diff options
Diffstat (limited to 'meta-xilinx-bsp/recipes-devtools/qemu')
27 files changed, 1629 insertions, 2 deletions
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu-native.inc b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-native.inc new file mode 100644 index 00000000..aa5c9b9a --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-native.inc | |||
@@ -0,0 +1,11 @@ | |||
1 | inherit native | ||
2 | |||
3 | require qemu.inc | ||
4 | |||
5 | EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'" | ||
6 | |||
7 | LDFLAGS_append = " -fuse-ld=bfd" | ||
8 | |||
9 | do_install_append() { | ||
10 | ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)} | ||
11 | } | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu-targets.inc b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-targets.inc new file mode 100644 index 00000000..24f9a039 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-targets.inc | |||
@@ -0,0 +1,28 @@ | |||
1 | # possible arch values are: | ||
2 | # aarch64 arm armeb alpha cris i386 x86_64 m68k microblaze | ||
3 | # mips mipsel mips64 mips64el ppc ppc64 ppc64abi32 ppcemb | ||
4 | # riscv32 riscv64 sparc sparc32 sparc32plus | ||
5 | |||
6 | def get_qemu_target_list(d): | ||
7 | import bb | ||
8 | archs = d.getVar('QEMU_TARGETS').split() | ||
9 | tos = d.getVar('HOST_OS') | ||
10 | softmmuonly = "" | ||
11 | for arch in ['ppcemb', 'lm32']: | ||
12 | if arch in archs: | ||
13 | softmmuonly += arch + "-softmmu," | ||
14 | archs.remove(arch) | ||
15 | linuxuseronly = "" | ||
16 | for arch in ['armeb', 'alpha', 'ppc64abi32', 'ppc64le', 'sparc32plus', 'aarch64_be']: | ||
17 | if arch in archs: | ||
18 | linuxuseronly += arch + "-linux-user," | ||
19 | archs.remove(arch) | ||
20 | if 'linux' not in tos: | ||
21 | return softmmuonly + ''.join([arch + "-softmmu" + "," for arch in archs]).rstrip(',') | ||
22 | return softmmuonly + linuxuseronly + ''.join([arch + "-linux-user" + "," + arch + "-softmmu" + "," for arch in archs]).rstrip(',') | ||
23 | |||
24 | def get_qemu_usermode_target_list(d): | ||
25 | return ",".join(filter(lambda i: "-linux-user" in i, get_qemu_target_list(d).split(','))) | ||
26 | |||
27 | def get_qemu_system_target_list(d): | ||
28 | return ",".join(filter(lambda i: "-linux-user" not in i, get_qemu_target_list(d).split(','))) | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc index a1dc5d66..d8f06c77 100644 --- a/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc | |||
@@ -1,4 +1,4 @@ | |||
1 | require recipes-devtools/qemu/qemu-native.inc | 1 | require qemu-native.inc |
2 | require qemu-xilinx.inc | 2 | require qemu-xilinx.inc |
3 | 3 | ||
4 | DEPENDS = "glib-2.0-native zlib-native" | 4 | DEPENDS = "glib-2.0-native zlib-native" |
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb index 09f431ec..fd1904ab 100644 --- a/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb | |||
@@ -1,4 +1,4 @@ | |||
1 | require recipes-devtools/qemu/qemu.inc | 1 | require qemu.inc |
2 | require qemu-xilinx.inc | 2 | require qemu-xilinx.inc |
3 | 3 | ||
4 | BBCLASSEXTEND = "nativesdk" | 4 | BBCLASSEXTEND = "nativesdk" |
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu.inc b/meta-xilinx-bsp/recipes-devtools/qemu/qemu.inc new file mode 100644 index 00000000..4864d7e9 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu.inc | |||
@@ -0,0 +1,197 @@ | |||
1 | SUMMARY = "Fast open source processor emulator" | ||
2 | DESCRIPTION = "QEMU is a hosted virtual machine monitor: it emulates the \ | ||
3 | machine's processor through dynamic binary translation and provides a set \ | ||
4 | of different hardware and device models for the machine, enabling it to run \ | ||
5 | a variety of guest operating systems" | ||
6 | HOMEPAGE = "http://qemu.org" | ||
7 | LICENSE = "GPLv2 & LGPLv2.1" | ||
8 | |||
9 | RDEPENDS_${PN}-ptest = "bash make" | ||
10 | |||
11 | require qemu-targets.inc | ||
12 | inherit pkgconfig ptest | ||
13 | |||
14 | LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ | ||
15 | file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f" | ||
16 | |||
17 | SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | ||
18 | file://powerpc_rom.bin \ | ||
19 | file://run-ptest \ | ||
20 | file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \ | ||
21 | file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \ | ||
22 | file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \ | ||
23 | file://0004-qemu-disable-Valgrind.patch \ | ||
24 | file://0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \ | ||
25 | file://0006-chardev-connect-socket-to-a-spawned-command.patch \ | ||
26 | file://0007-apic-fixup-fallthrough-to-PIC.patch \ | ||
27 | file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ | ||
28 | file://0009-Fix-webkitgtk-builds.patch \ | ||
29 | file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \ | ||
30 | file://0001-Add-enable-disable-udev.patch \ | ||
31 | file://0001-qemu-Do-not-include-file-if-not-exists.patch \ | ||
32 | file://find_datadir.patch \ | ||
33 | file://usb-fix-setup_len-init.patch \ | ||
34 | file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \ | ||
35 | file://CVE-2020-24352.patch \ | ||
36 | file://CVE-2020-29129-CVE-2020-29130.patch \ | ||
37 | file://CVE-2020-25624.patch \ | ||
38 | file://CVE-2020-25723.patch \ | ||
39 | file://CVE-2020-28916.patch \ | ||
40 | " | ||
41 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | ||
42 | |||
43 | SRC_URI[sha256sum] = "c9174eb5933d9eb5e61f541cd6d1184cd3118dfe4c5c4955bc1bdc4d390fa4e5" | ||
44 | |||
45 | COMPATIBLE_HOST_mipsarchn32 = "null" | ||
46 | COMPATIBLE_HOST_mipsarchn64 = "null" | ||
47 | |||
48 | # Per https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg03873.html | ||
49 | # upstream states qemu doesn't work without optimization | ||
50 | DEBUG_BUILD = "0" | ||
51 | |||
52 | do_install_append() { | ||
53 | # Prevent QA warnings about installed ${localstatedir}/run | ||
54 | if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi | ||
55 | } | ||
56 | |||
57 | do_compile_ptest() { | ||
58 | make buildtest-TESTS | ||
59 | } | ||
60 | |||
61 | do_install_ptest() { | ||
62 | cp -rL ${B}/tests ${D}${PTEST_PATH} | ||
63 | find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {} | ||
64 | |||
65 | cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests | ||
66 | # Don't check the file genreated by configure | ||
67 | sed -i -e '/wildcard config-host.mak/d' \ | ||
68 | -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include | ||
69 | sed -i -e 's,${HOSTTOOLS_DIR}/python3,${bindir}/python3,' \ | ||
70 | ${D}/${PTEST_PATH}/tests/qemu-iotests/common.env | ||
71 | sed -i -e "1s,#!/usr/bin/bash,#!${base_bindir}/bash," ${D}${PTEST_PATH}/tests/data/acpi/disassemle-aml.sh | ||
72 | } | ||
73 | |||
74 | # QEMU_TARGETS is overridable variable | ||
75 | QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc ppc64 ppc64le riscv32 riscv64 sh4 x86_64" | ||
76 | |||
77 | EXTRA_OECONF = " \ | ||
78 | --prefix=${prefix} \ | ||
79 | --bindir=${bindir} \ | ||
80 | --includedir=${includedir} \ | ||
81 | --libdir=${libdir} \ | ||
82 | --mandir=${mandir} \ | ||
83 | --datadir=${datadir} \ | ||
84 | --docdir=${docdir}/${BPN} \ | ||
85 | --sysconfdir=${sysconfdir} \ | ||
86 | --libexecdir=${libexecdir} \ | ||
87 | --localstatedir=${localstatedir} \ | ||
88 | --with-confsuffix=/${BPN} \ | ||
89 | --disable-strip \ | ||
90 | --disable-werror \ | ||
91 | --extra-cflags='${CFLAGS}' \ | ||
92 | --extra-ldflags='${LDFLAGS}' \ | ||
93 | --with-git=/bin/false \ | ||
94 | --disable-git-update \ | ||
95 | ${PACKAGECONFIG_CONFARGS} \ | ||
96 | " | ||
97 | |||
98 | export LIBTOOL="${HOST_SYS}-libtool" | ||
99 | |||
100 | B = "${WORKDIR}/build" | ||
101 | |||
102 | EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" | ||
103 | |||
104 | do_configure_prepend_class-native() { | ||
105 | # Append build host pkg-config paths for native target since the host may provide sdl | ||
106 | BHOST_PKGCONFIG_PATH=$(PATH=/usr/bin:/bin pkg-config --variable pc_path pkg-config || echo "") | ||
107 | if [ ! -z "$BHOST_PKGCONFIG_PATH" ]; then | ||
108 | export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$BHOST_PKGCONFIG_PATH | ||
109 | fi | ||
110 | } | ||
111 | |||
112 | do_configure() { | ||
113 | ${S}/configure ${EXTRA_OECONF} | ||
114 | } | ||
115 | do_configure[cleandirs] += "${B}" | ||
116 | |||
117 | do_install () { | ||
118 | export STRIP="" | ||
119 | oe_runmake 'DESTDIR=${D}' install | ||
120 | } | ||
121 | |||
122 | # The following fragment will create a wrapper for qemu-mips user emulation | ||
123 | # binary in order to work around a segmentation fault issue. Basically, by | ||
124 | # default, the reserved virtual address space for 32-on-64 bit is set to 4GB. | ||
125 | # This will trigger a MMU access fault in the virtual CPU. With this change, | ||
126 | # the qemu-mips works fine. | ||
127 | # IMPORTANT: This piece needs to be removed once the root cause is fixed! | ||
128 | do_install_append() { | ||
129 | if [ -e "${D}/${bindir}/qemu-mips" ]; then | ||
130 | create_wrapper ${D}/${bindir}/qemu-mips \ | ||
131 | QEMU_RESERVED_VA=0x0 | ||
132 | fi | ||
133 | } | ||
134 | # END of qemu-mips workaround | ||
135 | |||
136 | make_qemu_wrapper() { | ||
137 | gdk_pixbuf_module_file=`pkg-config --variable=gdk_pixbuf_cache_file gdk-pixbuf-2.0` | ||
138 | |||
139 | for tool in `ls ${D}${bindir}/qemu-system-*`; do | ||
