh bDsKIAogICAgIC8qIEN1cnJlbnRseSBubyBzdXBwb3J0IGZvciBtdWx0aS12 ZWN0b3IgKi8KICAgICBpZiAoKnZhbCAmIFBDSV9NU0lfRkxBR1NfUVNJWkUp IHsKQEAgLTEwNzIsMTIgKzEwNzEsMTEgQEAgc3RhdGljIGludCB4ZW5fcHRf bXNnY3RybF9yZWdfd3JpdGUoWGVuUAogICAgIG1zaS0+ZmxhZ3MgfD0gY2Zn X2VudHJ5LT5kYXRhICYgflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogCiAgICAg LyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVn aXN0ZXIgKi8KLSAgICByYXdfdmFsID0gKnZhbDsKICAgICB0aHJvdWdoYWJs ZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2 YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJv dWdoYWJsZV9tYXNrKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KLSAgICBp ZiAocmF3X3ZhbCAmIFBDSV9NU0lfRkxBR1NfRU5BQkxFKSB7CisgICAgaWYg KCp2YWwgJiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSkgewogICAgICAgICAvKiBz ZXR1cCBNU0kgcGlycSBmb3IgdGhlIGZpcnN0IHRpbWUgKi8KICAgICAgICAg aWYgKCFtc2ktPmluaXRpYWxpemVkKSB7CiAgICAgICAgICAgICAvKiBJbml0 IHBoeXNpY2FsIG9uZSAqLwpAQCAtMTEwNSwxMCArMTEwMyw2IEBAIHN0YXRp YyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVnX3dyaXRlKFhlblAKICAgICAgICAg eGVuX3B0X21zaV9kaXNhYmxlKHMpOwogICAgIH0KIAotICAgIC8qIHBhc3Mg dGhyb3VnaCBNU0lfRU5BQkxFIGJpdCAqLwotICAgICp2YWwgJj0gflBDSV9N U0lfRkxBR1NfRU5BQkxFOwotICAgICp2YWwgfD0gcmF3X3ZhbCAmIFBDSV9N U0lfRkxBR1NfRU5BQkxFOwotCiAgICAgcmV0dXJuIDA7CiB9CiAKQEAgLTEz MTEsNyArMTMwNSw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2Vt dV9yZWdfbXNpW10KICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAg ICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAg PSAweEZGOEUsCi0gICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdGLAorICAg ICAgICAuZW11X21hc2sgICA9IDB4MDE3RSwKICAgICAgICAgLmluaXQgICAg ICAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfaW5pdCwKICAgICAgICAgLnUudy5y ZWFkICAgPSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53 cml0ZSAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-2.patch" Content-Disposition: attachment; filename="xsa131-qemuu-2.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb25zb2xpZGF0ZSBQTSBjYXBhYmlsaXR5IGVtdV9tYXNrCgpU aGVyZSdzIG5vIHBvaW50IGluIHhlbl9wdF9wbWNzcl9yZWdfe3JlYWQsd3Jp dGV9KCkgZWFjaCBPUmluZwpQQ0lfUE1fQ1RSTF9TVEFURV9NQVNLIGFuZCBQ Q0lfUE1fQ1RSTF9OT19TT0ZUX1JFU0VUIGludG8gYSBsb2NhbAplbXVfbWFz ayB2YXJpYWJsZSAtIHdlIGNhbiBoYXZlIHRoZSBzYW1lIGVmZmVjdCBieSBz ZXR0aW5nIHRoZSBmaWVsZApkZXNjcmlwdG9yJ3MgZW11X21hc2sgbWVtYmVy IHN1aXRhYmx5IHJpZ2h0IGF3YXkuIE5vdGUgdGhhdAp4ZW5fcHRfcG1jc3Jf cmVnX3dyaXRlKCkgaXMgYmVpbmcgcmV0YWluZWQgaW4gb3JkZXIgdG8gYWxs b3cgbGF0ZXIKcGF0Y2hlcyB0byBiZSBsZXNzIGludHJ1c2l2ZS4KClRoaXMg aXMgYSBwcmVwYXJhdG9yeSBwYXRjaCBmb3IgWFNBLTEzMS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQt Ynk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFiZWxsaW5pQGV1 LmNpdHJpeC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1w YmVsbEBjaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25maWdf aW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpAQCAt OTM1LDM4ICs5MzUsMjEgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRf ZW11X3JlZ19wY2llWwogICogUG93ZXIgTWFuYWdlbWVudCBDYXBhYmlsaXR5 CiAgKi8KIAotLyogcmVhZCBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wvU3Rh dHVzIHJlZ2lzdGVyICovCi1zdGF0aWMgaW50IHhlbl9wdF9wbWNzcl9yZWdf cmVhZChYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLCBYZW5QVFJlZyAqY2Zn X2VudHJ5LAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWlu dDE2X3QgKnZhbHVlLCB1aW50MTZfdCB2YWxpZF9tYXNrKQotewotICAgIFhl blBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7Ci0gICAgdWludDE2 X3QgdmFsaWRfZW11X21hc2sgPSByZWctPmVtdV9tYXNrOwotCi0gICAgdmFs aWRfZW11X21hc2sgfD0gUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9Q TV9DVFJMX05PX1NPRlRfUkVTRVQ7Ci0KLSAgICB2YWxpZF9lbXVfbWFzayA9 IHZhbGlkX2VtdV9tYXNrICYgdmFsaWRfbWFzazsKLSAgICAqdmFsdWUgPSBY RU5fUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIH52 YWxpZF9lbXVfbWFzayk7Ci0KLSAgICByZXR1cm4gMDsKLX0KIC8qIHdyaXRl IFBvd2VyIE1hbmFnZW1lbnQgQ29udHJvbC9TdGF0dXMgcmVnaXN0ZXIgKi8K IHN0YXRpYyBpbnQgeGVuX3B0X3BtY3NyX3JlZ193cml0ZShYZW5QQ0lQYXNz dGhyb3VnaFN0YXRlICpzLAogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFhlblBUUmVnICpjZmdfZW50cnksIHVpbnQxNl90ICp2YWwsCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWludDE2X3QgZGV2 X3ZhbHVlLCB1aW50MTZfdCB2YWxpZF9tYXNrKQogewogICAgIFhlblBUUmVn SW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7Ci0gICAgdWludDE2X3QgZW11 X21hc2sgPSByZWctPmVtdV9tYXNrOwogICAgIHVpbnQxNl90IHdyaXRhYmxl X21hc2sgPSAwOwogICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAw OwogCi0gICAgZW11X21hc2sgfD0gUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8 IFBDSV9QTV9DVFJMX05PX1NPRlRfUkVTRVQ7Ci0KICAgICAvKiBtb2RpZnkg ZW11bGF0ZSByZWdpc3RlciAqLwotICAgIHdyaXRhYmxlX21hc2sgPSBlbXVf bWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOworICAgIHdyaXRh YmxlX21hc2sgPSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZh bGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BUX01FUkdF X1ZBTFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7 CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRl dmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+ZW11 X21hc2sgJiB2YWxpZF9tYXNrOworICAgIHRocm91Z2hhYmxlX21hc2sgPSB+ cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhFTl9Q VF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21h c2spOwogCiAgICAgcmV0dXJuIDA7CkBAIC0xMDAyLDkgKzk4NSw5IEBAIHN0 YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdfcG1bXSAKICAgICAg ICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwgICA9IDB4 MDAwOCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweEUxRkMsCi0gICAgICAg IC5lbXVfbWFzayAgID0gMHg4MTAwLAorICAgICAgICAuZW11X21hc2sgICA9 IDB4ODEwQiwKICAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRfY29tbW9u X3JlZ19pbml0LAotICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF9wbWNz cl9yZWdfcmVhZCwKKyAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRfd29y ZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAgPSB4ZW5fcHRfcG1j c3JfcmVnX3dyaXRlLAogICAgIH0sCiAgICAgewo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-3.patch" Content-Disposition: attachment; filename="xsa131-qemuu-3.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb3JyZWN0bHkgaGFuZGxlIFBNIHN0YXR1cyBiaXQKCnhlbl9w dF9wbWNzcl9yZWdfd3JpdGUoKSBuZWVkcyBhbiBhZGp1c3RtZW50IHRvIGRl YWwgd2l0aCB0aGUgUlcxQwpuYXR1cmUgb2YgdGhlIG5vdCBwYXNzZWQgdGhy b3VnaCBiaXQgMTUgKFBDSV9QTV9DVFJMX1BNRV9TVEFUVVMpLgoKVGhpcyBp cyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0EtMTMxLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbi94ZW5fcHRfY29uZmlnX2lu aXQuYworKysgYi9ody94ZW4veGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTk1 MCw3ICs5NTAsOCBAQCBzdGF0aWMgaW50IHhlbl9wdF9wbWNzcl9yZWdfd3Jp dGUoWGVuUENJCiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcg dG8gSS9PIGRldmljZSByZWdpc3RlciAqLwogICAgIHRocm91Z2hhYmxlX21h c2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbCA9 IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hh YmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZh bCwgZGV2X3ZhbHVlICYgflBDSV9QTV9DVFJMX1BNRV9TVEFUVVMsCisgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB0aHJvdWdoYWJsZV9tYXNrKTsK IAogICAgIHJldHVybiAwOwogfQo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-1.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19p bml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTEwNTUs NyArMTA1NSw2IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVnX3dy aXRlKFhlblAKICAgICBYZW5QVE1TSSAqbXNpID0gcy0+bXNpOwogICAgIHVp bnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwogICAgIHVpbnQxNl90IHRocm91 Z2hhYmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHJhd192YWw7CiAKICAg ICAvKiBDdXJyZW50bHkgbm8gc3VwcG9ydCBmb3IgbXVsdGktdmVjdG9yICov CiAgICAgaWYgKCp2YWwgJiBQQ0lfTVNJX0ZMQUdTX1FTSVpFKSB7CkBAIC0x MDY4LDEyICsxMDY3LDExIEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2N0cmxf cmVnX3dyaXRlKFhlblAKICAgICBtc2ktPmZsYWdzIHw9IGNmZ19lbnRyeS0+ ZGF0YSAmIH5QQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKIAogICAgIC8qIGNyZWF0 ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICov Ci0gICAgcmF3X3ZhbCA9ICp2YWw7CiAgICAgdGhyb3VnaGFibGVfbWFzayA9 IH5yZWctPmVtdV9tYXNrICYgdmFsaWRfbWFzazsKICAgICAqdmFsID0gWEVO X1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFibGVf bWFzayk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCi0gICAgaWYgKHJhd192 YWwgJiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSkgeworICAgIGlmICgqdmFsICYg UENJX01TSV9GTEFHU19FTkFCTEUpIHsKICAgICAgICAgLyogc2V0dXAgTVNJ IHBpcnEgZm9yIHRoZSBmaXJzdCB0aW1lICovCiAgICAgICAgIGlmICghbXNp LT5pbml0aWFsaXplZCkgewogICAgICAgICAgICAgLyogSW5pdCBwaHlzaWNh bCBvbmUgKi8KQEAgLTExMDEsMTAgKzEwOTksNiBAQCBzdGF0aWMgaW50IHhl bl9wdF9tc2djdHJsX3JlZ193cml0ZShYZW5QCiAgICAgICAgIG1zaS0+Zmxh Z3MgJj0gflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogICAgIH0KIAotICAgIC8q IHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxFIGJpdCAqLwotICAgICp2YWwgJj0g flBDSV9NU0lfRkxBR1NfRU5BQkxFOwotICAgICp2YWwgfD0gcmF3X3ZhbCAm IFBDSV9NU0lfRkxBR1NfRU5BQkxFOwotCiAgICAgcmV0dXJuIDA7CiB9CiAK QEAgLTEzMDMsNyArMTI5Nyw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVu X3B0X2VtdV9yZWdfbXNpW10KICAgICAgICAgLnNpemUgICAgICAgPSAyLAog ICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21h c2sgICAgPSAweEZGOEUsCi0gICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdG LAorICAgICAgICAuZW11X21hc2sgICA9IDB4MDE3RSwKICAgICAgICAgLmlu aXQgICAgICAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfaW5pdCwKICAgICAgICAg LnUudy5yZWFkICAgPSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAg LnUudy53cml0ZSAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-2.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-2.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb25zb2xpZGF0ZSBQTSBjYXBhYmlsaXR5IGVtdV9tYXNrCgpU aGVyZSdzIG5vIHBvaW50IGluIHhlbl9wdF9wbWNzcl9yZWdfe3JlYWQsd3Jp dGV9KCkgZWFjaCBPUmluZwpQQ0lfUE1fQ1RSTF9TVEFURV9NQVNLIGFuZCBQ Q0lfUE1fQ1RSTF9OT19TT0ZUX1JFU0VUIGludG8gYSBsb2NhbAplbXVfbWFz ayB2YXJpYWJsZSAtIHdlIGNhbiBoYXZlIHRoZSBzYW1lIGVmZmVjdCBieSBz ZXR0aW5nIHRoZSBmaWVsZApkZXNjcmlwdG9yJ3MgZW11X21hc2sgbWVtYmVy IHN1aXRhYmx5IHJpZ2h0IGF3YXkuIE5vdGUgdGhhdAp4ZW5fcHRfcG1jc3Jf cmVnX3dyaXRlKCkgaXMgYmVpbmcgcmV0YWluZWQgaW4gb3JkZXIgdG8gYWxs b3cgbGF0ZXIKcGF0Y2hlcyB0byBiZSBsZXNzIGludHJ1c2l2ZS4KClRoaXMg aXMgYSBwcmVwYXJhdG9yeSBwYXRjaCBmb3IgWFNBLTEzMS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQt Ynk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFiZWxsaW5pQGV1 LmNpdHJpeC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1w YmVsbEBjaXRyaXguY29tPgoKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19pbml0 LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTkzNSwzOCAr OTM1LDIxIEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdf cGNpZVsKICAqIFBvd2VyIE1hbmFnZW1lbnQgQ2FwYWJpbGl0eQogICovCiAK LS8qIHJlYWQgUG93ZXIgTWFuYWdlbWVudCBDb250cm9sL1N0YXR1cyByZWdp c3RlciAqLwotc3RhdGljIGludCB4ZW5fcHRfcG1jc3JfcmVnX3JlYWQoWGVu UENJUGFzc3Rocm91Z2hTdGF0ZSAqcywgWGVuUFRSZWcgKmNmZ19lbnRyeSwK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVpbnQxNl90ICp2 YWx1ZSwgdWludDE2X3QgdmFsaWRfbWFzaykKLXsKLSAgICBYZW5QVFJlZ0lu Zm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwotICAgIHVpbnQxNl90IHZhbGlk X2VtdV9tYXNrID0gcmVnLT5lbXVfbWFzazsKLQotICAgIHZhbGlkX2VtdV9t YXNrIHw9IFBDSV9QTV9DVFJMX1NUQVRFX01BU0sgfCBQQ0lfUE1fQ1RSTF9O T19TT0ZUX1JFU0VUOwotCi0gICAgdmFsaWRfZW11X21hc2sgPSB2YWxpZF9l bXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbHVlID0gWEVOX1BUX01F UkdFX1ZBTFVFKCp2YWx1ZSwgY2ZnX2VudHJ5LT5kYXRhLCB+dmFsaWRfZW11 X21hc2spOwotCi0gICAgcmV0dXJuIDA7Ci19CiAvKiB3cml0ZSBQb3dlciBN YW5hZ2VtZW50IENvbnRyb2wvU3RhdHVzIHJlZ2lzdGVyICovCiBzdGF0aWMg aW50IHhlbl9wdF9wbWNzcl9yZWdfd3JpdGUoWGVuUENJUGFzc3Rocm91Z2hT dGF0ZSAqcywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBY ZW5QVFJlZyAqY2ZnX2VudHJ5LCB1aW50MTZfdCAqdmFsLAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHVpbnQxNl90IGRldl92YWx1ZSwg dWludDE2X3QgdmFsaWRfbWFzaykKIHsKICAgICBYZW5QVFJlZ0luZm8gKnJl ZyA9IGNmZ19lbnRyeS0+cmVnOwotICAgIHVpbnQxNl90IGVtdV9tYXNrID0g cmVnLT5lbXVfbWFzazsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNrID0g MDsKICAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKIAotICAg IGVtdV9tYXNrIHw9IFBDSV9QTV9DVFJMX1NUQVRFX01BU0sgfCBQQ0lfUE1f Q1RSTF9OT19TT0ZUX1JFU0VUOwotCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUg cmVnaXN0ZXIgKi8KLSAgICB3cml0YWJsZV9tYXNrID0gZW11X21hc2sgJiB+ cmVnLT5yb19tYXNrICYgdmFsaWRfbWFzazsKKyAgICB3cml0YWJsZV9tYXNr ID0gcmVnLT5lbXVfbWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNr OwogICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJHRV9WQUxVRSgq dmFsLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwogCiAgICAg LyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVn aXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfmVtdV9tYXNrICYg dmFsaWRfbWFzazsKKyAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11 X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0Vf VkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAog ICAgIHJldHVybiAwOwpAQCAtMTAwMiw5ICs5ODUsOSBAQCBzdGF0aWMgWGVu UFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX3BtW10gCiAgICAgICAgIC5zaXpl ICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDgsCiAg ICAgICAgIC5yb19tYXNrICAgID0gMHhFMUZDLAotICAgICAgICAuZW11X21h c2sgICA9IDB4ODEwMCwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweDgxMEIs CiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X2NvbW1vbl9yZWdfaW5p dCwKLSAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRfcG1jc3JfcmVnX3Jl YWQsCisgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3Jl YWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X3BtY3NyX3JlZ193 cml0ZSwKICAgICB9LAogICAgIHsK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-3.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-3.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb3JyZWN0bHkgaGFuZGxlIFBNIHN0YXR1cyBiaXQKCnhlbl9w dF9wbWNzcl9yZWdfd3JpdGUoKSBuZWVkcyBhbiBhZGp1c3RtZW50IHRvIGRl YWwgd2l0aCB0aGUgUlcxQwpuYXR1cmUgb2YgdGhlIG5vdCBwYXNzZWQgdGhy b3VnaCBiaXQgMTUgKFBDSV9QTV9DVFJMX1BNRV9TVEFUVVMpLgoKVGhpcyBp cyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0EtMTMxLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbl9wdF9jb25maWdfaW5pdC5j CisrKyBiL2h3L3hlbl9wdF9jb25maWdfaW5pdC5jCkBAIC05NTAsNyArOTUw LDggQEAgc3RhdGljIGludCB4ZW5fcHRfcG1jc3JfcmVnX3dyaXRlKFhlblBD SQogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBk ZXZpY2UgcmVnaXN0ZXIgKi8KICAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJl Zy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwgPSBYRU5fUFRf TUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNr KTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92 YWx1ZSAmIH5QQ0lfUE1fQ1RSTF9QTUVfU1RBVFVTLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICBy ZXR1cm4gMDsKIH0K --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-4.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-4.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBzcGxpdCBvdXQgY2FsY3VsYXRpb24gb2YgdGhyb3VnaGFibGUg bWFzayBpbiBQQ0kgY29uZmlnIHNwYWNlIGhhbmRsaW5nCgpUaGlzIGlzIGp1 c3QgdG8gYXZvaWQgaGF2aW5nIHRvIGFkanVzdCB0aGF0IGNhbGN1bGF0aW9u IGxhdGVyIGluCm11bHRpcGxlIHBsYWNlcy4KCk5vdGUgdGhhdCBpbmNsdWRp bmcgLT5yb19tYXNrIGluIGdldF90aHJvdWdoYWJsZV9tYXNrKCkncyBjYWxj dWxhdGlvbgppcyBvbmx5IGFuIGFwcGFyZW50IChpLmUuIGJlbmlnbikgYmVo YXZpb3JhbCBjaGFuZ2U6IEZvciByL28gZmllbGRzIGl0CmRvZXNuJ3QgbWF0 dGVyID4gd2hldGhlciB0aGV5IGdldCBwYXNzZWQgdGhyb3VnaCAtIGVpdGhl ciB0aGUgc2FtZSBmbGFnCmlzIGFsc28gc2V0IGluIGVtdV9tYXNrICh0aGVu IHRoZXJlJ3Mgbm8gY2hhbmdlIGF0IGFsbCkgb3IgdGhlIGZpZWxkIGlzCnIv byBpbiBoYXJkd2FyZSAoYW5kIGhlbmNlIGEgd3JpdGUgd29uJ3QgY2hhbmdl IGl0IGFueXdheSkuCgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9y IFhTQS0xMzEuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0 ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpSZXZpZXdlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cgot LS0gYS9ody94ZW5fcHRfY29uZmlnX2luaXQuYworKysgYi9ody94ZW5fcHRf Y29uZmlnX2luaXQuYwpAQCAtOTUsNiArOTUsMTQgQEAgWGVuUFRSZWcgKnhl bl9wdF9maW5kX3JlZyhYZW5QVFJlZ0dyb3VwIAogICAgIHJldHVybiBOVUxM OwogfQogCitzdGF0aWMgdWludDMyX3QgZ2V0X3Rocm91Z2hhYmxlX21hc2so Y29uc3QgWGVuUENJUGFzc3Rocm91Z2hTdGF0ZSAqcywKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBYZW5QVFJlZ0luZm8g KnJlZywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1 aW50MzJfdCB2YWxpZF9tYXNrKQoreworICAgIHVpbnQzMl90IHRocm91Z2hh YmxlX21hc2sgPSB+KHJlZy0+ZW11X21hc2sgfCByZWctPnJvX21hc2spOwor CisgICAgcmV0dXJuIHRocm91Z2hhYmxlX21hc2sgJiB2YWxpZF9tYXNrOwor fQogCiAvKioqKioqKioqKioqKioqKgogICogZ2VuZXJhbCByZWdpc3RlciBm dW5jdGlvbnMKQEAgLTE1NywxNCArMTY1LDEzIEBAIHN0YXRpYyBpbnQgeGVu X3B0X2J5dGVfcmVnX3dyaXRlKFhlblBDSVAKIHsKICAgICBYZW5QVFJlZ0lu Zm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQ4X3Qgd3JpdGFi bGVfbWFzayA9IDA7Ci0gICAgdWludDhfdCB0aHJvdWdoYWJsZV9tYXNrID0g MDsKKyAgICB1aW50OF90IHRocm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3Vn aGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2spOwogCiAgICAgLyogbW9k aWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0g cmVnLT5lbXVfbWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOwog ICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFs LCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwogCiAgICAgLyog Y3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0 ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sg JiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIHJl dHVybiAwOwpAQCAtMTc1LDE0ICsxODIsMTMgQEAgc3RhdGljIGludCB4ZW5f cHRfd29yZF9yZWdfd3JpdGUoWGVuUENJUAogewogICAgIFhlblBUUmVnSW5m byAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDE2X3Qgd3JpdGFi bGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFzayA9 IDA7CisgICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJv dWdoYWJsZV9tYXNrKHMsIHJlZywgdmFsaWRfbWFzayk7CiAKICAgICAvKiBt b2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwogICAgIHdyaXRhYmxlX21hc2sg PSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7 CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2 YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAv KiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdp c3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFz ayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxV RSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAgICAg cmV0dXJuIDA7CkBAIC0xOTMsMTQgKzE5OSwxMyBAQCBzdGF0aWMgaW50IHhl bl9wdF9sb25nX3JlZ193cml0ZShYZW5QQ0lQCiB7CiAgICAgWGVuUFRSZWdJ bmZvICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MzJfdCB3cml0 YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNr ID0gMDsKKyAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Ro cm91Z2hhYmxlX21hc2socywgcmVnLCB2YWxpZF9tYXNrKTsKIAogICAgIC8q IG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAgICAgd3JpdGFibGVfbWFz ayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19tYXNrICYgdmFsaWRfbWFz azsKICAgICBjZmdfZW50cnktPmRhdGEgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgY2ZnX2VudHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAg IC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJl Z2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9t YXNrICYgdmFsaWRfbWFzazsKICAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZB TFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAg ICByZXR1cm4gMDsKQEAgLTI5MiwxNSArMjk3LDEzIEBAIHN0YXRpYyBpbnQg eGVuX3B0X2NtZF9yZWdfd3JpdGUoWGVuUENJUGEKIHsKICAgICBYZW5QVFJl Z0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQxNl90IHdy aXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21h c2sgPSAwOworICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSBnZXRf dGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2spOwogCiAgICAg LyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9t YXNrID0gfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7CiAgICAgY2ZnX2Vu dHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRy eS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFs dWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAg IHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21h c2s7Ci0KICAgICBpZiAoKnZhbCAmIFBDSV9DT01NQU5EX0lOVFhfRElTQUJM RSkgewogICAgICAgICB0aHJvdWdoYWJsZV9tYXNrIHw9IFBDSV9DT01NQU5E X0lOVFhfRElTQUJMRTsKICAgICB9IGVsc2UgewpAQCAtNDU2LDcgKzQ1OSw2 IEBAIHN0YXRpYyBpbnQgeGVuX3B0X2Jhcl9yZWdfd3JpdGUoWGVuUENJUGEK ICAgICBQQ0lEZXZpY2UgKmQgPSAmcy0+ZGV2OwogICAgIGNvbnN0IFBDSUlP UmVnaW9uICpyOwogICAgIHVpbnQzMl90IHdyaXRhYmxlX21hc2sgPSAwOwot ICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21hc2sgPSAwOwogICAgIHVpbnQz Ml90IGJhcl9lbXVfbWFzayA9IDA7CiAgICAgdWludDMyX3QgYmFyX3JvX21h c2sgPSAwOwogICAgIHVpbnQzMl90IHJfc2l6ZSA9IDA7CkBAIC01MTMsOCAr NTE1LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfYmFyX3JlZ193cml0ZShYZW5Q Q0lQYQogICAgIH0KIAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGlu ZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVf bWFzayA9IH5iYXJfZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwg PSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdo YWJsZV9tYXNrKTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2 YWwsIGRldl92YWx1ZSwgMCk7CiAKICAgICByZXR1cm4gMDsKIH0KQEAgLTUy OCw5ICs1MjksOCBAQCBzdGF0aWMgaW50IHhlbl9wdF9leHBfcm9tX2Jhcl9y ZWdfd3JpdGUoCiAgICAgWGVuUFRSZWdpb24gKmJhc2UgPSBOVUxMOwogICAg IFBDSURldmljZSAqZCA9IChQQ0lEZXZpY2UgKikmcy0+ZGV2OwogICAgIHVp bnQzMl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91 Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21h c2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2sp OwogICAgIHBjaWJ1c190IHJfc2l6ZSA9IDA7Ci0gICAgdWludDMyX3QgYmFy X2VtdV9tYXNrID0gMDsKICAgICB1aW50MzJfdCBiYXJfcm9fbWFzayA9IDA7 CiAKICAgICByX3NpemUgPSBkLT5pb19yZWdpb25zW1BDSV9ST01fU0xPVF0u c2l6ZTsKQEAgLTUzOSw3ICs1MzksNiBAQCBzdGF0aWMgaW50IHhlbl9wdF9l eHBfcm9tX2Jhcl9yZWdfd3JpdGUoCiAgICAgcl9zaXplID0geGVuX3B0X2dl dF9lbXVsX3NpemUoYmFzZS0+YmFyX2ZsYWcsIHJfc2l6ZSk7CiAKICAgICAv KiBzZXQgZW11bGF0ZSBtYXNrIGFuZCByZWFkLW9ubHkgbWFzayAqLwotICAg IGJhcl9lbXVfbWFzayA9IHJlZy0+ZW11X21hc2s7CiAgICAgYmFyX3JvX21h c2sgPSAocmVnLT5yb19tYXNrIHwgKHJfc2l6ZSAtIDEpKSAmIH5QQ0lfUk9N X0FERFJFU1NfRU5BQkxFOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVn aXN0ZXIgKi8KQEAgLTU0Nyw3ICs1NDYsNiBAQCBzdGF0aWMgaW50IHhlbl9w dF9leHBfcm9tX2Jhcl9yZWdfd3JpdGUoCiAgICAgY2ZnX2VudHJ5LT5kYXRh ID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwg d3JpdGFibGVfbWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdy aXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hh YmxlX21hc2sgPSB+YmFyX2VtdV9tYXNrICYgdmFsaWRfbWFzazsKICAgICAq dmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhy b3VnaGFibGVfbWFzayk7CiAKICAgICByZXR1cm4gMDsKQEAgLTk0MiwxNCAr OTQwLDEzIEBAIHN0YXRpYyBpbnQgeGVuX3B0X3BtY3NyX3JlZ193cml0ZShY ZW5QQ0kKIHsKICAgICBYZW5QVFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+ cmVnOwogICAgIHVpbnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVp bnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90IHRo cm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcs IHZhbGlkX21hc2spOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0 ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVfbWFzayAmIH5y ZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOwogICAgIGNmZ19lbnRyeS0+ZGF0 YSA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBjZmdfZW50cnktPmRhdGEs IHdyaXRhYmxlX21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3 cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdo YWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAg ICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlICYg flBDSV9QTV9DVFJMX1BNRV9TVEFUVVMsCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB0aHJvdWdoYWJsZV9tYXNrKTsKIApAQCAtMTAzOCw3ICsx MDM1LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUo WGVuUAogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7 CiAgICAgWGVuUFRNU0kgKm1zaSA9IHMtPm1zaTsKICAgICB1aW50MTZfdCB3 cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9t YXNrID0gMDsKKyAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0 X3Rocm91Z2hhYmxlX21hc2socywgcmVnLCB2YWxpZF9tYXNrKTsKIAogICAg IC8qIEN1cnJlbnRseSBubyBzdXBwb3J0IGZvciBtdWx0aS12ZWN0b3IgKi8K ICAgICBpZiAoKnZhbCAmIFBDSV9NU0lfRkxBR1NfUVNJWkUpIHsKQEAgLTEw NTEsNyArMTA0OCw2IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVn X3dyaXRlKFhlblAKICAgICBtc2ktPmZsYWdzIHw9IGNmZ19lbnRyeS0+ZGF0 YSAmIH5QQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKIAogICAgIC8qIGNyZWF0ZSB2 YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0g ICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRf bWFzazsKICAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiB1cGRhdGUg TVNJICovCkBAIC0xMTYzLDcgKzExNTksNiBAQCBzdGF0aWMgaW50IHhlbl9w dF9tc2dhZGRyMzJfcmVnX3dyaXRlKFhlCiB7CiAgICAgWGVuUFRSZWdJbmZv ICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MzJfdCB3cml0YWJs ZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0g MDsKICAgICB1aW50MzJfdCBvbGRfYWRkciA9IGNmZ19lbnRyeS0+ZGF0YTsK IAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCkBAIC0xMTcy LDggKzExNjcsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dhZGRyMzJfcmVn X3dyaXRlKFhlCiAgICAgcy0+bXNpLT5hZGRyX2xvID0gY2ZnX2VudHJ5LT5k YXRhOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkv TyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0g fnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwgPSBYRU5f UFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9t YXNrKTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRl dl92YWx1ZSwgMCk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCiAgICAgaWYg KGNmZ19lbnRyeS0+ZGF0YSAhPSBvbGRfYWRkcikgewpAQCAtMTE5MSw3ICsx MTg1LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnYWRkcjY0X3JlZ193cml0 ZShYZQogewogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5y ZWc7CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWlu dDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CiAgICAgdWludDMyX3Qgb2xk X2FkZHIgPSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBjaGVjayB3aGV0 aGVyIHRoZSB0eXBlIGlzIDY0IGJpdCBvciBub3QgKi8KQEAgLTEyMDgsOCAr MTIwMSw3IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2FkZHI2NF9yZWdfd3Jp dGUoWGUKICAgICBzLT5tc2ktPmFkZHJfaGkgPSBjZmdfZW50cnktPmRhdGE7 CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRl dmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVn LT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbCA9IFhFTl9QVF9N RVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2sp OworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3Zh bHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KICAgICBpZiAoY2Zn X2VudHJ5LT5kYXRhICE9IG9sZF9hZGRyKSB7CkBAIC0xMjMxLDcgKzEyMjMs NiBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dkYXRhX3JlZ193cml0ZShYZW5Q CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAg ICBYZW5QVE1TSSAqbXNpID0gcy0+bXNpOwogICAgIHVpbnQxNl90IHdyaXRh YmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sg PSAwOwogICAgIHVpbnQxNl90IG9sZF9kYXRhID0gY2ZnX2VudHJ5LT5kYXRh OwogICAgIHVpbnQzMl90IG9mZnNldCA9IHJlZy0+b2Zmc2V0OwogCkBAIC0x MjQ5LDggKzEyNDAsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dkYXRhX3Jl Z193cml0ZShYZW5QCiAgICAgbXNpLT5kYXRhID0gY2ZnX2VudHJ5LT5kYXRh OwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBk ZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJl Zy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwgPSBYRU5fUFRf TUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNr KTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92 YWx1ZSwgMCk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCiAgICAgaWYgKGNm Z19lbnRyeS0+ZGF0YSAhPSBvbGRfZGF0YSkgewpAQCAtMTQxMiw3ICsxNDAy LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNpeGN0cmxfcmVnX3dyaXRlKFhl bgogewogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7 CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2 X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAgdWludDE2X3QgdGhyb3Vn aGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFs aWRfbWFzayk7CiAgICAgaW50IGRlYnVnX21zaXhfZW5hYmxlZF9vbGQ7CiAK ICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwpAQCAtMTQyMCw3 ICsxNDEwLDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNpeGN0cmxfcmVnX3dy aXRlKFhlbgogICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJHRV9W QUxVRSgqdmFsLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwog CiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZp Y2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVS R0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsK IAogICAgIC8qIHVwZGF0ZSBNU0ktWCAqLwo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-5.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-5.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIGFsbCBQQ0llIGNhcGFiaWxpdHkgYml0cyByZWFkLW9u bHkKCnhlbl9wdF9lbXVfcmVnX3BjaWVbXSdzIFBDSV9FWFBfREVWQ0FQIG5l ZWRzIHRvIGNvdmVyIGFsbCBiaXRzIGFzIHJlYWQtCm9ubHkgdG8gYXZvaWQg dW5pbnRlbmRlZCB3cml0ZS1iYWNrIChqdXN0IGEgcHJlY2F1dGlvbiwgdGhl IGZpZWxkIG91Z2h0CnRvIGJlIHJlYWQtb25seSBpbiBoYXJkd2FyZSkuCgpU aGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpTaWdu ZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19p bml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTg3Myw3 ICs4NzMsNyBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X3BjaWVbCiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX0VYUF9ERVZDQVAs CiAgICAgICAgIC5zaXplICAgICAgID0gNCwKICAgICAgICAgLmluaXRfdmFs ICAgPSAweDAwMDAwMDAwLAotICAgICAgICAucm9fbWFzayAgICA9IDB4MUZG Q0ZGRkYsCisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZGRiwKICAg ICAgICAgLmVtdV9tYXNrICAgPSAweDEwMDAwMDAwLAogICAgICAgICAuaW5p dCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAgIC51 LmR3LnJlYWQgID0geGVuX3B0X2xvbmdfcmVnX3JlYWQsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-6.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-6.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIHJlc2VydmVkIGJpdHMgaW4gUENJIGNvbmZpZyBzcGFj ZSBmaWVsZHMKClRoZSBhZGp1c3RtZW50cyBhcmUgc29sZWx5IHRvIG1ha2Ug dGhlIHN1YnNlcXVlbnQgcGF0Y2hlcyB3b3JrIHJpZ2h0CihhbmQgaGVuY2Ug bWFrZSB0aGUgcGF0Y2ggc2V0IGNvbnNpc3RlbnQpLCBuYW1lbHkgaWYgcGVy bWlzc2l2ZSBtb2RlCihpbnRyb2R1Y2VkIGJ5IHRoZSBsYXN0IHBhdGNoKSBn ZXRzIHVzZWQgKGFzIGJvdGggcmVzZXJ2ZWQgcmVnaXN0ZXJzCmFuZCByZXNl cnZlZCBmaWVsZHMgbXVzdCBiZSBzaW1pbGFybHkgcHJvdGVjdGVkIGZyb20g Z3Vlc3QgYWNjZXNzIGluCmRlZmF1bHQgbW9kZSwgYnV0IHRoZSBndWVzdCBz aG91bGQgYmUgYWxsb3dlZCBhY2Nlc3MgdG8gdGhlbSBpbgpwZXJtaXNzaXZl IG1vZGUpLgoKVGhpcyBpcyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgoKLS0tIGEvaHcveGVuX3B0LmgKKysrIGIvaHcveGVuX3B0LmgK QEAgLTEwMSw2ICsxMDEsOCBAQCBzdHJ1Y3QgWGVuUFRSZWdJbmZvIHsKICAg ICB1aW50MzJfdCBvZmZzZXQ7CiAgICAgdWludDMyX3Qgc2l6ZTsKICAgICB1 aW50MzJfdCBpbml0X3ZhbDsKKyAgICAvKiByZWcgcmVzZXJ2ZWQgZmllbGQg bWFzayAoT046cmVzZXJ2ZWQsIE9GRjpkZWZpbmVkKSAqLworICAgIHVpbnQz Ml90IHJlc19tYXNrOwogICAgIC8qIHJlZyByZWFkIG9ubHkgZmllbGQgbWFz ayAoT046Uk8vUk9TLCBPRkY6b3RoZXIpICovCiAgICAgdWludDMyX3Qgcm9f bWFzazsKICAgICAvKiByZWcgZW11bGF0ZSBmaWVsZCBtYXNrIChPTjplbXUs IE9GRjpwYXNzdGhyb3VnaCkgKi8KLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19p bml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTU4MCw3 ICs1ODAsNyBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X2hlYWRlCiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX0NPTU1BTkQsCiAg ICAgICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAg PSAweDAwMDAsCi0gICAgICAgIC5yb19tYXNrICAgID0gMHhGODgwLAorICAg ICAgICAucmVzX21hc2sgICA9IDB4Rjg4MCwKICAgICAgICAgLmVtdV9tYXNr ICAgPSAweDA3NDMsCiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X2Nv bW1vbl9yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRf d29yZF9yZWdfcmVhZCwKQEAgLTYwNSw3ICs2MDUsOCBAQCBzdGF0aWMgWGVu UFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX2hlYWRlCiAgICAgICAgIC5vZmZz ZXQgICAgID0gUENJX1NUQVRVUywKICAgICAgICAgLnNpemUgICAgICAgPSAy LAogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKLSAgICAgICAgLnJv X21hc2sgICAgPSAweDA2RkYsCisgICAgICAgIC5yZXNfbWFzayAgID0gMHgw MDA3LAorICAgICAgICAucm9fbWFzayAgICA9IDB4MDZGOCwKICAgICAgICAg LmVtdV9tYXNrICAgPSAweDAwMTAsCiAgICAgICAgIC5pbml0ICAgICAgID0g eGVuX3B0X3N0YXR1c19yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAg PSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKQEAgLTk4Miw3ICs5ODMsOCBAQCBz dGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX3BtW10gCiAgICAg ICAgIC5vZmZzZXQgICAgID0gUENJX1BNX0NUUkwsCiAgICAgICAgIC5zaXpl ICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDgsCi0g ICAgICAgIC5yb19tYXNrICAgID0gMHhFMUZDLAorICAgICAgICAucmVzX21h c2sgICA9IDB4MDBGMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEUxMEMs CiAgICAgICAgIC5lbXVfbWFzayAgID0gMHg4MTBCLAogICAgICAgICAuaW5p dCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAgIC51 LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCkBAIC0xMjcwLDcg KzEyNzIsOCBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X21zaVtdCiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9GTEFHUywK ICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwg ICA9IDB4MDAwMCwKLSAgICAgICAgLnJvX21hc2sgICAgPSAweEZGOEUsCisg ICAgICAgIC5yZXNfbWFzayAgID0gMHhGRTAwLAorICAgICAgICAucm9fbWFz ayAgICA9IDB4MDE4RSwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDAxN0Us CiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21zZ2N0cmxfcmVnX2lu aXQsCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3Jl YWQsCkBAIC0xNDQ2LDcgKzE0NDksOCBAQCBzdGF0aWMgWGVuUFRSZWdJbmZv IHhlbl9wdF9lbXVfcmVnX21zaXhbCiAgICAgICAgIC5vZmZzZXQgICAgID0g UENJX01TSV9GTEFHUywKICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAg ICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKLSAgICAgICAgLnJvX21hc2sg ICAgPSAweDNGRkYsCisgICAgICAgIC5yZXNfbWFzayAgID0gMHgzODAwLAor ICAgICAgICAucm9fbWFzayAgICA9IDB4MDdGRiwKICAgICAgICAgLmVtdV9t YXNrICAgPSAweDAwMDAsCiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0 X21zaXhjdHJsX3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9IHhl bl9wdF93b3JkX3JlZ19yZWFkLAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-7.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-7.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBhZGQgYSBmZXcgUENJIGNvbmZpZyBzcGFjZSBmaWVsZCBkZXNj cmlwdGlvbnMKClNpbmNlIHRoZSBuZXh0IHBhdGNoIHdpbGwgdHVybiBhbGwg bm90IGV4cGxpY2l0bHkgZGVzY3JpYmVkIGZpZWxkcwpyZWFkLW9ubHkgYnkg ZGVmYXVsdCwgdGhvc2UgZmllbGRzIHRoYXQgaGF2ZSBndWVzdCB3cml0YWJs ZSBiaXRzIG5lZWQKdG8gYmUgZ2l2ZW4gZXhwbGljaXQgZGVzY3JpcHRvcnMu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ Ci0tLQpOb3RlczoKLSBibGluZGx5IGFsbG93aW5nIGFsbCBWUEQgcmVhZHMg bWF5IHN0aWxsIGJlIGEgcHJvYmxlbSAob3V0IG9mIGJvdW5kcwogIGFkZHJl c3NlcyBhcmVuJ3QgYWxsb3dlZCwgYnV0IHRoZSBzcGVjIGRvZXNuJ3Qgc2F5 IHdoYXQgdGhlIGVmZmVjdAogIHdvdWxkIGJlKSA9PT4gYWxzbyBhbiBpc3N1 ZSBpbiBwY2liYWNrPwotIFZlbmRvciBTcGVjaWZpYyBjYXAgcmVncyBhcmVu J3QgaW4gdGhlIHRhYmxlICh3aWxsIGJlY29tZSByL28gYnkKICBkZWZhdWx0 IHdpdGggdGhpcyBjaGFuZ2UpCi0gbWFueSBQQ0llIGNhcCByZWdzIGFyZW4n dCBpbiB0aGUgdGFibGUgKHdpbGwgYWdhaW4gYmVjb21lIHIvbykKLSBzYW1l IGZvciBQTSBjYXAgcmVncyBhdCBvZmZzZXRzIDYgYW5kIDcKCi0tLSBhL2h3 L3hlbl9wdF9jb25maWdfaW5pdC5jCisrKyBiL2h3L3hlbl9wdF9jb25maWdf aW5pdC5jCkBAIC03NTYsNiArNzU2LDE1IEBAIHN0YXRpYyBYZW5QVFJlZ0lu Zm8geGVuX3B0X2VtdV9yZWdfdnBkW10KICAgICAgICAgLnUuYi53cml0ZSAg PSB4ZW5fcHRfYnl0ZV9yZWdfd3JpdGUsCiAgICAgfSwKICAgICB7CisgICAg ICAgIC5vZmZzZXQgICAgID0gUENJX1ZQRF9BRERSLAorICAgICAgICAuc2l6 ZSAgICAgICA9IDIsCisgICAgICAgIC5yb19tYXNrICAgID0gMHgwMDAzLAor ICAgICAgICAuZW11X21hc2sgICA9IDB4MDAwMywKKyAgICAgICAgLmluaXQg ICAgICAgPSB4ZW5fcHRfY29tbW9uX3JlZ19pbml0LAorICAgICAgICAudS53 LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFkLAorICAgICAgICAudS53 LndyaXRlICA9IHhlbl9wdF93b3JkX3JlZ193cml0ZSwKKyAgICB9LAorICAg IHsKICAgICAgICAgLnNpemUgPSAwLAogICAgIH0sCiB9OwpAQCAtODkxLDYg KzkwMCwxNiBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X3BjaWVbCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVn X3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X3dvcmRfcmVn X3dyaXRlLAogICAgIH0sCisgICAgLyogRGV2aWNlIFN0YXR1cyByZWcgKi8K KyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJX0VYUF9ERVZTVEEs CisgICAgICAgIC5zaXplICAgICAgID0gMiwKKyAgICAgICAgLnJlc19tYXNr ICAgPSAweEZGQzAsCisgICAgICAgIC5yb19tYXNrICAgID0gMHgwMDMwLAor ICAgICAgICAuaW5pdCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQs CisgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQs CisgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X3dvcmRfcmVnX3dyaXRl LAorICAgIH0sCiAgICAgLyogTGluayBDb250cm9sIHJlZyAqLwogICAgIHsK ICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQX0xOS0NUTCwKQEAgLTkw Miw2ICs5MjEsMTUgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11 X3JlZ19wY2llWwogICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3Jk X3JlZ19yZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHhlbl9wdF93b3Jk X3JlZ193cml0ZSwKICAgICB9LAorICAgIC8qIExpbmsgU3RhdHVzIHJlZyAq LworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQX0xOS1NU QSwKKyAgICAgICAgLnNpemUgICAgICAgPSAyLAorICAgICAgICAucm9fbWFz ayAgICA9IDB4M0ZGRiwKKyAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRf Y29tbW9uX3JlZ19pbml0LAorICAgICAgICAudS53LnJlYWQgICA9IHhlbl9w dF93b3JkX3JlZ19yZWFkLAorICAgICAgICAudS53LndyaXRlICA9IHhlbl9w dF93b3JkX3JlZ193cml0ZSwKKyAgICB9LAogICAgIC8qIERldmljZSBDb250 cm9sIDIgcmVnICovCiAgICAgewogICAgICAgICAub2Zmc2V0ICAgICA9IDB4 MjgsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-8.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-8.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiB1bmtub3duIFBDSSBjb25maWcgc3BhY2UgZmllbGRzIHNob3Vs ZCBiZSByZWFkLW9ubHkKCi4uLiBieSBkZWZhdWx0LiBBZGQgYSBwZXItZGV2 aWNlICJwZXJtaXNzaXZlIiBtb2RlIHNpbWlsYXIgdG8gcGNpYmFjaydzCnRv IGFsbG93IHJlc3RvcmluZyBwcmV2aW91cyBiZWhhdmlvciAoYW5kIGhlbmNl IGJyZWFrIHNlY3VyaXR5IGFnYWluLAppLmUuIHNob3VsZCBiZSB1c2VkIG9u bHkgZm9yIHRydXN0ZWQgZ3Vlc3RzKS4KClRoaXMgaXMgcGFydCBvZiBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgpBY2tlZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5v LnN0YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEFudGhv bnkgUEVSQVJEIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPikKLS0tCk5v dGVzOgotIFdoYXQgcHVycG9zZSBkb2VzIHhlbl9wdF9oZWFkZXJfdHlwZV9y ZWdfaW5pdCgpIHNlcnZlICh3aXRoIC5lbXVfbWFzawogIGJlaW5nIHplcm8p PwotIEluIHRoZSBxZW11LXRyYWQgY2FzZSBubyBlcXVpdmFsZW50IGxvZ2lj IHRvIHRoYXQgc2V0dGluZy91c2luZwogIGRpcmVjdF9wY2lfe21zaV90cmFu c2xhdGUscG93ZXJfbWdtdH0gaXMgYmVpbmcgYWRkZWQsIGFzIHRoYXQgbG9n aWMKICBzZWVtcyBicm9rZW4gKHNldHRpbmcgZ2xvYmFscyBmcm9tIGRldmlj ZSAwIHhlbnN0b3JlIHNldHRpbmdzKS4KCi0tLSBhL2h3L3hlbl9wdC5jCisr KyBiL2h3L3hlbl9wdC5jCkBAIC0yMzksNiArMjM5LDcgQEAgc3RhdGljIHZv aWQgeGVuX3B0X3BjaV93cml0ZV9jb25maWcoUENJRAogICAgIFhlblBUUmVn ICpyZWdfZW50cnkgPSBOVUxMOwogICAgIHVpbnQzMl90IGZpbmRfYWRkciA9 IGFkZHI7CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBOVUxMOworICAgIGJv b2wgd3BfZmxhZyA9IGZhbHNlOwogCiAgICAgaWYgKHhlbl9wdF9wY2lfY29u ZmlnX2FjY2Vzc19jaGVjayhkLCBhZGRyLCBsZW4pKSB7CiAgICAgICAgIHJl dHVybjsKQEAgLTI3OCw2ICsyNzksMTAgQEAgc3RhdGljIHZvaWQgeGVuX3B0 X3BjaV93cml0ZV9jb25maWcoUENJRAogCiAgICAgLyogcGFzcyBkaXJlY3Rs eSB0byB0aGUgcmVhbCBkZXZpY2UgZm9yIHBhc3N0aHJvdWdoIHR5cGUgcmVn aXN0ZXIgZ3JvdXAgKi8KICAgICBpZiAocmVnX2dycF9lbnRyeSA9PSBOVUxM KSB7CisgICAgICAgIGlmICghcy0+cGVybWlzc2l2ZSkgeworICAgICAgICAg ICAgd2JfbWFzayA9IDA7CisgICAgICAgICAgICB3cF9mbGFnID0gdHJ1ZTsK KyAgICAgICAgfQogICAgICAgICBnb3RvIG91dDsKICAgICB9CiAKQEAgLTI5 OCwxMiArMzAzLDE1IEBAIHN0YXRpYyB2b2lkIHhlbl9wdF9wY2lfd3JpdGVf Y29uZmlnKFBDSUQKICAgICAgICAgICAgIHVpbnQzMl90IHJlYWxfb2Zmc2V0 ID0gcmVnX2dycF9lbnRyeS0+YmFzZV9vZmZzZXQgKyByZWctPm9mZnNldDsK ICAgICAgICAgICAgIHVpbnQzMl90IHZhbGlkX21hc2sgPSAweEZGRkZGRkZG ID4+ICgoNCAtIGVtdWxfbGVuKSA8PCAzKTsKICAgICAgICAgICAgIHVpbnQ4 X3QgKnB0cl92YWwgPSBOVUxMOworICAgICAgICAgICAgdWludDMyX3Qgd3Bf bWFzayA9IHJlZy0+ZW11X21hc2sgfCByZWctPnJvX21hc2s7CiAKICAgICAg ICAgICAgIHZhbGlkX21hc2sgPDw9IChmaW5kX2FkZHIgLSByZWFsX29mZnNl dCkgPDwgMzsKICAgICAgICAgICAgIHB0cl92YWwgPSAodWludDhfdCAqKSZ2 YWwgKyAocmVhbF9vZmZzZXQgJiAzKTsKLSAgICAgICAgICAgIGlmIChyZWct PmVtdV9tYXNrID09ICgweEZGRkZGRkZGID4+ICgoNCAtIHJlZy0+c2l6ZSkg PDwgMykpKSB7Ci0gICAgICAgICAgICAgICAgd2JfbWFzayAmPSB+KChyZWct PmVtdV9tYXNrCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+PiAo KGZpbmRfYWRkciAtIHJlYWxfb2Zmc2V0KSA8PCAzKSkKKyAgICAgICAgICAg IGlmICghcy0+cGVybWlzc2l2ZSkgeworICAgICAgICAgICAgICAgIHdwX21h c2sgfD0gcmVnLT5yZXNfbWFzazsKKyAgICAgICAgICAgIH0KKyAgICAgICAg ICAgIGlmICh3cF9tYXNrID09ICgweEZGRkZGRkZGID4+ICgoNCAtIHJlZy0+ c2l6ZSkgPDwgMykpKSB7CisgICAgICAgICAgICAgICAgd2JfbWFzayAmPSB+ KCh3cF9tYXNrID4+ICgoZmluZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMp KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8PCAoKGxlbiAtIGVt dWxfbGVuKSA8PCAzKSk7CiAgICAgICAgICAgICB9CiAKQEAgLTM0Nyw2ICsz NTUsMTYgQEAgc3RhdGljIHZvaWQgeGVuX3B0X3BjaV93cml0ZV9jb25maWco UENJRAogICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgLyogbm90aGlu ZyB0byBkbyB3aXRoIHBhc3N0aHJvdWdoIHR5cGUgcmVnaXN0ZXIsCiAgICAg ICAgICAgICAgKiBjb250aW51ZSB0byBmaW5kIG5leHQgYnl0ZSAqLworICAg ICAgICAgICAgaWYgKCFzLT5wZXJtaXNzaXZlKSB7CisgICAgICAgICAgICAg ICAgd2JfbWFzayAmPSB+KDB4ZmYgPDwgKChsZW4gLSBlbXVsX2xlbikgPDwg MykpOworICAgICAgICAgICAgICAgIC8qIFVudXNlZCBCQVJzIHdpbGwgbWFr ZSBpdCBoZXJlLCBidXQgd2UgZG9uJ3Qgd2FudCB0byBpc3N1ZQorICAgICAg ICAgICAgICAgICAqIHdhcm5pbmdzIGZvciB3cml0ZXMgdG8gdGhlbSAoYm9n dXMgd3JpdGVzIGdldCBkZWFsdCB3aXRoCisgICAgICAgICAgICAgICAgICog YWJvdmUpLgorICAgICAgICAgICAgICAgICAqLworICAgICAgICAgICAgICAg IGlmIChpbmRleCA8IDApIHsKKyAgICAgICAgICAgICAgICAgICAgd3BfZmxh ZyA9IHRydWU7CisgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgfQog ICAgICAgICAgICAgZW11bF9sZW4tLTsKICAgICAgICAgICAgIGZpbmRfYWRk cisrOwogICAgICAgICB9CkBAIC0zNTgsNiArMzc2LDEzIEBAIHN0YXRpYyB2 b2lkIHhlbl9wdF9wY2lfd3JpdGVfY29uZmlnKFBDSUQKICAgICBtZW1vcnlf cmVnaW9uX3RyYW5zYWN0aW9uX2NvbW1pdCgpOwogCiBvdXQ6CisgICAgaWYg KHdwX2ZsYWcgJiYgIXMtPnBlcm1pc3NpdmVfd2FybmVkKSB7CisgICAgICAg IHMtPnBlcm1pc3NpdmVfd2FybmVkID0gdHJ1ZTsKKyAgICAgICAgeGVuX3B0 X2xvZyhkLCAiV3JpdGUtYmFjayB0byB1bmtub3duIGZpZWxkIDB4JTAyeCAo cGFydGlhbGx5KSBpbmhpYml0ZWQgKDB4JTAqeClcbiIsCisgICAgICAgICAg ICAgICAgICAgYWRkciwgbGVuICogMiwgd2JfbWFzayk7CisgICAgICAgIHhl bl9wdF9sb2coZCwgIklmIHRoZSBkZXZpY2UgZG9lc24ndCB3b3JrLCB0cnkg ZW5hYmxpbmcgcGVybWlzc2l2ZSBtb2RlXG4iKTsKKyAgICAgICAgeGVuX3B0 X2xvZyhkLCAiKHVuc2FmZSkgYW5kIGlmIGl0IGhlbHBzIHJlcG9ydCB0aGUg cHJvYmxlbSB0byB4ZW4tZGV2ZWxcbiIpOworICAgIH0KICAgICBmb3IgKGlu ZGV4ID0gMDsgd2JfbWFzazsgaW5kZXggKz0gbGVuKSB7CiAgICAgICAgIC8q IHVua25vd24gcmVncyBhcmUgcGFzc2VkIHRocm91Z2ggKi8KICAgICAgICAg d2hpbGUgKCEod2JfbWFzayAmIDB4ZmYpKSB7CkBAIC04MzgsNiArODYzLDcg QEAgc3RhdGljIHZvaWQgeGVuX3B0X3VucmVnaXN0ZXJfZGV2aWNlKFBDSQog CiBzdGF0aWMgUHJvcGVydHkgeGVuX3BjaV9wYXNzdGhyb3VnaF9wcm9wZXJ0 aWVzW10gPSB7CiAgICAgREVGSU5FX1BST1BfUENJX0hPU1RfREVWQUREUigi aG9zdGFkZHIiLCBYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlLCBob3N0YWRkciks CisgICAgREVGSU5FX1BST1BfVUlOVDgoInBlcm1pc3NpdmUiLCBYZW5QQ0lQ YXNzdGhyb3VnaFN0YXRlLCBwZXJtaXNzaXZlLCAwKSwKICAgICBERUZJTkVf UFJPUF9FTkRfT0ZfTElTVCgpLAogfTsKIAotLS0gYS9ody94ZW5fcHQuaAor KysgYi9ody94ZW5fcHQuaApAQCAtMTk3LDYgKzE5Nyw4IEBAIHN0cnVjdCBY ZW5QQ0lQYXNzdGhyb3VnaFN0YXRlIHsKIAogICAgIFBDSUhvc3REZXZpY2VB ZGRyZXNzIGhvc3RhZGRyOwogICAgIGJvb2wgaXNfdmlydGZuOworICAgIHVp bnQ4X3QgcGVybWlzc2l2ZTsKKyAgICBib29sIHBlcm1pc3NpdmVfd2FybmVk OwogICAgIFhlbkhvc3RQQ0lEZXZpY2UgcmVhbF9kZXZpY2U7CiAgICAgWGVu UFRSZWdpb24gYmFzZXNbUENJX05VTV9SRUdJT05TXTsgLyogQWNjZXNzIHJl Z2lvbnMgKi8KICAgICBRTElTVF9IRUFEKCwgWGVuUFRSZWdHcm91cCkgcmVn X2dycHM7Ci0tLSBhL2h3L3hlbl9wdF9jb25maWdfaW5pdC5jCisrKyBiL2h3 L3hlbl9wdF9jb25maWdfaW5pdC5jCkBAIC0xMDEsNiArMTAxLDEwIEBAIHN0 YXRpYyB1aW50MzJfdCBnZXRfdGhyb3VnaGFibGVfbWFzayhjb24KIHsKICAg ICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0gfihyZWctPmVtdV9tYXNr IHwgcmVnLT5yb19tYXNrKTsKIAorICAgIGlmICghcy0+cGVybWlzc2l2ZSkg eworICAgICAgICB0aHJvdWdoYWJsZV9tYXNrICY9IH5yZWctPnJlc19tYXNr OworICAgIH0KKwogICAgIHJldHVybiB0aHJvdWdoYWJsZV9tYXNrICYgdmFs aWRfbWFzazsKIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.4-1.