diff options
Diffstat (limited to 'meta/recipes-devtools/qemu')
63 files changed, 989 insertions, 3536 deletions
diff --git a/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb b/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb index ca1ad964dc..90bba84b03 100644 --- a/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb +++ b/meta/recipes-devtools/qemu/nativesdk-qemu-helper_1.0.bb @@ -1,13 +1,11 @@ SUMMARY = "Qemu helper scripts" -LICENSE = "GPLv2" -RDEPENDS_${PN} = "nativesdk-qemu \ +LICENSE = "GPL-2.0-only" +RDEPENDS:${PN} = "nativesdk-qemu nativesdk-unfs3 nativesdk-pseudo \ nativesdk-python3-shell nativesdk-python3-fcntl nativesdk-python3-logging \ " -PR = "r9" -LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5d4e0b4c28f999 \ - file://${COREBASE}/scripts/runqemu;beginline=5;endline=10;md5=ac2b489a58739c7628a2604698db5e7f" +LIC_FILES_CHKSUM = "file://${COREBASE}/scripts/runqemu;beginline=5;endline=10;md5=ac2b489a58739c7628a2604698db5e7f" SRC_URI = "file://${COREBASE}/scripts/runqemu \ @@ -18,20 +16,19 @@ SRC_URI = "file://${COREBASE}/scripts/runqemu \ file://${COREBASE}/scripts/oe-find-native-sysroot \ file://${COREBASE}/scripts/runqemu-extract-sdk \ file://${COREBASE}/scripts/runqemu-export-rootfs \ - file://tunctl.c \ " -S = "${WORKDIR}" +S = "${WORKDIR}/sources" +UNPACKDIR = "${S}" inherit nativesdk do_compile() { - ${CC} tunctl.c -o tunctl + : } do_install() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}${COREBASE}/scripts/oe-* ${D}${bindir}/ - install -m 0755 ${WORKDIR}${COREBASE}/scripts/runqemu* ${D}${bindir}/ - install tunctl ${D}${bindir}/ + install -m 0755 ${S}${COREBASE}/scripts/oe-* ${D}${bindir}/ + install -m 0755 ${S}${COREBASE}/scripts/runqemu* ${D}${bindir}/ } diff --git a/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb index 2fc07669dd..28a3b95c4e 100644 --- a/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb +++ b/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb @@ -1,29 +1,24 @@ SUMMARY = "Helper utilities needed by the runqemu script" -LICENSE = "GPLv2" -RDEPENDS_${PN} = "qemu-system-native" -PR = "r1" +LICENSE = "GPL-2.0-only" +RDEPENDS:${PN} = "qemu-system-native" -LIC_FILES_CHKSUM = "file://${WORKDIR}/tunctl.c;endline=4;md5=ff3a09996bc5fff6bc5d4e0b4c28f999" +LIC_FILES_CHKSUM = "file://${S}/qemu-oe-bridge-helper.c;endline=4;md5=ae00a3bab86f2caaa8462eacda77f4d7" -SRC_URI = "\ - file://tunctl.c \ - file://qemu-oe-bridge-helper \ - " +SRC_URI = "file://qemu-oe-bridge-helper.c" -S = "${WORKDIR}" +S = "${WORKDIR}/sources" +UNPACKDIR = "${S}" inherit native do_compile() { - ${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl + ${CC} ${CFLAGS} ${LDFLAGS} -Wall qemu-oe-bridge-helper.c -o qemu-oe-bridge-helper } do_install() { install -d ${D}${bindir} - install tunctl ${D}${bindir}/ - - install -m 755 ${WORKDIR}/qemu-oe-bridge-helper ${D}${bindir}/ + install qemu-oe-bridge-helper ${D}${bindir}/ } -DEPENDS += "qemu-system-native" +DEPENDS += "qemu-system-native unfs3-native pseudo-native" addtask addto_recipe_sysroot after do_populate_sysroot before do_build diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper deleted file mode 100755 index f057d4eef0..0000000000 --- a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/sh -# Copyright 2020 Garmin Ltd. or its subsidiaries -# -# SPDX-License-Identifier: GPL-2.0 -# -# Attempts to find and exec the host qemu-bridge-helper program - -# If the QEMU_BRIDGE_HELPER variable is set by the user, exec it. -if [ -n "$QEMU_BRIDGE_HELPER" ]; then - exec "$QEMU_BRIDGE_HELPER" "$@" -fi - -# Search common paths for the helper program -BN="qemu-bridge-helper" -PATHS="/usr/libexec/ /usr/lib/qemu/" - -for p in $PATHS; do - if [ -e "$p/$BN" ]; then - exec "$p/$BN" "$@" - fi -done - -echo "$BN not found!" > /dev/stderr -exit 1 - diff --git a/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c new file mode 100644 index 0000000000..c34aa00567 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-helper/qemu-oe-bridge-helper.c @@ -0,0 +1,40 @@ +/* + * Copyright 2022 Garmin Ltd. or its subsidiaries + * + * SPDX-License-Identifier: GPL-2.0 + * + * Attempts to find and exec the host qemu-bridge-helper program + */ + +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <stdlib.h> + +void try_program(char const* path, char** args) { + if (access(path, X_OK) == 0) { + execv(path, args); + } +} + +int main(int argc, char** argv) { + char* var; + + var = getenv("QEMU_BRIDGE_HELPER"); + if (var && var[0] != '\0') { + execvp(var, argv); + return 1; + } + + if (argc == 2 && strcmp(argv[1], "--help") == 0) { + fprintf(stderr, "Helper function to find and exec qemu-bridge-helper. Set QEMU_BRIDGE_HELPER to override default search path\n"); + return 0; + } + + try_program("/usr/libexec/qemu-bridge-helper", argv); + try_program("/usr/lib/qemu/qemu-bridge-helper", argv); + + fprintf(stderr, "No bridge helper found\n"); + return 1; +} + diff --git a/meta/recipes-devtools/qemu/qemu-helper/tunctl.c b/meta/recipes-devtools/qemu/qemu-helper/tunctl.c deleted file mode 100644 index d745dd06cb..0000000000 --- a/meta/recipes-devtools/qemu/qemu-helper/tunctl.c +++ /dev/null @@ -1,158 +0,0 @@ -/* Copyright 2002 Jeff Dike - * Licensed under the GPL - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <fcntl.h> -#include <unistd.h> -#include <pwd.h> -#include <grp.h> -#include <net/if.h> -#include <sys/ioctl.h> -#include <linux/if_tun.h> - -/* TUNSETGROUP appeared in 2.6.23 */ -#ifndef TUNSETGROUP -#define TUNSETGROUP _IOW('T', 206, int) -#endif - -static void Usage(char *name, int status) -{ - fprintf(stderr, "Create: %s [-b] [-u owner] [-g group] [-t device-name] " - "[-f tun-clone-device]\n", name); - fprintf(stderr, "Delete: %s -d device-name [-f tun-clone-device]\n\n", - name); - fprintf(stderr, "The default tun clone device is /dev/net/tun - some systems" - " use\n/dev/misc/net/tun instead\n\n"); - fprintf(stderr, "-b will result in brief output (just the device name)\n"); - exit(status); -} - -int main(int argc, char **argv) -{ - struct ifreq ifr; - struct passwd *pw; - struct group *gr; - uid_t owner = -1; - gid_t group = -1; - int tap_fd, opt, delete = 0, brief = 0; - char *tun = "", *file = "/dev/net/tun", *name = argv[0], *end; - - while((opt = getopt(argc, argv, "bd:f:t:u:g:h")) > 0){ - switch(opt) { - case 'b': - brief = 1; - break; - case 'd': - delete = 1; - tun = optarg; - break; - case 'f': - file = optarg; - break; - case 'u': - pw = getpwnam(optarg); - if(pw != NULL){ - owner = pw->pw_uid; - break; - } - owner = strtol(optarg, &end, 0); - if(*end != '\0'){ - fprintf(stderr, "'%s' is neither a username nor a numeric uid.\n", - optarg); - Usage(name, 1); - } - break; - case 'g': - gr = getgrnam(optarg); - if(gr != NULL){ - group = gr->gr_gid; - break; - } - group = strtol(optarg, &end, 0); - if(*end != '\0'){ - fprintf(stderr, "'%s' is neither a groupname nor a numeric group.\n", - optarg); - Usage(name, 1); - } - break; - - case 't': - tun = optarg; - break; - case 'h': - Usage(name, 0); - break; - default: - Usage(name, 1); - } - } - - argv += optind; - argc -= optind; - - if(argc > 0) - Usage(name, 1); - - if((tap_fd = open(file, O_RDWR)) < 0){ - fprintf(stderr, "Failed to open '%s' : ", file); - perror(""); - exit(1); - } - - memset(&ifr, 0, sizeof(ifr)); - - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; - strncpy(ifr.ifr_name, tun, sizeof(ifr.ifr_name) - 1); - if(ioctl(tap_fd, TUNSETIFF, (void *) &ifr) < 0){ - perror("TUNSETIFF"); - exit(1); - } - - if(delete){ - if(ioctl(tap_fd, TUNSETPERSIST, 0) < 0){ - perror("disabling TUNSETPERSIST"); - exit(1); - } - printf("Set '%s' nonpersistent\n", ifr.ifr_name); - } - else { - /* emulate behaviour prior to TUNSETGROUP */ - if(owner == -1 && group == -1) { - owner = geteuid(); - } - - if(owner != -1) { - if(ioctl(tap_fd, TUNSETOWNER, owner) < 0){ - perror("TUNSETOWNER"); - exit(1); - } - } - if(group != -1) { - if(ioctl(tap_fd, TUNSETGROUP, group) < 0){ - perror("TUNSETGROUP"); - exit(1); - } - } - - if(ioctl(tap_fd, TUNSETPERSIST, 1) < 0){ - perror("enabling TUNSETPERSIST"); - exit(1); - } - - if(brief) - printf("%s\n", ifr.ifr_name); - else { - printf("Set '%s' persistent and owned by", ifr.ifr_name); - if(owner != -1) - printf(" uid %d", owner); - if(group != -1) - printf(" gid %d", group); - printf("\n"); - } - } - return(0); -} diff --git a/meta/recipes-devtools/qemu/qemu-native.inc b/meta/recipes-devtools/qemu/qemu-native.inc index 54e49d8bc6..891dc5e2a1 100644 --- a/meta/recipes-devtools/qemu/qemu-native.inc +++ b/meta/recipes-devtools/qemu/qemu-native.inc @@ -1,11 +1,7 @@ require qemu.inc -inherit native +inherit_defer native -EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'" +EXTRA_OEMAKE:append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'" -LDFLAGS_append = " -fuse-ld=bfd" - -do_install_append() { - ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)} -} +LDFLAGS:append = " -fuse-ld=bfd" diff --git a/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb b/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb deleted file mode 100644 index c8acff8e19..0000000000 --- a/meta/recipes-devtools/qemu/qemu-native_5.2.0.bb +++ /dev/null @@ -1,9 +0,0 @@ -BPN = "qemu" - -DEPENDS = "glib-2.0-native zlib-native" - -require qemu-native.inc - -EXTRA_OECONF_append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-blobs --disable-guest-agent" - -PACKAGECONFIG ??= "" diff --git a/meta/recipes-devtools/qemu/qemu-native_9.0.0.bb b/meta/recipes-devtools/qemu/qemu-native_9.0.0.bb new file mode 100644 index 0000000000..a77953529b --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-native_9.0.0.bb @@ -0,0 +1,9 @@ +BPN = "qemu" + +DEPENDS += "glib-2.0-native zlib-native" + +require qemu-native.inc + +EXTRA_OECONF:append = " --target-list=${@get_qemu_usermode_target_list(d)} --disable-tools --disable-install-blobs --disable-guest-agent" + +PACKAGECONFIG ??= "pie" diff --git a/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb b/meta/recipes-devtools/qemu/qemu-system-native_9.0.0.bb index 390dadea48..5d2fbcbc02 100644 --- a/meta/recipes-devtools/qemu/qemu-system-native_5.2.0.bb +++ b/meta/recipes-devtools/qemu/qemu-system-native_9.0.0.bb @@ -1,31 +1,31 @@ BPN = "qemu" -inherit python3-dir - require qemu-native.inc # As some of the files installed by qemu-native and qemu-system-native # are the same, we depend on qemu-native to get the full installation set # and avoid file clashes -DEPENDS = "glib-2.0-native zlib-native pixman-native qemu-native bison-native" +DEPENDS += "glib-2.0-native zlib-native pixman-native qemu-native" -EXTRA_OECONF_append = " --target-list=${@get_qemu_system_target_list(d)}" +EXTRA_OECONF:append = " --target-list=${@get_qemu_system_target_list(d)}" -PACKAGECONFIG ??= "fdt alsa kvm \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \ +PACKAGECONFIG ??= "fdt alsa kvm pie slirp png \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ " # Handle distros such as CentOS 5 32-bit that do not have kvm support -PACKAGECONFIG_remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" +PACKAGECONFIG:remove = "${@'kvm' if not os.path.exists('/usr/include/linux/kvm.h') else ''}" -do_install_append() { - install -Dm 0755 ${WORKDIR}/powerpc_rom.bin ${D}${datadir}/qemu +do_install:append() { + install -Dm 0755 ${UNPACKDIR}/powerpc_rom.bin ${D}${datadir}/qemu # The following is also installed by qemu-native rm -f ${D}${datadir}/qemu/trace-events-all rm -rf ${D}${datadir}/qemu/keymaps rm -rf ${D}${datadir}/icons/ + rm -rf ${D}${includedir}/qemu-plugin.h # Install qmp.py to be used with testimage - install -D ${S}/python/qemu/qmp.py ${D}${PYTHON_SITEPACKAGES_DIR}/qmp.py + install -d ${D}${libdir}/qemu-python/qmp/ + install -D ${S}/python/qemu/qmp/* ${D}${libdir}/qemu-python/qmp/ } diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 384b0c19b0..fb38fb44de 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -4,12 +4,16 @@ machine's processor through dynamic binary translation and provides a set \ of different hardware and device models for the machine, enabling it to run \ a variety of guest operating systems" HOMEPAGE = "http://qemu.org" -LICENSE = "GPLv2 & LGPLv2.1" +LICENSE = "GPL-2.0-only & LGPL-2.1-only" -RDEPENDS_${PN}-ptest = "bash" +DEPENDS += "bison-native meson-native ninja-native" + +RDEPENDS:${PN}-ptest = "bash" require qemu-targets.inc -inherit pkgconfig ptest +# https://gitlab.com/qemu-project/qemu/-/commit/81e2b198a8cb4ee5fdf108bd438f44b193ee3a36 means +# we need a full python3-native setup +inherit pkgconfig ptest update-rc.d systemd python3native LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f" @@ -17,62 +21,41 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://powerpc_rom.bin \ file://run-ptest \ - file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \ - file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ - file://0004-qemu-disable-Valgrind.patch \ - file://0006-chardev-connect-socket-to-a-spawned-command.patch \ - file://0007-apic-fixup-fallthrough-to-PIC.patch \ - file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ - file://0001-Add-enable-disable-udev.patch \ - file://0001-qemu-Do-not-include-file-if-not-exists.patch \ - file://mingwfix.patch \ - file://mmap.patch \ - file://mmap2.patch \ - file://determinism.patch \ - file://0001-tests-meson.build-use-relative-path-to-refer-to-file.patch \ - file://CVE-2021-20203.patch \ - file://CVE-2020-35517_1.patch \ - file://CVE-2020-35517_2.patch \ - file://CVE-2020-35517_3.patch \ - file://CVE-2021-20181.patch \ - file://CVE-2020-29443.patch \ - file://CVE-2021-20221.patch \ - file://CVE-2021-3409_1.patch \ - file://CVE-2021-3409_2.patch \ - file://CVE-2021-3409_3.patch \ - file://CVE-2021-3409_4.patch \ - file://CVE-2021-3409_5.patch \ - file://CVE-2021-3409_6.patch \ - file://CVE-2021-3416_1.patch \ - file://CVE-2021-3416_2.patch \ - file://CVE-2021-3416_3.patch \ - file://CVE-2021-3416_4.patch \ - file://CVE-2021-3416_5.patch \ - file://CVE-2021-3416_6.patch \ - file://CVE-2021-3416_7.patch \ - file://CVE-2021-3416_8.patch \ - file://CVE-2021-3416_9.patch \ - file://CVE-2021-3416_10.patch \ - file://CVE-2021-20257.patch \ - file://CVE-2020-27821.patch \ - file://CVE-2021-20263.patch \ - file://CVE-2021-3392.patch \ + file://0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ + file://0002-apic-fixup-fallthrough-to-PIC.patch \ + file://0003-configure-Add-pkg-config-handling-for-libgcrypt.patch \ + file://0004-qemu-Do-not-include-file-if-not-exists.patch \ + file://0005-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch \ + file://0006-qemu-Determinism-fixes.patch \ + file://0007-tests-meson.build-use-relative-path-to-refer-to-file.patch \ + file://0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch \ + file://0009-linux-user-Replace-use-of-lfs64-related-functions-an.patch \ + file://0010-configure-lookup-meson-exutable-from-PATH.patch \ + file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \ + file://qemu-guest-agent.init \ + file://qemu-guest-agent.udev \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI[sha256sum] = "cb18d889b628fbe637672b0326789d9b0e3b8027e0445b936537c78549df17bc" +SRC_URI[sha256sum] = "32708ac66c30d8c892633ea968c771c1c76d597d70ddead21a0d22ccf386da69" + +CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default." + +# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 +CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability." -SRC_URI_append_class-target = " file://cross.patch" -SRC_URI_append_class-nativesdk = " file://cross.patch" +# As per https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +CVE_STATUS[CVE-2023-2680] = "not-applicable-platform: RHEL specific issue." -COMPATIBLE_HOST_mipsarchn32 = "null" -COMPATIBLE_HOST_mipsarchn64 = "null" +COMPATIBLE_HOST:mipsarchn32 = "null" +COMPATIBLE_HOST:mipsarchn64 = "null" +COMPATIBLE_HOST:riscv32 = "null" # Per https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg03873.html # upstream states qemu doesn't work without optimization DEBUG_BUILD = "0" -do_install_append() { +do_install:append() { # Prevent QA warnings about installed ${localstatedir}/run if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi } @@ -82,16 +65,26 @@ do_install_ptest() { find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcodp]" | xargs -i rm -rf {} # Don't check the file genreated by configure - sed -i -e 's,${HOSTTOOLS_DIR}/python3,${bindir}/python3,' \ - ${D}/${PTEST_PATH}/tests/qemu-iotests/common.env sed -i -e "1s,#!/usr/bin/bash,#!${base_bindir}/bash," ${D}${PTEST_PATH}/tests/data/acpi/disassemle-aml.sh # Strip the paths from the QEMU variable, we can use PATH - sed -i -e "s#^QEMU=.*/qemu-#QEMU=qemu-#g" ${D}${PTEST_PATH}/tests/tcg/*.mak + makfiles=$(find ${D}${PTEST_PATH} -name "*.mak") + sed -i -e "s#^QEMU=.*/qemu-#QEMU=qemu-#g" $makfiles + + # Strip compiler flags as they break reproducibility + sed -i -e "s,^CC=.*,CC=gcc," \ + -e "s,^CCAS=.*,CCAS=gcc," \ + -e "s,^LD=.*,LD=ld," $makfiles + + # Update SRC_PATH variable to the right place on target + sed -i -e "s#^SRC_PATH=.*#SRC_PATH=${PTEST_PATH}#g" $makfiles + + # https://gitlab.com/qemu-project/qemu/-/issues/1403 + rm ${D}${PTEST_PATH}/tests/unit/test-io-channel-command } # QEMU_TARGETS is overridable variable -QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc ppc64 ppc64le riscv32 riscv64 sh4 x86_64" +QEMU_TARGETS ?