140 | create_wrapper $tool \ | ||
141 | GDK_PIXBUF_MODULE_FILE=$gdk_pixbuf_module_file \ | ||
142 | FONTCONFIG_PATH=/etc/fonts \ | ||
143 | GTK_THEME=Adwaita | ||
144 | done | ||
145 | } | ||
146 | |||
147 | # Disable kvm/virgl/mesa on targets that do not support it | ||
148 | PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+" | ||
149 | PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+" | ||
150 | |||
151 | PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2" | ||
152 | PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr," | ||
153 | PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio," | ||
154 | PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs," | ||
155 | PACKAGECONFIG[xen] = "--enable-xen,--disable-xen,xen-tools,xen-tools-libxenstore xen-tools-libxenctrl xen-tools-libxenguest" | ||
156 | PACKAGECONFIG[vnc-sasl] = "--enable-vnc --enable-vnc-sasl,--disable-vnc-sasl,cyrus-sasl," | ||
157 | PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpeg," | ||
158 | PACKAGECONFIG[vnc-png] = "--enable-vnc --enable-vnc-png,--disable-vnc-png,libpng," | ||
159 | PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl," | ||
160 | PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss," | ||
161 | PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses," | ||
162 | PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native" | ||
163 | PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native" | ||
164 | PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng," | ||
165 | PACKAGECONFIG[ssh] = "--enable-libssh,--disable-libssh,libssh," | ||
166 | PACKAGECONFIG[gcrypt] = "--enable-gcrypt,--disable-gcrypt,libgcrypt," | ||
167 | PACKAGECONFIG[nettle] = "--enable-nettle,--disable-nettle,nettle" | ||
168 | PACKAGECONFIG[libusb] = "--enable-libusb,--disable-libusb,libusb1" | ||
169 | PACKAGECONFIG[fdt] = "--enable-fdt,--disable-fdt,dtc" | ||
170 | PACKAGECONFIG[alsa] = "--audio-drv-list='oss alsa',,alsa-lib" | ||
171 | PACKAGECONFIG[glx] = "--enable-opengl,--disable-opengl,virtual/libgl" | ||
172 | PACKAGECONFIG[lzo] = "--enable-lzo,--disable-lzo,lzo" | ||
173 | PACKAGECONFIG[numa] = "--enable-numa,--disable-numa,numactl" | ||
174 | PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls" | ||
175 | PACKAGECONFIG[bzip2] = "--enable-bzip2,--disable-bzip2,bzip2" | ||
176 | PACKAGECONFIG[libiscsi] = "--enable-libiscsi,--disable-libiscsi" | ||
177 | PACKAGECONFIG[kvm] = "--enable-kvm,--disable-kvm" | ||
178 | PACKAGECONFIG[virglrenderer] = "--enable-virglrenderer,--disable-virglrenderer,virglrenderer" | ||
179 | # spice will be in meta-networking layer | ||
180 | PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice" | ||
181 | # usbredir will be in meta-networking layer | ||
182 | PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir" | ||
183 | PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy" | ||
184 | PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs,glusterfs" | ||
185 | PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon" | ||
186 | PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev" | ||
187 | PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2" | ||
188 | PACKAGECONFIG[attr] = "--enable-attr,--disable-attr,attr," | ||
189 | PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd,ceph,ceph" | ||
190 | PACKAGECONFIG[vhost] = "--enable-vhost-net,--disable-vhost-net,," | ||
191 | PACKAGECONFIG[ust] = "--enable-trace-backend=ust,--enable-trace-backend=nop,lttng-ust," | ||
192 | PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,," | ||
193 | PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp" | ||
194 | |||
195 | INSANE_SKIP_${PN} = "arch" | ||
196 | |||
197 | FILES_${PN} += "${datadir}/icons" | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch new file mode 100644 index 00000000..1304ee3b --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From b921e5204030845dc7c9d16d5f66d965e8d05367 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jeremy Puhlman <jpuhlman@mvista.com> | ||
3 | Date: Thu, 19 Mar 2020 11:54:26 -0700 | ||
4 | Subject: [PATCH] Add enable/disable libudev | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> | ||
8 | |||
9 | [update patch context] | ||
10 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
11 | --- | ||
12 | configure | 4 ++++ | ||
13 | 1 file changed, 4 insertions(+) | ||
14 | |||
15 | Index: qemu-5.1.0/configure | ||
16 | =================================================================== | ||
17 | --- qemu-5.1.0.orig/configure | ||
18 | +++ qemu-5.1.0/configure | ||
19 | @@ -1640,6 +1640,10 @@ for opt do | ||
20 | ;; | ||
21 | --disable-libdaxctl) libdaxctl=no | ||
22 | ;; | ||
23 | + --enable-libudev) libudev="yes" | ||
24 | + ;; | ||
25 | + --disable-libudev) libudev="no" | ||
26 | + ;; | ||
27 | *) | ||
28 | echo "ERROR: unknown option $opt" | ||
29 | echo "Try '$0 --help' for more information" | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch new file mode 100644 index 00000000..46c9da08 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch | |||
@@ -0,0 +1,141 @@ | |||
1 | From 883feb43129dc39b491e492c7ccfe89aefe53c44 Mon Sep 17 00:00:00 2001 | ||
2 | From: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
3 | Date: Thu, 27 Nov 2014 14:04:29 +0000 | ||
4 | Subject: [PATCH] qemu: Add missing wacom HID descriptor | ||
5 | |||
6 | The USB wacom device is missing a HID descriptor which causes it | ||
7 | to fail to operate with recent kernels (e.g. 3.17). | ||
8 | |||
9 | This patch adds a HID desriptor to the device, based upon one from | ||
10 | real wcom device. | ||
11 | |||
12 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
13 | |||
14 | Upstream-Status: Submitted | ||
15 | 2014/11/27 | ||
16 | |||
17 | [update patch context] | ||
18 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
19 | --- | ||
20 | hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++- | ||
21 | 1 file changed, 93 insertions(+), 1 deletion(-) | ||
22 | |||
23 | Index: qemu-5.1.0/hw/usb/dev-wacom.c | ||
24 | =================================================================== | ||
25 | --- qemu-5.1.0.orig/hw/usb/dev-wacom.c | ||
26 | +++ qemu-5.1.0/hw/usb/dev-wacom.c | ||
27 | @@ -74,6 +74,89 @@ static const USBDescStrings desc_strings | ||
28 | [STR_SERIALNUMBER] = "1", | ||
29 | }; | ||
30 | |||
31 | +static const uint8_t qemu_tablet_hid_report_descriptor[] = { | ||
32 | + 0x05, 0x01, /* Usage Page (Generic Desktop) */ | ||
33 | + 0x09, 0x02, /* Usage (Mouse) */ | ||
34 | + 0xa1, 0x01, /* Collection (Application) */ | ||
35 | + 0x85, 0x01, /* Report ID (1) */ | ||
36 | + 0x09, 0x01, /* Usage (Pointer) */ | ||
37 | + 0xa1, 0x00, /* Collection (Physical) */ | ||
38 | + 0x05, 0x09, /* Usage Page (Button) */ | ||
39 | + 0x19, 0x01, /* Usage Minimum (1) */ | ||
40 | + 0x29, 0x05, /* Usage Maximum (5) */ | ||
41 | + 0x15, 0x00, /* Logical Minimum (0) */ | ||
42 | + 0x25, 0x01, /* Logical Maximum (1) */ | ||
43 | + 0x95, 0x05, /* Report Count (5) */ | ||
44 | + 0x75, 0x01, /* Report Size (1) */ | ||
45 | + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ | ||
46 | + 0x95, 0x01, /* Report Count (1) */ | ||
47 | + 0x75, 0x03, /* Report Size (3) */ | ||
48 | + 0x81, 0x01, /* Input (Constant) */ | ||
49 | + 0x05, 0x01, /* Usage Page (Generic Desktop) */ | ||
50 | + 0x09, 0x30, /* Usage (X) */ | ||
51 | + 0x09, 0x31, /* Usage (Y) */ | ||
52 | + 0x15, 0x81, /* Logical Minimum (-127) */ | ||
53 | + 0x25, 0x7f, /* Logical Maximum (127) */ | ||
54 | + 0x75, 0x08, /* Report Size (8) */ | ||
55 | + 0x95, 0x02, /* Report Count (2) */ | ||
56 | + 0x81, 0x06, /* Input (Data, Variable, Relative) */ | ||
57 | + 0xc0, /* End Collection */ | ||
58 | + 0xc0, /* End Collection */ | ||
59 | + 0x05, 0x0d, /* Usage Page (Digitizer) */ | ||
60 | + 0x09, 0x01, /* Usage (Digitizer) */ | ||
61 | + 0xa1, 0x01, /* Collection (Application) */ | ||
62 | + 0x85, 0x02, /* Report ID (2) */ | ||
63 | + 0xa1, 0x00, /* Collection (Physical) */ | ||
64 | + 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ | ||
65 | + 0x09, 0x01, /* Usage (Digitizer) */ | ||
66 | + 0x15, 0x00, /* Logical Minimum (0) */ | ||
67 | + 0x26, 0xff, 0x00, /* Logical Maximum (255) */ | ||
68 | + 0x75, 0x08, /* Report Size (8) */ | ||
69 | + 0x95, 0x08, /* Report Count (8) */ | ||
70 | + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ | ||
71 | + 0xc0, /* End Collection */ | ||
72 | + 0x09, 0x01, /* Usage (Digitizer) */ | ||
73 | + 0x85, 0x02, /* Report ID (2) */ | ||
74 | + 0x95, 0x01, /* Report Count (1) */ | ||
75 | + 0xb1, 0x02, /* FEATURE (2) */ | ||
76 | + 0xc0, /* End Collection */ | ||
77 | + 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ | ||
78 | + 0x09, 0x01, /* Usage (Digitizer) */ | ||
79 | + 0xa1, 0x01, /* Collection (Application) */ | ||
80 | + 0x85, 0x02, /* Report ID (2) */ | ||
81 | + 0x05, 0x0d, /* Usage Page (Digitizer) */ | ||
82 | + 0x09, 0x22, /* Usage (Finger) */ | ||
83 | + 0xa1, 0x00, /* Collection (Physical) */ | ||
84 | + 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ | ||
85 | + 0x09, 0x01, /* Usage (Digitizer) */ | ||
86 | + 0x15, 0x00, /* Logical Minimum (0) */ | ||
87 | + 0x26, 0xff, 0x00, /* Logical Maximum */ | ||
88 | + 0x75, 0x08, /* Report Size (8) */ | ||
89 | + 0x95, 0x02, /* Report Count (2) */ | ||
90 | + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ | ||
91 | + 0x05, 0x01, /* Usage Page (Generic Desktop) */ | ||