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.4-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25m aWdfaW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpA QCAtMTA1NSw3ICsxMDU1LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnY3Ry bF9yZWdfd3JpdGUoWGVuUAogICAgIFhlblBUTVNJICptc2kgPSBzLT5tc2k7 CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7CiAgICAgdWludDE2 X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgcmF3X3Zh bDsKIAogICAgIC8qIEN1cnJlbnRseSBubyBzdXBwb3J0IGZvciBtdWx0aS12 ZWN0b3IgKi8KICAgICBpZiAoKnZhbCAmIFBDSV9NU0lfRkxBR1NfUVNJWkUp IHsKQEAgLTEwNjgsMTIgKzEwNjcsMTEgQEAgc3RhdGljIGludCB4ZW5fcHRf bXNnY3RybF9yZWdfd3JpdGUoWGVuUAogICAgIG1zaS0+ZmxhZ3MgfD0gY2Zn X2VudHJ5LT5kYXRhICYgflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogCiAgICAg LyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVn aXN0ZXIgKi8KLSAgICByYXdfdmFsID0gKnZhbDsKICAgICB0aHJvdWdoYWJs ZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2 YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJv dWdoYWJsZV9tYXNrKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KLSAgICBp ZiAocmF3X3ZhbCAmIFBDSV9NU0lfRkxBR1NfRU5BQkxFKSB7CisgICAgaWYg KCp2YWwgJiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSkgewogICAgICAgICAvKiBz ZXR1cCBNU0kgcGlycSBmb3IgdGhlIGZpcnN0IHRpbWUgKi8KICAgICAgICAg aWYgKCFtc2ktPmluaXRpYWxpemVkKSB7CiAgICAgICAgICAgICAvKiBJbml0 IHBoeXNpY2FsIG9uZSAqLwpAQCAtMTEwMSwxMCArMTA5OSw2IEBAIHN0YXRp YyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVnX3dyaXRlKFhlblAKICAgICAgICAg bXNpLT5mbGFncyAmPSB+UENJX01TSV9GTEFHU19FTkFCTEU7CiAgICAgfQog Ci0gICAgLyogcGFzcyB0aHJvdWdoIE1TSV9FTkFCTEUgYml0ICovCi0gICAg KnZhbCAmPSB+UENJX01TSV9GTEFHU19FTkFCTEU7Ci0gICAgKnZhbCB8PSBy YXdfdmFsICYgUENJX01TSV9GTEFHU19FTkFCTEU7Ci0KICAgICByZXR1cm4g MDsKIH0KIApAQCAtMTMwMyw3ICsxMjk3LDcgQEAgc3RhdGljIFhlblBUUmVn SW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuc2l6ZSAgICAg ICA9IDIsCiAgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAg ICAucm9fbWFzayAgICA9IDB4RkY4RSwKLSAgICAgICAgLmVtdV9tYXNrICAg PSAweDAxN0YsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdFLAogICAg ICAgICAuaW5pdCAgICAgICA9IHhlbl9wdF9tc2djdHJsX3JlZ19pbml0LAog ICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFkLAog ICAgICAgICAudS53LndyaXRlICA9IHhlbl9wdF9tc2djdHJsX3JlZ193cml0 ZSwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBzcGxpdCBvdXQgY2FsY3VsYXRpb24gb2YgdGhyb3VnaGFibGUg bWFzayBpbiBQQ0kgY29uZmlnIHNwYWNlIGhhbmRsaW5nCgpUaGlzIGlzIGp1 c3QgdG8gYXZvaWQgaGF2aW5nIHRvIGFkanVzdCB0aGF0IGNhbGN1bGF0aW9u IGxhdGVyIGluCm11bHRpcGxlIHBsYWNlcy4KCk5vdGUgdGhhdCBpbmNsdWRp bmcgLT5yb19tYXNrIGluIGdldF90aHJvdWdoYWJsZV9tYXNrKCkncyBjYWxj dWxhdGlvbgppcyBvbmx5IGFuIGFwcGFyZW50IChpLmUuIGJlbmlnbikgYmVo YXZpb3JhbCBjaGFuZ2U6IEZvciByL28gZmllbGRzIGl0CmRvZXNuJ3QgbWF0 dGVyID4gd2hldGhlciB0aGV5IGdldCBwYXNzZWQgdGhyb3VnaCAtIGVpdGhl ciB0aGUgc2FtZSBmbGFnCmlzIGFsc28gc2V0IGluIGVtdV9tYXNrICh0aGVu IHRoZXJlJ3Mgbm8gY2hhbmdlIGF0IGFsbCkgb3IgdGhlIGZpZWxkIGlzCnIv byBpbiBoYXJkd2FyZSAoYW5kIGhlbmNlIGEgd3JpdGUgd29uJ3QgY2hhbmdl IGl0IGFueXdheSkuCgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9y IFhTQS0xMzEuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0 ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpSZXZpZXdlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cgot LS0gYS9ody94ZW4veGVuX3B0X2NvbmZpZ19pbml0LmMKKysrIGIvaHcveGVu L3hlbl9wdF9jb25maWdfaW5pdC5jCkBAIC05NSw2ICs5NSwxNCBAQCBYZW5Q VFJlZyAqeGVuX3B0X2ZpbmRfcmVnKFhlblBUUmVnR3JvdXAgCiAgICAgcmV0 dXJuIE5VTEw7CiB9CiAKK3N0YXRpYyB1aW50MzJfdCBnZXRfdGhyb3VnaGFi bGVfbWFzayhjb25zdCBYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IFhlblBU UmVnSW5mbyAqcmVnLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHVpbnQzMl90IHZhbGlkX21hc2spCit7CisgICAgdWludDMyX3Qg dGhyb3VnaGFibGVfbWFzayA9IH4ocmVnLT5lbXVfbWFzayB8IHJlZy0+cm9f bWFzayk7CisKKyAgICByZXR1cm4gdGhyb3VnaGFibGVfbWFzayAmIHZhbGlk X21hc2s7Cit9CiAKIC8qKioqKioqKioqKioqKioqCiAgKiBnZW5lcmFsIHJl Z2lzdGVyIGZ1bmN0aW9ucwpAQCAtMTU3LDE0ICsxNjUsMTMgQEAgc3RhdGlj IGludCB4ZW5fcHRfYnl0ZV9yZWdfd3JpdGUoWGVuUENJUAogewogICAgIFhl blBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDhf dCB3cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50OF90IHRocm91Z2hhYmxl X21hc2sgPSAwOworICAgIHVpbnQ4X3QgdGhyb3VnaGFibGVfbWFzayA9IGdl dF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFsaWRfbWFzayk7CiAKICAg ICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwogICAgIHdyaXRhYmxl X21hc2sgPSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlk X21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZB TFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAK ICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmlj ZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5l bXVfbWFzayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhFTl9QVF9NRVJH RV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwog CiAgICAgcmV0dXJuIDA7CkBAIC0xNzUsMTQgKzE4MiwxMyBAQCBzdGF0aWMg aW50IHhlbl9wdF93b3JkX3JlZ193cml0ZShYZW5QQ0lQCiB7CiAgICAgWGVu UFRSZWdJbmZvICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MTZf dCB3cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MTZfdCB0aHJvdWdoYWJs ZV9tYXNrID0gMDsKKyAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0g Z2V0X3Rocm91Z2hhYmxlX21hc2socywgcmVnLCB2YWxpZF9tYXNrKTsKIAog ICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAgICAgd3JpdGFi bGVfbWFzayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19tYXNrICYgdmFs aWRfbWFzazsKICAgICBjZmdfZW50cnktPmRhdGEgPSBYRU5fUFRfTUVSR0Vf VkFMVUUoKnZhbCwgY2ZnX2VudHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsK IAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2 aWNlIHJlZ2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWct PmVtdV9tYXNrICYgdmFsaWRfbWFzazsKICAgICAqdmFsID0gWEVOX1BUX01F UkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7 CiAKICAgICByZXR1cm4gMDsKQEAgLTE5MywxNCArMTk5LDEzIEBAIHN0YXRp YyBpbnQgeGVuX3B0X2xvbmdfcmVnX3dyaXRlKFhlblBDSVAKIHsKICAgICBY ZW5QVFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQz Ml90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91Z2hh YmxlX21hc2sgPSAwOworICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21hc2sg PSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2spOwog CiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8KICAgICB3cml0 YWJsZV9tYXNrID0gcmVnLT5lbXVfbWFzayAmIH5yZWctPnJvX21hc2sgJiB2 YWxpZF9tYXNrOwogICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJH RV9WQUxVRSgqdmFsLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2sp OwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBk ZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJl Zy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRf TUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNr KTsKIAogICAgIHJldHVybiAwOwpAQCAtMjkyLDE1ICsyOTcsMTMgQEAgc3Rh dGljIGludCB4ZW5fcHRfY21kX3JlZ193cml0ZShYZW5QQ0lQYQogewogICAg IFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWlu dDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3Vn aGFibGVfbWFzayA9IDA7CisgICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFz ayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFsaWRfbWFzayk7 CiAKICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwogICAgIHdy aXRhYmxlX21hc2sgPSB+cmVnLT5yb19tYXNrICYgdmFsaWRfbWFzazsKICAg ICBjZmdfZW50cnktPmRhdGEgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwg Y2ZnX2VudHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNy ZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVy ICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYg dmFsaWRfbWFzazsKLQogICAgIGlmICgqdmFsICYgUENJX0NPTU1BTkRfSU5U WF9ESVNBQkxFKSB7CiAgICAgICAgIHRocm91Z2hhYmxlX21hc2sgfD0gUENJ X0NPTU1BTkRfSU5UWF9ESVNBQkxFOwogICAgIH0gZWxzZSB7CkBAIC00NTYs NyArNDU5LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfYmFyX3JlZ193cml0ZShY ZW5QQ0lQYQogICAgIFBDSURldmljZSAqZCA9ICZzLT5kZXY7CiAgICAgY29u c3QgUENJSU9SZWdpb24gKnI7CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFz ayA9IDA7Ci0gICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CiAg ICAgdWludDMyX3QgYmFyX2VtdV9tYXNrID0gMDsKICAgICB1aW50MzJfdCBi YXJfcm9fbWFzayA9IDA7CiAgICAgdWludDMyX3Qgcl9zaXplID0gMDsKQEAg LTUxMyw4ICs1MTUsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9iYXJfcmVnX3dy aXRlKFhlblBDSVBhCiAgICAgfQogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZv ciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJv dWdoYWJsZV9tYXNrID0gfmJhcl9lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0g ICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUs IHRocm91Z2hhYmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0Vf VkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIHJldHVybiAwOwog fQpAQCAtNTI4LDkgKzUyOSw4IEBAIHN0YXRpYyBpbnQgeGVuX3B0X2V4cF9y b21fYmFyX3JlZ193cml0ZSgKICAgICBYZW5QVFJlZ2lvbiAqYmFzZSA9IE5V TEw7CiAgICAgUENJRGV2aWNlICpkID0gKFBDSURldmljZSAqKSZzLT5kZXY7 CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDMy X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAgdWludDMyX3QgdGhyb3Vn aGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFs aWRfbWFzayk7CiAgICAgcGNpYnVzX3Qgcl9zaXplID0gMDsKLSAgICB1aW50 MzJfdCBiYXJfZW11X21hc2sgPSAwOwogICAgIHVpbnQzMl90IGJhcl9yb19t YXNrID0gMDsKIAogICAgIHJfc2l6ZSA9IGQtPmlvX3JlZ2lvbnNbUENJX1JP TV9TTE9UXS5zaXplOwpAQCAtNTM5LDcgKzUzOSw2IEBAIHN0YXRpYyBpbnQg eGVuX3B0X2V4cF9yb21fYmFyX3JlZ193cml0ZSgKICAgICByX3NpemUgPSB4 ZW5fcHRfZ2V0X2VtdWxfc2l6ZShiYXNlLT5iYXJfZmxhZywgcl9zaXplKTsK IAogICAgIC8qIHNldCBlbXVsYXRlIG1hc2sgYW5kIHJlYWQtb25seSBtYXNr ICovCi0gICAgYmFyX2VtdV9tYXNrID0gcmVnLT5lbXVfbWFzazsKICAgICBi YXJfcm9fbWFzayA9IChyZWctPnJvX21hc2sgfCAocl9zaXplIC0gMSkpICYg flBDSV9ST01fQUREUkVTU19FTkFCTEU7CiAKICAgICAvKiBtb2RpZnkgZW11 bGF0ZSByZWdpc3RlciAqLwpAQCAtNTQ3LDcgKzU0Niw2IEBAIHN0YXRpYyBp bnQgeGVuX3B0X2V4cF9yb21fYmFyX3JlZ193cml0ZSgKICAgICBjZmdfZW50 cnktPmRhdGEgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgY2ZnX2VudHJ5 LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNyZWF0ZSB2YWx1 ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAg dGhyb3VnaGFibGVfbWFzayA9IH5iYXJfZW11X21hc2sgJiB2YWxpZF9tYXNr OwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3Zh bHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIHJldHVybiAwOwpAQCAt OTQyLDE0ICs5NDAsMTMgQEAgc3RhdGljIGludCB4ZW5fcHRfcG1jc3JfcmVn X3dyaXRlKFhlblBDSQogewogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2Zn X2VudHJ5LT5yZWc7CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7 Ci0gICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAgdWlu dDE2X3QgdGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNr KHMsIHJlZywgdmFsaWRfbWFzayk7CiAKICAgICAvKiBtb2RpZnkgZW11bGF0 ZSByZWdpc3RlciAqLwogICAgIHdyaXRhYmxlX21hc2sgPSByZWctPmVtdV9t YXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7CiAgICAgY2ZnX2Vu dHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRy eS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFs dWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAg IHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21h c2s7CiAgICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZf dmFsdWUgJiB+UENJX1BNX0NUUkxfUE1FX1NUQVRVUywKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHRocm91Z2hhYmxlX21hc2spOwogCkBAIC0x MDQyLDcgKzEwMzksNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2djdHJsX3Jl Z193cml0ZShYZW5QCiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdfZW50 cnktPnJlZzsKICAgICBYZW5QVE1TSSAqbXNpID0gcy0+bXNpOwogICAgIHVp bnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91 Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21h c2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2sp OwogCiAgICAgLyogQ3VycmVudGx5IG5vIHN1cHBvcnQgZm9yIG11bHRpLXZl Y3RvciAqLwogICAgIGlmICgqdmFsICYgUENJX01TSV9GTEFHU19RU0laRSkg ewpAQCAtMTA1NSw3ICsxMDUyLDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNn Y3RybF9yZWdfd3JpdGUoWGVuUAogICAgIG1zaS0+ZmxhZ3MgfD0gY2ZnX2Vu dHJ5LT5kYXRhICYgflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogCiAgICAgLyog Y3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0 ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sg JiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIC8q IHVwZGF0ZSBNU0kgKi8KQEAgLTExNzEsNyArMTE2Nyw2IEBAIHN0YXRpYyBp bnQgeGVuX3B0X21zZ2FkZHIzMl9yZWdfd3JpdGUoWGUKIHsKICAgICBYZW5Q VFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQzMl90 IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91Z2hhYmxl X21hc2sgPSAwOwogICAgIHVpbnQzMl90IG9sZF9hZGRyID0gY2ZnX2VudHJ5 LT5kYXRhOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8K QEAgLTExODAsOCArMTE3NSw3IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2Fk ZHIzMl9yZWdfd3JpdGUoWGUKICAgICBzLT5tc2ktPmFkZHJfbG8gPSBjZmdf ZW50cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRp bmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxl X21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZh bCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91 Z2hhYmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8K ICAgICBpZiAoY2ZnX2VudHJ5LT5kYXRhICE9IG9sZF9hZGRyKSB7CkBAIC0x MTk5LDcgKzExOTMsNiBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dhZGRyNjRf cmVnX3dyaXRlKFhlCiB7CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdf ZW50cnktPnJlZzsKICAgICB1aW50MzJfdCB3cml0YWJsZV9tYXNrID0gMDsK LSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKICAgICB1aW50 MzJfdCBvbGRfYWRkciA9IGNmZ19lbnRyeS0+ZGF0YTsKIAogICAgIC8qIGNo ZWNrIHdoZXRoZXIgdGhlIHR5cGUgaXMgNjQgYml0IG9yIG5vdCAqLwpAQCAt MTIxNiw4ICsxMjA5LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnYWRkcjY0 X3JlZ193cml0ZShYZQogICAgIHMtPm1zaS0+YWRkcl9oaSA9IGNmZ19lbnRy eS0+ZGF0YTsKIAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0 byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFz ayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRfbWFzazsKLSAgICAqdmFsID0g WEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFi bGVfbWFzayk7CisgICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFs LCBkZXZfdmFsdWUsIDApOwogCiAgICAgLyogdXBkYXRlIE1TSSAqLwogICAg IGlmIChjZmdfZW50cnktPmRhdGEgIT0gb2xkX2FkZHIpIHsKQEAgLTEyMzks NyArMTIzMSw2IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2RhdGFfcmVnX3dy aXRlKFhlblAKICAgICBYZW5QVFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+ cmVnOwogICAgIFhlblBUTVNJICptc2kgPSBzLT5tc2k7CiAgICAgdWludDE2 X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3VnaGFi bGVfbWFzayA9IDA7CiAgICAgdWludDE2X3Qgb2xkX2RhdGEgPSBjZmdfZW50 cnktPmRhdGE7CiAgICAgdWludDMyX3Qgb2Zmc2V0ID0gcmVnLT5vZmZzZXQ7 CiAKQEAgLTEyNTcsOCArMTI0OCw3IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21z Z2RhdGFfcmVnX3dyaXRlKFhlblAKICAgICBtc2ktPmRhdGEgPSBjZmdfZW50 cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcg dG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21h c2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbCA9 IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hh YmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZh bCwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KICAg ICBpZiAoY2ZnX2VudHJ5LT5kYXRhICE9IG9sZF9kYXRhKSB7CkBAIC0xNDIw LDcgKzE0MTAsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2l4Y3RybF9yZWdf d3JpdGUoWGVuCiB7CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdfZW50 cnktPnJlZzsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAg ICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKKyAgICB1aW50MTZf dCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Rocm91Z2hhYmxlX21hc2socywg cmVnLCB2YWxpZF9tYXNrKTsKICAgICBpbnQgZGVidWdfbXNpeF9lbmFibGVk X29sZDsKIAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCkBA IC0xNDI4LDcgKzE0MTgsNiBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2l4Y3Ry bF9yZWdfd3JpdGUoWGVuCiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BU X01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVf bWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8g SS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sg PSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhF Tl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxl X21hc2spOwogCiAgICAgLyogdXBkYXRlIE1TSS1YICovCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-5.patch" Content-Disposition: attachment; filename="xsa131-qemuu-5.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIGFsbCBQQ0llIGNhcGFiaWxpdHkgYml0cyByZWFkLW9u bHkKCnhlbl9wdF9lbXVfcmVnX3BjaWVbXSdzIFBDSV9FWFBfREVWQ0FQIG5l ZWRzIHRvIGNvdmVyIGFsbCBiaXRzIGFzIHJlYWQtCm9ubHkgdG8gYXZvaWQg dW5pbnRlbmRlZCB3cml0ZS1iYWNrIChqdXN0IGEgcHJlY2F1dGlvbiwgdGhl IGZpZWxkIG91Z2h0CnRvIGJlIHJlYWQtb25seSBpbiBoYXJkd2FyZSkuCgpU aGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpTaWdu ZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25m aWdfaW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpA QCAtODczLDcgKzg3Myw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0 X2VtdV9yZWdfcGNpZVsKICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQ X0RFVkNBUCwKICAgICAgICAgLnNpemUgICAgICAgPSA0LAogICAgICAgICAu aW5pdF92YWwgICA9IDB4MDAwMDAwMDAsCi0gICAgICAgIC5yb19tYXNrICAg ID0gMHgxRkZDRkZGRiwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEZGRkZG RkZGLAogICAgICAgICAuZW11X21hc2sgICA9IDB4MTAwMDAwMDAsCiAgICAg ICAgIC5pbml0ICAgICAgID0geGVuX3B0X2NvbW1vbl9yZWdfaW5pdCwKICAg ICAgICAgLnUuZHcucmVhZCAgPSB4ZW5fcHRfbG9uZ19yZWdfcmVhZCwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-6.patch" Content-Disposition: attachment; filename="xsa131-qemuu-6.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIHJlc2VydmVkIGJpdHMgaW4gUENJIGNvbmZpZyBzcGFj ZSBmaWVsZHMKClRoZSBhZGp1c3RtZW50cyBhcmUgc29sZWx5IHRvIG1ha2Ug dGhlIHN1YnNlcXVlbnQgcGF0Y2hlcyB3b3JrIHJpZ2h0CihhbmQgaGVuY2Ug bWFrZSB0aGUgcGF0Y2ggc2V0IGNvbnNpc3RlbnQpLCBuYW1lbHkgaWYgcGVy bWlzc2l2ZSBtb2RlCihpbnRyb2R1Y2VkIGJ5IHRoZSBsYXN0IHBhdGNoKSBn ZXRzIHVzZWQgKGFzIGJvdGggcmVzZXJ2ZWQgcmVnaXN0ZXJzCmFuZCByZXNl cnZlZCBmaWVsZHMgbXVzdCBiZSBzaW1pbGFybHkgcHJvdGVjdGVkIGZyb20g Z3Vlc3QgYWNjZXNzIGluCmRlZmF1bHQgbW9kZSwgYnV0IHRoZSBndWVzdCBz aG91bGQgYmUgYWxsb3dlZCBhY2Nlc3MgdG8gdGhlbSBpbgpwZXJtaXNzaXZl IG1vZGUpLgoKVGhpcyBpcyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdC5oCisrKyBiL2h3L3hlbi94 ZW5fcHQuaApAQCAtMTAxLDYgKzEwMSw4IEBAIHN0cnVjdCBYZW5QVFJlZ0lu Zm8gewogICAgIHVpbnQzMl90IG9mZnNldDsKICAgICB1aW50MzJfdCBzaXpl OwogICAgIHVpbnQzMl90IGluaXRfdmFsOworICAgIC8qIHJlZyByZXNlcnZl ZCBmaWVsZCBtYXNrIChPTjpyZXNlcnZlZCwgT0ZGOmRlZmluZWQpICovCisg ICAgdWludDMyX3QgcmVzX21hc2s7CiAgICAgLyogcmVnIHJlYWQgb25seSBm aWVsZCBtYXNrIChPTjpSTy9ST1MsIE9GRjpvdGhlcikgKi8KICAgICB1aW50 MzJfdCByb19tYXNrOwogICAgIC8qIHJlZyBlbXVsYXRlIGZpZWxkIG1hc2sg KE9OOmVtdSwgT0ZGOnBhc3N0aHJvdWdoKSAqLwotLS0gYS9ody94ZW4veGVu X3B0X2NvbmZpZ19pbml0LmMKKysrIGIvaHcveGVuL3hlbl9wdF9jb25maWdf aW5pdC5jCkBAIC01ODAsNyArNTgwLDcgQEAgc3RhdGljIFhlblBUUmVnSW5m byB4ZW5fcHRfZW11X3JlZ19oZWFkZQogICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9DT01NQU5ELAogICAgICAgICAuc2l6ZSAgICAgICA9IDIsCiAgICAg ICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAotICAgICAgICAucm9fbWFzayAg ICA9IDB4Rjg4MCwKKyAgICAgICAgLnJlc19tYXNrICAgPSAweEY4ODAsCiAg ICAgICAgIC5lbXVfbWFzayAgID0gMHgwNzQzLAogICAgICAgICAuaW5pdCAg ICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAgIC51Lncu cmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCkBAIC02MDUsNyArNjA1 LDggQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19oZWFk ZQogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9TVEFUVVMsCiAgICAgICAg IC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAw MDAsCi0gICAgICAgIC5yb19tYXNrICAgID0gMHgwNkZGLAorICAgICAgICAu cmVzX21hc2sgICA9IDB4MDAwNywKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eDA2RjgsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDEwLAogICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9zdGF0dXNfcmVnX2luaXQsCiAgICAg ICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCkBAIC05 ODIsNyArOTgzLDggQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11 X3JlZ19wbVtdIAogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9QTV9DVFJM LAogICAgICAgICAuc2l6ZSAgICAgICA9IDIsCiAgICAgICAgIC5pbml0X3Zh bCAgID0gMHgwMDA4LAotICAgICAgICAucm9fbWFzayAgICA9IDB4RTFGQywK KyAgICAgICAgLnJlc19tYXNrICAgPSAweDAwRjAsCisgICAgICAgIC5yb19t YXNrICAgID0gMHhFMTBDLAogICAgICAgICAuZW11X21hc2sgICA9IDB4ODEw QiwKICAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRfY29tbW9uX3JlZ19p bml0LAogICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19y ZWFkLApAQCAtMTI3OCw3ICsxMjgwLDggQEAgc3RhdGljIFhlblBUUmVnSW5m byB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9NU0lfRkxBR1MsCiAgICAgICAgIC5zaXplICAgICAgID0gMiwKICAg ICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAsCi0gICAgICAgIC5yb19tYXNr ICAgID0gMHhGRjhFLAorICAgICAgICAucmVzX21hc2sgICA9IDB4RkUwMCwK KyAgICAgICAgLnJvX21hc2sgICAgPSAweDAxOEUsCiAgICAgICAgIC5lbXVf bWFzayAgID0gMHgwMTdFLAogICAgICAgICAuaW5pdCAgICAgICA9IHhlbl9w dF9tc2djdHJsX3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9IHhl bl9wdF93b3JkX3JlZ19yZWFkLApAQCAtMTQ1Niw3ICsxNDU5LDggQEAgc3Rh dGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19tc2l4WwogICAgICAg ICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfRkxBR1MsCiAgICAgICAgIC5zaXpl ICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAsCi0g ICAgICAgIC5yb19tYXNrICAgID0gMHgzRkZGLAorICAgICAgICAucmVzX21h c2sgICA9IDB4MzgwMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweDA3RkYs CiAgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDAwLAogICAgICAgICAuaW5p dCAgICAgICA9IHhlbl9wdF9tc2l4Y3RybF9yZWdfaW5pdCwKICAgICAgICAg LnUudy5yZWFkICAgPSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-7.patch" Content-Disposition: attachment; filename="xsa131-qemuu-7.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBhZGQgYSBmZXcgUENJIGNvbmZpZyBzcGFjZSBmaWVsZCBkZXNj cmlwdGlvbnMKClNpbmNlIHRoZSBuZXh0IHBhdGNoIHdpbGwgdHVybiBhbGwg bm90IGV4cGxpY2l0bHkgZGVzY3JpYmVkIGZpZWxkcwpyZWFkLW9ubHkgYnkg ZGVmYXVsdCwgdGhvc2UgZmllbGRzIHRoYXQgaGF2ZSBndWVzdCB3cml0YWJs ZSBiaXRzIG5lZWQKdG8gYmUgZ2l2ZW4gZXhwbGljaXQgZGVzY3JpcHRvcnMu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ Ci0tLQpOb3RlczoKLSBibGluZGx5IGFsbG93aW5nIGFsbCBWUEQgcmVhZHMg bWF5IHN0aWxsIGJlIGEgcHJvYmxlbSAob3V0IG9mIGJvdW5kcwogIGFkZHJl c3NlcyBhcmVuJ3QgYWxsb3dlZCwgYnV0IHRoZSBzcGVjIGRvZXNuJ3Qgc2F5 IHdoYXQgdGhlIGVmZmVjdAogIHdvdWxkIGJlKSA9PT4gYWxzbyBhbiBpc3N1 ZSBpbiBwY2liYWNrPwotIFZlbmRvciBTcGVjaWZpYyBjYXAgcmVncyBhcmVu J3QgaW4gdGhlIHRhYmxlICh3aWxsIGJlY29tZSByL28gYnkKICBkZWZhdWx0 IHdpdGggdGhpcyBjaGFuZ2UpCi0gbWFueSBQQ0llIGNhcCByZWdzIGFyZW4n dCBpbiB0aGUgdGFibGUgKHdpbGwgYWdhaW4gYmVjb21lIHIvbykKLSBzYW1l IGZvciBQTSBjYXAgcmVncyBhdCBvZmZzZXRzIDYgYW5kIDcKCi0tLSBhL2h3 L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYworKysgYi9ody94ZW4veGVuX3B0 X2NvbmZpZ19pbml0LmMKQEAgLTc1Niw2ICs3NTYsMTUgQEAgc3RhdGljIFhl blBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ192cGRbXQogICAgICAgICAudS5i LndyaXRlICA9IHhlbl9wdF9ieXRlX3JlZ193cml0ZSwKICAgICB9LAogICAg IHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfVlBEX0FERFIsCisgICAg ICAgIC5zaXplICAgICAgID0gMiwKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eDAwMDMsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDAzLAorICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCisgICAg ICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCisgICAg ICAgIC51Lncud3JpdGUgID0geGVuX3B0X3dvcmRfcmVnX3dyaXRlLAorICAg IH0sCisgICAgewogICAgICAgICAuc2l6ZSA9IDAsCiAgICAgfSwKIH07CkBA IC04OTEsNiArOTAwLDE2IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0 X2VtdV9yZWdfcGNpZVsKICAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRf d29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAgPSB4ZW5fcHRf d29yZF9yZWdfd3JpdGUsCiAgICAgfSwKKyAgICAvKiBEZXZpY2UgU3RhdHVz IHJlZyAqLworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQ X0RFVlNUQSwKKyAgICAgICAgLnNpemUgICAgICAgPSAyLAorICAgICAgICAu cmVzX21hc2sgICA9IDB4RkZDMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eDAwMzAsCisgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X2NvbW1vbl9y ZWdfaW5pdCwKKyAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRfd29yZF9y ZWdfcmVhZCwKKyAgICAgICAgLnUudy53cml0ZSAgPSB4ZW5fcHRfd29yZF9y ZWdfd3JpdGUsCisgICAgfSwKICAgICAvKiBMaW5rIENvbnRyb2wgcmVnICov CiAgICAgewogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9FWFBfTE5LQ1RM LApAQCAtOTAyLDYgKzkyMSwxNSBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhl bl9wdF9lbXVfcmVnX3BjaWVbCiAgICAgICAgIC51LncucmVhZCAgID0geGVu X3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVu X3B0X3dvcmRfcmVnX3dyaXRlLAogICAgIH0sCisgICAgLyogTGluayBTdGF0 dXMgcmVnICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9F WFBfTE5LU1RBLAorICAgICAgICAuc2l6ZSAgICAgICA9IDIsCisgICAgICAg IC5yb19tYXNrICAgID0gMHgzRkZGLAorICAgICAgICAuaW5pdCAgICAgICA9 IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCisgICAgICAgIC51LncucmVhZCAg ID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCisgICAgICAgIC51Lncud3JpdGUg ID0geGVuX3B0X3dvcmRfcmVnX3dyaXRlLAorICAgIH0sCiAgICAgLyogRGV2 aWNlIENvbnRyb2wgMiByZWcgKi8KICAgICB7CiAgICAgICAgIC5vZmZzZXQg ICAgID0gMHgyOCwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-8.patch" Content-Disposition: attachment; filename="xsa131-qemuu-8.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiB1bmtub3duIFBDSSBjb25maWcgc3BhY2UgZmllbGRzIHNob3Vs ZCBiZSByZWFkLW9ubHkKCi4uLiBieSBkZWZhdWx0LiBBZGQgYSBwZXItZGV2 aWNlICJwZXJtaXNzaXZlIiBtb2RlIHNpbWlsYXIgdG8gcGNpYmFjaydzCnRv IGFsbG93IHJlc3RvcmluZyBwcmV2aW91cyBiZWhhdmlvciAoYW5kIGhlbmNl IGJyZWFrIHNlY3VyaXR5IGFnYWluLAppLmUuIHNob3VsZCBiZSB1c2VkIG9u bHkgZm9yIHRydXN0ZWQgZ3Vlc3RzKS4KClRoaXMgaXMgcGFydCBvZiBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgpBY2tlZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5v LnN0YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEFudGhv bnkgUEVSQVJEIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPikKLS0tCk5v dGVzOgotIFdoYXQgcHVycG9zZSBkb2VzIHhlbl9wdF9oZWFkZXJfdHlwZV9y ZWdfaW5pdCgpIHNlcnZlICh3aXRoIC5lbXVfbWFzawogIGJlaW5nIHplcm8p PwotIEluIHRoZSBxZW11LXRyYWQgY2FzZSBubyBlcXVpdmFsZW50IGxvZ2lj IHRvIHRoYXQgc2V0dGluZy91c2luZwogIGRpcmVjdF9wY2lfe21zaV90cmFu c2xhdGUscG93ZXJfbWdtdH0gaXMgYmVpbmcgYWRkZWQsIGFzIHRoYXQgbG9n aWMKICBzZWVtcyBicm9rZW4gKHNldHRpbmcgZ2xvYmFscyBmcm9tIGRldmlj ZSAwIHhlbnN0b3JlIHNldHRpbmdzKS4KCi0tLSBhL2h3L3hlbi94ZW5fcHQu YworKysgYi9ody94ZW4veGVuX3B0LmMKQEAgLTIzOSw2ICsyMzksNyBAQCBz dGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lECiAgICAg WGVuUFRSZWcgKnJlZ19lbnRyeSA9IE5VTEw7CiAgICAgdWludDMyX3QgZmlu ZF9hZGRyID0gYWRkcjsKICAgICBYZW5QVFJlZ0luZm8gKnJlZyA9IE5VTEw7 CisgICAgYm9vbCB3cF9mbGFnID0gZmFsc2U7CiAKICAgICBpZiAoeGVuX3B0 X3BjaV9jb25maWdfYWNjZXNzX2NoZWNrKGQsIGFkZHIsIGxlbikpIHsKICAg ICAgICAgcmV0dXJuOwpAQCAtMjgwLDYgKzI4MSwxMCBAQCBzdGF0aWMgdm9p ZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lECiAKICAgICAvKiBwYXNz IGRpcmVjdGx5IHRvIHRoZSByZWFsIGRldmljZSBmb3IgcGFzc3Rocm91Z2gg dHlwZSByZWdpc3RlciBncm91cCAqLwogICAgIGlmIChyZWdfZ3JwX2VudHJ5 ID09IE5VTEwpIHsKKyAgICAgICAgaWYgKCFzLT5wZXJtaXNzaXZlKSB7Cisg ICAgICAgICAgICB3Yl9tYXNrID0gMDsKKyAgICAgICAgICAgIHdwX2ZsYWcg PSB0cnVlOworICAgICAgICB9CiAgICAgICAgIGdvdG8gb3V0OwogICAgIH0K IApAQCAtMzAwLDEyICszMDUsMTUgQEAgc3RhdGljIHZvaWQgeGVuX3B0X3Bj aV93cml0ZV9jb25maWcoUENJRAogICAgICAgICAgICAgdWludDMyX3QgcmVh bF9vZmZzZXQgPSByZWdfZ3JwX2VudHJ5LT5iYXNlX29mZnNldCArIHJlZy0+ b2Zmc2V0OwogICAgICAgICAgICAgdWludDMyX3QgdmFsaWRfbWFzayA9IDB4 RkZGRkZGRkYgPj4gKCg0IC0gZW11bF9sZW4pIDw8IDMpOwogICAgICAgICAg ICAgdWludDhfdCAqcHRyX3ZhbCA9IE5VTEw7CisgICAgICAgICAgICB1aW50 MzJfdCB3cF9tYXNrID0gcmVnLT5lbXVfbWFzayB8IHJlZy0+cm9fbWFzazsK IAogICAgICAgICAgICAgdmFsaWRfbWFzayA8PD0gKGZpbmRfYWRkciAtIHJl YWxfb2Zmc2V0KSA8PCAzOwogICAgICAgICAgICAgcHRyX3ZhbCA9ICh1aW50 OF90ICopJnZhbCArIChyZWFsX29mZnNldCAmIDMpOwotICAgICAgICAgICAg aWYgKHJlZy0+ZW11X21hc2sgPT0gKDB4RkZGRkZGRkYgPj4gKCg0IC0gcmVn LT5zaXplKSA8PCAzKSkpIHsKLSAgICAgICAgICAgICAgICB3Yl9tYXNrICY9 IH4oKHJlZy0+ZW11X21hc2sKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgID4+ICgoZmluZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMpKQorICAg ICAgICAgICAgaWYgKCFzLT5wZXJtaXNzaXZlKSB7CisgICAgICAgICAgICAg ICAgd3BfbWFzayB8PSByZWctPnJlc19tYXNrOworICAgICAgICAgICAgfQor ICAgICAgICAgICAgaWYgKHdwX21hc2sgPT0gKDB4RkZGRkZGRkYgPj4gKCg0 IC0gcmVnLT5zaXplKSA8PCAzKSkpIHsKKyAgICAgICAgICAgICAgICB3Yl9t YXNrICY9IH4oKHdwX21hc2sgPj4gKChmaW5kX2FkZHIgLSByZWFsX29mZnNl dCkgPDwgMykpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDw8ICgo bGVuIC0gZW11bF9sZW4pIDw8IDMpKTsKICAgICAgICAgICAgIH0KIApAQCAt MzQ5LDYgKzM1NywxNiBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRl X2NvbmZpZyhQQ0lECiAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAv KiBub3RoaW5nIHRvIGRvIHdpdGggcGFzc3Rocm91Z2ggdHlwZSByZWdpc3Rl ciwKICAgICAgICAgICAgICAqIGNvbnRpbnVlIHRvIGZpbmQgbmV4dCBieXRl ICovCisgICAgICAgICAgICBpZiAoIXMtPnBlcm1pc3NpdmUpIHsKKyAgICAg ICAgICAgICAgICB3Yl9tYXNrICY9IH4oMHhmZiA8PCAoKGxlbiAtIGVtdWxf bGVuKSA8PCAzKSk7CisgICAgICAgICAgICAgICAgLyogVW51c2VkIEJBUnMg d2lsbCBtYWtlIGl0IGhlcmUsIGJ1dCB3ZSBkb24ndCB3YW50IHRvIGlzc3Vl CisgICAgICAgICAgICAgICAgICogd2FybmluZ3MgZm9yIHdyaXRlcyB0byB0 aGVtIChib2d1cyB3cml0ZXMgZ2V0IGRlYWx0IHdpdGgKKyAgICAgICAgICAg ICAgICAgKiBhYm92ZSkuCisgICAgICAgICAgICAgICAgICovCisgICAgICAg ICAgICAgICAgaWYgKGluZGV4IDwgMCkgeworICAgICAgICAgICAgICAgICAg ICB3cF9mbGFnID0gdHJ1ZTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAg ICAgICB9CiAgICAgICAgICAgICBlbXVsX2xlbi0tOwogICAgICAgICAgICAg ZmluZF9hZGRyKys7CiAgICAgICAgIH0KQEAgLTM2MCw2ICszNzgsMTMgQEAg c3RhdGljIHZvaWQgeGVuX3B0X3BjaV93cml0ZV9jb25maWcoUENJRAogICAg IG1lbW9yeV9yZWdpb25fdHJhbnNhY3Rpb25fY29tbWl0KCk7CiAKIG91dDoK KyAgICBpZiAod3BfZmxhZyAmJiAhcy0+cGVybWlzc2l2ZV93YXJuZWQpIHsK KyAgICAgICAgcy0+cGVybWlzc2l2ZV93YXJuZWQgPSB0cnVlOworICAgICAg ICB4ZW5fcHRfbG9nKGQsICJXcml0ZS1iYWNrIHRvIHVua25vd24gZmllbGQg MHglMDJ4IChwYXJ0aWFsbHkpIGluaGliaXRlZCAoMHglMCp4KVxuIiwKKyAg ICAgICAgICAgICAgICAgICBhZGRyLCBsZW4gKiAyLCB3Yl9tYXNrKTsKKyAg ICAgICAgeGVuX3B0X2xvZyhkLCAiSWYgdGhlIGRldmljZSBkb2Vzbid0IHdv cmssIHRyeSBlbmFibGluZyBwZXJtaXNzaXZlIG1vZGVcbiIpOworICAgICAg ICB4ZW5fcHRfbG9nKGQsICIodW5zYWZlKSBhbmQgaWYgaXQgaGVscHMgcmVw b3J0IHRoZSBwcm9ibGVtIHRvIHhlbi1kZXZlbFxuIik7CisgICAgfQogICAg IGZvciAoaW5kZXggPSAwOyB3Yl9tYXNrOyBpbmRleCArPSBsZW4pIHsKICAg ICAgICAgLyogdW5rbm93biByZWdzIGFyZSBwYXNzZWQgdGhyb3VnaCAqLwog ICAgICAgICB3aGlsZSAoISh3Yl9tYXNrICYgMHhmZikpIHsKQEAgLTgyMSw2 ICs4NDYsNyBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfdW5yZWdpc3Rlcl9kZXZp Y2UoUENJCiAKIHN0YXRpYyBQcm9wZXJ0eSB4ZW5fcGNpX3Bhc3N0aHJvdWdo X3Byb3BlcnRpZXNbXSA9IHsKICAgICBERUZJTkVfUFJPUF9QQ0lfSE9TVF9E RVZBRERSKCJob3N0YWRkciIsIFhlblBDSVBhc3N0aHJvdWdoU3RhdGUsIGhv c3RhZGRyKSwKKyAgICBERUZJTkVfUFJPUF9CT09MKCJwZXJtaXNzaXZlIiwg WGVuUENJUGFzc3Rocm91Z2hTdGF0ZSwgcGVybWlzc2l2ZSwgZmFsc2UpLAog ICAgIERFRklORV9QUk9QX0VORF9PRl9MSVNUKCksCiB9OwogCi0tLSBhL2h3 L3hlbi94ZW5fcHQuaAorKysgYi9ody94ZW4veGVuX3B0LmgKQEAgLTE5Nyw2 ICsxOTcsOCBAQCBzdHJ1Y3QgWGVuUENJUGFzc3Rocm91Z2hTdGF0ZSB7CiAK ICAgICBQQ0lIb3N0RGV2aWNlQWRkcmVzcyBob3N0YWRkcjsKICAgICBib29s IGlzX3ZpcnRmbjsKKyAgICBib29sIHBlcm1pc3NpdmU7CisgICAgYm9vbCBw ZXJtaXNzaXZlX3dhcm5lZDsKICAgICBYZW5Ib3N0UENJRGV2aWNlIHJlYWxf ZGV2aWNlOwogICAgIFhlblBUUmVnaW9uIGJhc2VzW1BDSV9OVU1fUkVHSU9O U107IC8qIEFjY2VzcyByZWdpb25zICovCiAgICAgUUxJU1RfSEVBRCgsIFhl blBUUmVnR3JvdXApIHJlZ19ncnBzOwotLS0gYS9ody94ZW4veGVuX3B0X2Nv bmZpZ19pbml0LmMKKysrIGIvaHcveGVuL3hlbl9wdF9jb25maWdfaW5pdC5j CkBAIC0xMDEsNiArMTAxLDEwIEBAIHN0YXRpYyB1aW50MzJfdCBnZXRfdGhy b3VnaGFibGVfbWFzayhjb24KIHsKICAgICB1aW50MzJfdCB0aHJvdWdoYWJs ZV9tYXNrID0gfihyZWctPmVtdV9tYXNrIHwgcmVnLT5yb19tYXNrKTsKIAor ICAgIGlmICghcy0+cGVybWlzc2l2ZSkgeworICAgICAgICB0aHJvdWdoYWJs ZV9tYXNrICY9IH5yZWctPnJlc19tYXNrOworICAgIH0KKwogICAgIHJldHVy biB0aHJvdWdoYWJsZV9tYXNrICYgdmFsaWRfbWFzazsKIH0KIAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoM-0005Rt-2C; Tue, 02 Jun 2015 14:04:58 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoK-0005Qq-LD; Tue, 02 Jun 2015 14:04:56 +0000 Received: from [85.158.137.68] by server-10.bemta-3.messagelabs.com id 84/78-03895-708BD655; Tue, 02 Jun 2015 14:04:55 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-6.tower-31.messagelabs.com!1433253893!7968773!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18766 invoked from network); 2 Jun 2015 14:04:54 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-6.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:04:54 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoC-0006Sy-MY; Tue, 02 Jun 2015 14:04:48 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YzmoC-0001pV-KC; Tue, 02 Jun 2015 14:04:48 +0000 Date: Tue, 02 Jun 2015 14:04:48 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 130 (CVE-2015-4105) - Guest triggerable qemu MSI-X pass-through error messages X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4105 / XSA-130 version 2 Guest triggerable qemu MSI-X pass-through error messages UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Device model code dealing with guest PCI MSI-X interrupt management activities logs messages on certain (supposedly) invalid guest operations. IMPACT ====== A buggy or malicious guest repeatedly invoking such operations may result in the host disk to fill up, possibly leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-X capable. (Many modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI-X capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa130-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa130-qemuu-4.3.patch Xen 4.3.x xsa130-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa130*.patch 0ed6d75b6758c43a3042994f5127cb69d03796acf5c4d305d7ec2486500753da xsa130-qemut.patch fd6e835e945c2eee197f9e18501aeefb6e1d33a714f6ce66c16481d5aca8fcd0 xsa130-qemuu-4.3.patch 87fb70041d1fe9c997461c4a6fdaf9157667ec2eff7c77b8db6ee8f9d730753d xsa130-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdWAAoJEIP+FMlX6CvZhyIH/3VkV4yhOpHsYzHEdkcikqTP w3KzOsPqtZs2++XWN48Ewpt1Dy12vLkq65hljfvHj9AIWmB0qgWXNC51lkkIFffT KgcNuUbuJkyy+hNk7K/OWblXbehTrSIAWkl13xKymIQYiS+UN8TYp9kM7QIFkYh2 GGJlCzTljnxeKFZY0z7uW6OKnZzBkdcGmRS5tyH+cqikfAEDSGaV7ffSC0mukd0/ LrTodM+0+8C40znDAyjUiz91YfGXyXtTTEKvmPzdhiv9Fsp3FZ6kMkSGPhcAUUUh WJmP23QXwm1Tt0qZn9wp1w1DmgihkDoS9Jdw/as29qSCNE2UrfsXaPghGkujQTU= =KrtH -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa130-qemut.patch" Content-Disposition: attachment; filename="xsa130-qemut.patch" Content-Transfer-Encoding: base64 eGVuL01TSS1YOiBkaXNhYmxlIGxvZ2dpbmcgYnkgZGVmYXVsdAoKLi4uIHRv IGF2b2lkIGFsbG93aW5nIHRoZSBndWVzdCB0byBjYXVzZSB0aGUgY29udHJv bCBkb21haW4ncyBkaXNrIHRvCmZpbGwuCgpUaGlzIGlzIFhTQS0xMzAuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ ClJldmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3Rh YmVsbGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdo LmgKKysrIGIvaHcvcGFzcy10aHJvdWdoLmgKQEAgLTI3LDcgKzI3LDcgQEAK ICNpbmNsdWRlICJxZW11LXRpbWVyLmgiCiAKIC8qIExvZyBhY2Vzc3MgKi8K LSNkZWZpbmUgUFRfTE9HR0lOR19FTkFCTEVECisvKiAjZGVmaW5lIFBUX0xP R0dJTkdfRU5BQkxFRCAqLwogCiAvKiBQcmludCBlcnJvcnMgZXZlbiBpZiBs b2dnaW5nIGlzIGRpc2FibGVkICovCiAjZGVmaW5lIFBUX0VSUihfZiwgX2Eu Li4pICAgZnByaW50Zihsb2dmaWxlLCAiJXM6ICIgX2YsIF9fZnVuY19fLCAj I19hKQo= --=separator Content-Type: application/octet-stream; name="xsa130-qemuu-4.3.patch" Content-Disposition: attachment; filename="xsa130-qemuu-4.3.patch" Content-Transfer-Encoding: base64 eGVuL01TSS1YOiBsaW1pdCBlcnJvciBtZXNzYWdlcyByZXN1bHRpbmcgZnJv bSBiYWQgZ3Vlc3QgYmVoYXZpb3IKCi4uLiB0byBhdm9pZCBhbGxvd2luZyB0 aGUgZ3Vlc3QgdG8gY2F1c2UgdGhlIGNvbnRyb2wgZG9tYWluJ3MgZGlzayB0 bwpmaWxsLgoKVGhlIGZpcnN0IG1lc3NhZ2UgaW4gcGNpX21zaXhfd3JpdGUo KSBjYW4gc2ltcGx5IGJlIGRlbGV0ZWQsIGFzIHRoaXMKaXMgaW5kZWVkIGJh ZCBndWVzdCBiZWhhdmlvciwgYnV0IHN1Y2ggb3V0IG9mIGJvdW5kcyB3cml0 ZXMgZG9uJ3QKcmVhbGx5IG5lZWQgdG8gYmUgbG9nZ2VkLgoKVGhlIHNlY29u ZCBvbmUgaXMgbW9yZSBwcm9ibGVtYXRpYywgYXMgdGhlcmUgZ3Vlc3QgYmVo YXZpb3IgbWF5IG9ubHkKYXBwZWFyIHRvIGJlIHdyb25nOiBGb3Igb25lLCB0 aGUgb2xkIGxvZ2ljIGRpZG4ndCB0YWtlIHRoZSBtYXNrLWFsbCBiaXQKaW50 byBhY2NvdW50LiBBbmQgdGhlbiB0aGlzIHNob3VsZG4ndCBkZXBlbmQgb24g aG9zdCBkZXZpY2Ugc3RhdGUgKGkuZS4KdGhlIGhvc3QgbWF5IGhhdmUgbWFz a2VkIHRoZSBlbnRyeSB3aXRob3V0IHRoZSBndWVzdCBoYXZpbmcgZG9uZSBz bykuClBsdXMgdGhlc2Ugd3JpdGVzIHNob3VsZG4ndCBiZSBkcm9wcGVkIGV2 ZW4gd2hlbiBhbiBlbnRyeSBpcyB1bm1hc2tlZC4KSW5zdGVhZCwgaWYgdGhl eSBjYW4ndCBiZSBtYWRlIHRha2UgZWZmZWN0IHJpZ2h0IGF3YXksIHRoZXkg c2hvdWxkIHRha2UKZWZmZWN0IG9uIHRoZSBuZXh0IHVubWFza2luZyBvciBl bmFibGluZyBvcGVyYXRpb24gLSB0aGUgc3BlY2lmaWNhdGlvbgpleHBsaWNp dGx5IGRlc2NyaWJlcyBzdWNoIGNhY2hpbmcgYmVoYXZpb3IuIFVudGlsIHdl IGNhbiB2YWxpZGx5IGRyb3AKdGhlIG1lc3NhZ2UgKGltcGxlbWVudGluZyBz dWNoIGNhY2hpbmcvbGF0Y2hpbmcgYmVoYXZpb3IpLCBpc3N1ZSB0aGUKbWVz c2FnZSBqdXN0IG9uY2UgcGVyIE1TSS1YIHRhYmxlIGVudHJ5LgoKTm90ZSB0 aGF0IHRoZSBsb2cgbWVzc2FnZSBpbiBwY2lfbXNpeF9yZWFkKCkgc2ltaWxh ciB0byB0aGUgb25lIGJlaW5nCnJlbW92ZWQgaGVyZSBpcyBub3QgYW4gaXNz dWU6ICJhZGRyIiBiZWluZyBvZiB1bnNpZ25lZCB0eXBlLCBhbmQgdGhlCm1h eGltdW0gc2l6ZSBvZiB0aGUgTVNJLVggdGFibGUgYmVpbmcgMzJrLCBlbnRy eV9uciBzaW1wbHkgY2FuJ3QgYmUKbmVnYXRpdmUgYW5kIGhlbmNlIHRoZSBj b25kaXRvbmFsIGd1YXJkaW5nIGlzc3Vpbmcgb2YgdGhlIG1lc3NhZ2Ugd2ls bApuZXZlciBiZSB0cnVlLgoKVGhpcyBpcyBYU0EtMTMwLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbl9wdC5oCisrKyBiL2h3L3hl bl9wdC5oCkBAIC0xNzUsNiArMTc1LDcgQEAgdHlwZWRlZiBzdHJ1Y3QgWGVu UFRNU0lYRW50cnkgewogICAgIHVpbnQzMl90IGRhdGE7CiAgICAgdWludDMy X3QgdmVjdG9yX2N0cmw7CiAgICAgYm9vbCB1cGRhdGVkOyAvKiBpbmRpY2F0 ZSB3aGV0aGVyIE1TSSBBRERSIG9yIERBVEEgaXMgdXBkYXRlZCAqLworICAg IGJvb2wgd2FybmVkOyAgLyogYXZvaWQgaXNzdWluZyAoYm9ndXMpIHdhcm5p bmcgbW9yZSB0aGFuIG9uY2UgKi8KIH0gWGVuUFRNU0lYRW50cnk7CiB0eXBl ZGVmIHN0cnVjdCBYZW5QVE1TSVggewogICAgIHVpbnQzMl90IGN0cmxfb2Zm c2V0OwotLS0gYS9ody94ZW5fcHRfbXNpLmMKKysrIGIvaHcveGVuX3B0X21z aS5jCkBAIC00MzMsMTEgKzQzMywxMCBAQCBzdGF0aWMgdm9pZCBwY2lfbXNp eF93cml0ZSh2b2lkICpvcGFxdWUsCiAgICAgWGVuUENJUGFzc3Rocm91Z2hT dGF0ZSAqcyA9IG9wYXF1ZTsKICAgICBYZW5QVE1TSVggKm1zaXggPSBzLT5t c2l4OwogICAgIFhlblBUTVNJWEVudHJ5ICplbnRyeTsKLSAgICBpbnQgZW50 cnlfbnIsIG9mZnNldDsKKyAgICB1bnNpZ25lZCBpbnQgZW50cnlfbnIsIG9m ZnNldDsKIAogICAgIGVudHJ5X25yID0gYWRkciAvIFBDSV9NU0lYX0VOVFJZ X1NJWkU7Ci0gICAgaWYgKGVudHJ5X25yIDwgMCB8fCBlbnRyeV9uciA+PSBt c2l4LT50b3RhbF9lbnRyaWVzKSB7Ci0gICAgICAgIFhFTl9QVF9FUlIoJnMt PmRldiwgImFza2VkIE1TSS1YIGVudHJ5ICclaScgaW52YWxpZCFcbiIsIGVu dHJ5X25yKTsKKyAgICBpZiAoZW50cnlfbnIgPj0gbXNpeC0+dG90YWxfZW50 cmllcykgewogICAgICAgICByZXR1cm47CiAgICAgfQogICAgIGVudHJ5ID0g Jm1zaXgtPm1zaXhfZW50cnlbZW50cnlfbnJdOwpAQCAtNDU4LDggKzQ1Nywx MSBAQCBzdGF0aWMgdm9pZCBwY2lfbXNpeF93cml0ZSh2b2lkICpvcGFxdWUs CiAgICAgICAgICAgICArIFBDSV9NU0lYX0VOVFJZX1ZFQ1RPUl9DVFJMOwog CiAgICAgICAgIGlmIChtc2l4LT5lbmFibGVkICYmICEoKnZlY19jdHJsICYg UENJX01TSVhfRU5UUllfQ1RSTF9NQVNLQklUKSkgewotICAgICAgICAgICAg WEVOX1BUX0VSUigmcy0+ZGV2LCAiQ2FuJ3QgdXBkYXRlIG1zaXggZW50cnkg JWQgc2luY2UgTVNJLVggaXMiCi0gICAgICAgICAgICAgICAgICAgICAgICIg YWxyZWFkeSBlbmFibGVkLlxuIiwgZW50cnlfbnIpOworICAgICAgICAgICAg aWYgKCFlbnRyeS0+d2FybmVkKSB7CisgICAgICAgICAgICAgICAgZW50cnkt Pndhcm5lZCA9IHRydWU7CisgICAgICAgICAgICAgICAgWEVOX1BUX0VSUigm cy0+ZGV2LCAiQ2FuJ3QgdXBkYXRlIG1zaXggZW50cnkgJWQgc2luY2UgTVNJ LVggaXMiCisgICAgICAgICAgICAgICAgICAgICAgICAgICAiIGFscmVhZHkg ZW5hYmxlZC5cbiIsIGVudHJ5X25yKTsKKyAgICAgICAgICAgIH0KICAgICAg ICAgICAgIHJldHVybjsKICAgICAgICAgfQogCg== --=separator Content-Type: application/octet-stream; name="xsa130-qemuu.patch" Content-Disposition: attachment; filename="xsa130-qemuu.patch" Content-Transfer-Encoding: base64 eGVuL01TSS1YOiBsaW1pdCBlcnJvciBtZXNzYWdlcyByZXN1bHRpbmcgZnJv bSBiYWQgZ3Vlc3QgYmVoYXZpb3IKCi4uLiB0byBhdm9pZCBhbGxvd2luZyB0 aGUgZ3Vlc3QgdG8gY2F1c2UgdGhlIGNvbnRyb2wgZG9tYWluJ3MgZGlzayB0 bwpmaWxsLgoKVGhlIGZpcnN0IG1lc3NhZ2UgaW4gcGNpX21zaXhfd3JpdGUo KSBjYW4gc2ltcGx5IGJlIGRlbGV0ZWQsIGFzIHRoaXMKaXMgaW5kZWVkIGJh ZCBndWVzdCBiZWhhdmlvciwgYnV0IHN1Y2ggb3V0IG9mIGJvdW5kcyB3cml0 ZXMgZG9uJ3QKcmVhbGx5IG5lZWQgdG8gYmUgbG9nZ2VkLgoKVGhlIHNlY29u ZCBvbmUgaXMgbW9yZSBwcm9ibGVtYXRpYywgYXMgdGhlcmUgZ3Vlc3QgYmVo YXZpb3IgbWF5IG9ubHkKYXBwZWFyIHRvIGJlIHdyb25nOiBGb3Igb25lLCB0 aGUgb2xkIGxvZ2ljIGRpZG4ndCB0YWtlIHRoZSBtYXNrLWFsbCBiaXQKaW50 byBhY2NvdW50LiBBbmQgdGhlbiB0aGlzIHNob3VsZG4ndCBkZXBlbmQgb24g aG9zdCBkZXZpY2Ugc3RhdGUgKGkuZS4KdGhlIGhvc3QgbWF5IGhhdmUgbWFz a2VkIHRoZSBlbnRyeSB3aXRob3V0IHRoZSBndWVzdCBoYXZpbmcgZG9uZSBz bykuClBsdXMgdGhlc2Ugd3JpdGVzIHNob3VsZG4ndCBiZSBkcm9wcGVkIGV2 ZW4gd2hlbiBhbiBlbnRyeSBpcyB1bm1hc2tlZC4KSW5zdGVhZCwgaWYgdGhl eSBjYW4ndCBiZSBtYWRlIHRha2UgZWZmZWN0IHJpZ2h0IGF3YXksIHRoZXkg c2hvdWxkIHRha2UKZWZmZWN0IG9uIHRoZSBuZXh0IHVubWFza2luZyBvciBl bmFibGluZyBvcGVyYXRpb24gLSB0aGUgc3BlY2lmaWNhdGlvbgpleHBsaWNp dGx5IGRlc2NyaWJlcyBzdWNoIGNhY2hpbmcgYmVoYXZpb3IuIFVudGlsIHdl IGNhbiB2YWxpZGx5IGRyb3AKdGhlIG1lc3NhZ2UgKGltcGxlbWVudGluZyBz dWNoIGNhY2hpbmcvbGF0Y2hpbmcgYmVoYXZpb3IpLCBpc3N1ZSB0aGUKbWVz c2FnZSBqdXN0IG9uY2UgcGVyIE1TSS1YIHRhYmxlIGVudHJ5LgoKTm90ZSB0 aGF0IHRoZSBsb2cgbWVzc2FnZSBpbiBwY2lfbXNpeF9yZWFkKCkgc2ltaWxh ciB0byB0aGUgb25lIGJlaW5nCnJlbW92ZWQgaGVyZSBpcyBub3QgYW4gaXNz dWU6ICJhZGRyIiBiZWluZyBvZiB1bnNpZ25lZCB0eXBlLCBhbmQgdGhlCm1h eGltdW0gc2l6ZSBvZiB0aGUgTVNJLVggdGFibGUgYmVpbmcgMzJrLCBlbnRy eV9uciBzaW1wbHkgY2FuJ3QgYmUKbmVnYXRpdmUgYW5kIGhlbmNlIHRoZSBj b25kaXRvbmFsIGd1YXJkaW5nIGlzc3Vpbmcgb2YgdGhlIG1lc3NhZ2Ugd2ls bApuZXZlciBiZSB0cnVlLgoKVGhpcyBpcyBYU0EtMTMwLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbi94ZW5fcHQuaAorKysgYi9o dy94ZW4veGVuX3B0LmgKQEAgLTE3NSw2ICsxNzUsNyBAQCB0eXBlZGVmIHN0 cnVjdCBYZW5QVE1TSVhFbnRyeSB7CiAgICAgdWludDMyX3QgZGF0YTsKICAg ICB1aW50MzJfdCB2ZWN0b3JfY3RybDsKICAgICBib29sIHVwZGF0ZWQ7IC8q IGluZGljYXRlIHdoZXRoZXIgTVNJIEFERFIgb3IgREFUQSBpcyB1cGRhdGVk ICovCisgICAgYm9vbCB3YXJuZWQ7ICAvKiBhdm9pZCBpc3N1aW5nIChib2d1 cykgd2FybmluZyBtb3JlIHRoYW4gb25jZSAqLwogfSBYZW5QVE1TSVhFbnRy eTsKIHR5cGVkZWYgc3RydWN0IFhlblBUTVNJWCB7CiAgICAgdWludDMyX3Qg Y3RybF9vZmZzZXQ7Ci0tLSBhL2h3L3hlbi94ZW5fcHRfbXNpLmMKKysrIGIv aHcveGVuL3hlbl9wdF9tc2kuYwpAQCAtNDM0LDExICs0MzQsMTAgQEAgc3Rh dGljIHZvaWQgcGNpX21zaXhfd3JpdGUodm9pZCAqb3BhcXVlLAogICAgIFhl blBDSVBhc3N0aHJvdWdoU3RhdGUgKnMgPSBvcGFxdWU7CiAgICAgWGVuUFRN U0lYICptc2l4ID0gcy0+bXNpeDsKICAgICBYZW5QVE1TSVhFbnRyeSAqZW50 cnk7Ci0gICAgaW50IGVudHJ5X25yLCBvZmZzZXQ7CisgICAgdW5zaWduZWQg aW50IGVudHJ5X25yLCBvZmZzZXQ7CiAKICAgICBlbnRyeV9uciA9IGFkZHIg LyBQQ0lfTVNJWF9FTlRSWV9TSVpFOwotICAgIGlmIChlbnRyeV9uciA8IDAg fHwgZW50cnlfbnIgPj0gbXNpeC0+dG90YWxfZW50cmllcykgewotICAgICAg ICBYRU5fUFRfRVJSKCZzLT5kZXYsICJhc2tlZCBNU0ktWCBlbnRyeSAnJWkn IGludmFsaWQhXG4iLCBlbnRyeV9ucik7CisgICAgaWYgKGVudHJ5X25yID49 IG1zaXgtPnRvdGFsX2VudHJpZXMpIHsKICAgICAgICAgcmV0dXJuOwogICAg IH0KICAgICBlbnRyeSA9ICZtc2l4LT5tc2l4X2VudHJ5W2VudHJ5X25yXTsK QEAgLTQ2MCw4ICs0NTksMTEgQEAgc3RhdGljIHZvaWQgcGNpX21zaXhfd3Jp dGUodm9pZCAqb3BhcXVlLAogICAgICAgICAgICAgKyBQQ0lfTVNJWF9FTlRS WV9WRUNUT1JfQ1RSTDsKIAogICAgICAgICBpZiAobXNpeC0+ZW5hYmxlZCAm JiAhKCp2ZWNfY3RybCAmIFBDSV9NU0lYX0VOVFJZX0NUUkxfTUFTS0JJVCkp IHsKLSAgICAgICAgICAgIFhFTl9QVF9FUlIoJnMtPmRldiwgIkNhbid0IHVw ZGF0ZSBtc2l4IGVudHJ5ICVkIHNpbmNlIE1TSS1YIGlzIgotICAgICAgICAg ICAgICAgICAgICAgICAiIGFscmVhZHkgZW5hYmxlZC5cbiIsIGVudHJ5X25y KTsKKyAgICAgICAgICAgIGlmICghZW50cnktPndhcm5lZCkgeworICAgICAg ICAgICAgICAgIGVudHJ5LT53YXJuZWQgPSB0cnVlOworICAgICAgICAgICAg ICAgIFhFTl9QVF9FUlIoJnMtPmRldiwgIkNhbid0IHVwZGF0ZSBtc2l4IGVu dHJ5ICVkIHNpbmNlIE1TSS1YIGlzIgorICAgICAgICAgICAgICAgICAgICAg ICAgICAgIiBhbHJlYWR5IGVuYWJsZWQuXG4iLCBlbnRyeV9ucik7CisgICAg ICAgICAgICB9CiAgICAgICAgICAgICByZXR1cm47CiAgICAgICAgIH0KIAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoS-0005Uc-P8; Tue, 02 Jun 2015 14:05:04 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoR-0005Tp-9A; Tue, 02 Jun 2015 14:05:03 +0000 Received: from [193.109.254.147] by server-4.bemta-14.messagelabs.com id A7/F3-27764-E08BD655; Tue, 02 Jun 2015 14:05:02 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-5.tower-27.messagelabs.com!1433253899!15017316!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 4184 invoked from network); 2 Jun 2015 14:05:00 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-5.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:05:00 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoG-0006TF-1x; Tue, 02 Jun 2015 14:04:52 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1YzmoF-0001rG-Vs; Tue, 02 Jun 2015 14:04:52 +0000 Date: Tue, 02 Jun 2015 14:04:51 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 131 (CVE-2015-4106) - Unmediated PCI register access in qemu X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4106 / XSA-131 version 3 Unmediated PCI register access in qemu UPDATES IN VERSION 3 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Qemu allows guests to not only read, but also write all parts of the PCI config space (but not extended config space) of passed through PCI devices not explicitly dealt with for (partial) emulation purposes. IMPACT ====== Since the effect depends on the specific purpose of the the config space field, it's not possbile to give a general statement about the exact impact on the host or other guests. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa131-qemuu-$n.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa131-qemuu-4.4-1.patch Xen 4.4.x replacement for xsa131-qemuu-1.patch xsa131-qemuu-4.3-$n.patch Xen 4.3.x xsa131-qemut-$n.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x xsa131-qemut-4.2-1.patch Xen 4.2.x replacement for xsa131-qemut-1.patch $ sha256sum xsa131*.patch 2ff4aa092247ff0911d837adc5f4de1ffa8ed32a39eaea9b0bfc4a40b7921b06 xsa131-qemut-1.patch dafa524374d890e517d4e2600a594064b55af645172422b9e81a64b5f4a64575 xsa131-qemut-2.patch b37d3e22ce4410bf0db87217c60a543f0143a23ab0652f1746bd5fe17dbadd70 xsa131-qemut-3.patch b5f0882717129142f11297a62b2ed826da94ce5ed42f6b2ea60f9101b652aed9 xsa131-qemut-4.2-1.patch 3bfc58b6288bafb4c2039265be32c6bd9e048b63a4cae279ead3ec1154af9abe xsa131-qemut-4.patch 60c44b63d2c7bd7e12631db7fd05622d782e1a5ccd7dfa17a1671b36b5ff7bee xsa131-qemut-5.patch 8f2a9c4333155fac670ad3a932703051ce8a47f4f6d3a067458e5ab49da7e93a xsa131-qemut-6.patch ed4facfa80b2ab7ecfc9b232878d3f4d54ad93214c75f4b4af71c8f07a1d04c4 xsa131-qemut-7.patch d400d03ae792699fec9a54bbb6b08c2f5523427ef8af85b0c5ede497ba87f61c xsa131-qemut-8.patch 7a7f294303a8bcf9a316e3e6b8a0511dac3e92dbf7e373b21c94b97835c03f2f xsa131-qemuu-1.patch dc72bd4993fdcea3dc98d18f314da3ac1c7e73e0b99dac325b0e59d0229f67e5 xsa131-qemuu-2.patch 61524a47fd29406ba9a2983ea9cb59e45a56d716d65d78689177d9c8e95f76e6 xsa131-qemuu-3.patch 21493c5db68115d97a6aecf1159ee05023b59545627d7f03d7fdaa238bb3bd27 xsa131-qemuu-4.3-1.patch 5828647db6f090ce6c7ea20f90331008f2a0bba18b3a3a371f2ba9054871a7cb xsa131-qemuu-4.3-2.patch eab05df32e8a7c729cc52affd28b109a8f75cabb8fd4027934059d303b2232fa xsa131-qemuu-4.3-3.patch 8dc95a2a8a45d851476b938e4cab2e65d87b8dc28c721949824ce900552ba489 xsa131-qemuu-4.3-4.patch 7a358fba18ae9c0dde1134564151a97c8e6d6f5982ac74c450f81d2ed8e9d540 xsa131-qemuu-4.3-5.patch fcb77a8d2adde1daf03f8faeb6e92788b2727f5b11563b6f770c74251b0964a4 xsa131-qemuu-4.3-6.patch 79933b2744e7b69c4eb23f3974d242e2592cb4553be115a4aec1c6e30e7564cf xsa131-qemuu-4.3-7.patch bb4021a36a9f36dc0082cfd42869adc737ec4afea92ac1100f0971118174b58c xsa131-qemuu-4.3-8.patch f70516fa38a3d2e0cf906c41e3b7dfd7cf998c9189b232dac20633c7b0d1ab8b xsa131-qemuu-4.4-1.patch 041c82a341755bcbab18f834a0fccf9c031674d956958092cbfa5e64f05b6318 xsa131-qemuu-4.patch 91aeb9c0d3e9a251faf12840e0519a342cfb7e35af3fea429bedb452182fae47 xsa131-qemuu-5.patch 60482fe37fd405032b92de85ed5d333c210c85662b1645016dce2f0053aa6ec0 xsa131-qemuu-6.patch 05fc2e614620449e52a056ce6e5f4033970ade22fde623e3b789fc57b3e4143e xsa131-qemuu-7.patch 358849d7c0dff29bf96f49e56d00c4d7bd4c8d0c71c122a7b3655e10f45cb53b xsa131-qemuu-8.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or migitations is NOT permitted (except on systems used and administered only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployent on public cloud systems is NOT permitted. This is because the altered PCI config space access behavior is visible to guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdZAAoJEIP+FMlX6CvZ1yEIAKWoq6O8Nk8zewvKojXnmt0J irQ4p9uXBDN682d9Vloq+y86PSt5NLs83ZfAHWSkWPkkgyDXy4tmnte9LGMLmVI+ Z7nZs4dsH2bixFMJfqjKWE//py37TIVmI4M37xOgkNV8HTQJ0ZHWgYur5ilNJu9x HJ1duL3//+zkelA+zUQQSNMPvc2OUCSRGW5UVDwn95xJDAgURWe2d6c6bg8yG7T6 ufwO0x1CWTRaVsbLRSCST3NEVl7bxmYR5RBxlBaUIpgzT53aK3XHoiAezjTdK1Ul TiZ3Hb0XVtFbNEz2cCWQBEdQPKYhJjxpUBdRi9zlsiFwHa+lG+CA3i1IcqXIXQo= =tNVc -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa131-qemut-1.patch" Content-Disposition: attachment; filename="xsa131-qemut-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMK KysrIGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTY0OCw3ICs2NDgsNyBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAsCiAgICAgICAgIC5yb19tYXNrICAgID0gMHhGRjhFLAotICAgICAg ICAuZW11X21hc2sgICA9IDB4MDE3RiwKKyAgICAgICAgLmVtdV9tYXNrICAg PSAweDAxN0UsCiAgICAgICAgIC5pbml0ICAgICAgID0gcHRfbXNnY3RybF9y ZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19y ZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHB0X21zZ2N0cmxfcmVnX3dy aXRlLApAQCAtMzkwMSw2ICszOTAxLDkgQEAgc3RhdGljIGludCBwdF9tc2dj dHJsX3JlZ193cml0ZShzdHJ1Y3QgcAogCiAgICAgLyogbW9kaWZ5IGVtdWxh dGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVf bWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOworICAgIC8qIGFs c28gZW11bGF0ZSBNU0lfRU5BQkxFIGJpdCBmb3IgTVNJLUlOVHggdHJhbnNs YXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1zaV90cmFuc19lbikKKyAgICAg ICAgd3JpdGFibGVfbWFzayB8PSBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSAmIHZh bGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwog ICAgIC8qIHVwZGF0ZSB0aGUgbXNpX2luZm8gdG9vICovCiAgICAgcHRkZXYt Pm1zaS0+ZmxhZ3MgfD0gY2ZnX2VudHJ5LT5kYXRhICYKQEAgLTM5MDksNiAr MzkxMiw5IEBAIHN0YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3Ry dWN0IHAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9P IGRldmljZSByZWdpc3RlciAqLwogICAgIHZhbCA9ICp2YWx1ZTsKICAgICB0 aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNr OworICAgIC8qIGRvbid0IHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxFIGJpdCBm b3IgTVNJLUlOVHggdHJhbnNsYXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1z aV90cmFuc19lbikKKyAgICAgICAgdGhyb3VnaGFibGVfbWFzayAmPSB+UENJ X01TSV9GTEFHU19FTkFCTEU7CiAgICAgKnZhbHVlID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAg ICAgLyogdXBkYXRlIE1TSSAqLwpAQCAtMzk1MiwxMiArMzk1OCw2IEBAIHN0 YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAKICAgICAg ICAgfQogICAgIH0KIAotICAgIC8qIHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxF IGJpdCB3aGVuIG5vIE1TSS1JTlR4IHRyYW5zbGF0aW9uICovCi0gICAgaWYg KCFwdGRldi0+bXNpX3RyYW5zX2VuKSB7Ci0gICAgICAgICp2YWx1ZSAmPSB+ UENJX01TSV9GTEFHU19FTkFCTEU7Ci0gICAgICAgICp2YWx1ZSB8PSB2YWwg JiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKLSAgICB9Ci0KICAgICByZXR1cm4g MDsKIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-2.patch" Content-Disposition: attachment; filename="xsa131-qemut-2.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb25zb2xpZGF0ZSBQTSBjYXBhYmlsaXR5IGVtdV9tYXNrCgpU aGVyZSdzIG5vIHBvaW50IGluIHhlbl9wdF9wbWNzcl9yZWdfe3JlYWQsd3Jp dGV9KCkgZWFjaCBPUmluZwpQQ0lfUE1fQ1RSTF9TVEFURV9NQVNLIGFuZCBQ Q0lfUE1fQ1RSTF9OT19TT0ZUX1JFU0VUIGludG8gYSBsb2NhbAplbXVfbWFz ayB2YXJpYWJsZSAtIHdlIGNhbiBoYXZlIHRoZSBzYW1lIGVmZmVjdCBieSBz ZXR0aW5nIHRoZSBmaWVsZApkZXNjcmlwdG9yJ3MgZW11X21hc2sgbWVtYmVy IHN1aXRhYmx5IHJpZ2h0IGF3YXkuIE5vdGUgdGhhdAp4ZW5fcHRfcG1jc3Jf cmVnX3dyaXRlKCkgaXMgYmVpbmcgcmV0YWluZWQgaW4gb3JkZXIgdG8gYWxs b3cgbGF0ZXIKcGF0Y2hlcyB0byBiZSBsZXNzIGludHJ1c2l2ZS4KClRoaXMg aXMgYSBwcmVwYXJhdG9yeSBwYXRjaCBmb3IgWFNBLTEzMS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQt Ynk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFiZWxsaW5pQGV1 LmNpdHJpeC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1w YmVsbEBjaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMKKysr IGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTE3OSw5ICsxNzksNiBAQCBzdGF0 aWMgaW50IHB0X2xvbmdfcmVnX3JlYWQoc3RydWN0IHB0X2RlCiBzdGF0aWMg aW50IHB0X2Jhcl9yZWdfcmVhZChzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKICAg ICBzdHJ1Y3QgcHRfcmVnX3RibCAqY2ZnX2VudHJ5LAogICAgIHVpbnQzMl90 ICp2YWx1ZSwgdWludDMyX3QgdmFsaWRfbWFzayk7Ci1zdGF0aWMgaW50IHB0 X3BtY3NyX3JlZ19yZWFkKHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAotICAgIHN0 cnVjdCBwdF9yZWdfdGJsICpjZmdfZW50cnksCi0gICAgdWludDE2X3QgKnZh bHVlLCB1aW50MTZfdCB2YWxpZF9tYXNrKTsKIHN0YXRpYyBpbnQgcHRfYnl0 ZV9yZWdfd3JpdGUoc3RydWN0IHB0X2RldiAqcHRkZXYsCiAgICAgc3RydWN0 IHB0X3JlZ190YmwgKmNmZ19lbnRyeSwKICAgICB1aW50OF90ICp2YWx1ZSwg dWludDhfdCBkZXZfdmFsdWUsIHVpbnQ4X3QgdmFsaWRfbWFzayk7CkBAIC00 OTQsNyArNDkxLDcgQEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190Ymwg cHRfZW11X3JlZwogICAgICAgICAudS53LndyaXRlICA9IHB0X3dvcmRfcmVn X3dyaXRlLAogICAgICAgICAudS53LnJlc3RvcmUgID0gTlVMTCwKICAgICB9 LAotICAgIC8qIFBDSSBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wvU3RhdHVz IHJlZyAqLworICAgIC8qIFBDSSBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wv U3RhdHVzIHJlZyAoLT5wb3dlcl9tZ210IG9uKSAqLwogICAgIHsKICAgICAg ICAgLm9mZnNldCAgICAgPSBQQ0lfUE1fQ1RSTCwKICAgICAgICAgLnNpemUg ICAgICAgPSAyLApAQCAtNTAyLDcgKzQ5OSwxOSBAQCBzdGF0aWMgc3RydWN0 IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAgICAgIC5yb19tYXNr ICAgID0gMHhFMUZDLAogICAgICAgICAuZW11X21hc2sgICA9IDB4ODEwMCwK ICAgICAgICAgLmluaXQgICAgICAgPSBwdF9wbWNzcl9yZWdfaW5pdCwKLSAg ICAgICAgLnUudy5yZWFkICAgPSBwdF9wbWNzcl9yZWdfcmVhZCwKKyAgICAg ICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19yZWFkLAorICAgICAgICAu dS53LndyaXRlICA9IHB0X3BtY3NyX3JlZ193cml0ZSwKKyAgICAgICAgLnUu dy5yZXN0b3JlICA9IHB0X3BtY3NyX3JlZ19yZXN0b3JlLAorICAgIH0sCisg ICAgLyogUENJIFBvd2VyIE1hbmFnZW1lbnQgQ29udHJvbC9TdGF0dXMgcmVn ICgtPnBvd2VyX21nbXQgb2ZmKSAqLworICAgIHsKKyAgICAgICAgLm9mZnNl dCAgICAgPSBQQ0lfUE1fQ1RSTCwKKyAgICAgICAgLnNpemUgICAgICAgPSAy LAorICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwOCwKKyAgICAgICAgLnJv X21hc2sgICAgPSAweEUxRkMsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHg4 MTBCLAorICAgICAgICAuaW5pdCAgICAgICA9IHB0X3BtY3NyX3JlZ19pbml0 LAorICAgICAgICAudS53LnJlYWQgICA9IHB0X3dvcmRfcmVnX3JlYWQsCiAg ICAgICAgIC51Lncud3JpdGUgID0gcHRfcG1jc3JfcmVnX3dyaXRlLAogICAg ICAgICAudS53LnJlc3RvcmUgID0gcHRfcG1jc3JfcmVnX3Jlc3RvcmUsCiAg ICAgfSwKQEAgLTI5MTksNiArMjkyOCw3IEBAIHN0YXRpYyB1aW50MzJfdCBw dF9wbWNfcmVnX2luaXQoc3RydWN0IHAKICAgICByZXR1cm4gcmVnLT5pbml0 X3ZhbDsKIH0KIAorLyogdGhpcyBmdW5jdGlvbiB3aWxsIGJlIGNhbGxlZCB0 d2ljZSAoZm9yIC0+cG93ZXJfbWdtdCBvbiBhbmQgb2ZmIGNhc2VzKSAqLwog LyogaW5pdGlhbGl6ZSBQQ0kgUG93ZXIgTWFuYWdlbWVudCBDb250cm9sL1N0 YXR1cyByZWdpc3RlciAqLwogc3RhdGljIHVpbnQzMl90IHB0X3BtY3NyX3Jl Z19pbml0KHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAogICAgICAgICBzdHJ1Y3Qg cHRfcmVnX2luZm9fdGJsICpyZWcsIHVpbnQzMl90IHJlYWxfb2Zmc2V0KQpA QCAtMjkyNiw4ICsyOTM2LDIzIEBAIHN0YXRpYyB1aW50MzJfdCBwdF9wbWNz cl9yZWdfaW5pdChzdHJ1Y3QKICAgICBQQ0lEZXZpY2UgKmQgPSAmcHRkZXYt PmRldjsKICAgICB1aW50MTZfdCBjYXBfdmVyICA9IDA7CiAKLSAgICBpZiAo IXB0ZGV2LT5wb3dlcl9tZ210KQotICAgICAgICByZXR1cm4gcmVnLT5pbml0 X3ZhbDsKKyAgICBzd2l0Y2ggKHJlZy0+ZW11X21hc2sgJiAoUENJX1BNX0NU UkxfU1RBVEVfTUFTSyB8CisgICAgICAgICAgICAgICAgICAgICAgICAgICAg IFBDSV9QTV9DVFJMX05PX1NPRlRfUkVTRVQpKQorICAgIHsKKyAgICBjYXNl IDA6CisgICAgICAgIGlmICghcHRkZXYtPnBvd2VyX21nbXQpCisgICAgICAg ICAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7CisgICAgICAgIGJyZWFrOwor ICAgIGNhc2UgUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9QTV9DVFJM X05PX1NPRlRfUkVTRVQ6CisgICAgICAgIGlmICghcHRkZXYtPnBvd2VyX21n bXQpCisgICAgICAgICAgICByZXR1cm4gcmVnLT5pbml0X3ZhbDsKKyAgICAg ICAgcmV0dXJuIFBUX0lOVkFMSURfUkVHOworICAgIGRlZmF1bHQ6CisgICAg ICAgIC8qIGV4aXQgSS9PIGVtdWxhdG9yICovCisgICAgICAgIFBUX0xPRygi SW50ZXJuYWwgZXJyb3I6IEludmFsaWQgUE1DU1IgZW11bGF0aW9uIG1hc2sg JTA0eC4iCisgICAgICAgICAgICAgICAiIEkvTyBlbXVsYXRvciBleGl0Llxu IiwgcmVnLT5lbXVfbWFzayk7CisgICAgICAgIGV4aXQoMSk7CisgICAgfQog CiAgICAgLyogY2hlY2sgUENJIFBvd2VyIE1hbmFnZW1lbnQgc3VwcG9ydCB2 ZXJzaW9uICovCiAgICAgY2FwX3ZlciA9IHB0ZGV2LT5wbV9zdGF0ZS0+cG1j X2ZpZWxkICYgUENJX1BNX0NBUF9WRVJfTUFTSzsKQEAgLTM0MTcsMjQgKzM0 NDIsNiBAQCBzdGF0aWMgaW50IHB0X2Jhcl9yZWdfcmVhZChzdHJ1Y3QgcHRf ZGV2CiB9CiAKIAotLyogcmVhZCBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wv U3RhdHVzIHJlZ2lzdGVyICovCi1zdGF0aWMgaW50IHB0X3BtY3NyX3JlZ19y ZWFkKHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAotICAgICAgICBzdHJ1Y3QgcHRf cmVnX3RibCAqY2ZnX2VudHJ5LAotICAgICAgICB1aW50MTZfdCAqdmFsdWUs IHVpbnQxNl90IHZhbGlkX21hc2spCi17Ci0gICAgc3RydWN0IHB0X3JlZ19p bmZvX3RibCAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7Ci0gICAgdWludDE2X3Qg dmFsaWRfZW11X21hc2sgPSByZWctPmVtdV9tYXNrOwotCi0gICAgaWYgKCFw dGRldi0+cG93ZXJfbWdtdCkKLSAgICAgICAgdmFsaWRfZW11X21hc2sgfD0g UENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9QTV9DVFJMX05PX1NPRlRf UkVTRVQ7Ci0KLSAgICB2YWxpZF9lbXVfbWFzayA9IHZhbGlkX2VtdV9tYXNr ICYgdmFsaWRfbWFzayA7Ci0gICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUo KnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIH52YWxpZF9lbXVfbWFzayk7Ci0K LSAgICByZXR1cm4gMDsKLX0KLQotCiAvKiB3cml0ZSBieXRlIHNpemUgZW11 bGF0ZSByZWdpc3RlciAqLwogc3RhdGljIGludCBwdF9ieXRlX3JlZ193cml0 ZShzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKICAgICAgICAgc3RydWN0IHB0X3Jl Z190YmwgKmNmZ19lbnRyeSwKQEAgLTM3NjgsMjEgKzM3NzUsMTcgQEAgc3Rh dGljIGludCBwdF9wbWNzcl9yZWdfd3JpdGUoc3RydWN0IHB0XwogewogICAg IHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZyA9IGNmZ19lbnRyeS0+cmVn OwogICAgIFBDSURldmljZSAqZCA9ICZwdGRldi0+ZGV2OwotICAgIHVpbnQx Nl90IGVtdV9tYXNrID0gcmVnLT5lbXVfbWFzazsKICAgICB1aW50MTZfdCB3 cml0YWJsZV9tYXNrID0gMDsKICAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9t YXNrID0gMDsKICAgICBzdHJ1Y3QgcHRfcG1faW5mbyAqcG1fc3RhdGUgPSBw dGRldi0+cG1fc3RhdGU7CiAgICAgdWludDE2X3QgcmVhZF92YWwgPSAwOwog Ci0gICAgaWYgKCFwdGRldi0+cG93ZXJfbWdtdCkKLSAgICAgICAgZW11X21h c2sgfD0gUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9QTV9DVFJMX05P X1NPRlRfUkVTRVQ7Ci0KICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3Rl ciAqLwotICAgIHdyaXRhYmxlX21hc2sgPSBlbXVfbWFzayAmIH5yZWctPnJv X21hc2sgJiB2YWxpZF9tYXNrOworICAgIHdyaXRhYmxlX21hc2sgPSByZWct PmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7CiAgICAg Y2ZnX2VudHJ5LT5kYXRhID0gUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdf ZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwogCiAgICAgLyogY3JlYXRl IHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8K LSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfmVtdV9tYXNrICYgdmFsaWRfbWFz azsKKyAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2 YWxpZF9tYXNrOwogICAgICp2YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1 ZSwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIGlmICgh cHRkZXYtPnBvd2VyX21nbXQpCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemut-3.patch" Content-Disposition: attachment; filename="xsa131-qemut-3.