= "arm aarch64 i386 loongarch64 mips mipsel mips64 mips64el ppc ppc64 ppc64le riscv32 riscv64 sh4 x86_64" EXTRA_OECONF = " \ --prefix=${prefix} \ @@ -109,19 +102,21 @@ EXTRA_OECONF = " \ --disable-werror \ --extra-cflags='${CFLAGS}' \ --extra-ldflags='${LDFLAGS}' \ - --with-git=/bin/false \ - --disable-git-update \ - --meson=meson \ + --disable-download \ + --disable-docs \ + --host-cc='${BUILD_CC}' \ + --disable-af-xdp \ ${PACKAGECONFIG_CONFARGS} \ " -export LIBTOOL="${HOST_SYS}-libtool" +EXTRA_OECONF:append:class-target = " --cross-prefix=${HOST_PREFIX}" +EXTRA_OECONF:append:class-nativesdk = " --cross-prefix=${HOST_PREFIX}" B = "${WORKDIR}/build" -#EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" +#EXTRA_OECONF:append = " --python=${HOSTTOOLS_DIR}/python3" -do_configure_prepend_class-native() { +do_configure:prepend:class-native() { # Append build host pkg-config paths for native target since the host may provide sdl BHOST_PKGCONFIG_PATH=$(PATH=/usr/bin:/bin pkg-config --variable pc_path pkg-config || echo "") if [ ! -z "$BHOST_PKGCONFIG_PATH" ]; then @@ -130,6 +125,7 @@ do_configure_prepend_class-native() { } do_configure() { + export PKG_CONFIG=pkg-config ${S}/configure ${EXTRA_OECONF} } do_configure[cleandirs] += "${B}" @@ -137,6 +133,26 @@ do_configure[cleandirs] += "${B}" do_install () { export STRIP="" oe_runmake 'DESTDIR=${D}' install + + # If we built the guest agent, also install startup/udev rules + if [ -e "${D}${bindir}/qemu-ga" ]; then + install -d ${D}${sysconfdir}/init.d/ + install -m 0755 ${UNPACKDIR}/qemu-guest-agent.init ${D}${sysconfdir}/init.d/qemu-guest-agent + sed -i 's:@bindir@:${bindir}:' ${D}${sysconfdir}/init.d/qemu-guest-agent + + install -d ${D}${sysconfdir}/udev/rules.d/ + install -m 0644 ${UNPACKDIR}/qemu-guest-agent.udev ${D}${sysconfdir}/udev/rules.d/60-qemu-guest-agent.rules + + install -d ${D}${systemd_unitdir}/system/ + install -m 0644 ${S}/contrib/systemd/qemu-guest-agent.service ${D}${systemd_unitdir}/system + sed -i -e 's,-/usr/bin/,-${bindir}/,g' ${D}${systemd_unitdir}/system/qemu-guest-agent.service + fi + # ELF binary /usr/share/qemu/s390-netboot.img has relocations in .text + rm ${D}${datadir}/qemu/s390-netboot.img -f + # ELF binary /usr/share/qemu/s390-ccw.img has relocations in .text [textrel] + rm ${D}${datadir}/qemu/s390-ccw.img -f + # We don't support PARISC and these cause strip and SDK relocation errors + rm ${D}${datadir}/qemu/hppa* -f } # The following fragment will create a wrapper for qemu-mips user emulation @@ -145,7 +161,7 @@ do_install () { # This will trigger a MMU access fault in the virtual CPU. With this change, # the qemu-mips works fine. # IMPORTANT: This piece needs to be removed once the root cause is fixed! -do_install_append() { +do_install:append() { if [ -e "${D}/${bindir}/qemu-mips" ]; then create_wrapper ${D}/${bindir}/qemu-mips \ QEMU_RESERVED_VA=0x0 @@ -153,29 +169,18 @@ do_install_append() { } # END of qemu-mips workaround -make_qemu_wrapper() { - gdk_pixbuf_module_file=`pkg-config --variable=gdk_pixbuf_cache_file gdk-pixbuf-2.0` - - for tool in `ls ${D}${bindir}/qemu-system-*`; do - create_wrapper $tool \ - GDK_PIXBUF_MODULE_FILE=$gdk_pixbuf_module_file \ - FONTCONFIG_PATH=/etc/fonts \ - GTK_THEME=Adwaita - done -} - # Disable kvm/virgl/mesa on targets that do not support it -PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+" -PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+" +PACKAGECONFIG:remove:darwin = "kvm virglrenderer epoxy gtk+" +PACKAGECONFIG:remove:mingw32 = "kvm virglrenderer epoxy gtk+ pie" PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" +PACKAGECONFIG[png] = "--enable-png,--disable-png,libpng" PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," -PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs," +PACKAGECONFIG[uring] = "--enable-linux-io-uring,--disable-linux-io-uring,liburing" PACKAGECONFIG[xen] = "--enable-xen,--disable-xen,xen-tools,xen-tools-libxenstore xen-tools-libxenctrl xen-tools-libxenguest" PACKAGECONFIG[vnc-sasl] = "--enable-vnc --enable-vnc-sasl,--disable-vnc-sasl,cyrus-sasl," PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpeg," -PACKAGECONFIG[vnc-png] = "--enable-vnc --enable-vnc-png,--disable-vnc-png,libpng," PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl," PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss," PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses," @@ -187,9 +192,10 @@ PACKAGECONFIG[gcrypt] = "--enable-gcrypt,--disable-gcrypt,libgcrypt," PACKAGECONFIG[nettle] = "--enable-nettle,--disable-nettle,nettle" PACKAGECONFIG[libusb] = "--enable-libusb,--disable-libusb,libusb1" PACKAGECONFIG[fdt] = "--enable-fdt,--disable-fdt,dtc" -PACKAGECONFIG[alsa] = "--audio-drv-list='oss alsa',,alsa-lib" -PACKAGECONFIG[glx] = "--enable-opengl,--disable-opengl,virtual/libgl" +PACKAGECONFIG[alsa] = "--audio-drv-list=default,,alsa-lib" +PACKAGECONFIG[epoxy] = "--enable-opengl,--disable-opengl,libepoxy" PACKAGECONFIG[lzo] = "--enable-lzo,--disable-lzo,lzo" +PACKAGECONFIG[dax] = "--enable-libdaxctl,--disable-libdaxctl,ndctl" PACKAGECONFIG[numa] = "--enable-numa,--disable-numa,numactl" PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls" PACKAGECONFIG[bzip2] = "--enable-bzip2,--disable-bzip2,bzip2" @@ -199,19 +205,77 @@ PACKAGECONFIG[virglrenderer] = "--enable-virglrenderer,--disable-virglrenderer,v # spice will be in meta-networking layer PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice" # usbredir will be in meta-networking layer +PACKAGECONFIG[dbus-display] = "--enable-dbus-display,--disable-dbus-display,glib-2.0-native,dbus" PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir" PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy" PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs,glusterfs" PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" -PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" -PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" +PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,udev" PACKAGECONFIG[attr] = "--enable-attr,--disable-attr,attr," PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd,ceph,ceph" PACKAGECONFIG[vhost] = "--enable-vhost-net,--disable-vhost-net,," -PACKAGECONFIG[ust] = "--enable-trace-backend=ust,--enable-trace-backend=nop,lttng-ust," +PACKAGECONFIG[ust] = "--enable-trace-backends=ust,,lttng-ust," PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,," PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" +# libnfs is currently provided by meta-kodi +PACKAGECONFIG[libnfs] = "--enable-libnfs,--disable-libnfs,libnfs" +PACKAGECONFIG[pmem] = "--enable-libpmem,--disable-libpmem,pmdk" +PACKAGECONFIG[pulseaudio] = "--enable-pa,--disable-pa,pulseaudio" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" +PACKAGECONFIG[bpf] = "--enable-bpf,--disable-bpf,libbpf" +PACKAGECONFIG[capstone] = "--enable-capstone,--disable-capstone" +PACKAGECONFIG[rdma] = "--enable-rdma,--disable-rdma" +PACKAGECONFIG[vde] = "--enable-vde,--disable-vde" +PACKAGECONFIG[fuse] = "--enable-fuse --enable-fuse-lseek,--disable-fuse --disable-fuse-lseek,fuse3" +PACKAGECONFIG[slirp] = "--enable-slirp,--disable-slirp,libslirp" +PACKAGECONFIG[brlapi] = "--enable-brlapi,--disable-brlapi" +PACKAGECONFIG[jack] = "--enable-jack,--disable-jack,jack," +PACKAGECONFIG[debuginfo] = "--enable-libdw,--disable-libdw,elfutils" +PACKAGECONFIG[pipewire] = "--enable-pipewire,--disable-pipewire,pipewire" +PACKAGECONFIG[sndio] = "--enable-sndio,--disable-sndio,sndio" + +INSANE_SKIP:${PN}-common = "arch" + +FILES:${PN} += "${datadir}/icons" + +# For user who want to install all arch packages +PACKAGES =+ "${PN}-common" +RDEPENDS:${PN} += "${PN}-common" + +ALLOW_EMPTY:${PN} = "1" +FILES:${PN} = "" + +FILES:${PN}-common = "${bindir}/* ${includedir}/* ${libexecdir}/* ${datadir}/* ${localstatedir}" + +PACKAGES_DYNAMIC += "^${PN}-user-.* ^${PN}-system-.*" + +PACKAGESPLITFUNCS =+ "split_qemu_packages" + +python split_qemu_packages () { + archdir = d.expand('${bindir}/') + subpackages = do_split_packages(d, archdir, r'^qemu-system-(.*)$', '${PN}-system-%s', 'QEMU full system emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common') + + subpackages += do_split_packages(d, archdir, r'^qemu-((?!system|edid|ga|img|io|nbd|pr-helper|storage-daemon).*)$', '${PN}-user-%s', 'QEMU full user emulation binaries(%s)' , prepend=True, extra_depends='${PN}-common') + if subpackages: + d.appendVar('RDEPENDS:' + d.getVar('PN'), ' ' + ' '.join(subpackages)) + mipspackage = d.getVar('PN') + "-user-mips" + if mipspackage in ' '.join(subpackages): + d.appendVar('RDEPENDS:' + mipspackage, ' ' + d.getVar("MLPREFIX") + 'bash') +} + +# Put the guest agent in a separate package +PACKAGES =+ "${PN}-guest-agent" +SUMMARY:${PN}-guest-agent = "QEMU guest agent" +FILES:${PN}-guest-agent += " \ + ${bindir}/qemu-ga \ + ${sysconfdir}/udev/rules.d/60-qemu-guest-agent.rules \ + ${sysconfdir}/init.d/qemu-guest-agent \ + ${systemd_unitdir}/system/qemu-guest-agent.service \ +" -INSANE_SKIP_${PN} = "arch" +INITSCRIPT_PACKAGES = "${PN}-guest-agent" +INITSCRIPT_NAME:${PN}-guest-agent = "qemu-guest-agent" +INITSCRIPT_PARAMS:${PN}-guest-agent = "defaults" -FILES_${PN} += "${datadir}/icons" +SYSTEMD_PACKAGES = "${PN}-guest-agent" +SYSTEMD_SERVICE:${PN}-guest-agent = "qemu-guest-agent.service" diff --git a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch deleted file mode 100644 index c99adee8a9..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b921e5204030845dc7c9d16d5f66d965e8d05367 Mon Sep 17 00:00:00 2001 -From: Jeremy Puhlman <jpuhlman@mvista.com> -Date: Thu, 19 Mar 2020 11:54:26 -0700 -Subject: [PATCH] Add enable/disable libudev - -Upstream-Status: Pending -Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - configure | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: qemu-5.2.0/configure -=================================================================== ---- qemu-5.2.0.orig/configure -+++ qemu-5.2.0/configure -@@ -1525,6 +1525,10 @@ for opt do - ;; - --disable-libdaxctl) libdaxctl=no - ;; -+ --enable-libudev) libudev="yes" -+ ;; -+ --disable-libudev) libudev="no" -+ ;; - *) - echo "ERROR: unknown option $opt" - echo "Try '$0 --help' for more information" diff --git a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch index fd54f96b03..2333cc8432 100644 --- a/meta/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch +++ b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-addition-environment-space-to-boot-loader-q.patch @@ -1,7 +1,7 @@ -From ce1eceab2350d27960ec254650717085f6a11c9a Mon Sep 17 00:00:00 2001 +From e9baf07a667a1c04b57e14776cc4fa387448c908 Mon Sep 17 00:00:00 2001 From: Jason Wessel <jason.wessel@windriver.com> Date: Fri, 28 Mar 2014 17:42:43 +0800 -Subject: [PATCH] qemu: Add addition environment space to boot loader +Subject: [PATCH 01/11] qemu: Add addition environment space to boot loader qemu-system-mips Upstream-Status: Inappropriate - OE uses deep paths @@ -13,21 +13,23 @@ to only 256 bytes. This patch expands the limit. Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> - --- hw/mips/malta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-5.2.0/hw/mips/malta.c -=================================================================== ---- qemu-5.2.0.orig/hw/mips/malta.c -+++ qemu-5.2.0/hw/mips/malta.c -@@ -62,7 +62,7 @@ - - #define ENVP_ADDR 0x80002000l +diff --git a/hw/mips/malta.c b/hw/mips/malta.c +index af74008c82..a588b9ad4e 100644 +--- a/hw/mips/malta.c ++++ b/hw/mips/malta.c +@@ -63,7 +63,7 @@ + #define ENVP_PADDR 0x2000 + #define ENVP_VADDR cpu_mips_phys_to_kseg0(NULL, ENVP_PADDR) #define ENVP_NB_ENTRIES 16 -#define ENVP_ENTRY_SIZE 256 +#define ENVP_ENTRY_SIZE 1024 /* Hardware addresses */ #define FLASH_ADDRESS 0x1e000000ULL +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch deleted file mode 100644 index 8ce12bdb43..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 883feb43129dc39b491e492c7ccfe89aefe53c44 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Thu, 27 Nov 2014 14:04:29 +0000 -Subject: [PATCH] qemu: Add missing wacom HID descriptor - -The USB wacom device is missing a HID descriptor which causes it -to fail to operate with recent kernels (e.g. 3.17). - -This patch adds a HID desriptor to the device, based upon one from -real wcom device. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - -Upstream-Status: Submitted -2014/11/27 - -[update patch context] -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 93 insertions(+), 1 deletion(-) - -Index: qemu-5.2.0/hw/usb/dev-wacom.c -=================================================================== ---- qemu-5.2.0.orig/hw/usb/dev-wacom.c -+++ qemu-5.2.0/hw/usb/dev-wacom.c -@@ -69,6 +69,89 @@ static const USBDescStrings desc_strings - [STR_SERIALNUMBER] = "1", - }; - -+static const uint8_t qemu_tablet_hid_report_descriptor[] = { -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x02, /* Usage (Mouse) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x01, /* Report ID (1) */ -+ 0x09, 0x01, /* Usage (Pointer) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x05, 0x09, /* Usage Page (Button) */ -+ 0x19, 0x01, /* Usage Minimum (1) */ -+ 0x29, 0x05, /* Usage Maximum (5) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x25, 0x01, /* Logical Maximum (1) */ -+ 0x95, 0x05, /* Report Count (5) */ -+ 0x75, 0x01, /* Report Size (1) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0x75, 0x03, /* Report Size (3) */ -+ 0x81, 0x01, /* Input (Constant) */ -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x30, /* Usage (X) */ -+ 0x09, 0x31, /* Usage (Y) */ -+ 0x15, 0x81, /* Logical Minimum (-127) */ -+ 0x25, 0x7f, /* Logical Maximum (127) */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x02, /* Report Count (2) */ -+ 0x81, 0x06, /* Input (Data, Variable, Relative) */ -+ 0xc0, /* End Collection */ -+ 0xc0, /* End Collection */ -+ 0x05, 0x0d, /* Usage Page (Digitizer) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum (255) */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x08, /* Report Count (8) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0xc0, /* End Collection */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0xb1, 0x02, /* FEATURE (2) */ -+ 0xc0, /* End Collection */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0xa1, 0x01, /* Collection (Application) */ -+ 0x85, 0x02, /* Report ID (2) */ -+ 0x05, 0x0d, /* Usage Page (Digitizer) */ -+ 0x09, 0x22, /* Usage (Finger) */ -+ 0xa1, 0x00, /* Collection (Physical) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x15, 0x00, /* Logical Minimum (0) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x02, /* Report Count (2) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x05, 0x01, /* Usage Page (Generic Desktop) */ -+ 0x09, 0x30, /* Usage (X) */ -+ 0x35, 0x00, /* Physical Minimum */ -+ 0x46, 0xe0, 0x2e, /* Physical Maximum */ -+ 0x26, 0xe0, 0x01, /* Logical Maximum */ -+ 0x75, 0x10, /* Report Size (16) */ -+ 0x95, 0x01, /* Report Count (1) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x09, 0x31, /* Usage (Y) */ -+ 0x46, 0x40, 0x1f, /* Physical Maximum */ -+ 0x26, 0x40, 0x01, /* Logical Maximum */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ -+ 0x09, 0x01, /* Usage (Digitizer) */ -+ 0x26, 0xff, 0x00, /* Logical Maximum */ -+ 0x75, 0x08, /* Report Size (8) */ -+ 0x95, 0x0d, /* Report Count (13) */ -+ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ -+ 0xc0, /* End Collection */ -+ 0xc0, /* End Collection */ -+}; -+ -+ - static const USBDescIface desc_iface_wacom = { - .bInterfaceNumber = 0, - .bNumEndpoints = 1, -@@ -86,7 +169,7 @@ static const USBDescIface desc_iface_wac - 0x00, /* u8 country_code */ - 0x01, /* u8 num_descriptors */ - USB_DT_REPORT, /* u8 type: Report */ -- 0x6e, 0, /* u16 len */ -+ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ - }, - }, - }, -@@ -266,6 +349,15 @@ static void usb_wacom_handle_control(USB - } - - switch (request) { -+ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: -+ switch (value >> 8) { -+ case 0x22: -+ memcpy(data, qemu_tablet_hid_report_descriptor, -+ sizeof(qemu_tablet_hid_report_descriptor)); -+ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor); -+ break; -+ } -+ break; - case WACOM_SET_REPORT: - if (s->mouse_grabbed) { - qemu_remove_mouse_event_handler(s->eh_entry); diff --git a/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch b/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch deleted file mode 100644 index 5cb5757c37..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0001-tests-meson.build-use-relative-path-to-refer-to-file.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a4bdc0416134477e4eae386db04b1de7491163bb Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Thu, 14 Jan 2021 06:33:04 +0000 -Subject: [PATCH] tests/meson.build: use relative path to refer to files - -Fix error like: -Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long - -when build path is too long, use meson.source_root() will make this -filename too long. Fixed by using relative path to refer to files - -Upstream-Status: Submitted [send to qemu-devel] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - tests/meson.build | 2 +- - 1 files changed, 1 insertions(+), 1 deletion(-) - -diff --git a/tests/meson.build b/tests/meson.build -index afeb6be..54684b5 100644 ---- a/tests/meson.build -+++ b/tests/meson.build -@@ -113,7 +113,7 @@ tests = { - 'test-keyval': [testqapi], - 'test-logging': [], - 'test-uuid': [], -- 'ptimer-test': ['ptimer-test-stubs.c', meson.source_root() / 'hw/core/ptimer.c'], -+ 'ptimer-test': ['ptimer-test-stubs.c', '../hw/core/ptimer.c'], - 'test-qapi-util': [], - } - --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/0002-apic-fixup-fallthrough-to-PIC.patch index 294cf5129f..5f8fe4faa3 100644 --- a/meta/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch +++ b/meta/recipes-devtools/qemu/qemu/0002-apic-fixup-fallthrough-to-PIC.patch @@ -1,7 +1,7 @@ -From a59a98d100123030a4145e7efe3b8a001920a9f1 Mon Sep 17 00:00:00 2001 +From 23bf534e463bf4c1ba2e1356eaf17be0b23b192e Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Tue, 26 Feb 2013 11:43:28 -0500 -Subject: [PATCH] apic: fixup fallthrough to PIC +Subject: [PATCH 02/11] apic: fixup fallthrough to PIC Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC interrupts through the local APIC if the local APIC config says so.] @@ -24,16 +24,15 @@ serviced, is -1. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html] Signed-off-by: He Zhe <zhe.he@windriver.com> - --- hw/intc/apic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: qemu-5.2.0/hw/intc/apic.c -=================================================================== ---- qemu-5.2.0.orig/hw/intc/apic.c -+++ qemu-5.2.0/hw/intc/apic.c -@@ -605,7 +605,7 @@ int apic_accept_pic_intr(DeviceState *de +diff --git a/hw/intc/apic.c b/hw/intc/apic.c +index 4186c57b34..43cd805a96 100644 +--- a/hw/intc/apic.c ++++ b/hw/intc/apic.c +@@ -759,7 +759,7 @@ int apic_accept_pic_intr(DeviceState *dev) APICCommonState *s = APIC(dev); uint32_t lvt0; @@ -42,3 +41,6 @@ Index: qemu-5.2.0/hw/intc/apic.c return -1; lvt0 = s->lvt[APIC_LVT_LINT0]; +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0003-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0003-configure-Add-pkg-config-handling-for-libgcrypt.patch new file mode 100644 index 0000000000..30e269f8f4 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0003-configure-Add-pkg-config-handling-for-libgcrypt.patch @@ -0,0 +1,31 @@ +From e4f6c6b9f43b28271bc9dc6cbcafad53f80387e0 Mon Sep 17 00:00:00 2001 +From: He Zhe <zhe.he@windriver.com> +Date: Wed, 28 Aug 2019 19:56:28 +0800 +Subject: [PATCH 03/11] configure: Add pkg-config handling for libgcrypt + +libgcrypt may also be controlled by pkg-config, this patch adds pkg-config +handling for libgcrypt. + +Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 91a0aa64c6..e8373d55b8 100644 +--- a/meson.build ++++ b/meson.build +@@ -1655,7 +1655,7 @@ endif + if not gnutls_crypto.found() + if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled() + gcrypt = dependency('libgcrypt', version: '>=1.8', +- method: 'config-tool', ++ method: 'pkg-config', + required: get_option('gcrypt')) + # Debian has removed -lgpg-error from libgcrypt-config + # as it "spreads unnecessary dependencies" which in +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-Do-not-include-file-if-not-exists.patch index 3fe9aa6eb5..d9cab428c4 100644 --- a/meta/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch +++ b/meta/recipes-devtools/qemu/qemu/0004-qemu-Do-not-include-file-if-not-exists.patch @@ -1,7 +1,7 @@ -From 34247f83095f8cdcdc1f9d7f0c6ffbd46b25d979 Mon Sep 17 00:00:00 2001 +From 5223d46a8d5302396f9fc7cc5d830769e87242fe Mon Sep 17 00:00:00 2001 From: Oleksiy Obitotskyy <oobitots@cisco.com> Date: Wed, 25 Mar 2020 21:21:35 +0200 -Subject: [PATCH] qemu: Do not include file if not exists +Subject: [PATCH 04/11] qemu: Do not include file if not exists Script configure checks for if_alg.h and check failed but if_alg.h still included. @@ -15,11 +15,11 @@ Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) -Index: qemu-5.2.0/linux-user/syscall.c -=================================================================== ---- qemu-5.2.0.orig/linux-user/syscall.c -+++ qemu-5.2.0/linux-user/syscall.c -@@ -109,7 +109,9 @@ +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 3df2b94d9a..18f09f1f07 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -116,7 +116,9 @@ #include <linux/blkpg.h> #include <netpacket/packet.h> #include <linux/netlink.h> @@ -28,4 +28,7 @@ Index: qemu-5.2.0/linux-user/syscall.c +#endif #include <linux/rtc.h> #include <sound/asound.h> - #ifdef CONFIG_BTRFS + #ifdef HAVE_BTRFS_H +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch deleted file mode 100644 index a0bd1c5ebc..