qemu: apic: fallthrough to PIC

Backport a commit from qemu upstream to fix a protection fault https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html (From OE-Core rev: 88a4a872a7f22be52faa965bc05c57d8466e0eed) Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: He Zhe <zhe.he@windriver.com> 2017-08-09 18:00:48 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-08-13 09:27:38 +0100
commit: f20a63aee3e2669cbe98812ee4b767cc2662a555 (patch)
tree: 6be17f2cb1c893420c909fbf06893d8f284fc66d
parent: 5f57cac930b73cd8333fa5318efca889eb7f23b2 (diff)
download: poky-f20a63aee3e2669cbe98812ee4b767cc2662a555.tar.gz
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
new file mode 100644
index 0000000000..9bbbc6f76d
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
@@ -0,0 +1,46 @@
+From bef93bb81588b5323a52d2e1886f2a77b64a976b Mon Sep 17 00:00:00 2001
+From: Mark Asselstine <mark.asselstine@windriver.com>
+Date: Tue, 26 Feb 2013 11:43:28 -0500
+Subject: [PATCH 03/18] apic: fixup fallthrough to PIC
+Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
+interrupts through the local APIC if the local APIC config says so.]
+missed a check to ensure the local APIC is enabled. Since if the local
+APIC is disabled it doesn't matter what the local APIC config says.
+If this check isn't done and the guest has disabled the local APIC the
+guest will receive a general protection fault, similar to what is seen
+here:
+https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html
+The GPF is caused by an attempt to service interrupt 0xffffffff. This
+comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr()
+(with the local APIC disabled apic_get_interrupt() returns -1).
+apic_accept_pic_intr() returns 0 and thus the interrupt number which
+is returned from cpu_get_pic_interrupt(), and which is attempted to be
+serviced, is -1.
+Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ hw/intc/apic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index 45887d99..c5ae4087 100644
+--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
+@@ -587,7 +587,7 @@ int apic_accept_pic_intr(DeviceState *dev)
+     APICCommonState *s = APIC_COMMON(dev);
+     uint32_t lvt0;
+ 
+-    if (!s)
+    if (!s || !(s->spurious_vec & APIC_SV_ENABLE))
+         return -1;
+ 
+     lvt0 = s->lvt[APIC_LVT_LINT0];
+-- 
+2.11.0
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
index a5dc70469d..a4ddb7f989 100644
--- a/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
           file://CVE-2016-9908.patch \
           file://CVE-2016-9912.patch \
           file://0001-replace-struct-ucontext-with-ucontext_t-type.patch \
+           file://apic-fixup-fallthrough-to-PIC.patch \
           "
 SRC_URI_append_class-native = " \
author	He Zhe <zhe.he@windriver.com>	2017-08-09 18:00:48 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-08-13 09:27:38 +0100
commit	f20a63aee3e2669cbe98812ee4b767cc2662a555 (patch)
tree	6be17f2cb1c893420c909fbf06893d8f284fc66d
parent	5f57cac930b73cd8333fa5318efca889eb7f23b2 (diff)
download	poky-f20a63aee3e2669cbe98812ee4b767cc2662a555.tar.gz

diff --git a/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch b/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch new file mode 100644 index 0000000000..9bbbc6f76d --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/apic-fixup-fallthrough-to-PIC.patch
@@ -0,0 +1,46 @@
		1	From bef93bb81588b5323a52d2e1886f2a77b64a976b Mon Sep 17 00:00:00 2001
		2	From: Mark Asselstine <mark.asselstine@windriver.com>
		3	Date: Tue, 26 Feb 2013 11:43:28 -0500
		4	Subject: [PATCH 03/18] apic: fixup fallthrough to PIC
		5
		6	Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
		7	interrupts through the local APIC if the local APIC config says so.]
		8	missed a check to ensure the local APIC is enabled. Since if the local
		9	APIC is disabled it doesn't matter what the local APIC config says.
		10
		11	If this check isn't done and the guest has disabled the local APIC the
		12	guest will receive a general protection fault, similar to what is seen
		13	here:
		14
		15	https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html
		16
		17	The GPF is caused by an attempt to service interrupt 0xffffffff. This
		18	comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr()
		19	(with the local APIC disabled apic_get_interrupt() returns -1).
		20	apic_accept_pic_intr() returns 0 and thus the interrupt number which
		21	is returned from cpu_get_pic_interrupt(), and which is attempted to be
		22	serviced, is -1.
		23
		24	Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
		25	Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
		26	Signed-off-by: He Zhe <zhe.he@windriver.com>
		27	---
		28	hw/intc/apic.c \| 2 +-
		29	1 file changed, 1 insertion(+), 1 deletion(-)
		30
		31	diff --git a/hw/intc/apic.c b/hw/intc/apic.c
		32	index 45887d99..c5ae4087 100644
		33	--- a/hw/intc/apic.c
		34	+++ b/hw/intc/apic.c
		35	@@ -587,7 +587,7 @@ int apic_accept_pic_intr(DeviceState *dev)
		36	APICCommonState *s = APIC_COMMON(dev);
		37	uint32_t lvt0;
		38
		39	- if (!s)
		40	+ if (!s \|\| !(s->spurious_vec & APIC_SV_ENABLE))
		41	return -1;
		42
		43	lvt0 = s->lvt[APIC_LVT_LINT0];
		44	--
		45	2.11.0
		46


diff --git a/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb index a5dc70469d..a4ddb7f989 100644 --- a/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb +++ b/meta/recipes-devtools/qemu/qemu_2.8.1.1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
27	file://CVE-2016-9908.patch \	27	file://CVE-2016-9908.patch \
28	file://CVE-2016-9912.patch \	28	file://CVE-2016-9912.patch \
29	file://0001-replace-struct-ucontext-with-ucontext_t-type.patch \	29	file://0001-replace-struct-ucontext-with-ucontext_t-type.patch \
		30	file://apic-fixup-fallthrough-to-PIC.patch \
30	"	31	"
31		32
32	SRC_URI_append_class-native = " \	33	SRC_URI_append_class-native = " \