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb3JyZWN0bHkgaGFuZGxlIFBNIHN0YXR1cyBiaXQKCnhlbl9w dF9wbWNzcl9yZWdfd3JpdGUoKSBuZWVkcyBhbiBhZGp1c3RtZW50IHRvIGRl YWwgd2l0aCB0aGUgUlcxQwpuYXR1cmUgb2YgdGhlIG5vdCBwYXNzZWQgdGhy b3VnaCBiaXQgMTUgKFBDSV9QTV9DVFJMX1BNRV9TVEFUVVMpLgoKVGhpcyBp cyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0EtMTMxLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5jCisrKyBi L2h3L3Bhc3MtdGhyb3VnaC5jCkBAIC0zNzg2LDcgKzM3ODYsOCBAQCBzdGF0 aWMgaW50IHB0X3BtY3NyX3JlZ193cml0ZShzdHJ1Y3QgcHRfCiAKICAgICAv KiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdp c3RlciAqLwogICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFz ayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUo KnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOworICAgICp2 YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlICYgflBD SV9QTV9DVFJMX1BNRV9TVEFUVVMsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICBpZiAoIXB0ZGV2LT5w b3dlcl9tZ210KQogICAgICAgICByZXR1cm4gMDsK --=separator Content-Type: application/octet-stream; name="xsa131-qemut-4.2-1.patch" Content-Disposition: attachment; filename="xsa131-qemut-4.2-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMK KysrIGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTY0OCw3ICs2NDgsNyBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAsCiAgICAgICAgIC5yb19tYXNrICAgID0gMHhGRjhFLAotICAgICAg ICAuZW11X21hc2sgICA9IDB4MDE3RiwKKyAgICAgICAgLmVtdV9tYXNrICAg PSAweDAxN0UsCiAgICAgICAgIC5pbml0ICAgICAgID0gcHRfbXNnY3RybF9y ZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19y ZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHB0X21zZ2N0cmxfcmVnX3dy aXRlLApAQCAtMzg5OSw2ICszODk5LDkgQEAgc3RhdGljIGludCBwdF9tc2dj dHJsX3JlZ193cml0ZShzdHJ1Y3QgcAogCiAgICAgLyogbW9kaWZ5IGVtdWxh dGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVf bWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOworICAgIC8qIGFs c28gZW11bGF0ZSBNU0lfRU5BQkxFIGJpdCBmb3IgTVNJLUlOVHggdHJhbnNs YXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1zaV90cmFuc19lbikKKyAgICAg ICAgd3JpdGFibGVfbWFzayB8PSBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSAmIHZh bGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwog ICAgIC8qIHVwZGF0ZSB0aGUgbXNpX2luZm8gdG9vICovCiAgICAgcHRkZXYt Pm1zaS0+ZmxhZ3MgfD0gY2ZnX2VudHJ5LT5kYXRhICYKQEAgLTM5MDcsNiAr MzkxMCw5IEBAIHN0YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3Ry dWN0IHAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9P IGRldmljZSByZWdpc3RlciAqLwogICAgIHZhbCA9ICp2YWx1ZTsKICAgICB0 aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNr OworICAgIC8qIGRvbid0IHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxFIGJpdCBm b3IgTVNJLUlOVHggdHJhbnNsYXRpb24gKi8KKyAgICBpZiAocHRkZXYtPm1z aV90cmFuc19lbikKKyAgICAgICAgdGhyb3VnaGFibGVfbWFzayAmPSB+UENJ X01TSV9GTEFHU19FTkFCTEU7CiAgICAgKnZhbHVlID0gUFRfTUVSR0VfVkFM VUUoKnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAg ICAgLyogdXBkYXRlIE1TSSAqLwpAQCAtMzk0NiwxMiArMzk1Miw2IEBAIHN0 YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAKICAgICBl bHNlCiAgICAgICAgIHB0ZGV2LT5tc2ktPmZsYWdzICY9IH5QQ0lfTVNJX0ZM QUdTX0VOQUJMRTsKIAotICAgIC8qIHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxF IGJpdCB3aGVuIG5vIE1TSS1JTlR4IHRyYW5zbGF0aW9uICovCi0gICAgaWYg KCFwdGRldi0+bXNpX3RyYW5zX2VuKSB7Ci0gICAgICAgICp2YWx1ZSAmPSB+ UENJX01TSV9GTEFHU19FTkFCTEU7Ci0gICAgICAgICp2YWx1ZSB8PSB2YWwg JiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKLSAgICB9Ci0KICAgICByZXR1cm4g MDsKIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-4.patch" Content-Disposition: attachment; filename="xsa131-qemut-4.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBzcGxpdCBvdXQgY2FsY3VsYXRpb24gb2YgdGhyb3VnaGFibGUg bWFzayBpbiBQQ0kgY29uZmlnIHNwYWNlIGhhbmRsaW5nCgpUaGlzIGlzIGp1 c3QgdG8gYXZvaWQgaGF2aW5nIHRvIGFkanVzdCB0aGF0IGNhbGN1bGF0aW9u IGxhdGVyIGluCm11bHRpcGxlIHBsYWNlcy4KCk5vdGUgdGhhdCBpbmNsdWRp bmcgLT5yb19tYXNrIGluIGdldF90aHJvdWdoYWJsZV9tYXNrKCkncyBjYWxj dWxhdGlvbgppcyBvbmx5IGFuIGFwcGFyZW50IChpLmUuIGJlbmlnbikgYmVo YXZpb3JhbCBjaGFuZ2U6IEZvciByL28gZmllbGRzIGl0CmRvZXNuJ3QgbWF0 dGVyID4gd2hldGhlciB0aGV5IGdldCBwYXNzZWQgdGhyb3VnaCAtIGVpdGhl ciB0aGUgc2FtZSBmbGFnCmlzIGFsc28gc2V0IGluIGVtdV9tYXNrICh0aGVu IHRoZXJlJ3Mgbm8gY2hhbmdlIGF0IGFsbCkgb3IgdGhlIGZpZWxkIGlzCnIv byBpbiBoYXJkd2FyZSAoYW5kIGhlbmNlIGEgd3JpdGUgd29uJ3QgY2hhbmdl IGl0IGFueXdheSkuCgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9y IFhTQS0xMzEuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0 ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpSZXZpZXdlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cgot LS0gYS9ody9wYXNzLXRocm91Z2guYworKysgYi9ody9wYXNzLXRocm91Z2gu YwpAQCAtMzQ0Miw2ICszNDQyLDE1IEBAIHN0YXRpYyBpbnQgcHRfYmFyX3Jl Z19yZWFkKHN0cnVjdCBwdF9kZXYKIH0KIAogCitzdGF0aWMgdWludDMyX3Qg Z2V0X3Rocm91Z2hhYmxlX21hc2soY29uc3Qgc3RydWN0IHB0X2RldiAqcHRk ZXYsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29u c3Qgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHVpbnQzMl90IHZhbGlkX21hc2sp Cit7CisgICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IH4ocmVnLT5l bXVfbWFzayB8IHJlZy0+cm9fbWFzayk7CisKKyAgICByZXR1cm4gdGhyb3Vn aGFibGVfbWFzayAmIHZhbGlkX21hc2s7Cit9CisKIC8qIHdyaXRlIGJ5dGUg c2l6ZSBlbXVsYXRlIHJlZ2lzdGVyICovCiBzdGF0aWMgaW50IHB0X2J5dGVf cmVnX3dyaXRlKHN0cnVjdCBwdF9kZXYgKnB0ZGV2LAogICAgICAgICBzdHJ1 Y3QgcHRfcmVnX3RibCAqY2ZnX2VudHJ5LApAQCAtMzQ0OSwxNCArMzQ1OCwx MyBAQCBzdGF0aWMgaW50IHB0X2J5dGVfcmVnX3dyaXRlKHN0cnVjdCBwdF9k CiB7CiAgICAgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnID0gY2ZnX2Vu dHJ5LT5yZWc7CiAgICAgdWludDhfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAg ICB1aW50OF90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQ4X3Qg dGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHB0ZGV2 LCByZWcsIHZhbGlkX21hc2spOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUg cmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVfbWFz ayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOwogICAgIGNmZ19lbnRy eS0+ZGF0YSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgY2ZnX2VudHJ5LT5k YXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBm b3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAgdGhy b3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRfbWFzazsK ICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRldl92YWx1 ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICByZXR1cm4gMDsKQEAgLTM0 NjksMTQgKzM0NzcsMTMgQEAgc3RhdGljIGludCBwdF93b3JkX3JlZ193cml0 ZShzdHJ1Y3QgcHRfZAogewogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190Ymwg KnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQxNl90IHdyaXRhYmxl X21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAw OworICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3Vn aGFibGVfbWFzayhwdGRldiwgcmVnLCB2YWxpZF9tYXNrKTsKIAogICAgIC8q IG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAgICAgd3JpdGFibGVfbWFz ayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19tYXNrICYgdmFsaWRfbWFz azsKICAgICBjZmdfZW50cnktPmRhdGEgPSBQVF9NRVJHRV9WQUxVRSgqdmFs dWUsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAv KiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdp c3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFz ayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUo KnZhbHVlLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAgICAg cmV0dXJuIDA7CkBAIC0zNDg5LDE0ICszNDk2LDEzIEBAIHN0YXRpYyBpbnQg cHRfbG9uZ19yZWdfd3JpdGUoc3RydWN0IHB0X2QKIHsKICAgICBzdHJ1Y3Qg cHRfcmVnX2luZm9fdGJsICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1 aW50MzJfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJv dWdoYWJsZV9tYXNrID0gMDsKKyAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9t YXNrID0gZ2V0X3Rocm91Z2hhYmxlX21hc2socHRkZXYsIHJlZywgdmFsaWRf bWFzayk7CiAKICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwog ICAgIHdyaXRhYmxlX21hc2sgPSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9f bWFzayAmIHZhbGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRf TUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxl X21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRv IEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNr ID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWx1ZSA9 IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJs ZV9tYXNrKTsKIAogICAgIHJldHVybiAwOwpAQCAtMzUwOSw3ICszNTE1LDcg QEAgc3RhdGljIGludCBwdF9jbWRfcmVnX3dyaXRlKHN0cnVjdCBwdF9kZQog ewogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZyA9IGNmZ19lbnRy eS0+cmVnOwogICAgIHVpbnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAg IHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90 IHRocm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhwdGRl diwgcmVnLCB2YWxpZF9tYXNrKTsKICAgICB1aW50MTZfdCB3cl92YWx1ZSA9 ICp2YWx1ZTsKIAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICov CkBAIC0zNTE3LDggKzM1MjMsNiBAQCBzdGF0aWMgaW50IHB0X2NtZF9yZWdf d3JpdGUoc3RydWN0IHB0X2RlCiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gUFRf TUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxl X21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRv IEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNr ID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotCiAgICAgaWYgKCp2 YWx1ZSAmIFBDSV9DT01NQU5EX0RJU0FCTEVfSU5UeCkKICAgICB7CiAgICAg ICAgIGlmIChwdGRldi0+bXNpX3RyYW5zX2VuKQpAQCAtMzU2NCw3ICszNTY4 LDYgQEAgc3RhdGljIGludCBwdF9iYXJfcmVnX3dyaXRlKHN0cnVjdCBwdF9k ZQogICAgIFBDSURldmljZSAqZCA9IChQQ0lEZXZpY2UgKikmcHRkZXYtPmRl djsKICAgICBQQ0lJT1JlZ2lvbiAqcjsKICAgICB1aW50MzJfdCB3cml0YWJs ZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0g MDsKICAgICB1aW50MzJfdCBiYXJfZW11X21hc2sgPSAwOwogICAgIHVpbnQz Ml90IGJhcl9yb19tYXNrID0gMDsKICAgICB1aW50MzJfdCBuZXdfYWRkciwg bGFzdF9hZGRyOwpAQCAtMzY5MSw4ICszNjk0LDcgQEAgc3RhdGljIGludCBw dF9iYXJfcmVnX3dyaXRlKHN0cnVjdCBwdF9kZQogCiBleGl0OgogICAgIC8q IGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lz dGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5iYXJfZW11X21hc2sg JiB2YWxpZF9tYXNrOwotICAgICp2YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2 YWx1ZSwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKKyAgICAqdmFs dWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRldl92YWx1ZSwgMCk7CiAK ICAgICAvKiBBZnRlciBCQVIgcmVnIHVwZGF0ZSwgd2UgbmVlZCB0byByZW1h cCBCQVIqLwogICAgIHJlZ19ncnBfZW50cnkgPSBwdF9maW5kX3JlZ19ncnAo cHRkZXYsIFBDSV9DT01NQU5EKTsKQEAgLTM3MTksOSArMzcyMSw4IEBAIHN0 YXRpYyBpbnQgcHRfZXhwX3JvbV9iYXJfcmVnX3dyaXRlKHN0cnUKICAgICBQ Q0lEZXZpY2UgKmQgPSAoUENJRGV2aWNlICopJnB0ZGV2LT5kZXY7CiAgICAg UENJSU9SZWdpb24gKnI7CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFzayA9 IDA7Ci0gICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAg dWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9t YXNrKHB0ZGV2LCByZWcsIHZhbGlkX21hc2spOwogICAgIHVpbnQzMl90IHJf c2l6ZSA9IDA7Ci0gICAgdWludDMyX3QgYmFyX2VtdV9tYXNrID0gMDsKICAg ICB1aW50MzJfdCBiYXJfcm9fbWFzayA9IDA7CiAKICAgICByID0gJmQtPmlv X3JlZ2lvbnNbUENJX1JPTV9TTE9UXTsKQEAgLTM3MzEsNyArMzczMiw2IEBA IHN0YXRpYyBpbnQgcHRfZXhwX3JvbV9iYXJfcmVnX3dyaXRlKHN0cnUKICAg ICBQVF9HRVRfRU1VTF9TSVpFKGJhc2UtPmJhcl9mbGFnLCByX3NpemUpOwog CiAgICAgLyogc2V0IGVtdWxhdGUgbWFzayBhbmQgcmVhZC1vbmx5IG1hc2sg Ki8KLSAgICBiYXJfZW11X21hc2sgPSByZWctPmVtdV9tYXNrOwogICAgIGJh cl9yb19tYXNrID0gKHJlZy0+cm9fbWFzayB8IChyX3NpemUgLSAxKSkgJiB+ UENJX1JPTV9BRERSRVNTX0VOQUJMRTsKIAogICAgIC8qIG1vZGlmeSBlbXVs YXRlIHJlZ2lzdGVyICovCkBAIC0zNzUxLDcgKzM3NTEsNiBAQCBzdGF0aWMg aW50IHB0X2V4cF9yb21fYmFyX3JlZ193cml0ZShzdHJ1CiAgICAgICAgIHIt PmFkZHIgPSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFs dWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAg IHRocm91Z2hhYmxlX21hc2sgPSB+YmFyX2VtdV9tYXNrICYgdmFsaWRfbWFz azsKICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRldl92 YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiBBZnRlciBCQVIg cmVnIHVwZGF0ZSwgd2UgbmVlZCB0byByZW1hcCBCQVIqLwpAQCAtMzc3Niw3 ICszNzc1LDcgQEAgc3RhdGljIGludCBwdF9wbWNzcl9yZWdfd3JpdGUoc3Ry dWN0IHB0XwogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZyA9IGNm Z19lbnRyeS0+cmVnOwogICAgIFBDSURldmljZSAqZCA9ICZwdGRldi0+ZGV2 OwogICAgIHVpbnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQx Nl90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90IHRocm91 Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhwdGRldiwgcmVn LCB2YWxpZF9tYXNrKTsKICAgICBzdHJ1Y3QgcHRfcG1faW5mbyAqcG1fc3Rh dGUgPSBwdGRldi0+cG1fc3RhdGU7CiAgICAgdWludDE2X3QgcmVhZF92YWwg PSAwOwogCkBAIC0zNzg1LDcgKzM3ODQsNiBAQCBzdGF0aWMgaW50IHB0X3Bt Y3NyX3JlZ193cml0ZShzdHJ1Y3QgcHRfCiAgICAgY2ZnX2VudHJ5LT5kYXRh ID0gUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIHdy aXRhYmxlX21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0 aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJs ZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2 YWx1ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlICYgflBD SV9QTV9DVFJMX1BNRV9TVEFUVVMsCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgdGhyb3VnaGFibGVfbWFzayk7CiAKQEAgLTM4OTQsNyArMzg5Miw3 IEBAIHN0YXRpYyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAK IHsKICAgICBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsICpyZWcgPSBjZmdfZW50 cnktPnJlZzsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAg ICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKKyAgICB1aW50MTZf dCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Rocm91Z2hhYmxlX21hc2socHRk ZXYsIHJlZywgdmFsaWRfbWFzayk7CiAgICAgdWludDE2X3Qgb2xkX2N0cmwg PSBjZmdfZW50cnktPmRhdGE7CiAgICAgUENJRGV2aWNlICpwZCA9IChQQ0lE ZXZpY2UgKilwdGRldjsKICAgICB1aW50MTZfdCB2YWw7CkBAIC0zOTA2LDgg KzM5MDQsMTAgQEAgc3RhdGljIGludCBwdF9tc2djdHJsX3JlZ193cml0ZShz dHJ1Y3QgcAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAg ICAgd3JpdGFibGVfbWFzayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19t YXNrICYgdmFsaWRfbWFzazsKICAgICAvKiBhbHNvIGVtdWxhdGUgTVNJX0VO QUJMRSBiaXQgZm9yIE1TSS1JTlR4IHRyYW5zbGF0aW9uICovCi0gICAgaWYg KHB0ZGV2LT5tc2lfdHJhbnNfZW4pCisgICAgaWYgKHB0ZGV2LT5tc2lfdHJh bnNfZW4pIHsKICAgICAgICAgd3JpdGFibGVfbWFzayB8PSBQQ0lfTVNJX0ZM QUdTX0VOQUJMRSAmIHZhbGlkX21hc2s7CisgICAgICAgIHRocm91Z2hhYmxl X21hc2sgJj0gflBDSV9NU0lfRkxBR1NfRU5BQkxFOworICAgIH0KICAgICBj ZmdfZW50cnktPmRhdGEgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGNmZ19l bnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAgICAgLyogdXBkYXRlIHRo ZSBtc2lfaW5mbyB0b28gKi8KICAgICBwdGRldi0+bXNpLT5mbGFncyB8PSBj ZmdfZW50cnktPmRhdGEgJgpAQCAtMzkxNSwxMCArMzkxNSw2IEBAIHN0YXRp YyBpbnQgcHRfbXNnY3RybF9yZWdfd3JpdGUoc3RydWN0IHAKIAogICAgIC8q IGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lz dGVyICovCiAgICAgdmFsID0gKnZhbHVlOwotICAgIHRocm91Z2hhYmxlX21h c2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgLyogZG9u J3QgcGFzcyB0aHJvdWdoIE1TSV9FTkFCTEUgYml0IGZvciBNU0ktSU5UeCB0 cmFuc2xhdGlvbiAqLwotICAgIGlmIChwdGRldi0+bXNpX3RyYW5zX2VuKQot ICAgICAgICB0aHJvdWdoYWJsZV9tYXNrICY9IH5QQ0lfTVNJX0ZMQUdTX0VO QUJMRTsKICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiB1cGRhdGUg TVNJICovCkBAIC0zOTcyLDcgKzM5NjgsNiBAQCBzdGF0aWMgaW50IHB0X21z Z2FkZHIzMl9yZWdfd3JpdGUoc3RydWN0CiB7CiAgICAgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDMy X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDMyX3QgdGhyb3VnaGFi bGVfbWFzayA9IDA7CiAgICAgdWludDMyX3Qgb2xkX2FkZHIgPSBjZmdfZW50 cnktPmRhdGE7CiAKICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAq LwpAQCAtMzk4Miw4ICszOTc3LDcgQEAgc3RhdGljIGludCBwdF9tc2dhZGRy MzJfcmVnX3dyaXRlKHN0cnVjdAogICAgIHB0ZGV2LT5tc2ktPmFkZHJfbG8g PSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9y IHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91 Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0g ICAgKnZhbHVlID0gUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBkZXZfdmFsdWUs IHRocm91Z2hhYmxlX21hc2spOworICAgICp2YWx1ZSA9IFBUX01FUkdFX1ZB TFVFKCp2YWx1ZSwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBN U0kgKi8KICAgICBpZiAoY2ZnX2VudHJ5LT5kYXRhICE9IG9sZF9hZGRyKQpA QCAtNDAwMiw3ICszOTk2LDYgQEAgc3RhdGljIGludCBwdF9tc2dhZGRyNjRf cmVnX3dyaXRlKHN0cnVjdAogewogICAgIHN0cnVjdCBwdF9yZWdfaW5mb190 YmwgKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQzMl90IHdyaXRh YmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21hc2sg PSAwOwogICAgIHVpbnQzMl90IG9sZF9hZGRyID0gY2ZnX2VudHJ5LT5kYXRh OwogCiAgICAgLyogY2hlY2sgd2hldGhlciB0aGUgdHlwZSBpcyA2NCBiaXQg b3Igbm90ICovCkBAIC00MDIwLDggKzQwMTMsNyBAQCBzdGF0aWMgaW50IHB0 X21zZ2FkZHI2NF9yZWdfd3JpdGUoc3RydWN0CiAgICAgcHRkZXYtPm1zaS0+ YWRkcl9oaSA9IGNmZ19lbnRyeS0+ZGF0YTsKIAogICAgIC8qIGNyZWF0ZSB2 YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0g ICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRf bWFzazsKLSAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CisgICAgKnZhbHVlID0gUFRf TUVSR0VfVkFMVUUoKnZhbHVlLCBkZXZfdmFsdWUsIDApOwogCiAgICAgLyog dXBkYXRlIE1TSSAqLwogICAgIGlmIChjZmdfZW50cnktPmRhdGEgIT0gb2xk X2FkZHIpCkBAIC00MDQxLDcgKzQwMzMsNiBAQCBzdGF0aWMgaW50IHB0X21z Z2RhdGFfcmVnX3dyaXRlKHN0cnVjdCBwCiB7CiAgICAgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDE2 X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3VnaGFi bGVfbWFzayA9IDA7CiAgICAgdWludDE2X3Qgb2xkX2RhdGEgPSBjZmdfZW50 cnktPmRhdGE7CiAgICAgdWludDMyX3QgZmxhZ3MgPSBwdGRldi0+bXNpLT5m bGFnczsKICAgICB1aW50MzJfdCBvZmZzZXQgPSByZWctPm9mZnNldDsKQEAg LTQwNjIsOCArNDA1Myw3IEBAIHN0YXRpYyBpbnQgcHRfbXNnZGF0YV9yZWdf d3JpdGUoc3RydWN0IHAKICAgICBwdGRldi0+bXNpLT5kYXRhID0gY2ZnX2Vu dHJ5LT5kYXRhOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5n IHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9t YXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWx1 ZSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgZGV2X3ZhbHVlLCB0aHJvdWdo YWJsZV9tYXNrKTsKKyAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFs dWUsIGRldl92YWx1ZSwgMCk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCiAg ICAgaWYgKGNmZ19lbnRyeS0+ZGF0YSAhPSBvbGRfZGF0YSkKQEAgLTQwODIs NyArNDA3Miw3IEBAIHN0YXRpYyBpbnQgcHRfbXNpeGN0cmxfcmVnX3dyaXRl KHN0cnVjdCAKIHsKICAgICBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsICpyZWcg PSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNr ID0gMDsKLSAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKKyAg ICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Rocm91Z2hhYmxl X21hc2socHRkZXYsIHJlZywgdmFsaWRfbWFzayk7CiAgICAgdWludDE2X3Qg b2xkX2N0cmwgPSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBtb2RpZnkg ZW11bGF0ZSByZWdpc3RlciAqLwpAQCAtNDA5MCw3ICs0MDgwLDYgQEAgc3Rh dGljIGludCBwdF9tc2l4Y3RybF9yZWdfd3JpdGUoc3RydWN0IAogICAgIGNm Z19lbnRyeS0+ZGF0YSA9IFBUX01FUkdFX1ZBTFVFKCp2YWx1ZSwgY2ZnX2Vu dHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNyZWF0ZSB2 YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0g ICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRf bWFzazsKICAgICAqdmFsdWUgPSBQVF9NRVJHRV9WQUxVRSgqdmFsdWUsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiB1cGRhdGUg TVNJLVggKi8K --=separator Content-Type: application/octet-stream; name="xsa131-qemut-5.patch" Content-Disposition: attachment; filename="xsa131-qemut-5.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIGFsbCBQQ0llIGNhcGFiaWxpdHkgYml0cyByZWFkLW9u bHkKCnhlbl9wdF9lbXVfcmVnX3BjaWVbXSdzIFBDSV9FWFBfREVWQ0FQIG5l ZWRzIHRvIGNvdmVyIGFsbCBiaXRzIGFzIHJlYWQtCm9ubHkgdG8gYXZvaWQg dW5pbnRlbmRlZCB3cml0ZS1iYWNrIChqdXN0IGEgcHJlY2F1dGlvbiwgdGhl IGZpZWxkIG91Z2h0CnRvIGJlIHJlYWQtb25seSBpbiBoYXJkd2FyZSkuCgpU aGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpTaWdu ZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMK KysrIGIvaHcvcGFzcy10aHJvdWdoLmMKQEAgLTU3Nyw3ICs1NzcsNyBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5vZmZzZXQgICAgID0gUENJX0VYUF9ERVZDQVAsCiAgICAgICAgIC5z aXplICAgICAgID0gNCwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAw MDAwLAotICAgICAgICAucm9fbWFzayAgICA9IDB4MUZGQ0ZGRkYsCisgICAg ICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZGRiwKICAgICAgICAgLmVtdV9t YXNrICAgPSAweDEwMDAwMDAwLAogICAgICAgICAuaW5pdCAgICAgICA9IHB0 X2NvbW1vbl9yZWdfaW5pdCwKICAgICAgICAgLnUuZHcucmVhZCAgPSBwdF9s b25nX3JlZ19yZWFkLAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-6.patch" Content-Disposition: attachment; filename="xsa131-qemut-6.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIHJlc2VydmVkIGJpdHMgaW4gUENJIGNvbmZpZyBzcGFj ZSBmaWVsZHMKClRoZSBhZGp1c3RtZW50cyBhcmUgc29sZWx5IHRvIG1ha2Ug dGhlIHN1YnNlcXVlbnQgcGF0Y2hlcyB3b3JrIHJpZ2h0CihhbmQgaGVuY2Ug bWFrZSB0aGUgcGF0Y2ggc2V0IGNvbnNpc3RlbnQpLCBuYW1lbHkgaWYgcGVy bWlzc2l2ZSBtb2RlCihpbnRyb2R1Y2VkIGJ5IHRoZSBsYXN0IHBhdGNoKSBn ZXRzIHVzZWQgKGFzIGJvdGggcmVzZXJ2ZWQgcmVnaXN0ZXJzCmFuZCByZXNl cnZlZCBmaWVsZHMgbXVzdCBiZSBzaW1pbGFybHkgcHJvdGVjdGVkIGZyb20g Z3Vlc3QgYWNjZXNzIGluCmRlZmF1bHQgbW9kZSwgYnV0IHRoZSBndWVzdCBz aG91bGQgYmUgYWxsb3dlZCBhY2Nlc3MgdG8gdGhlbSBpbgpwZXJtaXNzaXZl IG1vZGUpLgoKVGhpcyBpcyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgoKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMKKysrIGIvaHcvcGFz cy10aHJvdWdoLmMKQEAgLTI4Myw3ICsyODMsNyBAQCBzdGF0aWMgc3RydWN0 IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAgICAgIC5vZmZzZXQg ICAgID0gUENJX0NPTU1BTkQsCiAgICAgICAgIC5zaXplICAgICAgID0gMiwK ICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAsCi0gICAgICAgIC5yb19t YXNrICAgID0gMHhGODgwLAorICAgICAgICAucmVzX21hc2sgICA9IDB4Rjg4 MCwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDA3NDMsCiAgICAgICAgIC5p bml0ICAgICAgID0gcHRfY29tbW9uX3JlZ19pbml0LAogICAgICAgICAudS53 LnJlYWQgICA9IHB0X3dvcmRfcmVnX3JlYWQsCkBAIC0zMTAsNyArMzEwLDgg QEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwog ICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9TVEFUVVMsCiAgICAgICAgIC5z aXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAs Ci0gICAgICAgIC5yb19tYXNrICAgID0gMHgwNkZGLAorICAgICAgICAucmVz X21hc2sgICA9IDB4MDAwNywKKyAgICAgICAgLnJvX21hc2sgICAgPSAweDA2 RjgsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDEwLAogICAgICAgICAu aW5pdCAgICAgICA9IHB0X3N0YXR1c19yZWdfaW5pdCwKICAgICAgICAgLnUu dy5yZWFkICAgPSBwdF93b3JkX3JlZ19yZWFkLApAQCAtNDk2LDcgKzQ5Nyw4 IEBAIHN0YXRpYyBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsIHB0X2VtdV9yZWcK ICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfUE1fQ1RSTCwKICAgICAgICAg LnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAw OCwKLSAgICAgICAgLnJvX21hc2sgICAgPSAweEUxRkMsCisgICAgICAgIC5y ZXNfbWFzayAgID0gMHgwMEYwLAorICAgICAgICAucm9fbWFzayAgICA9IDB4 RTEwQywKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDgxMDAsCiAgICAgICAg IC5pbml0ICAgICAgID0gcHRfcG1jc3JfcmVnX2luaXQsCiAgICAgICAgIC51 LncucmVhZCAgID0gcHRfd29yZF9yZWdfcmVhZCwKQEAgLTUwOCw3ICs1MTAs OCBAQCBzdGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVn CiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX1BNX0NUUkwsCiAgICAgICAg IC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAw MDgsCi0gICAgICAgIC5yb19tYXNrICAgID0gMHhFMUZDLAorICAgICAgICAu cmVzX21hc2sgICA9IDB4MDBGMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eEUxMEMsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHg4MTBCLAogICAgICAg ICAuaW5pdCAgICAgICA9IHB0X3BtY3NyX3JlZ19pbml0LAogICAgICAgICAu dS53LnJlYWQgICA9IHB0X3dvcmRfcmVnX3JlYWQsCkBAIC02NTYsNyArNjU5 LDggQEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3Jl ZwogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfRkxBR1MsIC8vIDIK ICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwg ICA9IDB4MDAwMCwKLSAgICAgICAgLnJvX21hc2sgICAgPSAweEZGOEUsCisg ICAgICAgIC5yZXNfbWFzayAgID0gMHhGRTAwLAorICAgICAgICAucm9fbWFz ayAgICA9IDB4MDE4RSwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDAxN0Us CiAgICAgICAgIC5pbml0ICAgICAgID0gcHRfbXNnY3RybF9yZWdfaW5pdCwK ICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3JlZ19yZWFkLApAQCAt Nzc5LDcgKzc4Myw4IEBAIHN0YXRpYyBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJs IHB0X2VtdV9yZWcKICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfTVNJX0ZM QUdTLCAvLyAyCiAgICAgICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAg LmluaXRfdmFsICAgPSAweDAwMDAsCi0gICAgICAgIC5yb19tYXNrICAgID0g MHgzRkZGLAorICAgICAgICAucmVzX21hc2sgICA9IDB4MzgwMCwKKyAgICAg ICAgLnJvX21hc2sgICAgPSAweDA3RkYsCiAgICAgICAgIC5lbXVfbWFzayAg ID0gMHgwMDAwLAogICAgICAgICAuaW5pdCAgICAgICA9IHB0X21zaXhjdHJs X3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9IHB0X3dvcmRfcmVn X3JlYWQsCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5oCisrKyBiL2h3L3Bhc3Mt dGhyb3VnaC5oCkBAIC0zNzYsNiArMzc2LDggQEAgc3RydWN0IHB0X3JlZ19p bmZvX3RibCB7CiAgICAgdWludDMyX3Qgc2l6ZTsKICAgICAvKiByZWcgaW5p dGlhbCB2YWx1ZSAqLwogICAgIHVpbnQzMl90IGluaXRfdmFsOworICAgIC8q IHJlZyByZXNlcnZlZCBmaWVsZCBtYXNrIChPTjpyZXNlcnZlZCwgT0ZGOmRl ZmluZWQpICovCisgICAgdWludDMyX3QgcmVzX21hc2s7CiAgICAgLyogcmVn IHJlYWQgb25seSBmaWVsZCBtYXNrIChPTjpSTy9ST1MsIE9GRjpvdGhlcikg Ki8KICAgICB1aW50MzJfdCByb19tYXNrOwogICAgIC8qIHJlZyBlbXVsYXRl IGZpZWxkIG1hc2sgKE9OOmVtdSwgT0ZGOnBhc3N0aHJvdWdoKSAqLwo= --=separator Content-Type: application/octet-stream; name="xsa131-qemut-7.patch" Content-Disposition: attachment; filename="xsa131-qemut-7.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBhZGQgYSBmZXcgUENJIGNvbmZpZyBzcGFjZSBmaWVsZCBkZXNj cmlwdGlvbnMKClNpbmNlIHRoZSBuZXh0IHBhdGNoIHdpbGwgdHVybiBhbGwg bm90IGV4cGxpY2l0bHkgZGVzY3JpYmVkIGZpZWxkcwpyZWFkLW9ubHkgYnkg ZGVmYXVsdCwgdGhvc2UgZmllbGRzIHRoYXQgaGF2ZSBndWVzdCB3cml0YWJs ZSBiaXRzIG5lZWQKdG8gYmUgZ2l2ZW4gZXhwbGljaXQgZGVzY3JpcHRvcnMu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CgotLS0gYS9ody9wYXNzLXRocm91Z2guYworKysgYi9ody9wYXNzLXRocm91 Z2guYwpAQCAtNTM4LDYgKzUzOCwxNiBAQCBzdGF0aWMgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAgICAgIC51LmIucmVzdG9yZSAg PSBOVUxMLAogICAgIH0sCiAgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9WUERfQUREUiwKKyAgICAgICAgLnNpemUgICAgICAgPSAyLAorICAg ICAgICAucm9fbWFzayAgICA9IDB4MDAwMywKKyAgICAgICAgLmVtdV9tYXNr ICAgPSAweDAwMDMsCisgICAgICAgIC5pbml0ICAgICAgID0gcHRfY29tbW9u X3JlZ19pbml0LAorICAgICAgICAudS53LnJlYWQgICA9IHB0X3dvcmRfcmVn X3JlYWQsCisgICAgICAgIC51Lncud3JpdGUgID0gcHRfd29yZF9yZWdfd3Jp dGUsCisgICAgICAgIC51LncucmVzdG9yZSA9IHB0X3dvcmRfcmVnX3Jlc3Rv cmUsCisgICAgfSwKKyAgICB7CiAgICAgICAgIC5zaXplID0gMCwKICAgICB9 LAogfTsKQEAgLTU5OSw2ICs2MDksMTcgQEAgc3RhdGljIHN0cnVjdCBwdF9y ZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAudS53LndyaXRlICA9 IHB0X3dvcmRfcmVnX3dyaXRlLAogICAgICAgICAudS53LnJlc3RvcmUgID0g cHRfd29yZF9yZWdfcmVzdG9yZSwKICAgICB9LAorICAgIC8qIERldmljZSBT dGF0dXMgcmVnICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9IFBD SV9FWFBfREVWU1RBLAorICAgICAgICAuc2l6ZSAgICAgICA9IDIsCisgICAg ICAgIC5yZXNfbWFzayAgID0gMHhGRkMwLAorICAgICAgICAucm9fbWFzayAg ICA9IDB4MDAzMCwKKyAgICAgICAgLmluaXQgICAgICAgPSBwdF9jb21tb25f cmVnX2luaXQsCisgICAgICAgIC51LncucmVhZCAgID0gcHRfd29yZF9yZWdf cmVhZCwKKyAgICAgICAgLnUudy53cml0ZSAgPSBwdF93b3JkX3JlZ193cml0 ZSwKKyAgICAgICAgLnUudy5yZXN0b3JlICA9IHB0X3dvcmRfcmVnX3Jlc3Rv cmUsCisgICAgfSwKICAgICAvKiBMaW5rIENvbnRyb2wgcmVnICovCiAgICAg ewogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9FWFBfTE5LQ1RMLApAQCAt NjExLDYgKzYzMiwxNiBAQCBzdGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3Ri bCBwdF9lbXVfcmVnCiAgICAgICAgIC51Lncud3JpdGUgID0gcHRfd29yZF9y ZWdfd3JpdGUsCiAgICAgICAgIC51LncucmVzdG9yZSAgPSBwdF93b3JkX3Jl Z19yZXN0b3JlLAogICAgIH0sCisgICAgLyogTGluayBTdGF0dXMgcmVnICov CisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9FWFBfTE5LU1RB LAorICAgICAgICAuc2l6ZSAgICAgICA9IDIsCisgICAgICAgIC5yb19tYXNr ICAgID0gMHgzRkZGLAorICAgICAgICAuaW5pdCAgICAgICA9IHB0X2NvbW1v bl9yZWdfaW5pdCwKKyAgICAgICAgLnUudy5yZWFkICAgPSBwdF93b3JkX3Jl Z19yZWFkLAorICAgICAgICAudS53LndyaXRlICA9IHB0X3dvcmRfcmVnX3dy aXRlLAorICAgICAgICAudS53LnJlc3RvcmUgPSBwdF93b3JkX3JlZ19yZXN0 b3JlLAorICAgIH0sCiAgICAgLyogRGV2aWNlIENvbnRyb2wgMiByZWcgKi8K ICAgICB7CiAgICAgICAgIC5vZmZzZXQgICAgID0gMHgyOCwKLS0tIGEvaHcv cGFzcy10aHJvdWdoLmgKKysrIGIvaHcvcGFzcy10aHJvdWdoLmgKQEAgLTEw NSw2ICsxMDUsMTQgQEAKICNkZWZpbmUgUENJX0VYUF9UWVBFX1JPT1RfRUMg ICAgIDB4YQogI2VuZGlmCiAKKyNpZm5kZWYgUENJX1ZQRF9BRERSCisvKiBW aXRhbCBQcm9kdWN0IERhdGEgKi8KKyNkZWZpbmUgUENJX1ZQRF9BRERSCQky CS8qIEFkZHJlc3MgdG8gYWNjZXNzICgxNSBiaXRzISkgKi8KKyNkZWZpbmUg IFBDSV9WUERfQUREUl9NQVNLCTB4N2ZmZgkvKiBBZGRyZXNzIG1hc2sgKi8K KyNkZWZpbmUgIFBDSV9WUERfQUREUl9GCQkweDgwMDAJLyogV3JpdGUgMCwg MSBpbmRpY2F0ZXMgY29tcGxldGlvbiAqLworI2RlZmluZSBQQ0lfVlBEX0RB VEEJCTQJLyogMzItYml0cyBvZiBkYXRhIHJldHVybmVkIGhlcmUgKi8KKyNl bmRpZgorCiAjaWZuZGVmIFBDSV9FUlJfVU5DT1JfTUFTSwogLyogVW5jb3Jy ZWN0YWJsZSBFcnJvciBNYXNrICovCiAjZGVmaW5lIFBDSV9FUlJfVU5DT1Jf TUFTSyAgICAgIDgK --=separator Content-Type: application/octet-stream; name="xsa131-qemut-8.patch" Content-Disposition: attachment; filename="xsa131-qemut-8.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiB1bmtub3duIFBDSSBjb25maWcgc3BhY2UgZmllbGRzIHNob3Vs ZCBiZSByZWFkLW9ubHkKCi4uLiBieSBkZWZhdWx0LiBBZGQgYSBwZXItZGV2 aWNlICJwZXJtaXNzaXZlIiBtb2RlIHNpbWlsYXIgdG8gcGNpYmFjaydzCnRv IGFsbG93IHJlc3RvcmluZyBwcmV2aW91cyBiZWhhdmlvciAoYW5kIGhlbmNl IGJyZWFrIHNlY3VyaXR5IGFnYWluLAppLmUuIHNob3VsZCBiZSB1c2VkIG9u bHkgZm9yIHRydXN0ZWQgZ3Vlc3RzKS4KClRoaXMgaXMgcGFydCBvZiBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgpBY2tlZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5v LnN0YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEFudGhv bnkgUEVSQVJEIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPikKCi0tLSBh L2h3L3Bhc3MtdGhyb3VnaC5jCisrKyBiL2h3L3Bhc3MtdGhyb3VnaC5jCkBA IC0xNjEzLDEwICsxNjEzLDEwIEBAIHN0YXRpYyB2b2lkIHB0X3BjaV93cml0 ZV9jb25maWcoUENJRGV2aWMKICAgICB1aW50MzJfdCBmaW5kX2FkZHIgPSBh ZGRyZXNzOwogICAgIHVpbnQzMl90IHJlYWxfb2Zmc2V0ID0gMDsKICAgICB1 aW50MzJfdCB2YWxpZF9tYXNrID0gMHhGRkZGRkZGRjsKLSAgICB1aW50MzJf dCByZWFkX3ZhbCA9IDAsIHdiX21hc2s7CisgICAgdWludDMyX3QgcmVhZF92 YWwgPSAwLCB3Yl9tYXNrLCB3cF9tYXNrOwogICAgIHVpbnQ4X3QgKnB0cl92 YWwgPSBOVUxMOwogICAgIGludCBlbXVsX2xlbiA9IDA7Ci0gICAgaW50IGlu ZGV4ID0gMDsKKyAgICBpbnQgaW5kZXggPSAwLCB3cF9mbGFnID0gMDsKICAg ICBpbnQgcmV0ID0gMDsKIAogI2lmZGVmIFBUX0RFQlVHX1BDSV9DT05GSUdf QUNDRVNTCkBAIC0xNjk1LDcgKzE2OTUsMTQgQEAgc3RhdGljIHZvaWQgcHRf cGNpX3dyaXRlX2NvbmZpZyhQQ0lEZXZpYwogCiAgICAgLyogcGFzcyBkaXJl Y3RseSB0byBsaWJwY2kgZm9yIHBhc3N0aHJvdWdoIHR5cGUgcmVnaXN0ZXIg Z3JvdXAgKi8KICAgICBpZiAocmVnX2dycF9lbnRyeSA9PSBOVUxMKQorICAg IHsKKyAgICAgICAgaWYgKCFhc3NpZ25lZF9kZXZpY2UtPnBlcm1pc3NpdmUp CisgICAgICAgIHsKKyAgICAgICAgICAgIHdiX21hc2sgPSAwOworICAgICAg ICAgICAgd3BfZmxhZyA9IDE7CisgICAgICAgIH0KICAgICAgICAgZ290byBv dXQ7CisgICAgfQogCiAgICAgLyogYWRqdXN0IHRoZSByZWFkIGFuZCB3cml0 ZSB2YWx1ZSB0byBhcHByb3ByaWF0ZSBDRkMtQ0ZGIHdpbmRvdyAqLwogICAg IHJlYWRfdmFsIDw8PSAoKGFkZHJlc3MgJiAzKSA8PCAzKTsKQEAgLTE3MTQs MTEgKzE3MjEsMTIgQEAgc3RhdGljIHZvaWQgcHRfcGNpX3dyaXRlX2NvbmZp ZyhQQ0lEZXZpYwogICAgICAgICAgICAgdmFsaWRfbWFzayA9ICgweEZGRkZG RkZGID4+ICgoNCAtIGVtdWxfbGVuKSA8PCAzKSk7CiAgICAgICAgICAgICB2 YWxpZF9tYXNrIDw8PSAoKGZpbmRfYWRkciAtIHJlYWxfb2Zmc2V0KSA8PCAz KTsKICAgICAgICAgICAgIHB0cl92YWwgPSAoKHVpbnQ4X3QgKikmdmFsICsg KHJlYWxfb2Zmc2V0ICYgMykpOwotICAgICAgICAgICAgaWYgKHJlZy0+ZW11 X21hc2sgPT0gKDB4RkZGRkZGRkYgPj4gKCg0IC0gcmVnLT5zaXplKSA8PCAz KSkpIHsKLSAgICAgICAgICAgICAgICB3Yl9tYXNrICY9IH4oKHJlZy0+ZW11 X21hc2sKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID4+ICgoZmlu ZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMpKQorICAgICAgICAgICAgd3Bf bWFzayA9IHJlZy0+ZW11X21hc2sgfCByZWctPnJvX21hc2s7CisgICAgICAg ICAgICBpZiAoIWFzc2lnbmVkX2RldmljZS0+cGVybWlzc2l2ZSkKKyAgICAg ICAgICAgICAgICB3cF9tYXNrIHw9IHJlZy0+cmVzX21hc2s7CisgICAgICAg ICAgICBpZiAod3BfbWFzayA9PSAoMHhGRkZGRkZGRiA+PiAoKDQgLSByZWct PnNpemUpIDw8IDMpKSkKKyAgICAgICAgICAgICAgICB3Yl9tYXNrICY9IH4o KHdwX21hc2sgPj4gKChmaW5kX2FkZHIgLSByZWFsX29mZnNldCkgPDwgMykp CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDw8ICgobGVuIC0gZW11 bF9sZW4pIDw8IDMpKTsKLSAgICAgICAgICAgIH0KIAogICAgICAgICAgICAg LyogZG8gZW11bGF0aW9uIGRlcGVuZCBvbiByZWdpc3RlciBzaXplICovCiAg ICAgICAgICAgICBzd2l0Y2ggKHJlZy0+c2l6ZSkgewpAQCAtMTc2Nyw2ICsx Nzc1LDE2IEBAIHN0YXRpYyB2b2lkIHB0X3BjaV93cml0ZV9jb25maWcoUENJ RGV2aWMKICAgICAgICAgICAgIC8qIG5vdGhpbmcgdG8gZG8gd2l0aCBwYXNz dGhyb3VnaCB0eXBlIHJlZ2lzdGVyLAogICAgICAgICAgICAgICogY29udGlu dWUgdG8gZmluZCBuZXh0IGJ5dGUKICAgICAgICAgICAgICAqLworICAgICAg ICAgICAgaWYgKCFhc3NpZ25lZF9kZXZpY2UtPnBlcm1pc3NpdmUpCisgICAg ICAgICAgICB7CisgICAgICAgICAgICAgICAgd2JfbWFzayAmPSB+KDB4ZmYg PDwgKChsZW4gLSBlbXVsX2xlbikgPDwgMykpOworICAgICAgICAgICAgICAg IC8qIFVudXNlZCBCQVJzIHdpbGwgbWFrZSBpdCBoZXJlLCBidXQgd2UgZG9u J3Qgd2FudCB0byBpc3N1ZQorICAgICAgICAgICAgICAgICAqIHdhcm5pbmdz IGZvciB3cml0ZXMgdG8gdGhlbSAoYm9ndXMgd3JpdGVzIGdldCBkZWFsdCB3 aXRoCisgICAgICAgICAgICAgICAgICogYWJvdmUpLgorICAgICAgICAgICAg ICAgICAqLworICAgICAgICAgICAgICAgIGlmIChpbmRleCA8IDApCisgICAg ICAgICAgICAgICAgICAgIHdwX2ZsYWcgPSAxOworICAgICAgICAgICAgfQog ICAgICAgICAgICAgZW11bF9sZW4tLTsKICAgICAgICAgICAgIGZpbmRfYWRk cisrOwogICAgICAgICB9CkBAIC0xNzc2LDYgKzE3OTQsMTUgQEAgc3RhdGlj IHZvaWQgcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lEZXZpYwogICAgIHZhbCA+ Pj0gKChhZGRyZXNzICYgMykgPDwgMyk7CiAKIG91dDoKKyAgICBpZiAod3Bf ZmxhZyAmJiAhYXNzaWduZWRfZGV2aWNlLT5wZXJtaXNzaXZlX3dhcm5lZCkK KyAgICB7CisgICAgICAgIGFzc2lnbmVkX2RldmljZS0+cGVybWlzc2l2ZV93 YXJuZWQgPSAxOworICAgICAgICBQVF9MT0coIldyaXRlLWJhY2sgdG8gdW5r bm93biBmaWVsZCAweCUwMnggKHBhcnRpYWxseSkgaW5oaWJpdGVkICgweCUw KngpXG4iLAorICAgICAgICAgICAgICAgYWRkciwgbGVuICogMiwgd2JfbWFz ayk7CisgICAgICAgIFBUX0xPRygiSWYgZGV2aWNlICUwMng6JTAyeC4lbyBk b2Vzbid0IHdvcmssIHRyeSBlbmFibGluZyBwZXJtaXNzaXZlXG4iLAorICAg ICAgICAgICAgICAgcGNpX2J1c19udW0oZC0+YnVzKSwgUENJX1NMT1QoZC0+ ZGV2Zm4pLCBQQ0lfRlVOQyhkLT5kZXZmbikpOworICAgICAgICBQVF9MT0co Im1vZGUgKHVuc2FmZSkgYW5kIGlmIGl0IGhlbHBzIHJlcG9ydCB0aGUgcHJv YmxlbSB0byB4ZW4tZGV2ZWxcbiIpOworICAgIH0KICAgICBmb3IgKGluZGV4 ID0gMDsgd2JfbWFzazsgaW5kZXggKz0gbGVuKSB7CiAgICAgICAgIC8qIHVu a25vd24gcmVncyBhcmUgcGFzc2VkIHRocm91Z2ggKi8KICAgICAgICAgd2hp bGUgKCEod2JfbWFzayAmIDB4ZmYpKSB7CkBAIC0zNDg0LDYgKzM1MTEsOSBA QCBzdGF0aWMgdWludDMyX3QgZ2V0X3Rocm91Z2hhYmxlX21hc2soY29uCiB7 CiAgICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IH4ocmVnLT5lbXVf bWFzayB8IHJlZy0+cm9fbWFzayk7CiAKKyAgICBpZiAoIXB0ZGV2LT5wZXJt aXNzaXZlKQorICAgICAgICB0aHJvdWdoYWJsZV9tYXNrICY9IH5yZWctPnJl c19tYXNrOworCiAgICAgcmV0dXJuIHRocm91Z2hhYmxlX21hc2sgJiB2YWxp ZF9tYXNrOwogfQogCkBAIC00MzIyLDcgKzQzNTIsNyBAQCBzdGF0aWMgc3Ry dWN0IHB0X2RldiAqIHJlZ2lzdGVyX3JlYWxfZGV2CiAgICAgdWludDhfdCBl X2RldmljZSwgZV9pbnR4OwogICAgIHVpbnQxNl90IGNtZCA9IDA7CiAgICAg Y2hhciAqa2V5LCAqdmFsOwotICAgIGludCBtc2lfdHJhbnNsYXRlLCBwb3dl cl9tZ210OworICAgIGludCBtc2lfdHJhbnNsYXRlLCBwb3dlcl9tZ210LCBw ZXJtaXNzaXZlID0gMDsKIAogICAgIFBUX0xPRygiQXNzaWduaW5nIHJlYWwg cGh5c2ljYWwgZGV2aWNlICUwMng6JTAyeC4leCAuLi5cbiIsCiAgICAgICAg IHJfYnVzLCByX2Rldiwgcl9mdW5jKTsKQEAgLTQzNjYsNiArNDM5Niw4IEBA IHN0YXRpYyBzdHJ1Y3QgcHRfZGV2ICogcmVnaXN0ZXJfcmVhbF9kZXYKICAg ICAgICAgICAgIGVsc2UKICAgICAgICAgICAgICAgICBQVF9MT0coIkVycm9y OiB1bnJlY29nbml6ZWQgdmFsdWUgZm9yIG1zaXRyYW5zbGF0ZT1cbiIpOwog ICAgICAgICB9CisgICAgICAgIGVsc2UgaWYgKHN0cmNtcChrZXksICJwZXJt aXNzaXZlIikgPT0gMCkKKyAgICAgICAgICAgIHBlcm1pc3NpdmUgPSAxOwog ICAgICAgICBlbHNlIGlmIChzdHJjbXAoa2V5LCAicG93ZXJfbWdtdCIpID09 IDApCiAgICAgICAgIHsKICAgICAgICAgICAgIGlmIChzdHJjbXAodmFsLCAi MCIpID09IDApCkBAIC00NDAzLDYgKzQ0MzUsNyBAQCBzdGF0aWMgc3RydWN0 IHB0X2RldiAqIHJlZ2lzdGVyX3JlYWxfZGV2CiAgICAgYXNzaWduZWRfZGV2 aWNlLT5tc2lfdHJhbnNfY2FwID0gbXNpX3RyYW5zbGF0ZTsKICAgICBhc3Np Z25lZF9kZXZpY2UtPnBvd2VyX21nbXQgPSBwb3dlcl9tZ210OwogICAgIGFz c2lnbmVkX2RldmljZS0+aXNfdmlydGZuID0gcHRfZGV2X2lzX3ZpcnRmbihw Y2lfZGV2KTsKKyAgICBhc3NpZ25lZF9kZXZpY2UtPnBlcm1pc3NpdmUgPSBw ZXJtaXNzaXZlOwogICAgIHB0X2lvbXVsX2luaXQoYXNzaWduZWRfZGV2aWNl LCByX2J1cywgcl9kZXYsIHJfZnVuYyk7CiAKICAgICAvKiBJbml0aWFsaXpl IHZpcnR1YWxpemVkIFBDSSBjb25maWd1cmF0aW9uIChFeHRlbmRlZCAyNTYg Qnl0ZXMpICovCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5oCisrKyBiL2h3L3Bh c3MtdGhyb3VnaC5oCkBAIC0yNDIsNiArMjQyLDggQEAgc3RydWN0IHB0X2Rl diB7CiAgICAgdW5zaWduZWQgcG93ZXJfbWdtdDoxOwogICAgIHN0cnVjdCBw dF9wbV9pbmZvICpwbV9zdGF0ZTsgICAgICAgICAgICAgICAgLyogUE0gdmly dHVhbGl6YXRpb24gKi8KICAgICB1bnNpZ25lZCBpc192aXJ0Zm46MTsKKyAg ICB1bnNpZ25lZCBwZXJtaXNzaXZlOjE7CisgICAgdW5zaWduZWQgcGVybWlz c2l2ZV93YXJuZWQ6MTsKIAogICAgIC8qIGlvIHBvcnQgbXVsdGlwbGV4aW5n ICovCiAjZGVmaW5lIFBDSV9JT01VTF9JTlZBTElEX0ZEICAgICgtMSkK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-1.patch" Content-Disposition: attachment; filename="xsa131-qemuu-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25m aWdfaW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpA QCAtMTA1OSw3ICsxMDU5LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnY3Ry bF9yZWdfd3JpdGUoWGVuUAogICAgIFhlblBUTVNJICptc2kgPSBzLT5tc2k7 CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7CiAgICAgdWludDE2 X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgcmF3X3Zh bDsKIAogICAgIC8qIEN1cnJlbnRseSBubyBzdXBwb3J0IGZvciBtdWx0aS12 ZWN0b3IgKi8KICAgICBpZiAoKnZhbCAmIFBDSV9NU0lfRkxBR1NfUVNJWkUp IHsKQEAgLTEwNzIsMTIgKzEwNzEsMTEgQEAgc3RhdGljIGludCB4ZW5fcHRf bXNnY3RybF9yZWdfd3JpdGUoWGVuUAogICAgIG1zaS0+ZmxhZ3MgfD0gY2Zn X2VudHJ5LT5kYXRhICYgflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogCiAgICAg LyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVn aXN0ZXIgKi8KLSAgICByYXdfdmFsID0gKnZhbDsKICAgICB0aHJvdWdoYWJs ZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2 YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJv dWdoYWJsZV9tYXNrKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KLSAgICBp ZiAocmF3X3ZhbCAmIFBDSV9NU0lfRkxBR1NfRU5BQkxFKSB7CisgICAgaWYg KCp2YWwgJiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSkgewogICAgICAgICAvKiBz ZXR1cCBNU0kgcGlycSBmb3IgdGhlIGZpcnN0IHRpbWUgKi8KICAgICAgICAg aWYgKCFtc2ktPmluaXRpYWxpemVkKSB7CiAgICAgICAgICAgICAvKiBJbml0 IHBoeXNpY2FsIG9uZSAqLwpAQCAtMTEwNSwxMCArMTEwMyw2IEBAIHN0YXRp YyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVnX3dyaXRlKFhlblAKICAgICAgICAg eGVuX3B0X21zaV9kaXNhYmxlKHMpOwogICAgIH0KIAotICAgIC8qIHBhc3Mg dGhyb3VnaCBNU0lfRU5BQkxFIGJpdCAqLwotICAgICp2YWwgJj0gflBDSV9N U0lfRkxBR1NfRU5BQkxFOwotICAgICp2YWwgfD0gcmF3X3ZhbCAmIFBDSV9N U0lfRkxBR1NfRU5BQkxFOwotCiAgICAgcmV0dXJuIDA7CiB9CiAKQEAgLTEz MTEsNyArMTMwNSw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2Vt dV9yZWdfbXNpW10KICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAg ICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAg PSAweEZGOEUsCi0gICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdGLAorICAg ICAgICAuZW11X21hc2sgICA9IDB4MDE3RSwKICAgICAgICAgLmluaXQgICAg ICAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfaW5pdCwKICAgICAgICAgLnUudy5y ZWFkICAgPSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53 cml0ZSAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-2.patch" Content-Disposition: attachment; filename="xsa131-qemuu-2.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb25zb2xpZGF0ZSBQTSBjYXBhYmlsaXR5IGVtdV9tYXNrCgpU aGVyZSdzIG5vIHBvaW50IGluIHhlbl9wdF9wbWNzcl9yZWdfe3JlYWQsd3Jp dGV9KCkgZWFjaCBPUmluZwpQQ0lfUE1fQ1RSTF9TVEFURV9NQVNLIGFuZCBQ Q0lfUE1fQ1RSTF9OT19TT0ZUX1JFU0VUIGludG8gYSBsb2NhbAplbXVfbWFz ayB2YXJpYWJsZSAtIHdlIGNhbiBoYXZlIHRoZSBzYW1lIGVmZmVjdCBieSBz ZXR0aW5nIHRoZSBmaWVsZApkZXNjcmlwdG9yJ3MgZW11X21hc2sgbWVtYmVy IHN1aXRhYmx5IHJpZ2h0IGF3YXkuIE5vdGUgdGhhdAp4ZW5fcHRfcG1jc3Jf cmVnX3dyaXRlKCkgaXMgYmVpbmcgcmV0YWluZWQgaW4gb3JkZXIgdG8gYWxs b3cgbGF0ZXIKcGF0Y2hlcyB0byBiZSBsZXNzIGludHJ1c2l2ZS4KClRoaXMg aXMgYSBwcmVwYXJhdG9yeSBwYXRjaCBmb3IgWFNBLTEzMS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQt Ynk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFiZWxsaW5pQGV1 LmNpdHJpeC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1w YmVsbEBjaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25maWdf aW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpAQCAt OTM1LDM4ICs5MzUsMjEgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRf ZW11X3JlZ19wY2llWwogICogUG93ZXIgTWFuYWdlbWVudCBDYXBhYmlsaXR5 CiAgKi8KIAotLyogcmVhZCBQb3dlciBNYW5hZ2VtZW50IENvbnRyb2wvU3Rh dHVzIHJlZ2lzdGVyICovCi1zdGF0aWMgaW50IHhlbl9wdF9wbWNzcl9yZWdf cmVhZChYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLCBYZW5QVFJlZyAqY2Zn X2VudHJ5LAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWlu dDE2X3QgKnZhbHVlLCB1aW50MTZfdCB2YWxpZF9tYXNrKQotewotICAgIFhl blBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7Ci0gICAgdWludDE2 X3QgdmFsaWRfZW11X21hc2sgPSByZWctPmVtdV9tYXNrOwotCi0gICAgdmFs aWRfZW11X21hc2sgfD0gUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8IFBDSV9Q TV9DVFJMX05PX1NPRlRfUkVTRVQ7Ci0KLSAgICB2YWxpZF9lbXVfbWFzayA9 IHZhbGlkX2VtdV9tYXNrICYgdmFsaWRfbWFzazsKLSAgICAqdmFsdWUgPSBY RU5fUFRfTUVSR0VfVkFMVUUoKnZhbHVlLCBjZmdfZW50cnktPmRhdGEsIH52 YWxpZF9lbXVfbWFzayk7Ci0KLSAgICByZXR1cm4gMDsKLX0KIC8qIHdyaXRl IFBvd2VyIE1hbmFnZW1lbnQgQ29udHJvbC9TdGF0dXMgcmVnaXN0ZXIgKi8K IHN0YXRpYyBpbnQgeGVuX3B0X3BtY3NyX3JlZ193cml0ZShYZW5QQ0lQYXNz dGhyb3VnaFN0YXRlICpzLAogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIFhlblBUUmVnICpjZmdfZW50cnksIHVpbnQxNl90ICp2YWwsCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWludDE2X3QgZGV2 X3ZhbHVlLCB1aW50MTZfdCB2YWxpZF9tYXNrKQogewogICAgIFhlblBUUmVn SW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7Ci0gICAgdWludDE2X3QgZW11 X21hc2sgPSByZWctPmVtdV9tYXNrOwogICAgIHVpbnQxNl90IHdyaXRhYmxl X21hc2sgPSAwOwogICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAw OwogCi0gICAgZW11X21hc2sgfD0gUENJX1BNX0NUUkxfU1RBVEVfTUFTSyB8 IFBDSV9QTV9DVFJMX05PX1NPRlRfUkVTRVQ7Ci0KICAgICAvKiBtb2RpZnkg ZW11bGF0ZSByZWdpc3RlciAqLwotICAgIHdyaXRhYmxlX21hc2sgPSBlbXVf bWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOworICAgIHdyaXRh YmxlX21hc2sgPSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZh bGlkX21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BUX01FUkdF X1ZBTFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7 CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRl dmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+ZW11 X21hc2sgJiB2YWxpZF9tYXNrOworICAgIHRocm91Z2hhYmxlX21hc2sgPSB+ cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhFTl9Q VF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21h c2spOwogCiAgICAgcmV0dXJuIDA7CkBAIC0xMDAyLDkgKzk4NSw5IEBAIHN0 YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdfcG1bXSAKICAgICAg ICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwgICA9IDB4 MDAwOCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweEUxRkMsCi0gICAgICAg IC5lbXVfbWFzayAgID0gMHg4MTAwLAorICAgICAgICAuZW11X21hc2sgICA9 IDB4ODEwQiwKICAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRfY29tbW9u X3JlZ19pbml0LAotICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF9wbWNz cl9yZWdfcmVhZCwKKyAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRfd29y ZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAgPSB4ZW5fcHRfcG1j c3JfcmVnX3dyaXRlLAogICAgIH0sCiAgICAgewo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-3.patch" Content-Disposition: attachment; filename="xsa131-qemuu-3.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb3JyZWN0bHkgaGFuZGxlIFBNIHN0YXR1cyBiaXQKCnhlbl9w dF9wbWNzcl9yZWdfd3JpdGUoKSBuZWVkcyBhbiBhZGp1c3RtZW50IHRvIGRl YWwgd2l0aCB0aGUgUlcxQwpuYXR1cmUgb2YgdGhlIG5vdCBwYXNzZWQgdGhy b3VnaCBiaXQgMTUgKFBDSV9QTV9DVFJMX1BNRV9TVEFUVVMpLgoKVGhpcyBp cyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0EtMTMxLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbi94ZW5fcHRfY29uZmlnX2lu aXQuYworKysgYi9ody94ZW4veGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTk1 MCw3ICs5NTAsOCBAQCBzdGF0aWMgaW50IHhlbl9wdF9wbWNzcl9yZWdfd3Jp dGUoWGVuUENJCiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcg dG8gSS9PIGRldmljZSByZWdpc3RlciAqLwogICAgIHRocm91Z2hhYmxlX21h c2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbCA9 IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hh YmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZh bCwgZGV2X3ZhbHVlICYgflBDSV9QTV9DVFJMX1BNRV9TVEFUVVMsCisgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB0aHJvdWdoYWJsZV9tYXNrKTsK IAogICAgIHJldHVybiAwOwogfQo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-1.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19p bml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTEwNTUs NyArMTA1NSw2IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVnX3dy aXRlKFhlblAKICAgICBYZW5QVE1TSSAqbXNpID0gcy0+bXNpOwogICAgIHVp bnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwogICAgIHVpbnQxNl90IHRocm91 Z2hhYmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHJhd192YWw7CiAKICAg ICAvKiBDdXJyZW50bHkgbm8gc3VwcG9ydCBmb3IgbXVsdGktdmVjdG9yICov CiAgICAgaWYgKCp2YWwgJiBQQ0lfTVNJX0ZMQUdTX1FTSVpFKSB7CkBAIC0x MDY4LDEyICsxMDY3LDExIEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2N0cmxf cmVnX3dyaXRlKFhlblAKICAgICBtc2ktPmZsYWdzIHw9IGNmZ19lbnRyeS0+ ZGF0YSAmIH5QQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKIAogICAgIC8qIGNyZWF0 ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICov Ci0gICAgcmF3X3ZhbCA9ICp2YWw7CiAgICAgdGhyb3VnaGFibGVfbWFzayA9 IH5yZWctPmVtdV9tYXNrICYgdmFsaWRfbWFzazsKICAgICAqdmFsID0gWEVO X1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFibGVf bWFzayk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCi0gICAgaWYgKHJhd192 YWwgJiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSkgeworICAgIGlmICgqdmFsICYg UENJX01TSV9GTEFHU19FTkFCTEUpIHsKICAgICAgICAgLyogc2V0dXAgTVNJ IHBpcnEgZm9yIHRoZSBmaXJzdCB0aW1lICovCiAgICAgICAgIGlmICghbXNp LT5pbml0aWFsaXplZCkgewogICAgICAgICAgICAgLyogSW5pdCBwaHlzaWNh bCBvbmUgKi8KQEAgLTExMDEsMTAgKzEwOTksNiBAQCBzdGF0aWMgaW50IHhl bl9wdF9tc2djdHJsX3JlZ193cml0ZShYZW5QCiAgICAgICAgIG1zaS0+Zmxh Z3MgJj0gflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogICAgIH0KIAotICAgIC8q IHBhc3MgdGhyb3VnaCBNU0lfRU5BQkxFIGJpdCAqLwotICAgICp2YWwgJj0g flBDSV9NU0lfRkxBR1NfRU5BQkxFOwotICAgICp2YWwgfD0gcmF3X3ZhbCAm IFBDSV9NU0lfRkxBR1NfRU5BQkxFOwotCiAgICAgcmV0dXJuIDA7CiB9CiAK QEAgLTEzMDMsNyArMTI5Nyw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVu X3B0X2VtdV9yZWdfbXNpW10KICAgICAgICAgLnNpemUgICAgICAgPSAyLAog ICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21h c2sgICAgPSAweEZGOEUsCi0gICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdG LAorICAgICAgICAuZW11X21hc2sgICA9IDB4MDE3RSwKICAgICAgICAgLmlu aXQgICAgICAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfaW5pdCwKICAgICAgICAg LnUudy5yZWFkICAgPSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAg LnUudy53cml0ZSAgPSB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-2.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-2.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb25zb2xpZGF0ZSBQTSBjYXBhYmlsaXR5IGVtdV9tYXNrCgpU aGVyZSdzIG5vIHBvaW50IGluIHhlbl9wdF9wbWNzcl9yZWdfe3JlYWQsd3Jp dGV9KCkgZWFjaCBPUmluZwpQQ0lfUE1fQ1RSTF9TVEFURV9NQVNLIGFuZCBQ Q0lfUE1fQ1RSTF9OT19TT0ZUX1JFU0VUIGludG8gYSBsb2NhbAplbXVfbWFz ayB2YXJpYWJsZSAtIHdlIGNhbiBoYXZlIHRoZSBzYW1lIGVmZmVjdCBieSBz ZXR0aW5nIHRoZSBmaWVsZApkZXNjcmlwdG9yJ3MgZW11X21hc2sgbWVtYmVy IHN1aXRhYmx5IHJpZ2h0IGF3YXkuIE5vdGUgdGhhdAp4ZW5fcHRfcG1jc3Jf cmVnX3dyaXRlKCkgaXMgYmVpbmcgcmV0YWluZWQgaW4gb3JkZXIgdG8gYWxs b3cgbGF0ZXIKcGF0Y2hlcyB0byBiZSBsZXNzIGludHJ1c2l2ZS4KClRoaXMg aXMgYSBwcmVwYXJhdG9yeSBwYXRjaCBmb3IgWFNBLTEzMS4KClNpZ25lZC1v ZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQt Ynk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFiZWxsaW5pQGV1 LmNpdHJpeC5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1w YmVsbEBjaXRyaXguY29tPgoKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19pbml0 LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTkzNSwzOCAr OTM1LDIxIEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdf cGNpZVsKICAqIFBvd2VyIE1hbmFnZW1lbnQgQ2FwYWJpbGl0eQogICovCiAK LS8qIHJlYWQgUG93ZXIgTWFuYWdlbWVudCBDb250cm9sL1N0YXR1cyByZWdp c3RlciAqLwotc3RhdGljIGludCB4ZW5fcHRfcG1jc3JfcmVnX3JlYWQoWGVu UENJUGFzc3Rocm91Z2hTdGF0ZSAqcywgWGVuUFRSZWcgKmNmZ19lbnRyeSwK LSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVpbnQxNl90ICp2 YWx1ZSwgdWludDE2X3QgdmFsaWRfbWFzaykKLXsKLSAgICBYZW5QVFJlZ0lu Zm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwotICAgIHVpbnQxNl90IHZhbGlk X2VtdV9tYXNrID0gcmVnLT5lbXVfbWFzazsKLQotICAgIHZhbGlkX2VtdV9t YXNrIHw9IFBDSV9QTV9DVFJMX1NUQVRFX01BU0sgfCBQQ0lfUE1fQ1RSTF9O T19TT0ZUX1JFU0VUOwotCi0gICAgdmFsaWRfZW11X21hc2sgPSB2YWxpZF9l bXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbHVlID0gWEVOX1BUX01F UkdFX1ZBTFVFKCp2YWx1ZSwgY2ZnX2VudHJ5LT5kYXRhLCB+dmFsaWRfZW11 X21hc2spOwotCi0gICAgcmV0dXJuIDA7Ci19CiAvKiB3cml0ZSBQb3dlciBN YW5hZ2VtZW50IENvbnRyb2wvU3RhdHVzIHJlZ2lzdGVyICovCiBzdGF0aWMg aW50IHhlbl9wdF9wbWNzcl9yZWdfd3JpdGUoWGVuUENJUGFzc3Rocm91Z2hT dGF0ZSAqcywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBY ZW5QVFJlZyAqY2ZnX2VudHJ5LCB1aW50MTZfdCAqdmFsLAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHVpbnQxNl90IGRldl92YWx1ZSwg dWludDE2X3QgdmFsaWRfbWFzaykKIHsKICAgICBYZW5QVFJlZ0luZm8gKnJl ZyA9IGNmZ19lbnRyeS0+cmVnOwotICAgIHVpbnQxNl90IGVtdV9tYXNrID0g cmVnLT5lbXVfbWFzazsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNrID0g MDsKICAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKIAotICAg IGVtdV9tYXNrIHw9IFBDSV9QTV9DVFJMX1NUQVRFX01BU0sgfCBQQ0lfUE1f Q1RSTF9OT19TT0ZUX1JFU0VUOwotCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUg cmVnaXN0ZXIgKi8KLSAgICB3cml0YWJsZV9tYXNrID0gZW11X21hc2sgJiB+ cmVnLT5yb19tYXNrICYgdmFsaWRfbWFzazsKKyAgICB3cml0YWJsZV9tYXNr ID0gcmVnLT5lbXVfbWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNr OwogICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJHRV9WQUxVRSgq dmFsLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwogCiAgICAg LyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVn aXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfmVtdV9tYXNrICYg dmFsaWRfbWFzazsKKyAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11 X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0Vf VkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAog ICAgIHJldHVybiAwOwpAQCAtMTAwMiw5ICs5ODUsOSBAQCBzdGF0aWMgWGVu UFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX3BtW10gCiAgICAgICAgIC5zaXpl ICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDgsCiAg ICAgICAgIC5yb19tYXNrICAgID0gMHhFMUZDLAotICAgICAgICAuZW11X21h c2sgICA9IDB4ODEwMCwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweDgxMEIs CiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X2NvbW1vbl9yZWdfaW5p dCwKLSAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRfcG1jc3JfcmVnX3Jl YWQsCisgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3Jl YWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X3BtY3NyX3JlZ193 cml0ZSwKICAgICB9LAogICAgIHsK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-3.