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001 -From: Ross Burton <ross.burton@intel.com> -Date: Tue, 20 Oct 2015 22:19:08 +0100 -Subject: [PATCH] qemu: disable Valgrind - -There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds. - -Upstream-Status: Inappropriate -Signed-off-by: Ross Burton <ross.burton@intel.com> - ---- - configure | 9 --------- - 1 file changed, 9 deletions(-) - -Index: qemu-5.2.0/configure -=================================================================== ---- qemu-5.2.0.orig/configure -+++ qemu-5.2.0/configure -@@ -5001,15 +5001,6 @@ fi - # check if we have valgrind/valgrind.h - - valgrind_h=no --cat > $TMPC << EOF --#include <valgrind/valgrind.h> --int main(void) { -- return 0; --} --EOF --if compile_prog "" "" ; then -- valgrind_h=yes --fi - - ######################################## - # check if environ is declared diff --git a/meta/recipes-devtools/qemu/qemu/mmap2.patch b/meta/recipes-devtools/qemu/qemu/0005-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch index 1652131757..3c7f5776ff 100644 --- a/meta/recipes-devtools/qemu/qemu/mmap2.patch +++ b/meta/recipes-devtools/qemu/qemu/0005-qemu-Add-some-user-space-mmap-tweaks-to-address-musl.patch @@ -1,3 +1,9 @@ +From 1c295069857b9850f15f2cd6b33b133ea641a454 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Fri, 8 Jan 2021 17:27:06 +0000 +Subject: [PATCH 05/11] qemu: Add some user space mmap tweaks to address musl + 32 bit + When using qemu-i386 to build qemux86 webkitgtk on musl, it sits in an infinite loop of mremap calls of ever decreasing/increasing addresses. @@ -12,29 +18,34 @@ rather than ENOMEM so adjust the other part of the test to this. Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01355.html] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org +--- + linux-user/mmap.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) -Index: qemu-5.2.0/linux-user/mmap.c -=================================================================== ---- qemu-5.2.0.orig/linux-user/mmap.c -+++ qemu-5.2.0/linux-user/mmap.c -@@ -722,12 +722,14 @@ abi_long target_mremap(abi_ulong old_add +diff --git a/linux-user/mmap.c b/linux-user/mmap.c +index be3b9a68eb..481286f01d 100644 +--- a/linux-user/mmap.c ++++ b/linux-user/mmap.c +@@ -1060,12 +1060,16 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, int prot; void *host_addr; -- if (!guest_range_valid(old_addr, old_size) || +- if (!guest_range_valid_untagged(old_addr, old_size) || - ((flags & MREMAP_FIXED) && -- !guest_range_valid(new_addr, new_size)) || -- ((flags & MREMAP_MAYMOVE) == 0 && -- !guest_range_valid(old_addr, new_size))) { -- errno = ENOMEM; -+ if (!guest_range_valid(old_addr, old_size)) { ++ if (!guest_range_valid_untagged(old_addr, old_size)) { + errno = EFAULT; + return -1; + } -+ -+ if (((flags & MREMAP_FIXED) && !guest_range_valid(new_addr, new_size)) || -+ ((flags & MREMAP_MAYMOVE) == 0 && !guest_range_valid(old_addr, new_size))) { ++ ++ if (((flags & MREMAP_FIXED) && + !guest_range_valid_untagged(new_addr, new_size)) || + ((flags & MREMAP_MAYMOVE) == 0 && + !guest_range_valid_untagged(old_addr, new_size))) { +- errno = ENOMEM; + errno = EINVAL; return -1; } +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch deleted file mode 100644 index 201125c1f4..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch +++ /dev/null @@ -1,243 +0,0 @@ -From bcc63f775e265df69963a4ad7805b8678ace68f0 Mon Sep 17 00:00:00 2001 -From: Alistair Francis <alistair.francis@xilinx.com> -Date: Thu, 21 Dec 2017 11:35:16 -0800 -Subject: [PATCH] chardev: connect socket to a spawned command - -The command is started in a shell (sh -c) with stdin connect to QEMU -via a Unix domain stream socket. QEMU then exchanges data via its own -end of the socket, just like it normally does. - -"-chardev socket" supports some ways of connecting via protocols like -telnet, but that is only a subset of the functionality supported by -tools socat. To use socat instead, for example to connect via a socks -proxy, use: - - -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \ - -device usb-serial,chardev=socat - -Beware that commas in the command must be escaped as double commas. - -Or interactively in the console: - (qemu) chardev-add socket,id=cat,cmd=cat - (qemu) device_add usb-serial,chardev=cat - ^ac - # cat >/dev/ttyUSB0 - hello - hello - -Another usage is starting swtpm from inside QEMU. swtpm will -automatically shut down once it looses the connection to the parent -QEMU, so there is no risk of lingering processes: - - -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \ - -tpmdev emulator,id=tpm0,chardev=chrtpm0 \ - -device tpm-tis,tpmdev=tpm0 - -The patch was discussed upstream, but QEMU developers believe that the -code calling QEMU should be responsible for managing additional -processes. In OE-core, that would imply enhancing runqemu and -oeqa. This patch is a simpler solution. - -Because it is not going upstream, the patch was written so that it is -as simple as possible. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - ---- - chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++ - chardev/char.c | 3 ++ - qapi/char.json | 5 +++ - 3 files changed, 109 insertions(+) - -Index: qemu-5.2.0/chardev/char-socket.c -=================================================================== ---- qemu-5.2.0.orig/chardev/char-socket.c -+++ qemu-5.2.0/chardev/char-socket.c -@@ -1308,6 +1308,67 @@ static bool qmp_chardev_validate_socket( - return true; - } - -+#ifndef _WIN32 -+static void chardev_open_socket_cmd(Chardev *chr, -+ const char *cmd, -+ Error **errp) -+{ -+ int fds[2] = { -1, -1 }; -+ QIOChannelSocket *sioc = NULL; -+ pid_t pid = -1; -+ const char *argv[] = { "/bin/sh", "-c", cmd, NULL }; -+ -+ /* -+ * We need a Unix domain socket for commands like swtpm and a single -+ * connection, therefore we cannot use qio_channel_command_new_spawn() -+ * without patching it first. Duplicating the functionality is easier. -+ */ -+ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) { -+ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)"); -+ goto error; -+ } -+ -+ pid = qemu_fork(errp); -+ if (pid < 0) { -+ goto error; -+ } -+ -+ if (!pid) { -+ /* child */ -+ dup2(fds[1], STDIN_FILENO); -+ execv(argv[0], (char * const *)argv); -+ _exit(1); -+ } -+ -+ /* -+ * Hand over our end of the socket pair to the qio channel. -+ * -+ * We don't reap the child because it is expected to keep -+ * running. We also don't support the "reconnect" option for the -+ * same reason. -+ */ -+ sioc = qio_channel_socket_new_fd(fds[0], errp); -+ if (!sioc) { -+ goto error; -+ } -+ fds[0] = -1; -+ -+ g_free(chr->filename); -+ chr->filename = g_strdup_printf("cmd:%s", cmd); -+ tcp_chr_new_client(chr, sioc); -+ -+ error: -+ if (fds[0] >= 0) { -+ close(fds[0]); -+ } -+ if (fds[1] >= 0) { -+ close(fds[1]); -+ } -+ if (sioc) { -+ object_unref(OBJECT(sioc)); -+ } -+} -+#endif - - static void qmp_chardev_open_socket(Chardev *chr, - ChardevBackend *backend, -@@ -1316,6 +1377,9 @@ static void qmp_chardev_open_socket(Char - { - SocketChardev *s = SOCKET_CHARDEV(chr); - ChardevSocket *sock = backend->u.socket.data; -+#ifndef _WIN32 -+ const char *cmd = sock->cmd; -+#endif - bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; - bool is_listen = sock->has_server ? sock->server : true; - bool is_telnet = sock->has_telnet ? sock->telnet : false; -@@ -1381,6 +1445,14 @@ static void qmp_chardev_open_socket(Char - - update_disconnected_filename(s); - -+#ifndef _WIN32 -+ if (cmd) { -+ chardev_open_socket_cmd(chr, cmd, errp); -+ -+ /* everything ready (or failed permanently) before we return */ -+ *be_opened = true; -+ } else -+#endif - if (s->is_listen) { - if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, - is_waitconnect, errp) < 0) { -@@ -1400,6 +1472,9 @@ static void qemu_chr_parse_socket(QemuOp - const char *host = qemu_opt_get(opts, "host"); - const char *port = qemu_opt_get(opts, "port"); - const char *fd = qemu_opt_get(opts, "fd"); -+#ifndef _WIN32 -+ const char *cmd = qemu_opt_get(opts, "cmd"); -+#endif - #ifdef CONFIG_LINUX - bool tight = qemu_opt_get_bool(opts, "tight", true); - bool abstract = qemu_opt_get_bool(opts, "abstract", false); -@@ -1407,6 +1482,20 @@ static void qemu_chr_parse_socket(QemuOp - SocketAddressLegacy *addr; - ChardevSocket *sock; - -+#ifndef _WIN32 -+ if (cmd) { -+ /* -+ * Here we have to ensure that no options are set which are incompatible with -+ * spawning a command, otherwise unmodified code that doesn't know about -+ * command spawning (like socket_reconnect_timeout()) might get called. -+ */ -+ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) { -+ error_setg(errp, "chardev: socket: cmd does not support any additional options"); -+ return; -+ } -+ } else -+#endif -+ - if ((!!path + !!fd + !!host) != 1) { - error_setg(errp, - "Exactly one of 'path', 'fd' or 'host' required"); -@@ -1448,13 +1537,24 @@ static void qemu_chr_parse_socket(QemuOp - sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds")); - sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); - sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); -+#ifndef _WIN32 -+ sock->cmd = g_strdup(cmd); -+#endif - - addr = g_new0(SocketAddressLegacy, 1); -+#ifndef _WIN32 -+ if (path || cmd) { -+#else - if (path) { -+#endif - UnixSocketAddress *q_unix; - addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX; - q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1); -+#ifndef _WIN32 -+ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path); -+#else - q_unix->path = g_strdup(path); -+#endif - #ifdef CONFIG_LINUX - q_unix->has_tight = true; - q_unix->tight = tight; -Index: qemu-5.2.0/chardev/char.c -=================================================================== ---- qemu-5.2.0.orig/chardev/char.c -+++ qemu-5.2.0/chardev/char.c -@@ -839,6 +839,9 @@ QemuOptsList qemu_chardev_opts = { - .name = "path", - .type = QEMU_OPT_STRING, - },{ -+ .name = "cmd", -+ .type = QEMU_OPT_STRING, -+ },{ - .name = "host", - .type = QEMU_OPT_STRING, - },{ -Index: qemu-5.2.0/qapi/char.json -=================================================================== ---- qemu-5.2.0.orig/qapi/char.json -+++ qemu-5.2.0/qapi/char.json -@@ -250,6 +250,10 @@ - # - # @addr: socket address to listen on (server=true) - # or connect to (server=false) -+# @cmd: command to run via "sh -c" with stdin as one end of -+# a AF_UNIX SOCK_DSTREAM socket pair. The other end -+# is used by the chardev. Either an addr or a cmd can -+# be specified, but not both. - # @tls-creds: the ID of the TLS credentials object (since 2.6) - # @tls-authz: the ID of the QAuthZ authorization object against which - # the client's x509 distinguished name will be validated. This -@@ -276,6 +280,7 @@ - ## - { 'struct': 'ChardevSocket', - 'data': { 'addr': 'SocketAddressLegacy', -+ '*cmd': 'str', - '*tls-creds': 'str', - '*tls-authz' : 'str', - '*server': 'bool', diff --git a/meta/recipes-devtools/qemu/qemu/0006-qemu-Determinism-fixes.patch b/meta/recipes-devtools/qemu/qemu/0006-qemu-Determinism-fixes.patch new file mode 100644 index 0000000000..f07054f19a --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0006-qemu-Determinism-fixes.patch @@ -0,0 +1,33 @@ +From 9d32df80e33a7541658858497f45bed1e59e3621 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Mon, 1 Mar 2021 13:00:47 +0000 +Subject: [PATCH 06/11] qemu: Determinism fixes + +When sources are included within debug information, a couple of areas of the +qemu build are not reproducible due to either full buildpaths or timestamps. + +Replace the full paths with relative ones. I couldn't figure out how to get +meson to pass relative paths but we can fix that in the script. + +Upstream-Status: Pending [some version of all/part of this may be accepted] +RP 2021/3/1 +--- + scripts/decodetree.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/decodetree.py b/scripts/decodetree.py +index e8b72da3a9..5cd86b1428 100644 +--- a/scripts/decodetree.py ++++ b/scripts/decodetree.py +@@ -1558,7 +1558,7 @@ def main(): + toppat = ExcMultiPattern(0) + + for filename in args: +- input_file = filename ++ input_file = os.path.relpath(filename) + f = open(filename, 'rt', encoding='utf-8') + parse_file(f, toppat) + f.close() +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0007-tests-meson.build-use-relative-path-to-refer-to-file.patch b/meta/recipes-devtools/qemu/qemu/0007-tests-meson.build-use-relative-path-to-refer-to-file.patch new file mode 100644 index 0000000000..74de158b2e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0007-tests-meson.build-use-relative-path-to-refer-to-file.patch @@ -0,0 +1,43 @@ +From 77ebf67d0c96f51da91c8499200ebd13f4dcdd68 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 14 Jan 2021 06:33:04 +0000 +Subject: [PATCH 07/11] tests/meson.build: use relative path to refer to files + +Fix error like: +Fatal error: can't create tests/ptimer-test.p/..._qemu-5.2.0_hw_core_ptimer.c.o: File name too long + +when build path is too long, use meson.source_root() will make this +filename too long. Fixed by using relative path to refer to files + +Upstream-Status: Submitted [send to qemu-devel] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + tests/unit/meson.build | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/unit/meson.build b/tests/unit/meson.build +index 228a21d03c..272fb4c6ca 100644 +--- a/tests/unit/meson.build ++++ b/tests/unit/meson.build +@@ -47,7 +47,7 @@ tests = { + 'test-keyval': [testqapi], + 'test-logging': [], + 'test-uuid': [], +- 'ptimer-test': ['ptimer-test-stubs.c', meson.project_source_root() / 'hw/core/ptimer.c'], ++ 'ptimer-test': ['ptimer-test-stubs.c', '../../hw/core/ptimer.c'], + 'test-qapi-util': [], + 'test-interval-tree': [], + 'test-xs-node': [qom], +@@ -138,7 +138,7 @@ if have_system + 'test-util-sockets': ['socket-helpers.c'], + 'test-base64': [], + 'test-bufferiszero': [], +- 'test-smp-parse': [qom, meson.project_source_root() / 'hw/core/machine-smp.c'], ++ 'test-smp-parse': [qom, '../../hw/core/machine-smp.c'], + 'test-vmstate': [migration, io], + 'test-yank': ['socket-helpers.c', qom, io, chardev] + } +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch b/meta/recipes-devtools/qemu/qemu/0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch new file mode 100644 index 0000000000..2e28590e11 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0008-Define-MAP_SYNC-and-MAP_SHARED_VALIDATE-on-needed-li.patch @@ -0,0 +1,48 @@ +From 21b159a11bbcb1eeb26f12456e4c3fd62a06cbec Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 21 Mar 2022 10:09:38 -0700 +Subject: [PATCH 08/11] Define MAP_SYNC and MAP_SHARED_VALIDATE on needed linux + systems + +linux only wires MAP_SYNC and MAP_SHARED_VALIDATE for architectures +which include asm-generic/mman.h and mips/powerpc are not including this +file in linux/mman.h, therefore these should be defined for such +architectures on Linux as well. This fixes build on mips/musl/linux + +Upstream-Status: Submitted [https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg05298.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Zhang Yi <yi.z.zhang@linux.intel.com> +Cc: Michael S. Tsirkin <mst@redhat.com> +--- + util/mmap-alloc.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c +index ed14f9c64d..038f5b4b55 100644 +--- a/util/mmap-alloc.c ++++ b/util/mmap-alloc.c +@@ -10,14 +10,18 @@ + * later. See the COPYING file in the top-level directory. + */ + ++#include "qemu/osdep.h" + #ifdef CONFIG_LINUX + #include <linux/mman.h> +-#else /* !CONFIG_LINUX */ ++#endif /* CONFIG_LINUX */ ++ ++#ifndef MAP_SYNC + #define MAP_SYNC 0x0 ++#endif /* MAP_SYNC */ ++#ifndef MAP_SHARED_VALIDATE + #define MAP_SHARED_VALIDATE 0x0 +-#endif /* CONFIG_LINUX */ ++#endif /* MAP_SHARED_VALIDATE */ + +-#include "qemu/osdep.h" + #include "qemu/mmap-alloc.h" + #include "qemu/host-utils.h" + #include "qemu/cutils.h" +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0009-linux-user-Replace-use-of-lfs64-related-functions-an.patch b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Replace-use-of-lfs64-related-functions-an.patch new file mode 100644 index 0000000000..7577249d39 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0009-linux-user-Replace-use-of-lfs64-related-functions-an.patch @@ -0,0 +1,358 @@ +From 23de30079dbf47a8026faddd550a9e181d609c8f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sat, 17 Dec 2022 08:37:46 -0800 +Subject: [PATCH 09/11] linux-user: Replace use of lfs64 related functions and + macros + +Builds defines -D_FILE_OFFSET_BITS=64 which makes the original functions +anf macros behave same as their 64 suffixed counterparts. This also +helps in compiling with latest musl C library, where these macros and +functions are no more available under _GNU_SOURCE feature macro + +Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2022-12/msg02841.html] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Cc: Laurent Vivier <laurent@vivier.eu> +--- + linux-user/syscall.c | 153 +++++++++++-------------------------------- + 1 file changed, 39 insertions(+), 114 deletions(-) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 18f09f1f07..1b7c50a2a7 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -761,8 +761,8 @@ safe_syscall6(ssize_t, copy_file_range, int, infd, loff_t *, pinoff, + */ + #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__) + /* Similarly for fcntl. Note that callers must always: +- * pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK +- * use the flock64 struct rather than unsuffixed flock ++ * pass the F_GETLK etc constants rather than the unsuffixed F_GETLK ++ * use the flock struct rather than unsuffixed flock + * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts. + */ + #ifdef __NR_fcntl64 +@@ -6739,13 +6739,13 @@ static int target_to_host_fcntl_cmd(int cmd) + ret = cmd; + break; + case TARGET_F_GETLK: +- ret = F_GETLK64; ++ ret = F_GETLK; + break; + case TARGET_F_SETLK: +- ret = F_SETLK64; ++ ret = F_SETLK; + break; + case TARGET_F_SETLKW: +- ret = F_SETLKW64; ++ ret = F_SETLKW; + break; + case TARGET_F_GETOWN: + ret = F_GETOWN; +@@ -6759,17 +6759,6 @@ static int target_to_host_fcntl_cmd(int cmd) + case TARGET_F_SETSIG: + ret = F_SETSIG; + break; +-#if TARGET_ABI_BITS == 32 +- case TARGET_F_GETLK64: +- ret = F_GETLK64; +- break; +- case TARGET_F_SETLK64: +- ret = F_SETLK64; +- break; +- case TARGET_F_SETLKW64: +- ret = F_SETLKW64; +- break; +-#endif + case TARGET_F_SETLEASE: + ret = F_SETLEASE; + break; +@@ -6821,8 +6810,8 @@ static int target_to_host_fcntl_cmd(int cmd) + * them to 5, 6 and 7 before making the syscall(). Since we make the + * syscall directly, adjust to what is supported by the kernel. + */ +- if (ret >= F_GETLK64 && ret <= F_SETLKW64) { +- ret -= F_GETLK64 - 5; ++ if (ret >= F_GETLK && ret <= F_SETLKW) { ++ ret -= F_GETLK - 5; + } + #endif + +@@ -6855,55 +6844,11 @@ static int host_to_target_flock(int type) + return type; + } + +-static inline abi_long copy_from_user_flock(struct flock64 *fl, +- abi_ulong target_flock_addr) +-{ +- struct target_flock *target_fl; +- int l_type; +- +- if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { +- return -TARGET_EFAULT; +- } +- +- __get_user(l_type, &target_fl->l_type); +- l_type = target_to_host_flock(l_type); +- if (l_type < 0) { +- return l_type; +- } +- fl->l_type = l_type; +- __get_user(fl->l_whence, &target_fl->l_whence); +- __get_user(fl->l_start, &target_fl->l_start); +- __get_user(fl->l_len, &target_fl->l_len); +- __get_user(fl->l_pid, &target_fl->l_pid); +- unlock_user_struct(target_fl, target_flock_addr, 0); +- return 0; +-} +- +-static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr, +- const struct flock64 *fl) +-{ +- struct target_flock *target_fl; +- short