92 | + 0x09, 0x30, /* Usage (X) */ | ||
93 | + 0x35, 0x00, /* Physical Minimum */ | ||
94 | + 0x46, 0xe0, 0x2e, /* Physical Maximum */ | ||
95 | + 0x26, 0xe0, 0x01, /* Logical Maximum */ | ||
96 | + 0x75, 0x10, /* Report Size (16) */ | ||
97 | + 0x95, 0x01, /* Report Count (1) */ | ||
98 | + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ | ||
99 | + 0x09, 0x31, /* Usage (Y) */ | ||
100 | + 0x46, 0x40, 0x1f, /* Physical Maximum */ | ||
101 | + 0x26, 0x40, 0x01, /* Logical Maximum */ | ||
102 | + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ | ||
103 | + 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */ | ||
104 | + 0x09, 0x01, /* Usage (Digitizer) */ | ||
105 | + 0x26, 0xff, 0x00, /* Logical Maximum */ | ||
106 | + 0x75, 0x08, /* Report Size (8) */ | ||
107 | + 0x95, 0x0d, /* Report Count (13) */ | ||
108 | + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ | ||
109 | + 0xc0, /* End Collection */ | ||
110 | + 0xc0, /* End Collection */ | ||
111 | +}; | ||
112 | + | ||
113 | + | ||
114 | static const USBDescIface desc_iface_wacom = { | ||
115 | .bInterfaceNumber = 0, | ||
116 | .bNumEndpoints = 1, | ||
117 | @@ -91,7 +174,7 @@ static const USBDescIface desc_iface_wac | ||
118 | 0x00, /* u8 country_code */ | ||
119 | 0x01, /* u8 num_descriptors */ | ||
120 | 0x22, /* u8 type: Report */ | ||
121 | - 0x6e, 0, /* u16 len */ | ||
122 | + sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */ | ||
123 | }, | ||
124 | }, | ||
125 | }, | ||
126 | @@ -271,6 +354,15 @@ static void usb_wacom_handle_control(USB | ||
127 | } | ||
128 | |||
129 | switch (request) { | ||
130 | + case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: | ||
131 | + switch (value >> 8) { | ||
132 | + case 0x22: | ||
133 | + memcpy(data, qemu_tablet_hid_report_descriptor, | ||
134 | + sizeof(qemu_tablet_hid_report_descriptor)); | ||
135 | + p->actual_length = sizeof(qemu_tablet_hid_report_descriptor); | ||
136 | + break; | ||
137 | + } | ||
138 | + break; | ||
139 | case WACOM_SET_REPORT: | ||
140 | if (s->mouse_grabbed) { | ||
141 | qemu_remove_mouse_event_handler(s->eh_entry); | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch new file mode 100644 index 00000000..d6c0f9eb --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From 34247f83095f8cdcdc1f9d7f0c6ffbd46b25d979 Mon Sep 17 00:00:00 2001 | ||
2 | From: Oleksiy Obitotskyy <oobitots@cisco.com> | ||
3 | Date: Wed, 25 Mar 2020 21:21:35 +0200 | ||
4 | Subject: [PATCH] qemu: Do not include file if not exists | ||
5 | |||
6 | Script configure checks for if_alg.h and check failed but | ||
7 | if_alg.h still included. | ||
8 | |||
9 | Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg07188.html] | ||
10 | Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> | ||
11 | |||
12 | [update patch context] | ||
13 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
14 | --- | ||
15 | linux-user/syscall.c | 2 ++ | ||
16 | 1 file changed, 2 insertions(+) | ||
17 | |||
18 | Index: qemu-5.1.0/linux-user/syscall.c | ||
19 | =================================================================== | ||
20 | --- qemu-5.1.0.orig/linux-user/syscall.c | ||
21 | +++ qemu-5.1.0/linux-user/syscall.c | ||
22 | @@ -109,7 +109,9 @@ | ||
23 | #include <linux/blkpg.h> | ||
24 | #include <netpacket/packet.h> | ||
25 | #include <linux/netlink.h> | ||
26 | +#if defined(CONFIG_AF_ALG) | ||
27 | #include <linux/if_alg.h> | ||
28 | +#endif | ||
29 | #include <linux/rtc.h> | ||
30 | #include <sound/asound.h> | ||
31 | #ifdef HAVE_DRM_H | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch new file mode 100644 index 00000000..5227b7cb --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From 68fa519a6cb455005317bd61f95214b58b2f1e69 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org> | ||
3 | Date: Fri, 16 Oct 2020 15:20:37 +0200 | ||
4 | Subject: [PATCH] target/mips: Increase number of TLB entries on the 34Kf core | ||
5 | (16 -> 64) | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | Per "MIPS32 34K Processor Core Family Software User's Manual, | ||
11 | Revision 01.13" page 8 in "Joint TLB (JTLB)" section: | ||
12 | |||
13 | "The JTLB is a fully associative TLB cache containing 16, 32, | ||
14 | or 64-dual-entries mapping up to 128 virtual pages to their | ||
15 | corresponding physical addresses." | ||
16 | |||
17 | There is no particular reason to restrict the 34Kf core model to | ||
18 | 16 TLB entries, so raise its config to 64. | ||
19 | |||
20 | This is helpful for other projects, in particular the Yocto Project: | ||
21 | |||
22 | Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit | ||
23 | MIPS CI loop. It was observed that in this case CI test execution | ||
24 | time was almost twice longer than 64bit MIPS variant that runs | ||
25 | under MIPS64R2-generic model. It was investigated and concluded | ||
26 | that the difference in number of TLBs 16 in 34Kf case vs 64 in | ||
27 | MIPS64R2-generic is responsible for most of CI real time execution | ||
28 | difference. Because with 16 TLBs linux user-land trashes TLB more | ||
29 | and it needs to execute more instructions in TLB refill handler | ||
30 | calls, as result it runs much longer. | ||
31 | |||
32 | (https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html) | ||
33 | |||
34 | Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992 | ||
35 | Reported-by: Victor Kamensky <kamensky@cisco.com> | ||
36 | Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> | ||
37 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
38 | Message-Id: <20201016133317.553068-1-f4bug@amsat.org> | ||
39 | |||
40 | Upstream-Status: Backport [https://github.com/qemu/qemu/commit/68fa519a6cb455005317bd61f95214b58b2f1e69] | ||
41 | Signed-off-by: Victor Kamensky <kamensky@cisco.com> | ||
42 | |||
43 | --- | ||
44 | target/mips/translate_init.c.inc | 2 +- | ||
45 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
46 | |||
47 | Index: qemu-5.1.0/target/mips/translate_init.inc.c | ||
48 | =================================================================== | ||
49 | --- qemu-5.1.0.orig/target/mips/translate_init.inc.c | ||
50 | +++ qemu-5.1.0/target/mips/translate_init.inc.c | ||
51 | @@ -254,7 +254,7 @@ const mips_def_t mips_defs[] = | ||
52 | .CP0_PRid = 0x00019500, | ||
53 | .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) | | ||
54 | (MMU_TYPE_R4000 << CP0C0_MT), | ||
55 | - .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) | | ||
56 | + .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) | | ||
57 | (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) | | ||
58 | (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) | | ||
59 | (1 << CP0C1_CA), | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch new file mode 100644 index 00000000..f379948f --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 5da6cef7761157a003e7ebde74fb3cf90ab396d9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Juro Bystricky <juro.bystricky@intel.com> | ||
3 | Date: Thu, 31 Aug 2017 11:06:56 -0700 | ||
4 | Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for | ||
5 | qemu. | ||
6 | |||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
10 | |||
11 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> | ||
12 | |||
13 | [update patch context] | ||
14 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
15 | --- | ||
16 | tests/Makefile.include | 8 ++++++++ | ||
17 | 1 file changed, 8 insertions(+) | ||
18 | |||
19 | Index: qemu-5.1.0/tests/Makefile.include | ||
20 | =================================================================== | ||
21 | --- qemu-5.1.0.orig/tests/Makefile.include | ||
22 | +++ qemu-5.1.0/tests/Makefile.include | ||
23 | @@ -982,4 +982,12 @@ all: $(QEMU_IOTESTS_HELPERS-y) | ||
24 | -include $(wildcard tests/qtest/*.d) | ||
25 | -include $(wildcard tests/qtest/libqos/*.d) | ||
26 | |||
27 | +buildtest-TESTS: $(check-unit-y) | ||
28 | + | ||
29 | +runtest-TESTS: | ||
30 | + for f in $(check-unit-y); do \ | ||
31 | + nf=$$(echo $$f | sed 's/tests\//\.\//g'); \ | ||
32 | + $$nf; \ | ||
33 | + done | ||
34 | + | ||
35 | endif | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch new file mode 100644 index 00000000..33cef422 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From ce1eceab2350d27960ec254650717085f6a11c9a Mon Sep 17 00:00:00 2001 | ||
2 | From: Jason Wessel <jason.wessel@windriver.com> | ||
3 | Date: Fri, 28 Mar 2014 17:42:43 +0800 | ||
4 | Subject: [PATCH] qemu: Add addition environment space to boot loader | ||
5 | qemu-system-mips | ||
6 | |||
7 | Upstream-Status: Inappropriate - OE uses deep paths | ||
8 | |||
9 | If you create a project with very long directory names like 128 characters | ||
10 | deep and use NFS, the kernel arguments will be truncated. The kernel will | ||
11 | accept longer strings such as 1024 bytes, but the qemu boot loader defaulted | ||
12 | to only 256 bytes. This patch expands the limit. | ||
13 | |||
14 | Signed-off-by: Jason Wessel <jason.wessel@windriver.com> | ||
15 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
16 | |||
17 | --- | ||
18 | hw/mips/malta.c | 2 +- | ||
19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
20 | |||
21 | Index: qemu-5.1.0/hw/mips/malta.c | ||
22 | =================================================================== | ||
23 | --- qemu-5.1.0.orig/hw/mips/malta.c | ||
24 | +++ qemu-5.1.0/hw/mips/malta.c | ||
25 | @@ -59,7 +59,7 @@ | ||
26 | |||