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-3.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBjb3JyZWN0bHkgaGFuZGxlIFBNIHN0YXR1cyBiaXQKCnhlbl9w dF9wbWNzcl9yZWdfd3JpdGUoKSBuZWVkcyBhbiBhZGp1c3RtZW50IHRvIGRl YWwgd2l0aCB0aGUgUlcxQwpuYXR1cmUgb2YgdGhlIG5vdCBwYXNzZWQgdGhy b3VnaCBiaXQgMTUgKFBDSV9QTV9DVFJMX1BNRV9TVEFUVVMpLgoKVGhpcyBp cyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0EtMTMxLgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbl9wdF9jb25maWdfaW5pdC5j CisrKyBiL2h3L3hlbl9wdF9jb25maWdfaW5pdC5jCkBAIC05NTAsNyArOTUw LDggQEAgc3RhdGljIGludCB4ZW5fcHRfcG1jc3JfcmVnX3dyaXRlKFhlblBD SQogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBk ZXZpY2UgcmVnaXN0ZXIgKi8KICAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJl Zy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwgPSBYRU5fUFRf TUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNr KTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92 YWx1ZSAmIH5QQ0lfUE1fQ1RSTF9QTUVfU1RBVFVTLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICBy ZXR1cm4gMDsKIH0K --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-4.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-4.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBzcGxpdCBvdXQgY2FsY3VsYXRpb24gb2YgdGhyb3VnaGFibGUg bWFzayBpbiBQQ0kgY29uZmlnIHNwYWNlIGhhbmRsaW5nCgpUaGlzIGlzIGp1 c3QgdG8gYXZvaWQgaGF2aW5nIHRvIGFkanVzdCB0aGF0IGNhbGN1bGF0aW9u IGxhdGVyIGluCm11bHRpcGxlIHBsYWNlcy4KCk5vdGUgdGhhdCBpbmNsdWRp bmcgLT5yb19tYXNrIGluIGdldF90aHJvdWdoYWJsZV9tYXNrKCkncyBjYWxj dWxhdGlvbgppcyBvbmx5IGFuIGFwcGFyZW50IChpLmUuIGJlbmlnbikgYmVo YXZpb3JhbCBjaGFuZ2U6IEZvciByL28gZmllbGRzIGl0CmRvZXNuJ3QgbWF0 dGVyID4gd2hldGhlciB0aGV5IGdldCBwYXNzZWQgdGhyb3VnaCAtIGVpdGhl ciB0aGUgc2FtZSBmbGFnCmlzIGFsc28gc2V0IGluIGVtdV9tYXNrICh0aGVu IHRoZXJlJ3Mgbm8gY2hhbmdlIGF0IGFsbCkgb3IgdGhlIGZpZWxkIGlzCnIv byBpbiBoYXJkd2FyZSAoYW5kIGhlbmNlIGEgd3JpdGUgd29uJ3QgY2hhbmdl IGl0IGFueXdheSkuCgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9y IFhTQS0xMzEuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0 ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpSZXZpZXdlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cgot LS0gYS9ody94ZW5fcHRfY29uZmlnX2luaXQuYworKysgYi9ody94ZW5fcHRf Y29uZmlnX2luaXQuYwpAQCAtOTUsNiArOTUsMTQgQEAgWGVuUFRSZWcgKnhl bl9wdF9maW5kX3JlZyhYZW5QVFJlZ0dyb3VwIAogICAgIHJldHVybiBOVUxM OwogfQogCitzdGF0aWMgdWludDMyX3QgZ2V0X3Rocm91Z2hhYmxlX21hc2so Y29uc3QgWGVuUENJUGFzc3Rocm91Z2hTdGF0ZSAqcywKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBYZW5QVFJlZ0luZm8g KnJlZywKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1 aW50MzJfdCB2YWxpZF9tYXNrKQoreworICAgIHVpbnQzMl90IHRocm91Z2hh YmxlX21hc2sgPSB+KHJlZy0+ZW11X21hc2sgfCByZWctPnJvX21hc2spOwor CisgICAgcmV0dXJuIHRocm91Z2hhYmxlX21hc2sgJiB2YWxpZF9tYXNrOwor fQogCiAvKioqKioqKioqKioqKioqKgogICogZ2VuZXJhbCByZWdpc3RlciBm dW5jdGlvbnMKQEAgLTE1NywxNCArMTY1LDEzIEBAIHN0YXRpYyBpbnQgeGVu X3B0X2J5dGVfcmVnX3dyaXRlKFhlblBDSVAKIHsKICAgICBYZW5QVFJlZ0lu Zm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQ4X3Qgd3JpdGFi bGVfbWFzayA9IDA7Ci0gICAgdWludDhfdCB0aHJvdWdoYWJsZV9tYXNrID0g MDsKKyAgICB1aW50OF90IHRocm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3Vn aGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2spOwogCiAgICAgLyogbW9k aWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0g cmVnLT5lbXVfbWFzayAmIH5yZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOwog ICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFs LCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwogCiAgICAgLyog Y3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0 ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sg JiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIHJl dHVybiAwOwpAQCAtMTc1LDE0ICsxODIsMTMgQEAgc3RhdGljIGludCB4ZW5f cHRfd29yZF9yZWdfd3JpdGUoWGVuUENJUAogewogICAgIFhlblBUUmVnSW5m byAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDE2X3Qgd3JpdGFi bGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFzayA9 IDA7CisgICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJv dWdoYWJsZV9tYXNrKHMsIHJlZywgdmFsaWRfbWFzayk7CiAKICAgICAvKiBt b2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwogICAgIHdyaXRhYmxlX21hc2sg PSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7 CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2 YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAv KiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdp c3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFz ayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxV RSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwogCiAgICAg cmV0dXJuIDA7CkBAIC0xOTMsMTQgKzE5OSwxMyBAQCBzdGF0aWMgaW50IHhl bl9wdF9sb25nX3JlZ193cml0ZShYZW5QQ0lQCiB7CiAgICAgWGVuUFRSZWdJ bmZvICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MzJfdCB3cml0 YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNr ID0gMDsKKyAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Ro cm91Z2hhYmxlX21hc2socywgcmVnLCB2YWxpZF9tYXNrKTsKIAogICAgIC8q IG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAgICAgd3JpdGFibGVfbWFz ayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19tYXNrICYgdmFsaWRfbWFz azsKICAgICBjZmdfZW50cnktPmRhdGEgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgY2ZnX2VudHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAg IC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJl Z2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9t YXNrICYgdmFsaWRfbWFzazsKICAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZB TFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAg ICByZXR1cm4gMDsKQEAgLTI5MiwxNSArMjk3LDEzIEBAIHN0YXRpYyBpbnQg eGVuX3B0X2NtZF9yZWdfd3JpdGUoWGVuUENJUGEKIHsKICAgICBYZW5QVFJl Z0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQxNl90IHdy aXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21h c2sgPSAwOworICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSBnZXRf dGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2spOwogCiAgICAg LyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8KICAgICB3cml0YWJsZV9t YXNrID0gfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7CiAgICAgY2ZnX2Vu dHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRy eS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFs dWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAg IHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21h c2s7Ci0KICAgICBpZiAoKnZhbCAmIFBDSV9DT01NQU5EX0lOVFhfRElTQUJM RSkgewogICAgICAgICB0aHJvdWdoYWJsZV9tYXNrIHw9IFBDSV9DT01NQU5E X0lOVFhfRElTQUJMRTsKICAgICB9IGVsc2UgewpAQCAtNDU2LDcgKzQ1OSw2 IEBAIHN0YXRpYyBpbnQgeGVuX3B0X2Jhcl9yZWdfd3JpdGUoWGVuUENJUGEK ICAgICBQQ0lEZXZpY2UgKmQgPSAmcy0+ZGV2OwogICAgIGNvbnN0IFBDSUlP UmVnaW9uICpyOwogICAgIHVpbnQzMl90IHdyaXRhYmxlX21hc2sgPSAwOwot ICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21hc2sgPSAwOwogICAgIHVpbnQz Ml90IGJhcl9lbXVfbWFzayA9IDA7CiAgICAgdWludDMyX3QgYmFyX3JvX21h c2sgPSAwOwogICAgIHVpbnQzMl90IHJfc2l6ZSA9IDA7CkBAIC01MTMsOCAr NTE1LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfYmFyX3JlZ193cml0ZShYZW5Q Q0lQYQogICAgIH0KIAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGlu ZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVf bWFzayA9IH5iYXJfZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwg PSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdo YWJsZV9tYXNrKTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2 YWwsIGRldl92YWx1ZSwgMCk7CiAKICAgICByZXR1cm4gMDsKIH0KQEAgLTUy OCw5ICs1MjksOCBAQCBzdGF0aWMgaW50IHhlbl9wdF9leHBfcm9tX2Jhcl9y ZWdfd3JpdGUoCiAgICAgWGVuUFRSZWdpb24gKmJhc2UgPSBOVUxMOwogICAg IFBDSURldmljZSAqZCA9IChQQ0lEZXZpY2UgKikmcy0+ZGV2OwogICAgIHVp bnQzMl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91 Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21h c2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2sp OwogICAgIHBjaWJ1c190IHJfc2l6ZSA9IDA7Ci0gICAgdWludDMyX3QgYmFy X2VtdV9tYXNrID0gMDsKICAgICB1aW50MzJfdCBiYXJfcm9fbWFzayA9IDA7 CiAKICAgICByX3NpemUgPSBkLT5pb19yZWdpb25zW1BDSV9ST01fU0xPVF0u c2l6ZTsKQEAgLTUzOSw3ICs1MzksNiBAQCBzdGF0aWMgaW50IHhlbl9wdF9l eHBfcm9tX2Jhcl9yZWdfd3JpdGUoCiAgICAgcl9zaXplID0geGVuX3B0X2dl dF9lbXVsX3NpemUoYmFzZS0+YmFyX2ZsYWcsIHJfc2l6ZSk7CiAKICAgICAv KiBzZXQgZW11bGF0ZSBtYXNrIGFuZCByZWFkLW9ubHkgbWFzayAqLwotICAg IGJhcl9lbXVfbWFzayA9IHJlZy0+ZW11X21hc2s7CiAgICAgYmFyX3JvX21h c2sgPSAocmVnLT5yb19tYXNrIHwgKHJfc2l6ZSAtIDEpKSAmIH5QQ0lfUk9N X0FERFJFU1NfRU5BQkxFOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVn aXN0ZXIgKi8KQEAgLTU0Nyw3ICs1NDYsNiBAQCBzdGF0aWMgaW50IHhlbl9w dF9leHBfcm9tX2Jhcl9yZWdfd3JpdGUoCiAgICAgY2ZnX2VudHJ5LT5kYXRh ID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwg d3JpdGFibGVfbWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdy aXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hh YmxlX21hc2sgPSB+YmFyX2VtdV9tYXNrICYgdmFsaWRfbWFzazsKICAgICAq dmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhy b3VnaGFibGVfbWFzayk7CiAKICAgICByZXR1cm4gMDsKQEAgLTk0MiwxNCAr OTQwLDEzIEBAIHN0YXRpYyBpbnQgeGVuX3B0X3BtY3NyX3JlZ193cml0ZShY ZW5QQ0kKIHsKICAgICBYZW5QVFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+ cmVnOwogICAgIHVpbnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVp bnQxNl90IHRocm91Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90IHRo cm91Z2hhYmxlX21hc2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcs IHZhbGlkX21hc2spOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0 ZXIgKi8KICAgICB3cml0YWJsZV9tYXNrID0gcmVnLT5lbXVfbWFzayAmIH5y ZWctPnJvX21hc2sgJiB2YWxpZF9tYXNrOwogICAgIGNmZ19lbnRyeS0+ZGF0 YSA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBjZmdfZW50cnktPmRhdGEs IHdyaXRhYmxlX21hc2spOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3 cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdo YWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAg ICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlICYg flBDSV9QTV9DVFJMX1BNRV9TVEFUVVMsCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB0aHJvdWdoYWJsZV9tYXNrKTsKIApAQCAtMTAzOCw3ICsx MDM1LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUo WGVuUAogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7 CiAgICAgWGVuUFRNU0kgKm1zaSA9IHMtPm1zaTsKICAgICB1aW50MTZfdCB3 cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9t YXNrID0gMDsKKyAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0 X3Rocm91Z2hhYmxlX21hc2socywgcmVnLCB2YWxpZF9tYXNrKTsKIAogICAg IC8qIEN1cnJlbnRseSBubyBzdXBwb3J0IGZvciBtdWx0aS12ZWN0b3IgKi8K ICAgICBpZiAoKnZhbCAmIFBDSV9NU0lfRkxBR1NfUVNJWkUpIHsKQEAgLTEw NTEsNyArMTA0OCw2IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVn X3dyaXRlKFhlblAKICAgICBtc2ktPmZsYWdzIHw9IGNmZ19lbnRyeS0+ZGF0 YSAmIH5QQ0lfTVNJX0ZMQUdTX0VOQUJMRTsKIAogICAgIC8qIGNyZWF0ZSB2 YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0g ICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRf bWFzazsKICAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRl dl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7CiAKICAgICAvKiB1cGRhdGUg TVNJICovCkBAIC0xMTYzLDcgKzExNTksNiBAQCBzdGF0aWMgaW50IHhlbl9w dF9tc2dhZGRyMzJfcmVnX3dyaXRlKFhlCiB7CiAgICAgWGVuUFRSZWdJbmZv ICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MzJfdCB3cml0YWJs ZV9tYXNrID0gMDsKLSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0g MDsKICAgICB1aW50MzJfdCBvbGRfYWRkciA9IGNmZ19lbnRyeS0+ZGF0YTsK IAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCkBAIC0xMTcy LDggKzExNjcsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dhZGRyMzJfcmVn X3dyaXRlKFhlCiAgICAgcy0+bXNpLT5hZGRyX2xvID0gY2ZnX2VudHJ5LT5k YXRhOwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkv TyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0g fnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwgPSBYRU5f UFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9t YXNrKTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRl dl92YWx1ZSwgMCk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCiAgICAgaWYg KGNmZ19lbnRyeS0+ZGF0YSAhPSBvbGRfYWRkcikgewpAQCAtMTE5MSw3ICsx MTg1LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnYWRkcjY0X3JlZ193cml0 ZShYZQogewogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5y ZWc7CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWlu dDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CiAgICAgdWludDMyX3Qgb2xk X2FkZHIgPSBjZmdfZW50cnktPmRhdGE7CiAKICAgICAvKiBjaGVjayB3aGV0 aGVyIHRoZSB0eXBlIGlzIDY0IGJpdCBvciBub3QgKi8KQEAgLTEyMDgsOCAr MTIwMSw3IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2FkZHI2NF9yZWdfd3Jp dGUoWGUKICAgICBzLT5tc2ktPmFkZHJfaGkgPSBjZmdfZW50cnktPmRhdGE7 CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRl dmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVn LT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbCA9IFhFTl9QVF9N RVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2sp OworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3Zh bHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KICAgICBpZiAoY2Zn X2VudHJ5LT5kYXRhICE9IG9sZF9hZGRyKSB7CkBAIC0xMjMxLDcgKzEyMjMs NiBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dkYXRhX3JlZ193cml0ZShYZW5Q CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAg ICBYZW5QVE1TSSAqbXNpID0gcy0+bXNpOwogICAgIHVpbnQxNl90IHdyaXRh YmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21hc2sg PSAwOwogICAgIHVpbnQxNl90IG9sZF9kYXRhID0gY2ZnX2VudHJ5LT5kYXRh OwogICAgIHVpbnQzMl90IG9mZnNldCA9IHJlZy0+b2Zmc2V0OwogCkBAIC0x MjQ5LDggKzEyNDAsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dkYXRhX3Jl Z193cml0ZShYZW5QCiAgICAgbXNpLT5kYXRhID0gY2ZnX2VudHJ5LT5kYXRh OwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBk ZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJl Zy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwotICAgICp2YWwgPSBYRU5fUFRf TUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNr KTsKKyAgICAqdmFsID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92 YWx1ZSwgMCk7CiAKICAgICAvKiB1cGRhdGUgTVNJICovCiAgICAgaWYgKGNm Z19lbnRyeS0+ZGF0YSAhPSBvbGRfZGF0YSkgewpAQCAtMTQxMiw3ICsxNDAy LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNpeGN0cmxfcmVnX3dyaXRlKFhl bgogewogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7 CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2 X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAgdWludDE2X3QgdGhyb3Vn aGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFs aWRfbWFzayk7CiAgICAgaW50IGRlYnVnX21zaXhfZW5hYmxlZF9vbGQ7CiAK ICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwpAQCAtMTQyMCw3 ICsxNDEwLDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNpeGN0cmxfcmVnX3dy aXRlKFhlbgogICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJHRV9W QUxVRSgqdmFsLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2spOwog CiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZp Y2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVS R0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsK IAogICAgIC8qIHVwZGF0ZSBNU0ktWCAqLwo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-5.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-5.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIGFsbCBQQ0llIGNhcGFiaWxpdHkgYml0cyByZWFkLW9u bHkKCnhlbl9wdF9lbXVfcmVnX3BjaWVbXSdzIFBDSV9FWFBfREVWQ0FQIG5l ZWRzIHRvIGNvdmVyIGFsbCBiaXRzIGFzIHJlYWQtCm9ubHkgdG8gYXZvaWQg dW5pbnRlbmRlZCB3cml0ZS1iYWNrIChqdXN0IGEgcHJlY2F1dGlvbiwgdGhl IGZpZWxkIG91Z2h0CnRvIGJlIHJlYWQtb25seSBpbiBoYXJkd2FyZSkuCgpU aGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpTaWdu ZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19p bml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTg3Myw3 ICs4NzMsNyBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X3BjaWVbCiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX0VYUF9ERVZDQVAs CiAgICAgICAgIC5zaXplICAgICAgID0gNCwKICAgICAgICAgLmluaXRfdmFs ICAgPSAweDAwMDAwMDAwLAotICAgICAgICAucm9fbWFzayAgICA9IDB4MUZG Q0ZGRkYsCisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZGRiwKICAg ICAgICAgLmVtdV9tYXNrICAgPSAweDEwMDAwMDAwLAogICAgICAgICAuaW5p dCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAgIC51 LmR3LnJlYWQgID0geGVuX3B0X2xvbmdfcmVnX3JlYWQsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-6.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-6.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIHJlc2VydmVkIGJpdHMgaW4gUENJIGNvbmZpZyBzcGFj ZSBmaWVsZHMKClRoZSBhZGp1c3RtZW50cyBhcmUgc29sZWx5IHRvIG1ha2Ug dGhlIHN1YnNlcXVlbnQgcGF0Y2hlcyB3b3JrIHJpZ2h0CihhbmQgaGVuY2Ug bWFrZSB0aGUgcGF0Y2ggc2V0IGNvbnNpc3RlbnQpLCBuYW1lbHkgaWYgcGVy bWlzc2l2ZSBtb2RlCihpbnRyb2R1Y2VkIGJ5IHRoZSBsYXN0IHBhdGNoKSBn ZXRzIHVzZWQgKGFzIGJvdGggcmVzZXJ2ZWQgcmVnaXN0ZXJzCmFuZCByZXNl cnZlZCBmaWVsZHMgbXVzdCBiZSBzaW1pbGFybHkgcHJvdGVjdGVkIGZyb20g Z3Vlc3QgYWNjZXNzIGluCmRlZmF1bHQgbW9kZSwgYnV0IHRoZSBndWVzdCBz aG91bGQgYmUgYWxsb3dlZCBhY2Nlc3MgdG8gdGhlbSBpbgpwZXJtaXNzaXZl IG1vZGUpLgoKVGhpcyBpcyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgoKLS0tIGEvaHcveGVuX3B0LmgKKysrIGIvaHcveGVuX3B0LmgK QEAgLTEwMSw2ICsxMDEsOCBAQCBzdHJ1Y3QgWGVuUFRSZWdJbmZvIHsKICAg ICB1aW50MzJfdCBvZmZzZXQ7CiAgICAgdWludDMyX3Qgc2l6ZTsKICAgICB1 aW50MzJfdCBpbml0X3ZhbDsKKyAgICAvKiByZWcgcmVzZXJ2ZWQgZmllbGQg bWFzayAoT046cmVzZXJ2ZWQsIE9GRjpkZWZpbmVkKSAqLworICAgIHVpbnQz Ml90IHJlc19tYXNrOwogICAgIC8qIHJlZyByZWFkIG9ubHkgZmllbGQgbWFz ayAoT046Uk8vUk9TLCBPRkY6b3RoZXIpICovCiAgICAgdWludDMyX3Qgcm9f bWFzazsKICAgICAvKiByZWcgZW11bGF0ZSBmaWVsZCBtYXNrIChPTjplbXUs IE9GRjpwYXNzdGhyb3VnaCkgKi8KLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19p bml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTU4MCw3 ICs1ODAsNyBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X2hlYWRlCiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX0NPTU1BTkQsCiAg ICAgICAgIC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAg PSAweDAwMDAsCi0gICAgICAgIC5yb19tYXNrICAgID0gMHhGODgwLAorICAg ICAgICAucmVzX21hc2sgICA9IDB4Rjg4MCwKICAgICAgICAgLmVtdV9tYXNr ICAgPSAweDA3NDMsCiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X2Nv bW1vbl9yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRf d29yZF9yZWdfcmVhZCwKQEAgLTYwNSw3ICs2MDUsOCBAQCBzdGF0aWMgWGVu UFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX2hlYWRlCiAgICAgICAgIC5vZmZz ZXQgICAgID0gUENJX1NUQVRVUywKICAgICAgICAgLnNpemUgICAgICAgPSAy LAogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKLSAgICAgICAgLnJv X21hc2sgICAgPSAweDA2RkYsCisgICAgICAgIC5yZXNfbWFzayAgID0gMHgw MDA3LAorICAgICAgICAucm9fbWFzayAgICA9IDB4MDZGOCwKICAgICAgICAg LmVtdV9tYXNrICAgPSAweDAwMTAsCiAgICAgICAgIC5pbml0ICAgICAgID0g eGVuX3B0X3N0YXR1c19yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAg PSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKQEAgLTk4Miw3ICs5ODMsOCBAQCBz dGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX3BtW10gCiAgICAg ICAgIC5vZmZzZXQgICAgID0gUENJX1BNX0NUUkwsCiAgICAgICAgIC5zaXpl ICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDgsCi0g ICAgICAgIC5yb19tYXNrICAgID0gMHhFMUZDLAorICAgICAgICAucmVzX21h c2sgICA9IDB4MDBGMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEUxMEMs CiAgICAgICAgIC5lbXVfbWFzayAgID0gMHg4MTBCLAogICAgICAgICAuaW5p dCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAgIC51 LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCkBAIC0xMjcwLDcg KzEyNzIsOCBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X21zaVtdCiAgICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9GTEFHUywK ICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5pdF92YWwg ICA9IDB4MDAwMCwKLSAgICAgICAgLnJvX21hc2sgICAgPSAweEZGOEUsCisg ICAgICAgIC5yZXNfbWFzayAgID0gMHhGRTAwLAorICAgICAgICAucm9fbWFz ayAgICA9IDB4MDE4RSwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweDAxN0Us CiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21zZ2N0cmxfcmVnX2lu aXQsCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3Jl YWQsCkBAIC0xNDQ2LDcgKzE0NDksOCBAQCBzdGF0aWMgWGVuUFRSZWdJbmZv IHhlbl9wdF9lbXVfcmVnX21zaXhbCiAgICAgICAgIC5vZmZzZXQgICAgID0g UENJX01TSV9GTEFHUywKICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAg ICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKLSAgICAgICAgLnJvX21hc2sg ICAgPSAweDNGRkYsCisgICAgICAgIC5yZXNfbWFzayAgID0gMHgzODAwLAor ICAgICAgICAucm9fbWFzayAgICA9IDB4MDdGRiwKICAgICAgICAgLmVtdV9t YXNrICAgPSAweDAwMDAsCiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0 X21zaXhjdHJsX3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9IHhl bl9wdF93b3JkX3JlZ19yZWFkLAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-7.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-7.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBhZGQgYSBmZXcgUENJIGNvbmZpZyBzcGFjZSBmaWVsZCBkZXNj cmlwdGlvbnMKClNpbmNlIHRoZSBuZXh0IHBhdGNoIHdpbGwgdHVybiBhbGwg bm90IGV4cGxpY2l0bHkgZGVzY3JpYmVkIGZpZWxkcwpyZWFkLW9ubHkgYnkg ZGVmYXVsdCwgdGhvc2UgZmllbGRzIHRoYXQgaGF2ZSBndWVzdCB3cml0YWJs ZSBiaXRzIG5lZWQKdG8gYmUgZ2l2ZW4gZXhwbGljaXQgZGVzY3JpcHRvcnMu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ Ci0tLQpOb3RlczoKLSBibGluZGx5IGFsbG93aW5nIGFsbCBWUEQgcmVhZHMg bWF5IHN0aWxsIGJlIGEgcHJvYmxlbSAob3V0IG9mIGJvdW5kcwogIGFkZHJl c3NlcyBhcmVuJ3QgYWxsb3dlZCwgYnV0IHRoZSBzcGVjIGRvZXNuJ3Qgc2F5 IHdoYXQgdGhlIGVmZmVjdAogIHdvdWxkIGJlKSA9PT4gYWxzbyBhbiBpc3N1 ZSBpbiBwY2liYWNrPwotIFZlbmRvciBTcGVjaWZpYyBjYXAgcmVncyBhcmVu J3QgaW4gdGhlIHRhYmxlICh3aWxsIGJlY29tZSByL28gYnkKICBkZWZhdWx0 IHdpdGggdGhpcyBjaGFuZ2UpCi0gbWFueSBQQ0llIGNhcCByZWdzIGFyZW4n dCBpbiB0aGUgdGFibGUgKHdpbGwgYWdhaW4gYmVjb21lIHIvbykKLSBzYW1l IGZvciBQTSBjYXAgcmVncyBhdCBvZmZzZXRzIDYgYW5kIDcKCi0tLSBhL2h3 L3hlbl9wdF9jb25maWdfaW5pdC5jCisrKyBiL2h3L3hlbl9wdF9jb25maWdf aW5pdC5jCkBAIC03NTYsNiArNzU2LDE1IEBAIHN0YXRpYyBYZW5QVFJlZ0lu Zm8geGVuX3B0X2VtdV9yZWdfdnBkW10KICAgICAgICAgLnUuYi53cml0ZSAg PSB4ZW5fcHRfYnl0ZV9yZWdfd3JpdGUsCiAgICAgfSwKICAgICB7CisgICAg ICAgIC5vZmZzZXQgICAgID0gUENJX1ZQRF9BRERSLAorICAgICAgICAuc2l6 ZSAgICAgICA9IDIsCisgICAgICAgIC5yb19tYXNrICAgID0gMHgwMDAzLAor ICAgICAgICAuZW11X21hc2sgICA9IDB4MDAwMywKKyAgICAgICAgLmluaXQg ICAgICAgPSB4ZW5fcHRfY29tbW9uX3JlZ19pbml0LAorICAgICAgICAudS53 LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFkLAorICAgICAgICAudS53 LndyaXRlICA9IHhlbl9wdF93b3JkX3JlZ193cml0ZSwKKyAgICB9LAorICAg IHsKICAgICAgICAgLnNpemUgPSAwLAogICAgIH0sCiB9OwpAQCAtODkxLDYg KzkwMCwxNiBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVn X3BjaWVbCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVn X3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X3dvcmRfcmVn X3dyaXRlLAogICAgIH0sCisgICAgLyogRGV2aWNlIFN0YXR1cyByZWcgKi8K KyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJX0VYUF9ERVZTVEEs CisgICAgICAgIC5zaXplICAgICAgID0gMiwKKyAgICAgICAgLnJlc19tYXNr ICAgPSAweEZGQzAsCisgICAgICAgIC5yb19tYXNrICAgID0gMHgwMDMwLAor ICAgICAgICAuaW5pdCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQs CisgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQs CisgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X3dvcmRfcmVnX3dyaXRl LAorICAgIH0sCiAgICAgLyogTGluayBDb250cm9sIHJlZyAqLwogICAgIHsK ICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQX0xOS0NUTCwKQEAgLTkw Miw2ICs5MjEsMTUgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11 X3JlZ19wY2llWwogICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3Jk X3JlZ19yZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHhlbl9wdF93b3Jk X3JlZ193cml0ZSwKICAgICB9LAorICAgIC8qIExpbmsgU3RhdHVzIHJlZyAq LworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQX0xOS1NU QSwKKyAgICAgICAgLnNpemUgICAgICAgPSAyLAorICAgICAgICAucm9fbWFz ayAgICA9IDB4M0ZGRiwKKyAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRf Y29tbW9uX3JlZ19pbml0LAorICAgICAgICAudS53LnJlYWQgICA9IHhlbl9w dF93b3JkX3JlZ19yZWFkLAorICAgICAgICAudS53LndyaXRlICA9IHhlbl9w dF93b3JkX3JlZ193cml0ZSwKKyAgICB9LAogICAgIC8qIERldmljZSBDb250 cm9sIDIgcmVnICovCiAgICAgewogICAgICAgICAub2Zmc2V0ICAgICA9IDB4 MjgsCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.3-8.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.3-8.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiB1bmtub3duIFBDSSBjb25maWcgc3BhY2UgZmllbGRzIHNob3Vs ZCBiZSByZWFkLW9ubHkKCi4uLiBieSBkZWZhdWx0LiBBZGQgYSBwZXItZGV2 aWNlICJwZXJtaXNzaXZlIiBtb2RlIHNpbWlsYXIgdG8gcGNpYmFjaydzCnRv IGFsbG93IHJlc3RvcmluZyBwcmV2aW91cyBiZWhhdmlvciAoYW5kIGhlbmNl IGJyZWFrIHNlY3VyaXR5IGFnYWluLAppLmUuIHNob3VsZCBiZSB1c2VkIG9u bHkgZm9yIHRydXN0ZWQgZ3Vlc3RzKS4KClRoaXMgaXMgcGFydCBvZiBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgpBY2tlZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5v LnN0YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEFudGhv bnkgUEVSQVJEIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPikKLS0tCk5v dGVzOgotIFdoYXQgcHVycG9zZSBkb2VzIHhlbl9wdF9oZWFkZXJfdHlwZV9y ZWdfaW5pdCgpIHNlcnZlICh3aXRoIC5lbXVfbWFzawogIGJlaW5nIHplcm8p PwotIEluIHRoZSBxZW11LXRyYWQgY2FzZSBubyBlcXVpdmFsZW50IGxvZ2lj IHRvIHRoYXQgc2V0dGluZy91c2luZwogIGRpcmVjdF9wY2lfe21zaV90cmFu c2xhdGUscG93ZXJfbWdtdH0gaXMgYmVpbmcgYWRkZWQsIGFzIHRoYXQgbG9n aWMKICBzZWVtcyBicm9rZW4gKHNldHRpbmcgZ2xvYmFscyBmcm9tIGRldmlj ZSAwIHhlbnN0b3JlIHNldHRpbmdzKS4KCi0tLSBhL2h3L3hlbl9wdC5jCisr KyBiL2h3L3hlbl9wdC5jCkBAIC0yMzksNiArMjM5LDcgQEAgc3RhdGljIHZv aWQgeGVuX3B0X3BjaV93cml0ZV9jb25maWcoUENJRAogICAgIFhlblBUUmVn ICpyZWdfZW50cnkgPSBOVUxMOwogICAgIHVpbnQzMl90IGZpbmRfYWRkciA9 IGFkZHI7CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBOVUxMOworICAgIGJv b2wgd3BfZmxhZyA9IGZhbHNlOwogCiAgICAgaWYgKHhlbl9wdF9wY2lfY29u ZmlnX2FjY2Vzc19jaGVjayhkLCBhZGRyLCBsZW4pKSB7CiAgICAgICAgIHJl dHVybjsKQEAgLTI3OCw2ICsyNzksMTAgQEAgc3RhdGljIHZvaWQgeGVuX3B0 X3BjaV93cml0ZV9jb25maWcoUENJRAogCiAgICAgLyogcGFzcyBkaXJlY3Rs eSB0byB0aGUgcmVhbCBkZXZpY2UgZm9yIHBhc3N0aHJvdWdoIHR5cGUgcmVn aXN0ZXIgZ3JvdXAgKi8KICAgICBpZiAocmVnX2dycF9lbnRyeSA9PSBOVUxM KSB7CisgICAgICAgIGlmICghcy0+cGVybWlzc2l2ZSkgeworICAgICAgICAg ICAgd2JfbWFzayA9IDA7CisgICAgICAgICAgICB3cF9mbGFnID0gdHJ1ZTsK KyAgICAgICAgfQogICAgICAgICBnb3RvIG91dDsKICAgICB9CiAKQEAgLTI5 OCwxMiArMzAzLDE1IEBAIHN0YXRpYyB2b2lkIHhlbl9wdF9wY2lfd3JpdGVf Y29uZmlnKFBDSUQKICAgICAgICAgICAgIHVpbnQzMl90IHJlYWxfb2Zmc2V0 ID0gcmVnX2dycF9lbnRyeS0+YmFzZV9vZmZzZXQgKyByZWctPm9mZnNldDsK ICAgICAgICAgICAgIHVpbnQzMl90IHZhbGlkX21hc2sgPSAweEZGRkZGRkZG ID4+ICgoNCAtIGVtdWxfbGVuKSA8PCAzKTsKICAgICAgICAgICAgIHVpbnQ4 X3QgKnB0cl92YWwgPSBOVUxMOworICAgICAgICAgICAgdWludDMyX3Qgd3Bf bWFzayA9IHJlZy0+ZW11X21hc2sgfCByZWctPnJvX21hc2s7CiAKICAgICAg ICAgICAgIHZhbGlkX21hc2sgPDw9IChmaW5kX2FkZHIgLSByZWFsX29mZnNl dCkgPDwgMzsKICAgICAgICAgICAgIHB0cl92YWwgPSAodWludDhfdCAqKSZ2 YWwgKyAocmVhbF9vZmZzZXQgJiAzKTsKLSAgICAgICAgICAgIGlmIChyZWct PmVtdV9tYXNrID09ICgweEZGRkZGRkZGID4+ICgoNCAtIHJlZy0+c2l6ZSkg PDwgMykpKSB7Ci0gICAgICAgICAgICAgICAgd2JfbWFzayAmPSB+KChyZWct PmVtdV9tYXNrCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICA+PiAo KGZpbmRfYWRkciAtIHJlYWxfb2Zmc2V0KSA8PCAzKSkKKyAgICAgICAgICAg IGlmICghcy0+cGVybWlzc2l2ZSkgeworICAgICAgICAgICAgICAgIHdwX21h c2sgfD0gcmVnLT5yZXNfbWFzazsKKyAgICAgICAgICAgIH0KKyAgICAgICAg ICAgIGlmICh3cF9tYXNrID09ICgweEZGRkZGRkZGID4+ICgoNCAtIHJlZy0+ c2l6ZSkgPDwgMykpKSB7CisgICAgICAgICAgICAgICAgd2JfbWFzayAmPSB+ KCh3cF9tYXNrID4+ICgoZmluZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMp KQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8PCAoKGxlbiAtIGVt dWxfbGVuKSA8PCAzKSk7CiAgICAgICAgICAgICB9CiAKQEAgLTM0Nyw2ICsz NTUsMTYgQEAgc3RhdGljIHZvaWQgeGVuX3B0X3BjaV93cml0ZV9jb25maWco UENJRAogICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgLyogbm90aGlu ZyB0byBkbyB3aXRoIHBhc3N0aHJvdWdoIHR5cGUgcmVnaXN0ZXIsCiAgICAg ICAgICAgICAgKiBjb250aW51ZSB0byBmaW5kIG5leHQgYnl0ZSAqLworICAg ICAgICAgICAgaWYgKCFzLT5wZXJtaXNzaXZlKSB7CisgICAgICAgICAgICAg ICAgd2JfbWFzayAmPSB+KDB4ZmYgPDwgKChsZW4gLSBlbXVsX2xlbikgPDwg MykpOworICAgICAgICAgICAgICAgIC8qIFVudXNlZCBCQVJzIHdpbGwgbWFr ZSBpdCBoZXJlLCBidXQgd2UgZG9uJ3Qgd2FudCB0byBpc3N1ZQorICAgICAg ICAgICAgICAgICAqIHdhcm5pbmdzIGZvciB3cml0ZXMgdG8gdGhlbSAoYm9n dXMgd3JpdGVzIGdldCBkZWFsdCB3aXRoCisgICAgICAgICAgICAgICAgICog YWJvdmUpLgorICAgICAgICAgICAgICAgICAqLworICAgICAgICAgICAgICAg IGlmIChpbmRleCA8IDApIHsKKyAgICAgICAgICAgICAgICAgICAgd3BfZmxh ZyA9IHRydWU7CisgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgfQog ICAgICAgICAgICAgZW11bF9sZW4tLTsKICAgICAgICAgICAgIGZpbmRfYWRk cisrOwogICAgICAgICB9CkBAIC0zNTgsNiArMzc2LDEzIEBAIHN0YXRpYyB2 b2lkIHhlbl9wdF9wY2lfd3JpdGVfY29uZmlnKFBDSUQKICAgICBtZW1vcnlf cmVnaW9uX3RyYW5zYWN0aW9uX2NvbW1pdCgpOwogCiBvdXQ6CisgICAgaWYg KHdwX2ZsYWcgJiYgIXMtPnBlcm1pc3NpdmVfd2FybmVkKSB7CisgICAgICAg IHMtPnBlcm1pc3NpdmVfd2FybmVkID0gdHJ1ZTsKKyAgICAgICAgeGVuX3B0 X2xvZyhkLCAiV3JpdGUtYmFjayB0byB1bmtub3duIGZpZWxkIDB4JTAyeCAo cGFydGlhbGx5KSBpbmhpYml0ZWQgKDB4JTAqeClcbiIsCisgICAgICAgICAg ICAgICAgICAgYWRkciwgbGVuICogMiwgd2JfbWFzayk7CisgICAgICAgIHhl bl9wdF9sb2coZCwgIklmIHRoZSBkZXZpY2UgZG9lc24ndCB3b3JrLCB0cnkg ZW5hYmxpbmcgcGVybWlzc2l2ZSBtb2RlXG4iKTsKKyAgICAgICAgeGVuX3B0 X2xvZyhkLCAiKHVuc2FmZSkgYW5kIGlmIGl0IGhlbHBzIHJlcG9ydCB0aGUg cHJvYmxlbSB0byB4ZW4tZGV2ZWxcbiIpOworICAgIH0KICAgICBmb3IgKGlu ZGV4ID0gMDsgd2JfbWFzazsgaW5kZXggKz0gbGVuKSB7CiAgICAgICAgIC8q IHVua25vd24gcmVncyBhcmUgcGFzc2VkIHRocm91Z2ggKi8KICAgICAgICAg d2hpbGUgKCEod2JfbWFzayAmIDB4ZmYpKSB7CkBAIC04MzgsNiArODYzLDcg QEAgc3RhdGljIHZvaWQgeGVuX3B0X3VucmVnaXN0ZXJfZGV2aWNlKFBDSQog CiBzdGF0aWMgUHJvcGVydHkgeGVuX3BjaV9wYXNzdGhyb3VnaF9wcm9wZXJ0 aWVzW10gPSB7CiAgICAgREVGSU5FX1BST1BfUENJX0hPU1RfREVWQUREUigi aG9zdGFkZHIiLCBYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlLCBob3N0YWRkciks CisgICAgREVGSU5FX1BST1BfVUlOVDgoInBlcm1pc3NpdmUiLCBYZW5QQ0lQ YXNzdGhyb3VnaFN0YXRlLCBwZXJtaXNzaXZlLCAwKSwKICAgICBERUZJTkVf UFJPUF9FTkRfT0ZfTElTVCgpLAogfTsKIAotLS0gYS9ody94ZW5fcHQuaAor KysgYi9ody94ZW5fcHQuaApAQCAtMTk3LDYgKzE5Nyw4IEBAIHN0cnVjdCBY ZW5QQ0lQYXNzdGhyb3VnaFN0YXRlIHsKIAogICAgIFBDSUhvc3REZXZpY2VB ZGRyZXNzIGhvc3RhZGRyOwogICAgIGJvb2wgaXNfdmlydGZuOworICAgIHVp bnQ4X3QgcGVybWlzc2l2ZTsKKyAgICBib29sIHBlcm1pc3NpdmVfd2FybmVk OwogICAgIFhlbkhvc3RQQ0lEZXZpY2UgcmVhbF9kZXZpY2U7CiAgICAgWGVu UFRSZWdpb24gYmFzZXNbUENJX05VTV9SRUdJT05TXTsgLyogQWNjZXNzIHJl Z2lvbnMgKi8KICAgICBRTElTVF9IRUFEKCwgWGVuUFRSZWdHcm91cCkgcmVn X2dycHM7Ci0tLSBhL2h3L3hlbl9wdF9jb25maWdfaW5pdC5jCisrKyBiL2h3 L3hlbl9wdF9jb25maWdfaW5pdC5jCkBAIC0xMDEsNiArMTAxLDEwIEBAIHN0 YXRpYyB1aW50MzJfdCBnZXRfdGhyb3VnaGFibGVfbWFzayhjb24KIHsKICAg ICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0gfihyZWctPmVtdV9tYXNr IHwgcmVnLT5yb19tYXNrKTsKIAorICAgIGlmICghcy0+cGVybWlzc2l2ZSkg eworICAgICAgICB0aHJvdWdoYWJsZV9tYXNrICY9IH5yZWctPnJlc19tYXNr OworICAgIH0KKwogICAgIHJldHVybiB0aHJvdWdoYWJsZV9tYXNrICYgdmFs aWRfbWFzazsKIH0KIAo= --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.4-1.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.4-1.patch" Content-Transfer-Encoding: base64 eGVuL01TSTogZG9uJ3Qgb3Blbi1jb2RlIHBhc3MtdGhyb3VnaCBvZiBlbmFi bGUgYml0IG1vZGlmaWNhdGlvbnMKCldpdGhvdXQgdGhpcyB0aGUgYWN0dWFs IFhTQS0xMzEgZml4IHdvdWxkIGNhdXNlIHRoZSBlbmFibGUgYml0IHRvIG5v dApnZXQgc2V0IGFueW1vcmUgKGR1ZSB0byB0aGUgd3JpdGUgYmFjayBnZXR0 aW5nIHN1cHByZXNzZWQgdGhlcmUgYmFzZWQKb24gdGhlIE9SIG9mIGVtdV9t YXNrLCByb19tYXNrLCBhbmQgcmVzX21hc2spLgoKTm90ZSB0aGF0IHRoZSBm aWRkbGluZyB3aXRoIHRoZSBlbmFibGUgYml0IHNob3VsZG4ndCByZWFsbHkg YmUgZG9uZSBieQpxZW11LCBidXQgbWFraW5nIHRoaXMgd29yayByaWdodCAo dmlhIGxpYnhjIGFuZCB0aGUgaHlwZXJ2aXNvcikgd2lsbApyZXF1aXJlIG1v cmUgZXh0ZW5zaXZlIGNoYW5nZXMsIHdoaWNoIGNhbiBiZSBwb3N0cG9uZWQg dW50aWwgYWZ0ZXIgdGhlCnNlY3VyaXR5IGlzc3VlIGdvdCBhZGRyZXNzZWQu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25m aWdfaW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpA QCAtMTA1NSw3ICsxMDU1LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnY3Ry bF9yZWdfd3JpdGUoWGVuUAogICAgIFhlblBUTVNJICptc2kgPSBzLT5tc2k7 CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7CiAgICAgdWludDE2 X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgcmF3X3Zh bDsKIAogICAgIC8qIEN1cnJlbnRseSBubyBzdXBwb3J0IGZvciBtdWx0aS12 ZWN0b3IgKi8KICAgICBpZiAoKnZhbCAmIFBDSV9NU0lfRkxBR1NfUVNJWkUp IHsKQEAgLTEwNjgsMTIgKzEwNjcsMTEgQEAgc3RhdGljIGludCB4ZW5fcHRf bXNnY3RybF9yZWdfd3JpdGUoWGVuUAogICAgIG1zaS0+ZmxhZ3MgfD0gY2Zn X2VudHJ5LT5kYXRhICYgflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogCiAgICAg LyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVn aXN0ZXIgKi8KLSAgICByYXdfdmFsID0gKnZhbDsKICAgICB0aHJvdWdoYWJs ZV9tYXNrID0gfnJlZy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2 YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJv dWdoYWJsZV9tYXNrKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KLSAgICBp ZiAocmF3X3ZhbCAmIFBDSV9NU0lfRkxBR1NfRU5BQkxFKSB7CisgICAgaWYg KCp2YWwgJiBQQ0lfTVNJX0ZMQUdTX0VOQUJMRSkgewogICAgICAgICAvKiBz ZXR1cCBNU0kgcGlycSBmb3IgdGhlIGZpcnN0IHRpbWUgKi8KICAgICAgICAg aWYgKCFtc2ktPmluaXRpYWxpemVkKSB7CiAgICAgICAgICAgICAvKiBJbml0 IHBoeXNpY2FsIG9uZSAqLwpAQCAtMTEwMSwxMCArMTA5OSw2IEBAIHN0YXRp YyBpbnQgeGVuX3B0X21zZ2N0cmxfcmVnX3dyaXRlKFhlblAKICAgICAgICAg bXNpLT5mbGFncyAmPSB+UENJX01TSV9GTEFHU19FTkFCTEU7CiAgICAgfQog Ci0gICAgLyogcGFzcyB0aHJvdWdoIE1TSV9FTkFCTEUgYml0ICovCi0gICAg KnZhbCAmPSB+UENJX01TSV9GTEFHU19FTkFCTEU7Ci0gICAgKnZhbCB8PSBy YXdfdmFsICYgUENJX01TSV9GTEFHU19FTkFCTEU7Ci0KICAgICByZXR1cm4g MDsKIH0KIApAQCAtMTMwMyw3ICsxMjk3LDcgQEAgc3RhdGljIFhlblBUUmVn SW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuc2l6ZSAgICAg ICA9IDIsCiAgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAg ICAucm9fbWFzayAgICA9IDB4RkY4RSwKLSAgICAgICAgLmVtdV9tYXNrICAg PSAweDAxN0YsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdFLAogICAg ICAgICAuaW5pdCAgICAgICA9IHhlbl9wdF9tc2djdHJsX3JlZ19pbml0LAog ICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFkLAog ICAgICAgICAudS53LndyaXRlICA9IHhlbl9wdF9tc2djdHJsX3JlZ193cml0 ZSwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-4.patch" Content-Disposition: attachment; filename="xsa131-qemuu-4.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBzcGxpdCBvdXQgY2FsY3VsYXRpb24gb2YgdGhyb3VnaGFibGUg bWFzayBpbiBQQ0kgY29uZmlnIHNwYWNlIGhhbmRsaW5nCgpUaGlzIGlzIGp1 c3QgdG8gYXZvaWQgaGF2aW5nIHRvIGFkanVzdCB0aGF0IGNhbGN1bGF0aW9u IGxhdGVyIGluCm11bHRpcGxlIHBsYWNlcy4KCk5vdGUgdGhhdCBpbmNsdWRp bmcgLT5yb19tYXNrIGluIGdldF90aHJvdWdoYWJsZV9tYXNrKCkncyBjYWxj dWxhdGlvbgppcyBvbmx5IGFuIGFwcGFyZW50IChpLmUuIGJlbmlnbikgYmVo YXZpb3JhbCBjaGFuZ2U6IEZvciByL28gZmllbGRzIGl0CmRvZXNuJ3QgbWF0 dGVyID4gd2hldGhlciB0aGV5IGdldCBwYXNzZWQgdGhyb3VnaCAtIGVpdGhl ciB0aGUgc2FtZSBmbGFnCmlzIGFsc28gc2V0IGluIGVtdV9tYXNrICh0aGVu IHRoZXJlJ3Mgbm8gY2hhbmdlIGF0IGFsbCkgb3IgdGhlIGZpZWxkIGlzCnIv byBpbiBoYXJkd2FyZSAoYW5kIGhlbmNlIGEgd3JpdGUgd29uJ3QgY2hhbmdl IGl0IGFueXdheSkuCgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9y IFhTQS0xMzEuCgpTaWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxp Y2hAc3VzZS5jb20+CkFja2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0 ZWZhbm8uc3RhYmVsbGluaUBldS5jaXRyaXguY29tPgpSZXZpZXdlZC1ieTog QW50aG9ueSBQRVJBUkQgPGFudGhvbnkucGVyYXJkQGNpdHJpeC5jb20+Cgot LS0gYS9ody94ZW4veGVuX3B0X2NvbmZpZ19pbml0LmMKKysrIGIvaHcveGVu L3hlbl9wdF9jb25maWdfaW5pdC5jCkBAIC05NSw2ICs5NSwxNCBAQCBYZW5Q VFJlZyAqeGVuX3B0X2ZpbmRfcmVnKFhlblBUUmVnR3JvdXAgCiAgICAgcmV0 dXJuIE5VTEw7CiB9CiAKK3N0YXRpYyB1aW50MzJfdCBnZXRfdGhyb3VnaGFi bGVfbWFzayhjb25zdCBYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IFhlblBU UmVnSW5mbyAqcmVnLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHVpbnQzMl90IHZhbGlkX21hc2spCit7CisgICAgdWludDMyX3Qg dGhyb3VnaGFibGVfbWFzayA9IH4ocmVnLT5lbXVfbWFzayB8IHJlZy0+cm9f bWFzayk7CisKKyAgICByZXR1cm4gdGhyb3VnaGFibGVfbWFzayAmIHZhbGlk X21hc2s7Cit9CiAKIC8qKioqKioqKioqKioqKioqCiAgKiBnZW5lcmFsIHJl Z2lzdGVyIGZ1bmN0aW9ucwpAQCAtMTU3LDE0ICsxNjUsMTMgQEAgc3RhdGlj IGludCB4ZW5fcHRfYnl0ZV9yZWdfd3JpdGUoWGVuUENJUAogewogICAgIFhl blBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWludDhf dCB3cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50OF90IHRocm91Z2hhYmxl X21hc2sgPSAwOworICAgIHVpbnQ4X3QgdGhyb3VnaGFibGVfbWFzayA9IGdl dF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFsaWRfbWFzayk7CiAKICAg ICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwogICAgIHdyaXRhYmxl X21hc2sgPSByZWctPmVtdV9tYXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlk X21hc2s7CiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZB TFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAK ICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmlj ZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5l bXVfbWFzayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhFTl9QVF9NRVJH RV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxlX21hc2spOwog CiAgICAgcmV0dXJuIDA7CkBAIC0xNzUsMTQgKzE4MiwxMyBAQCBzdGF0aWMg aW50IHhlbl9wdF93b3JkX3JlZ193cml0ZShYZW5QQ0lQCiB7CiAgICAgWGVu UFRSZWdJbmZvICpyZWcgPSBjZmdfZW50cnktPnJlZzsKICAgICB1aW50MTZf dCB3cml0YWJsZV9tYXNrID0gMDsKLSAgICB1aW50MTZfdCB0aHJvdWdoYWJs ZV9tYXNrID0gMDsKKyAgICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0g Z2V0X3Rocm91Z2hhYmxlX21hc2socywgcmVnLCB2YWxpZF9tYXNrKTsKIAog ICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCiAgICAgd3JpdGFi bGVfbWFzayA9IHJlZy0+ZW11X21hc2sgJiB+cmVnLT5yb19tYXNrICYgdmFs aWRfbWFzazsKICAgICBjZmdfZW50cnktPmRhdGEgPSBYRU5fUFRfTUVSR0Vf VkFMVUUoKnZhbCwgY2ZnX2VudHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsK IAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2 aWNlIHJlZ2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWct PmVtdV9tYXNrICYgdmFsaWRfbWFzazsKICAgICAqdmFsID0gWEVOX1BUX01F UkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFibGVfbWFzayk7 CiAKICAgICByZXR1cm4gMDsKQEAgLTE5MywxNCArMTk5LDEzIEBAIHN0YXRp YyBpbnQgeGVuX3B0X2xvbmdfcmVnX3dyaXRlKFhlblBDSVAKIHsKICAgICBY ZW5QVFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQz Ml90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91Z2hh YmxlX21hc2sgPSAwOworICAgIHVpbnQzMl90IHRocm91Z2hhYmxlX21hc2sg PSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2spOwog CiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8KICAgICB3cml0 YWJsZV9tYXNrID0gcmVnLT5lbXVfbWFzayAmIH5yZWctPnJvX21hc2sgJiB2 YWxpZF9tYXNrOwogICAgIGNmZ19lbnRyeS0+ZGF0YSA9IFhFTl9QVF9NRVJH RV9WQUxVRSgqdmFsLCBjZmdfZW50cnktPmRhdGEsIHdyaXRhYmxlX21hc2sp OwogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBk ZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJl Zy0+ZW11X21hc2sgJiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRf TUVSR0VfVkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNr KTsKIAogICAgIHJldHVybiAwOwpAQCAtMjkyLDE1ICsyOTcsMTMgQEAgc3Rh dGljIGludCB4ZW5fcHRfY21kX3JlZ193cml0ZShYZW5QQ0lQYQogewogICAg IFhlblBUUmVnSW5mbyAqcmVnID0gY2ZnX2VudHJ5LT5yZWc7CiAgICAgdWlu dDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3Vn aGFibGVfbWFzayA9IDA7CisgICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFz ayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFsaWRfbWFzayk7 CiAKICAgICAvKiBtb2RpZnkgZW11bGF0ZSByZWdpc3RlciAqLwogICAgIHdy aXRhYmxlX21hc2sgPSB+cmVnLT5yb19tYXNrICYgdmFsaWRfbWFzazsKICAg ICBjZmdfZW50cnktPmRhdGEgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwg Y2ZnX2VudHJ5LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNy ZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVy ICovCi0gICAgdGhyb3VnaGFibGVfbWFzayA9IH5yZWctPmVtdV9tYXNrICYg dmFsaWRfbWFzazsKLQogICAgIGlmICgqdmFsICYgUENJX0NPTU1BTkRfSU5U WF9ESVNBQkxFKSB7CiAgICAgICAgIHRocm91Z2hhYmxlX21hc2sgfD0gUENJ X0NPTU1BTkRfSU5UWF9ESVNBQkxFOwogICAgIH0gZWxzZSB7CkBAIC00NTYs NyArNDU5LDYgQEAgc3RhdGljIGludCB4ZW5fcHRfYmFyX3JlZ193cml0ZShY ZW5QQ0lQYQogICAgIFBDSURldmljZSAqZCA9ICZzLT5kZXY7CiAgICAgY29u c3QgUENJSU9SZWdpb24gKnI7CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFz ayA9IDA7Ci0gICAgdWludDMyX3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CiAg ICAgdWludDMyX3QgYmFyX2VtdV9tYXNrID0gMDsKICAgICB1aW50MzJfdCBi YXJfcm9fbWFzayA9IDA7CiAgICAgdWludDMyX3Qgcl9zaXplID0gMDsKQEAg LTUxMyw4ICs1MTUsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9iYXJfcmVnX3dy aXRlKFhlblBDSVBhCiAgICAgfQogCiAgICAgLyogY3JlYXRlIHZhbHVlIGZv ciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0ZXIgKi8KLSAgICB0aHJv dWdoYWJsZV9tYXNrID0gfmJhcl9lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0g ICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUs IHRocm91Z2hhYmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0Vf VkFMVUUoKnZhbCwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIHJldHVybiAwOwog fQpAQCAtNTI4LDkgKzUyOSw4IEBAIHN0YXRpYyBpbnQgeGVuX3B0X2V4cF9y b21fYmFyX3JlZ193cml0ZSgKICAgICBYZW5QVFJlZ2lvbiAqYmFzZSA9IE5V TEw7CiAgICAgUENJRGV2aWNlICpkID0gKFBDSURldmljZSAqKSZzLT5kZXY7 CiAgICAgdWludDMyX3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDMy X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAgdWludDMyX3QgdGhyb3Vn aGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNrKHMsIHJlZywgdmFs aWRfbWFzayk7CiAgICAgcGNpYnVzX3Qgcl9zaXplID0gMDsKLSAgICB1aW50 MzJfdCBiYXJfZW11X21hc2sgPSAwOwogICAgIHVpbnQzMl90IGJhcl9yb19t YXNrID0gMDsKIAogICAgIHJfc2l6ZSA9IGQtPmlvX3JlZ2lvbnNbUENJX1JP TV9TTE9UXS5zaXplOwpAQCAtNTM5LDcgKzUzOSw2IEBAIHN0YXRpYyBpbnQg eGVuX3B0X2V4cF9yb21fYmFyX3JlZ193cml0ZSgKICAgICByX3NpemUgPSB4 ZW5fcHRfZ2V0X2VtdWxfc2l6ZShiYXNlLT5iYXJfZmxhZywgcl9zaXplKTsK IAogICAgIC8qIHNldCBlbXVsYXRlIG1hc2sgYW5kIHJlYWQtb25seSBtYXNr ICovCi0gICAgYmFyX2VtdV9tYXNrID0gcmVnLT5lbXVfbWFzazsKICAgICBi YXJfcm9fbWFzayA9IChyZWctPnJvX21hc2sgfCAocl9zaXplIC0gMSkpICYg flBDSV9ST01fQUREUkVTU19FTkFCTEU7CiAKICAgICAvKiBtb2RpZnkgZW11 bGF0ZSByZWdpc3RlciAqLwpAQCAtNTQ3LDcgKzU0Niw2IEBAIHN0YXRpYyBp bnQgeGVuX3B0X2V4cF9yb21fYmFyX3JlZ193cml0ZSgKICAgICBjZmdfZW50 cnktPmRhdGEgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgY2ZnX2VudHJ5 LT5kYXRhLCB3cml0YWJsZV9tYXNrKTsKIAogICAgIC8qIGNyZWF0ZSB2YWx1 ZSBmb3Igd3JpdGluZyB0byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAg dGhyb3VnaGFibGVfbWFzayA9IH5iYXJfZW11X21hc2sgJiB2YWxpZF9tYXNr OwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZhbCwgZGV2X3Zh bHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIHJldHVybiAwOwpAQCAt OTQyLDE0ICs5NDAsMTMgQEAgc3RhdGljIGludCB4ZW5fcHRfcG1jc3JfcmVn X3dyaXRlKFhlblBDSQogewogICAgIFhlblBUUmVnSW5mbyAqcmVnID0gY2Zn X2VudHJ5LT5yZWc7CiAgICAgdWludDE2X3Qgd3JpdGFibGVfbWFzayA9IDA7 Ci0gICAgdWludDE2X3QgdGhyb3VnaGFibGVfbWFzayA9IDA7CisgICAgdWlu dDE2X3QgdGhyb3VnaGFibGVfbWFzayA9IGdldF90aHJvdWdoYWJsZV9tYXNr KHMsIHJlZywgdmFsaWRfbWFzayk7CiAKICAgICAvKiBtb2RpZnkgZW11bGF0 ZSByZWdpc3RlciAqLwogICAgIHdyaXRhYmxlX21hc2sgPSByZWctPmVtdV9t YXNrICYgfnJlZy0+cm9fbWFzayAmIHZhbGlkX21hc2s7CiAgICAgY2ZnX2Vu dHJ5LT5kYXRhID0gWEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRy eS0+ZGF0YSwgd3JpdGFibGVfbWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFs dWUgZm9yIHdyaXRpbmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAg IHRocm91Z2hhYmxlX21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21h c2s7CiAgICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZf dmFsdWUgJiB+UENJX1BNX0NUUkxfUE1FX1NUQVRVUywKICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHRocm91Z2hhYmxlX21hc2spOwogCkBAIC0x MDQyLDcgKzEwMzksNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2djdHJsX3Jl Z193cml0ZShYZW5QCiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdfZW50 cnktPnJlZzsKICAgICBYZW5QVE1TSSAqbXNpID0gcy0+bXNpOwogICAgIHVp bnQxNl90IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQxNl90IHRocm91 Z2hhYmxlX21hc2sgPSAwOworICAgIHVpbnQxNl90IHRocm91Z2hhYmxlX21h c2sgPSBnZXRfdGhyb3VnaGFibGVfbWFzayhzLCByZWcsIHZhbGlkX21hc2sp OwogCiAgICAgLyogQ3VycmVudGx5IG5vIHN1cHBvcnQgZm9yIG11bHRpLXZl Y3RvciAqLwogICAgIGlmICgqdmFsICYgUENJX01TSV9GTEFHU19RU0laRSkg ewpAQCAtMTA1NSw3ICsxMDUyLDYgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNn Y3RybF9yZWdfd3JpdGUoWGVuUAogICAgIG1zaS0+ZmxhZ3MgfD0gY2ZnX2Vu dHJ5LT5kYXRhICYgflBDSV9NU0lfRkxBR1NfRU5BQkxFOwogCiAgICAgLyog Y3JlYXRlIHZhbHVlIGZvciB3cml0aW5nIHRvIEkvTyBkZXZpY2UgcmVnaXN0 ZXIgKi8KLSAgICB0aHJvdWdoYWJsZV9tYXNrID0gfnJlZy0+ZW11X21hc2sg JiB2YWxpZF9tYXNrOwogICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgZGV2X3ZhbHVlLCB0aHJvdWdoYWJsZV9tYXNrKTsKIAogICAgIC8q IHVwZGF0ZSBNU0kgKi8KQEAgLTExNzEsNyArMTE2Nyw2IEBAIHN0YXRpYyBp bnQgeGVuX3B0X21zZ2FkZHIzMl9yZWdfd3JpdGUoWGUKIHsKICAgICBYZW5Q VFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+cmVnOwogICAgIHVpbnQzMl90 IHdyaXRhYmxlX21hc2sgPSAwOwotICAgIHVpbnQzMl90IHRocm91Z2hhYmxl X21hc2sgPSAwOwogICAgIHVpbnQzMl90IG9sZF9hZGRyID0gY2ZnX2VudHJ5 LT5kYXRhOwogCiAgICAgLyogbW9kaWZ5IGVtdWxhdGUgcmVnaXN0ZXIgKi8K QEAgLTExODAsOCArMTE3NSw3IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2Fk ZHIzMl9yZWdfd3JpdGUoWGUKICAgICBzLT5tc2ktPmFkZHJfbG8gPSBjZmdf ZW50cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRp bmcgdG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxl X21hc2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZh bCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91 Z2hhYmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUo KnZhbCwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8K ICAgICBpZiAoY2ZnX2VudHJ5LT5kYXRhICE9IG9sZF9hZGRyKSB7CkBAIC0x MTk5LDcgKzExOTMsNiBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dhZGRyNjRf cmVnX3dyaXRlKFhlCiB7CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdf ZW50cnktPnJlZzsKICAgICB1aW50MzJfdCB3cml0YWJsZV9tYXNrID0gMDsK LSAgICB1aW50MzJfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKICAgICB1aW50 MzJfdCBvbGRfYWRkciA9IGNmZ19lbnRyeS0+ZGF0YTsKIAogICAgIC8qIGNo ZWNrIHdoZXRoZXIgdGhlIHR5cGUgaXMgNjQgYml0IG9yIG5vdCAqLwpAQCAt MTIxNiw4ICsxMjA5LDcgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnYWRkcjY0 X3JlZ193cml0ZShYZQogICAgIHMtPm1zaS0+YWRkcl9oaSA9IGNmZ19lbnRy eS0+ZGF0YTsKIAogICAgIC8qIGNyZWF0ZSB2YWx1ZSBmb3Igd3JpdGluZyB0 byBJL08gZGV2aWNlIHJlZ2lzdGVyICovCi0gICAgdGhyb3VnaGFibGVfbWFz ayA9IH5yZWctPmVtdV9tYXNrICYgdmFsaWRfbWFzazsKLSAgICAqdmFsID0g WEVOX1BUX01FUkdFX1ZBTFVFKCp2YWwsIGRldl92YWx1ZSwgdGhyb3VnaGFi bGVfbWFzayk7CisgICAgKnZhbCA9IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFs LCBkZXZfdmFsdWUsIDApOwogCiAgICAgLyogdXBkYXRlIE1TSSAqLwogICAg IGlmIChjZmdfZW50cnktPmRhdGEgIT0gb2xkX2FkZHIpIHsKQEAgLTEyMzks NyArMTIzMSw2IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2RhdGFfcmVnX3dy aXRlKFhlblAKICAgICBYZW5QVFJlZ0luZm8gKnJlZyA9IGNmZ19lbnRyeS0+ cmVnOwogICAgIFhlblBUTVNJICptc2kgPSBzLT5tc2k7CiAgICAgdWludDE2 X3Qgd3JpdGFibGVfbWFzayA9IDA7Ci0gICAgdWludDE2X3QgdGhyb3VnaGFi bGVfbWFzayA9IDA7CiAgICAgdWludDE2X3Qgb2xkX2RhdGEgPSBjZmdfZW50 cnktPmRhdGE7CiAgICAgdWludDMyX3Qgb2Zmc2V0ID0gcmVnLT5vZmZzZXQ7 CiAKQEAgLTEyNTcsOCArMTI0OCw3IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21z Z2RhdGFfcmVnX3dyaXRlKFhlblAKICAgICBtc2ktPmRhdGEgPSBjZmdfZW50 cnktPmRhdGE7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcg dG8gSS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21h c2sgPSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7Ci0gICAgKnZhbCA9 IFhFTl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hh YmxlX21hc2spOworICAgICp2YWwgPSBYRU5fUFRfTUVSR0VfVkFMVUUoKnZh bCwgZGV2X3ZhbHVlLCAwKTsKIAogICAgIC8qIHVwZGF0ZSBNU0kgKi8KICAg ICBpZiAoY2ZnX2VudHJ5LT5kYXRhICE9IG9sZF9kYXRhKSB7CkBAIC0xNDIw LDcgKzE0MTAsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2l4Y3RybF9yZWdf d3JpdGUoWGVuCiB7CiAgICAgWGVuUFRSZWdJbmZvICpyZWcgPSBjZmdfZW50 cnktPnJlZzsKICAgICB1aW50MTZfdCB3cml0YWJsZV9tYXNrID0gMDsKLSAg ICB1aW50MTZfdCB0aHJvdWdoYWJsZV9tYXNrID0gMDsKKyAgICB1aW50MTZf dCB0aHJvdWdoYWJsZV9tYXNrID0gZ2V0X3Rocm91Z2hhYmxlX21hc2socywg cmVnLCB2YWxpZF9tYXNrKTsKICAgICBpbnQgZGVidWdfbXNpeF9lbmFibGVk X29sZDsKIAogICAgIC8qIG1vZGlmeSBlbXVsYXRlIHJlZ2lzdGVyICovCkBA IC0xNDI4LDcgKzE0MTgsNiBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2l4Y3Ry bF9yZWdfd3JpdGUoWGVuCiAgICAgY2ZnX2VudHJ5LT5kYXRhID0gWEVOX1BU X01FUkdFX1ZBTFVFKCp2YWwsIGNmZ19lbnRyeS0+ZGF0YSwgd3JpdGFibGVf bWFzayk7CiAKICAgICAvKiBjcmVhdGUgdmFsdWUgZm9yIHdyaXRpbmcgdG8g SS9PIGRldmljZSByZWdpc3RlciAqLwotICAgIHRocm91Z2hhYmxlX21hc2sg PSB+cmVnLT5lbXVfbWFzayAmIHZhbGlkX21hc2s7CiAgICAgKnZhbCA9IFhF Tl9QVF9NRVJHRV9WQUxVRSgqdmFsLCBkZXZfdmFsdWUsIHRocm91Z2hhYmxl X21hc2spOwogCiAgICAgLyogdXBkYXRlIE1TSS1YICovCg== --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-5.patch" Content-Disposition: attachment; filename="xsa131-qemuu-5.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIGFsbCBQQ0llIGNhcGFiaWxpdHkgYml0cyByZWFkLW9u bHkKCnhlbl9wdF9lbXVfcmVnX3BjaWVbXSdzIFBDSV9FWFBfREVWQ0FQIG5l ZWRzIHRvIGNvdmVyIGFsbCBiaXRzIGFzIHJlYWQtCm9ubHkgdG8gYXZvaWQg dW5pbnRlbmRlZCB3cml0ZS1iYWNrIChqdXN0IGEgcHJlY2F1dGlvbiwgdGhl IGZpZWxkIG91Z2h0CnRvIGJlIHJlYWQtb25seSBpbiBoYXJkd2FyZSkuCgpU aGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpTaWdu ZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ClJl dmlld2VkLWJ5OiBTdGVmYW5vIFN0YWJlbGxpbmkgPHN0ZWZhbm8uc3RhYmVs bGluaUBldS5jaXRyaXguY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdF9jb25m aWdfaW5pdC5jCisrKyBiL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYwpA QCAtODczLDcgKzg3Myw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0 X2VtdV9yZWdfcGNpZVsKICAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQ X0RFVkNBUCwKICAgICAgICAgLnNpemUgICAgICAgPSA0LAogICAgICAgICAu aW5pdF92YWwgICA9IDB4MDAwMDAwMDAsCi0gICAgICAgIC5yb19tYXNrICAg ID0gMHgxRkZDRkZGRiwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEZGRkZG RkZGLAogICAgICAgICAuZW11X21hc2sgICA9IDB4MTAwMDAwMDAsCiAgICAg ICAgIC5pbml0ICAgICAgID0geGVuX3B0X2NvbW1vbl9yZWdfaW5pdCwKICAg ICAgICAgLnUuZHcucmVhZCAgPSB4ZW5fcHRfbG9uZ19yZWdfcmVhZCwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-6.patch" Content-Disposition: attachment; filename="xsa131-qemuu-6.