l_type; +- +- if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { +- return -TARGET_EFAULT; +- } +- +- l_type = host_to_target_flock(fl->l_type); +- __put_user(l_type, &target_fl->l_type); +- __put_user(fl->l_whence, &target_fl->l_whence); +- __put_user(fl->l_start, &target_fl->l_start); +- __put_user(fl->l_len, &target_fl->l_len); +- __put_user(fl->l_pid, &target_fl->l_pid); +- unlock_user_struct(target_fl, target_flock_addr, 1); +- return 0; +-} +- +-typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr); +-typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl); ++typedef abi_long from_flock_fn(struct flock *fl, abi_ulong target_addr); ++typedef abi_long to_flock_fn(abi_ulong target_addr, const struct flock *fl); + + #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32 +-struct target_oabi_flock64 { ++struct target_oabi_flock { + abi_short l_type; + abi_short l_whence; + abi_llong l_start; +@@ -6911,10 +6856,10 @@ struct target_oabi_flock64 { + abi_int l_pid; + } QEMU_PACKED; + +-static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl, ++static inline abi_long copy_from_user_oabi_flock(struct flock *fl, + abi_ulong target_flock_addr) + { +- struct target_oabi_flock64 *target_fl; ++ struct target_oabi_flock *target_fl; + int l_type; + + if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { +@@ -6935,10 +6880,10 @@ static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl, + return 0; + } + +-static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr, +- const struct flock64 *fl) ++static inline abi_long copy_to_user_oabi_flock(abi_ulong target_flock_addr, ++ const struct flock *fl) + { +- struct target_oabi_flock64 *target_fl; ++ struct target_oabi_flock *target_fl; + short l_type; + + if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { +@@ -6956,10 +6901,10 @@ static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr, + } + #endif + +-static inline abi_long copy_from_user_flock64(struct flock64 *fl, ++static inline abi_long copy_from_user_flock(struct flock *fl, + abi_ulong target_flock_addr) + { +- struct target_flock64 *target_fl; ++ struct target_flock *target_fl; + int l_type; + + if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) { +@@ -6980,10 +6925,10 @@ static inline abi_long copy_from_user_flock64(struct flock64 *fl, + return 0; + } + +-static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr, +- const struct flock64 *fl) ++static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr, ++ const struct flock *fl) + { +- struct target_flock64 *target_fl; ++ struct target_flock *target_fl; + short l_type; + + if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) { +@@ -7002,7 +6947,7 @@ static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr, + + static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) + { +- struct flock64 fl64; ++ struct flock fl64; + #ifdef F_GETOWN_EX + struct f_owner_ex fox; + struct target_f_owner_ex *target_fox; +@@ -7015,6 +6960,7 @@ static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) + + switch(cmd) { + case TARGET_F_GETLK: ++ case TARGET_F_OFD_GETLK: + ret = copy_from_user_flock(&fl64, arg); + if (ret) { + return ret; +@@ -7024,32 +6970,11 @@ static abi_long do_fcntl(int fd, int cmd, abi_ulong arg) + ret = copy_to_user_flock(arg, &fl64); + } + break; +- + case TARGET_F_SETLK: + case TARGET_F_SETLKW: +- ret = copy_from_user_flock(&fl64, arg); +- if (ret) { +- return ret; +- } +- ret = get_errno(safe_fcntl(fd, host_cmd, &fl64)); +- break; +- +- case TARGET_F_GETLK64: +- case TARGET_F_OFD_GETLK: +- ret = copy_from_user_flock64(&fl64, arg); +- if (ret) { +- return ret; +- } +- ret = get_errno(safe_fcntl(fd, host_cmd, &fl64)); +- if (ret == 0) { +- ret = copy_to_user_flock64(arg, &fl64); +- } +- break; +- case TARGET_F_SETLK64: +- case TARGET_F_SETLKW64: + case TARGET_F_OFD_SETLK: + case TARGET_F_OFD_SETLKW: +- ret = copy_from_user_flock64(&fl64, arg); ++ ret = copy_from_user_flock(&fl64, arg); + if (ret) { + return ret; + } +@@ -7278,7 +7203,7 @@ static inline abi_long target_truncate64(CPUArchState *cpu_env, const char *arg1 + arg2 = arg3; + arg3 = arg4; + } +- return get_errno(truncate64(arg1, target_offset64(arg2, arg3))); ++ return get_errno(truncate(arg1, target_offset64(arg2, arg3))); + } + #endif + +@@ -7292,7 +7217,7 @@ static inline abi_long target_ftruncate64(CPUArchState *cpu_env, abi_long arg1, + arg2 = arg3; + arg3 = arg4; + } +- return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3))); ++ return get_errno(ftruncate(arg1, target_offset64(arg2, arg3))); + } + #endif + +@@ -8667,7 +8592,7 @@ static int do_getdents(abi_long dirfd, abi_long arg2, abi_long count) + void *tdirp; + int hlen, hoff, toff; + int hreclen, treclen; +- off64_t prev_diroff = 0; ++ off_t prev_diroff = 0; + + hdirp = g_try_malloc(count); + if (!hdirp) { +@@ -8720,7 +8645,7 @@ static int do_getdents(abi_long dirfd, abi_long arg2, abi_long count) + * Return what we have, resetting the file pointer to the + * location of the first record not returned. + */ +- lseek64(dirfd, prev_diroff, SEEK_SET); ++ lseek(dirfd, prev_diroff, SEEK_SET); + break; + } + +@@ -8754,7 +8679,7 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count) + void *tdirp; + int hlen, hoff, toff; + int hreclen, treclen; +- off64_t prev_diroff = 0; ++ off_t prev_diroff = 0; + + hdirp = g_try_malloc(count); + if (!hdirp) { +@@ -8796,7 +8721,7 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count) + * Return what we have, resetting the file pointer to the + * location of the first record not returned. + */ +- lseek64(dirfd, prev_diroff, SEEK_SET); ++ lseek(dirfd, prev_diroff, SEEK_SET); + break; + } + +@@ -11527,7 +11452,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, + return -TARGET_EFAULT; + } + } +- ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5))); ++ ret = get_errno(pread(arg1, p, arg3, target_offset64(arg4, arg5))); + unlock_user(p, arg2, ret); + return ret; + case TARGET_NR_pwrite64: +@@ -11544,7 +11469,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, + return -TARGET_EFAULT; + } + } +- ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5))); ++ ret = get_errno(pwrite(arg1, p, arg3, target_offset64(arg4, arg5))); + unlock_user(p, arg2, 0); + return ret; + #endif +@@ -12404,14 +12329,14 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, + case TARGET_NR_fcntl64: + { + int cmd; +- struct flock64 fl; +- from_flock64_fn *copyfrom = copy_from_user_flock64; +- to_flock64_fn *copyto = copy_to_user_flock64; ++ struct flock fl; ++ from_flock_fn *copyfrom = copy_from_user_flock; ++ to_flock_fn *copyto = copy_to_user_flock; + + #ifdef TARGET_ARM + if (!cpu_env->eabi) { +- copyfrom = copy_from_user_oabi_flock64; +- copyto = copy_to_user_oabi_flock64; ++ copyfrom = copy_from_user_oabi_flock; ++ copyto = copy_to_user_oabi_flock; + } + #endif + +@@ -12421,7 +12346,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, + } + + switch(arg2) { +- case TARGET_F_GETLK64: ++ case TARGET_F_GETLK: + ret = copyfrom(&fl, arg3); + if (ret) { + break; +@@ -12432,8 +12357,8 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, + } + break; + +- case TARGET_F_SETLK64: +- case TARGET_F_SETLKW64: ++ case TARGET_F_SETLK: ++ case TARGET_F_SETLKW: + ret = copyfrom(&fl, arg3); + if (ret) { + break; +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch deleted file mode 100644 index c5d206b91b..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch +++ /dev/null @@ -1,84 +0,0 @@ -From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001 -From: He Zhe <zhe.he@windriver.com> -Date: Wed, 28 Aug 2019 19:56:28 +0800 -Subject: [PATCH] configure: Add pkg-config handling for libgcrypt - -libgcrypt may also be controlled by pkg-config, this patch adds pkg-config -handling for libgcrypt. - -Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] - -Signed-off-by: He Zhe <zhe.he@windriver.com> - ---- - configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 40 insertions(+), 8 deletions(-) - -Index: qemu-5.2.0/configure -=================================================================== ---- qemu-5.2.0.orig/configure -+++ qemu-5.2.0/configure -@@ -2956,6 +2956,30 @@ has_libgcrypt() { - return 0 - } - -+has_libgcrypt_pkgconfig() { -+ if ! has $pkg_config ; then -+ return 1 -+ fi -+ -+ if ! $pkg_config --list-all | grep libgcrypt > /dev/null 2>&1 ; then -+ return 1 -+ fi -+ -+ if test -n "$cross_prefix" ; then -+ host=$($pkg_config --variable=host libgcrypt) -+ if test "${host%-gnu}-" != "${cross_prefix%-gnu}" ; then -+ print_error "host($host) does not match cross_prefix($cross_prefix)" -+ return 1 -+ fi -+ fi -+ -+ if ! $pkg_config --atleast-version=1.5.0 libgcrypt ; then -+ print_error "libgcrypt version is $($pkg_config --modversion libgcrypt)" -+ return 1 -+ fi -+ -+ return 0 -+} - - if test "$nettle" != "no"; then - pass="no" -@@ -2994,7 +3018,14 @@ fi - - if test "$gcrypt" != "no"; then - pass="no" -- if has_libgcrypt; then -+ if has_libgcrypt_pkgconfig; then -+ gcrypt_cflags=$($pkg_config --cflags libgcrypt) -+ if test "$static" = "yes" ; then -+ gcrypt_libs=$($pkg_config --libs --static libgcrypt) -+ else -+ gcrypt_libs=$($pkg_config --libs libgcrypt) -+ fi -+ elif has_libgcrypt; then - gcrypt_cflags=$(libgcrypt-config --cflags) - gcrypt_libs=$(libgcrypt-config --libs) - # Debian has removed -lgpg-error from libgcrypt-config -@@ -3004,12 +3035,12 @@ if test "$gcrypt" != "no"; then - then - gcrypt_libs="$gcrypt_libs -lgpg-error" - fi -+ fi - -- # Link test to make sure the given libraries work (e.g for static). -- write_c_skeleton -- if compile_prog "" "$gcrypt_libs" ; then -+ # Link test to make sure the given libraries work (e.g for static). -+ write_c_skeleton -+ if compile_prog "" "$gcrypt_libs" ; then - pass="yes" -- fi - fi - if test "$pass" = "yes"; then - gcrypt="yes" diff --git a/meta/recipes-devtools/qemu/qemu/0010-configure-lookup-meson-exutable-from-PATH.patch b/meta/recipes-devtools/qemu/qemu/0010-configure-lookup-meson-exutable-from-PATH.patch new file mode 100644 index 0000000000..98ce85a8cf --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0010-configure-lookup-meson-exutable-from-PATH.patch @@ -0,0 +1,31 @@ +From e12a93174f9b652604dda8d8464b9559b62b29d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> +Date: Wed, 22 May 2024 14:02:55 +0200 +Subject: [PATCH 10/11] configure: lookup meson exutable from PATH + +Upstream-Status: Inappropriate [workaround, would need a real fix for upstream] +--- + configure | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/configure b/configure +index 3cd736b139..482a1f8ef3 100755 +--- a/configure ++++ b/configure +@@ -956,12 +956,7 @@ fi + $mkvenv ensuregroup --dir "${source_path}/python/wheels" \ + ${source_path}/pythondeps.toml meson || exit 1 + +-# At this point, we expect Meson to be installed and available. +-# We expect mkvenv or pip to have created pyvenv/bin/meson for us. +-# We ignore PATH completely here: we want to use the venv's Meson +-# *exclusively*. +- +-meson="$(cd pyvenv/bin; pwd)/meson" ++meson=`which meson` + + # Conditionally ensure Sphinx is installed. + +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch b/meta/recipes-devtools/qemu/qemu/0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch new file mode 100644 index 0000000000..c7bb9b1b47 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch @@ -0,0 +1,55 @@ +From a93c2a6b2c9db9c4bd30298da43c37c5e5c6236e Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Wed, 22 May 2024 13:58:23 +0200 +Subject: [PATCH 11/11] qemu: Ensure pip and the python venv aren't used for + meson + +Qemu wants to use a supported python version and a specific meson version +to "help" users and uses pip and creates a venv to do this. This is a nightmare +for us. Our versions stay up to date and should be supported so we don't +really need/want this wrapping. Tweak things to disable it. + +There was breakage from the wrapper shown by: + +bitbake qemu-system-native +<add DISTRO_FEATURES:remove = "opengl" to local.conf> +bitbake qemu-system-native -c configure + +which would crash. The issue is the change in configuration removes pieces +from the sysroot but pyc files remainm as do pieces of pip which causes +problems. + +Ideally we'd convince upstream to allow some way to disable the venv on +the understanding that if/when it breaks, we keep the pieces. The patch +as it stands is a workaround. + +Upstream-Status: Inappropriate [oe specific] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + configure | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure b/configure +index 482a1f8ef3..0da4bf3e4d 100755 +--- a/configure ++++ b/configure +@@ -938,14 +938,14 @@ python="$(command -v "$python")" + echo "python determined to be '$python'" + echo "python version: $($python --version)" + +-python="$($python -B "${source_path}/python/scripts/mkvenv.py" create pyvenv)" ++python=python3 + if test "$?" -ne 0 ; then + error_exit "python venv creation failed" + fi + + # Suppress writing compiled files + python="$python -B" +-mkvenv="$python ${source_path}/python/scripts/mkvenv.py" ++mkvenv=true + + # Finish preparing the virtual environment using vendored .whl files + +-- +2.44.0 + diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch deleted file mode 100644 index 58622f0487..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-27821.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 279f90a9ab07304f0a49fc10e4bfd1243a8cddbe Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini <pbonzini@redhat.com> -Date: Tue, 1 Dec 2020 09:29:56 -0500 -Subject: [PATCH 1/2] memory: clamp cached translation in case it points to an - MMIO region - -In using the address_space_translate_internal API, address_space_cache_init -forgot one piece of advice that can be found in the code for -address_space_translate_internal: - - /* MMIO registers can be expected to perform full-width accesses based only - * on their address, without considering adjacent registers that could - * decode to completely different MemoryRegions. When such registers - * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO - * regions overlap wildly. For this reason we cannot clamp the accesses - * here. - * - * If the length is small (as is the case for address_space_ldl/stl), - * everything works fine. If the incoming length is large, however, - * the caller really has to do the clamping through memory_access_size. - */ - -address_space_cache_init is exactly one such case where "the incoming length -is large", therefore we need to clamp the resulting length---not to -memory_access_size though, since we are not doing an access yet, but to -the size of the resulting section. This ensures that subsequent accesses -to the cached MemoryRegionSection will be in range. - -With this patch, the enclosed testcase notices that the used ring does -not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" -error. - -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -Upstream-Status: Backport [4bfb024bc76973d40a359476dc0291f46e435442] -CVE: CVE-2020-27821 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - softmmu/physmem.c | 10 ++++++++ - tests/qtest/fuzz-test.c | 51 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 61 insertions(+) - -diff --git a/softmmu/physmem.c b/softmmu/physmem.c -index 3027747c0..2cd1de4a2 100644 ---- a/softmmu/physmem.c -+++ b/softmmu/physmem.c -@@ -3255,6 +3255,7 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, - AddressSpaceDispatch *d; - hwaddr l; - MemoryRegion *mr; -+ Int128 diff; - - assert(len > 0); - -@@ -3263,6 +3264,15 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, - d = flatview_to_dispatch(cache->fv); - cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true); - -+ /* -+ * cache->xlat is now relative to cache->mrs.mr, not to the section itself. -+ * Take that into account to compute how many bytes are there between -+ * cache->xlat and the end of the section. -+ */ -+ diff = int128_sub(cache->mrs.size, -+ int128_make64(cache->xlat - cache->mrs.offset_within_region)); -+ l = int128_get64(int128_min(diff, int128_make64(l))); -+ - mr = cache->mrs.mr; - memory_region_ref(mr); - if (memory_access_is_direct(mr, is_write)) { -diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c -index 9cb4c42bd..28739248e 100644 ---- a/tests/qtest/fuzz-test.c -+++ b/tests/qtest/fuzz-test.c -@@ -47,6 +47,55 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) - qtest_outl(s, 0x5d02, 0xebed205d); - } - -+/* -+ * Here a MemoryRegionCache pointed to an MMIO region but had a -+ * larger size than the underlying region. -+ */ -+static void test_mmio_oob_from_memory_region_cache(void) -+{ -+ QTestState *s; -+ -+ s = qtest_init("-M pc-q35-5.2 -display none -m 512M " -+ "-device virtio-scsi,num_queues=8,addr=03.0 "); -+ -+ qtest_outl(s, 0xcf8, 0x80001811); -+ qtest_outb(s, 0xcfc, 0x6e); -+ qtest_outl(s, 0xcf8, 0x80001824); -+ qtest_outl(s, 0xcf8, 0x80001813); -+ qtest_outl(s, 0xcfc, 0xa080000); -+ qtest_outl(s, 0xcf8, 0x80001802); -+ qtest_outl(s, 0xcfc, 0x5a175a63); -+ qtest_outb(s, 0x6e08, 0x9e); -+ qtest_writeb(s, 0x9f003, 0xff); -+ qtest_writeb(s, 0x9f004, 0x01); -+ qtest_writeb(s, 0x9e012, 0x0e); -+ qtest_writeb(s, 0x9e01b, 0x0e); -+ qtest_writeb(s, 0x9f006, 0x01); -+ qtest_writeb(s, 0x9f008, 0x01); -+ qtest_writeb(s, 0x9f00a, 0x01); -+ qtest_writeb(s, 0x9f00c, 0x01); -+ qtest_writeb(s, 0x9f00e, 0x01); -+ qtest_writeb(s, 0x9f010, 0x01); -+ qtest_writeb(s, 0x9f012, 0x01); -+ qtest_writeb(s, 0x9f014, 0x01); -+ qtest_writeb(s, 0x9f016, 0x01); -+ qtest_writeb(s, 0x9f018, 0x01); -+ qtest_writeb(s, 0x9f01a, 0x01); -+ qtest_writeb(s, 0x9f01c, 0x01); -+ qtest_writeb(s, 0x9f01e, 0x01); -+ qtest_writeb(s, 0x9f020, 0x01); -+ qtest_writeb(s, 0x9f022, 0x01); -+ qtest_writeb(s, 0x9f024, 0x01); -+ qtest_writeb(s, 0x9f026, 0x01); -+ qtest_writeb(s, 0x9f028, 0x01); -+ qtest_writeb(s, 0x9f02a, 0x01); -+ qtest_writeb(s, 0x9f02c, 0x01); -+ qtest_writeb(s, 0x9f02e, 0x01); -+ qtest_writeb(s, 0x9f030, 0x01); -+ qtest_outb(s, 0x6e10, 0x00); -+ qtest_quit(s); -+} -+ - int main(int argc, char **argv) - { - const char *arch = qtest_get_arch(); -@@ -58,6 +107,8 @@ int main(int argc, char **argv) - test_lp1878263_megasas_zero_iov_cnt); - qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", - test_lp1878642_pci_bus_get_irq_level_assert); -+ qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", -+ test_mmio_oob_from_memory_region_cache); - } - - return g_test_run(); --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch deleted file mode 100644 index c72324fce6..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-29443.patch +++ /dev/null @@ -1,107 +0,0 @@ -From c9a71afe182be5b62bd2ccdaf861695e0ec0731a Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Mon, 18 Jan 2021 17:21:30 +0530 -Subject: [PATCH] ide: atapi: check logical block address and read size - (CVE-2020-29443) - -While processing ATAPI cmd_read/cmd_read_cd commands, -Logical Block Address (LBA) maybe invalid OR closer to the last block, -leading to an OOB access issues. Add range check to avoid it. - -Fixes: CVE-2020-29443 -Reported-by: Wenxiang Qian <leonwxqian@gmail.com> -Suggested-by: Paolo Bonzini <pbonzini@redhat.com> -Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Message-Id: <20210118115130.457044-1-ppandit@redhat.