Dev news

Commit 0272eab4d2 for qemu.org

commit 0272eab4d2422ea514d7e0e1b92d9fce5748995c
Merge: a73ffa38a9 75893c058b
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date:   Mon Jun 29 17:40:28 2026 +0200

    Merge tag 'pull-9p-20260629' of https://github.com/cschoenebeck/qemu into staging

    9pfs changes:

    - Fix DoS via Treaddir (CVE-2026-9238).

    - Add xattr FID limit (CVE-2026-8348).

    - Fix union V9fsFidOpenState type confusion.

    # -----BEGIN PGP SIGNATURE-----
    #
    # iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAmpCcvMXHHFlbXVfb3Nz
    # QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5UEIQ//c6rNZ+7zFFdhJHiqC5dzpppp
    # qob6B11/JPZ1T9+UL2Gp29JK6hCvg5ho3WJBE+xrz3z5MnD4L3w0Xmc+JNEBmmHn
    # F3jcivOBJYqWRpWfJiM1ils88sMlb4wydWOBOCw6RuHrONaiW0of4o00Nqgv9CGg
    # LNuUCrf5PHfu19+rpDxrVmaQrG/FYfyBuTuRF3QJPcqMwTmZ3JB0kEM9L6HONPLl
    # xaHHuBB1soRP8ymHXaSTn7h4JuN6JfZ5RfF49JCKaYX+Ye2QRy85eTEOMkXdrBjr
    # z6Bdzg2rqUnRDezr8RpUyHnnfYnMOuUTrhteTuE3rdt3LoIVdK3imR0OkNqmryJb
    # RlffeoQDOhJng0YGfOgAm7BADIq9QKjeMresVUWziHuZOYS7X0TJX5U/oQYNQS02
    # p1rOGVMUhs4bAsWQ3PoaXZyn99PH27Lv24mBqk9Lu5Q3fva58b2ox0O+K3QgIQku
    # fTAy2HWBNPXtLDXNVnd0ISylkovTAqCW0aOCiLbhuqKAFirRFpkazhkA1vfMwOfo
    # xbrHET8k8bpub+hbcHucu3pHULGRacB8WEq/t2TyjNdEPPERvxIHT24UPdiAHhAm
    # ncgm+zKqiqhPgm17KpymCjKnwt1Rh1S/QW07ncW3PSV/nJhmDj7zN7iZFLWCx+tY
    # XQsGbhXRrMDtTVY2oTE=
    # =Jj/P
    # -----END PGP SIGNATURE-----
    # gpg: Signature made Mon 29 Jun 2026 15:28:19 CEST
    # gpg:                using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
    # gpg:                issuer "qemu_oss@crudebyte.com"
    # gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
    # gpg: Note: This key has expired!
    # Primary key fingerprint: ECAB 1A45 4014 1413 BA38  4926 30DB 47C3 A012 D5F4
    #      Subkey fingerprint: 96D8 D110 CF7A F808 4F88  5901 34C2 B587 65A4 7395

    * tag 'pull-9p-20260629' of https://github.com/cschoenebeck/qemu: (23 commits)
      hw/9pfs/local: harden local_fid_fd() on FID types
      hw/9pfs: fix invalid union access by v9fs_co_fstat()
      hw/9pfs: fix invalid union access by v9fs_co_fsync()
      tests/9p: add 3 xattr FID limit test cases (local fs driver)
      tests/9p: add 3 xattr FID limit test cases (synth fs driver)
      tests/9p: add virtio_9p_add_synth_driver_args() test client function
      tests/9p: increase P9_MAX_SIZE for test client
      hw/9pfs: add xattr count query interface to fs synth driver
      hw/9pfs: enable xattr (mockup) support for synth fs driver
      tests/9p: add Txattrcreate / Rxattrcreate test client functions
      tests/9p: add Tclunk / Rclunk test client functions
      tests/9p: add Tread / Rread test client functions
      qemu-options: document 9pfs max_xattr option
      hw/9pfs: add max_xattr option
      hw/9pfs: add xattr FID limit to prevent memory exhaustion
      hw/9pfs: cap Treaddir allocation (CVE-2026-9238)
      9pfs/xen: implement response_buffer_size callback
      9pfs/virtio: implement response_buffer_size callback
      hw/9pfs: add response_buffer_size transport callback
      hw/9pfs: cap negotiated msize to transport limit
      ...

    Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>