27 | #define ENVP_ADDR 0x80002000l | ||
28 | #define ENVP_NB_ENTRIES 16 | ||
29 | -#define ENVP_ENTRY_SIZE 256 | ||
30 | +#define ENVP_ENTRY_SIZE 1024 | ||
31 | |||
32 | /* Hardware addresses */ | ||
33 | #define FLASH_ADDRESS 0x1e000000ULL | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch new file mode 100644 index 00000000..71f537f9 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001 | ||
2 | From: Ross Burton <ross.burton@intel.com> | ||
3 | Date: Tue, 20 Oct 2015 22:19:08 +0100 | ||
4 | Subject: [PATCH] qemu: disable Valgrind | ||
5 | |||
6 | There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds. | ||
7 | |||
8 | Upstream-Status: Inappropriate | ||
9 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
10 | |||
11 | --- | ||
12 | configure | 9 --------- | ||
13 | 1 file changed, 9 deletions(-) | ||
14 | |||
15 | Index: qemu-5.1.0/configure | ||
16 | =================================================================== | ||
17 | --- qemu-5.1.0.orig/configure | ||
18 | +++ qemu-5.1.0/configure | ||
19 | @@ -5751,15 +5751,6 @@ fi | ||
20 | # check if we have valgrind/valgrind.h | ||
21 | |||
22 | valgrind_h=no | ||
23 | -cat > $TMPC << EOF | ||
24 | -#include <valgrind/valgrind.h> | ||
25 | -int main(void) { | ||
26 | - return 0; | ||
27 | -} | ||
28 | -EOF | ||
29 | -if compile_prog "" "" ; then | ||
30 | - valgrind_h=yes | ||
31 | -fi | ||
32 | |||
33 | ######################################## | ||
34 | # check if environ is declared | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch new file mode 100644 index 00000000..02ebbee1 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 230fe5804099bdca0c9e4cae7280c9fc513cb7f5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Stephen Arnold <sarnold@vctlabs.com> | ||
3 | Date: Sun, 12 Jun 2016 18:09:56 -0700 | ||
4 | Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | [update patch context] | ||
9 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
10 | --- | ||
11 | configure | 4 ---- | ||
12 | 1 file changed, 4 deletions(-) | ||
13 | |||
14 | Index: qemu-5.1.0/configure | ||
15 | =================================================================== | ||
16 | --- qemu-5.1.0.orig/configure | ||
17 | +++ qemu-5.1.0/configure | ||
18 | @@ -6515,10 +6515,6 @@ write_c_skeleton | ||
19 | if test "$gcov" = "yes" ; then | ||
20 | QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS" | ||
21 | QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS" | ||
22 | -elif test "$fortify_source" = "yes" ; then | ||
23 | - CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" | ||
24 | -elif test "$debug" = "no"; then | ||
25 | - CFLAGS="-O2 $CFLAGS" | ||
26 | fi | ||
27 | |||
28 | if test "$have_asan" = "yes"; then | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch new file mode 100644 index 00000000..98fd5e91 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch | |||
@@ -0,0 +1,241 @@ | |||
1 | From bcc63f775e265df69963a4ad7805b8678ace68f0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alistair Francis <alistair.francis@xilinx.com> | ||
3 | Date: Thu, 21 Dec 2017 11:35:16 -0800 | ||
4 | Subject: [PATCH] chardev: connect socket to a spawned command | ||
5 | |||
6 | The command is started in a shell (sh -c) with stdin connect to QEMU | ||
7 | via a Unix domain stream socket. QEMU then exchanges data via its own | ||
8 | end of the socket, just like it normally does. | ||
9 | |||
10 | "-chardev socket" supports some ways of connecting via protocols like | ||
11 | telnet, but that is only a subset of the functionality supported by | ||
12 | tools socat. To use socat instead, for example to connect via a socks | ||
13 | proxy, use: | ||
14 | |||
15 | -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \ | ||
16 | -device usb-serial,chardev=socat | ||
17 | |||
18 | Beware that commas in the command must be escaped as double commas. | ||
19 | |||
20 | Or interactively in the console: | ||
21 | (qemu) chardev-add socket,id=cat,cmd=cat | ||
22 | (qemu) device_add usb-serial,chardev=cat | ||
23 | ^ac | ||
24 | # cat >/dev/ttyUSB0 | ||
25 | hello | ||
26 | hello | ||
27 | |||
28 | Another usage is starting swtpm from inside QEMU. swtpm will | ||
29 | automatically shut down once it looses the connection to the parent | ||
30 | QEMU, so there is no risk of lingering processes: | ||
31 | |||
32 | -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \ | ||
33 | -tpmdev emulator,id=tpm0,chardev=chrtpm0 \ | ||
34 | -device tpm-tis,tpmdev=tpm0 | ||
35 | |||
36 | The patch was discussed upstream, but QEMU developers believe that the | ||
37 | code calling QEMU should be responsible for managing additional | ||
38 | processes. In OE-core, that would imply enhancing runqemu and | ||
39 | oeqa. This patch is a simpler solution. | ||
40 | |||
41 | Because it is not going upstream, the patch was written so that it is | ||
42 | as simple as possible. | ||
43 | |||
44 | Upstream-Status: Inappropriate [embedded specific] | ||
45 | |||
46 | Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> | ||
47 | |||
48 | --- | ||
49 | chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++ | ||
50 | chardev/char.c | 3 ++ | ||
51 | qapi/char.json | 5 +++ | ||
52 | 3 files changed, 109 insertions(+) | ||
53 | |||
54 | Index: qemu-5.1.0/chardev/char-socket.c | ||
55 | =================================================================== | ||
56 | --- qemu-5.1.0.orig/chardev/char-socket.c | ||
57 | +++ qemu-5.1.0/chardev/char-socket.c | ||
58 | @@ -1292,6 +1292,67 @@ static bool qmp_chardev_validate_socket( | ||
59 | return true; | ||
60 | } | ||
61 | |||
62 | +#ifndef _WIN32 | ||
63 | +static void chardev_open_socket_cmd(Chardev *chr, | ||
64 | + const char *cmd, | ||
65 | + Error **errp) | ||
66 | +{ | ||
67 | + int fds[2] = { -1, -1 }; | ||
68 | + QIOChannelSocket *sioc = NULL; | ||
69 | + pid_t pid = -1; | ||
70 | + const char *argv[] = { "/bin/sh", "-c", cmd, NULL }; | ||
71 | + | ||
72 | + /* | ||
73 | + * We need a Unix domain socket for commands like swtpm and a single | ||
74 | + * connection, therefore we cannot use qio_channel_command_new_spawn() | ||
75 | + * without patching it first. Duplicating the functionality is easier. | ||
76 | + */ | ||
77 | + if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) { | ||
78 | + error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)"); | ||
79 | + goto error; | ||
80 | + } | ||
81 | + | ||
82 | + pid = qemu_fork(errp); | ||
83 | + if (pid < 0) { | ||
84 | + goto error; | ||
85 | + } | ||
86 | + | ||
87 | + if (!pid) { | ||
88 | + /* child */ | ||
89 | + dup2(fds[1], STDIN_FILENO); | ||
90 | + execv(argv[0], (char * const *)argv); | ||
91 | + _exit(1); | ||
92 | + } | ||
93 | + | ||
94 | + /* | ||
95 | + * Hand over our end of the socket pair to the qio channel. | ||
96 | + * | ||
97 | + * We don't reap the child because it is expected to keep | ||
98 | + * running. We also don't support the "reconnect" option for the | ||
99 | + * same reason. | ||
100 | + */ | ||
101 | + sioc = qio_channel_socket_new_fd(fds[0], errp); | ||
102 | + if (!sioc) { | ||
103 | + goto error; | ||
104 | + } | ||
105 | + fds[0] = -1; | ||
106 | + | ||
107 | + g_free(chr->filename); | ||
108 | + chr->filename = g_strdup_printf("cmd:%s", cmd); | ||
109 | + tcp_chr_new_client(chr, sioc); | ||
110 | + | ||
111 | + error: | ||
112 | + if (fds[0] >= 0) { | ||
113 | + close(fds[0]); | ||
114 | + } | ||
115 | + if (fds[1] >= 0) { | ||
116 | + close(fds[1]); | ||
117 | + } | ||
118 | + if (sioc) { | ||
119 | + object_unref(OBJECT(sioc)); | ||
120 | + } | ||
121 | +} | ||
122 | +#endif | ||
123 | |||
124 | static void qmp_chardev_open_socket(Chardev *chr, | ||
125 | ChardevBackend *backend, | ||
126 | @@ -1300,6 +1361,9 @@ static void qmp_chardev_open_socket(Char | ||
127 | { | ||
128 | SocketChardev *s = SOCKET_CHARDEV(chr); | ||
129 | ChardevSocket *sock = backend->u.socket.data; | ||
130 | +#ifndef _WIN32 | ||
131 | + const char *cmd = sock->cmd; | ||
132 | +#endif | ||
133 | bool do_nodelay = sock->has_nodelay ? sock->nodelay : false; | ||
134 | bool is_listen = sock->has_server ? sock->server : true; | ||
135 | bool is_telnet = sock->has_telnet ? sock->telnet : false; | ||
136 | @@ -1365,6 +1429,14 @@ static void qmp_chardev_open_socket(Char | ||
137 | |||
138 | update_disconnected_filename(s); | ||
139 | |||
140 | +#ifndef _WIN32 | ||
141 | + if (cmd) { | ||
142 | + chardev_open_socket_cmd(chr, cmd, errp); | ||
143 | + | ||
144 | + /* everything ready (or failed permanently) before we return */ | ||
145 | + *be_opened = true; | ||
146 | + } else | ||
147 | +#endif | ||
148 | if (s->is_listen) { | ||
149 | if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270, | ||
150 | is_waitconnect, errp) < 0) { | ||
151 | @@ -1384,11 +1456,27 @@ static void qemu_chr_parse_socket(QemuOp | ||
152 | const char *host = qemu_opt_get(opts, "host"); | ||
153 | const char *port = qemu_opt_get(opts, "port"); | ||
154 | const char *fd = qemu_opt_get(opts, "fd"); | ||
155 | +#ifndef _WIN32 | ||
156 | + const char *cmd = qemu_opt_get(opts, "cmd"); | ||
157 | +#endif | ||
158 | bool tight = qemu_opt_get_bool(opts, "tight", true); | ||
159 | bool abstract = qemu_opt_get_bool(opts, "abstract", false); | ||
160 | SocketAddressLegacy *addr; | ||
161 | ChardevSocket *sock; | ||
162 | |||
163 | +#ifndef _WIN32 | ||
164 | + if (cmd) { | ||
165 | + /* | ||
166 | + * Here we have to ensure that no options are set which are incompatible with | ||