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> - -Upstream-Status: Backport [b8d7f1bc59276fec85e4d09f1567613a3e14d31e] -CVE: CVE-2020-29443 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/ide/atapi.c | 30 ++++++++++++++++++++++++------ - 1 file changed, 24 insertions(+), 6 deletions(-) - -diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c -index e79157863..b626199e3 100644 ---- a/hw/ide/atapi.c -+++ b/hw/ide/atapi.c -@@ -322,6 +322,8 @@ static void ide_atapi_cmd_reply(IDEState *s, int size, int max_size) - static void ide_atapi_cmd_read_pio(IDEState *s, int lba, int nb_sectors, - int sector_size) - { -+ assert(0 <= lba && lba < (s->nb_sectors >> 2)); -+ - s->lba = lba; - s->packet_transfer_size = nb_sectors * sector_size; - s->elementary_transfer_size = 0; -@@ -420,6 +422,8 @@ eot: - static void ide_atapi_cmd_read_dma(IDEState *s, int lba, int nb_sectors, - int sector_size) - { -+ assert(0 <= lba && lba < (s->nb_sectors >> 2)); -+ - s->lba = lba; - s->packet_transfer_size = nb_sectors * sector_size; - s->io_buffer_size = 0; -@@ -973,35 +977,49 @@ static void cmd_prevent_allow_medium_removal(IDEState *s, uint8_t* buf) - - static void cmd_read(IDEState *s, uint8_t* buf) - { -- int nb_sectors, lba; -+ unsigned int nb_sectors, lba; -+ -+ /* Total logical sectors of ATAPI_SECTOR_SIZE(=2048) bytes */ -+ uint64_t total_sectors = s->nb_sectors >> 2; - - if (buf[0] == GPCMD_READ_10) { - nb_sectors = lduw_be_p(buf + 7); - } else { - nb_sectors = ldl_be_p(buf + 6); - } -- -- lba = ldl_be_p(buf + 2); - if (nb_sectors == 0) { - ide_atapi_cmd_ok(s); - return; - } - -+ lba = ldl_be_p(buf + 2); -+ if (lba >= total_sectors || lba + nb_sectors - 1 >= total_sectors) { -+ ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR); -+ return; -+ } -+ - ide_atapi_cmd_read(s, lba, nb_sectors, 2048); - } - - static void cmd_read_cd(IDEState *s, uint8_t* buf) - { -- int nb_sectors, lba, transfer_request; -+ unsigned int nb_sectors, lba, transfer_request; - -- nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8]; -- lba = ldl_be_p(buf + 2); -+ /* Total logical sectors of ATAPI_SECTOR_SIZE(=2048) bytes */ -+ uint64_t total_sectors = s->nb_sectors >> 2; - -+ nb_sectors = (buf[6] << 16) | (buf[7] << 8) | buf[8]; - if (nb_sectors == 0) { - ide_atapi_cmd_ok(s); - return; - } - -+ lba = ldl_be_p(buf + 2); -+ if (lba >= total_sectors || lba + nb_sectors - 1 >= total_sectors) { -+ ide_atapi_cmd_error(s, ILLEGAL_REQUEST, ASC_LOGICAL_BLOCK_OOR); -+ return; -+ } -+ - transfer_request = buf[9] & 0xf8; - if (transfer_request == 0x00) { - /* nothing */ --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch deleted file mode 100644 index 73a4cb2064..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 8afaaee976965b7fb90ec225a51d60f35c5f173c Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi <stefanha@redhat.com> -Date: Thu, 4 Feb 2021 15:02:06 +0000 -Subject: [PATCH] virtiofsd: extract lo_do_open() from lo_open() - -Both lo_open() and lo_create() have similar code to open a file. Extract -a common lo_do_open() function from lo_open() that will be used by -lo_create() in a later commit. - -Since lo_do_open() does not otherwise need fuse_req_t req, convert -lo_add_fd_mapping() to use struct lo_data *lo instead. - -Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> -Message-Id: <20210204150208.367837-2-stefanha@redhat.com> -Reviewed-by: Greg Kurz <groug@kaod.org> -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> - -Upstream-Status: Backport -[https://github.com/qemu/qemu/commit/8afaaee976965b7fb90ec225a51d60f35c5f173c] - -CVE: CVE-2020-35517 - -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> -Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> ---- - tools/virtiofsd/passthrough_ll.c | 73 +++++++++++++++++++++++++--------------- - 1 file changed, 46 insertions(+), 27 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 5fb36d9..f14fa51 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -459,17 +459,17 @@ static void lo_map_remove(struct lo_map *map, size_t key) - } - - /* Assumes lo->mutex is held */ --static ssize_t lo_add_fd_mapping(fuse_req_t req, int fd) -+static ssize_t lo_add_fd_mapping(struct lo_data *lo, int fd) - { - struct lo_map_elem *elem; - -- elem = lo_map_alloc_elem(&lo_data(req)->fd_map); -+ elem = lo_map_alloc_elem(&lo->fd_map); - if (!elem) { - return -1; - } - - elem->fd = fd; -- return elem - lo_data(req)->fd_map.elems; -+ return elem - lo->fd_map.elems; - } - - /* Assumes lo->mutex is held */ -@@ -1651,6 +1651,38 @@ static void update_open_flags(int writeback, int allow_direct_io, - } - } - -+static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, -+ struct fuse_file_info *fi) -+{ -+ char buf[64]; -+ ssize_t fh; -+ int fd; -+ -+ update_open_flags(lo->writeback, lo->allow_direct_io, fi); -+ -+ sprintf(buf, "%i", inode->fd); -+ fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); -+ if (fd == -1) { -+ return errno; -+ } -+ -+ pthread_mutex_lock(&lo->mutex); -+ fh = lo_add_fd_mapping(lo, fd); -+ pthread_mutex_unlock(&lo->mutex); -+ if (fh == -1) { -+ close(fd); -+ return ENOMEM; -+ } -+ -+ fi->fh = fh; -+ if (lo->cache == CACHE_NONE) { -+ fi->direct_io = 1; -+ } else if (lo->cache == CACHE_ALWAYS) { -+ fi->keep_cache = 1; -+ } -+ return 0; -+} -+ - static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - mode_t mode, struct fuse_file_info *fi) - { -@@ -1691,7 +1723,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - ssize_t fh; - - pthread_mutex_lock(&lo->mutex); -- fh = lo_add_fd_mapping(req, fd); -+ fh = lo_add_fd_mapping(lo, fd); - pthread_mutex_unlock(&lo->mutex); - if (fh == -1) { - close(fd); -@@ -1892,38 +1924,25 @@ static void lo_fsyncdir(fuse_req_t req, fuse_ino_t ino, int datasync, - - static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - { -- int fd; -- ssize_t fh; -- char buf[64]; - struct lo_data *lo = lo_data(req); -+ struct lo_inode *inode = lo_inode(req, ino); -+ int err; - - fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d)\n", ino, - fi->flags); - -- update_open_flags(lo->writeback, lo->allow_direct_io, fi); -- -- sprintf(buf, "%i", lo_fd(req, ino)); -- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); -- if (fd == -1) { -- return (void)fuse_reply_err(req, errno); -- } -- -- pthread_mutex_lock(&lo->mutex); -- fh = lo_add_fd_mapping(req, fd); -- pthread_mutex_unlock(&lo->mutex); -- if (fh == -1) { -- close(fd); -- fuse_reply_err(req, ENOMEM); -+ if (!inode) { -+ fuse_reply_err(req, EBADF); - return; - } - -- fi->fh = fh; -- if (lo->cache == CACHE_NONE) { -- fi->direct_io = 1; -- } else if (lo->cache == CACHE_ALWAYS) { -- fi->keep_cache = 1; -+ err = lo_do_open(lo, inode, fi); -+ lo_inode_put(lo, &inode); -+ if (err) { -+ fuse_reply_err(req, err); -+ } else { -+ fuse_reply_open(req, fi); - } -- fuse_reply_open(req, fi); - } - - static void lo_release(fuse_req_t req, fuse_ino_t ino, --- -1.8.3.1 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_2.patch deleted file mode 100644 index bf11bdb6f8..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_2.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 22d2ece71e533310da31f2857ebc4a00d91968b3 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi <stefanha@redhat.com> -Date: Thu, 4 Feb 2021 15:02:07 +0000 -Subject: [PATCH] virtiofsd: optionally return inode pointer from - lo_do_lookup() - -lo_do_lookup() finds an existing inode or allocates a new one. It -increments nlookup so that the inode stays alive until the client -releases it. - -Existing callers don't need the struct lo_inode so the function doesn't -return it. Extend the function to optionally return the inode. The next -commit will need it. - -Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> -Reviewed-by: Greg Kurz <groug@kaod.org> -Message-Id: <20210204150208.367837-3-stefanha@redhat.com> -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> - -Upstream-Status: Backport -[https://github.com/qemu/qemu/commit/22d2ece71e533310da31f2857ebc4a00d91968b3] - -CVE: CVE-2020-35517 - -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> -Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> ---- - tools/virtiofsd/passthrough_ll.c | 29 +++++++++++++++++++++-------- - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index f14fa51..aa35fc6 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -831,11 +831,13 @@ static int do_statx(struct lo_data *lo, int dirfd, const char *pathname, - } - - /* -- * Increments nlookup and caller must release refcount using -- * lo_inode_put(&parent). -+ * Increments nlookup on the inode on success. unref_inode_lolocked() must be -+ * called eventually to decrement nlookup again. If inodep is non-NULL, the -+ * inode pointer is stored and the caller must call lo_inode_put(). - */ - static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, -- struct fuse_entry_param *e) -+ struct fuse_entry_param *e, -+ struct lo_inode **inodep) - { - int newfd; - int res; -@@ -845,6 +847,10 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, - struct lo_inode *inode = NULL; - struct lo_inode *dir = lo_inode(req, parent); - -+ if (inodep) { -+ *inodep = NULL; -+ } -+ - /* - * name_to_handle_at() and open_by_handle_at() can reach here with fuse - * mount point in guest, but we don't have its inode info in the -@@ -913,7 +919,14 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, - pthread_mutex_unlock(&lo->mutex); - } - e->ino = inode->fuse_ino; -- lo_inode_put(lo, &inode); -+ -+ /* Transfer ownership of inode pointer to caller or drop it */ -+ if (inodep) { -+ *inodep = inode; -+ } else { -+ lo_inode_put(lo, &inode); -+ } -+ - lo_inode_put(lo, &dir); - - fuse_log(FUSE_LOG_DEBUG, " %lli/%s -> %lli\n", (unsigned long long)parent, -@@ -948,7 +961,7 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) - return; - } - -- err = lo_do_lookup(req, parent, name, &e); -+ err = lo_do_lookup(req, parent, name, &e, NULL); - if (err) { - fuse_reply_err(req, err); - } else { -@@ -1056,7 +1069,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent, - goto out; - } - -- saverr = lo_do_lookup(req, parent, name, &e); -+ saverr = lo_do_lookup(req, parent, name, &e, NULL); - if (saverr) { - goto out; - } -@@ -1534,7 +1547,7 @@ static void lo_do_readdir(fuse_req_t req, fuse_ino_t ino, size_t size, - - if (plus) { - if (!is_dot_or_dotdot(name)) { -- err = lo_do_lookup(req, ino, name, &e); -+ err = lo_do_lookup(req, ino, name, &e, NULL); - if (err) { - goto error; - } -@@ -1732,7 +1745,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - } - - fi->fh = fh; -- err = lo_do_lookup(req, parent, name, &e); -+ err = lo_do_lookup(req, parent, name, &e, NULL); - } - if (lo->cache == CACHE_NONE) { - fi->direct_io = 1; --- -1.8.3.1 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_3.patch deleted file mode 100644 index f348f3f2bd..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_3.patch +++ /dev/null @@ -1,303 +0,0 @@ -From a3fdbbc7f271bff7d53d0501b29d910ece0b3789 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi <stefanha@redhat.com> -Date: Thu, 4 Feb 2021 15:02:08 +0000 -Subject: [PATCH] virtiofsd: prevent opening of special files (CVE-2020-35517) - -A well-behaved FUSE client does not attempt to open special files with -FUSE_OPEN because they are handled on the client side (e.g. device nodes -are handled by client-side device drivers). - -The check to prevent virtiofsd from opening special files is missing in -a few cases, most notably FUSE_OPEN. A malicious client can cause -virtiofsd to open a device node, potentially allowing the guest to -escape. This can be exploited by a modified guest device driver. It is -not exploitable from guest userspace since the guest kernel will handle -special files inside the guest instead of sending FUSE requests. - -This patch fixes this issue by introducing the lo_inode_open() function -to check the file type before opening it. This is a short-term solution -because it does not prevent a compromised virtiofsd process from opening -device nodes on the host. - -Restructure lo_create() to try O_CREAT | O_EXCL first. Note that O_CREAT -| O_EXCL does not follow symlinks, so O_NOFOLLOW masking is not -necessary here. If the file exists and the user did not specify O_EXCL, -open it via lo_do_open(). - -Reported-by: Alex Xu <alex@alxu.ca> -Fixes: CVE-2020-35517 -Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> -Reviewed-by: Vivek Goyal <vgoyal@redhat.com> -Reviewed-by: Greg Kurz <groug@kaod.org> -Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> -Message-Id: <20210204150208.367837-4-stefanha@redhat.com> -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> - -Upstream-Status: Backport -[https://github.com/qemu/qemu/commit/a3fdbbc7f271bff7d53d0501b29d910ece0b3789] - -CVE: CVE-2020-35517 - -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> -Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> ---- - tools/virtiofsd/passthrough_ll.c | 144 ++++++++++++++++++++----------- - 1 file changed, 92 insertions(+), 52 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index aa35fc6ba5a5..147b59338a18 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -555,6 +555,38 @@ static int lo_fd(fuse_req_t req, fuse_ino_t ino) - return fd; - } - -+/* -+ * Open a file descriptor for an inode. Returns -EBADF if the inode is not a -+ * regular file or a directory. -+ * -+ * Use this helper function instead of raw openat(2) to prevent security issues -+ * when a malicious client opens special files such as block device nodes. -+ * Symlink inodes are also rejected since symlinks must already have been -+ * traversed on the client side. -+ */ -+static int lo_inode_open(struct lo_data *lo, struct lo_inode *inode, -+ int open_flags) -+{ -+ g_autofree char *fd_str = g_strdup_printf("%d", inode->fd); -+ int fd; -+ -+ if (!S_ISREG(inode->filetype) && !S_ISDIR(inode->filetype)) { -+ return -EBADF; -+ } -+ -+ /* -+ * The file is a symlink so O_NOFOLLOW must be ignored. We checked earlier -+ * that the inode is not a special file but if an external process races -+ * with us then symlinks are traversed here. It is not possible to escape -+ * the shared directory since it is mounted as "/" though. -+ */ -+ fd = openat(lo->proc_self_fd, fd_str, open_flags & ~O_NOFOLLOW); -+ if (fd < 0) { -+ return -errno; -+ } -+ return fd; -+} -+ - static void lo_init(void *userdata, struct fuse_conn_info *conn) - { - struct lo_data *lo = (struct lo_data *)userdata; -@@ -684,9 +716,9 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - if (fi) { - truncfd = fd; - } else { -- sprintf(procname, "%i", ifd); -- truncfd = openat(lo->proc_self_fd, procname, O_RDWR); -+ truncfd = lo_inode_open(lo, inode, O_RDWR); - if (truncfd < 0) { -+ errno = -truncfd; - goto out_err; - } - } -@@ -848,7 +880,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, - struct lo_inode *dir = lo_inode(req, parent); - - if (inodep) { -- *inodep = NULL; -+ *inodep = NULL; /* in case there is an error */ - } - - /* -@@ -1664,19 +1696,26 @@ static void update_open_flags(int writeback, int allow_direct_io, - } - } - -+/* -+ * Open a regular file, set up an fd mapping, and fill out the struct -+ * fuse_file_info for it. If existing_fd is not negative, use that fd instead -+ * opening a new one. Takes ownership of existing_fd. -+ * -+ * Returns 0 on success or a positive errno. -+ */ - static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, -- struct fuse_file_info *fi) -+ int existing_fd, struct fuse_file_info *fi) - { -- char buf[64]; - ssize_t fh; -- int fd; -+ int fd = existing_fd; - - update_open_flags(lo->writeback, lo->allow_direct_io, fi); - -- sprintf(buf, "%i", inode->fd); -- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); -- if (fd == -1) { -- return errno; -+ if (fd < 0) { -+ fd = lo_inode_open(lo, inode, fi->flags); -+ if (fd < 0) { -+ return -fd; -+ } - } - - pthread_mutex_lock(&lo->mutex); -@@ -1699,9 +1738,10 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, - static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - mode_t mode, struct fuse_file_info *fi) - { -- int fd; -+ int fd = -1; - struct lo_data *lo = lo_data(req); - struct lo_inode *parent_inode; -+ struct lo_inode *inode = NULL; - struct fuse_entry_param e; - int err; - struct lo_cred old = {}; -@@ -1727,36 +1767,38 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - - update_open_flags(lo->writeback, lo->allow_direct_io, fi); - -- fd = openat(parent_inode->fd, name, (fi->flags | O_CREAT) & ~O_NOFOLLOW, -- mode); -+ /* Try to create a new file but don't open existing files */ -+ fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode); - err = fd == -1 ? errno : 0; -- lo_restore_cred(&old); - -- if (!err) { -- ssize_t fh; -+ lo_restore_cred(&old); - -- pthread_mutex_lock(&lo->mutex); -- fh = lo_add_fd_mapping(lo, fd); -- pthread_mutex_unlock(&lo->mutex); -- if (fh == -1) { -- close(fd); -- err = ENOMEM; -- goto out; -- } -+ /* Ignore the error if file exists and O_EXCL was not given */ -+ if (err && (err != EEXIST || (fi->flags & O_EXCL))) { -+ goto out; -+ } - -- fi->fh = fh; -- err = lo_do_lookup(req, parent, name, &e, NULL); -+ err = lo_do_lookup(req, parent, name, &e, &inode); -+ if (err) { -+ goto out; - } -- if (lo->cache == CACHE_NONE) { -- fi->direct_io = 1; -- } else if (lo->cache == CACHE_ALWAYS) { -- fi->keep_cache = 1; -+ -+ err = lo_do_open(lo, inode, fd, fi); -+ fd = -1; /* lo_do_open() takes ownership of fd */ -+ if (err) { -+ /* Undo lo_do_lookup() nlookup ref */ -+ unref_inode_lolocked(lo, inode, 1); - } - - out: -+ lo_inode_put(lo, &inode); - lo_inode_put(lo, &parent_inode); - - if (err) { -+ if (fd >= 0) { -+ close(fd); -+ } -+ - fuse_reply_err(req, err); - } else { - fuse_reply_create(req, &e, fi); -@@ -1770,7 +1812,6 @@ static struct lo_inode_plock *lookup_create_plock_ctx(struct lo_data *lo, - pid_t pid, int *err) - { - struct lo_inode_plock *plock; -- char procname[64]; - int fd; - - plock = -@@ -1787,12 +1828,10 @@ static struct lo_inode_plock *lookup_create_plock_ctx(struct lo_data *lo, - } - - /* Open another instance of file which can be used for ofd locks. */ -- sprintf(procname, "%i", inode->fd); -- - /* TODO: What if file is not writable? */ -- fd = openat(lo->proc_self_fd, procname, O_RDWR); -- if (fd == -1) { -- *err = errno; -+ fd = lo_inode_open(lo, inode, O_RDWR); -+ if (fd < 0) { -+ *err = -fd; - free(plock); - return NULL; - } -@@ -1949,7 +1988,7 @@ static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - return; - } - -- err = lo_do_open(lo, inode, fi); -+ err = lo_do_open(lo, inode, -1, fi); - lo_inode_put(lo, &inode); - if (err) { - fuse_reply_err(req, err); -@@ -2014,39 +2053,40 @@ static void lo_flush(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - static void lo_fsync(fuse_req_t req, fuse_ino_t ino, int datasync, - struct fuse_file_info *fi) - { -+ struct lo_inode *inode = lo_inode(req, ino); -+ struct lo_data *lo = lo_data(req); - int res; - int fd; -- char *buf; - - fuse_log(FUSE_LOG_DEBUG, "lo_fsync(ino=%" PRIu64 ", fi=0x%p)\n", ino, - (void *)fi); - -- if (!fi) { -- struct lo_data *lo = lo_data(req); -- -- res = asprintf(&buf, "%i", lo_fd(req, ino)); -- if (res == -1) { -- return (void)fuse_reply_err(req, errno); -- } -+ if (!inode) { -+ fuse_reply_err(req, EBADF); -+ return; -+ } - -- fd = openat(lo->proc_self_fd, buf, O_RDWR); -- free(buf); -- if (fd == -1) { -- return (void)fuse_reply_err(req, errno); -+ if (!fi) { -+ fd = lo_inode_open(lo, inode, O_RDWR); -+ if (fd < 0) { -+ res = -fd; -+ goto out; - } - } else { - fd = lo_fi_fd(req, fi); - } - - if (datasync) { -- res = fdatasync(fd); -+ res = fdatasync(fd) == -1 ? errno : 0; - } else { -- res = fsync(fd); -+ res = fsync(fd) == -1 ? errno : 0; - } - if (!fi) { - close(fd); - } -- fuse_reply_err(req, res == -1 ? errno : 0); -+out: -+ lo_inode_put(lo, &inode); -+ fuse_reply_err(req, res); - } - - static void lo_read(fuse_req_t req, fuse_ino_t ino, size_t size, off_t offset, diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch deleted file mode 100644 index 1b8c77f838..