Commit 0272eab4d2 for qemu.org
commit 0272eab4d2422ea514d7e0e1b92d9fce5748995c
Merge: a73ffa38a9 75893c058b
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: Mon Jun 29 17:40:28 2026 +0200
Merge tag 'pull-9p-20260629' of https://github.com/cschoenebeck/qemu into staging
9pfs changes:
- Fix DoS via Treaddir (CVE-2026-9238).
- Add xattr FID limit (CVE-2026-8348).
- Fix union V9fsFidOpenState type confusion.
# -----BEGIN PGP SIGNATURE-----
#
# iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAmpCcvMXHHFlbXVfb3Nz
# QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5UEIQ//c6rNZ+7zFFdhJHiqC5dzpppp
# qob6B11/JPZ1T9+UL2Gp29JK6hCvg5ho3WJBE+xrz3z5MnD4L3w0Xmc+JNEBmmHn
# F3jcivOBJYqWRpWfJiM1ils88sMlb4wydWOBOCw6RuHrONaiW0of4o00Nqgv9CGg
# LNuUCrf5PHfu19+rpDxrVmaQrG/FYfyBuTuRF3QJPcqMwTmZ3JB0kEM9L6HONPLl
# xaHHuBB1soRP8ymHXaSTn7h4JuN6JfZ5RfF49JCKaYX+Ye2QRy85eTEOMkXdrBjr
# z6Bdzg2rqUnRDezr8RpUyHnnfYnMOuUTrhteTuE3rdt3LoIVdK3imR0OkNqmryJb
# RlffeoQDOhJng0YGfOgAm7BADIq9QKjeMresVUWziHuZOYS7X0TJX5U/oQYNQS02
# p1rOGVMUhs4bAsWQ3PoaXZyn99PH27Lv24mBqk9Lu5Q3fva58b2ox0O+K3QgIQku
# fTAy2HWBNPXtLDXNVnd0ISylkovTAqCW0aOCiLbhuqKAFirRFpkazhkA1vfMwOfo
# xbrHET8k8bpub+hbcHucu3pHULGRacB8WEq/t2TyjNdEPPERvxIHT24UPdiAHhAm
# ncgm+zKqiqhPgm17KpymCjKnwt1Rh1S/QW07ncW3PSV/nJhmDj7zN7iZFLWCx+tY
# XQsGbhXRrMDtTVY2oTE=
# =Jj/P
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 29 Jun 2026 15:28:19 CEST
# gpg: using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg: issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: Note: This key has expired!
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4
# Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395
* tag 'pull-9p-20260629' of https://github.com/cschoenebeck/qemu: (23 commits)
hw/9pfs/local: harden local_fid_fd() on FID types
hw/9pfs: fix invalid union access by v9fs_co_fstat()
hw/9pfs: fix invalid union access by v9fs_co_fsync()
tests/9p: add 3 xattr FID limit test cases (local fs driver)
tests/9p: add 3 xattr FID limit test cases (synth fs driver)
tests/9p: add virtio_9p_add_synth_driver_args() test client function
tests/9p: increase P9_MAX_SIZE for test client
hw/9pfs: add xattr count query interface to fs synth driver
hw/9pfs: enable xattr (mockup) support for synth fs driver
tests/9p: add Txattrcreate / Rxattrcreate test client functions
tests/9p: add Tclunk / Rclunk test client functions
tests/9p: add Tread / Rread test client functions
qemu-options: document 9pfs max_xattr option
hw/9pfs: add max_xattr option
hw/9pfs: add xattr FID limit to prevent memory exhaustion
hw/9pfs: cap Treaddir allocation (CVE-2026-9238)
9pfs/xen: implement response_buffer_size callback
9pfs/virtio: implement response_buffer_size callback
hw/9pfs: add response_buffer_size transport callback
hw/9pfs: cap negotiated msize to transport limit
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>