167 | + * spawning a command, otherwise unmodified code that doesn't know about | ||
168 | + * command spawning (like socket_reconnect_timeout()) might get called. | ||
169 | + */ | ||
170 | + if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) { | ||
171 | + error_setg(errp, "chardev: socket: cmd does not support any additional options"); | ||
172 | + return; | ||
173 | + } | ||
174 | + } else | ||
175 | +#endif | ||
176 | if ((!!path + !!fd + !!host) != 1) { | ||
177 | error_setg(errp, | ||
178 | "Exactly one of 'path', 'fd' or 'host' required"); | ||
179 | @@ -1431,12 +1519,24 @@ static void qemu_chr_parse_socket(QemuOp | ||
180 | sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); | ||
181 | sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); | ||
182 | |||
183 | - addr = g_new0(SocketAddressLegacy, 1); | ||
184 | +#ifndef _WIN32 | ||
185 | + sock->cmd = g_strdup(cmd); | ||
186 | +#endif | ||
187 | + | ||
188 | + addr = g_new0(SocketAddressLegacy, 1); | ||
189 | +#ifndef _WIN32 | ||
190 | + if (path || cmd) { | ||
191 | +#else | ||
192 | if (path) { | ||
193 | +#endif | ||
194 | UnixSocketAddress *q_unix; | ||
195 | addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX; | ||
196 | q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1); | ||
197 | +#ifndef _WIN32 | ||
198 | + q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path); | ||
199 | +#else | ||
200 | q_unix->path = g_strdup(path); | ||
201 | +#endif | ||
202 | q_unix->tight = tight; | ||
203 | q_unix->abstract = abstract; | ||
204 | } else if (host) { | ||
205 | Index: qemu-5.1.0/chardev/char.c | ||
206 | =================================================================== | ||
207 | --- qemu-5.1.0.orig/chardev/char.c | ||
208 | +++ qemu-5.1.0/chardev/char.c | ||
209 | @@ -826,6 +826,9 @@ QemuOptsList qemu_chardev_opts = { | ||
210 | .name = "path", | ||
211 | .type = QEMU_OPT_STRING, | ||
212 | },{ | ||
213 | + .name = "cmd", | ||
214 | + .type = QEMU_OPT_STRING, | ||
215 | + },{ | ||
216 | .name = "host", | ||
217 | .type = QEMU_OPT_STRING, | ||
218 | },{ | ||
219 | Index: qemu-5.1.0/qapi/char.json | ||
220 | =================================================================== | ||
221 | --- qemu-5.1.0.orig/qapi/char.json | ||
222 | +++ qemu-5.1.0/qapi/char.json | ||
223 | @@ -250,6 +250,10 @@ | ||
224 | # | ||
225 | # @addr: socket address to listen on (server=true) | ||
226 | # or connect to (server=false) | ||
227 | +# @cmd: command to run via "sh -c" with stdin as one end of | ||
228 | +# a AF_UNIX SOCK_DSTREAM socket pair. The other end | ||
229 | +# is used by the chardev. Either an addr or a cmd can | ||
230 | +# be specified, but not both. | ||
231 | # @tls-creds: the ID of the TLS credentials object (since 2.6) | ||
232 | # @tls-authz: the ID of the QAuthZ authorization object against which | ||
233 | # the client's x509 distinguished name will be validated. This | ||
234 | @@ -276,6 +280,7 @@ | ||
235 | ## | ||
236 | { 'struct': 'ChardevSocket', | ||
237 | 'data': { 'addr': 'SocketAddressLegacy', | ||
238 | + '*cmd': 'str', | ||
239 | '*tls-creds': 'str', | ||
240 | '*tls-authz' : 'str', | ||
241 | '*server': 'bool', | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch new file mode 100644 index 00000000..034ac578 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From a59a98d100123030a4145e7efe3b8a001920a9f1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
3 | Date: Tue, 26 Feb 2013 11:43:28 -0500 | ||
4 | Subject: [PATCH] apic: fixup fallthrough to PIC | ||
5 | |||
6 | Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC | ||
7 | interrupts through the local APIC if the local APIC config says so.] | ||
8 | missed a check to ensure the local APIC is enabled. Since if the local | ||
9 | APIC is disabled it doesn't matter what the local APIC config says. | ||
10 | |||
11 | If this check isn't done and the guest has disabled the local APIC the | ||
12 | guest will receive a general protection fault, similar to what is seen | ||
13 | here: | ||
14 | |||
15 | https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html | ||
16 | |||
17 | The GPF is caused by an attempt to service interrupt 0xffffffff. This | ||
18 | comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr() | ||
19 | (with the local APIC disabled apic_get_interrupt() returns -1). | ||
20 | apic_accept_pic_intr() returns 0 and thus the interrupt number which | ||
21 | is returned from cpu_get_pic_interrupt(), and which is attempted to be | ||
22 | serviced, is -1. | ||
23 | |||
24 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
25 | Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html] | ||
26 | Signed-off-by: He Zhe <zhe.he@windriver.com> | ||
27 | |||
28 | --- | ||
29 | hw/intc/apic.c | 2 +- | ||
30 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
31 | |||
32 | Index: qemu-5.1.0/hw/intc/apic.c | ||
33 | =================================================================== | ||
34 | --- qemu-5.1.0.orig/hw/intc/apic.c | ||
35 | +++ qemu-5.1.0/hw/intc/apic.c | ||
36 | @@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *de | ||
37 | APICCommonState *s = APIC(dev); | ||
38 | uint32_t lvt0; | ||
39 | |||
40 | - if (!s) | ||
41 | + if (!s || !(s->spurious_vec & APIC_SV_ENABLE)) | ||
42 | return -1; | ||
43 | |||
44 | lvt0 = s->lvt[APIC_LVT_LINT0]; | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch new file mode 100644 index 00000000..d20f04ee --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alistair Francis <alistair.francis@xilinx.com> | ||
3 | Date: Wed, 17 Jan 2018 10:51:49 -0800 | ||
4 | Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target | ||
5 | |||
6 | Since commit "linux-user: Tidy and enforce reserved_va initialization" | ||
7 | (18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build | ||
8 | hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using | ||
9 | musl. | ||
10 | |||
11 | To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match | ||
12 | to what it was before the problematic commit. | ||
13 | |||
14 | Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html | ||
15 | Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> | ||
16 | |||
17 | --- | ||
18 | linux-user/main.c | 2 +- | ||
19 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
20 | |||
21 | Index: qemu-5.1.0/linux-user/main.c | ||
22 | =================================================================== | ||
23 | --- qemu-5.1.0.orig/linux-user/main.c | ||
24 | +++ qemu-5.1.0/linux-user/main.c | ||
25 | @@ -92,7 +92,7 @@ static int last_log_mask; | ||
26 | (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32)) | ||
27 | /* There are a number of places where we assign reserved_va to a variable | ||
28 | of type abi_ulong and expect it to fit. Avoid the last page. */ | ||
29 | -# define MAX_RESERVED_VA(CPU) (0xfffffffful & TARGET_PAGE_MASK) | ||
30 | +# define MAX_RESERVED_VA(CPU) (0x7ffffffful & TARGET_PAGE_MASK) | ||
31 | # else | ||
32 | # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS) | ||
33 | # endif | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch new file mode 100644 index 00000000..f2a44986 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch | |||
@@ -0,0 +1,137 @@ | |||
1 | From 815c97ba0de02da9dace3fcfcbdf9b20e029f0d7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Martin Jansa <martin.jansa@lge.com> | ||
3 | Date: Fri, 1 Jun 2018 08:41:07 +0000 | ||
4 | Subject: [PATCH] Fix webkitgtk builds | ||
5 | |||
6 | This is a partial revert of "linux-user: fix mmap/munmap/mprotect/mremap/shmat". | ||
7 | |||
8 | This patch fixes qemu-i386 hangs during gobject-introspection in webkitgtk build | ||
9 | when musl is used on qemux86. This is the same issue that | ||
10 | 0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch was | ||
11 | fixing in the 2.11 release. | ||
12 | |||
13 | This patch also fixes a build failure when building webkitgtk for | ||
14 | qemumips. A QEMU assert is seen while building webkitgtk: | ||
15 | page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. | ||
16 | |||
17 | This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583. | ||
18 | |||
19 | Upstream-Status: Pending | ||
20 | Signed-off-by: Alistair Francis <alistair.francis@wdc.com> | ||
21 | |||
22 | [update patch context] | ||
23 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
24 | --- | ||
25 | include/exec/cpu-all.h | 6 +----- | ||
26 | include/exec/cpu_ldst.h | 5 ++++- | ||
27 | linux-user/mmap.c | 17 ++++------------- | ||
28 | linux-user/syscall.c | 5 +---- | ||
29 | 4 files changed, 10 insertions(+), 23 deletions(-) | ||
30 | |||
31 | Index: qemu-5.1.0/include/exec/cpu-all.h | ||
32 | =================================================================== | ||
33 | --- qemu-5.1.0.orig/include/exec/cpu-all.h | ||
34 | +++ qemu-5.1.0/include/exec/cpu-all.h | ||
35 | @@ -176,11 +176,8 @@ extern unsigned long reserved_va; | ||
36 | * avoid setting bits at the top of guest addresses that might need | ||
37 | * to be used for tags. | ||
38 | */ | ||
39 | -#define GUEST_ADDR_MAX_ \ | ||
40 | - ((MIN_CONST(TARGET_VIRT_ADDR_SPACE_BITS, TARGET_ABI_BITS) <= 32) ? \ | ||
41 | - UINT32_MAX : ~0ul) | ||
42 | -#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : GUEST_ADDR_MAX_) | ||
43 | - | ||
44 | +#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \ | ||