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-20181.patch +++ /dev/null @@ -1,81 +0,0 @@ -From c2d2d14e8deece958bbc4fc649d22c3564bc4e7e Mon Sep 17 00:00:00 2001 -From: Greg Kurz <groug@kaod.org> -Date: Thu, 14 Jan 2021 17:04:12 +0100 -Subject: [PATCH] 9pfs: Fully restart unreclaim loop (CVE-2021-20181) - -Depending on the client activity, the server can be asked to open a huge -number of file descriptors and eventually hit RLIMIT_NOFILE. This is -currently mitigated using a reclaim logic : the server closes the file -descriptors of idle fids, based on the assumption that it will be able -to re-open them later. This assumption doesn't hold of course if the -client requests the file to be unlinked. In this case, we loop on the -entire fid list and mark all related fids as unreclaimable (the reclaim -logic will just ignore them) and, of course, we open or re-open their -file descriptors if needed since we're about to unlink the file. - -This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual -opening of a file can cause the coroutine to yield, another client -request could possibly add a new fid that we may want to mark as -non-reclaimable as well. The loop is thus restarted if the re-open -request was actually transmitted to the backend. This is achieved -by keeping a reference on the first fid (head) before traversing -the list. - -This is wrong in several ways: -- a potential clunk request from the client could tear the first - fid down and cause the reference to be stale. This leads to a - use-after-free error that can be detected with ASAN, using a - custom 9p client -- fids are added at the head of the list : restarting from the - previous head will always miss fids added by a some other - potential request - -All these problems could be avoided if fids were being added at the -end of the list. This can be achieved with a QSIMPLEQ, but this is -probably too much change for a bug fix. For now let's keep it -simple and just restart the loop from the current head. - -Fixes: CVE-2021-20181 -Buglink: https://bugs.launchpad.net/qemu/+bug/1911666 -Reported-by: Zero Day Initiative <zdi-disclosures@trendmicro.com> -Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> -Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> -Message-Id: <161064025265.1838153.15185571283519390907.stgit@bahia.lan> -Signed-off-by: Greg Kurz <groug@kaod.org> - -Upstream-Status: Backport [89fbea8737e8f7b954745a1ffc4238d377055305] -CVE: CVE-2021-20181 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/9pfs/9p.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 94df440fc..6026b51a1 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -502,9 +502,9 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) - { - int err; - V9fsState *s = pdu->s; -- V9fsFidState *fidp, head_fid; -+ V9fsFidState *fidp; - -- head_fid.next = s->fid_list; -+again: - for (fidp = s->fid_list; fidp; fidp = fidp->next) { - if (fidp->path.size != path->size) { - continue; -@@ -524,7 +524,7 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) - * switched to the worker thread - */ - if (err == 0) { -- fidp = &head_fid; -+ goto again; - } - } - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch deleted file mode 100644 index 269c6f1294..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-20203.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Prasad J Pandit <pjp@fedoraproject.org> - -While activating device in vmxnet3_acticate_device(), it does not -validate guest supplied configuration values against predefined -minimum - maximum limits. This may lead to integer overflow or -OOB access issues. Add checks to avoid it. - -Fixes: CVE-2021-20203 -Buglink: https://bugs.launchpad.net/qemu/+bug/1913873 -Reported-by: Gaoning Pan <pgn@zju.edu.cn> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> - -Upstream-Status: Acepted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html] -CVE: CVE-2021-20203 -Signed-off-by: Minjae Kim <flowergom@gmail.com> ---- - hw/net/vmxnet3.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c -index eff299f629..4a910ca971 100644 ---- a/hw/net/vmxnet3.c -+++ b/hw/net/vmxnet3.c -@@ -1420,6 +1420,7 @@ static void vmxnet3_activate_device(VMXNET3State *s) - vmxnet3_setup_rx_filtering(s); - /* Cache fields from shared memory */ - s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu); -+ assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU); - VMW_CFPRN("MTU is %u", s->mtu); - - s->max_rx_frags = -@@ -1473,6 +1474,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) - /* Read rings memory locations for TX queues */ - pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA); - size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize); -+ if (size > VMXNET3_TX_RING_MAX_SIZE) { -+ size = VMXNET3_TX_RING_MAX_SIZE; -+ } - - vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size, - sizeof(struct Vmxnet3_TxDesc), false); -@@ -1483,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) - /* TXC ring */ - pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA); - size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize); -+ if (size > VMXNET3_TC_RING_MAX_SIZE) { -+ size = VMXNET3_TC_RING_MAX_SIZE; -+ } - vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size, - sizeof(struct Vmxnet3_TxCompDesc), true); - VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring); -@@ -1524,6 +1531,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) - /* RX rings */ - pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]); - size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]); -+ if (size > VMXNET3_RX_RING_MAX_SIZE) { -+ size = VMXNET3_RX_RING_MAX_SIZE; -+ } - vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size, - sizeof(struct Vmxnet3_RxDesc), false); - VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d", -@@ -1533,6 +1543,9 @@ static void vmxnet3_activate_device(VMXNET3State *s) - /* RXC ring */ - pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA); - size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize); -+ if (size > VMXNET3_RC_RING_MAX_SIZE) { -+ size = VMXNET3_RC_RING_MAX_SIZE; -+ } - vmxnet3_ring_init(d, &s->rxq_descr[i].comp_ring, pa, size, - sizeof(struct Vmxnet3_RxCompDesc), true); - VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size); --- -2.29.2 diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch deleted file mode 100644 index d762a51d02..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-20221.patch +++ /dev/null @@ -1,70 +0,0 @@ -From e428bcfb86fb46d9773ae11e69712052dcff3d45 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> -Date: Sun, 31 Jan 2021 11:34:01 +0100 -Subject: [PATCH] hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Per the ARM Generic Interrupt Controller Architecture specification -(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, -not 10: - - - 4.3 Distributor register descriptions - - 4.3.15 Software Generated Interrupt Register, GICD_SG - - - Table 4-21 GICD_SGIR bit assignments - - The Interrupt ID of the SGI to forward to the specified CPU - interfaces. The value of this field is the Interrupt ID, in - the range 0-15, for example a value of 0b0011 specifies - Interrupt ID 3. - -Correct the irq mask to fix an undefined behavior (which eventually -lead to a heap-buffer-overflow, see [Buglink]): - - $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio - [I 1612088147.116987] OPENED - [R +0.278293] writel 0x8000f00 0xff4affb0 - ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' - SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 - -This fixes a security issue when running with KVM on Arm with -kernel-irqchip=off. (The default is kernel-irqchip=on, which is -unaffected, and which is also the correct choice for performance.) - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2021-20221 -Fixes: 9ee6e8bb853 ("ARMv7 support.") -Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 -Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 -Reported-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Message-id: 20210131103401.217160-1-f4bug@amsat.org -Reviewed-by: Peter Maydell <peter.maydell@linaro.org> -Signed-off-by: Peter Maydell <peter.maydell@linaro.org> - -Upstream-Status: Backport [edfe2eb4360cde4ed5d95bda7777edcb3510f76a] -CVE: CVE-2021-20221 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/intc/arm_gic.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c -index c60dc6b5e..fbde60de0 100644 ---- a/hw/intc/arm_gic.c -+++ b/hw/intc/arm_gic.c -@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset, - int target_cpu; - - cpu = gic_get_current_cpu(s); -- irq = value & 0x3ff; -+ irq = value & 0xf; - switch ((value >> 24) & 3) { - case 0: - mask = (value >> 16) & ALL_CPU_MASK; --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch deleted file mode 100644 index 7175b24e99..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-20257.patch +++ /dev/null @@ -1,55 +0,0 @@ -From affdf476543405045c281a7c67d1eaedbcea8135 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 13:45:28 +0800 -Subject: [PATCH] e1000: fail early for evil descriptor - -During procss_tx_desc(), driver can try to chain data descriptor with -legacy descriptor, when will lead underflow for the following -calculation in process_tx_desc() for bytes: - - if (tp->size + bytes > msh) - bytes = msh - tp->size; - -This will lead a infinite loop. So check and fail early if tp->size if -greater or equal to msh. - -Reported-by: Alexander Bulekov <alxndr@bu.edu> -Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> -Reported-by: Ruhr-University Bochum <bugs-syssec@rub.de> -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [3de46e6fc489c52c9431a8a832ad8170a7569bd8] -CVE: CVE-2021-20257 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/e1000.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/net/e1000.c b/hw/net/e1000.c -index cf22c4f07..c3564c7ce 100644 ---- a/hw/net/e1000.c -+++ b/hw/net/e1000.c -@@ -670,6 +670,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - msh = tp->tso_props.hdr_len + tp->tso_props.mss; - do { - bytes = split_size; -+ if (tp->size >= msh) { -+ goto eop; -+ } - if (tp->size + bytes > msh) - bytes = msh - tp->size; - -@@ -695,6 +698,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - tp->size += split_size; - } - -+eop: - if (!(txd_lower & E1000_TXD_CMD_EOP)) - return; - if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) { --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-20263.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-20263.patch deleted file mode 100644 index 4f9a91f0c6..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-20263.patch +++ /dev/null @@ -1,214 +0,0 @@ -From aaa5f8e00c2e85a893b972f1e243fb14c26b70dc Mon Sep 17 00:00:00 2001 -From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> -Date: Wed, 24 Feb 2021 19:56:25 +0000 -Subject: [PATCH 2/2] virtiofs: drop remapped security.capability xattr as - needed - -On Linux, the 'security.capability' xattr holds a set of -capabilities that can change when an executable is run, giving -a limited form of privilege escalation to those programs that -the writer of the file deemed worthy. - -Any write causes the 'security.capability' xattr to be dropped, -stopping anyone from gaining privilege by modifying a blessed -file. - -Fuse relies on the daemon to do this dropping, and in turn the -daemon relies on the host kernel to drop the xattr for it. However, -with the addition of -o xattrmap, the xattr that the guest -stores its capabilities in is now not the same as the one that -the host kernel automatically clears. - -Where the mapping changes 'security.capability', explicitly clear -the remapped name to preserve the same behaviour. - -This bug is assigned CVE-2021-20263. - -Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> -Reviewed-by: Vivek Goyal <vgoyal@redhat.com> - -Upstream-Status: Backport [e586edcb410543768ef009eaa22a2d9dd4a53846] -CVE: CVE-2021-20263 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - docs/tools/virtiofsd.rst | 4 ++ - tools/virtiofsd/passthrough_ll.c | 77 +++++++++++++++++++++++++++++++- - 2 files changed, 80 insertions(+), 1 deletion(-) - -diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst -index 866b7db3e..00554c75b 100644 ---- a/docs/tools/virtiofsd.rst -+++ b/docs/tools/virtiofsd.rst -@@ -228,6 +228,10 @@ The 'map' type adds a number of separate rules to add **prepend** as a prefix - to the matched **key** (or all attributes if **key** is empty). - There may be at most one 'map' rule and it must be the last rule in the set. - -+Note: When the 'security.capability' xattr is remapped, the daemon has to do -+extra work to remove it during many operations, which the host kernel normally -+does itself. -+ - xattr-mapping Examples - ---------------------- - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 03c5e0d13..c9197da86 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -160,6 +160,7 @@ struct lo_data { - int posix_lock; - int xattr; - char *xattrmap; -+ char *xattr_security_capability; - char *source; - char *modcaps; - double timeout; -@@ -226,6 +227,8 @@ static __thread bool cap_loaded = 0; - - static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st, - uint64_t mnt_id); -+static int xattr_map_client(const struct lo_data *lo, const char *client_name, -+ char **out_name); - - static int is_dot_or_dotdot(const char *name) - { -@@ -365,6 +368,37 @@ out: - return ret; - } - -+/* -+ * The host kernel normally drops security.capability xattr's on -+ * any write, however if we're remapping xattr names we need to drop -+ * whatever the clients security.capability is actually stored as. -+ */ -+static int drop_security_capability(const struct lo_data *lo, int fd) -+{ -+ if (!lo->xattr_security_capability) { -+ /* We didn't remap the name, let the host kernel do it */ -+ return 0; -+ } -+ if (!fremovexattr(fd, lo->xattr_security_capability)) { -+ /* All good */ -+ return 0; -+ } -+ -+ switch (errno) { -+ case ENODATA: -+ /* Attribute didn't exist, that's fine */ -+ return 0; -+ -+ case ENOTSUP: -+ /* FS didn't support attribute anyway, also fine */ -+ return 0; -+ -+ default: -+ /* Hmm other error */ -+ return errno; -+ } -+} -+ - static void lo_map_init(struct lo_map *map) - { - map->elems = NULL; -@@ -717,6 +751,11 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - uid_t uid = (valid & FUSE_SET_ATTR_UID) ? attr->st_uid : (uid_t)-1; - gid_t gid = (valid & FUSE_SET_ATTR_GID) ? attr->st_gid : (gid_t)-1; - -+ saverr = drop_security_capability(lo, ifd); -+ if (saverr) { -+ goto out_err; -+ } -+ - res = fchownat(ifd, "", uid, gid, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW); - if (res == -1) { - goto out_err; -@@ -735,6 +774,14 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - } - } - -+ saverr = drop_security_capability(lo, truncfd); -+ if (saverr) { -+ if (!fi) { -+ close(truncfd); -+ } -+ goto out_err; -+ } -+ - res = ftruncate(truncfd, attr->st_size); - if (!fi) { - saverr = errno; -@@ -1726,6 +1773,13 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, - if (fd < 0) { - return -fd; - } -+ if (fi->flags & (O_TRUNC)) { -+ int err = drop_security_capability(lo, fd); -+ if (err) { -+ close(fd); -+ return err; -+ } -+ } - } - - pthread_mutex_lock(&lo->mutex); -@@ -2114,6 +2168,12 @@ static void lo_write_buf(fuse_req_t req, fuse_ino_t ino, - "lo_write_buf(ino=%" PRIu64 ", size=%zd, off=%lu)\n", ino, - out_buf.buf[0].size, (unsigned long)off); - -+ res = drop_security_capability(lo_data(req), out_buf.buf[0].fd); -+ if (res) { -+ fuse_reply_err(req, res); -+ return; -+ } -+ - /* - * If kill_priv is set, drop CAP_FSETID which should lead to kernel - * clearing setuid/setgid on file. -@@ -2353,6 +2413,7 @@ static void parse_xattrmap(struct lo_data *lo) - { - const char *map = lo->xattrmap; - const char *tmp; -+ int ret; - - lo->xattr_map_nentries = 0; - while (*map) { -@@ -2383,7 +2444,7 @@ static void parse_xattrmap(struct lo_data *lo) - * the last entry. - */ - parse_xattrmap_map(lo, map, sep); -- return; -+ break; - } else { - fuse_log(FUSE_LOG_ERR, - "%s: Unexpected type;" -@@ -2452,6 +2513,19 @@ static void parse_xattrmap(struct lo_data *lo) - fuse_log(FUSE_LOG_ERR, "Empty xattr map\n"); - exit(1); - } -+ -+ ret = xattr_map_client(lo, "security.capability", -+ &lo->xattr_security_capability); -+ if (ret) { -+ fuse_log(FUSE_LOG_ERR, "Failed to map security.capability: %s\n", -+ strerror(ret)); -+ exit(1); -+ } -+ if (!strcmp(lo->xattr_security_capability, "security.capability")) { -+ /* 1-1 mapping, don't need to do anything */ -+ free(lo->xattr_security_capability); -+ lo->xattr_security_capability = NULL; -+ } - } - - /* -@@ -3480,6 +3554,7 @@ static void fuse_lo_data_cleanup(struct lo_data *lo) - - free(lo->xattrmap); - free_xattrmap(lo); -+ free(lo->xattr_security_capability); - free(lo->source); - } - --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch deleted file mode 100644 index af94cff7e8..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3392.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 3791642c8d60029adf9b00bcb4e34d7d8a1aea4d Mon Sep 17 00:00:00 2001 -From: Michael Tokarev <mjt@tls.msk.ru> -Date: Mon, 19 Apr 2021 15:42:47 +0200 -Subject: [PATCH] mptsas: Remove unused MPTSASState 'pending' field - (CVE-2021-3392) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -While processing SCSI i/o requests in mptsas_process_scsi_io_request(), -the Megaraid emulator appends new MPTSASRequest object 'req' to -the 's->pending' queue. In case of an error, this same object gets -dequeued in mptsas_free_request() only if SCSIRequest object -'req->sreq' is initialised. This may lead to a use-after-free issue. - -Since s->pending is actually not used, simply remove it from -MPTSASState. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> -Message-id: 20210419134247.1467982-1-f4bug@amsat.org -Message-Id: <20210416102243.1293871-1-mjt@msgid.tls.msk.ru> -Suggested-by: Paolo Bonzini <pbonzini@redhat.com> -Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr> -BugLink: https://bugs.launchpad.net/qemu/+bug/1914236 (CVE-2021-3392) -Fixes: e351b826112 ("hw: Add support for LSI SAS1068 (mptsas) device") -[PMD: Reworded description, added more tags] -Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Reviewed-by: Peter Maydell <peter.maydell@linaro.org> -Signed-off-by: Peter Maydell <peter.maydell@linaro.org> - -CVE: CVE-2021-3392 -Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d] -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - hw/scsi/mptsas.c | 6 ------ - hw/scsi/mptsas.h | 1 - - 2 files changed, 7 deletions(-) - -diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c -index 7416e7870614..db3219e7d206 100644 ---- a/hw/scsi/mptsas.c -+++ b/hw/scsi/mptsas.c -@@ -251,13 +251,10 @@ static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr) - - static void mptsas_free_request(MPTSASRequest *req) - { -- MPTSASState *s = req->dev; -- - if (req->sreq != NULL) { - req->sreq->hba_private = NULL; - scsi_req_unref(req->sreq); - req->sreq = NULL; -- QTAILQ_REMOVE(&s->pending, req, next); - } - qemu_sglist_destroy(&req->qsg); - g_free(req); -@@ -303,7 +300,6 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, - } - - req = g_new0(MPTSASRequest, 1); -- QTAILQ_INSERT_TAIL(&s->pending, req, next); - req->scsi_io = *scsi_io; - req->dev = s; - -@@ -1319,8 +1315,6 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) - - s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); - -- QTAILQ_INIT(&s->pending); -- - scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, NULL); - } - -diff --git a/hw/scsi/mptsas.h b/hw/scsi/mptsas.h -index b85ac1a5fcc7..c046497db719 100644 ---- a/hw/scsi/mptsas.h -+++ b/hw/scsi/mptsas.h -@@ -79,7 +79,6 @@ struct MPTSASState { - uint16_t reply_frame_size; - - SCSIBus bus; -- QTAILQ_HEAD(, MPTSASRequest) pending; - }; - - void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req); diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_1.patch deleted file mode 100644 index f9395add43..