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBtYXJrIHJlc2VydmVkIGJpdHMgaW4gUENJIGNvbmZpZyBzcGFj ZSBmaWVsZHMKClRoZSBhZGp1c3RtZW50cyBhcmUgc29sZWx5IHRvIG1ha2Ug dGhlIHN1YnNlcXVlbnQgcGF0Y2hlcyB3b3JrIHJpZ2h0CihhbmQgaGVuY2Ug bWFrZSB0aGUgcGF0Y2ggc2V0IGNvbnNpc3RlbnQpLCBuYW1lbHkgaWYgcGVy bWlzc2l2ZSBtb2RlCihpbnRyb2R1Y2VkIGJ5IHRoZSBsYXN0IHBhdGNoKSBn ZXRzIHVzZWQgKGFzIGJvdGggcmVzZXJ2ZWQgcmVnaXN0ZXJzCmFuZCByZXNl cnZlZCBmaWVsZHMgbXVzdCBiZSBzaW1pbGFybHkgcHJvdGVjdGVkIGZyb20g Z3Vlc3QgYWNjZXNzIGluCmRlZmF1bHQgbW9kZSwgYnV0IHRoZSBndWVzdCBz aG91bGQgYmUgYWxsb3dlZCBhY2Nlc3MgdG8gdGhlbSBpbgpwZXJtaXNzaXZl IG1vZGUpLgoKVGhpcyBpcyBhIHByZXBhcmF0b3J5IHBhdGNoIGZvciBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgoKLS0tIGEvaHcveGVuL3hlbl9wdC5oCisrKyBiL2h3L3hlbi94 ZW5fcHQuaApAQCAtMTAxLDYgKzEwMSw4IEBAIHN0cnVjdCBYZW5QVFJlZ0lu Zm8gewogICAgIHVpbnQzMl90IG9mZnNldDsKICAgICB1aW50MzJfdCBzaXpl OwogICAgIHVpbnQzMl90IGluaXRfdmFsOworICAgIC8qIHJlZyByZXNlcnZl ZCBmaWVsZCBtYXNrIChPTjpyZXNlcnZlZCwgT0ZGOmRlZmluZWQpICovCisg ICAgdWludDMyX3QgcmVzX21hc2s7CiAgICAgLyogcmVnIHJlYWQgb25seSBm aWVsZCBtYXNrIChPTjpSTy9ST1MsIE9GRjpvdGhlcikgKi8KICAgICB1aW50 MzJfdCByb19tYXNrOwogICAgIC8qIHJlZyBlbXVsYXRlIGZpZWxkIG1hc2sg KE9OOmVtdSwgT0ZGOnBhc3N0aHJvdWdoKSAqLwotLS0gYS9ody94ZW4veGVu X3B0X2NvbmZpZ19pbml0LmMKKysrIGIvaHcveGVuL3hlbl9wdF9jb25maWdf aW5pdC5jCkBAIC01ODAsNyArNTgwLDcgQEAgc3RhdGljIFhlblBUUmVnSW5m byB4ZW5fcHRfZW11X3JlZ19oZWFkZQogICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9DT01NQU5ELAogICAgICAgICAuc2l6ZSAgICAgICA9IDIsCiAgICAg ICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAotICAgICAgICAucm9fbWFzayAg ICA9IDB4Rjg4MCwKKyAgICAgICAgLnJlc19tYXNrICAgPSAweEY4ODAsCiAg ICAgICAgIC5lbXVfbWFzayAgID0gMHgwNzQzLAogICAgICAgICAuaW5pdCAg ICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAgIC51Lncu cmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCkBAIC02MDUsNyArNjA1 LDggQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19oZWFk ZQogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9TVEFUVVMsCiAgICAgICAg IC5zaXplICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAw MDAsCi0gICAgICAgIC5yb19tYXNrICAgID0gMHgwNkZGLAorICAgICAgICAu cmVzX21hc2sgICA9IDB4MDAwNywKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eDA2RjgsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDEwLAogICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9zdGF0dXNfcmVnX2luaXQsCiAgICAg ICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCkBAIC05 ODIsNyArOTgzLDggQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11 X3JlZ19wbVtdIAogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9QTV9DVFJM LAogICAgICAgICAuc2l6ZSAgICAgICA9IDIsCiAgICAgICAgIC5pbml0X3Zh bCAgID0gMHgwMDA4LAotICAgICAgICAucm9fbWFzayAgICA9IDB4RTFGQywK KyAgICAgICAgLnJlc19tYXNrICAgPSAweDAwRjAsCisgICAgICAgIC5yb19t YXNrICAgID0gMHhFMTBDLAogICAgICAgICAuZW11X21hc2sgICA9IDB4ODEw QiwKICAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRfY29tbW9uX3JlZ19p bml0LAogICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19y ZWFkLApAQCAtMTI3OCw3ICsxMjgwLDggQEAgc3RhdGljIFhlblBUUmVnSW5m byB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9NU0lfRkxBR1MsCiAgICAgICAgIC5zaXplICAgICAgID0gMiwKICAg ICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAsCi0gICAgICAgIC5yb19tYXNr ICAgID0gMHhGRjhFLAorICAgICAgICAucmVzX21hc2sgICA9IDB4RkUwMCwK KyAgICAgICAgLnJvX21hc2sgICAgPSAweDAxOEUsCiAgICAgICAgIC5lbXVf bWFzayAgID0gMHgwMTdFLAogICAgICAgICAuaW5pdCAgICAgICA9IHhlbl9w dF9tc2djdHJsX3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9IHhl bl9wdF93b3JkX3JlZ19yZWFkLApAQCAtMTQ1Niw3ICsxNDU5LDggQEAgc3Rh dGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19tc2l4WwogICAgICAg ICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfRkxBR1MsCiAgICAgICAgIC5zaXpl ICAgICAgID0gMiwKICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAsCi0g ICAgICAgIC5yb19tYXNrICAgID0gMHgzRkZGLAorICAgICAgICAucmVzX21h c2sgICA9IDB4MzgwMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweDA3RkYs CiAgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDAwLAogICAgICAgICAuaW5p dCAgICAgICA9IHhlbl9wdF9tc2l4Y3RybF9yZWdfaW5pdCwKICAgICAgICAg LnUudy5yZWFkICAgPSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-7.patch" Content-Disposition: attachment; filename="xsa131-qemuu-7.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiBhZGQgYSBmZXcgUENJIGNvbmZpZyBzcGFjZSBmaWVsZCBkZXNj cmlwdGlvbnMKClNpbmNlIHRoZSBuZXh0IHBhdGNoIHdpbGwgdHVybiBhbGwg bm90IGV4cGxpY2l0bHkgZGVzY3JpYmVkIGZpZWxkcwpyZWFkLW9ubHkgYnkg ZGVmYXVsdCwgdGhvc2UgZmllbGRzIHRoYXQgaGF2ZSBndWVzdCB3cml0YWJs ZSBiaXRzIG5lZWQKdG8gYmUgZ2l2ZW4gZXhwbGljaXQgZGVzY3JpcHRvcnMu CgpUaGlzIGlzIGEgcHJlcGFyYXRvcnkgcGF0Y2ggZm9yIFhTQS0xMzEuCgpT aWduZWQtb2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+ Ci0tLQpOb3RlczoKLSBibGluZGx5IGFsbG93aW5nIGFsbCBWUEQgcmVhZHMg bWF5IHN0aWxsIGJlIGEgcHJvYmxlbSAob3V0IG9mIGJvdW5kcwogIGFkZHJl c3NlcyBhcmVuJ3QgYWxsb3dlZCwgYnV0IHRoZSBzcGVjIGRvZXNuJ3Qgc2F5 IHdoYXQgdGhlIGVmZmVjdAogIHdvdWxkIGJlKSA9PT4gYWxzbyBhbiBpc3N1 ZSBpbiBwY2liYWNrPwotIFZlbmRvciBTcGVjaWZpYyBjYXAgcmVncyBhcmVu J3QgaW4gdGhlIHRhYmxlICh3aWxsIGJlY29tZSByL28gYnkKICBkZWZhdWx0 IHdpdGggdGhpcyBjaGFuZ2UpCi0gbWFueSBQQ0llIGNhcCByZWdzIGFyZW4n dCBpbiB0aGUgdGFibGUgKHdpbGwgYWdhaW4gYmVjb21lIHIvbykKLSBzYW1l IGZvciBQTSBjYXAgcmVncyBhdCBvZmZzZXRzIDYgYW5kIDcKCi0tLSBhL2h3 L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYworKysgYi9ody94ZW4veGVuX3B0 X2NvbmZpZ19pbml0LmMKQEAgLTc1Niw2ICs3NTYsMTUgQEAgc3RhdGljIFhl blBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ192cGRbXQogICAgICAgICAudS5i LndyaXRlICA9IHhlbl9wdF9ieXRlX3JlZ193cml0ZSwKICAgICB9LAogICAg IHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfVlBEX0FERFIsCisgICAg ICAgIC5zaXplICAgICAgID0gMiwKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eDAwMDMsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDAzLAorICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCisgICAg ICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCisgICAg ICAgIC51Lncud3JpdGUgID0geGVuX3B0X3dvcmRfcmVnX3dyaXRlLAorICAg IH0sCisgICAgewogICAgICAgICAuc2l6ZSA9IDAsCiAgICAgfSwKIH07CkBA IC04OTEsNiArOTAwLDE2IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0 X2VtdV9yZWdfcGNpZVsKICAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRf d29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAgPSB4ZW5fcHRf d29yZF9yZWdfd3JpdGUsCiAgICAgfSwKKyAgICAvKiBEZXZpY2UgU3RhdHVz IHJlZyAqLworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQQ0lfRVhQ X0RFVlNUQSwKKyAgICAgICAgLnNpemUgICAgICAgPSAyLAorICAgICAgICAu cmVzX21hc2sgICA9IDB4RkZDMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAw eDAwMzAsCisgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X2NvbW1vbl9y ZWdfaW5pdCwKKyAgICAgICAgLnUudy5yZWFkICAgPSB4ZW5fcHRfd29yZF9y ZWdfcmVhZCwKKyAgICAgICAgLnUudy53cml0ZSAgPSB4ZW5fcHRfd29yZF9y ZWdfd3JpdGUsCisgICAgfSwKICAgICAvKiBMaW5rIENvbnRyb2wgcmVnICov CiAgICAgewogICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9FWFBfTE5LQ1RM LApAQCAtOTAyLDYgKzkyMSwxNSBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhl bl9wdF9lbXVfcmVnX3BjaWVbCiAgICAgICAgIC51LncucmVhZCAgID0geGVu X3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVu X3B0X3dvcmRfcmVnX3dyaXRlLAogICAgIH0sCisgICAgLyogTGluayBTdGF0 dXMgcmVnICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9F WFBfTE5LU1RBLAorICAgICAgICAuc2l6ZSAgICAgICA9IDIsCisgICAgICAg IC5yb19tYXNrICAgID0gMHgzRkZGLAorICAgICAgICAuaW5pdCAgICAgICA9 IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCisgICAgICAgIC51LncucmVhZCAg ID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCisgICAgICAgIC51Lncud3JpdGUg ID0geGVuX3B0X3dvcmRfcmVnX3dyaXRlLAorICAgIH0sCiAgICAgLyogRGV2 aWNlIENvbnRyb2wgMiByZWcgKi8KICAgICB7CiAgICAgICAgIC5vZmZzZXQg ICAgID0gMHgyOCwK --=separator Content-Type: application/octet-stream; name="xsa131-qemuu-8.patch" Content-Disposition: attachment; filename="xsa131-qemuu-8.patch" Content-Transfer-Encoding: base64 eGVuL3B0OiB1bmtub3duIFBDSSBjb25maWcgc3BhY2UgZmllbGRzIHNob3Vs ZCBiZSByZWFkLW9ubHkKCi4uLiBieSBkZWZhdWx0LiBBZGQgYSBwZXItZGV2 aWNlICJwZXJtaXNzaXZlIiBtb2RlIHNpbWlsYXIgdG8gcGNpYmFjaydzCnRv IGFsbG93IHJlc3RvcmluZyBwcmV2aW91cyBiZWhhdmlvciAoYW5kIGhlbmNl IGJyZWFrIHNlY3VyaXR5IGFnYWluLAppLmUuIHNob3VsZCBiZSB1c2VkIG9u bHkgZm9yIHRydXN0ZWQgZ3Vlc3RzKS4KClRoaXMgaXMgcGFydCBvZiBYU0Et MTMxLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1 c2UuY29tPgpBY2tlZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5v LnN0YWJlbGxpbmlAZXUuY2l0cml4LmNvbT4KUmV2aWV3ZWQtYnk6IEFudGhv bnkgUEVSQVJEIDxhbnRob255LnBlcmFyZEBjaXRyaXguY29tPikKLS0tCk5v dGVzOgotIFdoYXQgcHVycG9zZSBkb2VzIHhlbl9wdF9oZWFkZXJfdHlwZV9y ZWdfaW5pdCgpIHNlcnZlICh3aXRoIC5lbXVfbWFzawogIGJlaW5nIHplcm8p PwotIEluIHRoZSBxZW11LXRyYWQgY2FzZSBubyBlcXVpdmFsZW50IGxvZ2lj IHRvIHRoYXQgc2V0dGluZy91c2luZwogIGRpcmVjdF9wY2lfe21zaV90cmFu c2xhdGUscG93ZXJfbWdtdH0gaXMgYmVpbmcgYWRkZWQsIGFzIHRoYXQgbG9n aWMKICBzZWVtcyBicm9rZW4gKHNldHRpbmcgZ2xvYmFscyBmcm9tIGRldmlj ZSAwIHhlbnN0b3JlIHNldHRpbmdzKS4KCi0tLSBhL2h3L3hlbi94ZW5fcHQu YworKysgYi9ody94ZW4veGVuX3B0LmMKQEAgLTIzOSw2ICsyMzksNyBAQCBz dGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lECiAgICAg WGVuUFRSZWcgKnJlZ19lbnRyeSA9IE5VTEw7CiAgICAgdWludDMyX3QgZmlu ZF9hZGRyID0gYWRkcjsKICAgICBYZW5QVFJlZ0luZm8gKnJlZyA9IE5VTEw7 CisgICAgYm9vbCB3cF9mbGFnID0gZmFsc2U7CiAKICAgICBpZiAoeGVuX3B0 X3BjaV9jb25maWdfYWNjZXNzX2NoZWNrKGQsIGFkZHIsIGxlbikpIHsKICAg ICAgICAgcmV0dXJuOwpAQCAtMjgwLDYgKzI4MSwxMCBAQCBzdGF0aWMgdm9p ZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lECiAKICAgICAvKiBwYXNz IGRpcmVjdGx5IHRvIHRoZSByZWFsIGRldmljZSBmb3IgcGFzc3Rocm91Z2gg dHlwZSByZWdpc3RlciBncm91cCAqLwogICAgIGlmIChyZWdfZ3JwX2VudHJ5 ID09IE5VTEwpIHsKKyAgICAgICAgaWYgKCFzLT5wZXJtaXNzaXZlKSB7Cisg ICAgICAgICAgICB3Yl9tYXNrID0gMDsKKyAgICAgICAgICAgIHdwX2ZsYWcg PSB0cnVlOworICAgICAgICB9CiAgICAgICAgIGdvdG8gb3V0OwogICAgIH0K IApAQCAtMzAwLDEyICszMDUsMTUgQEAgc3RhdGljIHZvaWQgeGVuX3B0X3Bj aV93cml0ZV9jb25maWcoUENJRAogICAgICAgICAgICAgdWludDMyX3QgcmVh bF9vZmZzZXQgPSByZWdfZ3JwX2VudHJ5LT5iYXNlX29mZnNldCArIHJlZy0+ b2Zmc2V0OwogICAgICAgICAgICAgdWludDMyX3QgdmFsaWRfbWFzayA9IDB4 RkZGRkZGRkYgPj4gKCg0IC0gZW11bF9sZW4pIDw8IDMpOwogICAgICAgICAg ICAgdWludDhfdCAqcHRyX3ZhbCA9IE5VTEw7CisgICAgICAgICAgICB1aW50 MzJfdCB3cF9tYXNrID0gcmVnLT5lbXVfbWFzayB8IHJlZy0+cm9fbWFzazsK IAogICAgICAgICAgICAgdmFsaWRfbWFzayA8PD0gKGZpbmRfYWRkciAtIHJl YWxfb2Zmc2V0KSA8PCAzOwogICAgICAgICAgICAgcHRyX3ZhbCA9ICh1aW50 OF90ICopJnZhbCArIChyZWFsX29mZnNldCAmIDMpOwotICAgICAgICAgICAg aWYgKHJlZy0+ZW11X21hc2sgPT0gKDB4RkZGRkZGRkYgPj4gKCg0IC0gcmVn LT5zaXplKSA8PCAzKSkpIHsKLSAgICAgICAgICAgICAgICB3Yl9tYXNrICY9 IH4oKHJlZy0+ZW11X21hc2sKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgID4+ICgoZmluZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMpKQorICAg ICAgICAgICAgaWYgKCFzLT5wZXJtaXNzaXZlKSB7CisgICAgICAgICAgICAg ICAgd3BfbWFzayB8PSByZWctPnJlc19tYXNrOworICAgICAgICAgICAgfQor ICAgICAgICAgICAgaWYgKHdwX21hc2sgPT0gKDB4RkZGRkZGRkYgPj4gKCg0 IC0gcmVnLT5zaXplKSA8PCAzKSkpIHsKKyAgICAgICAgICAgICAgICB3Yl9t YXNrICY9IH4oKHdwX21hc2sgPj4gKChmaW5kX2FkZHIgLSByZWFsX29mZnNl dCkgPDwgMykpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDw8ICgo bGVuIC0gZW11bF9sZW4pIDw8IDMpKTsKICAgICAgICAgICAgIH0KIApAQCAt MzQ5LDYgKzM1NywxNiBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRl X2NvbmZpZyhQQ0lECiAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAv KiBub3RoaW5nIHRvIGRvIHdpdGggcGFzc3Rocm91Z2ggdHlwZSByZWdpc3Rl ciwKICAgICAgICAgICAgICAqIGNvbnRpbnVlIHRvIGZpbmQgbmV4dCBieXRl ICovCisgICAgICAgICAgICBpZiAoIXMtPnBlcm1pc3NpdmUpIHsKKyAgICAg ICAgICAgICAgICB3Yl9tYXNrICY9IH4oMHhmZiA8PCAoKGxlbiAtIGVtdWxf bGVuKSA8PCAzKSk7CisgICAgICAgICAgICAgICAgLyogVW51c2VkIEJBUnMg d2lsbCBtYWtlIGl0IGhlcmUsIGJ1dCB3ZSBkb24ndCB3YW50IHRvIGlzc3Vl CisgICAgICAgICAgICAgICAgICogd2FybmluZ3MgZm9yIHdyaXRlcyB0byB0 aGVtIChib2d1cyB3cml0ZXMgZ2V0IGRlYWx0IHdpdGgKKyAgICAgICAgICAg ICAgICAgKiBhYm92ZSkuCisgICAgICAgICAgICAgICAgICovCisgICAgICAg ICAgICAgICAgaWYgKGluZGV4IDwgMCkgeworICAgICAgICAgICAgICAgICAg ICB3cF9mbGFnID0gdHJ1ZTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAg ICAgICB9CiAgICAgICAgICAgICBlbXVsX2xlbi0tOwogICAgICAgICAgICAg ZmluZF9hZGRyKys7CiAgICAgICAgIH0KQEAgLTM2MCw2ICszNzgsMTMgQEAg c3RhdGljIHZvaWQgeGVuX3B0X3BjaV93cml0ZV9jb25maWcoUENJRAogICAg IG1lbW9yeV9yZWdpb25fdHJhbnNhY3Rpb25fY29tbWl0KCk7CiAKIG91dDoK KyAgICBpZiAod3BfZmxhZyAmJiAhcy0+cGVybWlzc2l2ZV93YXJuZWQpIHsK KyAgICAgICAgcy0+cGVybWlzc2l2ZV93YXJuZWQgPSB0cnVlOworICAgICAg ICB4ZW5fcHRfbG9nKGQsICJXcml0ZS1iYWNrIHRvIHVua25vd24gZmllbGQg MHglMDJ4IChwYXJ0aWFsbHkpIGluaGliaXRlZCAoMHglMCp4KVxuIiwKKyAg ICAgICAgICAgICAgICAgICBhZGRyLCBsZW4gKiAyLCB3Yl9tYXNrKTsKKyAg ICAgICAgeGVuX3B0X2xvZyhkLCAiSWYgdGhlIGRldmljZSBkb2Vzbid0IHdv cmssIHRyeSBlbmFibGluZyBwZXJtaXNzaXZlIG1vZGVcbiIpOworICAgICAg ICB4ZW5fcHRfbG9nKGQsICIodW5zYWZlKSBhbmQgaWYgaXQgaGVscHMgcmVw b3J0IHRoZSBwcm9ibGVtIHRvIHhlbi1kZXZlbFxuIik7CisgICAgfQogICAg IGZvciAoaW5kZXggPSAwOyB3Yl9tYXNrOyBpbmRleCArPSBsZW4pIHsKICAg ICAgICAgLyogdW5rbm93biByZWdzIGFyZSBwYXNzZWQgdGhyb3VnaCAqLwog ICAgICAgICB3aGlsZSAoISh3Yl9tYXNrICYgMHhmZikpIHsKQEAgLTgyMSw2 ICs4NDYsNyBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfdW5yZWdpc3Rlcl9kZXZp Y2UoUENJCiAKIHN0YXRpYyBQcm9wZXJ0eSB4ZW5fcGNpX3Bhc3N0aHJvdWdo X3Byb3BlcnRpZXNbXSA9IHsKICAgICBERUZJTkVfUFJPUF9QQ0lfSE9TVF9E RVZBRERSKCJob3N0YWRkciIsIFhlblBDSVBhc3N0aHJvdWdoU3RhdGUsIGhv c3RhZGRyKSwKKyAgICBERUZJTkVfUFJPUF9CT09MKCJwZXJtaXNzaXZlIiwg WGVuUENJUGFzc3Rocm91Z2hTdGF0ZSwgcGVybWlzc2l2ZSwgZmFsc2UpLAog ICAgIERFRklORV9QUk9QX0VORF9PRl9MSVNUKCksCiB9OwogCi0tLSBhL2h3 L3hlbi94ZW5fcHQuaAorKysgYi9ody94ZW4veGVuX3B0LmgKQEAgLTE5Nyw2 ICsxOTcsOCBAQCBzdHJ1Y3QgWGVuUENJUGFzc3Rocm91Z2hTdGF0ZSB7CiAK ICAgICBQQ0lIb3N0RGV2aWNlQWRkcmVzcyBob3N0YWRkcjsKICAgICBib29s IGlzX3ZpcnRmbjsKKyAgICBib29sIHBlcm1pc3NpdmU7CisgICAgYm9vbCBw ZXJtaXNzaXZlX3dhcm5lZDsKICAgICBYZW5Ib3N0UENJRGV2aWNlIHJlYWxf ZGV2aWNlOwogICAgIFhlblBUUmVnaW9uIGJhc2VzW1BDSV9OVU1fUkVHSU9O U107IC8qIEFjY2VzcyByZWdpb25zICovCiAgICAgUUxJU1RfSEVBRCgsIFhl blBUUmVnR3JvdXApIHJlZ19ncnBzOwotLS0gYS9ody94ZW4veGVuX3B0X2Nv bmZpZ19pbml0LmMKKysrIGIvaHcveGVuL3hlbl9wdF9jb25maWdfaW5pdC5j CkBAIC0xMDEsNiArMTAxLDEwIEBAIHN0YXRpYyB1aW50MzJfdCBnZXRfdGhy b3VnaGFibGVfbWFzayhjb24KIHsKICAgICB1aW50MzJfdCB0aHJvdWdoYWJs ZV9tYXNrID0gfihyZWctPmVtdV9tYXNrIHwgcmVnLT5yb19tYXNrKTsKIAor ICAgIGlmICghcy0+cGVybWlzc2l2ZSkgeworICAgICAgICB0aHJvdWdoYWJs ZV9tYXNrICY9IH5yZWctPnJlc19tYXNrOworICAgIH0KKwogICAgIHJldHVy biB0aHJvdWdoYWJsZV9tYXNrICYgdmFsaWRfbWFzazsKIH0KIAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoJ-0005Qm-O0; Tue, 02 Jun 2015 14:04:55 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoH-0005QG-CW; Tue, 02 Jun 2015 14:04:54 +0000 Received: from [193.109.254.147] by server-16.bemta-14.messagelabs.com id 87/68-31650-408BD655; Tue, 02 Jun 2015 14:04:52 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-15.tower-27.messagelabs.com!1433253890!19655171!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 13278 invoked from network); 2 Jun 2015 14:04:51 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-15.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:04:51 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Yzmo8-0006Si-LW; Tue, 02 Jun 2015 14:04:44 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Yzmo8-0001oT-IC; Tue, 02 Jun 2015 14:04:44 +0000 Date: Tue, 02 Jun 2015 14:04:44 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 129 (CVE-2015-4104) - PCI MSI mask bits inadvertently exposed to guests X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4104 / XSA-129 version 2 PCI MSI mask bits inadvertently exposed to guests UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= The mask bits optionally available in the PCI MSI capability structure are used by the hypervisor to occasionally suppress interrupt delivery. Unprivileged guests were, however, nevertheless allowed direct control of these bits. IMPACT ====== Interrupts may be observed by Xen at unexpected times, which may lead to a host crash and therefore a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable. (Most modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa129-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa129-qemuu-4.3.patch Xen 4.3.x xsa129-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa129*.patch 3c6b5a085eec3a528b18207ca65222300911fd25501a9ffaffa76a5d85d23992 xsa129-qemut.patch 314808fbaa97d06bc4bb6cb6644dca1ae2da55534661c662c6e442d5b91e6061 xsa129-qemuu-4.3.patch 9f0658e197c539306118723d63b468d09fe3a1d9f9364f6d06e53b7be8268bdc xsa129-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or migitations is NOT permitted (except on systems used and administered only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployent on public cloud systems is NOT permitted. This is because the altered PCI config space access behavior is visible to guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdRAAoJEIP+FMlX6CvZe+4H/RcQcEsggqHg5eK/9yowQV1c erLWwpP18+v1pSRKqC+In/snL4g6H1DiC7ezwEbyQzOA8GGgiikTHqyTyFATvEHN hCwMgYW4ZYcR/euqJ7kgi7q368+39sM6ZzEnKCwr4GUeWLtBh+6ABeih5XlfjyfS 0HWuw+NBkT7IcIR/KaQwa17or3fZ2cZKq1NU4EksFjuD+ucMS7a4sPs1SztoSbXc Qf5TZn0XsDWoAodX/EmI4xRubpKL6Ae6noOCkBDelssvwzIhR1rZfFL8qALy+axf vb4le4Woy7USkWssOURSvkY8iMio25qvwGFxORzI9x4ImMU+XC+r6QSCLER202Q= =VQRQ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa129-qemut.patch" Content-Disposition: attachment; filename="xsa129-qemut.patch" Content-Transfer-Encoding: base64 eGVuOiBkb24ndCBhbGxvdyBndWVzdCB0byBjb250cm9sIE1TSSBtYXNrIHJl Z2lzdGVyCgpJdCdzIGJlaW5nIHVzZWQgYnkgdGhlIGh5cGVydmlzb3IuIEZv ciBub3cgc2ltcGx5IG1pbWljIGEgZGV2aWNlIG5vdApjYXBhYmxlIG9mIG1h c2tpbmcsIGFuZCBmdWxseSBlbXVsYXRlIGFueSBhY2Nlc3NlcyBhIGd1ZXN0 IG1heSBpc3N1ZQpuZXZlcnRoZWxlc3MgYXMgc2ltcGxlIHJlYWRzL3dyaXRl cyB3aXRob3V0IHNpZGUgZWZmZWN0cy4KClRoaXMgaXMgWFNBLTEyOS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFi ZWxsaW5pQGV1LmNpdHJpeC5jb20+CgotLS0gYS9ody9wYXNzLXRocm91Z2gu YworKysgYi9ody9wYXNzLXRocm91Z2guYwpAQCAtMTQ3LDYgKzE0NywxMCBA QCBzdGF0aWMgdWludDMyX3QgcHRfbXNnYWRkcjY0X3JlZ19pbml0KHN0CiAg ICAgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnLCB1aW50MzJfdCByZWFs X29mZnNldCk7CiBzdGF0aWMgdWludDMyX3QgcHRfbXNnZGF0YV9yZWdfaW5p dChzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKICAgICBzdHJ1Y3QgcHRfcmVnX2lu Zm9fdGJsICpyZWcsIHVpbnQzMl90IHJlYWxfb2Zmc2V0KTsKK3N0YXRpYyB1 aW50MzJfdCBwdF9tYXNrX3JlZ19pbml0KHN0cnVjdCBwdF9kZXYgKnB0ZGV2 LAorICAgIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZywgdWludDMyX3Qg cmVhbF9vZmZzZXQpOworc3RhdGljIHVpbnQzMl90IHB0X3BlbmRpbmdfcmVn X2luaXQoc3RydWN0IHB0X2RldiAqcHRkZXYsCisgICAgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCk7CiBzdGF0 aWMgdWludDMyX3QgcHRfbXNpeGN0cmxfcmVnX2luaXQoc3RydWN0IHB0X2Rl diAqcHRkZXYsCiAgICAgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnLCB1 aW50MzJfdCByZWFsX29mZnNldCk7CiBzdGF0aWMgdWludDMyX3QgcHRfaGVh ZGVyX3R5cGVfcmVnX2luaXQoc3RydWN0IHB0X2RldiAqcHRkZXYsCkBAIC02 NDQsNyArNjQ4LDcgQEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190Ymwg cHRfZW11X3JlZwogICAgICAgICAuc2l6ZSAgICAgICA9IDIsCiAgICAgICAg IC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAgICAucm9fbWFzayAgICA9 IDB4RkY4RSwKLSAgICAgICAgLmVtdV9tYXNrICAgPSAweDAwN0YsCisgICAg ICAgIC5lbXVfbWFzayAgID0gMHgwMTdGLAogICAgICAgICAuaW5pdCAgICAg ICA9IHB0X21zZ2N0cmxfcmVnX2luaXQsCiAgICAgICAgIC51LncucmVhZCAg ID0gcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAgPSBw dF9tc2djdHJsX3JlZ193cml0ZSwKQEAgLTY5OCw2ICs3MDIsNTAgQEAgc3Rh dGljIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAg ICAudS53LndyaXRlICA9IHB0X21zZ2RhdGFfcmVnX3dyaXRlLAogICAgICAg ICAudS53LnJlc3RvcmUgID0gTlVMTCwKICAgICB9LAorICAgIC8qIE1hc2sg cmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01BU0tfQklUIHNldCwgZm9yIDMyLWJp dCBkZXZpY2VzKSAqLworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQ Q0lfTVNJX01BU0tfMzIsCisgICAgICAgIC5zaXplICAgICAgID0gNCwKKyAg ICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAorICAgICAgICAucm9f bWFzayAgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5lbXVfbWFzayAgID0g MHhGRkZGRkZGRiwKKyAgICAgICAgLmluaXQgICAgICAgPSBwdF9tYXNrX3Jl Z19pbml0LAorICAgICAgICAudS5kdy5yZWFkICA9IHB0X2xvbmdfcmVnX3Jl YWQsCisgICAgICAgIC51LmR3LndyaXRlID0gcHRfbG9uZ19yZWdfd3JpdGUs CisgICAgfSwKKyAgICAvKiBNYXNrIHJlZyAoaWYgUENJX01TSV9GTEFHU19N QVNLX0JJVCBzZXQsIGZvciA2NC1iaXQgZGV2aWNlcykgKi8KKyAgICB7Cisg ICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNLXzY0LAorICAgICAg ICAuc2l6ZSAgICAgICA9IDQsCisgICAgICAgIC5pbml0X3ZhbCAgID0gMHgw MDAwMDAwMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEZGRkZGRkZGLAor ICAgICAgICAuZW11X21hc2sgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5p bml0ICAgICAgID0gcHRfbWFza19yZWdfaW5pdCwKKyAgICAgICAgLnUuZHcu cmVhZCAgPSBwdF9sb25nX3JlZ19yZWFkLAorICAgICAgICAudS5kdy53cml0 ZSA9IHB0X2xvbmdfcmVnX3dyaXRlLAorICAgIH0sCisgICAgLyogUGVuZGlu ZyByZWcgKGlmIFBDSV9NU0lfRkxBR1NfTUFTS19CSVQgc2V0LCBmb3IgMzIt Yml0IGRldmljZXMpICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9NU0lfTUFTS18zMiArIDQsCisgICAgICAgIC5zaXplICAgICAgID0g NCwKKyAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAorICAgICAg ICAucm9fbWFzayAgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5lbXVfbWFz ayAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLmluaXQgICAgICAgPSBwdF9w ZW5kaW5nX3JlZ19pbml0LAorICAgICAgICAudS5kdy5yZWFkICA9IHB0X2xv bmdfcmVnX3JlYWQsCisgICAgICAgIC51LmR3LndyaXRlID0gcHRfbG9uZ19y ZWdfd3JpdGUsCisgICAgfSwKKyAgICAvKiBQZW5kaW5nIHJlZyAoaWYgUENJ X01TSV9GTEFHU19NQVNLX0JJVCBzZXQsIGZvciA2NC1iaXQgZGV2aWNlcykg Ki8KKyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNL XzY0ICsgNCwKKyAgICAgICAgLnNpemUgICAgICAgPSA0LAorICAgICAgICAu aW5pdF92YWwgICA9IDB4MDAwMDAwMDAsCisgICAgICAgIC5yb19tYXNrICAg ID0gMHhGRkZGRkZGRiwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweDAwMDAw MDAwLAorICAgICAgICAuaW5pdCAgICAgICA9IHB0X3BlbmRpbmdfcmVnX2lu aXQsCisgICAgICAgIC51LmR3LnJlYWQgID0gcHRfbG9uZ19yZWdfcmVhZCwK KyAgICAgICAgLnUuZHcud3JpdGUgPSBwdF9sb25nX3JlZ193cml0ZSwKKyAg ICB9LAogICAgIHsKICAgICAgICAgLnNpemUgPSAwLAogICAgIH0sCkBAIC0z MDIzLDYgKzMwNzEsNDIgQEAgc3RhdGljIHVpbnQzMl90IHB0X21zZ2RhdGFf cmVnX2luaXQoc3RydQogICAgICAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7 CiB9CiAKKy8qIHRoaXMgZnVuY3Rpb24gd2lsbCBiZSBjYWxsZWQgdHdpY2Ug KGZvciAzMiBiaXQgYW5kIDY0IGJpdCB0eXBlKSAqLworLyogaW5pdGlhbGl6 ZSBNYXNrIHJlZ2lzdGVyICovCitzdGF0aWMgdWludDMyX3QgcHRfbWFza19y ZWdfaW5pdChzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKKyAgICAgICAgc3RydWN0 IHB0X3JlZ19pbmZvX3RibCAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCkK K3sKKyAgICB1aW50MzJfdCBmbGFncyA9IHB0ZGV2LT5tc2ktPmZsYWdzOwor ICAgIHVpbnQzMl90IG9mZnNldCA9IHJlZy0+b2Zmc2V0OworCisgICAgaWYg KCEoZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdTX01BU0tfQklUKSkKKyAgICAgICAg cmV0dXJuIFBUX0lOVkFMSURfUkVHOworCisgICAgaWYgKG9mZnNldCA9PSAo ZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdTXzY0QklUID8KKyAgICAgICAgICAgICAg ICAgICBQQ0lfTVNJX01BU0tfNjQgOiBQQ0lfTVNJX01BU0tfMzIpKQorICAg ICAgICByZXR1cm4gcmVnLT5pbml0X3ZhbDsKKworICAgIHJldHVybiBQVF9J TlZBTElEX1JFRzsKK30KKworLyogdGhpcyBmdW5jdGlvbiB3aWxsIGJlIGNh bGxlZCB0d2ljZSAoZm9yIDMyIGJpdCBhbmQgNjQgYml0IHR5cGUpICovCisv KiBpbml0aWFsaXplIFBlbmRpbmcgcmVnaXN0ZXIgKi8KK3N0YXRpYyB1aW50 MzJfdCBwdF9wZW5kaW5nX3JlZ19pbml0KHN0cnVjdCBwdF9kZXYgKnB0ZGV2 LAorICAgICAgICBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsICpyZWcsIHVpbnQz Ml90IHJlYWxfb2Zmc2V0KQoreworICAgIHVpbnQzMl90IGZsYWdzID0gcHRk ZXYtPm1zaS0+ZmxhZ3M7CisgICAgdWludDMyX3Qgb2Zmc2V0ID0gcmVnLT5v ZmZzZXQ7CisKKyAgICBpZiAoIShmbGFncyAmIFBDSV9NU0lfRkxBR1NfTUFT S19CSVQpKQorICAgICAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7CisKKyAg ICBpZiAob2Zmc2V0ID09IChmbGFncyAmIFBDSV9NU0lfRkxBR1NfNjRCSVQg PworICAgICAgICAgICAgICAgICAgIFBDSV9NU0lfTUFTS182NCArIDQgOiBQ Q0lfTVNJX01BU0tfMzIgKyA0KSkKKyAgICAgICAgcmV0dXJuIHJlZy0+aW5p dF92YWw7CisKKyAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7Cit9CisKIC8q IGluaXRpYWxpemUgTWVzc2FnZSBDb250cm9sIHJlZ2lzdGVyIGZvciBNU0kt WCAqLwogc3RhdGljIHVpbnQzMl90IHB0X21zaXhjdHJsX3JlZ19pbml0KHN0 cnVjdCBwdF9kZXYgKnB0ZGV2LAogICAgICAgICBzdHJ1Y3QgcHRfcmVnX2lu Zm9fdGJsICpyZWcsIHVpbnQzMl90IHJlYWxfb2Zmc2V0KQotLS0gYS9ody9w YXNzLXRocm91Z2guaAorKysgYi9ody9wYXNzLXRocm91Z2guaApAQCAtODQs NiArODQsMTIgQEAKICNkZWZpbmUgUENJX01TSV9GTEFHU19NQVNLX0JJVCAg MHgwMTAwCiAjZW5kaWYKIAorI2lmbmRlZiBQQ0lfTVNJX01BU0tfMzIKKy8q IGludGVycnVwdCBtYXNraW5nIHJlZ2lzdGVyICovCisjZGVmaW5lIFBDSV9N U0lfTUFTS18zMiAgICAgMTIKKyNkZWZpbmUgUENJX01TSV9NQVNLXzY0ICAg ICAxNgorI2VuZGlmCisKICNpZm5kZWYgUENJX0VYUF9UWVBFX1BDSUVfQlJJ REdFCiAvKiBQQ0kvUENJLVggdG8gUENJRSBCcmlkZ2UgKi8KICNkZWZpbmUg UENJX0VYUF9UWVBFX1BDSUVfQlJJREdFIDB4OAo= --=separator Content-Type: application/octet-stream; name="xsa129-qemuu-4.3.patch" Content-Disposition: attachment; filename="xsa129-qemuu-4.3.patch" Content-Transfer-Encoding: base64 eGVuOiBkb24ndCBhbGxvdyBndWVzdCB0byBjb250cm9sIE1TSSBtYXNrIHJl Z2lzdGVyCgpJdCdzIGJlaW5nIHVzZWQgYnkgdGhlIGh5cGVydmlzb3IuIEZv ciBub3cgc2ltcGx5IG1pbWljIGEgZGV2aWNlIG5vdApjYXBhYmxlIG9mIG1h c2tpbmcsIGFuZCBmdWxseSBlbXVsYXRlIGFueSBhY2Nlc3NlcyBhIGd1ZXN0 IG1heSBpc3N1ZQpuZXZlcnRoZWxlc3MgYXMgc2ltcGxlIHJlYWRzL3dyaXRl cyB3aXRob3V0IHNpZGUgZWZmZWN0cy4KClRoaXMgaXMgWFNBLTEyOS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFi ZWxsaW5pQGV1LmNpdHJpeC5jb20+CgotLS0gYS9ody9tc2kuYworKysgYi9o dy9tc2kuYwpAQCAtMjEsMTAgKzIxLDYgQEAKICNpbmNsdWRlICJtc2kuaCIK ICNpbmNsdWRlICJyYW5nZS5oIgogCi0vKiBFdmVudHVhbGx5IHRob3NlIGNv bnN0YW50cyBzaG91bGQgZ28gdG8gTGludXggcGNpX3JlZ3MuaCAqLwotI2Rl ZmluZSBQQ0lfTVNJX1BFTkRJTkdfMzIgICAgICAweDEwCi0jZGVmaW5lIFBD SV9NU0lfUEVORElOR182NCAgICAgIDB4MTQKLQogLyogUENJX01TSV9BRERS RVNTX0xPICovCiAjZGVmaW5lIFBDSV9NU0lfQUREUkVTU19MT19NQVNLICAg ICAgICAgKH4weDMpCiAKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMK KysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTEwMTgsMTMgKzEw MTgsOSBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX3Bt W10gCiAgKi8KIAogLyogSGVscGVyICovCi1zdGF0aWMgYm9vbCB4ZW5fcHRf bXNnZGF0YV9jaGVja190eXBlKHVpbnQzMl90IG9mZnNldCwgdWludDE2X3Qg ZmxhZ3MpCi17Ci0gICAgLyogY2hlY2sgdGhlIG9mZnNldCB3aGV0aGVyIG1h dGNoZXMgdGhlIHR5cGUgb3Igbm90ICovCi0gICAgYm9vbCBpc18zMiA9IChv ZmZzZXQgPT0gUENJX01TSV9EQVRBXzMyKSAmJiAhKGZsYWdzICYgUENJX01T SV9GTEFHU182NEJJVCk7Ci0gICAgYm9vbCBpc182NCA9IChvZmZzZXQgPT0g UENJX01TSV9EQVRBXzY0KSAmJiAgKGZsYWdzICYgUENJX01TSV9GTEFHU182 NEJJVCk7Ci0gICAgcmV0dXJuIGlzXzMyIHx8IGlzXzY0OwotfQorI2RlZmlu ZSB4ZW5fcHRfbXNpX2NoZWNrX3R5cGUob2Zmc2V0LCBmbGFncywgd2hhdCkg XAorICAgICAgICAoKG9mZnNldCkgPT0gKChmbGFncykgJiBQQ0lfTVNJX0ZM QUdTXzY0QklUID8gXAorICAgICAgICAgICAgICAgICAgICAgIFBDSV9NU0lf IyN3aGF0IyNfNjQgOiBQQ0lfTVNJXyMjd2hhdCMjXzMyKSkKIAogLyogTWVz c2FnZSBDb250cm9sIHJlZ2lzdGVyICovCiBzdGF0aWMgaW50IHhlbl9wdF9t c2djdHJsX3JlZ19pbml0KFhlblBDSVBhc3N0aHJvdWdoU3RhdGUgKnMsCkBA IC0xMTM2LDcgKzExMzIsNDUgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnZGF0 YV9yZWdfaW5pdChYZW5QQwogICAgIHVpbnQzMl90IG9mZnNldCA9IHJlZy0+ b2Zmc2V0OwogCiAgICAgLyogY2hlY2sgdGhlIG9mZnNldCB3aGV0aGVyIG1h dGNoZXMgdGhlIHR5cGUgb3Igbm90ICovCi0gICAgaWYgKHhlbl9wdF9tc2dk YXRhX2NoZWNrX3R5cGUob2Zmc2V0LCBmbGFncykpIHsKKyAgICBpZiAoeGVu X3B0X21zaV9jaGVja190eXBlKG9mZnNldCwgZmxhZ3MsIERBVEEpKSB7Cisg ICAgICAgICpkYXRhID0gcmVnLT5pbml0X3ZhbDsKKyAgICB9IGVsc2Ugewor ICAgICAgICAqZGF0YSA9IFhFTl9QVF9JTlZBTElEX1JFRzsKKyAgICB9Cisg ICAgcmV0dXJuIDA7Cit9CisKKy8qIHRoaXMgZnVuY3Rpb24gd2lsbCBiZSBj YWxsZWQgdHdpY2UgKGZvciAzMiBiaXQgYW5kIDY0IGJpdCB0eXBlKSAqLwor LyogaW5pdGlhbGl6ZSBNYXNrIHJlZ2lzdGVyICovCitzdGF0aWMgaW50IHhl bl9wdF9tYXNrX3JlZ19pbml0KFhlblBDSVBhc3N0aHJvdWdoU3RhdGUgKnMs CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFhlblBUUmVnSW5m byAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdWludDMyX3QgKmRhdGEpCit7CisgICAgdWlu dDMyX3QgZmxhZ3MgPSBzLT5tc2ktPmZsYWdzOworCisgICAgLyogY2hlY2sg dGhlIG9mZnNldCB3aGV0aGVyIG1hdGNoZXMgdGhlIHR5cGUgb3Igbm90ICov CisgICAgaWYgKCEoZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdTX01BU0tCSVQpKSB7 CisgICAgICAgICpkYXRhID0gWEVOX1BUX0lOVkFMSURfUkVHOworICAgIH0g ZWxzZSBpZiAoeGVuX3B0X21zaV9jaGVja190eXBlKHJlZy0+b2Zmc2V0LCBm bGFncywgTUFTSykpIHsKKyAgICAgICAgKmRhdGEgPSByZWctPmluaXRfdmFs OworICAgIH0gZWxzZSB7CisgICAgICAgICpkYXRhID0gWEVOX1BUX0lOVkFM SURfUkVHOworICAgIH0KKyAgICByZXR1cm4gMDsKK30KKworLyogdGhpcyBm dW5jdGlvbiB3aWxsIGJlIGNhbGxlZCB0d2ljZSAoZm9yIDMyIGJpdCBhbmQg NjQgYml0IHR5cGUpICovCisvKiBpbml0aWFsaXplIFBlbmRpbmcgcmVnaXN0 ZXIgKi8KK3N0YXRpYyBpbnQgeGVuX3B0X3BlbmRpbmdfcmVnX2luaXQoWGVu UENJUGFzc3Rocm91Z2hTdGF0ZSAqcywKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgWGVuUFRSZWdJbmZvICpyZWcsIHVpbnQzMl90IHJl YWxfb2Zmc2V0LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB1aW50MzJfdCAqZGF0YSkKK3sKKyAgICB1aW50MzJfdCBmbGFncyA9IHMt Pm1zaS0+ZmxhZ3M7CisKKyAgICAvKiBjaGVjayB0aGUgb2Zmc2V0IHdoZXRo ZXIgbWF0Y2hlcyB0aGUgdHlwZSBvciBub3QgKi8KKyAgICBpZiAoIShmbGFn cyAmIFBDSV9NU0lfRkxBR1NfTUFTS0JJVCkpIHsKKyAgICAgICAgKmRhdGEg PSBYRU5fUFRfSU5WQUxJRF9SRUc7CisgICAgfSBlbHNlIGlmICh4ZW5fcHRf bXNpX2NoZWNrX3R5cGUocmVnLT5vZmZzZXQsIGZsYWdzLCBQRU5ESU5HKSkg ewogICAgICAgICAqZGF0YSA9IHJlZy0+aW5pdF92YWw7CiAgICAgfSBlbHNl IHsKICAgICAgICAgKmRhdGEgPSBYRU5fUFRfSU5WQUxJRF9SRUc7CkBAIC0x MjI0LDcgKzEyNTgsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dkYXRhX3Jl Z193cml0ZShYZW5QCiAgICAgdWludDMyX3Qgb2Zmc2V0ID0gcmVnLT5vZmZz ZXQ7CiAKICAgICAvKiBjaGVjayB0aGUgb2Zmc2V0IHdoZXRoZXIgbWF0Y2hl cyB0aGUgdHlwZSBvciBub3QgKi8KLSAgICBpZiAoIXhlbl9wdF9tc2dkYXRh X2NoZWNrX3R5cGUob2Zmc2V0LCBtc2ktPmZsYWdzKSkgeworICAgIGlmICgh eGVuX3B0X21zaV9jaGVja190eXBlKG9mZnNldCwgbXNpLT5mbGFncywgREFU QSkpIHsKICAgICAgICAgLyogZXhpdCBJL08gZW11bGF0b3IgKi8KICAgICAg ICAgWEVOX1BUX0VSUigmcy0+ZGV2LCAidGhlIG9mZnNldCBkb2VzIG5vdCBt YXRjaCB0aGUgMzIvNjQgYml0IHR5cGUhXG4iKTsKICAgICAgICAgcmV0dXJu IC0xOwpAQCAtMTI2OSw3ICsxMzAzLDcgQEAgc3RhdGljIFhlblBUUmVnSW5m byB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuc2l6ZSAgICAgICA9 IDIsCiAgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAgICAu cm9fbWFzayAgICA9IDB4RkY4RSwKLSAgICAgICAgLmVtdV9tYXNrICAgPSAw eDAwN0YsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdGLAogICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9tc2djdHJsX3JlZ19pbml0LAogICAg ICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFkLAogICAg ICAgICAudS53LndyaXRlICA9IHhlbl9wdF9tc2djdHJsX3JlZ193cml0ZSwK QEAgLTEzMTgsNiArMTM1Miw1MCBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhl bl9wdF9lbXVfcmVnX21zaVtdCiAgICAgICAgIC51LncucmVhZCAgID0geGVu X3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVu X3B0X21zZ2RhdGFfcmVnX3dyaXRlLAogICAgIH0sCisgICAgLyogTWFzayBy ZWcgKGlmIFBDSV9NU0lfRkxBR1NfTUFTS0JJVCBzZXQsIGZvciAzMi1iaXQg ZGV2aWNlcykgKi8KKyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJ X01TSV9NQVNLXzMyLAorICAgICAgICAuc2l6ZSAgICAgICA9IDQsCisgICAg ICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLnJvX21h c2sgICAgPSAweEZGRkZGRkZGLAorICAgICAgICAuZW11X21hc2sgICA9IDB4 RkZGRkZGRkYsCisgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21hc2tf cmVnX2luaXQsCisgICAgICAgIC51LmR3LnJlYWQgID0geGVuX3B0X2xvbmdf cmVnX3JlYWQsCisgICAgICAgIC51LmR3LndyaXRlID0geGVuX3B0X2xvbmdf cmVnX3dyaXRlLAorICAgIH0sCisgICAgLyogTWFzayByZWcgKGlmIFBDSV9N U0lfRkxBR1NfTUFTS0JJVCBzZXQsIGZvciA2NC1iaXQgZGV2aWNlcykgKi8K KyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNLXzY0 LAorICAgICAgICAuc2l6ZSAgICAgICA9IDQsCisgICAgICAgIC5pbml0X3Zh bCAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEZG RkZGRkZGLAorICAgICAgICAuZW11X21hc2sgICA9IDB4RkZGRkZGRkYsCisg ICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21hc2tfcmVnX2luaXQsCisg ICAgICAgIC51LmR3LnJlYWQgID0geGVuX3B0X2xvbmdfcmVnX3JlYWQsCisg ICAgICAgIC51LmR3LndyaXRlID0geGVuX3B0X2xvbmdfcmVnX3dyaXRlLAor ICAgIH0sCisgICAgLyogUGVuZGluZyByZWcgKGlmIFBDSV9NU0lfRkxBR1Nf TUFTS0JJVCBzZXQsIGZvciAzMi1iaXQgZGV2aWNlcykgKi8KKyAgICB7Cisg ICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNLXzMyICsgNCwKKyAg ICAgICAgLnNpemUgICAgICAgPSA0LAorICAgICAgICAuaW5pdF92YWwgICA9 IDB4MDAwMDAwMDAsCisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZG RiwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweDAwMDAwMDAwLAorICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9wZW5kaW5nX3JlZ19pbml0LAorICAg ICAgICAudS5kdy5yZWFkICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAorICAg ICAgICAudS5kdy53cml0ZSA9IHhlbl9wdF9sb25nX3JlZ193cml0ZSwKKyAg ICB9LAorICAgIC8qIFBlbmRpbmcgcmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01B U0tCSVQgc2V0LCBmb3IgNjQtYml0IGRldmljZXMpICovCisgICAgeworICAg ICAgICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfTUFTS182NCArIDQsCisgICAg ICAgIC5zaXplICAgICAgID0gNCwKKyAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAwMDAwLAorICAgICAgICAucm9fbWFzayAgICA9IDB4RkZGRkZGRkYs CisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAg LmluaXQgICAgICAgPSB4ZW5fcHRfcGVuZGluZ19yZWdfaW5pdCwKKyAgICAg ICAgLnUuZHcucmVhZCAgPSB4ZW5fcHRfbG9uZ19yZWdfcmVhZCwKKyAgICAg ICAgLnUuZHcud3JpdGUgPSB4ZW5fcHRfbG9uZ19yZWdfd3JpdGUsCisgICAg fSwKICAgICB7CiAgICAgICAgIC5zaXplID0gMCwKICAgICB9LAotLS0gYS9o dy9wY2lfcmVncy5oCisrKyBiL2h3L3BjaV9yZWdzLmgKQEAgLTI5OCw4ICsy OTgsMTAgQEAKICNkZWZpbmUgUENJX01TSV9BRERSRVNTX0hJCTgJLyogVXBw ZXIgMzIgYml0cyAoaWYgUENJX01TSV9GTEFHU182NEJJVCBzZXQpICovCiAj ZGVmaW5lIFBDSV9NU0lfREFUQV8zMgkJOAkvKiAxNiBiaXRzIG9mIGRhdGEg Zm9yIDMyLWJpdCBkZXZpY2VzICovCiAjZGVmaW5lIFBDSV9NU0lfTUFTS18z MgkJMTIJLyogTWFzayBiaXRzIHJlZ2lzdGVyIGZvciAzMi1iaXQgZGV2aWNl cyAqLworI2RlZmluZSBQQ0lfTVNJX1BFTkRJTkdfMzIJMTYJLyogUGVuZGlu ZyBiaXRzIHJlZ2lzdGVyIGZvciAzMi1iaXQgZGV2aWNlcyAqLwogI2RlZmlu ZSBQQ0lfTVNJX0RBVEFfNjQJCTEyCS8qIDE2IGJpdHMgb2YgZGF0YSBmb3Ig NjQtYml0IGRldmljZXMgKi8KICNkZWZpbmUgUENJX01TSV9NQVNLXzY0CQkx NgkvKiBNYXNrIGJpdHMgcmVnaXN0ZXIgZm9yIDY0LWJpdCBkZXZpY2VzICov CisjZGVmaW5lIFBDSV9NU0lfUEVORElOR182NAkyMAkvKiBQZW5kaW5nIGJp dHMgcmVnaXN0ZXIgZm9yIDMyLWJpdCBkZXZpY2VzICovCiAKIC8qIE1TSS1Y IHJlZ2lzdGVycyAqLwogI2RlZmluZSBQQ0lfTVNJWF9GTEFHUwkJMgo= --=separator Content-Type: application/octet-stream; name="xsa129-qemuu.patch" Content-Disposition: attachment; filename="xsa129-qemuu.patch" Content-Transfer-Encoding: base64 eGVuOiBkb24ndCBhbGxvdyBndWVzdCB0byBjb250cm9sIE1TSSBtYXNrIHJl Z2lzdGVyCgpJdCdzIGJlaW5nIHVzZWQgYnkgdGhlIGh5cGVydmlzb3IuIEZv ciBub3cgc2ltcGx5IG1pbWljIGEgZGV2aWNlIG5vdApjYXBhYmxlIG9mIG1h c2tpbmcsIGFuZCBmdWxseSBlbXVsYXRlIGFueSBhY2Nlc3NlcyBhIGd1ZXN0 IG1heSBpc3N1ZQpuZXZlcnRoZWxlc3MgYXMgc2ltcGxlIHJlYWRzL3dyaXRl cyB3aXRob3V0IHNpZGUgZWZmZWN0cy4KClRoaXMgaXMgWFNBLTEyOS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFi ZWxsaW5pQGV1LmNpdHJpeC5jb20+CgotLS0gYS9ody9wY2kvbXNpLmMKKysr IGIvaHcvcGNpL21zaS5jCkBAIC0yMSwxMCArMjEsNiBAQAogI2luY2x1ZGUg Imh3L3BjaS9tc2kuaCIKICNpbmNsdWRlICJxZW11L3JhbmdlLmgiCiAKLS8q IEV2ZW50dWFsbHkgdGhvc2UgY29uc3RhbnRzIHNob3VsZCBnbyB0byBMaW51 eCBwY2lfcmVncy5oICovCi0jZGVmaW5lIFBDSV9NU0lfUEVORElOR18zMiAg ICAgIDB4MTAKLSNkZWZpbmUgUENJX01TSV9QRU5ESU5HXzY0ICAgICAgMHgx NAotCiAvKiBQQ0lfTVNJX0FERFJFU1NfTE8gKi8KICNkZWZpbmUgUENJX01T SV9BRERSRVNTX0xPX01BU0sgICAgICAgICAofjB4MykKIAotLS0gYS9ody94 ZW4veGVuX3B0X2NvbmZpZ19pbml0LmMKKysrIGIvaHcveGVuL3hlbl9wdF9j b25maWdfaW5pdC5jCkBAIC0xMDE4LDEzICsxMDE4LDkgQEAgc3RhdGljIFhl blBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19wbVtdIAogICovCiAKIC8qIEhl bHBlciAqLwotc3RhdGljIGJvb2wgeGVuX3B0X21zZ2RhdGFfY2hlY2tfdHlw ZSh1aW50MzJfdCBvZmZzZXQsIHVpbnQxNl90IGZsYWdzKQotewotICAgIC8q IGNoZWNrIHRoZSBvZmZzZXQgd2hldGhlciBtYXRjaGVzIHRoZSB0eXBlIG9y IG5vdCAqLwotICAgIGJvb2wgaXNfMzIgPSAob2Zmc2V0ID09IFBDSV9NU0lf REFUQV8zMikgJiYgIShmbGFncyAmIFBDSV9NU0lfRkxBR1NfNjRCSVQpOwot ICAgIGJvb2wgaXNfNjQgPSAob2Zmc2V0ID09IFBDSV9NU0lfREFUQV82NCkg JiYgIChmbGFncyAmIFBDSV9NU0lfRkxBR1NfNjRCSVQpOwotICAgIHJldHVy biBpc18zMiB8fCBpc182NDsKLX0KKyNkZWZpbmUgeGVuX3B0X21zaV9jaGVj a190eXBlKG9mZnNldCwgZmxhZ3MsIHdoYXQpIFwKKyAgICAgICAgKChvZmZz ZXQpID09ICgoZmxhZ3MpICYgUENJX01TSV9GTEFHU182NEJJVCA/IFwKKyAg ICAgICAgICAgICAgICAgICAgICBQQ0lfTVNJXyMjd2hhdCMjXzY0IDogUENJ X01TSV8jI3doYXQjI18zMikpCiAKIC8qIE1lc3NhZ2UgQ29udHJvbCByZWdp c3RlciAqLwogc3RhdGljIGludCB4ZW5fcHRfbXNnY3RybF9yZWdfaW5pdChY ZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLApAQCAtMTEzNiw3ICsxMTMyLDQ1 IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2RhdGFfcmVnX2luaXQoWGVuUEMK ICAgICB1aW50MzJfdCBvZmZzZXQgPSByZWctPm9mZnNldDsKIAogICAgIC8q IGNoZWNrIHRoZSBvZmZzZXQgd2hldGhlciBtYXRjaGVzIHRoZSB0eXBlIG9y IG5vdCAqLwotICAgIGlmICh4ZW5fcHRfbXNnZGF0YV9jaGVja190eXBlKG9m ZnNldCwgZmxhZ3MpKSB7CisgICAgaWYgKHhlbl9wdF9tc2lfY2hlY2tfdHlw ZShvZmZzZXQsIGZsYWdzLCBEQVRBKSkgeworICAgICAgICAqZGF0YSA9IHJl Zy0+aW5pdF92YWw7CisgICAgfSBlbHNlIHsKKyAgICAgICAgKmRhdGEgPSBY RU5fUFRfSU5WQUxJRF9SRUc7CisgICAgfQorICAgIHJldHVybiAwOworfQor CisvKiB0aGlzIGZ1bmN0aW9uIHdpbGwgYmUgY2FsbGVkIHR3aWNlIChmb3Ig MzIgYml0IGFuZCA2NCBiaXQgdHlwZSkgKi8KKy8qIGluaXRpYWxpemUgTWFz ayByZWdpc3RlciAqLworc3RhdGljIGludCB4ZW5fcHRfbWFza19yZWdfaW5p dChYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLAorICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBYZW5QVFJlZ0luZm8gKnJlZywgdWludDMyX3Qg cmVhbF9vZmZzZXQsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHVpbnQzMl90ICpkYXRhKQoreworICAgIHVpbnQzMl90IGZsYWdzID0gcy0+ bXNpLT5mbGFnczsKKworICAgIC8qIGNoZWNrIHRoZSBvZmZzZXQgd2hldGhl ciBtYXRjaGVzIHRoZSB0eXBlIG9yIG5vdCAqLworICAgIGlmICghKGZsYWdz ICYgUENJX01TSV9GTEFHU19NQVNLQklUKSkgeworICAgICAgICAqZGF0YSA9 IFhFTl9QVF9JTlZBTElEX1JFRzsKKyAgICB9IGVsc2UgaWYgKHhlbl9wdF9t c2lfY2hlY2tfdHlwZShyZWctPm9mZnNldCwgZmxhZ3MsIE1BU0spKSB7Cisg ICAgICAgICpkYXRhID0gcmVnLT5pbml0X3ZhbDsKKyAgICB9IGVsc2Ugewor ICAgICAgICAqZGF0YSA9IFhFTl9QVF9JTlZBTElEX1JFRzsKKyAgICB9Cisg ICAgcmV0dXJuIDA7Cit9CisKKy8qIHRoaXMgZnVuY3Rpb24gd2lsbCBiZSBj YWxsZWQgdHdpY2UgKGZvciAzMiBiaXQgYW5kIDY0IGJpdCB0eXBlKSAqLwor LyogaW5pdGlhbGl6ZSBQZW5kaW5nIHJlZ2lzdGVyICovCitzdGF0aWMgaW50 IHhlbl9wdF9wZW5kaW5nX3JlZ19pbml0KFhlblBDSVBhc3N0aHJvdWdoU3Rh dGUgKnMsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFhl blBUUmVnSW5mbyAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCwKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWludDMyX3QgKmRhdGEp Cit7CisgICAgdWludDMyX3QgZmxhZ3MgPSBzLT5tc2ktPmZsYWdzOworCisg ICAgLyogY2hlY2sgdGhlIG9mZnNldCB3aGV0aGVyIG1hdGNoZXMgdGhlIHR5 cGUgb3Igbm90ICovCisgICAgaWYgKCEoZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdT X01BU0tCSVQpKSB7CisgICAgICAgICpkYXRhID0gWEVOX1BUX0lOVkFMSURf UkVHOworICAgIH0gZWxzZSBpZiAoeGVuX3B0X21zaV9jaGVja190eXBlKHJl Zy0+b2Zmc2V0LCBmbGFncywgUEVORElORykpIHsKICAgICAgICAgKmRhdGEg PSByZWctPmluaXRfdmFsOwogICAgIH0gZWxzZSB7CiAgICAgICAgICpkYXRh ID0gWEVOX1BUX0lOVkFMSURfUkVHOwpAQCAtMTIyNCw3ICsxMjU4LDcgQEAg c3RhdGljIGludCB4ZW5fcHRfbXNnZGF0YV9yZWdfd3JpdGUoWGVuUAogICAg IHVpbnQzMl90IG9mZnNldCA9IHJlZy0+b2Zmc2V0OwogCiAgICAgLyogY2hl Y2sgdGhlIG9mZnNldCB3aGV0aGVyIG1hdGNoZXMgdGhlIHR5cGUgb3Igbm90 ICovCi0gICAgaWYgKCF4ZW5fcHRfbXNnZGF0YV9jaGVja190eXBlKG9mZnNl dCwgbXNpLT5mbGFncykpIHsKKyAgICBpZiAoIXhlbl9wdF9tc2lfY2hlY2tf dHlwZShvZmZzZXQsIG1zaS0+ZmxhZ3MsIERBVEEpKSB7CiAgICAgICAgIC8q IGV4aXQgSS9PIGVtdWxhdG9yICovCiAgICAgICAgIFhFTl9QVF9FUlIoJnMt PmRldiwgInRoZSBvZmZzZXQgZG9lcyBub3QgbWF0Y2ggdGhlIDMyLzY0IGJp dCB0eXBlIVxuIik7CiAgICAgICAgIHJldHVybiAtMTsKQEAgLTEyNjksNyAr MTMwMyw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdf bXNpW10KICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5p dF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweEZG OEUsCi0gICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDdGLAorICAgICAgICAu ZW11X21hc2sgICA9IDB4MDE3RiwKICAgICAgICAgLmluaXQgICAgICAgPSB4 ZW5fcHRfbXNnY3RybF9yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAg PSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAg PSB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUsCkBAIC0xMzE4LDYgKzEzNTIs NTAgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lb XQogICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFk LAogICAgICAgICAudS53LndyaXRlICA9IHhlbl9wdF9tc2dkYXRhX3JlZ193 cml0ZSwKICAgICB9LAorICAgIC8qIE1hc2sgcmVnIChpZiBQQ0lfTVNJX0ZM QUdTX01BU0tCSVQgc2V0LCBmb3IgMzItYml0IGRldmljZXMpICovCisgICAg eworICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfTUFTS18zMiwKKyAg ICAgICAgLnNpemUgICAgICAgPSA0LAorICAgICAgICAuaW5pdF92YWwgICA9 IDB4MDAwMDAwMDAsCisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZG RiwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweEZGRkZGRkZGLAorICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9tYXNrX3JlZ19pbml0LAorICAgICAg ICAudS5kdy5yZWFkICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAorICAgICAg ICAudS5kdy53cml0ZSA9IHhlbl9wdF9sb25nX3JlZ193cml0ZSwKKyAgICB9 LAorICAgIC8qIE1hc2sgcmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01BU0tCSVQg c2V0LCBmb3IgNjQtYml0IGRldmljZXMpICovCisgICAgeworICAgICAgICAu b2Zmc2V0ICAgICA9IFBDSV9NU0lfTUFTS182NCwKKyAgICAgICAgLnNpemUg ICAgICAgPSA0LAorICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMDAwMDAs CisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZGRiwKKyAgICAgICAg LmVtdV9tYXNrICAgPSAweEZGRkZGRkZGLAorICAgICAgICAuaW5pdCAgICAg ICA9IHhlbl9wdF9tYXNrX3JlZ19pbml0LAorICAgICAgICAudS5kdy5yZWFk ICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAorICAgICAgICAudS5kdy53cml0 ZSA9IHhlbl9wdF9sb25nX3JlZ193cml0ZSwKKyAgICB9LAorICAgIC8qIFBl bmRpbmcgcmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01BU0tCSVQgc2V0LCBmb3Ig MzItYml0IGRldmljZXMpICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAg ICA9IFBDSV9NU0lfTUFTS18zMiArIDQsCisgICAgICAgIC5zaXplICAgICAg ID0gNCwKKyAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAorICAg ICAgICAucm9fbWFzayAgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5lbXVf bWFzayAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLmluaXQgICAgICAgPSB4 ZW5fcHRfcGVuZGluZ19yZWdfaW5pdCwKKyAgICAgICAgLnUuZHcucmVhZCAg PSB4ZW5fcHRfbG9uZ19yZWdfcmVhZCwKKyAgICAgICAgLnUuZHcud3JpdGUg PSB4ZW5fcHRfbG9uZ19yZWdfd3JpdGUsCisgICAgfSwKKyAgICAvKiBQZW5k aW5nIHJlZyAoaWYgUENJX01TSV9GTEFHU19NQVNLQklUIHNldCwgZm9yIDY0 LWJpdCBkZXZpY2VzKSAqLworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAg PSBQQ0lfTVNJX01BU0tfNjQgKyA0LAorICAgICAgICAuc2l6ZSAgICAgICA9 IDQsCisgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwMDAwMCwKKyAgICAg ICAgLnJvX21hc2sgICAgPSAweEZGRkZGRkZGLAorICAgICAgICAuZW11X21h c2sgICA9IDB4MDAwMDAwMDAsCisgICAgICAgIC5pbml0ICAgICAgID0geGVu X3B0X3BlbmRpbmdfcmVnX2luaXQsCisgICAgICAgIC51LmR3LnJlYWQgID0g eGVuX3B0X2xvbmdfcmVnX3JlYWQsCisgICAgICAgIC51LmR3LndyaXRlID0g eGVuX3B0X2xvbmdfcmVnX3dyaXRlLAorICAgIH0sCiAgICAgewogICAgICAg ICAuc2l6ZSA9IDAsCiAgICAgfSwKLS0tIGEvaW5jbHVkZS9ody9wY2kvcGNp X3JlZ3MuaAorKysgYi9pbmNsdWRlL2h3L3BjaS9wY2lfcmVncy5oCkBAIC0y OTgsOCArMjk4LDEwIEBACiAjZGVmaW5lIFBDSV9NU0lfQUREUkVTU19ISQk4 CS8qIFVwcGVyIDMyIGJpdHMgKGlmIFBDSV9NU0lfRkxBR1NfNjRCSVQgc2V0 KSAqLwogI2RlZmluZSBQQ0lfTVNJX0RBVEFfMzIJCTgJLyogMTYgYml0cyBv ZiBkYXRhIGZvciAzMi1iaXQgZGV2aWNlcyAqLwogI2RlZmluZSBQQ0lfTVNJ X01BU0tfMzIJCTEyCS8qIE1hc2sgYml0cyByZWdpc3RlciBmb3IgMzItYml0 IGRldmljZXMgKi8KKyNkZWZpbmUgUENJX01TSV9QRU5ESU5HXzMyCTE2CS8q IFBlbmRpbmcgYml0cyByZWdpc3RlciBmb3IgMzItYml0IGRldmljZXMgKi8K ICNkZWZpbmUgUENJX01TSV9EQVRBXzY0CQkxMgkvKiAxNiBiaXRzIG9mIGRh dGEgZm9yIDY0LWJpdCBkZXZpY2VzICovCiAjZGVmaW5lIFBDSV9NU0lfTUFT S182NAkJMTYJLyogTWFzayBiaXRzIHJlZ2lzdGVyIGZvciA2NC1iaXQgZGV2 aWNlcyAqLworI2RlZmluZSBQQ0lfTVNJX1BFTkRJTkdfNjQJMjAJLyogUGVu ZGluZyBiaXRzIHJlZ2lzdGVyIGZvciAzMi1iaXQgZGV2aWNlcyAqLwogCiAv KiBNU0ktWCByZWdpc3RlcnMgKi8KICNkZWZpbmUgUENJX01TSVhfRkxBR1MJ CTIK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoH-0005QH-9G; Tue, 02 Jun 2015 14:04:53 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoF-0005Px-LX; Tue, 02 Jun 2015 14:04:51 +0000 Received: from [85.158.139.211] by server-8.bemta-5.messagelabs.com id 06/6C-29702-208BD655; Tue, 02 Jun 2015 14:04:50 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-8.tower-206.messagelabs.com!1433253887!11229616!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 1381 invoked from network); 2 Jun 2015 14:04:48 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-8.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:04:48 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Yzmo4-0006SW-PC; Tue, 02 Jun 2015 14:04:40 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Yzmo4-0001nH-5B; Tue, 02 Jun 2015 14:04:40 +0000 Date: Tue, 02 Jun 2015 14:04:40 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 128 (CVE-2015-4103) - Potential unintended writes to host MSI message data field via qemu X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4103 / XSA-128 version 2 Potential unintended writes to host MSI message data field via qemu UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Logic is in place to avoid writes to certain host config space fields when the guest must nevertheless be able to access their virtual counterparts. A bug in how this logic deals with accesses spanning multiple fields allows the guest to write to the host MSI message data field. While generally the writes write back the values previously read, their value in config space may have got changed by the host between the qemu read and write. In such a case host side interrupt handling could become confused, possibly losing interrupts or allowing spurious interrupt injection into other guests. IMPACT ====== Certain untrusted guest administrators may be able to confuse host side interrupt handling, leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable. (Most modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa128-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa128-qemuu-4.3.patch Xen 4.3.x xsa128-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa128*.patch 68b85a4c7d531d343d7fac2e92dbec3677bc2e4a83de75d78d7f605a2fc8ad3f xsa128-qemut.patch 2ec657a6f22cac922854548c9d83698656ab7a36634ad05de7f14439cc4405bc xsa128-qemuu-4.3.patch 104cf2e2816d253cc1eca3084f6ea9b6007f7773a88bda245bab00539e08b359 xsa128-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdOAAoJEIP+FMlX6CvZEPUIAIti0HdxCX4JNy5MKqNFxHRB KtGibssSaoGcPmkhLDqtOQ+8BwTUe/owezKlX799Jf0Jqn1bVXejCLyh0e6cyauq pPoyQd+zblIpTFw3ByqVzicLajmVfY5v8yGGBAnSpuvfVEd3K5qWZCvFx+rEJ4AB JI8jQdMAn2oFGtLbYDysRUpSjg/OtqIC6o3a4yfVnPDcduPq9XFpnxcdHHVfrklS SeY1MGLbJtrNzya+zX1GZxFh5kuZnF/qSY3o60LF+2ZpK9nyH8toX1flvW9lXa86 9r1zxgy6qE1iWOHo4E1HjlK3lUUqW0XgkB/3zj+2LtX1uTwOhPtATn5/Neje0GY= =4I3/ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa128-qemut.patch" Content-Disposition: attachment; filename="xsa128-qemut.patch" Content-Transfer-Encoding: base64 eGVuOiBwcm9wZXJseSBnYXRlIGhvc3Qgd3JpdGVzIG9mIG1vZGlmaWVkIFBD SSBDRkcgY29udGVudHMKClRoZSBvbGQgbG9naWMgZGlkbid0IHdvcmsgYXMg aW50ZW5kZWQgd2hlbiBhbiBhY2Nlc3Mgc3Bhbm5lZCBtdWx0aXBsZQpmaWVs ZHMgKGZvciBleGFtcGxlIGEgMzItYml0IGFjY2VzcyB0byB0aGUgbG9jYXRp b24gb2YgdGhlIE1TSSBNZXNzYWdlCkRhdGEgZmllbGQgd2l0aCB0aGUgaGln aCAxNiBiaXRzIG5vdCBiZWluZyBjb3ZlcmVkIGJ5IGFueSBrbm93biBmaWVs ZCkuClJlbW92ZSBpdCBhbmQgZGVyaXZlIHdoaWNoIGZpZWxkcyBub3QgdG8g d3JpdGUgdG8gZnJvbSB0aGUgYWNjZXNzZWQKZmllbGRzJyBlbXVsYXRpb24g bWFza3M6IFdoZW4gdGhleSdyZSBhbGwgb25lcywgdGhlcmUncyBubyBwb2lu dCBpbgpkb2luZyBhbnkgaG9zdCB3cml0ZS4KClRoaXMgZml4ZXMgYSBzZWNv bmRhcnkgaXNzdWUgYXQgb25jZTogV2Ugb2J2aW91c2x5IHNob3VsZG4ndCBt YWtlIGFueQpob3N0IHdyaXRlIGF0dGVtcHQgd2hlbiBhbHJlYWR5IHRoZSBo b3N0IHJlYWQgZmFpbGVkLgoKVGhpcyBpcyBYU0EtMTI4LgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5jCisrKyBi L2h3L3Bhc3MtdGhyb3VnaC5jCkBAIC00NTQsNyArNDU0LDcgQEAgc3RhdGlj IHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAu b2Zmc2V0ICAgICA9IFBDSV9JTlRFTF9PUFJFR0lPTiwKICAgICAgICAgLnNp emUgICAgICAgPSA0LAogICAgICAgICAuaW5pdF92YWwgICA9IDAsCi0gICAg ICAgIC5ub193YiAgICAgID0gMSwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAw eEZGRkZGRkZGLAogICAgICAgICAudS5kdy5yZWFkICAgPSBwdF9pbnRlbF9v cHJlZ2lvbl9yZWFkLAogICAgICAgICAudS5kdy53cml0ZSAgPSBwdF9pbnRl bF9vcHJlZ2lvbl93cml0ZSwKICAgICAgICAgLnUuZHcucmVzdG9yZSAgPSBO VUxMLApAQCAtNjU3LDcgKzY1Nyw2IEBAIHN0YXRpYyBzdHJ1Y3QgcHRfcmVn X2luZm9fdGJsIHB0X2VtdV9yZWcKICAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAwMDAwLAogICAgICAgICAucm9fbWFzayAgICA9IDB4MDAwMDAwMDMs CiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGRkZGRiwKLSAgICAgICAg Lm5vX3diICAgICAgPSAxLAogICAgICAgICAuaW5pdCAgICAgICA9IHB0X2Nv bW1vbl9yZWdfaW5pdCwKICAgICAgICAgLnUuZHcucmVhZCAgPSBwdF9sb25n X3JlZ19yZWFkLAogICAgICAgICAudS5kdy53cml0ZSA9IHB0X21zZ2FkZHIz Ml9yZWdfd3JpdGUsCkBAIC02NzAsNyArNjY5LDYgQEAgc3RhdGljIHN0cnVj dCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAuaW5pdF92 YWwgICA9IDB4MDAwMDAwMDAsCiAgICAgICAgIC5yb19tYXNrICAgID0gMHgw MDAwMDAwMCwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweEZGRkZGRkZGLAot ICAgICAgICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAg ID0gcHRfbXNnYWRkcjY0X3JlZ19pbml0LAogICAgICAgICAudS5kdy5yZWFk ICA9IHB0X2xvbmdfcmVnX3JlYWQsCiAgICAgICAgIC51LmR3LndyaXRlID0g cHRfbXNnYWRkcjY0X3JlZ193cml0ZSwKQEAgLTY4Myw3ICs2ODEsNiBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAgICAucm9fbWFzayAg ICA9IDB4MDAwMCwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweEZGRkYsCi0g ICAgICAgIC5ub193YiAgICAgID0gMSwKICAgICAgICAgLmluaXQgICAgICAg PSBwdF9tc2dkYXRhX3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9 IHB0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0gcHRf bXNnZGF0YV9yZWdfd3JpdGUsCkBAIC02OTYsNyArNjkzLDYgQEAgc3RhdGlj IHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAu aW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAw eDAwMDAsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGLAotICAgICAg ICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAgID0gcHRf bXNnZGF0YV9yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93 b3JkX3JlZ19yZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHB0X21zZ2Rh dGFfcmVnX3dyaXRlLApAQCAtMTUyNCw3ICsxNTIwLDcgQEAgc3RhdGljIHZv aWQgcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lEZXZpYwogICAgIHVpbnQzMl90 IGZpbmRfYWRkciA9IGFkZHJlc3M7CiAgICAgdWludDMyX3QgcmVhbF9vZmZz ZXQgPSAwOwogICAgIHVpbnQzMl90IHZhbGlkX21hc2sgPSAweEZGRkZGRkZG OwotICAgIHVpbnQzMl90IHJlYWRfdmFsID0gMDsKKyAgICB1aW50MzJfdCBy ZWFkX3ZhbCA9IDAsIHdiX21hc2s7CiAgICAgdWludDhfdCAqcHRyX3ZhbCA9 IE5VTEw7CiAgICAgaW50IGVtdWxfbGVuID0gMDsKICAgICBpbnQgaW5kZXgg PSAwOwpAQCAtMTU5Nyw3ICsxNTkzLDEwIEBAIHN0YXRpYyB2b2lkIHB0X3Bj aV93cml0ZV9jb25maWcoUENJRGV2aWMKICAgICB7CiAgICAgICAgIFBUX0xP RygiRXJyb3I6IHBjaV9yZWFkX2Jsb2NrIGZhaWxlZC4gcmV0dXJuIHZhbHVl WyVkXS5cbiIsIHJldCk7CiAgICAgICAgIG1lbXNldCgodWludDhfdCAqKSZy ZWFkX3ZhbCwgMHhmZiwgbGVuKTsKKyAgICAgICAgd2JfbWFzayA9IDA7CiAg ICAgfQorICAgIGVsc2UKKyAgICAgICAgd2JfbWFzayA9IDB4RkZGRkZGRkYg Pj4gKCg0IC0gbGVuKSA8PCAzKTsKIAogICAgIC8qIHBhc3MgZGlyZWN0bHkg dG8gbGlicGNpIGZvciBwYXNzdGhyb3VnaCB0eXBlIHJlZ2lzdGVyIGdyb3Vw ICovCiAgICAgaWYgKHJlZ19ncnBfZW50cnkgPT0gTlVMTCkKQEAgLTE2MjAs NiArMTYxOSwxMSBAQCBzdGF0aWMgdm9pZCBwdF9wY2lfd3JpdGVfY29uZmln KFBDSURldmljCiAgICAgICAgICAgICB2YWxpZF9tYXNrID0gKDB4RkZGRkZG RkYgPj4gKCg0IC0gZW11bF9sZW4pIDw8IDMpKTsKICAgICAgICAgICAgIHZh bGlkX21hc2sgPDw9ICgoZmluZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMp OwogICAgICAgICAgICAgcHRyX3ZhbCA9ICgodWludDhfdCAqKSZ2YWwgKyAo cmVhbF9vZmZzZXQgJiAzKSk7CisgICAgICAgICAgICBpZiAocmVnLT5lbXVf bWFzayA9PSAoMHhGRkZGRkZGRiA+PiAoKDQgLSByZWctPnNpemUpIDw8IDMp KSkgeworICAgICAgICAgICAgICAgIHdiX21hc2sgJj0gfigocmVnLT5lbXVf bWFzaworICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPj4gKChmaW5k X2FkZHIgLSByZWFsX29mZnNldCkgPDwgMykpCisgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDw8ICgobGVuIC0gZW11bF9sZW4pIDw8IDMpKTsKKyAg ICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyogZG8gZW11bGF0aW9uIGRl cGVuZCBvbiByZWdpc3RlciBzaXplICovCiAgICAgICAgICAgICBzd2l0Y2gg KHJlZy0+c2l6ZSkgewpAQCAtMTY3Nyw4ICsxNjgxLDE5IEBAIHN0YXRpYyB2 b2lkIHB0X3BjaV93cml0ZV9jb25maWcoUENJRGV2aWMKICAgICB2YWwgPj49 ICgoYWRkcmVzcyAmIDMpIDw8IDMpOwogCiBvdXQ6Ci0gICAgaWYgKCEocmVn ICYmIHJlZy0+bm9fd2IpKSB7ICAvKiB1bmtub3duIHJlZ3MgYXJlIHBhc3Nl ZCB0aHJvdWdoICovCi0gICAgICAgIHJldCA9IHBjaV93cml0ZV9ibG9jayhw Y2lfZGV2LCBhZGRyZXNzLCAodWludDhfdCAqKSZ2YWwsIGxlbik7CisgICAg Zm9yIChpbmRleCA9IDA7IHdiX21hc2s7IGluZGV4ICs9IGxlbikgeworICAg ICAgICAvKiB1bmtub3duIHJlZ3MgYXJlIHBhc3NlZCB0aHJvdWdoICovCisg ICAgICAgIHdoaWxlICghKHdiX21hc2sgJiAweGZmKSkgeworICAgICAgICAg ICAgaW5kZXgrKzsKKyAgICAgICAgICAgIHdiX21hc2sgPj49IDg7CisgICAg ICAgIH0KKyAgICAgICAgbGVuID0gMDsKKyAgICAgICAgZG8geworICAgICAg ICAgICAgbGVuKys7CisgICAgICAgICAgICB3Yl9tYXNrID4+PSA4OworICAg ICAgICB9IHdoaWxlICh3Yl9tYXNrICYgMHhmZik7CisgICAgICAgIHJldCA9 