Fix heap overflow in ip_reass on big packet input

When the first fragment does not fit in the preallocated buffer, q will
already be pointing to the ext buffer, so we mustn't try to update it.

Fixes CVE-2019-14378

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

vhost & sysfw: Mark BIOS regions as "vhost_ignore"

Without this change vhost will try to use the memory regions created by
pc_system_rom_init() which have a page size that does not match the
system memory (they differ as the latter is backed by an fd which
determines the page size.)

The vhost code normally rejects BIOS regions as they are marked R/O
however we cannot do that with the virt platform as we lack a PAM to
have the regions remapped to R/W for some firmwares (i.e. Seabios) to
use whilst booting.

Instead workaround this issue by adding a member to the region to
indicate that vhost should ignore this region.

Fixes: #233

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

virt: Increase DIMM alignment to support huge pages

The DIMM needs to be aligned to the size of the pages that are being
used by the VMM. Increase it to 2 MiB so that it can be used with
huge pages.

Fixes: kata-containers/runtime#1698

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

virtiofsd: use memcpy() for non-NUL terminated strings

strncpy(dst, src, strlen(src)) does not NUL-terminate.  This is a common
source of bugs so gcc 9 warns about it.

Use memcpy(3) to make the code clearer and silence compiler warnings.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

build: Change releasing mechanism

A draft release will be created now from any tag including uploading any
binary artifacts. This release can then be "undrafted" to expose it to
the public.

This allows making releases with any names from any branch.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

build: Generate and upload virtiofsd binary

Because the virtio-fs userspace daemon called virtiofsd is part of
the contrib code in NEMU, we have to also build this binary so that
it can be uploaded and made accessible through our releases.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

virtio-pci: Correctly expose vector count for virtio-rng-pci

The vector count should be  1 + the number of virtqueues which is one
for virtio-rng. The other PCI devices correctly define this property and
default value. This will then enable the use of MSI-X which prevents the
kernel from falling back to legacy interrupts which we do not support.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

hw: virt: Add basic ACPI timer support

For the reduced ACPI platform implement the basic ACPI PM_TMR support.
Implement only the basic counter and not the optional interupt
triggering when the counter's carry changes value.

This is useful for implementing basic timekeeping in early firmware.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

sysfw: Bump BIOS region size

The default seabios image is greater than 128KiB so ensure that the
mapping can handle it.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>