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_1.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c01ae9a35b3c6b4a8e1f1bfa0a0caafe394f8b5c Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Tue, 16 Feb 2021 11:46:52 +0800 -Subject: [PATCH 1/6] hw/sd: sdhci: Simplify updating s->prnsts in - sdhci_sdma_transfer_multi_blocks() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -s->prnsts is updated in both branches of the if () else () statement. -Move the common bits outside so that it is cleaner. - -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Reviewed-by: Alexander Bulekov <alxndr@bu.edu> -Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Message-Id: <1613447214-81951-5-git-send-email-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [8bc1f1aa51d32c3184e7b19d5b94c35ecc06f056] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 2f8b74a84..f83c5e295 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -596,9 +596,9 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) - page_aligned = true; - } - -+ s->prnsts |= SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE; - if (s->trnmod & SDHC_TRNS_READ) { -- s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT | -- SDHC_DAT_LINE_ACTIVE; -+ s->prnsts |= SDHC_DOING_READ; - while (s->blkcnt) { - if (s->data_count == 0) { - sdbus_read_data(&s->sdbus, s->fifo_buffer, block_size); -@@ -625,8 +625,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s) - } - } - } else { -- s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT | -- SDHC_DAT_LINE_ACTIVE; -+ s->prnsts |= SDHC_DOING_WRITE; - while (s->blkcnt) { - begin = s->data_count; - if (((boundary_count + begin) < block_size) && page_aligned) { --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_2.patch deleted file mode 100644 index f3d2bb1375..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_2.patch +++ /dev/null @@ -1,92 +0,0 @@ -From b9bb4700798bce98888c51d7b6dbc19ec49159d5 Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Wed, 3 Mar 2021 20:26:35 +0800 -Subject: [PATCH 2/6] hw/sd: sdhci: Don't transfer any data when command time - out -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -At the end of sdhci_send_command(), it starts a data transfer if the -command register indicates data is associated. But the data transfer -should only be initiated when the command execution has succeeded. - -With this fix, the following reproducer: - -outl 0xcf8 0x80001810 -outl 0xcfc 0xe1068000 -outl 0xcf8 0x80001804 -outw 0xcfc 0x7 -write 0xe106802c 0x1 0x0f -write 0xe1068004 0xc 0x2801d10101fffffbff28a384 -write 0xe106800c 0x1f 0x9dacbbcad9e8f7061524334251606f7e8d9cabbac9d8e7f60514233241505f -write 0xe1068003 0x28 0x80d000251480d000252280d000253080d000253e80d000254c80d000255a80d000256880d0002576 -write 0xe1068003 0x1 0xfe - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -M pc-q35-5.0 \ - -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive \ - -monitor none -serial none -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov <alxndr@bu.edu> -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Acked-by: Alistair Francis <alistair.francis@wdc.com> -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Message-Id: <20210303122639.20004-2-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [b263d8f928001b5cfa2a993ea43b7a5b3a1811e8] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index f83c5e295..44f8a82ea 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -326,6 +326,7 @@ static void sdhci_send_command(SDHCIState *s) - SDRequest request; - uint8_t response[16]; - int rlen; -+ bool timeout = false; - - s->errintsts = 0; - s->acmd12errsts = 0; -@@ -349,6 +350,7 @@ static void sdhci_send_command(SDHCIState *s) - trace_sdhci_response16(s->rspreg[3], s->rspreg[2], - s->rspreg[1], s->rspreg[0]); - } else { -+ timeout = true; - trace_sdhci_error("timeout waiting for command response"); - if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) { - s->errintsts |= SDHC_EIS_CMDTIMEOUT; -@@ -369,7 +371,7 @@ static void sdhci_send_command(SDHCIState *s) - - sdhci_update_irq(s); - -- if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { -+ if (!timeout && s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { - s->data_count = 0; - sdhci_data_transfer(s); - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_3.patch deleted file mode 100644 index c3b37ed616..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_3.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 405ca416ccc8135544a4fe5732974497244128c9 Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Wed, 3 Mar 2021 20:26:36 +0800 -Subject: [PATCH 3/6] hw/sd: sdhci: Don't write to SDHC_SYSAD register when - transfer is in progress -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Per "SD Host Controller Standard Specification Version 7.00" -chapter 2.2.1 SDMA System Address Register: - -This register can be accessed only if no transaction is executing -(i.e., after a transaction has stopped). - -With this fix, the following reproducer: - -outl 0xcf8 0x80001010 -outl 0xcfc 0xfbefff00 -outl 0xcf8 0x80001001 -outl 0xcfc 0x06000000 -write 0xfbefff2c 0x1 0x05 -write 0xfbefff0f 0x1 0x37 -write 0xfbefff0a 0x1 0x01 -write 0xfbefff0f 0x1 0x29 -write 0xfbefff0f 0x1 0x02 -write 0xfbefff0f 0x1 0x03 -write 0xfbefff04 0x1 0x01 -write 0xfbefff05 0x1 0x01 -write 0xfbefff07 0x1 0x02 -write 0xfbefff0c 0x1 0x33 -write 0xfbefff0e 0x1 0x20 -write 0xfbefff0f 0x1 0x00 -write 0xfbefff2a 0x1 0x01 -write 0xfbefff0c 0x1 0x00 -write 0xfbefff03 0x1 0x00 -write 0xfbefff05 0x1 0x00 -write 0xfbefff2a 0x1 0x02 -write 0xfbefff0c 0x1 0x32 -write 0xfbefff01 0x1 0x01 -write 0xfbefff02 0x1 0x01 -write 0xfbefff03 0x1 0x01 - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ - -nodefaults -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov <alxndr@bu.edu> -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Message-Id: <20210303122639.20004-3-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [8be45cc947832b3c02144c9d52921f499f2d77fe] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 44f8a82ea..d8a46f307 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1121,15 +1121,17 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - - switch (offset & ~0x3) { - case SDHC_SYSAD: -- s->sdmasysad = (s->sdmasysad & mask) | value; -- MASKED_WRITE(s->sdmasysad, mask, value); -- /* Writing to last byte of sdmasysad might trigger transfer */ -- if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt && -- s->blksize && SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) { -- if (s->trnmod & SDHC_TRNS_MULTI) { -- sdhci_sdma_transfer_multi_blocks(s); -- } else { -- sdhci_sdma_transfer_single_block(s); -+ if (!TRANSFERRING_DATA(s->prnsts)) { -+ s->sdmasysad = (s->sdmasysad & mask) | value; -+ MASKED_WRITE(s->sdmasysad, mask, value); -+ /* Writing to last byte of sdmasysad might trigger transfer */ -+ if (!(mask & 0xFF000000) && s->blkcnt && s->blksize && -+ SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) { -+ if (s->trnmod & SDHC_TRNS_MULTI) { -+ sdhci_sdma_transfer_multi_blocks(s); -+ } else { -+ sdhci_sdma_transfer_single_block(s); -+ } - } - } - break; --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch deleted file mode 100644 index d5be99759d..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_4.patch +++ /dev/null @@ -1,75 +0,0 @@ -From b672bcaf5522294a4d8de3e88e0932d55585ee3b Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Wed, 3 Mar 2021 20:26:37 +0800 -Subject: [PATCH 4/6] hw/sd: sdhci: Correctly set the controller status for - ADMA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When an ADMA transfer is started, the codes forget to set the -controller status to indicate a transfer is in progress. - -With this fix, the following 2 reproducers: - -https://paste.debian.net/plain/1185136 -https://paste.debian.net/plain/1185141 - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ - -nodefaults -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov <alxndr@bu.edu> -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Message-Id: <20210303122639.20004-4-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [bc6f28995ff88f5d82c38afcfd65406f0ae375aa] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index d8a46f307..7de03c6dd 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -768,7 +768,9 @@ static void sdhci_do_adma(SDHCIState *s) - - switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) { - case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */ -+ s->prnsts |= SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE; - if (s->trnmod & SDHC_TRNS_READ) { -+ s->prnsts |= SDHC_DOING_READ; - while (length) { - if (s->data_count == 0) { - sdbus_read_data(&s->sdbus, s->fifo_buffer, block_size); -@@ -796,6 +798,7 @@ static void sdhci_do_adma(SDHCIState *s) - } - } - } else { -+ s->prnsts |= SDHC_DOING_WRITE; - while (length) { - begin = s->data_count; - if ((length + begin) < block_size) { --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch deleted file mode 100644 index 7199056838..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_5.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c2298884cf6bcf2b047b4bae5f78432b052b5729 Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Wed, 3 Mar 2021 20:26:38 +0800 -Subject: [PATCH 5/6] hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE - register is writable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The codes to limit the maximum block size is only necessary when -SDHC_BLKSIZE register is writable. - -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Message-Id: <20210303122639.20004-5-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 7de03c6dd..6c780126e 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1142,15 +1142,15 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - if (!TRANSFERRING_DATA(s->prnsts)) { - MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); - MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); -- } - -- /* Limit block size to the maximum buffer size */ -- if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { -- qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " -- "the maximum buffer 0x%x\n", __func__, s->blksize, -- s->buf_maxsz); -+ /* Limit block size to the maximum buffer size */ -+ if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { -+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " -+ "the maximum buffer 0x%x\n", __func__, s->blksize, -+ s->buf_maxsz); - -- s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); -+ s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); -+ } - } - - break; --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch deleted file mode 100644 index 624c1f6496..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3409_6.patch +++ /dev/null @@ -1,99 +0,0 @@ -From db916870a839346767b6d5ca7d0eed3128ba5fea Mon Sep 17 00:00:00 2001 -From: Bin Meng <bmeng.cn@gmail.com> -Date: Wed, 3 Mar 2021 20:26:39 +0800 -Subject: [PATCH 6/6] hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] - when a different block size is programmed -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If the block size is programmed to a different value from the -previous one, reset the data pointer of s->fifo_buffer[] so that -s->fifo_buffer[] can be filled in using the new block size in -the next transfer. - -With this fix, the following reproducer: - -outl 0xcf8 0x80001010 -outl 0xcfc 0xe0000000 -outl 0xcf8 0x80001001 -outl 0xcfc 0x06000000 -write 0xe000002c 0x1 0x05 -write 0xe0000005 0x1 0x02 -write 0xe0000007 0x1 0x01 -write 0xe0000028 0x1 0x10 -write 0x0 0x1 0x23 -write 0x2 0x1 0x08 -write 0xe000000c 0x1 0x01 -write 0xe000000e 0x1 0x20 -write 0xe000000f 0x1 0x00 -write 0xe000000c 0x1 0x32 -write 0xe0000004 0x2 0x0200 -write 0xe0000028 0x1 0x00 -write 0xe0000003 0x1 0x40 - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ - -nodefaults -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov <alxndr@bu.edu> -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Tested-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Bin Meng <bmeng.cn@gmail.com> -Message-Id: <20210303122639.20004-6-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> - -Upstream-Status: Backport [cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9] -CVE: CVE-2021-3409 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/sd/sdhci.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 6c780126e..216842420 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1140,6 +1140,8 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - break; - case SDHC_BLKSIZE: - if (!TRANSFERRING_DATA(s->prnsts)) { -+ uint16_t blksize = s->blksize; -+ - MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); - MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); - -@@ -1151,6 +1153,16 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - - s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); - } -+ -+ /* -+ * If the block size is programmed to a different value from -+ * the previous one, reset the data pointer of s->fifo_buffer[] -+ * so that s->fifo_buffer[] can be filled in using the new block -+ * size in the next transfer. -+ */ -+ if (blksize != s->blksize) { -+ s->data_count = 0; -+ } - } - - break; --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch deleted file mode 100644 index 5bacd67481..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_1.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 4b1988a29d67277d6c8ce1df52975f5616592913 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 11:44:36 +0800 -Subject: [PATCH 01/10] net: introduce qemu_receive_packet() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Some NIC supports loopback mode and this is done by calling -nc->info->receive() directly which in fact suppresses the effort of -reentrancy check that is done in qemu_net_queue_send(). - -Unfortunately we can't use qemu_net_queue_send() here since for -loopback there's no sender as peer, so this patch introduce a -qemu_receive_packet() which is used for implementing loopback mode -for a NIC with this check. - -NIC that supports loopback mode will be converted to this helper. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Cc: qemu-stable@nongnu.org -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [705df5466c98f3efdd2b68d3b31dad86858acad7] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - include/net/net.h | 5 +++++ - include/net/queue.h | 8 ++++++++ - net/net.c | 38 +++++++++++++++++++++++++++++++------- - net/queue.c | 22 ++++++++++++++++++++++ - 4 files changed, 66 insertions(+), 7 deletions(-) - -diff --git a/include/net/net.h b/include/net/net.h -index 778fc787c..03f058ecb 100644 ---- a/include/net/net.h -+++ b/include/net/net.h -@@ -143,12 +143,17 @@ void *qemu_get_nic_opaque(NetClientState *nc); - void qemu_del_net_client(NetClientState *nc); - typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque); - void qemu_foreach_nic(qemu_nic_foreach func, void *opaque); -+int qemu_can_receive_packet(NetClientState *nc); - int qemu_can_send_packet(NetClientState *nc); - ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov, - int iovcnt); - ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov, - int iovcnt, NetPacketSent *sent_cb); - ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size); -+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size); -+ssize_t qemu_receive_packet_iov(NetClientState *nc, -+ const struct iovec *iov, -+ int iovcnt); - ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size); - ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf, - int size, NetPacketSent *sent_cb); -diff --git a/include/net/queue.h b/include/net/queue.h -index c0269bb1d..9f2f289d7 100644 ---- a/include/net/queue.h -+++ b/include/net/queue.h -@@ -55,6 +55,14 @@ void qemu_net_queue_append_iov(NetQueue *queue, - - void qemu_del_net_queue(NetQueue *queue); - -+ssize_t qemu_net_queue_receive(NetQueue *queue, -+ const uint8_t *data, -+ size_t size); -+ -+ssize_t qemu_net_queue_receive_iov(NetQueue *queue, -+ const struct iovec *iov, -+ int iovcnt); -+ - ssize_t qemu_net_queue_send(NetQueue *queue, - NetClientState *sender, - unsigned flags, -diff --git a/net/net.c b/net/net.c -index 6a2c3d956..5e15e5d27 100644 ---- a/net/net.c -+++ b/net/net.c -@@ -528,6 +528,17 @@ int qemu_set_vnet_be(NetClientState *nc, bool is_be) - #endif - } - -+int qemu_can_receive_packet(NetClientState *nc) -+{ -+ if (nc->receive_disabled) { -+ return 0; -+ } else if (nc->info->can_receive && -+ !nc->info->can_receive(nc)) { -+ return 0; -+ } -+ return 1; -+} -+ - int qemu_can_send_packet(NetClientState *sender) - { - int vm_running = runstate_is_running(); -@@ -540,13 +551,7 @@ int qemu_can_send_packet(NetClientState *sender) - return 1; - } - -- if (sender->peer->receive_disabled) { -- return 0; -- } else if (sender->peer->info->can_receive && -- !sender->peer->info->can_receive(sender->peer)) { -- return 0; -- } -- return 1; -+ return qemu_can_receive_packet(sender->peer); - } - - static ssize_t filter_receive_iov(NetClientState *nc, -@@ -679,6 +684,25 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size) - return qemu_send_packet_async(nc, buf, size, NULL); - } - -+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size) -+{ -+ if (!qemu_can_receive_packet(nc)) { -+ return 0; -+ } -+ -+ return qemu_net_queue_receive(nc->incoming_queue, buf, size); -+} -+ -+ssize_t qemu_receive_packet_iov(NetClientState *nc, const struct iovec *iov, -+ int iovcnt) -+{ -+ if (!qemu_can_receive_packet(nc)) { -+ return 0; -+ } -+ -+ return qemu_net_queue_receive_iov(nc->incoming_queue, iov, iovcnt); -+} -+ - ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size) - { - return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW, -diff --git a/net/queue.c b/net/queue.c -index 19e32c80f..c872d51df 100644 ---- a/net/queue.c -+++ b/net/queue.c -@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue, - return ret; - } - -+ssize_t qemu_net_queue_receive(NetQueue *queue, -+ const uint8_t *data, -+ size_t size) -+{ -+ if (queue->delivering) { -+ return 0; -+ } -+ -+ return qemu_net_queue_deliver(queue, NULL, 0, data, size); -+} -+ -+ssize_t qemu_net_queue_receive_iov(NetQueue *queue, -+ const struct iovec *iov, -+ int iovcnt) -+{ -+ if (queue->delivering) { -+ return 0; -+ } -+ -+ return qemu_net_queue_deliver_iov(queue, NULL, 0, iov, iovcnt); -+} -+ - ssize_t qemu_net_queue_send(NetQueue *queue, - NetClientState *sender, - unsigned flags, --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch deleted file mode 100644 index 7deec1a347..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_10.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 65b851efd3d0280425c202f4e5880c48f8334dae Mon Sep 17 00:00:00 2001 -From: Alexander Bulekov <alxndr@bu.edu> -Date: Mon, 1 Mar 2021 14:35:30 -0500 -Subject: [PATCH 10/10] lan9118: switch to use qemu_receive_packet() for - loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com -Signed-off-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [37cee01784ff0df13e5209517e1b3594a5e792d1] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/lan9118.