IHBjaV93cml0ZV9ibG9jayhwY2lfZGV2LCBhZGRyZXNzICsgaW5kZXgsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodWludDhfdCAqKSZ2YWwg KyBpbmRleCwgbGVuKTsKIAogICAgICAgICBpZiAoIXJldCkKICAgICAgICAg ICAgIFBUX0xPRygiRXJyb3I6IHBjaV93cml0ZV9ibG9jayBmYWlsZWQuIHJl dHVybiB2YWx1ZVslZF0uXG4iLCByZXQpOwotLS0gYS9ody9wYXNzLXRocm91 Z2guaAorKysgYi9ody9wYXNzLXRocm91Z2guaApAQCAtMzcyLDggKzM3Miw2 IEBAIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgewogICAgIHVpbnQzMl90IHJv X21hc2s7CiAgICAgLyogcmVnIGVtdWxhdGUgZmllbGQgbWFzayAoT046ZW11 LCBPRkY6cGFzc3Rocm91Z2gpICovCiAgICAgdWludDMyX3QgZW11X21hc2s7 Ci0gICAgLyogbm8gd3JpdGUgYmFjayBhbGxvd2VkICovCi0gICAgdWludDMy X3Qgbm9fd2I7CiAgICAgLyogZW11bCByZWcgaW5pdGlhbGl6ZSBtZXRob2Qg Ki8KICAgICBjb25mX3JlZ19pbml0IGluaXQ7CiAgICAgdW5pb24gewo= --=separator Content-Type: application/octet-stream; name="xsa128-qemuu-4.3.patch" Content-Disposition: attachment; filename="xsa128-qemuu-4.3.patch" Content-Transfer-Encoding: base64 eGVuOiBwcm9wZXJseSBnYXRlIGhvc3Qgd3JpdGVzIG9mIG1vZGlmaWVkIFBD SSBDRkcgY29udGVudHMKClRoZSBvbGQgbG9naWMgZGlkbid0IHdvcmsgYXMg aW50ZW5kZWQgd2hlbiBhbiBhY2Nlc3Mgc3Bhbm5lZCBtdWx0aXBsZQpmaWVs ZHMgKGZvciBleGFtcGxlIGEgMzItYml0IGFjY2VzcyB0byB0aGUgbG9jYXRp b24gb2YgdGhlIE1TSSBNZXNzYWdlCkRhdGEgZmllbGQgd2l0aCB0aGUgaGln aCAxNiBiaXRzIG5vdCBiZWluZyBjb3ZlcmVkIGJ5IGFueSBrbm93biBmaWVs ZCkuClJlbW92ZSBpdCBhbmQgZGVyaXZlIHdoaWNoIGZpZWxkcyBub3QgdG8g d3JpdGUgdG8gZnJvbSB0aGUgYWNjZXNzZWQKZmllbGRzJyBlbXVsYXRpb24g bWFza3M6IFdoZW4gdGhleSdyZSBhbGwgb25lcywgdGhlcmUncyBubyBwb2lu dCBpbgpkb2luZyBhbnkgaG9zdCB3cml0ZS4KClRoaXMgZml4ZXMgYSBzZWNv bmRhcnkgaXNzdWUgYXQgb25jZTogV2Ugb2J2aW91c2x5IHNob3VsZG4ndCBt YWtlIGFueQpob3N0IHdyaXRlIGF0dGVtcHQgd2hlbiBhbHJlYWR5IHRoZSBo b3N0IHJlYWQgZmFpbGVkLgoKVGhpcyBpcyBYU0EtMTI4LgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbl9wdC5jCisrKyBiL2h3L3hl bl9wdC5jCkBAIC0yMzQsNyArMjM0LDcgQEAgc3RhdGljIHZvaWQgeGVuX3B0 X3BjaV93cml0ZV9jb25maWcoUENJRAogICAgIGludCBpbmRleCA9IDA7CiAg ICAgWGVuUFRSZWdHcm91cCAqcmVnX2dycF9lbnRyeSA9IE5VTEw7CiAgICAg aW50IHJjID0gMDsKLSAgICB1aW50MzJfdCByZWFkX3ZhbCA9IDA7CisgICAg dWludDMyX3QgcmVhZF92YWwgPSAwLCB3Yl9tYXNrOwogICAgIGludCBlbXVs X2xlbiA9IDA7CiAgICAgWGVuUFRSZWcgKnJlZ19lbnRyeSA9IE5VTEw7CiAg ICAgdWludDMyX3QgZmluZF9hZGRyID0gYWRkcjsKQEAgLTI3MSw2ICsyNzEs OSBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lE CiAgICAgaWYgKHJjIDwgMCkgewogICAgICAgICBYRU5fUFRfRVJSKGQsICJw Y2lfcmVhZF9ibG9jayBmYWlsZWQuIHJldHVybiB2YWx1ZTogJWQuXG4iLCBy Yyk7CiAgICAgICAgIG1lbXNldCgmcmVhZF92YWwsIDB4ZmYsIGxlbik7Cisg ICAgICAgIHdiX21hc2sgPSAwOworICAgIH0gZWxzZSB7CisgICAgICAgIHdi X21hc2sgPSAweEZGRkZGRkZGID4+ICgoNCAtIGxlbikgPDwgMyk7CiAgICAg fQogCiAgICAgLyogcGFzcyBkaXJlY3RseSB0byB0aGUgcmVhbCBkZXZpY2Ug Zm9yIHBhc3N0aHJvdWdoIHR5cGUgcmVnaXN0ZXIgZ3JvdXAgKi8KQEAgLTI5 OCw2ICszMDEsMTEgQEAgc3RhdGljIHZvaWQgeGVuX3B0X3BjaV93cml0ZV9j b25maWcoUENJRAogCiAgICAgICAgICAgICB2YWxpZF9tYXNrIDw8PSAoZmlu ZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDM7CiAgICAgICAgICAgICBwdHJf dmFsID0gKHVpbnQ4X3QgKikmdmFsICsgKHJlYWxfb2Zmc2V0ICYgMyk7Cisg ICAgICAgICAgICBpZiAocmVnLT5lbXVfbWFzayA9PSAoMHhGRkZGRkZGRiA+ PiAoKDQgLSByZWctPnNpemUpIDw8IDMpKSkgeworICAgICAgICAgICAgICAg IHdiX21hc2sgJj0gfigocmVnLT5lbXVfbWFzaworICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPj4gKChmaW5kX2FkZHIgLSByZWFsX29mZnNldCkg PDwgMykpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDw8ICgobGVu IC0gZW11bF9sZW4pIDw8IDMpKTsKKyAgICAgICAgICAgIH0KIAogICAgICAg ICAgICAgLyogZG8gZW11bGF0aW9uIGJhc2VkIG9uIHJlZ2lzdGVyIHNpemUg Ki8KICAgICAgICAgICAgIHN3aXRjaCAocmVnLT5zaXplKSB7CkBAIC0zNTAs MTAgKzM1OCwxOSBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRlX2Nv bmZpZyhQQ0lECiAgICAgbWVtb3J5X3JlZ2lvbl90cmFuc2FjdGlvbl9jb21t aXQoKTsKIAogb3V0OgotICAgIGlmICghKHJlZyAmJiByZWctPm5vX3diKSkg eworICAgIGZvciAoaW5kZXggPSAwOyB3Yl9tYXNrOyBpbmRleCArPSBsZW4p IHsKICAgICAgICAgLyogdW5rbm93biByZWdzIGFyZSBwYXNzZWQgdGhyb3Vn aCAqLwotICAgICAgICByYyA9IHhlbl9ob3N0X3BjaV9zZXRfYmxvY2soJnMt PnJlYWxfZGV2aWNlLCBhZGRyLAotICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgKHVpbnQ4X3QgKikmdmFsLCBsZW4pOworICAgICAgICB3 aGlsZSAoISh3Yl9tYXNrICYgMHhmZikpIHsKKyAgICAgICAgICAgIGluZGV4 Kys7CisgICAgICAgICAgICB3Yl9tYXNrID4+PSA4OworICAgICAgICB9Cisg ICAgICAgIGxlbiA9IDA7CisgICAgICAgIGRvIHsKKyAgICAgICAgICAgIGxl bisrOworICAgICAgICAgICAgd2JfbWFzayA+Pj0gODsKKyAgICAgICAgfSB3 aGlsZSAod2JfbWFzayAmIDB4ZmYpOworICAgICAgICByYyA9IHhlbl9ob3N0 X3BjaV9zZXRfYmxvY2soJnMtPnJlYWxfZGV2aWNlLCBhZGRyICsgaW5kZXgs CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodWludDhf dCAqKSZ2YWwgKyBpbmRleCwgbGVuKTsKIAogICAgICAgICBpZiAocmMgPCAw KSB7CiAgICAgICAgICAgICBYRU5fUFRfRVJSKGQsICJwY2lfd3JpdGVfYmxv Y2sgZmFpbGVkLiByZXR1cm4gdmFsdWU6ICVkLlxuIiwgcmMpOwotLS0gYS9o dy94ZW5fcHQuaAorKysgYi9ody94ZW5fcHQuaApAQCAtMTA1LDggKzEwNSw2 IEBAIHN0cnVjdCBYZW5QVFJlZ0luZm8gewogICAgIHVpbnQzMl90IHJvX21h c2s7CiAgICAgLyogcmVnIGVtdWxhdGUgZmllbGQgbWFzayAoT046ZW11LCBP RkY6cGFzc3Rocm91Z2gpICovCiAgICAgdWludDMyX3QgZW11X21hc2s7Ci0g ICAgLyogbm8gd3JpdGUgYmFjayBhbGxvd2VkICovCi0gICAgdWludDMyX3Qg bm9fd2I7CiAgICAgeGVuX3B0X2NvbmZfcmVnX2luaXQgaW5pdDsKICAgICAv KiByZWFkL3dyaXRlIGZ1bmN0aW9uIHBvaW50ZXIKICAgICAgKiBmb3IgZG91 YmxlX3dvcmQvd29yZC9ieXRlIHNpemUgKi8KLS0tIGEvaHcveGVuX3B0X2Nv bmZpZ19pbml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAg LTEyODEsNyArMTI4MSw2IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0 X2VtdV9yZWdfbXNpW10KICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAw MDAwLAogICAgICAgICAucm9fbWFzayAgICA9IDB4MDAwMDAwMDMsCiAgICAg ICAgIC5lbXVfbWFzayAgID0gMHhGRkZGRkZGRiwKLSAgICAgICAgLm5vX3di ICAgICAgPSAxLAogICAgICAgICAuaW5pdCAgICAgICA9IHhlbl9wdF9jb21t b25fcmVnX2luaXQsCiAgICAgICAgIC51LmR3LnJlYWQgID0geGVuX3B0X2xv bmdfcmVnX3JlYWQsCiAgICAgICAgIC51LmR3LndyaXRlID0geGVuX3B0X21z Z2FkZHIzMl9yZWdfd3JpdGUsCkBAIC0xMjkzLDcgKzEyOTIsNiBAQCBzdGF0 aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX21zaVtdCiAgICAgICAg IC5pbml0X3ZhbCAgID0gMHgwMDAwMDAwMCwKICAgICAgICAgLnJvX21hc2sg ICAgPSAweDAwMDAwMDAwLAogICAgICAgICAuZW11X21hc2sgICA9IDB4RkZG RkZGRkYsCi0gICAgICAgIC5ub193YiAgICAgID0gMSwKICAgICAgICAgLmlu aXQgICAgICAgPSB4ZW5fcHRfbXNnYWRkcjY0X3JlZ19pbml0LAogICAgICAg ICAudS5kdy5yZWFkICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAogICAgICAg ICAudS5kdy53cml0ZSA9IHhlbl9wdF9tc2dhZGRyNjRfcmVnX3dyaXRlLApA QCAtMTMwNSw3ICsxMzAzLDYgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5f cHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAw MCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweDAwMDAsCiAgICAgICAgIC5l bXVfbWFzayAgID0gMHhGRkZGLAotICAgICAgICAubm9fd2IgICAgICA9IDEs CiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21zZ2RhdGFfcmVnX2lu aXQsCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3Jl YWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X21zZ2RhdGFfcmVn X3dyaXRlLApAQCAtMTMxNyw3ICsxMzE0LDYgQEAgc3RhdGljIFhlblBUUmVn SW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuaW5pdF92YWwg ICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweDAwMDAsCiAg ICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGLAotICAgICAgICAubm9fd2Ig ICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21zZ2Rh dGFfcmVnX2luaXQsCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dv cmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X21z Z2RhdGFfcmVnX3dyaXRlLAo= --=separator Content-Type: application/octet-stream; name="xsa128-qemuu.patch" Content-Disposition: attachment; filename="xsa128-qemuu.patch" Content-Transfer-Encoding: base64 eGVuOiBwcm9wZXJseSBnYXRlIGhvc3Qgd3JpdGVzIG9mIG1vZGlmaWVkIFBD SSBDRkcgY29udGVudHMKClRoZSBvbGQgbG9naWMgZGlkbid0IHdvcmsgYXMg aW50ZW5kZWQgd2hlbiBhbiBhY2Nlc3Mgc3Bhbm5lZCBtdWx0aXBsZQpmaWVs ZHMgKGZvciBleGFtcGxlIGEgMzItYml0IGFjY2VzcyB0byB0aGUgbG9jYXRp b24gb2YgdGhlIE1TSSBNZXNzYWdlCkRhdGEgZmllbGQgd2l0aCB0aGUgaGln aCAxNiBiaXRzIG5vdCBiZWluZyBjb3ZlcmVkIGJ5IGFueSBrbm93biBmaWVs ZCkuClJlbW92ZSBpdCBhbmQgZGVyaXZlIHdoaWNoIGZpZWxkcyBub3QgdG8g d3JpdGUgdG8gZnJvbSB0aGUgYWNjZXNzZWQKZmllbGRzJyBlbXVsYXRpb24g bWFza3M6IFdoZW4gdGhleSdyZSBhbGwgb25lcywgdGhlcmUncyBubyBwb2lu dCBpbgpkb2luZyBhbnkgaG9zdCB3cml0ZS4KClRoaXMgZml4ZXMgYSBzZWNv bmRhcnkgaXNzdWUgYXQgb25jZTogV2Ugb2J2aW91c2x5IHNob3VsZG4ndCBt YWtlIGFueQpob3N0IHdyaXRlIGF0dGVtcHQgd2hlbiBhbHJlYWR5IHRoZSBo b3N0IHJlYWQgZmFpbGVkLgoKVGhpcyBpcyBYU0EtMTI4LgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbi94ZW5fcHQuYworKysgYi9o dy94ZW4veGVuX3B0LmMKQEAgLTIzNCw3ICsyMzQsNyBAQCBzdGF0aWMgdm9p ZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lECiAgICAgaW50IGluZGV4 ID0gMDsKICAgICBYZW5QVFJlZ0dyb3VwICpyZWdfZ3JwX2VudHJ5ID0gTlVM TDsKICAgICBpbnQgcmMgPSAwOwotICAgIHVpbnQzMl90IHJlYWRfdmFsID0g MDsKKyAgICB1aW50MzJfdCByZWFkX3ZhbCA9IDAsIHdiX21hc2s7CiAgICAg aW50IGVtdWxfbGVuID0gMDsKICAgICBYZW5QVFJlZyAqcmVnX2VudHJ5ID0g TlVMTDsKICAgICB1aW50MzJfdCBmaW5kX2FkZHIgPSBhZGRyOwpAQCAtMjcx LDYgKzI3MSw5IEBAIHN0YXRpYyB2b2lkIHhlbl9wdF9wY2lfd3JpdGVfY29u ZmlnKFBDSUQKICAgICBpZiAocmMgPCAwKSB7CiAgICAgICAgIFhFTl9QVF9F UlIoZCwgInBjaV9yZWFkX2Jsb2NrIGZhaWxlZC4gcmV0dXJuIHZhbHVlOiAl ZC5cbiIsIHJjKTsKICAgICAgICAgbWVtc2V0KCZyZWFkX3ZhbCwgMHhmZiwg bGVuKTsKKyAgICAgICAgd2JfbWFzayA9IDA7CisgICAgfSBlbHNlIHsKKyAg ICAgICAgd2JfbWFzayA9IDB4RkZGRkZGRkYgPj4gKCg0IC0gbGVuKSA8PCAz KTsKICAgICB9CiAKICAgICAvKiBwYXNzIGRpcmVjdGx5IHRvIHRoZSByZWFs IGRldmljZSBmb3IgcGFzc3Rocm91Z2ggdHlwZSByZWdpc3RlciBncm91cCAq LwpAQCAtMjk4LDYgKzMwMSwxMSBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNp X3dyaXRlX2NvbmZpZyhQQ0lECiAKICAgICAgICAgICAgIHZhbGlkX21hc2sg PDw9IChmaW5kX2FkZHIgLSByZWFsX29mZnNldCkgPDwgMzsKICAgICAgICAg ICAgIHB0cl92YWwgPSAodWludDhfdCAqKSZ2YWwgKyAocmVhbF9vZmZzZXQg JiAzKTsKKyAgICAgICAgICAgIGlmIChyZWctPmVtdV9tYXNrID09ICgweEZG RkZGRkZGID4+ICgoNCAtIHJlZy0+c2l6ZSkgPDwgMykpKSB7CisgICAgICAg ICAgICAgICAgd2JfbWFzayAmPSB+KChyZWctPmVtdV9tYXNrCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA+PiAoKGZpbmRfYWRkciAtIHJlYWxf b2Zmc2V0KSA8PCAzKSkKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PDwgKChsZW4gLSBlbXVsX2xlbikgPDwgMykpOworICAgICAgICAgICAgfQog CiAgICAgICAgICAgICAvKiBkbyBlbXVsYXRpb24gYmFzZWQgb24gcmVnaXN0 ZXIgc2l6ZSAqLwogICAgICAgICAgICAgc3dpdGNoIChyZWctPnNpemUpIHsK QEAgLTM1MCwxMCArMzU4LDE5IEBAIHN0YXRpYyB2b2lkIHhlbl9wdF9wY2lf d3JpdGVfY29uZmlnKFBDSUQKICAgICBtZW1vcnlfcmVnaW9uX3RyYW5zYWN0 aW9uX2NvbW1pdCgpOwogCiBvdXQ6Ci0gICAgaWYgKCEocmVnICYmIHJlZy0+ bm9fd2IpKSB7CisgICAgZm9yIChpbmRleCA9IDA7IHdiX21hc2s7IGluZGV4 ICs9IGxlbikgewogICAgICAgICAvKiB1bmtub3duIHJlZ3MgYXJlIHBhc3Nl ZCB0aHJvdWdoICovCi0gICAgICAgIHJjID0geGVuX2hvc3RfcGNpX3NldF9i bG9jaygmcy0+cmVhbF9kZXZpY2UsIGFkZHIsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAodWludDhfdCAqKSZ2YWwsIGxlbik7Cisg ICAgICAgIHdoaWxlICghKHdiX21hc2sgJiAweGZmKSkgeworICAgICAgICAg ICAgaW5kZXgrKzsKKyAgICAgICAgICAgIHdiX21hc2sgPj49IDg7CisgICAg ICAgIH0KKyAgICAgICAgbGVuID0gMDsKKyAgICAgICAgZG8geworICAgICAg ICAgICAgbGVuKys7CisgICAgICAgICAgICB3Yl9tYXNrID4+PSA4OworICAg ICAgICB9IHdoaWxlICh3Yl9tYXNrICYgMHhmZik7CisgICAgICAgIHJjID0g eGVuX2hvc3RfcGNpX3NldF9ibG9jaygmcy0+cmVhbF9kZXZpY2UsIGFkZHIg KyBpbmRleCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICh1aW50OF90ICopJnZhbCArIGluZGV4LCBsZW4pOwogCiAgICAgICAgIGlm IChyYyA8IDApIHsKICAgICAgICAgICAgIFhFTl9QVF9FUlIoZCwgInBjaV93 cml0ZV9ibG9jayBmYWlsZWQuIHJldHVybiB2YWx1ZTogJWQuXG4iLCByYyk7 Ci0tLSBhL2h3L3hlbi94ZW5fcHQuaAorKysgYi9ody94ZW4veGVuX3B0LmgK QEAgLTEwNSw4ICsxMDUsNiBAQCBzdHJ1Y3QgWGVuUFRSZWdJbmZvIHsKICAg ICB1aW50MzJfdCByb19tYXNrOwogICAgIC8qIHJlZyBlbXVsYXRlIGZpZWxk IG1hc2sgKE9OOmVtdSwgT0ZGOnBhc3N0aHJvdWdoKSAqLwogICAgIHVpbnQz Ml90IGVtdV9tYXNrOwotICAgIC8qIG5vIHdyaXRlIGJhY2sgYWxsb3dlZCAq LwotICAgIHVpbnQzMl90IG5vX3diOwogICAgIHhlbl9wdF9jb25mX3JlZ19p bml0IGluaXQ7CiAgICAgLyogcmVhZC93cml0ZSBmdW5jdGlvbiBwb2ludGVy CiAgICAgICogZm9yIGRvdWJsZV93b3JkL3dvcmQvYnl0ZSBzaXplICovCi0t LSBhL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYworKysgYi9ody94ZW4v eGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTEyODEsNyArMTI4MSw2IEBAIHN0 YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdfbXNpW10KICAgICAg ICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAogICAgICAgICAucm9fbWFz ayAgICA9IDB4MDAwMDAwMDMsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhG RkZGRkZGRiwKLSAgICAgICAgLm5vX3diICAgICAgPSAxLAogICAgICAgICAu aW5pdCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAg IC51LmR3LnJlYWQgID0geGVuX3B0X2xvbmdfcmVnX3JlYWQsCiAgICAgICAg IC51LmR3LndyaXRlID0geGVuX3B0X21zZ2FkZHIzMl9yZWdfd3JpdGUsCkBA IC0xMjkzLDcgKzEyOTIsNiBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9w dF9lbXVfcmVnX21zaVtdCiAgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAw MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweDAwMDAwMDAwLAogICAg ICAgICAuZW11X21hc2sgICA9IDB4RkZGRkZGRkYsCi0gICAgICAgIC5ub193 YiAgICAgID0gMSwKICAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRfbXNn YWRkcjY0X3JlZ19pbml0LAogICAgICAgICAudS5kdy5yZWFkICA9IHhlbl9w dF9sb25nX3JlZ19yZWFkLAogICAgICAgICAudS5kdy53cml0ZSA9IHhlbl9w dF9tc2dhZGRyNjRfcmVnX3dyaXRlLApAQCAtMTMwNSw3ICsxMzAzLDYgQEAg c3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAg ICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sg ICAgPSAweDAwMDAsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGLAot ICAgICAgICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAg ID0geGVuX3B0X21zZ2RhdGFfcmVnX2luaXQsCiAgICAgICAgIC51LncucmVh ZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3Jp dGUgID0geGVuX3B0X21zZ2RhdGFfcmVnX3dyaXRlLApAQCAtMTMxNyw3ICsx MzE0LDYgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19t c2lbXQogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAg LnJvX21hc2sgICAgPSAweDAwMDAsCiAgICAgICAgIC5lbXVfbWFzayAgID0g MHhGRkZGLAotICAgICAgICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5p bml0ICAgICAgID0geGVuX3B0X21zZ2RhdGFfcmVnX2luaXQsCiAgICAgICAg IC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAg IC51Lncud3JpdGUgID0geGVuX3B0X21zZ2RhdGFfcmVnX3dyaXRlLAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoJ-0005Qm-O0; Tue, 02 Jun 2015 14:04:55 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoH-0005QG-CW; Tue, 02 Jun 2015 14:04:54 +0000 Received: from [193.109.254.147] by server-16.bemta-14.messagelabs.com id 87/68-31650-408BD655; Tue, 02 Jun 2015 14:04:52 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-15.tower-27.messagelabs.com!1433253890!19655171!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 13278 invoked from network); 2 Jun 2015 14:04:51 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-15.tower-27.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:04:51 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Yzmo8-0006Si-LW; Tue, 02 Jun 2015 14:04:44 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Yzmo8-0001oT-IC; Tue, 02 Jun 2015 14:04:44 +0000 Date: Tue, 02 Jun 2015 14:04:44 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 129 (CVE-2015-4104) - PCI MSI mask bits inadvertently exposed to guests X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4104 / XSA-129 version 2 PCI MSI mask bits inadvertently exposed to guests UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= The mask bits optionally available in the PCI MSI capability structure are used by the hypervisor to occasionally suppress interrupt delivery. Unprivileged guests were, however, nevertheless allowed direct control of these bits. IMPACT ====== Interrupts may be observed by Xen at unexpected times, which may lead to a host crash and therefore a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable. (Most modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa129-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa129-qemuu-4.3.patch Xen 4.3.x xsa129-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa129*.patch 3c6b5a085eec3a528b18207ca65222300911fd25501a9ffaffa76a5d85d23992 xsa129-qemut.patch 314808fbaa97d06bc4bb6cb6644dca1ae2da55534661c662c6e442d5b91e6061 xsa129-qemuu-4.3.patch 9f0658e197c539306118723d63b468d09fe3a1d9f9364f6d06e53b7be8268bdc xsa129-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or migitations is NOT permitted (except on systems used and administered only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployent on public cloud systems is NOT permitted. This is because the altered PCI config space access behavior is visible to guests. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdRAAoJEIP+FMlX6CvZe+4H/RcQcEsggqHg5eK/9yowQV1c erLWwpP18+v1pSRKqC+In/snL4g6H1DiC7ezwEbyQzOA8GGgiikTHqyTyFATvEHN hCwMgYW4ZYcR/euqJ7kgi7q368+39sM6ZzEnKCwr4GUeWLtBh+6ABeih5XlfjyfS 0HWuw+NBkT7IcIR/KaQwa17or3fZ2cZKq1NU4EksFjuD+ucMS7a4sPs1SztoSbXc Qf5TZn0XsDWoAodX/EmI4xRubpKL6Ae6noOCkBDelssvwzIhR1rZfFL8qALy+axf vb4le4Woy7USkWssOURSvkY8iMio25qvwGFxORzI9x4ImMU+XC+r6QSCLER202Q= =VQRQ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa129-qemut.patch" Content-Disposition: attachment; filename="xsa129-qemut.patch" Content-Transfer-Encoding: base64 eGVuOiBkb24ndCBhbGxvdyBndWVzdCB0byBjb250cm9sIE1TSSBtYXNrIHJl Z2lzdGVyCgpJdCdzIGJlaW5nIHVzZWQgYnkgdGhlIGh5cGVydmlzb3IuIEZv ciBub3cgc2ltcGx5IG1pbWljIGEgZGV2aWNlIG5vdApjYXBhYmxlIG9mIG1h c2tpbmcsIGFuZCBmdWxseSBlbXVsYXRlIGFueSBhY2Nlc3NlcyBhIGd1ZXN0 IG1heSBpc3N1ZQpuZXZlcnRoZWxlc3MgYXMgc2ltcGxlIHJlYWRzL3dyaXRl cyB3aXRob3V0IHNpZGUgZWZmZWN0cy4KClRoaXMgaXMgWFNBLTEyOS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFi ZWxsaW5pQGV1LmNpdHJpeC5jb20+CgotLS0gYS9ody9wYXNzLXRocm91Z2gu YworKysgYi9ody9wYXNzLXRocm91Z2guYwpAQCAtMTQ3LDYgKzE0NywxMCBA QCBzdGF0aWMgdWludDMyX3QgcHRfbXNnYWRkcjY0X3JlZ19pbml0KHN0CiAg ICAgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnLCB1aW50MzJfdCByZWFs X29mZnNldCk7CiBzdGF0aWMgdWludDMyX3QgcHRfbXNnZGF0YV9yZWdfaW5p dChzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKICAgICBzdHJ1Y3QgcHRfcmVnX2lu Zm9fdGJsICpyZWcsIHVpbnQzMl90IHJlYWxfb2Zmc2V0KTsKK3N0YXRpYyB1 aW50MzJfdCBwdF9tYXNrX3JlZ19pbml0KHN0cnVjdCBwdF9kZXYgKnB0ZGV2 LAorICAgIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgKnJlZywgdWludDMyX3Qg cmVhbF9vZmZzZXQpOworc3RhdGljIHVpbnQzMl90IHB0X3BlbmRpbmdfcmVn X2luaXQoc3RydWN0IHB0X2RldiAqcHRkZXYsCisgICAgc3RydWN0IHB0X3Jl Z19pbmZvX3RibCAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCk7CiBzdGF0 aWMgdWludDMyX3QgcHRfbXNpeGN0cmxfcmVnX2luaXQoc3RydWN0IHB0X2Rl diAqcHRkZXYsCiAgICAgc3RydWN0IHB0X3JlZ19pbmZvX3RibCAqcmVnLCB1 aW50MzJfdCByZWFsX29mZnNldCk7CiBzdGF0aWMgdWludDMyX3QgcHRfaGVh ZGVyX3R5cGVfcmVnX2luaXQoc3RydWN0IHB0X2RldiAqcHRkZXYsCkBAIC02 NDQsNyArNjQ4LDcgQEAgc3RhdGljIHN0cnVjdCBwdF9yZWdfaW5mb190Ymwg cHRfZW11X3JlZwogICAgICAgICAuc2l6ZSAgICAgICA9IDIsCiAgICAgICAg IC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAgICAucm9fbWFzayAgICA9 IDB4RkY4RSwKLSAgICAgICAgLmVtdV9tYXNrICAgPSAweDAwN0YsCisgICAg ICAgIC5lbXVfbWFzayAgID0gMHgwMTdGLAogICAgICAgICAuaW5pdCAgICAg ICA9IHB0X21zZ2N0cmxfcmVnX2luaXQsCiAgICAgICAgIC51LncucmVhZCAg ID0gcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAgPSBw dF9tc2djdHJsX3JlZ193cml0ZSwKQEAgLTY5OCw2ICs3MDIsNTAgQEAgc3Rh dGljIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAg ICAudS53LndyaXRlICA9IHB0X21zZ2RhdGFfcmVnX3dyaXRlLAogICAgICAg ICAudS53LnJlc3RvcmUgID0gTlVMTCwKICAgICB9LAorICAgIC8qIE1hc2sg cmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01BU0tfQklUIHNldCwgZm9yIDMyLWJp dCBkZXZpY2VzKSAqLworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAgPSBQ Q0lfTVNJX01BU0tfMzIsCisgICAgICAgIC5zaXplICAgICAgID0gNCwKKyAg ICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAorICAgICAgICAucm9f bWFzayAgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5lbXVfbWFzayAgID0g MHhGRkZGRkZGRiwKKyAgICAgICAgLmluaXQgICAgICAgPSBwdF9tYXNrX3Jl Z19pbml0LAorICAgICAgICAudS5kdy5yZWFkICA9IHB0X2xvbmdfcmVnX3Jl YWQsCisgICAgICAgIC51LmR3LndyaXRlID0gcHRfbG9uZ19yZWdfd3JpdGUs CisgICAgfSwKKyAgICAvKiBNYXNrIHJlZyAoaWYgUENJX01TSV9GTEFHU19N QVNLX0JJVCBzZXQsIGZvciA2NC1iaXQgZGV2aWNlcykgKi8KKyAgICB7Cisg ICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNLXzY0LAorICAgICAg ICAuc2l6ZSAgICAgICA9IDQsCisgICAgICAgIC5pbml0X3ZhbCAgID0gMHgw MDAwMDAwMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEZGRkZGRkZGLAor ICAgICAgICAuZW11X21hc2sgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5p bml0ICAgICAgID0gcHRfbWFza19yZWdfaW5pdCwKKyAgICAgICAgLnUuZHcu cmVhZCAgPSBwdF9sb25nX3JlZ19yZWFkLAorICAgICAgICAudS5kdy53cml0 ZSA9IHB0X2xvbmdfcmVnX3dyaXRlLAorICAgIH0sCisgICAgLyogUGVuZGlu ZyByZWcgKGlmIFBDSV9NU0lfRkxBR1NfTUFTS19CSVQgc2V0LCBmb3IgMzIt Yml0IGRldmljZXMpICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAgICA9 IFBDSV9NU0lfTUFTS18zMiArIDQsCisgICAgICAgIC5zaXplICAgICAgID0g NCwKKyAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAorICAgICAg ICAucm9fbWFzayAgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5lbXVfbWFz ayAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLmluaXQgICAgICAgPSBwdF9w ZW5kaW5nX3JlZ19pbml0LAorICAgICAgICAudS5kdy5yZWFkICA9IHB0X2xv bmdfcmVnX3JlYWQsCisgICAgICAgIC51LmR3LndyaXRlID0gcHRfbG9uZ19y ZWdfd3JpdGUsCisgICAgfSwKKyAgICAvKiBQZW5kaW5nIHJlZyAoaWYgUENJ X01TSV9GTEFHU19NQVNLX0JJVCBzZXQsIGZvciA2NC1iaXQgZGV2aWNlcykg Ki8KKyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNL XzY0ICsgNCwKKyAgICAgICAgLnNpemUgICAgICAgPSA0LAorICAgICAgICAu aW5pdF92YWwgICA9IDB4MDAwMDAwMDAsCisgICAgICAgIC5yb19tYXNrICAg ID0gMHhGRkZGRkZGRiwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweDAwMDAw MDAwLAorICAgICAgICAuaW5pdCAgICAgICA9IHB0X3BlbmRpbmdfcmVnX2lu aXQsCisgICAgICAgIC51LmR3LnJlYWQgID0gcHRfbG9uZ19yZWdfcmVhZCwK KyAgICAgICAgLnUuZHcud3JpdGUgPSBwdF9sb25nX3JlZ193cml0ZSwKKyAg ICB9LAogICAgIHsKICAgICAgICAgLnNpemUgPSAwLAogICAgIH0sCkBAIC0z MDIzLDYgKzMwNzEsNDIgQEAgc3RhdGljIHVpbnQzMl90IHB0X21zZ2RhdGFf cmVnX2luaXQoc3RydQogICAgICAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7 CiB9CiAKKy8qIHRoaXMgZnVuY3Rpb24gd2lsbCBiZSBjYWxsZWQgdHdpY2Ug KGZvciAzMiBiaXQgYW5kIDY0IGJpdCB0eXBlKSAqLworLyogaW5pdGlhbGl6 ZSBNYXNrIHJlZ2lzdGVyICovCitzdGF0aWMgdWludDMyX3QgcHRfbWFza19y ZWdfaW5pdChzdHJ1Y3QgcHRfZGV2ICpwdGRldiwKKyAgICAgICAgc3RydWN0 IHB0X3JlZ19pbmZvX3RibCAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCkK K3sKKyAgICB1aW50MzJfdCBmbGFncyA9IHB0ZGV2LT5tc2ktPmZsYWdzOwor ICAgIHVpbnQzMl90IG9mZnNldCA9IHJlZy0+b2Zmc2V0OworCisgICAgaWYg KCEoZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdTX01BU0tfQklUKSkKKyAgICAgICAg cmV0dXJuIFBUX0lOVkFMSURfUkVHOworCisgICAgaWYgKG9mZnNldCA9PSAo ZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdTXzY0QklUID8KKyAgICAgICAgICAgICAg ICAgICBQQ0lfTVNJX01BU0tfNjQgOiBQQ0lfTVNJX01BU0tfMzIpKQorICAg ICAgICByZXR1cm4gcmVnLT5pbml0X3ZhbDsKKworICAgIHJldHVybiBQVF9J TlZBTElEX1JFRzsKK30KKworLyogdGhpcyBmdW5jdGlvbiB3aWxsIGJlIGNh bGxlZCB0d2ljZSAoZm9yIDMyIGJpdCBhbmQgNjQgYml0IHR5cGUpICovCisv KiBpbml0aWFsaXplIFBlbmRpbmcgcmVnaXN0ZXIgKi8KK3N0YXRpYyB1aW50 MzJfdCBwdF9wZW5kaW5nX3JlZ19pbml0KHN0cnVjdCBwdF9kZXYgKnB0ZGV2 LAorICAgICAgICBzdHJ1Y3QgcHRfcmVnX2luZm9fdGJsICpyZWcsIHVpbnQz Ml90IHJlYWxfb2Zmc2V0KQoreworICAgIHVpbnQzMl90IGZsYWdzID0gcHRk ZXYtPm1zaS0+ZmxhZ3M7CisgICAgdWludDMyX3Qgb2Zmc2V0ID0gcmVnLT5v ZmZzZXQ7CisKKyAgICBpZiAoIShmbGFncyAmIFBDSV9NU0lfRkxBR1NfTUFT S19CSVQpKQorICAgICAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7CisKKyAg ICBpZiAob2Zmc2V0ID09IChmbGFncyAmIFBDSV9NU0lfRkxBR1NfNjRCSVQg PworICAgICAgICAgICAgICAgICAgIFBDSV9NU0lfTUFTS182NCArIDQgOiBQ Q0lfTVNJX01BU0tfMzIgKyA0KSkKKyAgICAgICAgcmV0dXJuIHJlZy0+aW5p dF92YWw7CisKKyAgICByZXR1cm4gUFRfSU5WQUxJRF9SRUc7Cit9CisKIC8q IGluaXRpYWxpemUgTWVzc2FnZSBDb250cm9sIHJlZ2lzdGVyIGZvciBNU0kt WCAqLwogc3RhdGljIHVpbnQzMl90IHB0X21zaXhjdHJsX3JlZ19pbml0KHN0 cnVjdCBwdF9kZXYgKnB0ZGV2LAogICAgICAgICBzdHJ1Y3QgcHRfcmVnX2lu Zm9fdGJsICpyZWcsIHVpbnQzMl90IHJlYWxfb2Zmc2V0KQotLS0gYS9ody9w YXNzLXRocm91Z2guaAorKysgYi9ody9wYXNzLXRocm91Z2guaApAQCAtODQs NiArODQsMTIgQEAKICNkZWZpbmUgUENJX01TSV9GTEFHU19NQVNLX0JJVCAg MHgwMTAwCiAjZW5kaWYKIAorI2lmbmRlZiBQQ0lfTVNJX01BU0tfMzIKKy8q IGludGVycnVwdCBtYXNraW5nIHJlZ2lzdGVyICovCisjZGVmaW5lIFBDSV9N U0lfTUFTS18zMiAgICAgMTIKKyNkZWZpbmUgUENJX01TSV9NQVNLXzY0ICAg ICAxNgorI2VuZGlmCisKICNpZm5kZWYgUENJX0VYUF9UWVBFX1BDSUVfQlJJ REdFCiAvKiBQQ0kvUENJLVggdG8gUENJRSBCcmlkZ2UgKi8KICNkZWZpbmUg UENJX0VYUF9UWVBFX1BDSUVfQlJJREdFIDB4OAo= --=separator Content-Type: application/octet-stream; name="xsa129-qemuu-4.3.patch" Content-Disposition: attachment; filename="xsa129-qemuu-4.3.patch" Content-Transfer-Encoding: base64 eGVuOiBkb24ndCBhbGxvdyBndWVzdCB0byBjb250cm9sIE1TSSBtYXNrIHJl Z2lzdGVyCgpJdCdzIGJlaW5nIHVzZWQgYnkgdGhlIGh5cGVydmlzb3IuIEZv ciBub3cgc2ltcGx5IG1pbWljIGEgZGV2aWNlIG5vdApjYXBhYmxlIG9mIG1h c2tpbmcsIGFuZCBmdWxseSBlbXVsYXRlIGFueSBhY2Nlc3NlcyBhIGd1ZXN0 IG1heSBpc3N1ZQpuZXZlcnRoZWxlc3MgYXMgc2ltcGxlIHJlYWRzL3dyaXRl cyB3aXRob3V0IHNpZGUgZWZmZWN0cy4KClRoaXMgaXMgWFNBLTEyOS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFi ZWxsaW5pQGV1LmNpdHJpeC5jb20+CgotLS0gYS9ody9tc2kuYworKysgYi9o dy9tc2kuYwpAQCAtMjEsMTAgKzIxLDYgQEAKICNpbmNsdWRlICJtc2kuaCIK ICNpbmNsdWRlICJyYW5nZS5oIgogCi0vKiBFdmVudHVhbGx5IHRob3NlIGNv bnN0YW50cyBzaG91bGQgZ28gdG8gTGludXggcGNpX3JlZ3MuaCAqLwotI2Rl ZmluZSBQQ0lfTVNJX1BFTkRJTkdfMzIgICAgICAweDEwCi0jZGVmaW5lIFBD SV9NU0lfUEVORElOR182NCAgICAgIDB4MTQKLQogLyogUENJX01TSV9BRERS RVNTX0xPICovCiAjZGVmaW5lIFBDSV9NU0lfQUREUkVTU19MT19NQVNLICAg ICAgICAgKH4weDMpCiAKLS0tIGEvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMK KysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTEwMTgsMTMgKzEw MTgsOSBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX3Bt W10gCiAgKi8KIAogLyogSGVscGVyICovCi1zdGF0aWMgYm9vbCB4ZW5fcHRf bXNnZGF0YV9jaGVja190eXBlKHVpbnQzMl90IG9mZnNldCwgdWludDE2X3Qg ZmxhZ3MpCi17Ci0gICAgLyogY2hlY2sgdGhlIG9mZnNldCB3aGV0aGVyIG1h dGNoZXMgdGhlIHR5cGUgb3Igbm90ICovCi0gICAgYm9vbCBpc18zMiA9IChv ZmZzZXQgPT0gUENJX01TSV9EQVRBXzMyKSAmJiAhKGZsYWdzICYgUENJX01T SV9GTEFHU182NEJJVCk7Ci0gICAgYm9vbCBpc182NCA9IChvZmZzZXQgPT0g UENJX01TSV9EQVRBXzY0KSAmJiAgKGZsYWdzICYgUENJX01TSV9GTEFHU182 NEJJVCk7Ci0gICAgcmV0dXJuIGlzXzMyIHx8IGlzXzY0OwotfQorI2RlZmlu ZSB4ZW5fcHRfbXNpX2NoZWNrX3R5cGUob2Zmc2V0LCBmbGFncywgd2hhdCkg XAorICAgICAgICAoKG9mZnNldCkgPT0gKChmbGFncykgJiBQQ0lfTVNJX0ZM QUdTXzY0QklUID8gXAorICAgICAgICAgICAgICAgICAgICAgIFBDSV9NU0lf IyN3aGF0IyNfNjQgOiBQQ0lfTVNJXyMjd2hhdCMjXzMyKSkKIAogLyogTWVz c2FnZSBDb250cm9sIHJlZ2lzdGVyICovCiBzdGF0aWMgaW50IHhlbl9wdF9t c2djdHJsX3JlZ19pbml0KFhlblBDSVBhc3N0aHJvdWdoU3RhdGUgKnMsCkBA IC0xMTM2LDcgKzExMzIsNDUgQEAgc3RhdGljIGludCB4ZW5fcHRfbXNnZGF0 YV9yZWdfaW5pdChYZW5QQwogICAgIHVpbnQzMl90IG9mZnNldCA9IHJlZy0+ b2Zmc2V0OwogCiAgICAgLyogY2hlY2sgdGhlIG9mZnNldCB3aGV0aGVyIG1h dGNoZXMgdGhlIHR5cGUgb3Igbm90ICovCi0gICAgaWYgKHhlbl9wdF9tc2dk YXRhX2NoZWNrX3R5cGUob2Zmc2V0LCBmbGFncykpIHsKKyAgICBpZiAoeGVu X3B0X21zaV9jaGVja190eXBlKG9mZnNldCwgZmxhZ3MsIERBVEEpKSB7Cisg ICAgICAgICpkYXRhID0gcmVnLT5pbml0X3ZhbDsKKyAgICB9IGVsc2Ugewor ICAgICAgICAqZGF0YSA9IFhFTl9QVF9JTlZBTElEX1JFRzsKKyAgICB9Cisg ICAgcmV0dXJuIDA7Cit9CisKKy8qIHRoaXMgZnVuY3Rpb24gd2lsbCBiZSBj YWxsZWQgdHdpY2UgKGZvciAzMiBiaXQgYW5kIDY0IGJpdCB0eXBlKSAqLwor LyogaW5pdGlhbGl6ZSBNYXNrIHJlZ2lzdGVyICovCitzdGF0aWMgaW50IHhl bl9wdF9tYXNrX3JlZ19pbml0KFhlblBDSVBhc3N0aHJvdWdoU3RhdGUgKnMs CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFhlblBUUmVnSW5m byAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgdWludDMyX3QgKmRhdGEpCit7CisgICAgdWlu dDMyX3QgZmxhZ3MgPSBzLT5tc2ktPmZsYWdzOworCisgICAgLyogY2hlY2sg dGhlIG9mZnNldCB3aGV0aGVyIG1hdGNoZXMgdGhlIHR5cGUgb3Igbm90ICov CisgICAgaWYgKCEoZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdTX01BU0tCSVQpKSB7 CisgICAgICAgICpkYXRhID0gWEVOX1BUX0lOVkFMSURfUkVHOworICAgIH0g ZWxzZSBpZiAoeGVuX3B0X21zaV9jaGVja190eXBlKHJlZy0+b2Zmc2V0LCBm bGFncywgTUFTSykpIHsKKyAgICAgICAgKmRhdGEgPSByZWctPmluaXRfdmFs OworICAgIH0gZWxzZSB7CisgICAgICAgICpkYXRhID0gWEVOX1BUX0lOVkFM SURfUkVHOworICAgIH0KKyAgICByZXR1cm4gMDsKK30KKworLyogdGhpcyBm dW5jdGlvbiB3aWxsIGJlIGNhbGxlZCB0d2ljZSAoZm9yIDMyIGJpdCBhbmQg NjQgYml0IHR5cGUpICovCisvKiBpbml0aWFsaXplIFBlbmRpbmcgcmVnaXN0 ZXIgKi8KK3N0YXRpYyBpbnQgeGVuX3B0X3BlbmRpbmdfcmVnX2luaXQoWGVu UENJUGFzc3Rocm91Z2hTdGF0ZSAqcywKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgWGVuUFRSZWdJbmZvICpyZWcsIHVpbnQzMl90IHJl YWxfb2Zmc2V0LAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB1aW50MzJfdCAqZGF0YSkKK3sKKyAgICB1aW50MzJfdCBmbGFncyA9IHMt Pm1zaS0+ZmxhZ3M7CisKKyAgICAvKiBjaGVjayB0aGUgb2Zmc2V0IHdoZXRo ZXIgbWF0Y2hlcyB0aGUgdHlwZSBvciBub3QgKi8KKyAgICBpZiAoIShmbGFn cyAmIFBDSV9NU0lfRkxBR1NfTUFTS0JJVCkpIHsKKyAgICAgICAgKmRhdGEg PSBYRU5fUFRfSU5WQUxJRF9SRUc7CisgICAgfSBlbHNlIGlmICh4ZW5fcHRf bXNpX2NoZWNrX3R5cGUocmVnLT5vZmZzZXQsIGZsYWdzLCBQRU5ESU5HKSkg ewogICAgICAgICAqZGF0YSA9IHJlZy0+aW5pdF92YWw7CiAgICAgfSBlbHNl IHsKICAgICAgICAgKmRhdGEgPSBYRU5fUFRfSU5WQUxJRF9SRUc7CkBAIC0x MjI0LDcgKzEyNTgsNyBAQCBzdGF0aWMgaW50IHhlbl9wdF9tc2dkYXRhX3Jl Z193cml0ZShYZW5QCiAgICAgdWludDMyX3Qgb2Zmc2V0ID0gcmVnLT5vZmZz ZXQ7CiAKICAgICAvKiBjaGVjayB0aGUgb2Zmc2V0IHdoZXRoZXIgbWF0Y2hl cyB0aGUgdHlwZSBvciBub3QgKi8KLSAgICBpZiAoIXhlbl9wdF9tc2dkYXRh X2NoZWNrX3R5cGUob2Zmc2V0LCBtc2ktPmZsYWdzKSkgeworICAgIGlmICgh eGVuX3B0X21zaV9jaGVja190eXBlKG9mZnNldCwgbXNpLT5mbGFncywgREFU QSkpIHsKICAgICAgICAgLyogZXhpdCBJL08gZW11bGF0b3IgKi8KICAgICAg ICAgWEVOX1BUX0VSUigmcy0+ZGV2LCAidGhlIG9mZnNldCBkb2VzIG5vdCBt YXRjaCB0aGUgMzIvNjQgYml0IHR5cGUhXG4iKTsKICAgICAgICAgcmV0dXJu IC0xOwpAQCAtMTI2OSw3ICsxMzAzLDcgQEAgc3RhdGljIFhlblBUUmVnSW5m byB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuc2l6ZSAgICAgICA9 IDIsCiAgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAgICAu cm9fbWFzayAgICA9IDB4RkY4RSwKLSAgICAgICAgLmVtdV9tYXNrICAgPSAw eDAwN0YsCisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMTdGLAogICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9tc2djdHJsX3JlZ19pbml0LAogICAg ICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFkLAogICAg ICAgICAudS53LndyaXRlICA9IHhlbl9wdF9tc2djdHJsX3JlZ193cml0ZSwK QEAgLTEzMTgsNiArMTM1Miw1MCBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhl bl9wdF9lbXVfcmVnX21zaVtdCiAgICAgICAgIC51LncucmVhZCAgID0geGVu X3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVu X3B0X21zZ2RhdGFfcmVnX3dyaXRlLAogICAgIH0sCisgICAgLyogTWFzayBy ZWcgKGlmIFBDSV9NU0lfRkxBR1NfTUFTS0JJVCBzZXQsIGZvciAzMi1iaXQg ZGV2aWNlcykgKi8KKyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJ X01TSV9NQVNLXzMyLAorICAgICAgICAuc2l6ZSAgICAgICA9IDQsCisgICAg ICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLnJvX21h c2sgICAgPSAweEZGRkZGRkZGLAorICAgICAgICAuZW11X21hc2sgICA9IDB4 RkZGRkZGRkYsCisgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21hc2tf cmVnX2luaXQsCisgICAgICAgIC51LmR3LnJlYWQgID0geGVuX3B0X2xvbmdf cmVnX3JlYWQsCisgICAgICAgIC51LmR3LndyaXRlID0geGVuX3B0X2xvbmdf cmVnX3dyaXRlLAorICAgIH0sCisgICAgLyogTWFzayByZWcgKGlmIFBDSV9N U0lfRkxBR1NfTUFTS0JJVCBzZXQsIGZvciA2NC1iaXQgZGV2aWNlcykgKi8K KyAgICB7CisgICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNLXzY0 LAorICAgICAgICAuc2l6ZSAgICAgICA9IDQsCisgICAgICAgIC5pbml0X3Zh bCAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLnJvX21hc2sgICAgPSAweEZG RkZGRkZGLAorICAgICAgICAuZW11X21hc2sgICA9IDB4RkZGRkZGRkYsCisg ICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21hc2tfcmVnX2luaXQsCisg ICAgICAgIC51LmR3LnJlYWQgID0geGVuX3B0X2xvbmdfcmVnX3JlYWQsCisg ICAgICAgIC51LmR3LndyaXRlID0geGVuX3B0X2xvbmdfcmVnX3dyaXRlLAor ICAgIH0sCisgICAgLyogUGVuZGluZyByZWcgKGlmIFBDSV9NU0lfRkxBR1Nf TUFTS0JJVCBzZXQsIGZvciAzMi1iaXQgZGV2aWNlcykgKi8KKyAgICB7Cisg ICAgICAgIC5vZmZzZXQgICAgID0gUENJX01TSV9NQVNLXzMyICsgNCwKKyAg ICAgICAgLnNpemUgICAgICAgPSA0LAorICAgICAgICAuaW5pdF92YWwgICA9 IDB4MDAwMDAwMDAsCisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZG RiwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweDAwMDAwMDAwLAorICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9wZW5kaW5nX3JlZ19pbml0LAorICAg ICAgICAudS5kdy5yZWFkICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAorICAg ICAgICAudS5kdy53cml0ZSA9IHhlbl9wdF9sb25nX3JlZ193cml0ZSwKKyAg ICB9LAorICAgIC8qIFBlbmRpbmcgcmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01B U0tCSVQgc2V0LCBmb3IgNjQtYml0IGRldmljZXMpICovCisgICAgeworICAg ICAgICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfTUFTS182NCArIDQsCisgICAg ICAgIC5zaXplICAgICAgID0gNCwKKyAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAwMDAwLAorICAgICAgICAucm9fbWFzayAgICA9IDB4RkZGRkZGRkYs CisgICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAg LmluaXQgICAgICAgPSB4ZW5fcHRfcGVuZGluZ19yZWdfaW5pdCwKKyAgICAg ICAgLnUuZHcucmVhZCAgPSB4ZW5fcHRfbG9uZ19yZWdfcmVhZCwKKyAgICAg ICAgLnUuZHcud3JpdGUgPSB4ZW5fcHRfbG9uZ19yZWdfd3JpdGUsCisgICAg fSwKICAgICB7CiAgICAgICAgIC5zaXplID0gMCwKICAgICB9LAotLS0gYS9o dy9wY2lfcmVncy5oCisrKyBiL2h3L3BjaV9yZWdzLmgKQEAgLTI5OCw4ICsy OTgsMTAgQEAKICNkZWZpbmUgUENJX01TSV9BRERSRVNTX0hJCTgJLyogVXBw ZXIgMzIgYml0cyAoaWYgUENJX01TSV9GTEFHU182NEJJVCBzZXQpICovCiAj ZGVmaW5lIFBDSV9NU0lfREFUQV8zMgkJOAkvKiAxNiBiaXRzIG9mIGRhdGEg Zm9yIDMyLWJpdCBkZXZpY2VzICovCiAjZGVmaW5lIFBDSV9NU0lfTUFTS18z MgkJMTIJLyogTWFzayBiaXRzIHJlZ2lzdGVyIGZvciAzMi1iaXQgZGV2aWNl cyAqLworI2RlZmluZSBQQ0lfTVNJX1BFTkRJTkdfMzIJMTYJLyogUGVuZGlu ZyBiaXRzIHJlZ2lzdGVyIGZvciAzMi1iaXQgZGV2aWNlcyAqLwogI2RlZmlu ZSBQQ0lfTVNJX0RBVEFfNjQJCTEyCS8qIDE2IGJpdHMgb2YgZGF0YSBmb3Ig NjQtYml0IGRldmljZXMgKi8KICNkZWZpbmUgUENJX01TSV9NQVNLXzY0CQkx NgkvKiBNYXNrIGJpdHMgcmVnaXN0ZXIgZm9yIDY0LWJpdCBkZXZpY2VzICov CisjZGVmaW5lIFBDSV9NU0lfUEVORElOR182NAkyMAkvKiBQZW5kaW5nIGJp dHMgcmVnaXN0ZXIgZm9yIDMyLWJpdCBkZXZpY2VzICovCiAKIC8qIE1TSS1Y IHJlZ2lzdGVycyAqLwogI2RlZmluZSBQQ0lfTVNJWF9GTEFHUwkJMgo= --=separator Content-Type: application/octet-stream; name="xsa129-qemuu.patch" Content-Disposition: attachment; filename="xsa129-qemuu.patch" Content-Transfer-Encoding: base64 eGVuOiBkb24ndCBhbGxvdyBndWVzdCB0byBjb250cm9sIE1TSSBtYXNrIHJl Z2lzdGVyCgpJdCdzIGJlaW5nIHVzZWQgYnkgdGhlIGh5cGVydmlzb3IuIEZv ciBub3cgc2ltcGx5IG1pbWljIGEgZGV2aWNlIG5vdApjYXBhYmxlIG9mIG1h c2tpbmcsIGFuZCBmdWxseSBlbXVsYXRlIGFueSBhY2Nlc3NlcyBhIGd1ZXN0 IG1heSBpc3N1ZQpuZXZlcnRoZWxlc3MgYXMgc2ltcGxlIHJlYWRzL3dyaXRl cyB3aXRob3V0IHNpZGUgZWZmZWN0cy4KClRoaXMgaXMgWFNBLTEyOS4KClNp Z25lZC1vZmYtYnk6IEphbiBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4K UmV2aWV3ZWQtYnk6IFN0ZWZhbm8gU3RhYmVsbGluaSA8c3RlZmFuby5zdGFi ZWxsaW5pQGV1LmNpdHJpeC5jb20+CgotLS0gYS9ody9wY2kvbXNpLmMKKysr IGIvaHcvcGNpL21zaS5jCkBAIC0yMSwxMCArMjEsNiBAQAogI2luY2x1ZGUg Imh3L3BjaS9tc2kuaCIKICNpbmNsdWRlICJxZW11L3JhbmdlLmgiCiAKLS8q IEV2ZW50dWFsbHkgdGhvc2UgY29uc3RhbnRzIHNob3VsZCBnbyB0byBMaW51 eCBwY2lfcmVncy5oICovCi0jZGVmaW5lIFBDSV9NU0lfUEVORElOR18zMiAg ICAgIDB4MTAKLSNkZWZpbmUgUENJX01TSV9QRU5ESU5HXzY0ICAgICAgMHgx NAotCiAvKiBQQ0lfTVNJX0FERFJFU1NfTE8gKi8KICNkZWZpbmUgUENJX01T SV9BRERSRVNTX0xPX01BU0sgICAgICAgICAofjB4MykKIAotLS0gYS9ody94 ZW4veGVuX3B0X2NvbmZpZ19pbml0LmMKKysrIGIvaHcveGVuL3hlbl9wdF9j b25maWdfaW5pdC5jCkBAIC0xMDE4LDEzICsxMDE4LDkgQEAgc3RhdGljIFhl blBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19wbVtdIAogICovCiAKIC8qIEhl bHBlciAqLwotc3RhdGljIGJvb2wgeGVuX3B0X21zZ2RhdGFfY2hlY2tfdHlw ZSh1aW50MzJfdCBvZmZzZXQsIHVpbnQxNl90IGZsYWdzKQotewotICAgIC8q IGNoZWNrIHRoZSBvZmZzZXQgd2hldGhlciBtYXRjaGVzIHRoZSB0eXBlIG9y IG5vdCAqLwotICAgIGJvb2wgaXNfMzIgPSAob2Zmc2V0ID09IFBDSV9NU0lf REFUQV8zMikgJiYgIShmbGFncyAmIFBDSV9NU0lfRkxBR1NfNjRCSVQpOwot ICAgIGJvb2wgaXNfNjQgPSAob2Zmc2V0ID09IFBDSV9NU0lfREFUQV82NCkg JiYgIChmbGFncyAmIFBDSV9NU0lfRkxBR1NfNjRCSVQpOwotICAgIHJldHVy biBpc18zMiB8fCBpc182NDsKLX0KKyNkZWZpbmUgeGVuX3B0X21zaV9jaGVj a190eXBlKG9mZnNldCwgZmxhZ3MsIHdoYXQpIFwKKyAgICAgICAgKChvZmZz ZXQpID09ICgoZmxhZ3MpICYgUENJX01TSV9GTEFHU182NEJJVCA/IFwKKyAg ICAgICAgICAgICAgICAgICAgICBQQ0lfTVNJXyMjd2hhdCMjXzY0IDogUENJ X01TSV8jI3doYXQjI18zMikpCiAKIC8qIE1lc3NhZ2UgQ29udHJvbCByZWdp c3RlciAqLwogc3RhdGljIGludCB4ZW5fcHRfbXNnY3RybF9yZWdfaW5pdChY ZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLApAQCAtMTEzNiw3ICsxMTMyLDQ1 IEBAIHN0YXRpYyBpbnQgeGVuX3B0X21zZ2RhdGFfcmVnX2luaXQoWGVuUEMK ICAgICB1aW50MzJfdCBvZmZzZXQgPSByZWctPm9mZnNldDsKIAogICAgIC8q IGNoZWNrIHRoZSBvZmZzZXQgd2hldGhlciBtYXRjaGVzIHRoZSB0eXBlIG9y IG5vdCAqLwotICAgIGlmICh4ZW5fcHRfbXNnZGF0YV9jaGVja190eXBlKG9m ZnNldCwgZmxhZ3MpKSB7CisgICAgaWYgKHhlbl9wdF9tc2lfY2hlY2tfdHlw ZShvZmZzZXQsIGZsYWdzLCBEQVRBKSkgeworICAgICAgICAqZGF0YSA9IHJl Zy0+aW5pdF92YWw7CisgICAgfSBlbHNlIHsKKyAgICAgICAgKmRhdGEgPSBY RU5fUFRfSU5WQUxJRF9SRUc7CisgICAgfQorICAgIHJldHVybiAwOworfQor CisvKiB0aGlzIGZ1bmN0aW9uIHdpbGwgYmUgY2FsbGVkIHR3aWNlIChmb3Ig MzIgYml0IGFuZCA2NCBiaXQgdHlwZSkgKi8KKy8qIGluaXRpYWxpemUgTWFz ayByZWdpc3RlciAqLworc3RhdGljIGludCB4ZW5fcHRfbWFza19yZWdfaW5p dChYZW5QQ0lQYXNzdGhyb3VnaFN0YXRlICpzLAorICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICBYZW5QVFJlZ0luZm8gKnJlZywgdWludDMyX3Qg cmVhbF9vZmZzZXQsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHVpbnQzMl90ICpkYXRhKQoreworICAgIHVpbnQzMl90IGZsYWdzID0gcy0+ bXNpLT5mbGFnczsKKworICAgIC8qIGNoZWNrIHRoZSBvZmZzZXQgd2hldGhl ciBtYXRjaGVzIHRoZSB0eXBlIG9yIG5vdCAqLworICAgIGlmICghKGZsYWdz ICYgUENJX01TSV9GTEFHU19NQVNLQklUKSkgeworICAgICAgICAqZGF0YSA9 IFhFTl9QVF9JTlZBTElEX1JFRzsKKyAgICB9IGVsc2UgaWYgKHhlbl9wdF9t c2lfY2hlY2tfdHlwZShyZWctPm9mZnNldCwgZmxhZ3MsIE1BU0spKSB7Cisg ICAgICAgICpkYXRhID0gcmVnLT5pbml0X3ZhbDsKKyAgICB9IGVsc2Ugewor ICAgICAgICAqZGF0YSA9IFhFTl9QVF9JTlZBTElEX1JFRzsKKyAgICB9Cisg ICAgcmV0dXJuIDA7Cit9CisKKy8qIHRoaXMgZnVuY3Rpb24gd2lsbCBiZSBj YWxsZWQgdHdpY2UgKGZvciAzMiBiaXQgYW5kIDY0IGJpdCB0eXBlKSAqLwor LyogaW5pdGlhbGl6ZSBQZW5kaW5nIHJlZ2lzdGVyICovCitzdGF0aWMgaW50 IHhlbl9wdF9wZW5kaW5nX3JlZ19pbml0KFhlblBDSVBhc3N0aHJvdWdoU3Rh dGUgKnMsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFhl blBUUmVnSW5mbyAqcmVnLCB1aW50MzJfdCByZWFsX29mZnNldCwKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdWludDMyX3QgKmRhdGEp Cit7CisgICAgdWludDMyX3QgZmxhZ3MgPSBzLT5tc2ktPmZsYWdzOworCisg ICAgLyogY2hlY2sgdGhlIG9mZnNldCB3aGV0aGVyIG1hdGNoZXMgdGhlIHR5 cGUgb3Igbm90ICovCisgICAgaWYgKCEoZmxhZ3MgJiBQQ0lfTVNJX0ZMQUdT X01BU0tCSVQpKSB7CisgICAgICAgICpkYXRhID0gWEVOX1BUX0lOVkFMSURf UkVHOworICAgIH0gZWxzZSBpZiAoeGVuX3B0X21zaV9jaGVja190eXBlKHJl Zy0+b2Zmc2V0LCBmbGFncywgUEVORElORykpIHsKICAgICAgICAgKmRhdGEg PSByZWctPmluaXRfdmFsOwogICAgIH0gZWxzZSB7CiAgICAgICAgICpkYXRh ID0gWEVOX1BUX0lOVkFMSURfUkVHOwpAQCAtMTIyNCw3ICsxMjU4LDcgQEAg c3RhdGljIGludCB4ZW5fcHRfbXNnZGF0YV9yZWdfd3JpdGUoWGVuUAogICAg IHVpbnQzMl90IG9mZnNldCA9IHJlZy0+b2Zmc2V0OwogCiAgICAgLyogY2hl Y2sgdGhlIG9mZnNldCB3aGV0aGVyIG1hdGNoZXMgdGhlIHR5cGUgb3Igbm90 ICovCi0gICAgaWYgKCF4ZW5fcHRfbXNnZGF0YV9jaGVja190eXBlKG9mZnNl dCwgbXNpLT5mbGFncykpIHsKKyAgICBpZiAoIXhlbl9wdF9tc2lfY2hlY2tf dHlwZShvZmZzZXQsIG1zaS0+ZmxhZ3MsIERBVEEpKSB7CiAgICAgICAgIC8q IGV4aXQgSS9PIGVtdWxhdG9yICovCiAgICAgICAgIFhFTl9QVF9FUlIoJnMt PmRldiwgInRoZSBvZmZzZXQgZG9lcyBub3QgbWF0Y2ggdGhlIDMyLzY0IGJp dCB0eXBlIVxuIik7CiAgICAgICAgIHJldHVybiAtMTsKQEAgLTEyNjksNyAr MTMwMyw3IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdf bXNpW10KICAgICAgICAgLnNpemUgICAgICAgPSAyLAogICAgICAgICAuaW5p dF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweEZG OEUsCi0gICAgICAgIC5lbXVfbWFzayAgID0gMHgwMDdGLAorICAgICAgICAu ZW11X21hc2sgICA9IDB4MDE3RiwKICAgICAgICAgLmluaXQgICAgICAgPSB4 ZW5fcHRfbXNnY3RybF9yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAg PSB4ZW5fcHRfd29yZF9yZWdfcmVhZCwKICAgICAgICAgLnUudy53cml0ZSAg PSB4ZW5fcHRfbXNnY3RybF9yZWdfd3JpdGUsCkBAIC0xMzE4LDYgKzEzNTIs NTAgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lb XQogICAgICAgICAudS53LnJlYWQgICA9IHhlbl9wdF93b3JkX3JlZ19yZWFk LAogICAgICAgICAudS53LndyaXRlICA9IHhlbl9wdF9tc2dkYXRhX3JlZ193 cml0ZSwKICAgICB9LAorICAgIC8qIE1hc2sgcmVnIChpZiBQQ0lfTVNJX0ZM QUdTX01BU0tCSVQgc2V0LCBmb3IgMzItYml0IGRldmljZXMpICovCisgICAg eworICAgICAgICAub2Zmc2V0ICAgICA9IFBDSV9NU0lfTUFTS18zMiwKKyAg ICAgICAgLnNpemUgICAgICAgPSA0LAorICAgICAgICAuaW5pdF92YWwgICA9 IDB4MDAwMDAwMDAsCisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZG RiwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAweEZGRkZGRkZGLAorICAgICAg ICAuaW5pdCAgICAgICA9IHhlbl9wdF9tYXNrX3JlZ19pbml0LAorICAgICAg ICAudS5kdy5yZWFkICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAorICAgICAg ICAudS5kdy53cml0ZSA9IHhlbl9wdF9sb25nX3JlZ193cml0ZSwKKyAgICB9 LAorICAgIC8qIE1hc2sgcmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01BU0tCSVQg c2V0LCBmb3IgNjQtYml0IGRldmljZXMpICovCisgICAgeworICAgICAgICAu b2Zmc2V0ICAgICA9IFBDSV9NU0lfTUFTS182NCwKKyAgICAgICAgLnNpemUg ICAgICAgPSA0LAorICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMDAwMDAs CisgICAgICAgIC5yb19tYXNrICAgID0gMHhGRkZGRkZGRiwKKyAgICAgICAg LmVtdV9tYXNrICAgPSAweEZGRkZGRkZGLAorICAgICAgICAuaW5pdCAgICAg ICA9IHhlbl9wdF9tYXNrX3JlZ19pbml0LAorICAgICAgICAudS5kdy5yZWFk ICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAorICAgICAgICAudS5kdy53cml0 ZSA9IHhlbl9wdF9sb25nX3JlZ193cml0ZSwKKyAgICB9LAorICAgIC8qIFBl bmRpbmcgcmVnIChpZiBQQ0lfTVNJX0ZMQUdTX01BU0tCSVQgc2V0LCBmb3Ig MzItYml0IGRldmljZXMpICovCisgICAgeworICAgICAgICAub2Zmc2V0ICAg ICA9IFBDSV9NU0lfTUFTS18zMiArIDQsCisgICAgICAgIC5zaXplICAgICAg ID0gNCwKKyAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAorICAg ICAgICAucm9fbWFzayAgICA9IDB4RkZGRkZGRkYsCisgICAgICAgIC5lbXVf bWFzayAgID0gMHgwMDAwMDAwMCwKKyAgICAgICAgLmluaXQgICAgICAgPSB4 ZW5fcHRfcGVuZGluZ19yZWdfaW5pdCwKKyAgICAgICAgLnUuZHcucmVhZCAg PSB4ZW5fcHRfbG9uZ19yZWdfcmVhZCwKKyAgICAgICAgLnUuZHcud3JpdGUg PSB4ZW5fcHRfbG9uZ19yZWdfd3JpdGUsCisgICAgfSwKKyAgICAvKiBQZW5k aW5nIHJlZyAoaWYgUENJX01TSV9GTEFHU19NQVNLQklUIHNldCwgZm9yIDY0 LWJpdCBkZXZpY2VzKSAqLworICAgIHsKKyAgICAgICAgLm9mZnNldCAgICAg PSBQQ0lfTVNJX01BU0tfNjQgKyA0LAorICAgICAgICAuc2l6ZSAgICAgICA9 IDQsCisgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwMDAwMCwKKyAgICAg ICAgLnJvX21hc2sgICAgPSAweEZGRkZGRkZGLAorICAgICAgICAuZW11X21h c2sgICA9IDB4MDAwMDAwMDAsCisgICAgICAgIC5pbml0ICAgICAgID0geGVu X3B0X3BlbmRpbmdfcmVnX2luaXQsCisgICAgICAgIC51LmR3LnJlYWQgID0g eGVuX3B0X2xvbmdfcmVnX3JlYWQsCisgICAgICAgIC51LmR3LndyaXRlID0g eGVuX3B0X2xvbmdfcmVnX3dyaXRlLAorICAgIH0sCiAgICAgewogICAgICAg ICAuc2l6ZSA9IDAsCiAgICAgfSwKLS0tIGEvaW5jbHVkZS9ody9wY2kvcGNp X3JlZ3MuaAorKysgYi9pbmNsdWRlL2h3L3BjaS9wY2lfcmVncy5oCkBAIC0y OTgsOCArMjk4LDEwIEBACiAjZGVmaW5lIFBDSV9NU0lfQUREUkVTU19ISQk4 CS8qIFVwcGVyIDMyIGJpdHMgKGlmIFBDSV9NU0lfRkxBR1NfNjRCSVQgc2V0 KSAqLwogI2RlZmluZSBQQ0lfTVNJX0RBVEFfMzIJCTgJLyogMTYgYml0cyBv ZiBkYXRhIGZvciAzMi1iaXQgZGV2aWNlcyAqLwogI2RlZmluZSBQQ0lfTVNJ X01BU0tfMzIJCTEyCS8qIE1hc2sgYml0cyByZWdpc3RlciBmb3IgMzItYml0 IGRldmljZXMgKi8KKyNkZWZpbmUgUENJX01TSV9QRU5ESU5HXzMyCTE2CS8q IFBlbmRpbmcgYml0cyByZWdpc3RlciBmb3IgMzItYml0IGRldmljZXMgKi8K ICNkZWZpbmUgUENJX01TSV9EQVRBXzY0CQkxMgkvKiAxNiBiaXRzIG9mIGRh dGEgZm9yIDY0LWJpdCBkZXZpY2VzICovCiAjZGVmaW5lIFBDSV9NU0lfTUFT S182NAkJMTYJLyogTWFzayBiaXRzIHJlZ2lzdGVyIGZvciA2NC1iaXQgZGV2 aWNlcyAqLworI2RlZmluZSBQQ0lfTVNJX1BFTkRJTkdfNjQJMjAJLyogUGVu ZGluZyBiaXRzIHJlZ2lzdGVyIGZvciAzMi1iaXQgZGV2aWNlcyAqLwogCiAv KiBNU0ktWCByZWdpc3RlcnMgKi8KICNkZWZpbmUgUENJX01TSVhfRkxBR1MJ CTIK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 02 14:06:35 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Jun 2015 14:06:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoH-0005QH-9G; Tue, 02 Jun 2015 14:04:53 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YzmoF-0005Px-LX; Tue, 02 Jun 2015 14:04:51 +0000 Received: from [85.158.139.211] by server-8.bemta-5.messagelabs.com id 06/6C-29702-208BD655; Tue, 02 Jun 2015 14:04:50 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-8.tower-206.messagelabs.com!1433253887!11229616!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 1381 invoked from network); 2 Jun 2015 14:04:48 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-8.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 2 Jun 2015 14:04:48 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Yzmo4-0006SW-PC; Tue, 02 Jun 2015 14:04:40 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Yzmo4-0001nH-5B; Tue, 02 Jun 2015 14:04:40 +0000 Date: Tue, 02 Jun 2015 14:04:40 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 128 (CVE-2015-4103) - Potential unintended writes to host MSI message data field via qemu X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4103 / XSA-128 version 2 Potential unintended writes to host MSI message data field via qemu UPDATES IN VERSION 2 ==================== Public release. CVE assigned. ISSUE DESCRIPTION ================= Logic is in place to avoid writes to certain host config space fields when the guest must nevertheless be able to access their virtual counterparts. A bug in how this logic deals with accesses spanning multiple fields allows the guest to write to the host MSI message data field. While generally the writes write back the values previously read, their value in config space may have got changed by the host between the qemu read and write. In such a case host side interrupt handling could become confused, possibly losing interrupts or allowing spurious interrupt injection into other guests. IMPACT ====== Certain untrusted guest administrators may be able to confuse host side interrupt handling, leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only HVM guests with their device model run in Dom0 can take advantage of this vulnerability. Only HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability. Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable. (Most modern devices are.) MITIGATION ========== This issue can be avoided by not assigning MSI capable PCI devices to untrusted HVM guests. This issue can also be avoided by only using PV guests. It can also be avoided by configuring HVM guests with their device model run in a separate (stub) domain. (When using xl, this can be requested with "device_model_stubdomain_override=1" in the domain configuration file.) CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa128-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa128-qemuu-4.3.patch Xen 4.3.x xsa128-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa128*.patch 68b85a4c7d531d343d7fac2e92dbec3677bc2e4a83de75d78d7f605a2fc8ad3f xsa128-qemut.patch 2ec657a6f22cac922854548c9d83698656ab7a36634ad05de7f14439cc4405bc xsa128-qemuu-4.3.patch 104cf2e2816d253cc1eca3084f6ea9b6007f7773a88bda245bab00539e08b359 xsa128-qemuu.