45 | + (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1) | ||
46 | #else | ||
47 | |||
48 | #include "exec/hwaddr.h" | ||
49 | Index: qemu-5.1.0/include/exec/cpu_ldst.h | ||
50 | =================================================================== | ||
51 | --- qemu-5.1.0.orig/include/exec/cpu_ldst.h | ||
52 | +++ qemu-5.1.0/include/exec/cpu_ldst.h | ||
53 | @@ -75,7 +75,10 @@ typedef uint64_t abi_ptr; | ||
54 | #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS | ||
55 | #define guest_addr_valid(x) (1) | ||
56 | #else | ||
57 | -#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX) | ||
58 | +#define guest_addr_valid(x) ({ \ | ||
59 | + ((x) < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \ | ||
60 | + (!reserved_va || ((x) < reserved_va)); \ | ||
61 | +}) | ||
62 | #endif | ||
63 | #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base) | ||
64 | |||
65 | Index: qemu-5.1.0/linux-user/mmap.c | ||
66 | =================================================================== | ||
67 | --- qemu-5.1.0.orig/linux-user/mmap.c | ||
68 | +++ qemu-5.1.0/linux-user/mmap.c | ||
69 | @@ -71,7 +71,7 @@ int target_mprotect(abi_ulong start, abi | ||
70 | return -TARGET_EINVAL; | ||
71 | len = TARGET_PAGE_ALIGN(len); | ||
72 | end = start + len; | ||
73 | - if (!guest_range_valid(start, len)) { | ||
74 | + if (end < start) { | ||
75 | return -TARGET_ENOMEM; | ||
76 | } | ||
77 | prot &= PROT_READ | PROT_WRITE | PROT_EXEC; | ||
78 | @@ -467,8 +467,8 @@ abi_long target_mmap(abi_ulong start, ab | ||
79 | * It can fail only on 64-bit host with 32-bit target. | ||
80 | * On any other target/host host mmap() handles this error correctly. | ||
81 | */ | ||
82 | - if (end < start || !guest_range_valid(start, len)) { | ||
83 | - errno = ENOMEM; | ||
84 | + if (end < start || ((unsigned long)start + len - 1 > (abi_ulong) -1)) { | ||
85 | + errno = EINVAL; | ||
86 | goto fail; | ||
87 | } | ||
88 | |||
89 | @@ -604,10 +604,8 @@ int target_munmap(abi_ulong start, abi_u | ||
90 | if (start & ~TARGET_PAGE_MASK) | ||
91 | return -TARGET_EINVAL; | ||
92 | len = TARGET_PAGE_ALIGN(len); | ||
93 | - if (len == 0 || !guest_range_valid(start, len)) { | ||
94 | + if (len == 0) | ||
95 | return -TARGET_EINVAL; | ||
96 | - } | ||
97 | - | ||
98 | mmap_lock(); | ||
99 | end = start + len; | ||
100 | real_start = start & qemu_host_page_mask; | ||
101 | @@ -662,13 +660,6 @@ abi_long target_mremap(abi_ulong old_add | ||
102 | int prot; | ||
103 | void *host_addr; | ||
104 | |||
105 | - if (!guest_range_valid(old_addr, old_size) || | ||
106 | - ((flags & MREMAP_FIXED) && | ||
107 | - !guest_range_valid(new_addr, new_size))) { | ||
108 | - errno = ENOMEM; | ||
109 | - return -1; | ||
110 | - } | ||
111 | - | ||
112 | mmap_lock(); | ||
113 | |||
114 | if (flags & MREMAP_FIXED) { | ||
115 | Index: qemu-5.1.0/linux-user/syscall.c | ||
116 | =================================================================== | ||
117 | --- qemu-5.1.0.orig/linux-user/syscall.c | ||
118 | +++ qemu-5.1.0/linux-user/syscall.c | ||
119 | @@ -4336,9 +4336,6 @@ static inline abi_ulong do_shmat(CPUArch | ||
120 | return -TARGET_EINVAL; | ||
121 | } | ||
122 | } | ||
123 | - if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) { | ||
124 | - return -TARGET_EINVAL; | ||
125 | - } | ||
126 | |||
127 | mmap_lock(); | ||
128 | |||
129 | @@ -7376,7 +7373,7 @@ static int open_self_maps(void *cpu_env, | ||
130 | const char *path; | ||
131 | |||
132 | max = h2g_valid(max - 1) ? | ||
133 | - max : (uintptr_t) g2h(GUEST_ADDR_MAX) + 1; | ||
134 | + max : (uintptr_t) g2h(GUEST_ADDR_MAX); | ||
135 | |||
136 | if (page_check_range(h2g(min), max - min, flags) == -1) { | ||
137 | continue; | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch new file mode 100644 index 00000000..d7e3fffd --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch | |||
@@ -0,0 +1,91 @@ | |||
1 | From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001 | ||
2 | From: He Zhe <zhe.he@windriver.com> | ||
3 | Date: Wed, 28 Aug 2019 19:56:28 +0800 | ||
4 | Subject: [PATCH] configure: Add pkg-config handling for libgcrypt | ||
5 | |||
6 | libgcrypt may also be controlled by pkg-config, this patch adds pkg-config | ||
7 | handling for libgcrypt. | ||
8 | |||
9 | Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html] | ||
10 | |||
11 | Signed-off-by: He Zhe <zhe.he@windriver.com> | ||
12 | |||
13 | --- | ||
14 | configure | 48 ++++++++++++++++++++++++++++++++++++++++-------- | ||
15 | 1 file changed, 40 insertions(+), 8 deletions(-) | ||
16 | |||
17 | Index: qemu-5.1.0/configure | ||
18 | =================================================================== | ||
19 | --- qemu-5.1.0.orig/configure | ||
20 | +++ qemu-5.1.0/configure | ||
21 | @@ -3084,6 +3084,30 @@ has_libgcrypt() { | ||
22 | return 0 | ||
23 | } | ||
24 | |||
25 | +has_libgcrypt_pkgconfig() { | ||
26 | + if ! has $pkg_config ; then | ||
27 | + return 1 | ||
28 | + fi | ||
29 | + | ||
30 | + if ! $pkg_config --list-all | grep libgcrypt > /dev/null 2>&1 ; then | ||
31 | + return 1 | ||
32 | + fi | ||
33 | + | ||
34 | + if test -n "$cross_prefix" ; then | ||
35 | + host=$($pkg_config --variable=host libgcrypt) | ||
36 | + if test "${host%-gnu}-" != "${cross_prefix%-gnu}" ; then | ||
37 | + print_error "host($host) does not match cross_prefix($cross_prefix)" | ||
38 | + return 1 | ||
39 | + fi | ||
40 | + fi | ||
41 | + | ||
42 | + if ! $pkg_config --atleast-version=1.5.0 libgcrypt ; then | ||
43 | + print_error "libgcrypt version is $($pkg_config --modversion libgcrypt)" | ||
44 | + return 1 | ||
45 | + fi | ||
46 | + | ||
47 | + return 0 | ||
48 | +} | ||
49 | |||
50 | if test "$nettle" != "no"; then | ||
51 | pass="no" | ||
52 | @@ -3124,7 +3148,14 @@ fi | ||
53 | |||
54 | if test "$gcrypt" != "no"; then | ||
55 | pass="no" | ||
56 | - if has_libgcrypt; then | ||
57 | + if has_libgcrypt_pkgconfig; then | ||
58 | + gcrypt_cflags=$($pkg_config --cflags libgcrypt) | ||
59 | + if test "$static" = "yes" ; then | ||
60 | + gcrypt_libs=$($pkg_config --libs --static libgcrypt) | ||
61 | + else | ||
62 | + gcrypt_libs=$($pkg_config --libs libgcrypt) | ||
63 | + fi | ||
64 | + elif has_libgcrypt; then | ||
65 | gcrypt_cflags=$(libgcrypt-config --cflags) | ||
66 | gcrypt_libs=$(libgcrypt-config --libs) | ||
67 | # Debian has removed -lgpg-error from libgcrypt-config | ||
68 | @@ -3134,15 +3165,16 @@ if test "$gcrypt" != "no"; then | ||
69 | then | ||
70 | gcrypt_libs="$gcrypt_libs -lgpg-error" | ||
71 | fi | ||
72 | + fi | ||
73 | |||
74 | - # Link test to make sure the given libraries work (e.g for static). | ||
75 | - write_c_skeleton | ||
76 | - if compile_prog "" "$gcrypt_libs" ; then | ||
77 | - LIBS="$gcrypt_libs $LIBS" | ||
78 | - QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" | ||
79 | - pass="yes" | ||
80 | - fi | ||
81 | + # Link test to make sure the given libraries work (e.g for static). | ||
82 | + write_c_skeleton | ||
83 | + if compile_prog "" "$gcrypt_libs" ; then | ||
84 | + LIBS="$gcrypt_libs $LIBS" | ||
85 | + QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags" | ||
86 | + pass="yes" | ||
87 | fi | ||
88 | + | ||
89 | if test "$pass" = "yes"; then | ||
90 | gcrypt="yes" | ||
91 | cat > $TMPC << EOF | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-24352.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-24352.patch new file mode 100644 index 00000000..861ff6c3 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-24352.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From ca1f9cbfdce4d63b10d57de80fef89a89d92a540 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Wed, 21 Oct 2020 16:08:18 +0530 | ||
4 | Subject: [PATCH 1/1] ati: check x y display parameter values | ||
5 | |||
6 | The source and destination x,y display parameters in ati_2d_blt() | ||
7 | may run off the vga limits if either of s->regs.[src|dst]_[xy] is | ||
8 | zero. Check the parameter values to avoid potential crash. | ||
9 | |||
10 | Reported-by: Gaoning Pan <pgn@zju.edu.cn> | ||
11 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
12 | Message-id: 20201021103818.1704030-1-ppandit@redhat.com | ||
13 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
14 | |||
15 | Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37 ] | ||
16 | CVE: CVE-2020-24352 | ||
17 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
18 | --- | ||
19 | hw/display/ati_2d.c | 10 ++++++---- | ||
20 | 1 file changed, 6 insertions(+), 4 deletions(-) | ||
21 | |||
22 | diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c | ||
23 | index 23a8ae0..4dc10ea 100644 | ||
24 | --- a/hw/display/ati_2d.c | ||
25 | +++ b/hw/display/ati_2d.c | ||
26 | @@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s) | ||
27 | dst_stride *= bpp; | ||
28 | } | ||
29 | uint8_t *end = s->vga.vram_ptr + s->vga.vram_size; | ||
30 | - if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) * | ||
31 | - dst_stride >= end) { | ||
32 | + if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end | ||
33 | + || dst_bits + dst_x | ||
34 | + + (dst_y + s->regs.dst_height) * dst_stride >= end) { | ||
35 | qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); | ||
36 | return; | ||
37 | } | ||
38 | @@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s) | ||
39 | src_bits += s->regs.crtc_offset & 0x07ffffff; | ||
40 | src_stride *= bpp; | ||
41 | } | ||
42 | - if (src_bits >= end || src_bits + src_x + | ||