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c -index ab57c02c8..75f18ae2d 100644 ---- a/hw/net/lan9118.c -+++ b/hw/net/lan9118.c -@@ -669,7 +669,7 @@ static void do_tx_packet(lan9118_state *s) - /* FIXME: Honor TX disable, and allow queueing of packets. */ - if (s->phy_control & 0x4000) { - /* This assumes the receive routine doesn't touch the VLANClient. */ -- lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len); -+ qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); - } else { - qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch deleted file mode 100644 index 5e53e20bac..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_2.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e2a48a3c7cc33dbbe89f896e0f07462cb04ff6b5 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 12:13:22 +0800 -Subject: [PATCH 02/10] e1000: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [1caff0340f49c93d535c6558a5138d20d475315c] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/e1000.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/e1000.c b/hw/net/e1000.c -index d7d05ae30..cf22c4f07 100644 ---- a/hw/net/e1000.c -+++ b/hw/net/e1000.c -@@ -546,7 +546,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size) - - NetClientState *nc = qemu_get_queue(s->nic); - if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) { -- nc->info->receive(nc, buf, size); -+ qemu_receive_packet(nc, buf, size); - } else { - qemu_send_packet(nc, buf, size); - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch deleted file mode 100644 index 3fc469e3e3..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_3.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c041a4da1ff119715e0ccf2d4a7af62568f17b93 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 12:57:40 +0800 -Subject: [PATCH 03/10] dp8393x: switch to use qemu_receive_packet() for - loopback packet -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [331d2ac9ea307c990dc86e6493e8f0c48d14bb33] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/dp8393x.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c -index 205c0decc..533a8304d 100644 ---- a/hw/net/dp8393x.c -+++ b/hw/net/dp8393x.c -@@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s) - s->regs[SONIC_TCR] |= SONIC_TCR_CRSL; - if (nc->info->can_receive(nc)) { - s->loopback_packet = 1; -- nc->info->receive(nc, s->tx_buffer, tx_len); -+ qemu_receive_packet(nc, s->tx_buffer, tx_len); - } - } else { - /* Transmit packet */ --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch deleted file mode 100644 index e14f37735d..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_4.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9ac5345344b75995bc96d171eaa5dc8d26bf0e21 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 13:00:01 +0800 -Subject: [PATCH 04/10] msf2-mac: switch to use qemu_receive_packet() for - loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [26194a58f4eb83c5bdf4061a1628508084450ba1] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/msf2-emac.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c -index 32ba9e841..3e6206044 100644 ---- a/hw/net/msf2-emac.c -+++ b/hw/net/msf2-emac.c -@@ -158,7 +158,7 @@ static void msf2_dma_tx(MSF2EmacState *s) - * R_CFG1 bit 0 is set. - */ - if (s->regs[R_CFG1] & R_CFG1_LB_EN_MASK) { -- nc->info->receive(nc, buf, size); -+ qemu_receive_packet(nc, buf, size); - } else { - qemu_send_packet(nc, buf, size); - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch deleted file mode 100644 index c3f8f97592..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_5.patch +++ /dev/null @@ -1,45 +0,0 @@ -From d465dc79c9ee729d91ef086b993e956b1935be69 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 13:14:35 +0800 -Subject: [PATCH 05/10] sungem: switch to use qemu_receive_packet() for - loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Reviewed-by: Alistair Francis <alistair.francis@wdc.com> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [8c92060d3c0248bd4d515719a35922cd2391b9b4] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/sungem.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/sungem.c b/hw/net/sungem.c -index 33c3722df..3684a4d73 100644 ---- a/hw/net/sungem.c -+++ b/hw/net/sungem.c -@@ -306,7 +306,7 @@ static void sungem_send_packet(SunGEMState *s, const uint8_t *buf, - NetClientState *nc = qemu_get_queue(s->nic); - - if (s->macregs[MAC_XIFCFG >> 2] & MAC_XIFCFG_LBCK) { -- nc->info->receive(nc, buf, size); -+ qemu_receive_packet(nc, buf, size); - } else { - qemu_send_packet(nc, buf, size); - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch deleted file mode 100644 index 855c6970f4..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Wed, 24 Feb 2021 13:27:52 +0800 -Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for - loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_receive_iov() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/net_tx_pkt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c -index da262edc3..1f9aa59ec 100644 ---- a/hw/net/net_tx_pkt.c -+++ b/hw/net/net_tx_pkt.c -@@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt, - NetClientState *nc, const struct iovec *iov, int iov_cnt) - { - if (pkt->is_loopback) { -- nc->info->receive_iov(nc, iov, iov_cnt); -+ qemu_receive_packet_iov(nc, iov, iov_cnt); - } else { - qemu_sendv_packet(nc, iov, iov_cnt); - } --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch deleted file mode 100644 index 4e1115de02..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_7.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 64b38675c728354e4015e4bec3d975cd4cb8a981 Mon Sep 17 00:00:00 2001 -From: Alexander Bulekov <alxndr@bu.edu> -Date: Fri, 26 Feb 2021 13:47:53 -0500 -Subject: [PATCH 07/10] rtl8139: switch to use qemu_receive_packet() for - loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com -Signed-off-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [5311fb805a4403bba024e83886fa0e7572265de4] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/rtl8139.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c -index ba5ace1ab..d2dd03e6a 100644 ---- a/hw/net/rtl8139.c -+++ b/hw/net/rtl8139.c -@@ -1795,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, - } - - DPRINTF("+++ transmit loopback mode\n"); -- rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt); -+ qemu_receive_packet(qemu_get_queue(s->nic), buf, size); - - if (iov) { - g_free(buf2); --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch deleted file mode 100644 index ed716468dc..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_8.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 023ce62f0a788ad3a8233c7a828554bceeafd031 Mon Sep 17 00:00:00 2001 -From: Alexander Bulekov <alxndr@bu.edu> -Date: Mon, 1 Mar 2021 10:33:34 -0500 -Subject: [PATCH 08/10] pcnet: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/qemu/+bug/1917085 -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com -Signed-off-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/pcnet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c -index f3f18d859..dcd3fc494 100644 ---- a/hw/net/pcnet.c -+++ b/hw/net/pcnet.c -@@ -1250,7 +1250,7 @@ txagain: - if (BCR_SWSTYLE(s) == 1) - add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS); - s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC; -- pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); -+ qemu_receive_packet(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); - s->looptest = 0; - } else { - if (s->nic) { --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch deleted file mode 100644 index 39d32b33a4..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch +++ /dev/null @@ -1,46 +0,0 @@ -From ecf7e62bb2cb02c9bd40082504ae376f3e19ffd2 Mon Sep 17 00:00:00 2001 -From: Alexander Bulekov <alxndr@bu.edu> -Date: Mon, 1 Mar 2021 14:33:43 -0500 -Subject: [PATCH 09/10] cadence_gem: switch to use qemu_receive_packet() for - loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit <ppandit@redhat.com> -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> -Signed-off-by: Alexander Bulekov <alxndr@bu.edu> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upstream-Status: Backport [e73adfbeec9d4e008630c814759052ed945c3fed] -CVE: CVE-2021-3416 - -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - hw/net/cadence_gem.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c -index 7a534691f..43b760e3f 100644 ---- a/hw/net/cadence_gem.c -+++ b/hw/net/cadence_gem.c -@@ -1275,8 +1275,8 @@ static void gem_transmit(CadenceGEMState *s) - /* Send the packet somewhere */ - if (s->phy_loop || (s->regs[GEM_NWCTRL] & - GEM_NWCTRL_LOCALLOOP)) { -- gem_receive(qemu_get_queue(s->nic), s->tx_packet, -- total_bytes); -+ qemu_receive_packet(qemu_get_queue(s->nic), s->tx_packet, -+ total_bytes); - } else { - qemu_send_packet(qemu_get_queue(s->nic), s->tx_packet, - total_bytes); --- -2.29.2 - diff --git a/meta/recipes-devtools/qemu/qemu/cross.patch b/meta/recipes-devtools/qemu/qemu/cross.patch deleted file mode 100644 index 438c1ad086..0000000000 --- a/meta/recipes-devtools/qemu/qemu/cross.patch +++ /dev/null @@ -1,30 +0,0 @@ -We need to be able to trigger configure's cross code but we don't want -to set cross_prefix as it does other things we don't want. Patch things -so we can do what we need in the target config case. - -Upstream-Status: Inappropriate [may be rewritten in a way upstream may accept?] -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> - - -Index: qemu-5.2.0/configure -=================================================================== ---- qemu-5.2.0.orig/configure -+++ qemu-5.2.0/configure -@@ -6973,7 +6973,6 @@ if has $sdl2_config; then - fi - echo "strip = [$(meson_quote $strip)]" >> $cross - echo "windres = [$(meson_quote $windres)]" >> $cross --if test -n "$cross_prefix"; then - cross_arg="--cross-file config-meson.cross" - echo "[host_machine]" >> $cross - if test "$mingw32" = "yes" ; then -@@ -6999,9 +6998,6 @@ if test -n "$cross_prefix"; then - else - echo "endian = 'little'" >> $cross - fi --else -- cross_arg="--native-file config-meson.cross" --fi - mv $cross config-meson.cross - - rm -rf meson-private meson-info meson-logs diff --git a/meta/recipes-devtools/qemu/qemu/determinism.patch b/meta/recipes-devtools/qemu/qemu/determinism.patch deleted file mode 100644 index cb1c907777..0000000000 --- a/meta/recipes-devtools/qemu/qemu/determinism.patch +++ /dev/null @@ -1,41 +0,0 @@ -When sources are included within debug information, a couple of areas of the -qemu build are not reproducible due to either full buildpaths or timestamps. - -Replace the full paths with relative ones. I couldn't figure out how to get -meson to pass relative paths but we can fix that in the script. - -For the keymaps, omit the timestamps as they don't matter to us. - -Upstream-Status: Pending [some version of all/part of this may be accepted] -RP 2021/3/1 - -Index: qemu-5.2.0/scripts/decodetree.py -=================================================================== ---- qemu-5.2.0.orig/scripts/decodetree.py -+++ qemu-5.2.0/scripts/decodetree.py -@@ -1303,8 +1303,8 @@ def main(): - toppat = ExcMultiPattern(0) - - for filename in args: -- input_file = filename -- f = open(filename, 'r') -+ input_file = os.path.relpath(filename) -+ f = open(input_file, 'r') - parse_file(f, toppat) - f.close() - -Index: qemu-5.2.0/ui/keycodemapdb/tools/keymap-gen -=================================================================== ---- qemu-5.2.0.orig/ui/keycodemapdb/tools/keymap-gen -+++ qemu-5.2.0/ui/keycodemapdb/tools/keymap-gen -@@ -317,9 +317,8 @@ class LanguageGenerator(object): - raise NotImplementedError() - - def generate_header(self, database, args): -- today = time.strftime("%Y-%m-%d %H:%M") - self._boilerplate([ -- "This file is auto-generated from keymaps.csv on %s" % today, -+ "This file is auto-generated from keymaps.csv", - "Database checksum sha256(%s)" % database.mapchecksum, - "To re-generate, run:", - " %s" % args, diff --git a/meta/recipes-devtools/qemu/qemu/mingwfix.patch b/meta/recipes-devtools/qemu/qemu/mingwfix.patch deleted file mode 100644 index 8d76cef638..0000000000 --- a/meta/recipes-devtools/qemu/qemu/mingwfix.patch +++ /dev/null @@ -1,21 +0,0 @@ -OE assumes that mingw files are in a unix like file layout. The -'flattening' done by configure in qemu for mingw32 breaks things -for us. We are discussing with upstream but for now, hack this to -disable it and use the unix like layout everywhere. - -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg01073.html] - -Index: qemu-5.2.0/configure -=================================================================== ---- qemu-5.2.0.orig/configure -+++ qemu-5.2.0/configure -@@ -1541,7 +1541,7 @@ libdir="${libdir:-$prefix/lib}" - libexecdir="${libexecdir:-$prefix/libexec}" - includedir="${includedir:-$prefix/include}" - --if test "$mingw32" = "yes" ; then -+if test "$mingw32" = "dontwantthis" ; then - mandir="$prefix" - datadir="$prefix" - docdir="$prefix" diff --git a/meta/recipes-devtools/qemu/qemu/mmap.patch b/meta/recipes-devtools/qemu/qemu/mmap.patch deleted file mode 100644 index edd9734f30..0000000000 --- a/meta/recipes-devtools/qemu/qemu/mmap.patch +++ /dev/null @@ -1,29 +0,0 @@ -If mremap() is called without the MREMAP_MAYMOVE flag with a start address -just before the end of memory (reserved_va) where new_size would exceed -GUEST_ADD_MAX, the assert(end - 1 <= GUEST_ADDR_MAX) in page_set_flags() -would trigger. - -Add an extra guard to the guest_range_valid() checks to prevent this and -avoid asserting binaries when reserved_va is set. - -This meant a test case now gives the same behaviour regardless of whether -reserved_va is set or not. - -Upstream-Status: Backport [https://github.com/qemu/qemu/commit/ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712] -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org - -Index: qemu-5.2.0/linux-user/mmap.c -=================================================================== ---- qemu-5.2.0.orig/linux-user/mmap.c -+++ qemu-5.2.0/linux-user/mmap.c -@@ -727,7 +727,9 @@ abi_long target_mremap(abi_ulong old_add - - if (!guest_range_valid(old_addr, old_size) || - ((flags & MREMAP_FIXED) && -- !guest_range_valid(new_addr, new_size))) { -+ !guest_range_valid(new_addr, new_size)) || -+ ((flags & MREMAP_MAYMOVE) == 0 && -+ !guest_range_valid(old_addr, new_size))) { - errno = ENOMEM; - return -1; - } diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init new file mode 100644 index 0000000000..5ebaaddeae --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.init @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: GPL-2.0-only +# Initially written by: Michael Tokarev <mjt@tls.msk.ru> +# For QEMU Debian downstream package + +set -e + +. /etc/init.d/functions + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="QEMU Guest Agent" +NAME=qemu-ga +DAEMON=@bindir@/$NAME +PIDFILE=/var/run/$NAME.pid + +# config +DAEMON_ARGS="" +# default transport +TRANSPORT=virtio-serial:/dev/virtio-ports/org.qemu.guest_agent.0 +NO_START=0 + +test ! -r /etc/default/qemu-guest-agent || . /etc/default/qemu-guest-agent +test "$NO_START" = "0" || exit 0 +test -x "$DAEMON" || exit 0 + +# +# Function that checks whenever system has necessary environment +# It also splits $TRANSPORT into $method and $path +# +do_check_transport() { + method=${TRANSPORT%%:*}; + path=${TRANSPORT#*:} + case "$method" in + virtio-serial | isa-serial) + if [ ! -e "$path" ]; then + echo "$NAME: transport endpoint not found, not starting" + return 1 + fi + ;; + esac +} + +case "$1" in + start) + do_check_transport || exit 0 + echo -n "Starting $DESC: " + start-stop-daemon -S -p $PIDFILE -x "$DAEMON" -- \ + $DAEMON_ARGS -d -m "$method" -p "$path" + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon -K -x "$DAEMON" -p $PIDFILE + echo "$NAME." + ;; + status) + status "$DAEMON" + exit $? + ;; + restart|force-reload) + do_check_transport || exit 0 + echo -n "Restarting $DESC: " + start-stop-daemon -K -x "$DAEMON" -p $PIDFILE + sleep 1 + start-stop-daemon -S -p $PIDFILE -x "$DAEMON" -- \ + $DAEMON_ARGS -d -m "$method" -p "$path" + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|status|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev new file mode 100644 index 0000000000..47097057e3 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/qemu-guest-agent.udev @@ -0,0 +1,2 @@ +SUBSYSTEM=="virtio-ports", ATTR{name}=="org.qemu.guest_agent.0", \ + TAG+="systemd", ENV{SYSTEMD_WANTS}="qemu-guest-agent.service" diff --git a/meta/recipes-devtools/qemu/qemu_5.2.0.bb b/meta/recipes-devtools/qemu/qemu_5.2.0.bb deleted file mode 100644 index f265204b10..0000000000 --- a/meta/recipes-devtools/qemu/qemu_5.2.0.bb +++ /dev/null @@ -1,29 +0,0 @@ -BBCLASSEXTEND = "nativesdk" - -require qemu.inc - -# error: a parameter list without types is only allowed in a function definition -# void (*_function)(sigval_t); -COMPATIBLE_HOST_libc-musl = 'null' - -DEPENDS = "glib-2.0 zlib pixman bison-native ninja-native meson-native" - -RDEPENDS_${PN}_class-target += "bash" - -EXTRA_OECONF_append_class-target = " --target-list=${@get_qemu_target_list(d)}" -EXTRA_OECONF_append_class-target_mipsarcho32 = "${@bb.utils.contains('BBEXTENDCURR', 'multilib', ' --disable-capstone', '', d)}" -EXTRA_OECONF_append_class-nativesdk = " --target-list=${@get_qemu_target_list(d)}" - -do_install_append_class-nativesdk() { - ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)} -} - -PACKAGECONFIG ??= " \ - fdt sdl kvm \ - ${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \ -" -PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm \ - ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \ -" diff --git a/meta/recipes-devtools/qemu/qemu_9.0.0.bb b/meta/recipes-devtools/qemu/qemu_9.0.0.bb new file mode 100644 index 0000000000..dc1352232e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu_9.0.0.bb @@ -0,0 +1,27 @@ +BBCLASSEXTEND = "nativesdk" + +require qemu.inc + +DEPENDS += "glib-2.0 zlib pixman" + +DEPENDS:append:libc-musl = " libucontext" + +CFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', '-DEGL_NO_X11=1', d)}" + +RDEPENDS:${PN}-common:class-target += "bash" + +EXTRA_OECONF:append:class-target = " --target-list=${@get_qemu_target_list(d)}" +EXTRA_OECONF:append:class-target:mipsarcho32 = "${@bb.utils.contains('BBEXTENDCURR', 'multilib', ' --disable-capstone', '', d)}" +EXTRA_OECONF:append:class-nativesdk = " --target-list=${@get_qemu_target_list(d)}" + +PACKAGECONFIG ??= " \ + fdt sdl kvm pie slirp \ + ${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio xen', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ + ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \ +" +PACKAGECONFIG:class-nativesdk ??= "fdt sdl kvm pie slirp \ + ${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer epoxy', '', d)} \ +" +# ppc32 hosts are no longer supported in qemu +COMPATIBLE_HOST:powerpc = "null" diff --git a/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb b/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb index a0448a1803..6d0e7883ad 100644 --- a/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb +++ b/meta/recipes-devtools/qemu/qemuwrapper-cross_1.0.bb @@ -2,7 +2,8 @@ SUMMARY = "QEMU wrapper script" HOMEPAGE = "http://qemu.org" LICENSE = "MIT" -S = "${WORKDIR}" +S = "${WORKDIR}/sources" +UNPACKDIR = "${S}" DEPENDS += "qemu-native" @@ -18,6 +19,7 @@ do_install () { cat >> ${D}${bindir_crossscripts}/${MLPREFIX}qemuwrapper << EOF #!/bin/sh +# Wrapper script to run binaries under qemu user-mode emulation set -x if [ ${@bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d)} = False -a "${PN}" != "nativesdk-qemuwrapper-cross" ]; then |