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVbbdOAAoJEIP+FMlX6CvZEPUIAIti0HdxCX4JNy5MKqNFxHRB KtGibssSaoGcPmkhLDqtOQ+8BwTUe/owezKlX799Jf0Jqn1bVXejCLyh0e6cyauq pPoyQd+zblIpTFw3ByqVzicLajmVfY5v8yGGBAnSpuvfVEd3K5qWZCvFx+rEJ4AB JI8jQdMAn2oFGtLbYDysRUpSjg/OtqIC6o3a4yfVnPDcduPq9XFpnxcdHHVfrklS SeY1MGLbJtrNzya+zX1GZxFh5kuZnF/qSY3o60LF+2ZpK9nyH8toX1flvW9lXa86 9r1zxgy6qE1iWOHo4E1HjlK3lUUqW0XgkB/3zj+2LtX1uTwOhPtATn5/Neje0GY= =4I3/ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa128-qemut.patch" Content-Disposition: attachment; filename="xsa128-qemut.patch" Content-Transfer-Encoding: base64 eGVuOiBwcm9wZXJseSBnYXRlIGhvc3Qgd3JpdGVzIG9mIG1vZGlmaWVkIFBD SSBDRkcgY29udGVudHMKClRoZSBvbGQgbG9naWMgZGlkbid0IHdvcmsgYXMg aW50ZW5kZWQgd2hlbiBhbiBhY2Nlc3Mgc3Bhbm5lZCBtdWx0aXBsZQpmaWVs ZHMgKGZvciBleGFtcGxlIGEgMzItYml0IGFjY2VzcyB0byB0aGUgbG9jYXRp b24gb2YgdGhlIE1TSSBNZXNzYWdlCkRhdGEgZmllbGQgd2l0aCB0aGUgaGln aCAxNiBiaXRzIG5vdCBiZWluZyBjb3ZlcmVkIGJ5IGFueSBrbm93biBmaWVs ZCkuClJlbW92ZSBpdCBhbmQgZGVyaXZlIHdoaWNoIGZpZWxkcyBub3QgdG8g d3JpdGUgdG8gZnJvbSB0aGUgYWNjZXNzZWQKZmllbGRzJyBlbXVsYXRpb24g bWFza3M6IFdoZW4gdGhleSdyZSBhbGwgb25lcywgdGhlcmUncyBubyBwb2lu dCBpbgpkb2luZyBhbnkgaG9zdCB3cml0ZS4KClRoaXMgZml4ZXMgYSBzZWNv bmRhcnkgaXNzdWUgYXQgb25jZTogV2Ugb2J2aW91c2x5IHNob3VsZG4ndCBt YWtlIGFueQpob3N0IHdyaXRlIGF0dGVtcHQgd2hlbiBhbHJlYWR5IHRoZSBo b3N0IHJlYWQgZmFpbGVkLgoKVGhpcyBpcyBYU0EtMTI4LgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3Bhc3MtdGhyb3VnaC5jCisrKyBi L2h3L3Bhc3MtdGhyb3VnaC5jCkBAIC00NTQsNyArNDU0LDcgQEAgc3RhdGlj IHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAu b2Zmc2V0ICAgICA9IFBDSV9JTlRFTF9PUFJFR0lPTiwKICAgICAgICAgLnNp emUgICAgICAgPSA0LAogICAgICAgICAuaW5pdF92YWwgICA9IDAsCi0gICAg ICAgIC5ub193YiAgICAgID0gMSwKKyAgICAgICAgLmVtdV9tYXNrICAgPSAw eEZGRkZGRkZGLAogICAgICAgICAudS5kdy5yZWFkICAgPSBwdF9pbnRlbF9v cHJlZ2lvbl9yZWFkLAogICAgICAgICAudS5kdy53cml0ZSAgPSBwdF9pbnRl bF9vcHJlZ2lvbl93cml0ZSwKICAgICAgICAgLnUuZHcucmVzdG9yZSAgPSBO VUxMLApAQCAtNjU3LDcgKzY1Nyw2IEBAIHN0YXRpYyBzdHJ1Y3QgcHRfcmVn X2luZm9fdGJsIHB0X2VtdV9yZWcKICAgICAgICAgLmluaXRfdmFsICAgPSAw eDAwMDAwMDAwLAogICAgICAgICAucm9fbWFzayAgICA9IDB4MDAwMDAwMDMs CiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGRkZGRiwKLSAgICAgICAg Lm5vX3diICAgICAgPSAxLAogICAgICAgICAuaW5pdCAgICAgICA9IHB0X2Nv bW1vbl9yZWdfaW5pdCwKICAgICAgICAgLnUuZHcucmVhZCAgPSBwdF9sb25n X3JlZ19yZWFkLAogICAgICAgICAudS5kdy53cml0ZSA9IHB0X21zZ2FkZHIz Ml9yZWdfd3JpdGUsCkBAIC02NzAsNyArNjY5LDYgQEAgc3RhdGljIHN0cnVj dCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAuaW5pdF92 YWwgICA9IDB4MDAwMDAwMDAsCiAgICAgICAgIC5yb19tYXNrICAgID0gMHgw MDAwMDAwMCwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweEZGRkZGRkZGLAot ICAgICAgICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAg ID0gcHRfbXNnYWRkcjY0X3JlZ19pbml0LAogICAgICAgICAudS5kdy5yZWFk ICA9IHB0X2xvbmdfcmVnX3JlYWQsCiAgICAgICAgIC51LmR3LndyaXRlID0g cHRfbXNnYWRkcjY0X3JlZ193cml0ZSwKQEAgLTY4Myw3ICs2ODEsNiBAQCBz dGF0aWMgc3RydWN0IHB0X3JlZ19pbmZvX3RibCBwdF9lbXVfcmVnCiAgICAg ICAgIC5pbml0X3ZhbCAgID0gMHgwMDAwLAogICAgICAgICAucm9fbWFzayAg ICA9IDB4MDAwMCwKICAgICAgICAgLmVtdV9tYXNrICAgPSAweEZGRkYsCi0g ICAgICAgIC5ub193YiAgICAgID0gMSwKICAgICAgICAgLmluaXQgICAgICAg PSBwdF9tc2dkYXRhX3JlZ19pbml0LAogICAgICAgICAudS53LnJlYWQgICA9 IHB0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0gcHRf bXNnZGF0YV9yZWdfd3JpdGUsCkBAIC02OTYsNyArNjkzLDYgQEAgc3RhdGlj IHN0cnVjdCBwdF9yZWdfaW5mb190YmwgcHRfZW11X3JlZwogICAgICAgICAu aW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAw eDAwMDAsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGLAotICAgICAg ICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAgID0gcHRf bXNnZGF0YV9yZWdfaW5pdCwKICAgICAgICAgLnUudy5yZWFkICAgPSBwdF93 b3JkX3JlZ19yZWFkLAogICAgICAgICAudS53LndyaXRlICA9IHB0X21zZ2Rh dGFfcmVnX3dyaXRlLApAQCAtMTUyNCw3ICsxNTIwLDcgQEAgc3RhdGljIHZv aWQgcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lEZXZpYwogICAgIHVpbnQzMl90 IGZpbmRfYWRkciA9IGFkZHJlc3M7CiAgICAgdWludDMyX3QgcmVhbF9vZmZz ZXQgPSAwOwogICAgIHVpbnQzMl90IHZhbGlkX21hc2sgPSAweEZGRkZGRkZG OwotICAgIHVpbnQzMl90IHJlYWRfdmFsID0gMDsKKyAgICB1aW50MzJfdCBy ZWFkX3ZhbCA9IDAsIHdiX21hc2s7CiAgICAgdWludDhfdCAqcHRyX3ZhbCA9 IE5VTEw7CiAgICAgaW50IGVtdWxfbGVuID0gMDsKICAgICBpbnQgaW5kZXgg PSAwOwpAQCAtMTU5Nyw3ICsxNTkzLDEwIEBAIHN0YXRpYyB2b2lkIHB0X3Bj aV93cml0ZV9jb25maWcoUENJRGV2aWMKICAgICB7CiAgICAgICAgIFBUX0xP RygiRXJyb3I6IHBjaV9yZWFkX2Jsb2NrIGZhaWxlZC4gcmV0dXJuIHZhbHVl WyVkXS5cbiIsIHJldCk7CiAgICAgICAgIG1lbXNldCgodWludDhfdCAqKSZy ZWFkX3ZhbCwgMHhmZiwgbGVuKTsKKyAgICAgICAgd2JfbWFzayA9IDA7CiAg ICAgfQorICAgIGVsc2UKKyAgICAgICAgd2JfbWFzayA9IDB4RkZGRkZGRkYg Pj4gKCg0IC0gbGVuKSA8PCAzKTsKIAogICAgIC8qIHBhc3MgZGlyZWN0bHkg dG8gbGlicGNpIGZvciBwYXNzdGhyb3VnaCB0eXBlIHJlZ2lzdGVyIGdyb3Vw ICovCiAgICAgaWYgKHJlZ19ncnBfZW50cnkgPT0gTlVMTCkKQEAgLTE2MjAs NiArMTYxOSwxMSBAQCBzdGF0aWMgdm9pZCBwdF9wY2lfd3JpdGVfY29uZmln KFBDSURldmljCiAgICAgICAgICAgICB2YWxpZF9tYXNrID0gKDB4RkZGRkZG RkYgPj4gKCg0IC0gZW11bF9sZW4pIDw8IDMpKTsKICAgICAgICAgICAgIHZh bGlkX21hc2sgPDw9ICgoZmluZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDMp OwogICAgICAgICAgICAgcHRyX3ZhbCA9ICgodWludDhfdCAqKSZ2YWwgKyAo cmVhbF9vZmZzZXQgJiAzKSk7CisgICAgICAgICAgICBpZiAocmVnLT5lbXVf bWFzayA9PSAoMHhGRkZGRkZGRiA+PiAoKDQgLSByZWctPnNpemUpIDw8IDMp KSkgeworICAgICAgICAgICAgICAgIHdiX21hc2sgJj0gfigocmVnLT5lbXVf bWFzaworICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPj4gKChmaW5k X2FkZHIgLSByZWFsX29mZnNldCkgPDwgMykpCisgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDw8ICgobGVuIC0gZW11bF9sZW4pIDw8IDMpKTsKKyAg ICAgICAgICAgIH0KIAogICAgICAgICAgICAgLyogZG8gZW11bGF0aW9uIGRl cGVuZCBvbiByZWdpc3RlciBzaXplICovCiAgICAgICAgICAgICBzd2l0Y2gg KHJlZy0+c2l6ZSkgewpAQCAtMTY3Nyw4ICsxNjgxLDE5IEBAIHN0YXRpYyB2 b2lkIHB0X3BjaV93cml0ZV9jb25maWcoUENJRGV2aWMKICAgICB2YWwgPj49 ICgoYWRkcmVzcyAmIDMpIDw8IDMpOwogCiBvdXQ6Ci0gICAgaWYgKCEocmVn ICYmIHJlZy0+bm9fd2IpKSB7ICAvKiB1bmtub3duIHJlZ3MgYXJlIHBhc3Nl ZCB0aHJvdWdoICovCi0gICAgICAgIHJldCA9IHBjaV93cml0ZV9ibG9jayhw Y2lfZGV2LCBhZGRyZXNzLCAodWludDhfdCAqKSZ2YWwsIGxlbik7CisgICAg Zm9yIChpbmRleCA9IDA7IHdiX21hc2s7IGluZGV4ICs9IGxlbikgeworICAg ICAgICAvKiB1bmtub3duIHJlZ3MgYXJlIHBhc3NlZCB0aHJvdWdoICovCisg ICAgICAgIHdoaWxlICghKHdiX21hc2sgJiAweGZmKSkgeworICAgICAgICAg ICAgaW5kZXgrKzsKKyAgICAgICAgICAgIHdiX21hc2sgPj49IDg7CisgICAg ICAgIH0KKyAgICAgICAgbGVuID0gMDsKKyAgICAgICAgZG8geworICAgICAg ICAgICAgbGVuKys7CisgICAgICAgICAgICB3Yl9tYXNrID4+PSA4OworICAg ICAgICB9IHdoaWxlICh3Yl9tYXNrICYgMHhmZik7CisgICAgICAgIHJldCA9 IHBjaV93cml0ZV9ibG9jayhwY2lfZGV2LCBhZGRyZXNzICsgaW5kZXgsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodWludDhfdCAqKSZ2YWwg KyBpbmRleCwgbGVuKTsKIAogICAgICAgICBpZiAoIXJldCkKICAgICAgICAg ICAgIFBUX0xPRygiRXJyb3I6IHBjaV93cml0ZV9ibG9jayBmYWlsZWQuIHJl dHVybiB2YWx1ZVslZF0uXG4iLCByZXQpOwotLS0gYS9ody9wYXNzLXRocm91 Z2guaAorKysgYi9ody9wYXNzLXRocm91Z2guaApAQCAtMzcyLDggKzM3Miw2 IEBAIHN0cnVjdCBwdF9yZWdfaW5mb190YmwgewogICAgIHVpbnQzMl90IHJv X21hc2s7CiAgICAgLyogcmVnIGVtdWxhdGUgZmllbGQgbWFzayAoT046ZW11 LCBPRkY6cGFzc3Rocm91Z2gpICovCiAgICAgdWludDMyX3QgZW11X21hc2s7 Ci0gICAgLyogbm8gd3JpdGUgYmFjayBhbGxvd2VkICovCi0gICAgdWludDMy X3Qgbm9fd2I7CiAgICAgLyogZW11bCByZWcgaW5pdGlhbGl6ZSBtZXRob2Qg Ki8KICAgICBjb25mX3JlZ19pbml0IGluaXQ7CiAgICAgdW5pb24gewo= --=separator Content-Type: application/octet-stream; name="xsa128-qemuu-4.3.patch" Content-Disposition: attachment; filename="xsa128-qemuu-4.3.patch" Content-Transfer-Encoding: base64 eGVuOiBwcm9wZXJseSBnYXRlIGhvc3Qgd3JpdGVzIG9mIG1vZGlmaWVkIFBD SSBDRkcgY29udGVudHMKClRoZSBvbGQgbG9naWMgZGlkbid0IHdvcmsgYXMg aW50ZW5kZWQgd2hlbiBhbiBhY2Nlc3Mgc3Bhbm5lZCBtdWx0aXBsZQpmaWVs ZHMgKGZvciBleGFtcGxlIGEgMzItYml0IGFjY2VzcyB0byB0aGUgbG9jYXRp b24gb2YgdGhlIE1TSSBNZXNzYWdlCkRhdGEgZmllbGQgd2l0aCB0aGUgaGln aCAxNiBiaXRzIG5vdCBiZWluZyBjb3ZlcmVkIGJ5IGFueSBrbm93biBmaWVs ZCkuClJlbW92ZSBpdCBhbmQgZGVyaXZlIHdoaWNoIGZpZWxkcyBub3QgdG8g d3JpdGUgdG8gZnJvbSB0aGUgYWNjZXNzZWQKZmllbGRzJyBlbXVsYXRpb24g bWFza3M6IFdoZW4gdGhleSdyZSBhbGwgb25lcywgdGhlcmUncyBubyBwb2lu dCBpbgpkb2luZyBhbnkgaG9zdCB3cml0ZS4KClRoaXMgZml4ZXMgYSBzZWNv bmRhcnkgaXNzdWUgYXQgb25jZTogV2Ugb2J2aW91c2x5IHNob3VsZG4ndCBt YWtlIGFueQpob3N0IHdyaXRlIGF0dGVtcHQgd2hlbiBhbHJlYWR5IHRoZSBo b3N0IHJlYWQgZmFpbGVkLgoKVGhpcyBpcyBYU0EtMTI4LgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbl9wdC5jCisrKyBiL2h3L3hl bl9wdC5jCkBAIC0yMzQsNyArMjM0LDcgQEAgc3RhdGljIHZvaWQgeGVuX3B0 X3BjaV93cml0ZV9jb25maWcoUENJRAogICAgIGludCBpbmRleCA9IDA7CiAg ICAgWGVuUFRSZWdHcm91cCAqcmVnX2dycF9lbnRyeSA9IE5VTEw7CiAgICAg aW50IHJjID0gMDsKLSAgICB1aW50MzJfdCByZWFkX3ZhbCA9IDA7CisgICAg dWludDMyX3QgcmVhZF92YWwgPSAwLCB3Yl9tYXNrOwogICAgIGludCBlbXVs X2xlbiA9IDA7CiAgICAgWGVuUFRSZWcgKnJlZ19lbnRyeSA9IE5VTEw7CiAg ICAgdWludDMyX3QgZmluZF9hZGRyID0gYWRkcjsKQEAgLTI3MSw2ICsyNzEs OSBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lE CiAgICAgaWYgKHJjIDwgMCkgewogICAgICAgICBYRU5fUFRfRVJSKGQsICJw Y2lfcmVhZF9ibG9jayBmYWlsZWQuIHJldHVybiB2YWx1ZTogJWQuXG4iLCBy Yyk7CiAgICAgICAgIG1lbXNldCgmcmVhZF92YWwsIDB4ZmYsIGxlbik7Cisg ICAgICAgIHdiX21hc2sgPSAwOworICAgIH0gZWxzZSB7CisgICAgICAgIHdi X21hc2sgPSAweEZGRkZGRkZGID4+ICgoNCAtIGxlbikgPDwgMyk7CiAgICAg fQogCiAgICAgLyogcGFzcyBkaXJlY3RseSB0byB0aGUgcmVhbCBkZXZpY2Ug Zm9yIHBhc3N0aHJvdWdoIHR5cGUgcmVnaXN0ZXIgZ3JvdXAgKi8KQEAgLTI5 OCw2ICszMDEsMTEgQEAgc3RhdGljIHZvaWQgeGVuX3B0X3BjaV93cml0ZV9j b25maWcoUENJRAogCiAgICAgICAgICAgICB2YWxpZF9tYXNrIDw8PSAoZmlu ZF9hZGRyIC0gcmVhbF9vZmZzZXQpIDw8IDM7CiAgICAgICAgICAgICBwdHJf dmFsID0gKHVpbnQ4X3QgKikmdmFsICsgKHJlYWxfb2Zmc2V0ICYgMyk7Cisg ICAgICAgICAgICBpZiAocmVnLT5lbXVfbWFzayA9PSAoMHhGRkZGRkZGRiA+ PiAoKDQgLSByZWctPnNpemUpIDw8IDMpKSkgeworICAgICAgICAgICAgICAg IHdiX21hc2sgJj0gfigocmVnLT5lbXVfbWFzaworICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgPj4gKChmaW5kX2FkZHIgLSByZWFsX29mZnNldCkg PDwgMykpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDw8ICgobGVu IC0gZW11bF9sZW4pIDw8IDMpKTsKKyAgICAgICAgICAgIH0KIAogICAgICAg ICAgICAgLyogZG8gZW11bGF0aW9uIGJhc2VkIG9uIHJlZ2lzdGVyIHNpemUg Ki8KICAgICAgICAgICAgIHN3aXRjaCAocmVnLT5zaXplKSB7CkBAIC0zNTAs MTAgKzM1OCwxOSBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNpX3dyaXRlX2Nv bmZpZyhQQ0lECiAgICAgbWVtb3J5X3JlZ2lvbl90cmFuc2FjdGlvbl9jb21t aXQoKTsKIAogb3V0OgotICAgIGlmICghKHJlZyAmJiByZWctPm5vX3diKSkg eworICAgIGZvciAoaW5kZXggPSAwOyB3Yl9tYXNrOyBpbmRleCArPSBsZW4p IHsKICAgICAgICAgLyogdW5rbm93biByZWdzIGFyZSBwYXNzZWQgdGhyb3Vn aCAqLwotICAgICAgICByYyA9IHhlbl9ob3N0X3BjaV9zZXRfYmxvY2soJnMt PnJlYWxfZGV2aWNlLCBhZGRyLAotICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgKHVpbnQ4X3QgKikmdmFsLCBsZW4pOworICAgICAgICB3 aGlsZSAoISh3Yl9tYXNrICYgMHhmZikpIHsKKyAgICAgICAgICAgIGluZGV4 Kys7CisgICAgICAgICAgICB3Yl9tYXNrID4+PSA4OworICAgICAgICB9Cisg ICAgICAgIGxlbiA9IDA7CisgICAgICAgIGRvIHsKKyAgICAgICAgICAgIGxl bisrOworICAgICAgICAgICAgd2JfbWFzayA+Pj0gODsKKyAgICAgICAgfSB3 aGlsZSAod2JfbWFzayAmIDB4ZmYpOworICAgICAgICByYyA9IHhlbl9ob3N0 X3BjaV9zZXRfYmxvY2soJnMtPnJlYWxfZGV2aWNlLCBhZGRyICsgaW5kZXgs CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodWludDhf dCAqKSZ2YWwgKyBpbmRleCwgbGVuKTsKIAogICAgICAgICBpZiAocmMgPCAw KSB7CiAgICAgICAgICAgICBYRU5fUFRfRVJSKGQsICJwY2lfd3JpdGVfYmxv Y2sgZmFpbGVkLiByZXR1cm4gdmFsdWU6ICVkLlxuIiwgcmMpOwotLS0gYS9o dy94ZW5fcHQuaAorKysgYi9ody94ZW5fcHQuaApAQCAtMTA1LDggKzEwNSw2 IEBAIHN0cnVjdCBYZW5QVFJlZ0luZm8gewogICAgIHVpbnQzMl90IHJvX21h c2s7CiAgICAgLyogcmVnIGVtdWxhdGUgZmllbGQgbWFzayAoT046ZW11LCBP RkY6cGFzc3Rocm91Z2gpICovCiAgICAgdWludDMyX3QgZW11X21hc2s7Ci0g ICAgLyogbm8gd3JpdGUgYmFjayBhbGxvd2VkICovCi0gICAgdWludDMyX3Qg bm9fd2I7CiAgICAgeGVuX3B0X2NvbmZfcmVnX2luaXQgaW5pdDsKICAgICAv KiByZWFkL3dyaXRlIGZ1bmN0aW9uIHBvaW50ZXIKICAgICAgKiBmb3IgZG91 YmxlX3dvcmQvd29yZC9ieXRlIHNpemUgKi8KLS0tIGEvaHcveGVuX3B0X2Nv bmZpZ19pbml0LmMKKysrIGIvaHcveGVuX3B0X2NvbmZpZ19pbml0LmMKQEAg LTEyODEsNyArMTI4MSw2IEBAIHN0YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0 X2VtdV9yZWdfbXNpW10KICAgICAgICAgLmluaXRfdmFsICAgPSAweDAwMDAw MDAwLAogICAgICAgICAucm9fbWFzayAgICA9IDB4MDAwMDAwMDMsCiAgICAg ICAgIC5lbXVfbWFzayAgID0gMHhGRkZGRkZGRiwKLSAgICAgICAgLm5vX3di ICAgICAgPSAxLAogICAgICAgICAuaW5pdCAgICAgICA9IHhlbl9wdF9jb21t b25fcmVnX2luaXQsCiAgICAgICAgIC51LmR3LnJlYWQgID0geGVuX3B0X2xv bmdfcmVnX3JlYWQsCiAgICAgICAgIC51LmR3LndyaXRlID0geGVuX3B0X21z Z2FkZHIzMl9yZWdfd3JpdGUsCkBAIC0xMjkzLDcgKzEyOTIsNiBAQCBzdGF0 aWMgWGVuUFRSZWdJbmZvIHhlbl9wdF9lbXVfcmVnX21zaVtdCiAgICAgICAg IC5pbml0X3ZhbCAgID0gMHgwMDAwMDAwMCwKICAgICAgICAgLnJvX21hc2sg ICAgPSAweDAwMDAwMDAwLAogICAgICAgICAuZW11X21hc2sgICA9IDB4RkZG RkZGRkYsCi0gICAgICAgIC5ub193YiAgICAgID0gMSwKICAgICAgICAgLmlu aXQgICAgICAgPSB4ZW5fcHRfbXNnYWRkcjY0X3JlZ19pbml0LAogICAgICAg ICAudS5kdy5yZWFkICA9IHhlbl9wdF9sb25nX3JlZ19yZWFkLAogICAgICAg ICAudS5kdy53cml0ZSA9IHhlbl9wdF9tc2dhZGRyNjRfcmVnX3dyaXRlLApA QCAtMTMwNSw3ICsxMzAzLDYgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5f cHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAw MCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweDAwMDAsCiAgICAgICAgIC5l bXVfbWFzayAgID0gMHhGRkZGLAotICAgICAgICAubm9fd2IgICAgICA9IDEs CiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21zZ2RhdGFfcmVnX2lu aXQsCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3Jl YWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X21zZ2RhdGFfcmVn X3dyaXRlLApAQCAtMTMxNyw3ICsxMzE0LDYgQEAgc3RhdGljIFhlblBUUmVn SW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAgICAgICAuaW5pdF92YWwg ICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweDAwMDAsCiAg ICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGLAotICAgICAgICAubm9fd2Ig ICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAgID0geGVuX3B0X21zZ2Rh dGFfcmVnX2luaXQsCiAgICAgICAgIC51LncucmVhZCAgID0geGVuX3B0X3dv cmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3JpdGUgID0geGVuX3B0X21z Z2RhdGFfcmVnX3dyaXRlLAo= --=separator Content-Type: application/octet-stream; name="xsa128-qemuu.patch" Content-Disposition: attachment; filename="xsa128-qemuu.patch" Content-Transfer-Encoding: base64 eGVuOiBwcm9wZXJseSBnYXRlIGhvc3Qgd3JpdGVzIG9mIG1vZGlmaWVkIFBD SSBDRkcgY29udGVudHMKClRoZSBvbGQgbG9naWMgZGlkbid0IHdvcmsgYXMg aW50ZW5kZWQgd2hlbiBhbiBhY2Nlc3Mgc3Bhbm5lZCBtdWx0aXBsZQpmaWVs ZHMgKGZvciBleGFtcGxlIGEgMzItYml0IGFjY2VzcyB0byB0aGUgbG9jYXRp b24gb2YgdGhlIE1TSSBNZXNzYWdlCkRhdGEgZmllbGQgd2l0aCB0aGUgaGln aCAxNiBiaXRzIG5vdCBiZWluZyBjb3ZlcmVkIGJ5IGFueSBrbm93biBmaWVs ZCkuClJlbW92ZSBpdCBhbmQgZGVyaXZlIHdoaWNoIGZpZWxkcyBub3QgdG8g d3JpdGUgdG8gZnJvbSB0aGUgYWNjZXNzZWQKZmllbGRzJyBlbXVsYXRpb24g bWFza3M6IFdoZW4gdGhleSdyZSBhbGwgb25lcywgdGhlcmUncyBubyBwb2lu dCBpbgpkb2luZyBhbnkgaG9zdCB3cml0ZS4KClRoaXMgZml4ZXMgYSBzZWNv bmRhcnkgaXNzdWUgYXQgb25jZTogV2Ugb2J2aW91c2x5IHNob3VsZG4ndCBt YWtlIGFueQpob3N0IHdyaXRlIGF0dGVtcHQgd2hlbiBhbHJlYWR5IHRoZSBo b3N0IHJlYWQgZmFpbGVkLgoKVGhpcyBpcyBYU0EtMTI4LgoKU2lnbmVkLW9m Zi1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpSZXZpZXdl ZC1ieTogU3RlZmFubyBTdGFiZWxsaW5pIDxzdGVmYW5vLnN0YWJlbGxpbmlA ZXUuY2l0cml4LmNvbT4KCi0tLSBhL2h3L3hlbi94ZW5fcHQuYworKysgYi9o dy94ZW4veGVuX3B0LmMKQEAgLTIzNCw3ICsyMzQsNyBAQCBzdGF0aWMgdm9p ZCB4ZW5fcHRfcGNpX3dyaXRlX2NvbmZpZyhQQ0lECiAgICAgaW50IGluZGV4 ID0gMDsKICAgICBYZW5QVFJlZ0dyb3VwICpyZWdfZ3JwX2VudHJ5ID0gTlVM TDsKICAgICBpbnQgcmMgPSAwOwotICAgIHVpbnQzMl90IHJlYWRfdmFsID0g MDsKKyAgICB1aW50MzJfdCByZWFkX3ZhbCA9IDAsIHdiX21hc2s7CiAgICAg aW50IGVtdWxfbGVuID0gMDsKICAgICBYZW5QVFJlZyAqcmVnX2VudHJ5ID0g TlVMTDsKICAgICB1aW50MzJfdCBmaW5kX2FkZHIgPSBhZGRyOwpAQCAtMjcx LDYgKzI3MSw5IEBAIHN0YXRpYyB2b2lkIHhlbl9wdF9wY2lfd3JpdGVfY29u ZmlnKFBDSUQKICAgICBpZiAocmMgPCAwKSB7CiAgICAgICAgIFhFTl9QVF9F UlIoZCwgInBjaV9yZWFkX2Jsb2NrIGZhaWxlZC4gcmV0dXJuIHZhbHVlOiAl ZC5cbiIsIHJjKTsKICAgICAgICAgbWVtc2V0KCZyZWFkX3ZhbCwgMHhmZiwg bGVuKTsKKyAgICAgICAgd2JfbWFzayA9IDA7CisgICAgfSBlbHNlIHsKKyAg ICAgICAgd2JfbWFzayA9IDB4RkZGRkZGRkYgPj4gKCg0IC0gbGVuKSA8PCAz KTsKICAgICB9CiAKICAgICAvKiBwYXNzIGRpcmVjdGx5IHRvIHRoZSByZWFs IGRldmljZSBmb3IgcGFzc3Rocm91Z2ggdHlwZSByZWdpc3RlciBncm91cCAq LwpAQCAtMjk4LDYgKzMwMSwxMSBAQCBzdGF0aWMgdm9pZCB4ZW5fcHRfcGNp X3dyaXRlX2NvbmZpZyhQQ0lECiAKICAgICAgICAgICAgIHZhbGlkX21hc2sg PDw9IChmaW5kX2FkZHIgLSByZWFsX29mZnNldCkgPDwgMzsKICAgICAgICAg ICAgIHB0cl92YWwgPSAodWludDhfdCAqKSZ2YWwgKyAocmVhbF9vZmZzZXQg JiAzKTsKKyAgICAgICAgICAgIGlmIChyZWctPmVtdV9tYXNrID09ICgweEZG RkZGRkZGID4+ICgoNCAtIHJlZy0+c2l6ZSkgPDwgMykpKSB7CisgICAgICAg ICAgICAgICAgd2JfbWFzayAmPSB+KChyZWctPmVtdV9tYXNrCisgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICA+PiAoKGZpbmRfYWRkciAtIHJlYWxf b2Zmc2V0KSA8PCAzKSkKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg PDwgKChsZW4gLSBlbXVsX2xlbikgPDwgMykpOworICAgICAgICAgICAgfQog CiAgICAgICAgICAgICAvKiBkbyBlbXVsYXRpb24gYmFzZWQgb24gcmVnaXN0 ZXIgc2l6ZSAqLwogICAgICAgICAgICAgc3dpdGNoIChyZWctPnNpemUpIHsK QEAgLTM1MCwxMCArMzU4LDE5IEBAIHN0YXRpYyB2b2lkIHhlbl9wdF9wY2lf d3JpdGVfY29uZmlnKFBDSUQKICAgICBtZW1vcnlfcmVnaW9uX3RyYW5zYWN0 aW9uX2NvbW1pdCgpOwogCiBvdXQ6Ci0gICAgaWYgKCEocmVnICYmIHJlZy0+ bm9fd2IpKSB7CisgICAgZm9yIChpbmRleCA9IDA7IHdiX21hc2s7IGluZGV4 ICs9IGxlbikgewogICAgICAgICAvKiB1bmtub3duIHJlZ3MgYXJlIHBhc3Nl ZCB0aHJvdWdoICovCi0gICAgICAgIHJjID0geGVuX2hvc3RfcGNpX3NldF9i bG9jaygmcy0+cmVhbF9kZXZpY2UsIGFkZHIsCi0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAodWludDhfdCAqKSZ2YWwsIGxlbik7Cisg ICAgICAgIHdoaWxlICghKHdiX21hc2sgJiAweGZmKSkgeworICAgICAgICAg ICAgaW5kZXgrKzsKKyAgICAgICAgICAgIHdiX21hc2sgPj49IDg7CisgICAg ICAgIH0KKyAgICAgICAgbGVuID0gMDsKKyAgICAgICAgZG8geworICAgICAg ICAgICAgbGVuKys7CisgICAgICAgICAgICB3Yl9tYXNrID4+PSA4OworICAg ICAgICB9IHdoaWxlICh3Yl9tYXNrICYgMHhmZik7CisgICAgICAgIHJjID0g eGVuX2hvc3RfcGNpX3NldF9ibG9jaygmcy0+cmVhbF9kZXZpY2UsIGFkZHIg KyBpbmRleCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICh1aW50OF90ICopJnZhbCArIGluZGV4LCBsZW4pOwogCiAgICAgICAgIGlm IChyYyA8IDApIHsKICAgICAgICAgICAgIFhFTl9QVF9FUlIoZCwgInBjaV93 cml0ZV9ibG9jayBmYWlsZWQuIHJldHVybiB2YWx1ZTogJWQuXG4iLCByYyk7 Ci0tLSBhL2h3L3hlbi94ZW5fcHQuaAorKysgYi9ody94ZW4veGVuX3B0LmgK QEAgLTEwNSw4ICsxMDUsNiBAQCBzdHJ1Y3QgWGVuUFRSZWdJbmZvIHsKICAg ICB1aW50MzJfdCByb19tYXNrOwogICAgIC8qIHJlZyBlbXVsYXRlIGZpZWxk IG1hc2sgKE9OOmVtdSwgT0ZGOnBhc3N0aHJvdWdoKSAqLwogICAgIHVpbnQz Ml90IGVtdV9tYXNrOwotICAgIC8qIG5vIHdyaXRlIGJhY2sgYWxsb3dlZCAq LwotICAgIHVpbnQzMl90IG5vX3diOwogICAgIHhlbl9wdF9jb25mX3JlZ19p bml0IGluaXQ7CiAgICAgLyogcmVhZC93cml0ZSBmdW5jdGlvbiBwb2ludGVy CiAgICAgICogZm9yIGRvdWJsZV93b3JkL3dvcmQvYnl0ZSBzaXplICovCi0t LSBhL2h3L3hlbi94ZW5fcHRfY29uZmlnX2luaXQuYworKysgYi9ody94ZW4v eGVuX3B0X2NvbmZpZ19pbml0LmMKQEAgLTEyODEsNyArMTI4MSw2IEBAIHN0 YXRpYyBYZW5QVFJlZ0luZm8geGVuX3B0X2VtdV9yZWdfbXNpW10KICAgICAg ICAgLmluaXRfdmFsICAgPSAweDAwMDAwMDAwLAogICAgICAgICAucm9fbWFz ayAgICA9IDB4MDAwMDAwMDMsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhG RkZGRkZGRiwKLSAgICAgICAgLm5vX3diICAgICAgPSAxLAogICAgICAgICAu aW5pdCAgICAgICA9IHhlbl9wdF9jb21tb25fcmVnX2luaXQsCiAgICAgICAg IC51LmR3LnJlYWQgID0geGVuX3B0X2xvbmdfcmVnX3JlYWQsCiAgICAgICAg IC51LmR3LndyaXRlID0geGVuX3B0X21zZ2FkZHIzMl9yZWdfd3JpdGUsCkBA IC0xMjkzLDcgKzEyOTIsNiBAQCBzdGF0aWMgWGVuUFRSZWdJbmZvIHhlbl9w dF9lbXVfcmVnX21zaVtdCiAgICAgICAgIC5pbml0X3ZhbCAgID0gMHgwMDAw MDAwMCwKICAgICAgICAgLnJvX21hc2sgICAgPSAweDAwMDAwMDAwLAogICAg ICAgICAuZW11X21hc2sgICA9IDB4RkZGRkZGRkYsCi0gICAgICAgIC5ub193 YiAgICAgID0gMSwKICAgICAgICAgLmluaXQgICAgICAgPSB4ZW5fcHRfbXNn YWRkcjY0X3JlZ19pbml0LAogICAgICAgICAudS5kdy5yZWFkICA9IHhlbl9w dF9sb25nX3JlZ19yZWFkLAogICAgICAgICAudS5kdy53cml0ZSA9IHhlbl9w dF9tc2dhZGRyNjRfcmVnX3dyaXRlLApAQCAtMTMwNSw3ICsxMzAzLDYgQEAg c3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19tc2lbXQogICAg ICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAgLnJvX21hc2sg ICAgPSAweDAwMDAsCiAgICAgICAgIC5lbXVfbWFzayAgID0gMHhGRkZGLAot ICAgICAgICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5pbml0ICAgICAg ID0geGVuX3B0X21zZ2RhdGFfcmVnX2luaXQsCiAgICAgICAgIC51LncucmVh ZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAgIC51Lncud3Jp dGUgID0geGVuX3B0X21zZ2RhdGFfcmVnX3dyaXRlLApAQCAtMTMxNyw3ICsx MzE0LDYgQEAgc3RhdGljIFhlblBUUmVnSW5mbyB4ZW5fcHRfZW11X3JlZ19t c2lbXQogICAgICAgICAuaW5pdF92YWwgICA9IDB4MDAwMCwKICAgICAgICAg LnJvX21hc2sgICAgPSAweDAwMDAsCiAgICAgICAgIC5lbXVfbWFzayAgID0g MHhGRkZGLAotICAgICAgICAubm9fd2IgICAgICA9IDEsCiAgICAgICAgIC5p bml0ICAgICAgID0geGVuX3B0X21zZ2RhdGFfcmVnX2luaXQsCiAgICAgICAg IC51LncucmVhZCAgID0geGVuX3B0X3dvcmRfcmVnX3JlYWQsCiAgICAgICAg IC51Lncud3JpdGUgID0geGVuX3B0X21zZ2RhdGFfcmVnX3dyaXRlLAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Wed Jun 10 14:11:53 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Jun 2015 14:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z2giQ-000630-Kh; Wed, 10 Jun 2015 14:10:50 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z2giO-00062k-Ls; Wed, 10 Jun 2015 14:10:49 +0000 Received: from [85.158.137.68] by server-7.bemta-3.messagelabs.com id E3/F8-06457-76548755; Wed, 10 Jun 2015 14:10:47 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-7.tower-31.messagelabs.com!1433945445!14990300!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 618 invoked from network); 10 Jun 2015 14:10:46 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-7.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 10 Jun 2015 14:10:46 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z2giE-00011C-5Z; Wed, 10 Jun 2015 14:10:38 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Z2giD-0007Hh-AZ; Wed, 10 Jun 2015 14:10:37 +0000 Date: Wed, 10 Jun 2015 14:10:37 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest->host escape X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-3209 / XSA-135 version 3 Heap overflow in QEMU PCNET controller, allowing guest->host escape UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The QEMU security team has predisclosed the following advisory: pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated frame buffer. If the status field indicates that the frame buffer is ready to be sent out (i.e. by setting the TXSTATUS_DEVICEOWNS, TXSTATUS_STARTPACKET and TXSTATUS_ENDPACKET bits on the status field), the PCNET device controller pulls in the frame from the guest-physical location to s->buffer (which is 4096 bytes long), and then transmits the frame. Because of the layout of the transmit-frame descriptor, it is not possible to send the PCNET device controller a frame of length > 4096, but it /is/ possible to send the PCNET device controller a frame that is marked as TXSTATUS_STARTPACKET, but not TXSTATUS_ENDPACKET. If we do this - and the PCNET controller is configured via the XMTRL CSR to support split-frame processing - then the pcnet_transmit functions loops round, pulling a second transmit frame descriptor from the guest. If this second transmit frame descriptor sets the TXSTATUS_DEVICEOWNS and doesn't set the TXSTATUS_STARTPACKET bits, this frame is appended to the s->buffer field. An attacker can then exploit this vulnerability by sending a first packet of length 4096 to the device controller, and a second frame containing N-bytes to trigger an N-byte heap overflow. On 64-bit QEMU, a 24-byte overflow allows the guest to take control of the phys_mem_write function pointer in the PCNetState_st structure, and this is called when trying to flush the updated transmit frame descriptor back to the guest. By specifying the content of the second transmit frame, the attacker therefore gets reliable fully-chosen control of the host instruction pointer, allowing them to take control of the host. IMPACT ====== A guest which has access to an emulated PCNET network device (e.g. with "model=pcnet" in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process. VULNERABLE SYSTEMS ================== All Xen systems running x86 HVM guests without stubdomains which have been configured to use the PCNET emulated driver model are vulnerable. The default configuration is NOT vulnerable (because it does not emulate PCNET NICs). Systems running only PV guests are NOT vulnerable. Systems using qemu-dm stubdomain device models (for example, by specifying "device_model_stubdomain_override=1" in xl's domain configuration files) are NOT vulnerable. Both the traditional "qemu-xen" or upstream qemu device models are potentially vulnerable. ARM systems are NOT vulnerable. MITIGATION ========== Avoiding the use of emulated network devices altogether, by specifying a PV only VIF in the domain configuration file will avoid this issue. Avoiding the use of the PCNET device in favour of other emulations will also avoid this issue. Enabling stubdomains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. qemu-dm stubdomains are only available with the traditional "qemu-xen" version. CREDITS ======= This issue was discovered by Matt Tait of Google and reported to us via the QEMU security team. RESOLUTION ========== Applying the appropriate attached patch(es) resolves this issue. xsa135-qemuu-unstable.patch qemu-upstream, Xen unstable xsa135-qemuu-4.5-*.patch qemu-upstream, Xen 4.5.x, Xen 4.4.x xsa135-qemuu-4.3-*.patch qemu-upstream, Xen 4.3.x xsa135-qemuu-4.2-*.patch qemu-upstream, Xen 4.2.x xsa135-qemut-*.patch qemu-xen-traditional, Xen unstable, 4.5.x, 4.4.x, 4.3.x, 4.2.x Note that the second patch for qemu-xen-traditional (all versions), and qemu-upstream 4.3.x and 4.2.x are identical. Likewise xsa135-qemuu-unstable.patch is the same as xsa135-qemuu-4.5-2.patch. They are presented separately for convenience. $ sha256sum xsa135*.patch a40897166f5de84c11b5d547191cd0375c7052edb0f44940eec7b78d839e447b xsa135-qemut-1.patch d98452d4c42fae1f11e887537a4638694de8a4bf00835daac6e51801297e4091 xsa135-qemut-2.patch 099693483d468a7fdecbf825635d3595ebeecc91c496624cbe109dcb4dd235da xsa135-qemuu-unstable.patch 12ca5521f6bb1227934a1711d8adee11138a84c080a217f250efe34b3cb25b10 xsa135-qemuu-4.2-1.patch d98452d4c42fae1f11e887537a4638694de8a4bf00835daac6e51801297e4091 xsa135-qemuu-4.2-2.patch ad32c0ac145bc02b901c061fcbef83965f443fe89fcae9efc3b1dfd1e1d70bc8 xsa135-qemuu-4.3-1.patch d98452d4c42fae1f11e887537a4638694de8a4bf00835daac6e51801297e4091 xsa135-qemuu-4.3-2.patch baf9e0a960693b246ff01bb6210c5fee7713999d1e1b00a5b4e29d9ebd3c0ce8 xsa135-qemuu-4.5-1.patch 099693483d468a7fdecbf825635d3595ebeecc91c496624cbe109dcb4dd235da xsa135-qemuu-4.5-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except on systems used and administered only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. The decision not to permit deployment was made by the group that, at their discretion, disclosed the issue to the Xen Project Security Team. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVeDc3AAoJEIP+FMlX6CvZFBoIAJw/FxeABrdms6CzoxZxFQRp It9eoMcmP+cxjMuAJyO771s+wYZy/X+ZDM2+CmzDWdBOzst3/YVw0ePbNH1T86y6 23Miqm5zupJ30xQGIXledrd/S23tmRlmzylytJcI9UQktuAOnL50l+wovKwhxVtO x2Dg4P6RZ51twfbYLueIjBe2YSGGrck0kugpDtD6dH6kONNFgA+30i11Unwip18b FzKm54b5HIvSoOkXCggCdgaCOmAuz3LpAt7FfB1324dPblxlfrDyRxWABxn47qoL lgTJa7DPRTdxYM7EmnpMHKakgqzhD+Vu2Jnz8RELXt+AQH3TxRYXS2kT22QpfxY= =cx83 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa135-qemut-1.patch" Content-Disposition: attachment; filename="xsa135-qemut-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcv cGNuZXQuYwppbmRleCA3Y2MwNjM3Li45ZjNlMWNjIDEwMDY0NAotLS0gYS9o dy9wY25ldC5jCisrKyBiL2h3L3BjbmV0LmMKQEAgLTEyNTAsNyArMTI1MCw3 IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUgKnMp CiAgICAgdGFyZ2V0X3BoeXNfYWRkcl90IHhtaXRfY3hkYSA9IDA7CiAgICAg aW50IGNvdW50ID0gQ1NSX1hNVFJMKHMpLTE7CiAgICAgaW50IGFkZF9jcmMg PSAwOwotCisgICAgaW50IGJjbnQ7CiAgICAgcy0+eG1pdF9wb3MgPSAtMTsK IAogICAgIGlmICghQ1NSX1RYT04ocykpIHsKQEAgLTEyNzYsMzQgKzEyNzYs MzkgQEAgc3RhdGljIHZvaWQgcGNuZXRfdHJhbnNtaXQoUENOZXRTdGF0ZSAq cykKICAgICAgICAgICAgIGlmIChCQ1JfU1dTVFlMRShzKSAhPSAxKQogICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSBHRVRfRklFTEQodG1kLnN0YXR1cywg VE1EUywgQURERkNTKTsKICAgICAgICAgfQorCisgICAgICAgIGlmIChzLT54 bWl0X3BvcyA8IDApIHsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKKyAgICAgICAgYmNudCA9IDQwOTYgLSBHRVRfRklFTEQodG1k Lmxlbmd0aCwgVE1ETCwgQkNOVCk7CisgICAgICAgIHMtPnBoeXNfbWVtX3Jl YWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3Bv cywgYmNudCwgQ1NSX0JTV1AocykpOworICAgICAgICBzLT54bWl0X3BvcyAr PSBiY250OworCiAgICAgICAgIGlmICghR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIEVOUCkpIHsKLSAgICAgICAgICAgIGludCBiY250ID0gNDA5NiAt IEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURMLCBCQ05UKTsKLSAgICAgICAg ICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIo cywgdG1kLnRiYWRyKSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg cy0+YnVmZmVyICsgcy0+eG1pdF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsK LSAgICAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0gICAgICAgIH0g ZWxzZSBpZiAocy0+eG1pdF9wb3MgPj0gMCkgewotICAgICAgICAgICAgaW50 IGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxEKHRtZC5sZW5ndGgsIFRNREwsIEJD TlQpOwotICAgICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwg Q1NSX0JTV1AocykpOwotICAgICAgICAgICAgcy0+eG1pdF9wb3MgKz0gYmNu dDsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CiAjaWZk ZWYgUENORVRfREVCVUcKLSAgICAgICAgICAgIHByaW50ZigicGNuZXRfdHJh bnNtaXQgc2l6ZT0lZFxuIiwgcy0+eG1pdF9wb3MpOworICAgICAgICBwcmlu dGYoInBjbmV0X3RyYW5zbWl0IHNpemU9JWRcbiIsIHMtPnhtaXRfcG9zKTsK ICNlbmRpZgotICAgICAgICAgICAgaWYgKENTUl9MT09QKHMpKSB7Ci0gICAg ICAgICAgICAgICAgaWYgKEJDUl9TV1NUWUxFKHMpID09IDEpCi0gICAgICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIE5PRkNTKTsKLSAgICAgICAgICAgICAgICBzLT5sb29wdGVzdCA9 IGFkZF9jcmMgPyBQQ05FVF9MT09QVEVTVF9DUkMgOiBQQ05FVF9MT09QVEVT VF9OT0NSQzsKLSAgICAgICAgICAgICAgICBwY25ldF9yZWNlaXZlKHMsIHMt PmJ1ZmZlciwgcy0+eG1pdF9wb3MpOwotICAgICAgICAgICAgICAgIHMtPmxv b3B0ZXN0ID0gMDsKLSAgICAgICAgICAgIH0gZWxzZQotICAgICAgICAgICAg ICAgIGlmIChzLT52YykKLSAgICAgICAgICAgICAgICAgICAgcWVtdV9zZW5k X3BhY2tldChzLT52Yywgcy0+YnVmZmVyLCBzLT54bWl0X3Bvcyk7Ci0KLSAg ICAgICAgICAgIHMtPmNzclswXSAmPSB+MHgwMDA4OyAgIC8qIGNsZWFyIFRE TUQgKi8KLSAgICAgICAgICAgIHMtPmNzcls0XSB8PSAweDAwMDQ7ICAgIC8q IHNldCBUWFNUUlQgKi8KLSAgICAgICAgICAgIHMtPnhtaXRfcG9zID0gLTE7 CisgICAgICAgIGlmIChDU1JfTE9PUChzKSkgeworICAgICAgICAgICAgaWYg KEJDUl9TV1NUWUxFKHMpID09IDEpCisgICAgICAgICAgICAgICAgYWRkX2Ny YyA9ICFHRVRfRklFTEQodG1kLnN0YXR1cywgVE1EUywgTk9GQ1MpOworICAg ICAgICAgICAgcy0+bG9vcHRlc3QgPSBhZGRfY3JjID8gUENORVRfTE9PUFRF U1RfQ1JDIDogUENORVRfTE9PUFRFU1RfTk9DUkM7CisgICAgICAgICAgICBw Y25ldF9yZWNlaXZlKHMsIHMtPmJ1ZmZlciwgcy0+eG1pdF9wb3MpOworICAg ICAgICAgICAgcy0+bG9vcHRlc3QgPSAwOworICAgICAgICB9IGVsc2Ugewor ICAgICAgICAgICAgaWYgKHMtPnZjKSB7CisgICAgICAgICAgICAgICAgcWVt dV9zZW5kX3BhY2tldChzLT52Yywgcy0+YnVmZmVyLCBzLT54bWl0X3Bvcyk7 CisgICAgICAgICAgICB9CiAgICAgICAgIH0KIAorICAgICAgICBzLT5jc3Jb MF0gJj0gfjB4MDAwODsgICAvKiBjbGVhciBURE1EICovCisgICAgICAgIHMt PmNzcls0XSB8PSAweDAwMDQ7ICAgIC8qIHNldCBUWFNUUlQgKi8KKyAgICAg ICAgcy0+eG1pdF9wb3MgPSAtMTsKKworICAgIHR4ZG9uZToKICAgICAgICAg U0VUX0ZJRUxEKCZ0bWQuc3RhdHVzLCBUTURTLCBPV04sIDApOwogICAgICAg ICBUTURTVE9SRSgmdG1kLCBQSFlTQUREUihzLENTUl9DWERBKHMpKSk7CiAg ICAgICAgIGlmICghQ1NSX1RPS0lOVEQocykgfHwgKENTUl9MVElOVEVOKHMp ICYmIEdFVF9GSUVMRCh0bWQuc3RhdHVzLCBUTURTLCBMVElOVCkpKQo= --=separator Content-Type: application/octet-stream; name="xsa135-qemut-2.patch" Content-Disposition: attachment; filename="xsa135-qemut-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvcGNuZXQuYyB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRp ZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcvcGNuZXQuYwppbmRleCBiZGZk MzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9wY25ldC5jCisrKyBiL2h3 L3BjbmV0LmMKQEAgLTEyNDEsNiArMTI0MSwxNCBAQCBzdGF0aWMgdm9pZCBw Y25ldF90cmFuc21pdChQQ05ldFN0YXRlICpzKQogICAgICAgICB9CgogICAg ICAgICBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURM LCBCQ05UKTsKKworICAgICAgICAvKiBpZiBtdWx0aS10bWQgcGFja2V0IG91 dHNpemVzIHMtPmJ1ZmZlciB0aGVuIHNraXAgaXQgc2lsZW50bHkuCisgICAg ICAgICAgIE5vdGU6IHRoaXMgaXMgbm90IHdoYXQgcmVhbCBodyBkb2VzICov CisgICAgICAgIGlmIChzLT54bWl0X3BvcyArIGJjbnQgPiBzaXplb2Yocy0+ YnVmZmVyKSkgeworICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOworICAg ICAgICAgICBnb3RvIHR4ZG9uZTsKKyAgICAgICAgfQorCiAgICAgICAgIHMt PnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1k LnRiYWRyKSwKICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIg KyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwogICAgICAgICBz LT54bWl0X3BvcyArPSBiY250OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-unstable.patch" Content-Disposition: attachment; filename="xsa135-qemuu-unstable.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvbmV0L3BjbmV0LmMg fCA4ICsrKysrKysrCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRpb25zKCsp CgpkaWZmIC0tZ2l0IGEvaHcvbmV0L3BjbmV0LmMgYi9ody9uZXQvcGNuZXQu YwppbmRleCBiZGZkMzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9uZXQv cGNuZXQuYworKysgYi9ody9uZXQvcGNuZXQuYwpAQCAtMTI0MSw2ICsxMjQx LDE0IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUg KnMpCiAgICAgICAgIH0KCiAgICAgICAgIGJjbnQgPSA0MDk2IC0gR0VUX0ZJ RUxEKHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOworCisgICAgICAgIC8qIGlm IG11bHRpLXRtZCBwYWNrZXQgb3V0c2l6ZXMgcy0+YnVmZmVyIHRoZW4gc2tp cCBpdCBzaWxlbnRseS4KKyAgICAgICAgICAgTm90ZTogdGhpcyBpcyBub3Qg d2hhdCByZWFsIGh3IGRvZXMgKi8KKyAgICAgICAgaWYgKHMtPnhtaXRfcG9z ICsgYmNudCA+IHNpemVvZihzLT5idWZmZXIpKSB7CisgICAgICAgICAgIHMt PnhtaXRfcG9zID0gLTE7CisgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAogICAgICAgICAgICAgICAg ICAgICAgICAgIHMtPmJ1ZmZlciArIHMtPnhtaXRfcG9zLCBiY250LCBDU1Jf QlNXUChzKSk7CiAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0tIAoy LjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.2-1.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.2-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcv cGNuZXQuYwppbmRleCBjYmEyNTNiLi42YzViOTNmIDEwMDY0NAotLS0gYS9o dy9wY25ldC5jCisrKyBiL2h3L3BjbmV0LmMKQEAgLTEyMDksNyArMTIwOSw3 IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUgKnMp CiAgICAgdGFyZ2V0X3BoeXNfYWRkcl90IHhtaXRfY3hkYSA9IDA7CiAgICAg aW50IGNvdW50ID0gQ1NSX1hNVFJMKHMpLTE7CiAgICAgaW50IGFkZF9jcmMg PSAwOwotCisgICAgaW50IGJjbnQ7CiAgICAgcy0+eG1pdF9wb3MgPSAtMTsK IAogICAgIGlmICghQ1NSX1RYT04ocykpIHsKQEAgLTEyMzUsMzQgKzEyMzUs MzkgQEAgc3RhdGljIHZvaWQgcGNuZXRfdHJhbnNtaXQoUENOZXRTdGF0ZSAq cykKICAgICAgICAgICAgIGlmIChCQ1JfU1dTVFlMRShzKSAhPSAxKQogICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSBHRVRfRklFTEQodG1kLnN0YXR1cywg VE1EUywgQURERkNTKTsKICAgICAgICAgfQorCisgICAgICAgIGlmIChzLT54 bWl0X3BvcyA8IDApIHsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKKyAgICAgICAgYmNudCA9IDQwOTYgLSBHRVRfRklFTEQodG1k Lmxlbmd0aCwgVE1ETCwgQkNOVCk7CisgICAgICAgIHMtPnBoeXNfbWVtX3Jl YWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3Bv cywgYmNudCwgQ1NSX0JTV1AocykpOworICAgICAgICBzLT54bWl0X3BvcyAr PSBiY250OworCiAgICAgICAgIGlmICghR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIEVOUCkpIHsKLSAgICAgICAgICAgIGludCBiY250ID0gNDA5NiAt IEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURMLCBCQ05UKTsKLSAgICAgICAg ICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIo cywgdG1kLnRiYWRyKSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg cy0+YnVmZmVyICsgcy0+eG1pdF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsK LSAgICAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0gICAgICAgIH0g ZWxzZSBpZiAocy0+eG1pdF9wb3MgPj0gMCkgewotICAgICAgICAgICAgaW50 IGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxEKHRtZC5sZW5ndGgsIFRNREwsIEJD TlQpOwotICAgICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwg Q1NSX0JTV1AocykpOwotICAgICAgICAgICAgcy0+eG1pdF9wb3MgKz0gYmNu dDsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CiAjaWZk ZWYgUENORVRfREVCVUcKLSAgICAgICAgICAgIHByaW50ZigicGNuZXRfdHJh bnNtaXQgc2l6ZT0lZFxuIiwgcy0+eG1pdF9wb3MpOworICAgICAgICBwcmlu dGYoInBjbmV0X3RyYW5zbWl0IHNpemU9JWRcbiIsIHMtPnhtaXRfcG9zKTsK ICNlbmRpZgotICAgICAgICAgICAgaWYgKENTUl9MT09QKHMpKSB7Ci0gICAg ICAgICAgICAgICAgaWYgKEJDUl9TV1NUWUxFKHMpID09IDEpCi0gICAgICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIE5PRkNTKTsKLSAgICAgICAgICAgICAgICBzLT5sb29wdGVzdCA9 IGFkZF9jcmMgPyBQQ05FVF9MT09QVEVTVF9DUkMgOiBQQ05FVF9MT09QVEVT VF9OT0NSQzsKLSAgICAgICAgICAgICAgICBwY25ldF9yZWNlaXZlKCZzLT5u aWMtPm5jLCBzLT5idWZmZXIsIHMtPnhtaXRfcG9zKTsKLSAgICAgICAgICAg ICAgICBzLT5sb29wdGVzdCA9IDA7Ci0gICAgICAgICAgICB9IGVsc2UKLSAg ICAgICAgICAgICAgICBpZiAocy0+bmljKQotICAgICAgICAgICAgICAgICAg ICBxZW11X3NlbmRfcGFja2V0KCZzLT5uaWMtPm5jLCBzLT5idWZmZXIsIHMt PnhtaXRfcG9zKTsKLQotICAgICAgICAgICAgcy0+Y3NyWzBdICY9IH4weDAw MDg7ICAgLyogY2xlYXIgVERNRCAqLwotICAgICAgICAgICAgcy0+Y3NyWzRd IHw9IDB4MDAwNDsgICAgLyogc2V0IFRYU1RSVCAqLwotICAgICAgICAgICAg cy0+eG1pdF9wb3MgPSAtMTsKKyAgICAgICAgaWYgKENTUl9MT09QKHMpKSB7 CisgICAgICAgICAgICBpZiAoQkNSX1NXU1RZTEUocykgPT0gMSkKKyAgICAg ICAgICAgICAgICBhZGRfY3JjID0gIUdFVF9GSUVMRCh0bWQuc3RhdHVzLCBU TURTLCBOT0ZDUyk7CisgICAgICAgICAgICBzLT5sb29wdGVzdCA9IGFkZF9j cmMgPyBQQ05FVF9MT09QVEVTVF9DUkMgOiBQQ05FVF9MT09QVEVTVF9OT0NS QzsKKyAgICAgICAgICAgIHBjbmV0X3JlY2VpdmUoJnMtPm5pYy0+bmMsIHMt PmJ1ZmZlciwgcy0+eG1pdF9wb3MpOworICAgICAgICAgICAgcy0+bG9vcHRl c3QgPSAwOworICAgICAgICB9IGVsc2UgeworICAgICAgICAgICAgaWYgKHMt Pm5pYykgeworICAgICAgICAgICAgICAgIHFlbXVfc2VuZF9wYWNrZXQoJnMt Pm5pYy0+bmMsIHMtPmJ1ZmZlciwgcy0+eG1pdF9wb3MpOworICAgICAgICAg ICAgfQogICAgICAgICB9CiAKKyAgICAgICAgcy0+Y3NyWzBdICY9IH4weDAw MDg7ICAgLyogY2xlYXIgVERNRCAqLworICAgICAgICBzLT5jc3JbNF0gfD0g MHgwMDA0OyAgICAvKiBzZXQgVFhTVFJUICovCisgICAgICAgIHMtPnhtaXRf cG9zID0gLTE7CisKKyAgICB0eGRvbmU6CiAgICAgICAgIFNFVF9GSUVMRCgm dG1kLnN0YXR1cywgVE1EUywgT1dOLCAwKTsKICAgICAgICAgVE1EU1RPUkUo JnRtZCwgUEhZU0FERFIocyxDU1JfQ1hEQShzKSkpOwogICAgICAgICBpZiAo IUNTUl9UT0tJTlREKHMpIHx8IChDU1JfTFRJTlRFTihzKSAmJiBHRVRfRklF TEQodG1kLnN0YXR1cywgVE1EUywgTFRJTlQpKSkK --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.2-2.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.2-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvcGNuZXQuYyB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRp ZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcvcGNuZXQuYwppbmRleCBiZGZk MzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9wY25ldC5jCisrKyBiL2h3 L3BjbmV0LmMKQEAgLTEyNDEsNiArMTI0MSwxNCBAQCBzdGF0aWMgdm9pZCBw Y25ldF90cmFuc21pdChQQ05ldFN0YXRlICpzKQogICAgICAgICB9CgogICAg ICAgICBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURM LCBCQ05UKTsKKworICAgICAgICAvKiBpZiBtdWx0aS10bWQgcGFja2V0IG91 dHNpemVzIHMtPmJ1ZmZlciB0aGVuIHNraXAgaXQgc2lsZW50bHkuCisgICAg ICAgICAgIE5vdGU6IHRoaXMgaXMgbm90IHdoYXQgcmVhbCBodyBkb2VzICov CisgICAgICAgIGlmIChzLT54bWl0X3BvcyArIGJjbnQgPiBzaXplb2Yocy0+ YnVmZmVyKSkgeworICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOworICAg ICAgICAgICBnb3RvIHR4ZG9uZTsKKyAgICAgICAgfQorCiAgICAgICAgIHMt PnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1k LnRiYWRyKSwKICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIg KyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwogICAgICAgICBz LT54bWl0X3BvcyArPSBiY250OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.3-1.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.3-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcv cGNuZXQuYwppbmRleCA1NGVlY2QwLi5jYTg2NzMzIDEwMDY0NAotLS0gYS9o dy9wY25ldC5jCisrKyBiL2h3L3BjbmV0LmMKQEAgLTEyMDksNyArMTIwOSw3 IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUgKnMp CiAgICAgaHdhZGRyIHhtaXRfY3hkYSA9IDA7CiAgICAgaW50IGNvdW50ID0g Q1NSX1hNVFJMKHMpLTE7CiAgICAgaW50IGFkZF9jcmMgPSAwOwotCisgICAg aW50IGJjbnQ7CiAgICAgcy0+eG1pdF9wb3MgPSAtMTsKIAogICAgIGlmICgh Q1NSX1RYT04ocykpIHsKQEAgLTEyNDQsMzQgKzEyNDQsMzkgQEAgc3RhdGlj IHZvaWQgcGNuZXRfdHJhbnNtaXQoUENOZXRTdGF0ZSAqcykKICAgICAgICAg ICAgIHMtPnhtaXRfcG9zID0gLTE7CiAgICAgICAgICAgICBnb3RvIHR4ZG9u ZTsKICAgICAgICAgfQorCisgICAgICAgIGlmIChzLT54bWl0X3BvcyA8IDAp IHsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CisKKyAg ICAgICAgYmNudCA9IDQwOTYgLSBHRVRfRklFTEQodG1kLmxlbmd0aCwgVE1E TCwgQkNOVCk7CisgICAgICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29w YXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKKyAgICAgICAgICAgICAg ICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwgQ1NS X0JTV1AocykpOworICAgICAgICBzLT54bWl0X3BvcyArPSBiY250OworCiAg ICAgICAgIGlmICghR0VUX0ZJRUxEKHRtZC5zdGF0dXMsIFRNRFMsIEVOUCkp IHsKLSAgICAgICAgICAgIGludCBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0 bWQubGVuZ3RoLCBUTURMLCBCQ05UKTsKLSAgICAgICAgICAgIHMtPnBoeXNf bWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRy KSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcy0+YnVmZmVyICsg cy0+eG1pdF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsKLSAgICAgICAgICAg IHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0gICAgICAgIH0gZWxzZSBpZiAocy0+ eG1pdF9wb3MgPj0gMCkgewotICAgICAgICAgICAgaW50IGJjbnQgPSA0MDk2 IC0gR0VUX0ZJRUxEKHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOwotICAgICAg ICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3BhcXVlLCBQSFlTQURE UihzLCB0bWQudGJhZHIpLAotICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1Aocykp OwotICAgICAgICAgICAgcy0+eG1pdF9wb3MgKz0gYmNudDsKKyAgICAgICAg ICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CisKICNpZmRlZiBQQ05FVF9E RUJVRwotICAgICAgICAgICAgcHJpbnRmKCJwY25ldF90cmFuc21pdCBzaXpl PSVkXG4iLCBzLT54bWl0X3Bvcyk7CisgICAgICAgIHByaW50ZigicGNuZXRf dHJhbnNtaXQgc2l6ZT0lZFxuIiwgcy0+eG1pdF9wb3MpOwogI2VuZGlmCi0g ICAgICAgICAgICBpZiAoQ1NSX0xPT1AocykpIHsKLSAgICAgICAgICAgICAg ICBpZiAoQkNSX1NXU1RZTEUocykgPT0gMSkKLSAgICAgICAgICAgICAgICAg ICAgYWRkX2NyYyA9ICFHRVRfRklFTEQodG1kLnN0YXR1cywgVE1EUywgTk9G Q1MpOwotICAgICAgICAgICAgICAgIHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/ IFBDTkVUX0xPT1BURVNUX0NSQyA6IFBDTkVUX0xPT1BURVNUX05PQ1JDOwot ICAgICAgICAgICAgICAgIHBjbmV0X3JlY2VpdmUoJnMtPm5pYy0+bmMsIHMt PmJ1ZmZlciwgcy0+eG1pdF9wb3MpOwotICAgICAgICAgICAgICAgIHMtPmxv b3B0ZXN0ID0gMDsKLSAgICAgICAgICAgIH0gZWxzZQotICAgICAgICAgICAg ICAgIGlmIChzLT5uaWMpCi0gICAgICAgICAgICAgICAgICAgIHFlbXVfc2Vu ZF9wYWNrZXQoJnMtPm5pYy0+bmMsIHMtPmJ1ZmZlciwgcy0+eG1pdF9wb3Mp OwotCi0gICAgICAgICAgICBzLT5jc3JbMF0gJj0gfjB4MDAwODsgICAvKiBj bGVhciBURE1EICovCi0gICAgICAgICAgICBzLT5jc3JbNF0gfD0gMHgwMDA0 OyAgICAvKiBzZXQgVFhTVFJUICovCi0gICAgICAgICAgICBzLT54bWl0X3Bv cyA9IC0xOworICAgICAgICBpZiAoQ1NSX0xPT1AocykpIHsKKyAgICAgICAg ICAgIGlmIChCQ1JfU1dTVFlMRShzKSA9PSAxKQorICAgICAgICAgICAgICAg IGFkZF9jcmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMsIFRNRFMsIE5PRkNT KTsKKyAgICAgICAgICAgIHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/IFBDTkVU X0xPT1BURVNUX0NSQyA6IFBDTkVUX0xPT1BURVNUX05PQ1JDOworICAgICAg ICAgICAgcGNuZXRfcmVjZWl2ZSgmcy0+bmljLT5uYywgcy0+YnVmZmVyLCBz LT54bWl0X3Bvcyk7CisgICAgICAgICAgICBzLT5sb29wdGVzdCA9IDA7Cisg ICAgICAgIH0gZWxzZSB7CisgICAgICAgICAgICBpZiAocy0+bmljKSB7Cisg ICAgICAgICAgICAgICAgcWVtdV9zZW5kX3BhY2tldCgmcy0+bmljLT5uYywg cy0+YnVmZmVyLCBzLT54bWl0X3Bvcyk7CisgICAgICAgICAgICB9CiAgICAg ICAgIH0KIAorICAgICAgICBzLT5jc3JbMF0gJj0gfjB4MDAwODsgICAvKiBj bGVhciBURE1EICovCisgICAgICAgIHMtPmNzcls0XSB8PSAweDAwMDQ7ICAg IC8qIHNldCBUWFNUUlQgKi8KKyAgICAgICAgcy0+eG1pdF9wb3MgPSAtMTsK KwogICAgIHR4ZG9uZToKICAgICAgICAgU0VUX0ZJRUxEKCZ0bWQuc3RhdHVz LCBUTURTLCBPV04sIDApOwogICAgICAgICBUTURTVE9SRSgmdG1kLCBQSFlT QUREUihzLENTUl9DWERBKHMpKSk7Cg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.3-2.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.3-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvcGNuZXQuYyB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRp ZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcvcGNuZXQuYwppbmRleCBiZGZk MzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9wY25ldC5jCisrKyBiL2h3 L3BjbmV0LmMKQEAgLTEyNDEsNiArMTI0MSwxNCBAQCBzdGF0aWMgdm9pZCBw Y25ldF90cmFuc21pdChQQ05ldFN0YXRlICpzKQogICAgICAgICB9CgogICAg ICAgICBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURM LCBCQ05UKTsKKworICAgICAgICAvKiBpZiBtdWx0aS10bWQgcGFja2V0IG91 dHNpemVzIHMtPmJ1ZmZlciB0aGVuIHNraXAgaXQgc2lsZW50bHkuCisgICAg ICAgICAgIE5vdGU6IHRoaXMgaXMgbm90IHdoYXQgcmVhbCBodyBkb2VzICov CisgICAgICAgIGlmIChzLT54bWl0X3BvcyArIGJjbnQgPiBzaXplb2Yocy0+ YnVmZmVyKSkgeworICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOworICAg ICAgICAgICBnb3RvIHR4ZG9uZTsKKyAgICAgICAgfQorCiAgICAgICAgIHMt PnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1k LnRiYWRyKSwKICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIg KyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwogICAgICAgICBz LT54bWl0X3BvcyArPSBiY250OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.5-1.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.5-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9uZXQvcGNuZXQuYyBi L2h3L25ldC9wY25ldC5jCmluZGV4IGQzNDRjMTUuLmY0MDliOTIgMTAwNjQ0 Ci0tLSBhL2h3L25ldC9wY25ldC5jCisrKyBiL2h3L25ldC9wY25ldC5jCkBA IC0xMjEyLDcgKzEyMTIsNyBAQCBzdGF0aWMgdm9pZCBwY25ldF90cmFuc21p dChQQ05ldFN0YXRlICpzKQogICAgIGh3YWRkciB4bWl0X2N4ZGEgPSAwOwog ICAgIGludCBjb3VudCA9IENTUl9YTVRSTChzKS0xOwogICAgIGludCBhZGRf Y3JjID0gMDsKLQorICAgIGludCBiY250OwogICAgIHMtPnhtaXRfcG9zID0g LTE7CiAKICAgICBpZiAoIUNTUl9UWE9OKHMpKSB7CkBAIC0xMjQ3LDM1ICsx MjQ3LDQwIEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3Rh dGUgKnMpCiAgICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOwogICAgICAg ICAgICAgZ290byB0eGRvbmU7CiAgICAgICAgIH0KKworICAgICAgICBpZiAo cy0+eG1pdF9wb3MgPCAwKSB7CisgICAgICAgICAgICBnb3RvIHR4ZG9uZTsK KyAgICAgICAgfQorCisgICAgICAgIGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxE KHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOworICAgICAgICBzLT5waHlzX21l bV9yZWFkKHMtPmRtYV9vcGFxdWUsIFBIWVNBRERSKHMsIHRtZC50YmFkciks CisgICAgICAgICAgICAgICAgICAgICAgICAgcy0+YnVmZmVyICsgcy0+eG1p dF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsKKyAgICAgICAgcy0+eG1pdF9w b3MgKz0gYmNudDsKKyAgICAgICAgCiAgICAgICAgIGlmICghR0VUX0ZJRUxE KHRtZC5zdGF0dXMsIFRNRFMsIEVOUCkpIHsKLSAgICAgICAgICAgIGludCBi Y250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURMLCBCQ05U KTsKLSAgICAgICAgICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1 ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKLSAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgcy0+YnVmZmVyICsgcy0+eG1pdF9wb3MsIGJjbnQsIENT Ul9CU1dQKHMpKTsKLSAgICAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7 Ci0gICAgICAgIH0gZWxzZSBpZiAocy0+eG1pdF9wb3MgPj0gMCkgewotICAg ICAgICAgICAgaW50IGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxEKHRtZC5sZW5n dGgsIFRNREwsIEJDTlQpOwotICAgICAgICAgICAgcy0+cGh5c19tZW1fcmVh ZChzLT5kbWFfb3BhcXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAotICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0 X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwotICAgICAgICAgICAgcy0+eG1p dF9wb3MgKz0gYmNudDsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKICNpZmRlZiBQQ05FVF9ERUJVRwotICAgICAgICAgICAgcHJp bnRmKCJwY25ldF90cmFuc21pdCBzaXplPSVkXG4iLCBzLT54bWl0X3Bvcyk7 CisgICAgICAgIHByaW50ZigicGNuZXRfdHJhbnNtaXQgc2l6ZT0lZFxuIiwg cy0+eG1pdF9wb3MpOwogI2VuZGlmCi0gICAgICAgICAgICBpZiAoQ1NSX0xP T1AocykpIHsKLSAgICAgICAgICAgICAgICBpZiAoQkNSX1NXU1RZTEUocykg PT0gMSkKLSAgICAgICAgICAgICAgICAgICAgYWRkX2NyYyA9ICFHRVRfRklF TEQodG1kLnN0YXR1cywgVE1EUywgTk9GQ1MpOwotICAgICAgICAgICAgICAg IHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/IFBDTkVUX0xPT1BURVNUX0NSQyA6 IFBDTkVUX0xPT1BURVNUX05PQ1JDOwotICAgICAgICAgICAgICAgIHBjbmV0 X3JlY2VpdmUocWVtdV9nZXRfcXVldWUocy0+bmljKSwgcy0+YnVmZmVyLCBz LT54bWl0X3Bvcyk7Ci0gICAgICAgICAgICAgICAgcy0+bG9vcHRlc3QgPSAw OwotICAgICAgICAgICAgfSBlbHNlCi0gICAgICAgICAgICAgICAgaWYgKHMt Pm5pYykKLSAgICAgICAgICAgICAgICAgICAgcWVtdV9zZW5kX3BhY2tldChx ZW11X2dldF9xdWV1ZShzLT5uaWMpLCBzLT5idWZmZXIsCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgcy0+eG1pdF9wb3MpOwotCi0g ICAgICAgICAgICBzLT5jc3JbMF0gJj0gfjB4MDAwODsgICAvKiBjbGVhciBU RE1EICovCi0gICAgICAgICAgICBzLT5jc3JbNF0gfD0gMHgwMDA0OyAgICAv KiBzZXQgVFhTVFJUICovCi0gICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0x OworICAgICAgICBpZiAoQ1NSX0xPT1AocykpIHsKKyAgICAgICAgICAgIGlm IChCQ1JfU1dTVFlMRShzKSA9PSAxKQorICAgICAgICAgICAgICAgIGFkZF9j cmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMsIFRNRFMsIE5PRkNTKTsKKyAg ICAgICAgICAgIHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/IFBDTkVUX0xPT1BU RVNUX0NSQyA6IFBDTkVUX0xPT1BURVNUX05PQ1JDOworICAgICAgICAgICAg cGNuZXRfcmVjZWl2ZShxZW11X2dldF9xdWV1ZShzLT5uaWMpLCBzLT5idWZm ZXIsIHMtPnhtaXRfcG9zKTsKKyAgICAgICAgICAgIHMtPmxvb3B0ZXN0ID0g MDsKKyAgICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAgIGlmIChzLT5uaWMp IHsKKyAgICAgICAgICAgICAgICBxZW11X3NlbmRfcGFja2V0KHFlbXVfZ2V0 X3F1ZXVlKHMtPm5pYyksIHMtPmJ1ZmZlciwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHMtPnhtaXRfcG9zKTsKKyAgICAgICAgICAgIH0K ICAgICAgICAgfQogCisgICAgICAgIHMtPmNzclswXSAmPSB+MHgwMDA4OyAg IC8qIGNsZWFyIFRETUQgKi8KKyAgICAgICAgcy0+Y3NyWzRdIHw9IDB4MDAw NDsgICAgLyogc2V0IFRYU1RSVCAqLworICAgICAgICBzLT54bWl0X3BvcyA9 IC0xOworCiAgICAgdHhkb25lOgogICAgICAgICBTRVRfRklFTEQoJnRtZC5z dGF0dXMsIFRNRFMsIE9XTiwgMCk7CiAgICAgICAgIFRNRFNUT1JFKCZ0bWQs IFBIWVNBRERSKHMsQ1NSX0NYREEocykpKTsK --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.5-2.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.5-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvbmV0L3BjbmV0LmMg fCA4ICsrKysrKysrCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRpb25zKCsp CgpkaWZmIC0tZ2l0IGEvaHcvbmV0L3BjbmV0LmMgYi9ody9uZXQvcGNuZXQu YwppbmRleCBiZGZkMzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9uZXQv cGNuZXQuYworKysgYi9ody9uZXQvcGNuZXQuYwpAQCAtMTI0MSw2ICsxMjQx LDE0IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUg KnMpCiAgICAgICAgIH0KCiAgICAgICAgIGJjbnQgPSA0MDk2IC0gR0VUX0ZJ RUxEKHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOworCisgICAgICAgIC8qIGlm IG11bHRpLXRtZCBwYWNrZXQgb3V0c2l6ZXMgcy0+YnVmZmVyIHRoZW4gc2tp cCBpdCBzaWxlbnRseS4KKyAgICAgICAgICAgTm90ZTogdGhpcyBpcyBub3Qg d2hhdCByZWFsIGh3IGRvZXMgKi8KKyAgICAgICAgaWYgKHMtPnhtaXRfcG9z ICsgYmNudCA+IHNpemVvZihzLT5idWZmZXIpKSB7CisgICAgICAgICAgIHMt PnhtaXRfcG9zID0gLTE7CisgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAogICAgICAgICAgICAgICAg ICAgICAgICAgIHMtPmJ1ZmZlciArIHMtPnhtaXRfcG9zLCBiY250LCBDU1Jf QlNXUChzKSk7CiAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0tIAoy LjEuMAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Wed Jun 10 14:11:53 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Jun 2015 14:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z2giQ-000630-Kh; Wed, 10 Jun 2015 14:10:50 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z2giO-00062k-Ls; Wed, 10 Jun 2015 14:10:49 +0000 Received: from [85.158.137.68] by server-7.bemta-3.messagelabs.com id E3/F8-06457-76548755; Wed, 10 Jun 2015 14:10:47 +0000 X-Env-Sender: ianc@xenbits.xen.org X-Msg-Ref: server-7.tower-31.messagelabs.com!1433945445!14990300!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 618 invoked from network); 10 Jun 2015 14:10:46 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-7.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 10 Jun 2015 14:10:46 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z2giE-00011C-5Z; Wed, 10 Jun 2015 14:10:38 +0000 Received: from ianc by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Z2giD-0007Hh-AZ; Wed, 10 Jun 2015 14:10:37 +0000 Date: Wed, 10 Jun 2015 14:10:37 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 135 (CVE-2015-3209) - Heap overflow in QEMU PCNET controller, allowing guest->host escape X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-3209 / XSA-135 version 3 Heap overflow in QEMU PCNET controller, allowing guest->host escape UPDATES IN VERSION 3 ==================== Public release. ISSUE DESCRIPTION ================= The QEMU security team has predisclosed the following advisory: pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated frame buffer. If the status field indicates that the frame buffer is ready to be sent out (i.e. by setting the TXSTATUS_DEVICEOWNS, TXSTATUS_STARTPACKET and TXSTATUS_ENDPACKET bits on the status field), the PCNET device controller pulls in the frame from the guest-physical location to s->buffer (which is 4096 bytes long), and then transmits the frame. Because of the layout of the transmit-frame descriptor, it is not possible to send the PCNET device controller a frame of length > 4096, but it /is/ possible to send the PCNET device controller a frame that is marked as TXSTATUS_STARTPACKET, but not TXSTATUS_ENDPACKET. If we do this - and the PCNET controller is configured via the XMTRL CSR to support split-frame processing - then the pcnet_transmit functions loops round, pulling a second transmit frame descriptor from the guest. If this second transmit frame descriptor sets the TXSTATUS_DEVICEOWNS and doesn't set the TXSTATUS_STARTPACKET bits, this frame is appended to the s->buffer field. An attacker can then exploit this vulnerability by sending a first packet of length 4096 to the device controller, and a second frame containing N-bytes to trigger an N-byte heap overflow. On 64-bit QEMU, a 24-byte overflow allows the guest to take control of the phys_mem_write function pointer in the PCNetState_st structure, and this is called when trying to flush the updated transmit frame descriptor back to the guest. By specifying the content of the second transmit frame, the attacker therefore gets reliable fully-chosen control of the host instruction pointer, allowing them to take control of the host. IMPACT ====== A guest which has access to an emulated PCNET network device (e.g. with "model=pcnet" in their VIF configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process. VULNERABLE SYSTEMS ================== All Xen systems running x86 HVM guests without stubdomains which have been configured to use the PCNET emulated driver model are vulnerable. The default configuration is NOT vulnerable (because it does not emulate PCNET NICs). Systems running only PV guests are NOT vulnerable. Systems using qemu-dm stubdomain device models (for example, by specifying "device_model_stubdomain_override=1" in xl's domain configuration files) are NOT vulnerable. Both the traditional "qemu-xen" or upstream qemu device models are potentially vulnerable. ARM systems are NOT vulnerable. MITIGATION ========== Avoiding the use of emulated network devices altogether, by specifying a PV only VIF in the domain configuration file will avoid this issue. Avoiding the use of the PCNET device in favour of other emulations will also avoid this issue. Enabling stubdomains will mitigate this issue, by reducing the escalation to only those privileges accorded to the service domain. qemu-dm stubdomains are only available with the traditional "qemu-xen" version. CREDITS ======= This issue was discovered by Matt Tait of Google and reported to us via the QEMU security team. RESOLUTION ========== Applying the appropriate attached patch(es) resolves this issue. xsa135-qemuu-unstable.patch qemu-upstream, Xen unstable xsa135-qemuu-4.5-*.patch qemu-upstream, Xen 4.5.x, Xen 4.4.x xsa135-qemuu-4.3-*.patch qemu-upstream, Xen 4.3.x xsa135-qemuu-4.2-*.patch qemu-upstream, Xen 4.2.x xsa135-qemut-*.patch qemu-xen-traditional, Xen unstable, 4.5.x, 4.4.x, 4.3.x, 4.2.x Note that the second patch for qemu-xen-traditional (all versions), and qemu-upstream 4.3.x and 4.2.x are identical. Likewise xsa135-qemuu-unstable.patch is the same as xsa135-qemuu-4.5-2.patch. They are presented separately for convenience. $ sha256sum xsa135*.patch a40897166f5de84c11b5d547191cd0375c7052edb0f44940eec7b78d839e447b xsa135-qemut-1.patch d98452d4c42fae1f11e887537a4638694de8a4bf00835daac6e51801297e4091 xsa135-qemut-2.patch 099693483d468a7fdecbf825635d3595ebeecc91c496624cbe109dcb4dd235da xsa135-qemuu-unstable.patch 12ca5521f6bb1227934a1711d8adee11138a84c080a217f250efe34b3cb25b10 xsa135-qemuu-4.2-1.patch d98452d4c42fae1f11e887537a4638694de8a4bf00835daac6e51801297e4091 xsa135-qemuu-4.2-2.patch ad32c0ac145bc02b901c061fcbef83965f443fe89fcae9efc3b1dfd1e1d70bc8 xsa135-qemuu-4.3-1.patch d98452d4c42fae1f11e887537a4638694de8a4bf00835daac6e51801297e4091 xsa135-qemuu-4.3-2.patch baf9e0a960693b246ff01bb6210c5fee7713999d1e1b00a5b4e29d9ebd3c0ce8 xsa135-qemuu-4.5-1.patch 099693483d468a7fdecbf825635d3595ebeecc91c496624cbe109dcb4dd235da xsa135-qemuu-4.5-2.