43 | - (src_y + s->regs.dst_height) * src_stride >= end) { | ||
44 | + if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end | ||
45 | + || src_bits + src_x | ||
46 | + + (src_y + s->regs.dst_height) * src_stride >= end) { | ||
47 | qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); | ||
48 | return; | ||
49 | } | ||
50 | -- | ||
51 | 1.8.3.1 | ||
52 | |||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25624.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25624.patch new file mode 100644 index 00000000..7631bab3 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25624.patch | |||
@@ -0,0 +1,101 @@ | |||
1 | From 1328fe0c32d5474604105b8105310e944976b058 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Tue, 15 Sep 2020 23:52:58 +0530 | ||
4 | Subject: [PATCH] hw: usb: hcd-ohci: check len and frame_number variables | ||
5 | |||
6 | While servicing the OHCI transfer descriptors(TD), OHCI host | ||
7 | controller derives variables 'start_addr', 'end_addr', 'len' | ||
8 | etc. from values supplied by the host controller driver. | ||
9 | Host controller driver may supply values such that using | ||
10 | above variables leads to out-of-bounds access issues. | ||
11 | Add checks to avoid them. | ||
12 | |||
13 | AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0 | ||
14 | READ of size 2 at 0x7ffd53af76a0 thread T0 | ||
15 | #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734 | ||
16 | #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180 | ||
17 | #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214 | ||
18 | #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257 | ||
19 | #4 timerlist_run_timers ../util/qemu-timer.c:572 | ||
20 | #5 qemu_clock_run_timers ../util/qemu-timer.c:586 | ||
21 | #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672 | ||
22 | #7 main_loop_wait ../util/main-loop.c:527 | ||
23 | #8 qemu_main_loop ../softmmu/vl.c:1676 | ||
24 | #9 main ../softmmu/main.c:50 | ||
25 | |||
26 | Reported-by: Gaoning Pan <pgn@zju.edu.cn> | ||
27 | Reported-by: Yongkang Jia <j_kangel@163.com> | ||
28 | Reported-by: Yi Ren <yunye.ry@alibaba-inc.com> | ||
29 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
30 | Message-id: 20200915182259.68522-2-ppandit@redhat.com | ||
31 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
32 | |||
33 | Upstream-Status: Backport | ||
34 | CVE: CVE-2020-25624 | ||
35 | [https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058] | ||
36 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
37 | --- | ||
38 | hw/usb/hcd-ohci.c | 24 ++++++++++++++++++++++-- | ||
39 | 1 file changed, 22 insertions(+), 2 deletions(-) | ||
40 | |||
41 | diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c | ||
42 | index 1e6e85e..9dc5910 100644 | ||
43 | --- a/hw/usb/hcd-ohci.c | ||
44 | +++ b/hw/usb/hcd-ohci.c | ||
45 | @@ -731,7 +731,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, | ||
46 | } | ||
47 | |||
48 | start_offset = iso_td.offset[relative_frame_number]; | ||
49 | - next_offset = iso_td.offset[relative_frame_number + 1]; | ||
50 | + if (relative_frame_number < frame_count) { | ||
51 | + next_offset = iso_td.offset[relative_frame_number + 1]; | ||
52 | + } else { | ||
53 | + next_offset = iso_td.be; | ||
54 | + } | ||
55 | |||
56 | if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) || | ||
57 | ((relative_frame_number < frame_count) && | ||
58 | @@ -764,7 +768,12 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, | ||
59 | } | ||
60 | } else { | ||
61 | /* Last packet in the ISO TD */ | ||
62 | - end_addr = iso_td.be; | ||
63 | + end_addr = next_offset; | ||
64 | + } | ||
65 | + | ||
66 | + if (start_addr > end_addr) { | ||
67 | + trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr); | ||
68 | + return 1; | ||
69 | } | ||
70 | |||
71 | if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) { | ||
72 | @@ -773,6 +782,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, | ||
73 | } else { | ||
74 | len = end_addr - start_addr + 1; | ||
75 | } | ||
76 | + if (len > sizeof(ohci->usb_buf)) { | ||
77 | + len = sizeof(ohci->usb_buf); | ||
78 | + } | ||
79 | |||
80 | if (len && dir != OHCI_TD_DIR_IN) { | ||
81 | if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, | ||
82 | @@ -975,8 +987,16 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) | ||
83 | if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) { | ||
84 | len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff); | ||
85 | } else { | ||
86 | + if (td.cbp > td.be) { | ||
87 | + trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be); | ||
88 | + ohci_die(ohci); | ||
89 | + return 1; | ||
90 | + } | ||
91 | len = (td.be - td.cbp) + 1; | ||
92 | } | ||
93 | + if (len > sizeof(ohci->usb_buf)) { | ||
94 | + len = sizeof(ohci->usb_buf); | ||
95 | + } | ||
96 | |||
97 | pktlen = len; | ||
98 | if (len && dir != OHCI_TD_DIR_IN) { | ||
99 | -- | ||
100 | 2.17.1 | ||
101 | |||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25723.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25723.patch new file mode 100644 index 00000000..90b3a2f4 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25723.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From 2fdb42d840400d58f2e706ecca82c142b97bcbd6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Li Qiang <liq3ea@163.com> | ||
3 | Date: Wed, 12 Aug 2020 09:17:27 -0700 | ||
4 | Subject: [PATCH] hw: ehci: check return value of 'usb_packet_map' | ||
5 | |||
6 | If 'usb_packet_map' fails, we should stop to process the usb | ||
7 | request. | ||
8 | |||
9 | Signed-off-by: Li Qiang <liq3ea@163.com> | ||
10 | Message-Id: <20200812161727.29412-1-liq3ea@163.com> | ||
11 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | CVE: CVE-2020-25723 | ||
15 | [https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6] | ||
16 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
17 | --- | ||
18 | hw/usb/hcd-ehci.c | 10 ++++++++-- | ||
19 | 1 file changed, 8 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c | ||
22 | index 1495e8f..1fbb02a 100644 | ||
23 | --- a/hw/usb/hcd-ehci.c | ||
24 | +++ b/hw/usb/hcd-ehci.c | ||
25 | @@ -1373,7 +1373,10 @@ static int ehci_execute(EHCIPacket *p, const char *action) | ||
26 | spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0); | ||
27 | usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd, | ||
28 | (p->qtd.token & QTD_TOKEN_IOC) != 0); | ||
29 | - usb_packet_map(&p->packet, &p->sgl); | ||
30 | + if (usb_packet_map(&p->packet, &p->sgl)) { | ||
31 | + qemu_sglist_destroy(&p->sgl); | ||
32 | + return -1; | ||
33 | + } | ||
34 | p->async = EHCI_ASYNC_INITIALIZED; | ||
35 | } | ||
36 | |||
37 | @@ -1452,7 +1455,10 @@ static int ehci_process_itd(EHCIState *ehci, | ||
38 | if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) { | ||
39 | usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false, | ||
40 | (itd->transact[i] & ITD_XACT_IOC) != 0); | ||
41 | - usb_packet_map(&ehci->ipacket, &ehci->isgl); | ||
42 | + if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { | ||
43 | + qemu_sglist_destroy(&ehci->isgl); | ||
44 | + return -1; | ||
45 | + } | ||
46 | usb_handle_packet(dev, &ehci->ipacket); | ||
47 | usb_packet_unmap(&ehci->ipacket, &ehci->isgl); | ||
48 | } else { | ||
49 | -- | ||
50 | 2.17.1 | ||
51 | |||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-28916.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-28916.patch new file mode 100644 index 00000000..52121968 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-28916.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Wed, 11 Nov 2020 18:36:36 +0530 | ||
4 | Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null | ||
5 | descriptor | ||
6 | |||
7 | While receiving packets via e1000e_write_packet_to_guest() routine, | ||
8 | 'desc_offset' is advanced only when RX descriptor is processed. And | ||
9 | RX descriptor is not processed if it has NULL buffer address. | ||
10 | This may lead to an infinite loop condition. Increament 'desc_offset' | ||
11 | to process next descriptor in the ring to avoid infinite loop. | ||
12 | |||
13 | Reported-by: Cheol-woo Myung <330cjfdn@gmail.com> | ||
14 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
15 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | CVE: CVE-2020-28916 | ||
19 | [https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a] | ||
20 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
21 | --- | ||
22 | hw/net/e1000e_core.c | 8 ++++---- | ||
23 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
24 | |||
25 | diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c | ||
26 | index bcd186c..d3e3cdc 100644 | ||
27 | --- a/hw/net/e1000e_core.c | ||
28 | +++ b/hw/net/e1000e_core.c | ||
29 | @@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt, | ||
30 | (const char *) &fcs_pad, e1000x_fcs_len(core->mac)); | ||
31 | } | ||
32 | } | ||
33 | - desc_offset += desc_size; | ||
34 | - if (desc_offset >= total_size) { | ||
35 | - is_last = true; | ||
36 | - } | ||
37 | } else { /* as per intel docs; skip descriptors with null buf addr */ | ||
38 | trace_e1000e_rx_null_descriptor(); | ||
39 | } | ||
40 | + desc_offset += desc_size; | ||
41 | + if (desc_offset >= total_size) { | ||
42 | + is_last = true; | ||
43 | + } | ||
44 | |||
45 | e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL, | ||
46 | rss_info, do_ps ? ps_hdr_len : 0, &bastate.written); | ||
47 | -- | ||
48 | 2.17.1 | ||