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of patches or mitigations is NOT permitted (except on systems used and administered only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. The decision not to permit deployment was made by the group that, at their discretion, disclosed the issue to the Xen Project Security Team. Deployment is permitted only AFTER the embargo ends. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVeDc3AAoJEIP+FMlX6CvZFBoIAJw/FxeABrdms6CzoxZxFQRp It9eoMcmP+cxjMuAJyO771s+wYZy/X+ZDM2+CmzDWdBOzst3/YVw0ePbNH1T86y6 23Miqm5zupJ30xQGIXledrd/S23tmRlmzylytJcI9UQktuAOnL50l+wovKwhxVtO x2Dg4P6RZ51twfbYLueIjBe2YSGGrck0kugpDtD6dH6kONNFgA+30i11Unwip18b FzKm54b5HIvSoOkXCggCdgaCOmAuz3LpAt7FfB1324dPblxlfrDyRxWABxn47qoL lgTJa7DPRTdxYM7EmnpMHKakgqzhD+Vu2Jnz8RELXt+AQH3TxRYXS2kT22QpfxY= =cx83 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa135-qemut-1.patch" Content-Disposition: attachment; filename="xsa135-qemut-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcv cGNuZXQuYwppbmRleCA3Y2MwNjM3Li45ZjNlMWNjIDEwMDY0NAotLS0gYS9o dy9wY25ldC5jCisrKyBiL2h3L3BjbmV0LmMKQEAgLTEyNTAsNyArMTI1MCw3 IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUgKnMp CiAgICAgdGFyZ2V0X3BoeXNfYWRkcl90IHhtaXRfY3hkYSA9IDA7CiAgICAg aW50IGNvdW50ID0gQ1NSX1hNVFJMKHMpLTE7CiAgICAgaW50IGFkZF9jcmMg PSAwOwotCisgICAgaW50IGJjbnQ7CiAgICAgcy0+eG1pdF9wb3MgPSAtMTsK IAogICAgIGlmICghQ1NSX1RYT04ocykpIHsKQEAgLTEyNzYsMzQgKzEyNzYs MzkgQEAgc3RhdGljIHZvaWQgcGNuZXRfdHJhbnNtaXQoUENOZXRTdGF0ZSAq cykKICAgICAgICAgICAgIGlmIChCQ1JfU1dTVFlMRShzKSAhPSAxKQogICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSBHRVRfRklFTEQodG1kLnN0YXR1cywg VE1EUywgQURERkNTKTsKICAgICAgICAgfQorCisgICAgICAgIGlmIChzLT54 bWl0X3BvcyA8IDApIHsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKKyAgICAgICAgYmNudCA9IDQwOTYgLSBHRVRfRklFTEQodG1k Lmxlbmd0aCwgVE1ETCwgQkNOVCk7CisgICAgICAgIHMtPnBoeXNfbWVtX3Jl YWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3Bv cywgYmNudCwgQ1NSX0JTV1AocykpOworICAgICAgICBzLT54bWl0X3BvcyAr PSBiY250OworCiAgICAgICAgIGlmICghR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIEVOUCkpIHsKLSAgICAgICAgICAgIGludCBiY250ID0gNDA5NiAt IEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURMLCBCQ05UKTsKLSAgICAgICAg ICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIo cywgdG1kLnRiYWRyKSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg cy0+YnVmZmVyICsgcy0+eG1pdF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsK LSAgICAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0gICAgICAgIH0g ZWxzZSBpZiAocy0+eG1pdF9wb3MgPj0gMCkgewotICAgICAgICAgICAgaW50 IGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxEKHRtZC5sZW5ndGgsIFRNREwsIEJD TlQpOwotICAgICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwg Q1NSX0JTV1AocykpOwotICAgICAgICAgICAgcy0+eG1pdF9wb3MgKz0gYmNu dDsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CiAjaWZk ZWYgUENORVRfREVCVUcKLSAgICAgICAgICAgIHByaW50ZigicGNuZXRfdHJh bnNtaXQgc2l6ZT0lZFxuIiwgcy0+eG1pdF9wb3MpOworICAgICAgICBwcmlu dGYoInBjbmV0X3RyYW5zbWl0IHNpemU9JWRcbiIsIHMtPnhtaXRfcG9zKTsK ICNlbmRpZgotICAgICAgICAgICAgaWYgKENTUl9MT09QKHMpKSB7Ci0gICAg ICAgICAgICAgICAgaWYgKEJDUl9TV1NUWUxFKHMpID09IDEpCi0gICAgICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIE5PRkNTKTsKLSAgICAgICAgICAgICAgICBzLT5sb29wdGVzdCA9 IGFkZF9jcmMgPyBQQ05FVF9MT09QVEVTVF9DUkMgOiBQQ05FVF9MT09QVEVT VF9OT0NSQzsKLSAgICAgICAgICAgICAgICBwY25ldF9yZWNlaXZlKHMsIHMt PmJ1ZmZlciwgcy0+eG1pdF9wb3MpOwotICAgICAgICAgICAgICAgIHMtPmxv b3B0ZXN0ID0gMDsKLSAgICAgICAgICAgIH0gZWxzZQotICAgICAgICAgICAg ICAgIGlmIChzLT52YykKLSAgICAgICAgICAgICAgICAgICAgcWVtdV9zZW5k X3BhY2tldChzLT52Yywgcy0+YnVmZmVyLCBzLT54bWl0X3Bvcyk7Ci0KLSAg ICAgICAgICAgIHMtPmNzclswXSAmPSB+MHgwMDA4OyAgIC8qIGNsZWFyIFRE TUQgKi8KLSAgICAgICAgICAgIHMtPmNzcls0XSB8PSAweDAwMDQ7ICAgIC8q IHNldCBUWFNUUlQgKi8KLSAgICAgICAgICAgIHMtPnhtaXRfcG9zID0gLTE7 CisgICAgICAgIGlmIChDU1JfTE9PUChzKSkgeworICAgICAgICAgICAgaWYg KEJDUl9TV1NUWUxFKHMpID09IDEpCisgICAgICAgICAgICAgICAgYWRkX2Ny YyA9ICFHRVRfRklFTEQodG1kLnN0YXR1cywgVE1EUywgTk9GQ1MpOworICAg ICAgICAgICAgcy0+bG9vcHRlc3QgPSBhZGRfY3JjID8gUENORVRfTE9PUFRF U1RfQ1JDIDogUENORVRfTE9PUFRFU1RfTk9DUkM7CisgICAgICAgICAgICBw Y25ldF9yZWNlaXZlKHMsIHMtPmJ1ZmZlciwgcy0+eG1pdF9wb3MpOworICAg ICAgICAgICAgcy0+bG9vcHRlc3QgPSAwOworICAgICAgICB9IGVsc2Ugewor ICAgICAgICAgICAgaWYgKHMtPnZjKSB7CisgICAgICAgICAgICAgICAgcWVt dV9zZW5kX3BhY2tldChzLT52Yywgcy0+YnVmZmVyLCBzLT54bWl0X3Bvcyk7 CisgICAgICAgICAgICB9CiAgICAgICAgIH0KIAorICAgICAgICBzLT5jc3Jb MF0gJj0gfjB4MDAwODsgICAvKiBjbGVhciBURE1EICovCisgICAgICAgIHMt PmNzcls0XSB8PSAweDAwMDQ7ICAgIC8qIHNldCBUWFNUUlQgKi8KKyAgICAg ICAgcy0+eG1pdF9wb3MgPSAtMTsKKworICAgIHR4ZG9uZToKICAgICAgICAg U0VUX0ZJRUxEKCZ0bWQuc3RhdHVzLCBUTURTLCBPV04sIDApOwogICAgICAg ICBUTURTVE9SRSgmdG1kLCBQSFlTQUREUihzLENTUl9DWERBKHMpKSk7CiAg ICAgICAgIGlmICghQ1NSX1RPS0lOVEQocykgfHwgKENTUl9MVElOVEVOKHMp ICYmIEdFVF9GSUVMRCh0bWQuc3RhdHVzLCBUTURTLCBMVElOVCkpKQo= --=separator Content-Type: application/octet-stream; name="xsa135-qemut-2.patch" Content-Disposition: attachment; filename="xsa135-qemut-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvcGNuZXQuYyB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRp ZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcvcGNuZXQuYwppbmRleCBiZGZk MzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9wY25ldC5jCisrKyBiL2h3 L3BjbmV0LmMKQEAgLTEyNDEsNiArMTI0MSwxNCBAQCBzdGF0aWMgdm9pZCBw Y25ldF90cmFuc21pdChQQ05ldFN0YXRlICpzKQogICAgICAgICB9CgogICAg ICAgICBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURM LCBCQ05UKTsKKworICAgICAgICAvKiBpZiBtdWx0aS10bWQgcGFja2V0IG91 dHNpemVzIHMtPmJ1ZmZlciB0aGVuIHNraXAgaXQgc2lsZW50bHkuCisgICAg ICAgICAgIE5vdGU6IHRoaXMgaXMgbm90IHdoYXQgcmVhbCBodyBkb2VzICov CisgICAgICAgIGlmIChzLT54bWl0X3BvcyArIGJjbnQgPiBzaXplb2Yocy0+ YnVmZmVyKSkgeworICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOworICAg ICAgICAgICBnb3RvIHR4ZG9uZTsKKyAgICAgICAgfQorCiAgICAgICAgIHMt PnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1k LnRiYWRyKSwKICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIg KyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwogICAgICAgICBz LT54bWl0X3BvcyArPSBiY250OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-unstable.patch" Content-Disposition: attachment; filename="xsa135-qemuu-unstable.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvbmV0L3BjbmV0LmMg fCA4ICsrKysrKysrCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRpb25zKCsp CgpkaWZmIC0tZ2l0IGEvaHcvbmV0L3BjbmV0LmMgYi9ody9uZXQvcGNuZXQu YwppbmRleCBiZGZkMzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9uZXQv cGNuZXQuYworKysgYi9ody9uZXQvcGNuZXQuYwpAQCAtMTI0MSw2ICsxMjQx LDE0IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUg KnMpCiAgICAgICAgIH0KCiAgICAgICAgIGJjbnQgPSA0MDk2IC0gR0VUX0ZJ RUxEKHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOworCisgICAgICAgIC8qIGlm IG11bHRpLXRtZCBwYWNrZXQgb3V0c2l6ZXMgcy0+YnVmZmVyIHRoZW4gc2tp cCBpdCBzaWxlbnRseS4KKyAgICAgICAgICAgTm90ZTogdGhpcyBpcyBub3Qg d2hhdCByZWFsIGh3IGRvZXMgKi8KKyAgICAgICAgaWYgKHMtPnhtaXRfcG9z ICsgYmNudCA+IHNpemVvZihzLT5idWZmZXIpKSB7CisgICAgICAgICAgIHMt PnhtaXRfcG9zID0gLTE7CisgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAogICAgICAgICAgICAgICAg ICAgICAgICAgIHMtPmJ1ZmZlciArIHMtPnhtaXRfcG9zLCBiY250LCBDU1Jf QlNXUChzKSk7CiAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0tIAoy LjEuMAoK --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.2-1.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.2-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcv cGNuZXQuYwppbmRleCBjYmEyNTNiLi42YzViOTNmIDEwMDY0NAotLS0gYS9o dy9wY25ldC5jCisrKyBiL2h3L3BjbmV0LmMKQEAgLTEyMDksNyArMTIwOSw3 IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUgKnMp CiAgICAgdGFyZ2V0X3BoeXNfYWRkcl90IHhtaXRfY3hkYSA9IDA7CiAgICAg aW50IGNvdW50ID0gQ1NSX1hNVFJMKHMpLTE7CiAgICAgaW50IGFkZF9jcmMg PSAwOwotCisgICAgaW50IGJjbnQ7CiAgICAgcy0+eG1pdF9wb3MgPSAtMTsK IAogICAgIGlmICghQ1NSX1RYT04ocykpIHsKQEAgLTEyMzUsMzQgKzEyMzUs MzkgQEAgc3RhdGljIHZvaWQgcGNuZXRfdHJhbnNtaXQoUENOZXRTdGF0ZSAq cykKICAgICAgICAgICAgIGlmIChCQ1JfU1dTVFlMRShzKSAhPSAxKQogICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSBHRVRfRklFTEQodG1kLnN0YXR1cywg VE1EUywgQURERkNTKTsKICAgICAgICAgfQorCisgICAgICAgIGlmIChzLT54 bWl0X3BvcyA8IDApIHsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKKyAgICAgICAgYmNudCA9IDQwOTYgLSBHRVRfRklFTEQodG1k Lmxlbmd0aCwgVE1ETCwgQkNOVCk7CisgICAgICAgIHMtPnBoeXNfbWVtX3Jl YWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3Bv cywgYmNudCwgQ1NSX0JTV1AocykpOworICAgICAgICBzLT54bWl0X3BvcyAr PSBiY250OworCiAgICAgICAgIGlmICghR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIEVOUCkpIHsKLSAgICAgICAgICAgIGludCBiY250ID0gNDA5NiAt IEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURMLCBCQ05UKTsKLSAgICAgICAg ICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIo cywgdG1kLnRiYWRyKSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg cy0+YnVmZmVyICsgcy0+eG1pdF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsK LSAgICAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0gICAgICAgIH0g ZWxzZSBpZiAocy0+eG1pdF9wb3MgPj0gMCkgewotICAgICAgICAgICAgaW50 IGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxEKHRtZC5sZW5ndGgsIFRNREwsIEJD TlQpOwotICAgICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAotICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwg Q1NSX0JTV1AocykpOwotICAgICAgICAgICAgcy0+eG1pdF9wb3MgKz0gYmNu dDsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CiAjaWZk ZWYgUENORVRfREVCVUcKLSAgICAgICAgICAgIHByaW50ZigicGNuZXRfdHJh bnNtaXQgc2l6ZT0lZFxuIiwgcy0+eG1pdF9wb3MpOworICAgICAgICBwcmlu dGYoInBjbmV0X3RyYW5zbWl0IHNpemU9JWRcbiIsIHMtPnhtaXRfcG9zKTsK ICNlbmRpZgotICAgICAgICAgICAgaWYgKENTUl9MT09QKHMpKSB7Ci0gICAg ICAgICAgICAgICAgaWYgKEJDUl9TV1NUWUxFKHMpID09IDEpCi0gICAgICAg ICAgICAgICAgICAgIGFkZF9jcmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMs IFRNRFMsIE5PRkNTKTsKLSAgICAgICAgICAgICAgICBzLT5sb29wdGVzdCA9 IGFkZF9jcmMgPyBQQ05FVF9MT09QVEVTVF9DUkMgOiBQQ05FVF9MT09QVEVT VF9OT0NSQzsKLSAgICAgICAgICAgICAgICBwY25ldF9yZWNlaXZlKCZzLT5u aWMtPm5jLCBzLT5idWZmZXIsIHMtPnhtaXRfcG9zKTsKLSAgICAgICAgICAg ICAgICBzLT5sb29wdGVzdCA9IDA7Ci0gICAgICAgICAgICB9IGVsc2UKLSAg ICAgICAgICAgICAgICBpZiAocy0+bmljKQotICAgICAgICAgICAgICAgICAg ICBxZW11X3NlbmRfcGFja2V0KCZzLT5uaWMtPm5jLCBzLT5idWZmZXIsIHMt PnhtaXRfcG9zKTsKLQotICAgICAgICAgICAgcy0+Y3NyWzBdICY9IH4weDAw MDg7ICAgLyogY2xlYXIgVERNRCAqLwotICAgICAgICAgICAgcy0+Y3NyWzRd IHw9IDB4MDAwNDsgICAgLyogc2V0IFRYU1RSVCAqLwotICAgICAgICAgICAg cy0+eG1pdF9wb3MgPSAtMTsKKyAgICAgICAgaWYgKENTUl9MT09QKHMpKSB7 CisgICAgICAgICAgICBpZiAoQkNSX1NXU1RZTEUocykgPT0gMSkKKyAgICAg ICAgICAgICAgICBhZGRfY3JjID0gIUdFVF9GSUVMRCh0bWQuc3RhdHVzLCBU TURTLCBOT0ZDUyk7CisgICAgICAgICAgICBzLT5sb29wdGVzdCA9IGFkZF9j cmMgPyBQQ05FVF9MT09QVEVTVF9DUkMgOiBQQ05FVF9MT09QVEVTVF9OT0NS QzsKKyAgICAgICAgICAgIHBjbmV0X3JlY2VpdmUoJnMtPm5pYy0+bmMsIHMt PmJ1ZmZlciwgcy0+eG1pdF9wb3MpOworICAgICAgICAgICAgcy0+bG9vcHRl c3QgPSAwOworICAgICAgICB9IGVsc2UgeworICAgICAgICAgICAgaWYgKHMt Pm5pYykgeworICAgICAgICAgICAgICAgIHFlbXVfc2VuZF9wYWNrZXQoJnMt Pm5pYy0+bmMsIHMtPmJ1ZmZlciwgcy0+eG1pdF9wb3MpOworICAgICAgICAg ICAgfQogICAgICAgICB9CiAKKyAgICAgICAgcy0+Y3NyWzBdICY9IH4weDAw MDg7ICAgLyogY2xlYXIgVERNRCAqLworICAgICAgICBzLT5jc3JbNF0gfD0g MHgwMDA0OyAgICAvKiBzZXQgVFhTVFJUICovCisgICAgICAgIHMtPnhtaXRf cG9zID0gLTE7CisKKyAgICB0eGRvbmU6CiAgICAgICAgIFNFVF9GSUVMRCgm dG1kLnN0YXR1cywgVE1EUywgT1dOLCAwKTsKICAgICAgICAgVE1EU1RPUkUo JnRtZCwgUEhZU0FERFIocyxDU1JfQ1hEQShzKSkpOwogICAgICAgICBpZiAo IUNTUl9UT0tJTlREKHMpIHx8IChDU1JfTFRJTlRFTihzKSAmJiBHRVRfRklF TEQodG1kLnN0YXR1cywgVE1EUywgTFRJTlQpKSkK --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.2-2.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.2-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvcGNuZXQuYyB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRp ZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcvcGNuZXQuYwppbmRleCBiZGZk MzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9wY25ldC5jCisrKyBiL2h3 L3BjbmV0LmMKQEAgLTEyNDEsNiArMTI0MSwxNCBAQCBzdGF0aWMgdm9pZCBw Y25ldF90cmFuc21pdChQQ05ldFN0YXRlICpzKQogICAgICAgICB9CgogICAg ICAgICBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURM LCBCQ05UKTsKKworICAgICAgICAvKiBpZiBtdWx0aS10bWQgcGFja2V0IG91 dHNpemVzIHMtPmJ1ZmZlciB0aGVuIHNraXAgaXQgc2lsZW50bHkuCisgICAg ICAgICAgIE5vdGU6IHRoaXMgaXMgbm90IHdoYXQgcmVhbCBodyBkb2VzICov CisgICAgICAgIGlmIChzLT54bWl0X3BvcyArIGJjbnQgPiBzaXplb2Yocy0+ YnVmZmVyKSkgeworICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOworICAg ICAgICAgICBnb3RvIHR4ZG9uZTsKKyAgICAgICAgfQorCiAgICAgICAgIHMt PnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1k LnRiYWRyKSwKICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIg KyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwogICAgICAgICBz LT54bWl0X3BvcyArPSBiY250OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.3-1.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.3-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcv cGNuZXQuYwppbmRleCA1NGVlY2QwLi5jYTg2NzMzIDEwMDY0NAotLS0gYS9o dy9wY25ldC5jCisrKyBiL2h3L3BjbmV0LmMKQEAgLTEyMDksNyArMTIwOSw3 IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUgKnMp CiAgICAgaHdhZGRyIHhtaXRfY3hkYSA9IDA7CiAgICAgaW50IGNvdW50ID0g Q1NSX1hNVFJMKHMpLTE7CiAgICAgaW50IGFkZF9jcmMgPSAwOwotCisgICAg aW50IGJjbnQ7CiAgICAgcy0+eG1pdF9wb3MgPSAtMTsKIAogICAgIGlmICgh Q1NSX1RYT04ocykpIHsKQEAgLTEyNDQsMzQgKzEyNDQsMzkgQEAgc3RhdGlj IHZvaWQgcGNuZXRfdHJhbnNtaXQoUENOZXRTdGF0ZSAqcykKICAgICAgICAg ICAgIHMtPnhtaXRfcG9zID0gLTE7CiAgICAgICAgICAgICBnb3RvIHR4ZG9u ZTsKICAgICAgICAgfQorCisgICAgICAgIGlmIChzLT54bWl0X3BvcyA8IDAp IHsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CisKKyAg ICAgICAgYmNudCA9IDQwOTYgLSBHRVRfRklFTEQodG1kLmxlbmd0aCwgVE1E TCwgQkNOVCk7CisgICAgICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29w YXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKKyAgICAgICAgICAgICAg ICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwgQ1NS X0JTV1AocykpOworICAgICAgICBzLT54bWl0X3BvcyArPSBiY250OworCiAg ICAgICAgIGlmICghR0VUX0ZJRUxEKHRtZC5zdGF0dXMsIFRNRFMsIEVOUCkp IHsKLSAgICAgICAgICAgIGludCBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0 bWQubGVuZ3RoLCBUTURMLCBCQ05UKTsKLSAgICAgICAgICAgIHMtPnBoeXNf bWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1kLnRiYWRy KSwKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcy0+YnVmZmVyICsg cy0+eG1pdF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsKLSAgICAgICAgICAg IHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0gICAgICAgIH0gZWxzZSBpZiAocy0+ eG1pdF9wb3MgPj0gMCkgewotICAgICAgICAgICAgaW50IGJjbnQgPSA0MDk2 IC0gR0VUX0ZJRUxEKHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOwotICAgICAg ICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3BhcXVlLCBQSFlTQURE UihzLCB0bWQudGJhZHIpLAotICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBzLT5idWZmZXIgKyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1Aocykp OwotICAgICAgICAgICAgcy0+eG1pdF9wb3MgKz0gYmNudDsKKyAgICAgICAg ICAgIGdvdG8gdHhkb25lOworICAgICAgICB9CisKICNpZmRlZiBQQ05FVF9E RUJVRwotICAgICAgICAgICAgcHJpbnRmKCJwY25ldF90cmFuc21pdCBzaXpl PSVkXG4iLCBzLT54bWl0X3Bvcyk7CisgICAgICAgIHByaW50ZigicGNuZXRf dHJhbnNtaXQgc2l6ZT0lZFxuIiwgcy0+eG1pdF9wb3MpOwogI2VuZGlmCi0g ICAgICAgICAgICBpZiAoQ1NSX0xPT1AocykpIHsKLSAgICAgICAgICAgICAg ICBpZiAoQkNSX1NXU1RZTEUocykgPT0gMSkKLSAgICAgICAgICAgICAgICAg ICAgYWRkX2NyYyA9ICFHRVRfRklFTEQodG1kLnN0YXR1cywgVE1EUywgTk9G Q1MpOwotICAgICAgICAgICAgICAgIHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/ IFBDTkVUX0xPT1BURVNUX0NSQyA6IFBDTkVUX0xPT1BURVNUX05PQ1JDOwot ICAgICAgICAgICAgICAgIHBjbmV0X3JlY2VpdmUoJnMtPm5pYy0+bmMsIHMt PmJ1ZmZlciwgcy0+eG1pdF9wb3MpOwotICAgICAgICAgICAgICAgIHMtPmxv b3B0ZXN0ID0gMDsKLSAgICAgICAgICAgIH0gZWxzZQotICAgICAgICAgICAg ICAgIGlmIChzLT5uaWMpCi0gICAgICAgICAgICAgICAgICAgIHFlbXVfc2Vu ZF9wYWNrZXQoJnMtPm5pYy0+bmMsIHMtPmJ1ZmZlciwgcy0+eG1pdF9wb3Mp OwotCi0gICAgICAgICAgICBzLT5jc3JbMF0gJj0gfjB4MDAwODsgICAvKiBj bGVhciBURE1EICovCi0gICAgICAgICAgICBzLT5jc3JbNF0gfD0gMHgwMDA0 OyAgICAvKiBzZXQgVFhTVFJUICovCi0gICAgICAgICAgICBzLT54bWl0X3Bv cyA9IC0xOworICAgICAgICBpZiAoQ1NSX0xPT1AocykpIHsKKyAgICAgICAg ICAgIGlmIChCQ1JfU1dTVFlMRShzKSA9PSAxKQorICAgICAgICAgICAgICAg IGFkZF9jcmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMsIFRNRFMsIE5PRkNT KTsKKyAgICAgICAgICAgIHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/IFBDTkVU X0xPT1BURVNUX0NSQyA6IFBDTkVUX0xPT1BURVNUX05PQ1JDOworICAgICAg ICAgICAgcGNuZXRfcmVjZWl2ZSgmcy0+bmljLT5uYywgcy0+YnVmZmVyLCBz LT54bWl0X3Bvcyk7CisgICAgICAgICAgICBzLT5sb29wdGVzdCA9IDA7Cisg ICAgICAgIH0gZWxzZSB7CisgICAgICAgICAgICBpZiAocy0+bmljKSB7Cisg ICAgICAgICAgICAgICAgcWVtdV9zZW5kX3BhY2tldCgmcy0+bmljLT5uYywg cy0+YnVmZmVyLCBzLT54bWl0X3Bvcyk7CisgICAgICAgICAgICB9CiAgICAg ICAgIH0KIAorICAgICAgICBzLT5jc3JbMF0gJj0gfjB4MDAwODsgICAvKiBj bGVhciBURE1EICovCisgICAgICAgIHMtPmNzcls0XSB8PSAweDAwMDQ7ICAg IC8qIHNldCBUWFNUUlQgKi8KKyAgICAgICAgcy0+eG1pdF9wb3MgPSAtMTsK KwogICAgIHR4ZG9uZToKICAgICAgICAgU0VUX0ZJRUxEKCZ0bWQuc3RhdHVz LCBUTURTLCBPV04sIDApOwogICAgICAgICBUTURTVE9SRSgmdG1kLCBQSFlT QUREUihzLENTUl9DWERBKHMpKSk7Cg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.3-2.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.3-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvcGNuZXQuYyB8IDgg KysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKykKCmRp ZmYgLS1naXQgYS9ody9wY25ldC5jIGIvaHcvcGNuZXQuYwppbmRleCBiZGZk MzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9wY25ldC5jCisrKyBiL2h3 L3BjbmV0LmMKQEAgLTEyNDEsNiArMTI0MSwxNCBAQCBzdGF0aWMgdm9pZCBw Y25ldF90cmFuc21pdChQQ05ldFN0YXRlICpzKQogICAgICAgICB9CgogICAg ICAgICBiY250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURM LCBCQ05UKTsKKworICAgICAgICAvKiBpZiBtdWx0aS10bWQgcGFja2V0IG91 dHNpemVzIHMtPmJ1ZmZlciB0aGVuIHNraXAgaXQgc2lsZW50bHkuCisgICAg ICAgICAgIE5vdGU6IHRoaXMgaXMgbm90IHdoYXQgcmVhbCBodyBkb2VzICov CisgICAgICAgIGlmIChzLT54bWl0X3BvcyArIGJjbnQgPiBzaXplb2Yocy0+ YnVmZmVyKSkgeworICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOworICAg ICAgICAgICBnb3RvIHR4ZG9uZTsKKyAgICAgICAgfQorCiAgICAgICAgIHMt PnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1ZSwgUEhZU0FERFIocywgdG1k LnRiYWRyKSwKICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIg KyBzLT54bWl0X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwogICAgICAgICBz LT54bWl0X3BvcyArPSBiY250OwotLSAKMi4xLjAKCg== --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.5-1.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.5-1.patch" Content-Transfer-Encoding: base64 cGNuZXQ6IGZpeCBOZWdhdGl2ZSBhcnJheSBpbmRleCByZWFkCiAgICAKRnJv bTogR29uZ2xlaSA8YXJlaS5nb25nbGVpQGh1YXdlaS5jb20+CgpzLT54bWl0 X3BvcyBtYXliZSBhc3NpZ25lZCB0byBhIG5lZ2F0aXZlIHZhbHVlICgtMSks CmJ1dCBpbiB0aGlzIGJyYW5jaCB2YXJpYWJsZSBzLT54bWl0X3BvcyBhcyBh biBpbmRleCB0bwphcnJheSBzLT5idWZmZXIuIExldCdzIGFkZCBhIGNoZWNr IGZvciBzLT54bWl0X3Bvcy4KICAgIAp1cHN0cmVhbS1jb21taXQtaWQ6IDdi NTBkMDA5MTFkZGQ2ZDU2YTc2NmFjNTY3MWU0NzMwNGMyMGEyMWIKClNpZ25l ZC1vZmYtYnk6IEdvbmdsZWkgPGFyZWkuZ29uZ2xlaUBodWF3ZWkuY29tPgpT aWduZWQtb2ZmLWJ5OiBQYW9sbyBCb256aW5pIDxwYm9uemluaUByZWRoYXQu Y29tPgpSZXZpZXdlZC1ieTogSmFzb24gV2FuZyA8amFzb3dhbmdAcmVkaGF0 LmNvbT4KUmV2aWV3ZWQtYnk6IEphc29uIFdhbmcgPGphc293YW5nQHJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZWZhbiBIYWpub2N6aSA8c3RlZmFu aGFAcmVkaGF0LmNvbT4KCmRpZmYgLS1naXQgYS9ody9uZXQvcGNuZXQuYyBi L2h3L25ldC9wY25ldC5jCmluZGV4IGQzNDRjMTUuLmY0MDliOTIgMTAwNjQ0 Ci0tLSBhL2h3L25ldC9wY25ldC5jCisrKyBiL2h3L25ldC9wY25ldC5jCkBA IC0xMjEyLDcgKzEyMTIsNyBAQCBzdGF0aWMgdm9pZCBwY25ldF90cmFuc21p dChQQ05ldFN0YXRlICpzKQogICAgIGh3YWRkciB4bWl0X2N4ZGEgPSAwOwog ICAgIGludCBjb3VudCA9IENTUl9YTVRSTChzKS0xOwogICAgIGludCBhZGRf Y3JjID0gMDsKLQorICAgIGludCBiY250OwogICAgIHMtPnhtaXRfcG9zID0g LTE7CiAKICAgICBpZiAoIUNTUl9UWE9OKHMpKSB7CkBAIC0xMjQ3LDM1ICsx MjQ3LDQwIEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3Rh dGUgKnMpCiAgICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0xOwogICAgICAg ICAgICAgZ290byB0eGRvbmU7CiAgICAgICAgIH0KKworICAgICAgICBpZiAo cy0+eG1pdF9wb3MgPCAwKSB7CisgICAgICAgICAgICBnb3RvIHR4ZG9uZTsK KyAgICAgICAgfQorCisgICAgICAgIGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxE KHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOworICAgICAgICBzLT5waHlzX21l bV9yZWFkKHMtPmRtYV9vcGFxdWUsIFBIWVNBRERSKHMsIHRtZC50YmFkciks CisgICAgICAgICAgICAgICAgICAgICAgICAgcy0+YnVmZmVyICsgcy0+eG1p dF9wb3MsIGJjbnQsIENTUl9CU1dQKHMpKTsKKyAgICAgICAgcy0+eG1pdF9w b3MgKz0gYmNudDsKKyAgICAgICAgCiAgICAgICAgIGlmICghR0VUX0ZJRUxE KHRtZC5zdGF0dXMsIFRNRFMsIEVOUCkpIHsKLSAgICAgICAgICAgIGludCBi Y250ID0gNDA5NiAtIEdFVF9GSUVMRCh0bWQubGVuZ3RoLCBUTURMLCBCQ05U KTsKLSAgICAgICAgICAgIHMtPnBoeXNfbWVtX3JlYWQocy0+ZG1hX29wYXF1 ZSwgUEhZU0FERFIocywgdG1kLnRiYWRyKSwKLSAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgcy0+YnVmZmVyICsgcy0+eG1pdF9wb3MsIGJjbnQsIENT Ul9CU1dQKHMpKTsKLSAgICAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7 Ci0gICAgICAgIH0gZWxzZSBpZiAocy0+eG1pdF9wb3MgPj0gMCkgewotICAg ICAgICAgICAgaW50IGJjbnQgPSA0MDk2IC0gR0VUX0ZJRUxEKHRtZC5sZW5n dGgsIFRNREwsIEJDTlQpOwotICAgICAgICAgICAgcy0+cGh5c19tZW1fcmVh ZChzLT5kbWFfb3BhcXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAotICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBzLT5idWZmZXIgKyBzLT54bWl0 X3BvcywgYmNudCwgQ1NSX0JTV1AocykpOwotICAgICAgICAgICAgcy0+eG1p dF9wb3MgKz0gYmNudDsKKyAgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKICNpZmRlZiBQQ05FVF9ERUJVRwotICAgICAgICAgICAgcHJp bnRmKCJwY25ldF90cmFuc21pdCBzaXplPSVkXG4iLCBzLT54bWl0X3Bvcyk7 CisgICAgICAgIHByaW50ZigicGNuZXRfdHJhbnNtaXQgc2l6ZT0lZFxuIiwg cy0+eG1pdF9wb3MpOwogI2VuZGlmCi0gICAgICAgICAgICBpZiAoQ1NSX0xP T1AocykpIHsKLSAgICAgICAgICAgICAgICBpZiAoQkNSX1NXU1RZTEUocykg PT0gMSkKLSAgICAgICAgICAgICAgICAgICAgYWRkX2NyYyA9ICFHRVRfRklF TEQodG1kLnN0YXR1cywgVE1EUywgTk9GQ1MpOwotICAgICAgICAgICAgICAg IHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/IFBDTkVUX0xPT1BURVNUX0NSQyA6 IFBDTkVUX0xPT1BURVNUX05PQ1JDOwotICAgICAgICAgICAgICAgIHBjbmV0 X3JlY2VpdmUocWVtdV9nZXRfcXVldWUocy0+bmljKSwgcy0+YnVmZmVyLCBz LT54bWl0X3Bvcyk7Ci0gICAgICAgICAgICAgICAgcy0+bG9vcHRlc3QgPSAw OwotICAgICAgICAgICAgfSBlbHNlCi0gICAgICAgICAgICAgICAgaWYgKHMt Pm5pYykKLSAgICAgICAgICAgICAgICAgICAgcWVtdV9zZW5kX3BhY2tldChx ZW11X2dldF9xdWV1ZShzLT5uaWMpLCBzLT5idWZmZXIsCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgcy0+eG1pdF9wb3MpOwotCi0g ICAgICAgICAgICBzLT5jc3JbMF0gJj0gfjB4MDAwODsgICAvKiBjbGVhciBU RE1EICovCi0gICAgICAgICAgICBzLT5jc3JbNF0gfD0gMHgwMDA0OyAgICAv KiBzZXQgVFhTVFJUICovCi0gICAgICAgICAgICBzLT54bWl0X3BvcyA9IC0x OworICAgICAgICBpZiAoQ1NSX0xPT1AocykpIHsKKyAgICAgICAgICAgIGlm IChCQ1JfU1dTVFlMRShzKSA9PSAxKQorICAgICAgICAgICAgICAgIGFkZF9j cmMgPSAhR0VUX0ZJRUxEKHRtZC5zdGF0dXMsIFRNRFMsIE5PRkNTKTsKKyAg ICAgICAgICAgIHMtPmxvb3B0ZXN0ID0gYWRkX2NyYyA/IFBDTkVUX0xPT1BU RVNUX0NSQyA6IFBDTkVUX0xPT1BURVNUX05PQ1JDOworICAgICAgICAgICAg cGNuZXRfcmVjZWl2ZShxZW11X2dldF9xdWV1ZShzLT5uaWMpLCBzLT5idWZm ZXIsIHMtPnhtaXRfcG9zKTsKKyAgICAgICAgICAgIHMtPmxvb3B0ZXN0ID0g MDsKKyAgICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAgIGlmIChzLT5uaWMp IHsKKyAgICAgICAgICAgICAgICBxZW11X3NlbmRfcGFja2V0KHFlbXVfZ2V0 X3F1ZXVlKHMtPm5pYyksIHMtPmJ1ZmZlciwKKyAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHMtPnhtaXRfcG9zKTsKKyAgICAgICAgICAgIH0K ICAgICAgICAgfQogCisgICAgICAgIHMtPmNzclswXSAmPSB+MHgwMDA4OyAg IC8qIGNsZWFyIFRETUQgKi8KKyAgICAgICAgcy0+Y3NyWzRdIHw9IDB4MDAw NDsgICAgLyogc2V0IFRYU1RSVCAqLworICAgICAgICBzLT54bWl0X3BvcyA9 IC0xOworCiAgICAgdHhkb25lOgogICAgICAgICBTRVRfRklFTEQoJnRtZC5z dGF0dXMsIFRNRFMsIE9XTiwgMCk7CiAgICAgICAgIFRNRFNUT1JFKCZ0bWQs IFBIWVNBRERSKHMsQ1NSX0NYREEocykpKTsK --=separator Content-Type: application/octet-stream; name="xsa135-qemuu-4.5-2.patch" Content-Disposition: attachment; filename="xsa135-qemuu-4.5-2.patch" Content-Transfer-Encoding: base64 RnJvbSAyNjMwNjcyYWIyMjI1NWRlMjUyZjg3NzcwOTg1MWMwNTU3YTFjNjQ3 IE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRyIE1hdG91c2Vr IDxwbWF0b3VzZUByZWRoYXQuY29tPgpEYXRlOiBTdW4sIDI0IE1heSAyMDE1 IDEwOjUzOjQ0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gcGNuZXQ6IGZvcmNl IHRoZSBidWZmZXIgYWNjZXNzIHRvIGJlIGluIGJvdW5kcyBkdXJpbmcgdHgK CjQwOTYgaXMgdGhlIG1heGltdW0gbGVuZ3RoIHBlciBUTUQgYW5kIGl0IGlz IGFsc28gY3VycmVudGx5IHRoZSBzaXplIG9mCnRoZSByZWxheSBidWZmZXIg cGNuZXQgZHJpdmVyIHVzZXMgZm9yIHNlbmRpbmcgdGhlIHBhY2tldCBkYXRh IHRvIFFFTVUKZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZy4gV2l0aCBwYWNrZXQg c3Bhbm5pbmcgbXVsdGlwbGUgVE1EcyBpdCBjYW4KaGFwcGVuIHRoYXQgdGhl IG92ZXJhbGwgcGFja2V0IHNpemUgd2lsbCBiZSBiaWdnZXIgdGhhbiBzaXpl b2YoYnVmZmVyKSwKd2hpY2ggcmVzdWx0cyBpbiBtZW1vcnkgY29ycnVwdGlv bi4KCkZpeCB0aGlzIGJ5IG9ubHkgYWxsb3dpbmcgdG8gcXVldWUgbWF4aW11 bSBzaXplb2YoYnVmZmVyKSBieXRlcy4KClRoaXMgaXMgQ1ZFLTIwMTUtMzIw OS4KClNpZ25lZC1vZmYtYnk6IFBldHIgTWF0b3VzZWsgPHBtYXRvdXNlQHJl ZGhhdC5jb20+ClJlcG9ydGVkLWJ5OiBNYXR0IFRhaXQgPG1hdHR0YWl0QGdv b2dsZS5jb20+ClJldmlld2VkLWJ5OiBQZXRlciBNYXlkZWxsIDxwZXRlci5t YXlkZWxsQGxpbmFyby5vcmc+ClJldmlld2VkLWJ5OiBTdGVmYW4gSGFqbm9j emkgPHN0ZWZhbmhhQHJlZGhhdC5jb20+Ci0tLQogaHcvbmV0L3BjbmV0LmMg fCA4ICsrKysrKysrCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRpb25zKCsp CgpkaWZmIC0tZ2l0IGEvaHcvbmV0L3BjbmV0LmMgYi9ody9uZXQvcGNuZXQu YwppbmRleCBiZGZkMzhmLi42ZDMyZTRjIDEwMDY0NAotLS0gYS9ody9uZXQv cGNuZXQuYworKysgYi9ody9uZXQvcGNuZXQuYwpAQCAtMTI0MSw2ICsxMjQx LDE0IEBAIHN0YXRpYyB2b2lkIHBjbmV0X3RyYW5zbWl0KFBDTmV0U3RhdGUg KnMpCiAgICAgICAgIH0KCiAgICAgICAgIGJjbnQgPSA0MDk2IC0gR0VUX0ZJ RUxEKHRtZC5sZW5ndGgsIFRNREwsIEJDTlQpOworCisgICAgICAgIC8qIGlm IG11bHRpLXRtZCBwYWNrZXQgb3V0c2l6ZXMgcy0+YnVmZmVyIHRoZW4gc2tp cCBpdCBzaWxlbnRseS4KKyAgICAgICAgICAgTm90ZTogdGhpcyBpcyBub3Qg d2hhdCByZWFsIGh3IGRvZXMgKi8KKyAgICAgICAgaWYgKHMtPnhtaXRfcG9z ICsgYmNudCA+IHNpemVvZihzLT5idWZmZXIpKSB7CisgICAgICAgICAgIHMt PnhtaXRfcG9zID0gLTE7CisgICAgICAgICAgIGdvdG8gdHhkb25lOworICAg ICAgICB9CisKICAgICAgICAgcy0+cGh5c19tZW1fcmVhZChzLT5kbWFfb3Bh cXVlLCBQSFlTQUREUihzLCB0bWQudGJhZHIpLAogICAgICAgICAgICAgICAg ICAgICAgICAgIHMtPmJ1ZmZlciArIHMtPnhtaXRfcG9zLCBiY250LCBDU1Jf QlNXUChzKSk7CiAgICAgICAgIHMtPnhtaXRfcG9zICs9IGJjbnQ7Ci0tIAoy LjEuMAoK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jun 11 12:30:54 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Jun 2015 12:30:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31c5-0000UK-12; Thu, 11 Jun 2015 12:29:41 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31c2-0000U8-UD; Thu, 11 Jun 2015 12:29:39 +0000 Received: from [85.158.137.68] by server-6.bemta-3.messagelabs.com id AE/E7-13517-23F79755; Thu, 11 Jun 2015 12:29:38 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-5.tower-31.messagelabs.com!1434025776!15363612!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 17968 invoked from network); 11 Jun 2015 12:29:37 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-5.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 11 Jun 2015 12:29:37 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31bt-00080v-A6; Thu, 11 Jun 2015 12:29:29 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Z31bs-0002MZ-TR; Thu, 11 Jun 2015 12:29:29 +0000 Date: Thu, 11 Jun 2015 12:29:29 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 134 (CVE-2015-4163) - GNTTABOP_swap_grant_ref operation misbehavior X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4163 / XSA-134 version 3 GNTTABOP_swap_grant_ref operation misbehavior UPDATES IN VERSION 3 ==================== Public release. Added email header syntax to patches, for e.g. git-am. ISSUE DESCRIPTION ================= With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOP_swap_grant_ref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest issued this hypercall without a prior GNTTABOP_setup_table or GNTTABOP_set_version. The effect is a possible NULL pointer dereferences. However, this cannot be exploited to elevate privileges of the attacking domain, as the maximum memory address that can be wrongly accessed this way is bounded to far below the start of hypervisor memory. IMPACT ====== Malicious or buggy guest domain kernels can mount a denial of service attack which, if successful, can affect the whole system. VULNERABLE SYSTEMS ================== Xen versions from 4.2 onwards are vulnerable. MITIGATION ========== There is no mitigation available. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa134.patch xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa134*.patch fff911a994a5031831cabd574bcba281eff438559706414a1886502eaa05ee12 xsa134.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVeX71AAoJEIP+FMlX6CvZ67gIALM9l5JdS8BN9b1/CsXSr246 kwuTcDX/dmvVeoMMU5tYag5H6HbpFaI4GX5rvTIVS1fqHRygyRCGJmgQQQf2EmOh E6PKeCzfYoUh6t8YoV5RtYFcUA8qPG6AmXjQGU5tbrCgM7kGYcHU+dFHUu7VEoBH 7Rjzwkht/u64nFRJOU7zBLiCc0/yB1K0JystM1m5przdcTTfawl1bdknG3wGxAuk +jSQk6+rBATZgRY3r2mjvUnXvSJfsV/UklRhJCRXT0jz4O+gdgP4AU33RtGx8Evc 64wIORu50Imvo5ZR4yCwElw/TnIJeyY3Nbq6vltMvWhhqxhyNhG+a+t2BrsD8Sc= =sqdZ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa134.patch" Content-Disposition: attachment; filename="xsa134.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFkZCBtaXNzaW5nIHZlcnNpb24gY2hlY2sgdG8gR05UVEFC T1Bfc3dhcF9ncmFudF9yZWYgaGFuZGxpbmcKCi4uLiBhdm9pZGluZyBOVUxM IGRlcmVmcyB3aGVuIHRoZSB2ZXJzaW9uIHRvIHVzZSB3YXNuJ3Qgc2V0IHll dCAodmlhCkdOVFRBQk9QX3NldHVwX3RhYmxlIG9yIEdOVFRBQk9QX3NldF92 ZXJzaW9uKS4KClRoaXMgaXMgWFNBLTEzNC4KClNpZ25lZC1vZmYtYnk6IEph biBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBD YW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIveGVuL2NvbW1vbi9ncmFudF90 YWJsZS5jCkBAIC0yNTkyLDYgKzI1OTIsOSBAQCBfX2dudHRhYl9zd2FwX2dy YW50X3JlZihncmFudF9yZWZfdCByZWZfCiAKICAgICBzcGluX2xvY2soJmd0 LT5sb2NrKTsKIAorICAgIGlmICggZ3QtPmd0X3ZlcnNpb24gPT0gMCApCisg ICAgICAgIFBJTl9GQUlMKG91dCwgR05UU1RfZ2VuZXJhbF9lcnJvciwgImdy YW50IHRhYmxlIG5vdCB5ZXQgc2V0IHVwXG4iKTsKKwogICAgIC8qIEJvdW5k cyBjaGVjayBvbiB0aGUgZ3JhbnQgcmVmcyAqLwogICAgIGlmICggdW5saWtl bHkocmVmX2EgPj0gbnJfZ3JhbnRfZW50cmllcyhkLT5ncmFudF90YWJsZSkp KQogICAgICAgICBQSU5fRkFJTChvdXQsIEdOVFNUX2JhZF9nbnRyZWYsICJC YWQgcmVmLWEgKCVkKS5cbiIsIHJlZl9hKTsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jun 11 12:30:54 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Jun 2015 12:30:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31co-0000eD-Iz; Thu, 11 Jun 2015 12:30:26 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31cm-0000d8-Ee; Thu, 11 Jun 2015 12:30:24 +0000 Received: from [85.158.137.68] by server-5.bemta-3.messagelabs.com id CF/27-23832-F5F79755; Thu, 11 Jun 2015 12:30:23 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-8.tower-31.messagelabs.com!1434025821!15342133!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14877 invoked from network); 11 Jun 2015 12:30:22 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-8.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 11 Jun 2015 12:30:22 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31cd-00082K-HH; Thu, 11 Jun 2015 12:30:15 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Z31cd-0002ro-EG; Thu, 11 Jun 2015 12:30:15 +0000 Date: Thu, 11 Jun 2015 12:30:15 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 136 (CVE-2015-4164) - vulnerability in the iret hypercall handler X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4164 / XSA-136 version 3 vulnerability in the iret hypercall handler UPDATES IN VERSION 3 ==================== Public release. Added email header syntax to patches, for e.g. git-am. ISSUE DESCRIPTION ================= A buggy loop in Xen's compat_iret() function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercall_iret with EFLAGS.VM set. Given the use of __get/put_user(), and that the virtual addresses in question are contained within the lower canonical half, the guest cannot clobber any hypervisor data. Instead, Xen will take up to 2^33 pagefaults, in sequence, effectively hanging the host. IMPACT ====== Malicious guest administrators can cause a denial of service affecting the whole system. VULNERABLE SYSTEMS ================== Only 64-bit x86 (ARCH=x86_64) builds of Xen are vulnerable. 32-bit builds (ARCH=x86_32) (necessarily of Xen 4.2 or earlier), are not affected. Xen versions 3.1 or later are vulnerable. ARM systems are not vulnerable. Only 32-bit PV guests can exploit the vulnerability. MITIGATION ========== Systems which only need to run 32-bit guests and are running Xen 4.2 or earlier can avoid the vulnerability by using a 32-bit build of Xen instead of a 64-bit build. (The dom0 operating system would have to be 32-bit too.) If the boot process and kernel for the guest can be controlled, forcing it to use a 64-bit kernel will avoid the vulnerability. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the attached patch resolves this issue. $ sha256sum xsa136*.patch b54a71cf41d333345a9b8fd5f3f1aa644000a24e20343b54e5a41cd51d14af04 xsa136.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVeX73AAoJEIP+FMlX6CvZwMsIAIkHonCdvStKAJZ6WpWFaAeo dgEBdQ0tHCkuEu3PNBNy0YPklBdATwQNOjt+XZj6qDJv0HvBykZNoam0E9UCqH85 BYS0ASvjxUQrd61PrTWGmdh9XKMj2FJRGmpumr4XnNzcOalwOLuwUmfIauEIQaMy 0yxrgcoWk2C3oWIO54m/vObwdttNlbGInrBK1bDyrOtAX0UrHByLU7dPCe0TlE5l IIa7QH/FcKLp7+RhxIEOQGBvuMSnw2bcXSqCIwleGo1RpnzcA/N1P+8FNs9rWmm/ toGYLeaQus8h9fEe51zGKOTQrf+WWuKhSjwkxSFr/HEH6xHEl+oCYvwlyB5CviM= =yJg0 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa136.patch" Content-Disposition: attachment; filename="xsa136.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L3RyYXBzOiBsb29wIGluIHRoZSBjb3JyZWN0IGRp cmVjdGlvbiBpbiBjb21wYXRfaXJldCgpCgpUaGlzIGlzIFhTQS0xMzYuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9jb21wYXQv dHJhcHMuYworKysgYi94ZW4vYXJjaC94ODYveDg2XzY0L2NvbXBhdC90cmFw cy5jCkBAIC0xMTksNyArMTE5LDcgQEAgdW5zaWduZWQgaW50IGNvbXBhdF9p cmV0KHZvaWQpCiAgICAgICAgIH0KICAgICAgICAgZWxzZSBpZiAoIGtzcCA+ IHJlZ3MtPl9lc3AgKQogICAgICAgICB7Ci0gICAgICAgICAgICBmb3IgKGkg PSA5OyBpID4gMDsgKytpKQorICAgICAgICAgICAgZm9yICggaSA9IDk7IGkg PiAwOyAtLWkgKQogICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIHJj IHw9IF9fZ2V0X3VzZXIoeCwgKHUzMiAqKXJlZ3MtPnJzcCArIGkpOwogICAg ICAgICAgICAgICAgIHJjIHw9IF9fcHV0X3VzZXIoeCwgKHUzMiAqKSh1bnNp Z25lZCBsb25nKWtzcCArIGkpOwo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jun 11 12:30:54 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Jun 2015 12:30:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31c5-0000UK-12; Thu, 11 Jun 2015 12:29:41 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31c2-0000U8-UD; Thu, 11 Jun 2015 12:29:39 +0000 Received: from [85.158.137.68] by server-6.bemta-3.messagelabs.com id AE/E7-13517-23F79755; Thu, 11 Jun 2015 12:29:38 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-5.tower-31.messagelabs.com!1434025776!15363612!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 17968 invoked from network); 11 Jun 2015 12:29:37 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-5.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 11 Jun 2015 12:29:37 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31bt-00080v-A6; Thu, 11 Jun 2015 12:29:29 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Z31bs-0002MZ-TR; Thu, 11 Jun 2015 12:29:29 +0000 Date: Thu, 11 Jun 2015 12:29:29 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 134 (CVE-2015-4163) - GNTTABOP_swap_grant_ref operation misbehavior X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4163 / XSA-134 version 3 GNTTABOP_swap_grant_ref operation misbehavior UPDATES IN VERSION 3 ==================== Public release. Added email header syntax to patches, for e.g. git-am. ISSUE DESCRIPTION ================= With the introduction of version 2 grant table operations, a version check became necessary for most grant table related hypercalls. The GNTTABOP_swap_grant_ref call was lacking such a check. As a result, the subsequent code behaved as if version 2 was in use, when a guest issued this hypercall without a prior GNTTABOP_setup_table or GNTTABOP_set_version. The effect is a possible NULL pointer dereferences. However, this cannot be exploited to elevate privileges of the attacking domain, as the maximum memory address that can be wrongly accessed this way is bounded to far below the start of hypervisor memory. IMPACT ====== Malicious or buggy guest domain kernels can mount a denial of service attack which, if successful, can affect the whole system. VULNERABLE SYSTEMS ================== Xen versions from 4.2 onwards are vulnerable. MITIGATION ========== There is no mitigation available. CREDITS ======= This issue was discovered by Jan Beulich of SUSE. RESOLUTION ========== Applying the attached patch resolves this issue. xsa134.patch xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa134*.patch fff911a994a5031831cabd574bcba281eff438559706414a1886502eaa05ee12 xsa134.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVeX71AAoJEIP+FMlX6CvZ67gIALM9l5JdS8BN9b1/CsXSr246 kwuTcDX/dmvVeoMMU5tYag5H6HbpFaI4GX5rvTIVS1fqHRygyRCGJmgQQQf2EmOh E6PKeCzfYoUh6t8YoV5RtYFcUA8qPG6AmXjQGU5tbrCgM7kGYcHU+dFHUu7VEoBH 7Rjzwkht/u64nFRJOU7zBLiCc0/yB1K0JystM1m5przdcTTfawl1bdknG3wGxAuk +jSQk6+rBATZgRY3r2mjvUnXvSJfsV/UklRhJCRXT0jz4O+gdgP4AU33RtGx8Evc 64wIORu50Imvo5ZR4yCwElw/TnIJeyY3Nbq6vltMvWhhqxhyNhG+a+t2BrsD8Sc= =sqdZ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa134.patch" Content-Disposition: attachment; filename="xsa134.patch" Content-Transfer-Encoding: base64 RnJvbTogSmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpTdWJqZWN0 OiBnbnR0YWI6IGFkZCBtaXNzaW5nIHZlcnNpb24gY2hlY2sgdG8gR05UVEFC T1Bfc3dhcF9ncmFudF9yZWYgaGFuZGxpbmcKCi4uLiBhdm9pZGluZyBOVUxM IGRlcmVmcyB3aGVuIHRoZSB2ZXJzaW9uIHRvIHVzZSB3YXNuJ3Qgc2V0IHll dCAodmlhCkdOVFRBQk9QX3NldHVwX3RhYmxlIG9yIEdOVFRBQk9QX3NldF92 ZXJzaW9uKS4KClRoaXMgaXMgWFNBLTEzNC4KClNpZ25lZC1vZmYtYnk6IEph biBCZXVsaWNoIDxqYmV1bGljaEBzdXNlLmNvbT4KQWNrZWQtYnk6IElhbiBD YW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJpeC5jb20+CgotLS0gYS94ZW4v Y29tbW9uL2dyYW50X3RhYmxlLmMKKysrIGIveGVuL2NvbW1vbi9ncmFudF90 YWJsZS5jCkBAIC0yNTkyLDYgKzI1OTIsOSBAQCBfX2dudHRhYl9zd2FwX2dy YW50X3JlZihncmFudF9yZWZfdCByZWZfCiAKICAgICBzcGluX2xvY2soJmd0 LT5sb2NrKTsKIAorICAgIGlmICggZ3QtPmd0X3ZlcnNpb24gPT0gMCApCisg ICAgICAgIFBJTl9GQUlMKG91dCwgR05UU1RfZ2VuZXJhbF9lcnJvciwgImdy YW50IHRhYmxlIG5vdCB5ZXQgc2V0IHVwXG4iKTsKKwogICAgIC8qIEJvdW5k cyBjaGVjayBvbiB0aGUgZ3JhbnQgcmVmcyAqLwogICAgIGlmICggdW5saWtl bHkocmVmX2EgPj0gbnJfZ3JhbnRfZW50cmllcyhkLT5ncmFudF90YWJsZSkp KQogICAgICAgICBQSU5fRkFJTChvdXQsIEdOVFNUX2JhZF9nbnRyZWYsICJC YWQgcmVmLWEgKCVkKS5cbiIsIHJlZl9hKTsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Thu Jun 11 12:30:54 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Jun 2015 12:30:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31co-0000eD-Iz; Thu, 11 Jun 2015 12:30:26 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31cm-0000d8-Ee; Thu, 11 Jun 2015 12:30:24 +0000 Received: from [85.158.137.68] by server-5.bemta-3.messagelabs.com id CF/27-23832-F5F79755; Thu, 11 Jun 2015 12:30:23 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-8.tower-31.messagelabs.com!1434025821!15342133!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14877 invoked from network); 11 Jun 2015 12:30:22 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-8.tower-31.messagelabs.com with AES256-SHA encrypted SMTP; 11 Jun 2015 12:30:22 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z31cd-00082K-HH; Thu, 11 Jun 2015 12:30:15 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1Z31cd-0002ro-EG; Thu, 11 Jun 2015 12:30:15 +0000 Date: Thu, 11 Jun 2015 12:30:15 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 136 (CVE-2015-4164) - vulnerability in the iret hypercall handler X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2015-4164 / XSA-136 version 3 vulnerability in the iret hypercall handler UPDATES IN VERSION 3 ==================== Public release. Added email header syntax to patches, for e.g. git-am. ISSUE DESCRIPTION ================= A buggy loop in Xen's compat_iret() function iterates the wrong way around a 32-bit index. Any 32-bit PV guest kernel can trigger this vulnerability by attempting a hypercall_iret with EFLAGS.VM set. Given the use of __get/put_user(), and that the virtual addresses in question are contained within the lower canonical half, the guest cannot clobber any hypervisor data. Instead, Xen will take up to 2^33 pagefaults, in sequence, effectively hanging the host. IMPACT ====== Malicious guest administrators can cause a denial of service affecting the whole system. VULNERABLE SYSTEMS ================== Only 64-bit x86 (ARCH=x86_64) builds of Xen are vulnerable. 32-bit builds (ARCH=x86_32) (necessarily of Xen 4.2 or earlier), are not affected. Xen versions 3.1 or later are vulnerable. ARM systems are not vulnerable. Only 32-bit PV guests can exploit the vulnerability. MITIGATION ========== Systems which only need to run 32-bit guests and are running Xen 4.2 or earlier can avoid the vulnerability by using a 32-bit build of Xen instead of a 64-bit build. (The dom0 operating system would have to be 32-bit too.) If the boot process and kernel for the guest can be controlled, forcing it to use a 64-bit kernel will avoid the vulnerability. CREDITS ======= This issue was discovered by Andrew Cooper of Citrix. RESOLUTION ========== Applying the attached patch resolves this issue. $ sha256sum xsa136*.patch b54a71cf41d333345a9b8fd5f3f1aa644000a24e20343b54e5a41cd51d14af04 xsa136.patch $ DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJVeX73AAoJEIP+FMlX6CvZwMsIAIkHonCdvStKAJZ6WpWFaAeo dgEBdQ0tHCkuEu3PNBNy0YPklBdATwQNOjt+XZj6qDJv0HvBykZNoam0E9UCqH85 BYS0ASvjxUQrd61PrTWGmdh9XKMj2FJRGmpumr4XnNzcOalwOLuwUmfIauEIQaMy 0yxrgcoWk2C3oWIO54m/vObwdttNlbGInrBK1bDyrOtAX0UrHByLU7dPCe0TlE5l IIa7QH/FcKLp7+RhxIEOQGBvuMSnw2bcXSqCIwleGo1RpnzcA/N1P+8FNs9rWmm/ toGYLeaQus8h9fEe51zGKOTQrf+WWuKhSjwkxSFr/HEH6xHEl+oCYvwlyB5CviM= =yJg0 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa136.patch" Content-Disposition: attachment; filename="xsa136.patch" Content-Transfer-Encoding: base64 RnJvbTogQW5kcmV3IENvb3BlciA8YW5kcmV3LmNvb3BlcjNAY2l0cml4LmNv bT4KU3ViamVjdDogeDg2L3RyYXBzOiBsb29wIGluIHRoZSBjb3JyZWN0IGRp cmVjdGlvbiBpbiBjb21wYXRfaXJldCgpCgpUaGlzIGlzIFhTQS0xMzYuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpSZXZpZXdlZC1ieTogSmFuIEJldWxpY2ggPGpiZXVsaWNo QHN1c2UuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L3g4Nl82NC9jb21wYXQv dHJhcHMuYworKysgYi94ZW4vYXJjaC94ODYveDg2XzY0L2NvbXBhdC90cmFw cy5jCkBAIC0xMTksNyArMTE5LDcgQEAgdW5zaWduZWQgaW50IGNvbXBhdF9p cmV0KHZvaWQpCiAgICAgICAgIH0KICAgICAgICAgZWxzZSBpZiAoIGtzcCA+ IHJlZ3MtPl9lc3AgKQogICAgICAgICB7Ci0gICAgICAgICAgICBmb3IgKGkg PSA5OyBpID4gMDsgKytpKQorICAgICAgICAgICAgZm9yICggaSA9IDk7IGkg PiAwOyAtLWkgKQogICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIHJj IHw9IF9fZ2V0X3VzZXIoeCwgKHUzMiAqKXJlZ3MtPnJzcCArIGkpOwogICAg ICAgICAgICAgICAgIHJjIHw9IF9fcHV0X3VzZXIoeCwgKHUzMiAqKSh1bnNp Z25lZCBsb25nKWtzcCArIGkpOwo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Jun 23 11:30:48 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Jun 2015 11:30:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z7MOX-0007OE-Rj; Tue, 23 Jun 2015 11:29:37 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z7MNQ-0007Iy-B1 for xen-announce@lists.xenproject.org; Tue, 23 Jun 2015 11:28:28 +0000 Received: from [85.158.139.211] by server-12.bemta-5.messagelabs.com id B8/E4-25925-BD249855; Tue, 23 Jun 2015 11:28:27 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-8.tower-206.messagelabs.com!1435058906!16212345!1 X-Originating-IP: [74.125.82.51] X-SpamReason: No, hits=0.1 required=7.0 tests=HTML_50_60,HTML_MESSAGE X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29910 invoked from network); 23 Jun 2015 11:28:26 -0000 Received: from mail-wg0-f51.google.com (HELO mail-wg0-f51.google.com) (74.125.82.51) by server-8.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 23 Jun 2015 11:28:26 -0000 Received: by wgqq4 with SMTP id q4so6871391wgq.1 for ; Tue, 23 Jun 2015 04:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:references:to:message-id :mime-version; bh=RuYHznC3ULbdAGqSn5Y+IufMNU6WtujFYCq/6Tixdzw=; b=Lt4at02bwuOSVPTS0SOi9eKMdfSnZY/28QAZsGNJ2hdaPrHgUf11MNbnCzkgE8wkLn AFC6orf/jP4gN4meCvOabvuhESk3FYyf26iOWVPZ1qLjoE2zjUtFu9LhbuMkisijCd3W bp+HGhjrYoSKLfsYTceU+DiSBA3dBf3dp7la6qDLUGd54JvyeTa596NNZ0JItfj9lvwR UEc9zfNz/FUSTuhQ/3NYptJU36C/N8WcLmFQUXEsiH4M93FrbueehJkcQBjqyKWnOljg YdVZt7ZgvSeMWv0NaPt0uqfcwoVuZZWchy0zDge89wv2lFUv4oUpsJarx/9UxaBXhOi6 CZ4A== X-Received: by 10.194.61.212 with SMTP id s20mr58892360wjr.18.1435058906202; Tue, 23 Jun 2015 04:28:26 -0700 (PDT) Received: from [192.168.0.12] (97e3cdda.skybroadband.com. [151.227.205.218]) by mx.google.com with ESMTPSA id r9sm35232964wjo.26.2015.06.23.04.28.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 23 Jun 2015 04:28:25 -0700 (PDT) From: Lars Kurth Date: Tue, 23 Jun 2015 12:28:26 +0100 References: <558947BA02000078000880CB@mail.emea.novell.com> To: xen-announce@lists.xenproject.org Message-Id: Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) X-Mailer: Apple Mail (2.2098) X-Mailman-Approved-At: Tue, 23 Jun 2015 11:29:35 +0000 Subject: [Xen-announce] Xen 4.5.1 released X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============8022769196436594483==" Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --===============8022769196436594483== Content-Type: multipart/alternative; boundary="Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551" --Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Forwarded from xen-devel via Jan Beulich: All, I am pleased to announce the release of Xen 4.5.1. This is available immediately from its git repository = http://xenbits.xen.org/gitweb/?p=3Dxen.git;a=3Dshortlog;h=3Drefs/heads/sta= ble-4.5 = =20 (tag RELEASE-4.5.1) or from the XenProject download page = http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-451.htm= l = =20 (where a list of changes can also be found). We recommend all users of the 4.5 stable series to update to this first point release. Regards, Jan --Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Forwarded from xen-devel via Jan Beulich:

All,

I am = pleased to announce the release of Xen 4.5.1. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=3Dxen.git;a=3Dshortlog;h=3Dref= s/heads/stable-4.5 
(tag RELEASE-4.5.1) or from = the XenProject download page
http://www.xenproject.org/downloads/xen-archives/xen-45-series/= xen-451.html 
(where a list of changes can also = be found).

We recommend all users of the = 4.5 stable series to update to this
first point = release.

Regards,
Jan

= --Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551-- --===============8022769196436594483== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --===============8022769196436594483==-- From xen-announce-bounces@lists.xen.org Tue Jun 23 11:30:48 2015 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Jun 2015 11:30:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z7MOX-0007OE-Rj; Tue, 23 Jun 2015 11:29:37 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Z7MNQ-0007Iy-B1 for xen-announce@lists.xenproject.org; Tue, 23 Jun 2015 11:28:28 +0000 Received: from [85.158.139.211] by server-12.bemta-5.messagelabs.com id B8/E4-25925-BD249855; Tue, 23 Jun 2015 11:28:27 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-8.tower-206.messagelabs.com!1435058906!16212345!1 X-Originating-IP: [74.125.82.51] X-SpamReason: No, hits=0.1 required=7.0 tests=HTML_50_60,HTML_MESSAGE X-StarScan-Received: X-StarScan-Version: 6.13.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29910 invoked from network); 23 Jun 2015 11:28:26 -0000 Received: from mail-wg0-f51.google.com (HELO mail-wg0-f51.google.com) (74.125.82.51) by server-8.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 23 Jun 2015 11:28:26 -0000 Received: by wgqq4 with SMTP id q4so6871391wgq.1 for ; Tue, 23 Jun 2015 04:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:references:to:message-id :mime-version; bh=RuYHznC3ULbdAGqSn5Y+IufMNU6WtujFYCq/6Tixdzw=; b=Lt4at02bwuOSVPTS0SOi9eKMdfSnZY/28QAZsGNJ2hdaPrHgUf11MNbnCzkgE8wkLn AFC6orf/jP4gN4meCvOabvuhESk3FYyf26iOWVPZ1qLjoE2zjUtFu9LhbuMkisijCd3W bp+HGhjrYoSKLfsYTceU+DiSBA3dBf3dp7la6qDLUGd54JvyeTa596NNZ0JItfj9lvwR UEc9zfNz/FUSTuhQ/3NYptJU36C/N8WcLmFQUXEsiH4M93FrbueehJkcQBjqyKWnOljg YdVZt7ZgvSeMWv0NaPt0uqfcwoVuZZWchy0zDge89wv2lFUv4oUpsJarx/9UxaBXhOi6 CZ4A== X-Received: by 10.194.61.212 with SMTP id s20mr58892360wjr.18.1435058906202; Tue, 23 Jun 2015 04:28:26 -0700 (PDT) Received: from [192.168.0.12] (97e3cdda.skybroadband.com. [151.227.205.218]) by mx.google.com with ESMTPSA id r9sm35232964wjo.26.2015.06.23.04.28.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 23 Jun 2015 04:28:25 -0700 (PDT) From: Lars Kurth Date: Tue, 23 Jun 2015 12:28:26 +0100 References: <558947BA02000078000880CB@mail.emea.novell.com> To: xen-announce@lists.xenproject.org Message-Id: Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) X-Mailer: Apple Mail (2.2098) X-Mailman-Approved-At: Tue, 23 Jun 2015 11:29:35 +0000 Subject: [Xen-announce] Xen 4.5.1 released X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============8022769196436594483==" Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --===============8022769196436594483== Content-Type: multipart/alternative; boundary="Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551" --Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Forwarded from xen-devel via Jan Beulich: All, I am pleased to announce the release of Xen 4.5.1. This is available immediately from its git repository = http://xenbits.xen.org/gitweb/?p=3Dxen.git;a=3Dshortlog;h=3Drefs/heads/sta= ble-4.5 = =20 (tag RELEASE-4.5.1) or from the XenProject download page = http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-451.htm= l = =20 (where a list of changes can also be found). We recommend all users of the 4.5 stable series to update to this first point release. Regards, Jan --Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Forwarded from xen-devel via Jan Beulich:

All,

I am = pleased to announce the release of Xen 4.5.1. This is
available immediately from its git repository
http://xenbits.xen.org/gitweb/?p=3Dxen.git;a=3Dshortlog;h=3Dref= s/heads/stable-4.5 
(tag RELEASE-4.5.1) or from = the XenProject download page
http://www.xenproject.org/downloads/xen-archives/xen-45-series/= xen-451.html 
(where a list of changes can also = be found).

We recommend all users of the = 4.5 stable series to update to this
first point = release.

Regards,
Jan

= --Apple-Mail=_9C2C6211-4F67-45AF-AAEF-4961B0642551-- --===============8022769196436594483== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --===============8022769196436594483==--