49 | |||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch new file mode 100644 index 00000000..e5829f6d --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Thu, 26 Nov 2020 19:27:06 +0530 | ||
4 | Subject: [PATCH] slirp: check pkt_len before reading protocol header | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=utf8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input' | ||
10 | routines, ensure that pkt_len is large enough to accommodate the | ||
11 | respective protocol headers, lest it should do an OOB access. | ||
12 | Add check to avoid it. | ||
13 | |||
14 | CVE-2020-29129 CVE-2020-29130 | ||
15 | QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets | ||
16 | -> https://www.openwall.com/lists/oss-security/2020/11/27/1 | ||
17 | |||
18 | Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com> | ||
19 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
20 | Message-Id: <20201126135706.273950-1-ppandit@redhat.com> | ||
21 | Reviewed-by: Marc-Andrà Lureau <marcandre.lureau@redhat.com> | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | CVE: CVE-2020-29129 CVE-2020-29130 | ||
25 | [https://git.qemu.org/?p=libslirp.git;a=commit;h=2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f] | ||
26 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
27 | --- | ||
28 | slirp/src/ncsi.c | 4 ++++ | ||
29 | slirp/src/slirp.c | 4 ++++ | ||
30 | 2 files changed, 8 insertions(+) | ||
31 | |||
32 | diff --git a/slirp/src/ncsi.c b/slirp/src/ncsi.c | ||
33 | index 3c1dfef..75dcc08 100644 | ||
34 | --- a/slirp/src/ncsi.c | ||
35 | +++ b/slirp/src/ncsi.c | ||
36 | @@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) | ||
37 | uint32_t checksum; | ||
38 | uint32_t *pchecksum; | ||
39 | |||
40 | + if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) { | ||
41 | + return; /* packet too short */ | ||
42 | + } | ||
43 | + | ||
44 | memset(ncsi_reply, 0, sizeof(ncsi_reply)); | ||
45 | |||
46 | memset(reh->h_dest, 0xff, ETH_ALEN); | ||
47 | diff --git a/slirp/src/slirp.c b/slirp/src/slirp.c | ||
48 | index dba7c98..9be58e2 100644 | ||
49 | --- a/slirp/src/slirp.c | ||
50 | +++ b/slirp/src/slirp.c | ||
51 | @@ -756,6 +756,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len) | ||
52 | return; | ||
53 | } | ||
54 | |||
55 | + if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) { | ||
56 | + return; /* packet too short */ | ||
57 | + } | ||
58 | + | ||
59 | ar_op = ntohs(ah->ar_op); | ||
60 | switch (ar_op) { | ||
61 | case ARPOP_REQUEST: | ||
62 | -- | ||
63 | 2.17.1 | ||
64 | |||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/find_datadir.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/find_datadir.patch new file mode 100644 index 00000000..9a4c1126 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/find_datadir.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | qemu: search for datadir as in version 4.2 | ||
2 | |||
3 | os_find_datadir() was changed after the 4.2 release. We need to check for | ||
4 | ../share/qemu relative to the executable because that is where the runqemu | ||
5 | configuration assumes it will be. | ||
6 | |||
7 | Upstream-Status: Submitted [qemu-devel@nongnu.org] | ||
8 | |||
9 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
10 | |||
11 | |||
12 | Index: qemu-5.1.0/os-posix.c | ||
13 | =================================================================== | ||
14 | --- qemu-5.1.0.orig/os-posix.c | ||
15 | +++ qemu-5.1.0/os-posix.c | ||
16 | @@ -82,8 +82,9 @@ void os_setup_signal_handling(void) | ||
17 | |||
18 | /* | ||
19 | * Find a likely location for support files using the location of the binary. | ||
20 | + * Typically, this would be "$bindir/../share/qemu". | ||
21 | * When running from the build tree this will be "$bindir/../pc-bios". | ||
22 | - * Otherwise, this is CONFIG_QEMU_DATADIR. | ||
23 | + * Otherwise, this is CONFIG_QEMU_DATADIR as constructed by configure. | ||
24 | * | ||
25 | * The caller must use g_free() to free the returned data when it is | ||
26 | * no longer required. | ||
27 | @@ -96,6 +97,12 @@ char *os_find_datadir(void) | ||
28 | exec_dir = qemu_get_exec_dir(); | ||
29 | g_return_val_if_fail(exec_dir != NULL, NULL); | ||
30 | |||
31 | + dir = g_build_filename(exec_dir, "..", "share", "qemu", NULL); | ||
32 | + if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { | ||
33 | + return g_steal_pointer(&dir); | ||
34 | + } | ||
35 | + g_free(dir); /* no autofree this time */ | ||
36 | + | ||
37 | dir = g_build_filename(exec_dir, "..", "pc-bios", NULL); | ||
38 | if (g_file_test(dir, G_FILE_TEST_IS_DIR)) { | ||
39 | return g_steal_pointer(&dir); | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/powerpc_rom.bin b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/powerpc_rom.bin new file mode 100644 index 00000000..c4044296 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/powerpc_rom.bin | |||
Binary files differ | |||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/run-ptest b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/run-ptest new file mode 100644 index 00000000..b25a792d --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/run-ptest | |||
@@ -0,0 +1,10 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | #This script is used to run qemu test suites | ||
4 | # | ||
5 | |||
6 | ptestdir=$(dirname "$(readlink -f "$0")") | ||
7 | export SRC_PATH=$ptestdir | ||
8 | |||
9 | cd $ptestdir/tests | ||
10 | make -f Makefile.include -k runtest-TESTS | sed '/^ok /s/ok /PASS: /g' | ||
diff --git a/meta-xilinx-bsp/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch new file mode 100644 index 00000000..92801da4 --- /dev/null +++ b/meta-xilinx-bsp/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch | |||
@@ -0,0 +1,89 @@ | |||
1 | CVE: CVE-2020-14364 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
4 | |||
5 | From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001 | ||
6 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
7 | Date: Tue, 25 Aug 2020 07:36:36 +0200 | ||
8 | Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364) | ||
9 | |||
10 | Store calculated setup_len in a local variable, verify it, and only | ||
11 | write it to the struct (USBDevice->setup_len) in case it passed the | ||
12 | sanity checks. | ||
13 | |||
14 | This prevents other code (do_token_{in,out} functions specifically) | ||
15 | from working with invalid USBDevice->setup_len values and overrunning | ||
16 | the USBDevice->setup_buf[] buffer. | ||
17 | |||
18 | Fixes: CVE-2020-14364 | ||
19 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
20 | Tested-by: Gonglei <arei.gonglei@huawei.com> | ||
21 | Reviewed-by: Li Qiang <liq3ea@gmail.com> | ||
22 | Message-id: 20200825053636.29648-1-kraxel@redhat.com | ||
23 | --- | ||
24 | hw/usb/core.c | 16 ++++++++++------ | ||
25 | 1 file changed, 10 insertions(+), 6 deletions(-) | ||
26 | |||
27 | diff --git a/hw/usb/core.c b/hw/usb/core.c | ||
28 | index 5abd128b6bc..5234dcc73fe 100644 | ||
29 | --- a/hw/usb/core.c | ||
30 | +++ b/hw/usb/core.c | ||
31 | @@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) | ||
32 | static void do_token_setup(USBDevice *s, USBPacket *p) | ||
33 | { | ||
34 | int request, value, index; | ||
35 | + unsigned int setup_len; | ||
36 | |||
37 | if (p->iov.size != 8) { | ||
38 | p->status = USB_RET_STALL; | ||
39 | @@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) | ||
40 | usb_packet_copy(p, s->setup_buf, p->iov.size); | ||
41 | s->setup_index = 0; | ||
42 | p->actual_length = 0; | ||
43 | - s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
44 | - if (s->setup_len > sizeof(s->data_buf)) { | ||
45 | + setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
46 | + if (setup_len > sizeof(s->data_buf)) { | ||
47 | fprintf(stderr, | ||
48 | "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", | ||
49 | - s->setup_len, sizeof(s->data_buf)); | ||
50 | + setup_len, sizeof(s->data_buf)); | ||
51 | p->status = USB_RET_STALL; | ||
52 | return; | ||
53 | } | ||
54 | + s->setup_len = setup_len; | ||
55 | |||
56 | request = (s->setup_buf[0] << 8) | s->setup_buf[1]; | ||
57 | value = (s->setup_buf[3] << 8) | s->setup_buf[2]; | ||
58 | @@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) | ||
59 | static void do_parameter(USBDevice *s, USBPacket *p) | ||
60 | { | ||
61 | int i, request, value, index; | ||
62 | + unsigned int setup_len; | ||
63 | |||
64 | for (i = 0; i < 8; i++) { | ||
65 | s->setup_buf[i] = p->parameter >> (i*8); | ||
66 | } | ||
67 | |||
68 | s->setup_state = SETUP_STATE_PARAM; | ||
69 | - s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
70 | s->setup_index = 0; | ||
71 | |||
72 | request = (s->setup_buf[0] << 8) | s->setup_buf[1]; | ||
73 | value = (s->setup_buf[3] << 8) | s->setup_buf[2]; | ||
74 | index = (s->setup_buf[5] << 8) | s->setup_buf[4]; | ||
75 | |||
76 | - if (s->setup_len > sizeof(s->data_buf)) { | ||
77 | + setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; | ||
78 | + if (setup_len > sizeof(s->data_buf)) { | ||
79 | fprintf(stderr, | ||
80 | "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", | ||
81 | - s->setup_len, sizeof(s->data_buf)); | ||
82 | + setup_len, sizeof(s->data_buf)); | ||
83 | p->status = USB_RET_STALL; | ||
84 | return; | ||
85 | } | ||
86 | + s->setup_len = setup_len; | ||
87 | |||
88 | if (p->pid == USB_TOKEN_OUT) { | ||
89 | usb_packet_copy(p, s->data_buf, s->setup_len); | ||